Update OEMCrypto test comments and logs
This CL merges some changes from branch rvc-dev to sc-dev that prepared it for merge. One change is that the unit tests now say they are part of Android S instead of R. Bug: 180546871
This commit is contained in:
Fred Gylys-Colwell
@@ -1,6 +1,40 @@
|
||||
# OEMCrypto Memory Unit Tests
|
||||
# OEMCrypto Unit Tests
|
||||
|
||||
## Objective
|
||||
## Basic Functionality Tests
|
||||
|
||||
Most unit tests in this category verify that the basic functionality of opening
|
||||
sessions, initializing and terminating the system, and reporting status work
|
||||
correctly.
|
||||
|
||||
## Decrypt Tests
|
||||
|
||||
The decrypt tests verify that encrypted data is correctly decrypted with the
|
||||
desired key. These tests cover a large variety of patterns, sample sizes, and
|
||||
subsample sizes.
|
||||
|
||||
## Secure Buffers
|
||||
|
||||
If OEMCrypto implements the function `OEMCrypto_AllocateSecureBuffer`, then all
|
||||
of the decrypt tests will also run with the output buffer being a secure
|
||||
buffer. If the function `OEMCrypto_SupportsDecryptHash` returns
|
||||
`OEMCrypto_CRC_Clear_Buffer`, then the secure buffer decryption will be verified
|
||||
with the CRC32 hash of the input data.
|
||||
|
||||
## Usage Table Tests
|
||||
|
||||
Usage table tests verify that the usage table is correctly procesed. The usage
|
||||
table is used to control reloading keys for offline playback, and for reporting
|
||||
secure stops for online playback.
|
||||
|
||||
## Duration Tests
|
||||
|
||||
Duration tests verify that license durations are enforced correctly. Most of
|
||||
this functionality can be met by keeping an accurate system time, and calling
|
||||
the ODK functions as described in the document "License Duration and Renewal".
|
||||
|
||||
## OEMCrypto Memory Unit Tests
|
||||
|
||||
### Objective
|
||||
|
||||
* Add OEMCrypto buffer overflow unit tests (indirect way of fuzzing) to verify
|
||||
OEMCrypto API behavior when the parameters passed to the API are out of
|
||||
@@ -28,7 +62,7 @@
|
||||
overflows if the length and offset fields are not validated against the
|
||||
input buffer.
|
||||
|
||||
## Background
|
||||
### Background
|
||||
|
||||
* Security is the top priority for Widevine. We came up with a simple approach
|
||||
to catch most common issues with widevine's implementations. A simplest
|
||||
@@ -45,13 +79,13 @@
|
||||
earlier in the process when they run OEMCrypto unit tests. All the unit
|
||||
tests with prefix `OEMCryptoMemory` are added to test the above scenario.
|
||||
|
||||
## What to expect from these tests
|
||||
### What to expect from these tests
|
||||
|
||||
* `OEMCryptoMemory*` tests are designed to fail if API doesn't have enough
|
||||
validations around input buffer lengths, parameters or OEMCryptoSubstring
|
||||
struct. If the API doesn't have validations which might lead to a crash, the
|
||||
test fails with a segfault or an appropriate crash message based on the API
|
||||
implementation.
|
||||
* `OEMCryptoMemory*` tests are designed to fail if the API doesn't have
|
||||
enough validations around input buffer lengths, parameters or the
|
||||
OEMCryptoSubstring struct. If the API doesn't have validations which might
|
||||
lead to a crash, the test fails with a segfault or an appropriate crash
|
||||
message based on the API implementation.
|
||||
|
||||
* Find out for what buffer length, the API is crashing and then debugging the
|
||||
test against the OEMCrypto implementation should be able to provide
|
||||
@@ -70,4 +104,22 @@
|
||||
call install keybox API with varying buffer lengths. This test by default
|
||||
is not compiled as it overwrites the keybox on the device. Uncomment,
|
||||
compile and run the tests only if you have ability to recover the keybox
|
||||
on device where the test is ran.
|
||||
on device where the test is ran.
|
||||
|
||||
## Filtering out tests
|
||||
|
||||
The source code will check for functionality of OEMCrypto and filter out tests
|
||||
that are not required. For example, if a device uses a keybox, then Provisioning
|
||||
3.0 tests are skipped, and vice versa.
|
||||
|
||||
If you wish to skip slow tests because you only want to verify basic
|
||||
functionality, then you can set the environment variable `GTEST_FILTER`,
|
||||
as documented
|
||||
[here](https://github.com/google/googletest/blob/master/docs/advanced.md#running-a-subset-of-the-tests).
|
||||
|
||||
For example, to skip the duration tests, buffer overflow tests and long running
|
||||
stress tests, you would set
|
||||
|
||||
```
|
||||
GTEST_FILTER="*-*Duration*:*TimingTest*:*Memory*:*Huge*:*NonceFlood*:*ManyUsageEntries*:*Defrag*"
|
||||
```
|
||||
|
||||
@@ -239,8 +239,11 @@ TEST_F(OEMCryptoClientTest, FreeUnallocatedSecureBufferNoFailure) {
|
||||
*/
|
||||
TEST_F(OEMCryptoClientTest, VersionNumber) {
|
||||
const std::string log_message =
|
||||
"OEMCrypto unit tests for API 16.4. Tests last updated 2021-01-25";
|
||||
"OEMCrypto unit tests for API 16.3 or 4. Tests last updated 2021-02-22";
|
||||
cout << " " << log_message << "\n";
|
||||
cout << " "
|
||||
<< "These tests are part of Android S."
|
||||
<< "\n";
|
||||
LOGI("%s", log_message.c_str());
|
||||
// If any of the following fail, then it is time to update the log message
|
||||
// above.
|
||||
|
||||
Reference in New Issue
Block a user