From e150f9297dc14fcca7aee261a689d24d07c89094 Mon Sep 17 00:00:00 2001 From: Matt Feddersen Date: Thu, 28 Mar 2024 17:57:34 -0700 Subject: [PATCH] OPK v18.5 --- CHANGELOG.md | 41 +++++ oemcrypto/include/OEMCryptoCENC.h | 89 ++++++--- oemcrypto/include/level3.h | 42 ++++- oemcrypto/odk/Android.bp | 12 +- oemcrypto/odk/include/core_message_features.h | 4 +- oemcrypto/odk/include/odk_structs.h | 4 +- oemcrypto/odk/src/core_message_features.cpp | 2 +- oemcrypto/odk/src/odk_timer.c | 2 +- oemcrypto/odk/test/odk_test.cpp | 6 +- oemcrypto/oemcrypto_unittests.gyp | 2 + oemcrypto/opk/Android.bp | 43 +++++ oemcrypto/opk/oemcrypto_ta/oemcrypto.c | 28 +-- .../opk/oemcrypto_ta/oemcrypto_api_macros.h | 2 +- .../wtpi_reference/wtpi_clock_and_gn_layer1.c | 67 ++++--- .../oemcrypto_ta/wtpi_reference/wtpi_config.c | 1 - ...crypto_and_key_management_layer1_openssl.c | 29 +-- .../wtpi_reference/wtpi_crypto_asymmetric.c | 13 -- .../wtpi_test/common/GEN_common_serializer.c | 90 ++++++--- .../wtpi_test/common/common_special_cases.c | 64 +------ .../wtpi_test/ree/GEN_ree_serializer.c | 156 +++++++++++++--- .../ports/linux/common/tos_secure_buffers.c | 2 + .../opk/ports/linux/common/tos_transport.cpp | 1 + .../ports/linux/ta/common/tee_simulator.cpp | 4 +- oemcrypto/opk/ports/optee/Makefile | 3 +- .../opk/ports/optee/scripts/qemu-check.py | 2 +- .../ta/common/wtpi_impl/genkeypair_ecc.c | 7 +- .../wtpi_crypto_and_key_management_layer1.c | 4 +- .../common/wtpi_impl/wtpi_crypto_asymmetric.c | 11 ++ .../optee/ta/oemcrypto_ta/oemcrypto_ta.c | 13 +- .../common/GEN_common_serializer.c | 103 +++++++++-- .../common/common_special_cases.c | 4 +- .../common/opk_serialization_base.c | 97 +++++++--- .../opk/serialization/ree/GEN_oemcrypto_api.c | 34 ++++ .../serialization/ree/GEN_ree_serializer.c | 174 ++++++++++++++---- .../serialization/ree/GEN_ree_serializer.h | 6 + .../opk/serialization/tee/GEN_dispatcher.c | 28 ++- .../serialization/tee/GEN_tee_serializer.c | 36 +++- .../serialization/tee/GEN_tee_serializer.h | 6 + oemcrypto/test/GEN_api_lock_file.c | 6 + .../test/fuzz_tests/oemcrypto_fuzz_helper.cc | 1 - oemcrypto/test/oec_device_features.cpp | 3 + oemcrypto/test/oec_session_util.cpp | 20 +- oemcrypto/test/oec_session_util.h | 1 + oemcrypto/test/oemcrypto_basic_test.cpp | 4 +- oemcrypto/test/oemcrypto_cast_test.cpp | 5 +- oemcrypto/test/oemcrypto_cast_test.h | 3 + .../oemcrypto_corpus_generator_helper.cpp | 6 +- .../test/oemcrypto_corpus_generator_helper.h | 6 +- oemcrypto/test/oemcrypto_decrypt_test.cpp | 9 +- oemcrypto/test/oemcrypto_license_test.cpp | 2 +- oemcrypto/test/oemcrypto_security_test.cpp | 112 ++++++++++- oemcrypto/test/oemcrypto_test.cpp | 84 +++++++++ oemcrypto/test/oemcrypto_usage_table_test.cpp | 10 +- 53 files changed, 1150 insertions(+), 354 deletions(-) create mode 100644 oemcrypto/opk/Android.bp diff --git a/CHANGELOG.md b/CHANGELOG.md index 28a7098..73565f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,46 @@ [TOC] +## [Version 18.5][v18.5] + +This is a minor release that includes a few security fixes and bug fixes. + +General + +- Change OEMCrypto_FreeSecureBuffer() |output_descriptor| parameter to be +[in,out] type. +- Use strlen() instead of sizeof() to get the length of BUILD_INFO. +- Add OEMCrypto_GetEmbeddedDrmCertificate() definition to OPK, with +OEMCrypto_ERROR_NOT_IMPLEMENTED. +- Remove default.h include file from wtpi_config, which was causing a mismatch +between reported config values and actual config values. +- Remove extra is_debug field and trailing comma from BuildInformation. +- Reduce trusted clock skew on restarts in wtpi_reference implementation. +- Remove -Wno-unused-parameter cflag + +OPK serialization layer + +- Avoid writing any value to output parameters if the OEMCryptoResult is not +OEMCrypto_SUCCESS. (Applies to [out] type only. Not [in] or [in,out]). This +avoids subtle bugs where the serialization logic may unexpectedly modify (eg +set to 0) an output parameter on failure. +- Initialize pointers in a few corner cases. + +Tests + +- Fix default cipher mode for CAS unit test. +- Skip entitlement session tests that are only supported on CAS devices. +- Don't force decrypt count to increase in unit tests +- Skip some cast tests if not supported. + +OP-TEE port changes + +- Fix memory leaks on failure cases in AES decrypt, RSA key creation, and ECC +key creation. +- Check incoming message size from REE to avoid OOB. +- Generate ECC keypair and zero pad appropriately. +- Add file existence check in RPMB impl + ## [Version 18.4][v18.4] Version 18.4 includes the reference implementation in OPK to support MediaCAS, @@ -479,3 +519,4 @@ Public release for OEMCrypto API and ODK library version 16.4. [v18.1]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v18.1 [v18.3]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v18.3 [v18.4]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v18.4 +[v18.5]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v18.5 diff --git a/oemcrypto/include/OEMCryptoCENC.h b/oemcrypto/include/OEMCryptoCENC.h index 18d5474..e349200 100644 --- a/oemcrypto/include/OEMCryptoCENC.h +++ b/oemcrypto/include/OEMCryptoCENC.h @@ -3,7 +3,7 @@ // License Agreement. /** - * @mainpage OEMCrypto API v18.4 + * @mainpage OEMCrypto API v18.5 * * OEMCrypto is the low level library implemented by the OEM to provide key and * content protection, usually in a separate secure memory or process space. The @@ -367,7 +367,8 @@ typedef struct { } OEMCrypto_CENCEncryptPatternDesc; /** - * OEMCryptoCipherMode is used in SelectKey to prepare a key for decryption. + * OEMCryptoCipherMode is used in OEMCrypto_GetKeyHandle() to prepare a key for + * decryption. */ typedef enum OEMCryptoCipherMode { // explicit cipher modes used for modular DRM @@ -512,7 +513,9 @@ typedef enum OEMCrypto_ProvisioningMethod { // Device has factory installed OEM certificate. OEMCrypto_OEMCertificate = 3, // Device has Boot Certificate Chain (BCC). - OEMCrypto_BootCertificateChain = 4 + OEMCrypto_BootCertificateChain = 4, + // Device has baked in DRM certificate with reprovisioning (level 3 only). + OEMCrypto_DrmReprovisioning = 5 } OEMCrypto_ProvisioningMethod; /** @@ -714,6 +717,8 @@ typedef enum OEMCrypto_SignatureHashAlgorithm { #define OEMCrypto_EnterTestMode _oecc140 #define OEMCrypto_GetDeviceSignedCsrPayload _oecc141 #define OEMCrypto_FactoryInstallBCCSignature _oecc142 +#define OEMCrypto_GetEmbeddedDrmCertificate _oecc143 +#define OEMCrypto_UseSecondaryKey _oecc144 // clang-format on /// @addtogroup initcontrol @@ -1512,9 +1517,9 @@ OEMCryptoResult OEMCrypto_PrepAndSignRenewalRequest( * Note: if the current SRM version requirement is not met, LoadLicense will * still succeed and the keys will be loaded. However, those keys with the * SRMVersionRequired bit set will have their HDCP_Version increased to 0xF - - * local display only. Any future call to SelectKey for these keys while - * there is an external display will return OEMCrypto_ERROR_INSUFFICIENT_HDCP - * at that time. + * local display only. Any future call to OEMCrypto_GetKeyHandle() for these + * keys while there is an external display will return + * OEMCrypto_ERROR_INSUFFICIENT_HDCP at that time. * * @param[in] session: crypto session identifier. * @param[in] message: pointer to memory containing data. @@ -1778,7 +1783,7 @@ OEMCryptoResult OEMCrypto_RemoveEntitledKeySession( * * For devices that use a hardware key ladder, it may be more convenient to * store the encrypted content key data in the key table, and decrypt it when - * the function SelectKey is called. + * the function OEMCrypto_GetKeyHandle() is called. * * @param[in] session: handle for the entitled key session to be used. * @param[in] message: pointer to memory containing message to be verified. @@ -2004,8 +2009,8 @@ OEMCryptoResult OEMCrypto_GetOEMKeyToken(OEMCrypto_SESSION key_session, * For platforms that do not need to support Bypass Decrypt, a mode compatible * with previous versions of OEMCrypto is available. These devices may latch the * key to the session and continue to use this key for this session until - * OEMCrypto_SelectKey() is called again, or until OEMCrypto_CloseSession() is - * called. + * OEMCrypto_GetKeyHandle() is called again, or until OEMCrypto_CloseSession() + * is called. * * The "key handle" in this mode is the session ID. Platforms should request a * 4-byte key handle buffer and copy the session ID into it. @@ -2018,13 +2023,13 @@ OEMCryptoResult OEMCrypto_GetOEMKeyToken(OEMCrypto_SESSION key_session, * the device should disable analog video output. If the device has * analog video output that cannot be disabled, then the key is not * selected, and OEMCrypto_ERROR_ANALOG_OUTPUT is returned. This step is - * optional -- SelectKey may return OEMCrypto_SUCCESS and delay the - * error until a call to OEMCrypto_DecryptCENC(). + * optional -- OEMCrypto_GetKeyHandle() may return OEMCrypto_SUCCESS and + * delay the error until a call to OEMCrypto_DecryptCENC(). * 3. If the key control block has HDCP required, and the device cannot * enforce HDCP, then the key is not selected, and * OEMCrypto_ERROR_INSUFFICIENT_HDCP is returned. This step is optional - * -- SelectKey may return OEMCrypto_SUCCESS and delay the error until a - * call to OEMCrypto_DecryptCENC(). + * -- OEMCrypto_GetKeyHandle() may return OEMCrypto_SUCCESS and delay the + * error until a call to OEMCrypto_DecryptCENC(). * 4. If the key control block has a nonzero value for HDCP_Version, and * the device cannot enforce at least that version of HDCP, then the key * is not selected, and OEMCrypto_ERROR_INSUFFICIENT_HDCP is returned. @@ -2094,9 +2099,9 @@ OEMCryptoResult OEMCrypto_GetKeyHandle(OEMCrypto_SESSION session, * ISO-CENC standard. * * Decryption mode is AES-128-CTR or AES-128-CBC depending on the value of - * cipher_mode previously passed in to OEMCrypto_SelectKey(). For the encrypted - * portion of subsamples, the content key associated with the handle is - * latched in the active hardware key ladder and is used for the decryption + * cipher_mode previously passed in to OEMCrypto_GetKeyHandle(). For the + * encrypted portion of subsamples, the content key associated with the handle + * is latched in the active hardware key ladder and is used for the decryption * operation. For the clear portion of subsamples, the data is simply copied. * * After decryption, all the input_data bytes are copied to the location @@ -2194,8 +2199,8 @@ OEMCryptoResult OEMCrypto_GetKeyHandle(OEMCrypto_SESSION session, * * The decryption mode, either OEMCrypto_CipherMode_CENC or * OEMCrypto_CipherMode_CBCS, was already specified in the call to - * OEMCrypto_SelectKey(). The encryption pattern is specified by the fields in - * the parameter pattern. A description of partial encryption patterns for + * OEMCrypto_GetKeyHandle(). The encryption pattern is specified by the fields + * in the parameter pattern. A description of partial encryption patterns for * 'cbcs' can be found in the ISO-CENC standard, section 10.4. * * 'cenc' SCHEME: @@ -3853,7 +3858,7 @@ OEMCryptoResult OEMCrypto_ProductionReady(void); * the most recent license should be honored. The watermarking feature should * be turned on or off when a license is loaded. If this conflicts with a * license that had been loaded earlier, then keys from the earlier license may - * not be used. In this case, either OEMCrypto_SelectKey or + * not be used. In this case, either OEMCrypto_GetKeyHandle or * OEMCrypto_DecryptCENC will return OEMCrypto_ERROR_INSUFFICIENT_PRIVILEGE to * indicate that the watermarking status has changed and the license is no * longer usable. @@ -5246,14 +5251,13 @@ uint32_t OEMCrypto_SupportsDecryptHash(void); * length of the hash will be at most 128 bytes, and will be 4 bytes (32 * bits) for the default CRC32 hash. * - * This may be called before the first call to SelectKey. In that case, this - * function cannot verify that the key control block allows hash - * verification. The function DecryptCENC should verify that the key control - * bit allows hash verification when it is called. If an attempt is made to - * compute a hash when the selected key does not have the bit - * Allow_Hash_Verification set, then a hash should not be computed, and - * OEMCrypto_GetHashErrorCode() should return the error - * OEMCrypto_ERROR_UNKNOWN_FAILURE. + * This may be called before the first call to OEMCrypto_GetKeyHandle. In that + * case, this function cannot verify that the key control block allows hash + * verification. The function DecryptCENC should verify that the key control bit + * allows hash verification when it is called. If an attempt is made to compute + * a hash when the selected key does not have the bit Allow_Hash_Verification + * set, then a hash should not be computed, and OEMCrypto_GetHashErrorCode() + * should return the error OEMCrypto_ERROR_UNKNOWN_FAILURE. * * OEMCrypto should compute the hash of the frame and then compare it with * the correct value. If the values differ, then OEMCrypto should latch in an @@ -5380,7 +5384,7 @@ OEMCryptoResult OEMCrypto_AllocateSecureBuffer( * will cause the unit test using secure buffers to fail. * * @param[in] session: session id for operation. - * @param[out] output_descriptor: the buffer descriptor modified by + * @param[in,out] output_descriptor: the buffer descriptor modified by * OEMCrypto_AllocateSecureBuffer() * @param[in] secure_fd: The integer returned by * OEMCrypto_AllocateSecureBuffer() @@ -5842,6 +5846,35 @@ OEMCryptoResult OEMCrypto_Generic_Verify_V17( /****************************************************************************/ /****************************************************************************/ +/* The following functions are used by internal L3 CDMs and are not required by + * other CDM implementations. + */ + +/** + * Get the embedded Drm Certificate used by internal L3 CDMs. + * + * @param[out] public_cert where the certificate is stored. + * @param[in,out] public_cert_length the length, in bytes, of the certificate. + * + * @retval OEMCrypto_SUCCESS on success + * @retval OEMCrypto_ERROR_SHORT_BUFFER if public_cert_length is too small. + * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED + */ +OEMCryptoResult OEMCrypto_GetEmbeddedDrmCertificate(uint8_t* public_cert, + size_t* public_cert_length); + +/** + * Marks the given session as using a secondary key. + * + * @param[in] session_id: handle for the session to be used. + * @param[in] dual_key: whether this session uses a secondary key. + * + * @ignore + * @retval OEMCrypto_SUCCESS on success + * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED + */ +OEMCryptoResult OEMCrypto_UseSecondaryKey(OEMCrypto_SESSION session_id, + bool dual_key); #ifdef __cplusplus } diff --git a/oemcrypto/include/level3.h b/oemcrypto/include/level3.h index 69f64da..cbab431 100644 --- a/oemcrypto/include/level3.h +++ b/oemcrypto/include/level3.h @@ -17,8 +17,6 @@ #include "OEMCryptoCENC.h" #include "level3_file_system.h" -namespace wvoec3 { - // clang-format off #ifdef DYNAMIC_ADAPTER #define Level3_IsInApp _lcc00 @@ -27,7 +25,6 @@ namespace wvoec3 { #define Level3_InstallKeyboxOrOEMCert _lcc03 #define Level3_GetKeyData _lcc04 #define Level3_IsKeyboxOrOEMCertValid _lcc05 -#define Level3_GetRandom _lcc06 #define Level3_GetDeviceID _lcc07 #define Level3_WrapKeyboxOrOEMCert _lcc08 #define Level3_OpenSession _lcc09 @@ -120,13 +117,14 @@ namespace wvoec3 { #define Level3_GetSignatureHashAlgorithm _lcc139 #define Level3_EnterTestMode _lcc140 #define Level3_GetDeviceSignedCsrPayload _lcc141 +#define Level3_UseSecondaryKey _lcc142 +#define Level3_GetEmbeddedDrmCertificate _lcc143 #else #define Level3_Initialize _oecc01 #define Level3_Terminate _oecc02 #define Level3_InstallKeyboxOrOEMCert _oecc03 #define Level3_GetKeyData _oecc04 #define Level3_IsKeyboxOrOEMCertValid _oecc05 -#define Level3_GetRandom _oecc06 #define Level3_GetDeviceID _oecc07 #define Level3_WrapKeyboxOrOEMCert _oecc08 #define Level3_OpenSession _oecc09 @@ -201,7 +199,7 @@ namespace wvoec3 { #define Level3_ReassociateEntitledKeySession _oecc119 #define Level3_LoadCasECMKeys _oecc120 #define Level3_LoadEntitledContentKeys _oecc121 // place holder for v17. -#define Level3_ProductionReady _oecc122 +#define Level3_ProductionReady _oecc122 #define Level3_Idle _oecc123 #define Level3_Wake _oecc124 #define Level3_BuildInformation _oecc125 @@ -221,6 +219,9 @@ namespace wvoec3 { #define Level3_GetSignatureHashAlgorithm _oecc139 #define Level3_EnterTestMode _oecc140 #define Level3_GetDeviceSignedCsrPayload _oecc141 +// Internal-only. +#define Level3_GetEmbeddedDrmCertificate _oecc143 +#define Level3_UseSecondaryKey _oecc144 #endif #define Level3_GetInitializationState _oecl3o01 @@ -261,7 +262,6 @@ OEMCryptoResult Level3_GetOEMPublicCertificate(uint8_t* public_cert, size_t* public_cert_length); OEMCryptoResult Level3_GetDeviceID(uint8_t* deviceID, size_t* idLength); OEMCryptoResult Level3_GetKeyData(uint8_t* keyData, size_t* keyDataLength); -OEMCryptoResult Level3_GetRandom(uint8_t* randomData, size_t dataLength); OEMCryptoResult Level3_LoadOEMPrivateKey(OEMCrypto_SESSION session); OEMCryptoResult Level3_LoadDRMPrivateKey(OEMCrypto_SESSION session, OEMCrypto_PrivateKeyType key_type, @@ -494,6 +494,10 @@ OEMCryptoResult Level3_Generic_Verify(const uint8_t* key_handle, OEMCryptoResult Level3_GetSignatureHashAlgorithm( OEMCrypto_SESSION session, OEMCrypto_SignatureHashAlgorithm* algorithm); OEMCryptoResult Level3_EnterTestMode(void); +OEMCryptoResult Level3_GetEmbeddedDrmCertificate(uint8_t* public_cert, + size_t* public_cert_length); +OEMCryptoResult Level3_UseSecondaryKey(OEMCrypto_SESSION session_id, + bool dual_key); // The following are specific to Google's Level 3 implementation and are not // required. @@ -507,6 +511,30 @@ enum Level3InitializationState { LEVEL3_VERIFY_DEVICE_KEYS_FAILURE = 5, }; +enum Level3RunningMode { + LEVEL3_MODE_HAYSTACK_ONLY = 0, + LEVEL3_MODE_RIKERS_DEFAULT = 1, + LEVEL3_MODE_RIKERS_ONLY = 2, +}; + +/* + * Level3_GetRunningMode + * + * Description: + * Returns the current mode the Level3 is running in. This shouldn't change + * while the processes is running. + * + * Parameters: + * N/A + * + * Threading: + * No other function calls will be made while this function is running. + * + * Version: + * This method is new in API version 19. + */ +Level3RunningMode Level3_GetRunningMode(void); + /* * Level3_GetInitializationState * @@ -560,6 +588,8 @@ void Level3_OutputErrorLogs(); } // extern "C" +namespace wvoec3 { + // The following are interfaces needed for Google's Level 3 OEMCrypto // specifically, which partners are expected to implement. diff --git a/oemcrypto/odk/Android.bp b/oemcrypto/odk/Android.bp index 544c838..f0e918e 100644 --- a/oemcrypto/odk/Android.bp +++ b/oemcrypto/odk/Android.bp @@ -25,6 +25,11 @@ cc_library_static { "vendor/widevine/libwvdrmengine/oemcrypto/odk/include", "vendor/widevine/libwvdrmengine/oemcrypto/odk/src", ], + header_libs: [ + "jni_headers", + "libbase_headers", + "liblog_headers", + ], srcs: [ "src/odk.c", @@ -38,7 +43,7 @@ cc_library_static { proprietary: true, owner: "widevine", - min_sdk_version: "UpsideDownCake", + min_sdk_version: "34", } // ---------------------------------------------------------------- @@ -51,6 +56,11 @@ cc_library_static { "vendor/widevine/libwvdrmengine/oemcrypto/odk/include", "vendor/widevine/libwvdrmengine/oemcrypto/odk/src", ], + header_libs: [ + "jni_headers", + "libbase_headers", + "liblog_headers", + ], srcs: [ "src/core_message_deserialize.cpp", diff --git a/oemcrypto/odk/include/core_message_features.h b/oemcrypto/odk/include/core_message_features.h index 99566c9..06396d5 100644 --- a/oemcrypto/odk/include/core_message_features.h +++ b/oemcrypto/odk/include/core_message_features.h @@ -26,9 +26,9 @@ struct CoreMessageFeatures { // This is the published version of the ODK Core Message library. The default // behavior is for the server to restrict messages to at most this version - // number. The default is 18.4. + // number. The default is 18.5. uint32_t maximum_major_version = 18; - uint32_t maximum_minor_version = 4; + uint32_t maximum_minor_version = 5; bool operator==(const CoreMessageFeatures &other) const; bool operator!=(const CoreMessageFeatures &other) const { diff --git a/oemcrypto/odk/include/odk_structs.h b/oemcrypto/odk/include/odk_structs.h index d97c8ff..b7d8ca0 100644 --- a/oemcrypto/odk/include/odk_structs.h +++ b/oemcrypto/odk/include/odk_structs.h @@ -16,10 +16,10 @@ extern "C" { /* The version of this library. */ #define ODK_MAJOR_VERSION 18 -#define ODK_MINOR_VERSION 4 +#define ODK_MINOR_VERSION 5 /* ODK Version string. Date changed automatically on each release. */ -#define ODK_RELEASE_DATE "ODK v18.4 2023-08-03" +#define ODK_RELEASE_DATE "ODK v18.5 2024-03-21" /* The lowest version number for an ODK message. */ #define ODK_FIRST_VERSION 16 diff --git a/oemcrypto/odk/src/core_message_features.cpp b/oemcrypto/odk/src/core_message_features.cpp index c8a9c3b..94a3d95 100644 --- a/oemcrypto/odk/src/core_message_features.cpp +++ b/oemcrypto/odk/src/core_message_features.cpp @@ -30,7 +30,7 @@ CoreMessageFeatures CoreMessageFeatures::DefaultFeatures( features.maximum_minor_version = 2; // 17.2 break; case 18: - features.maximum_minor_version = 4; // 18.4 + features.maximum_minor_version = 5; // 18.5 break; default: features.maximum_minor_version = 0; diff --git a/oemcrypto/odk/src/odk_timer.c b/oemcrypto/odk/src/odk_timer.c index c837d78..0b503f5 100644 --- a/oemcrypto/odk/src/odk_timer.c +++ b/oemcrypto/odk/src/odk_timer.c @@ -274,7 +274,7 @@ OEMCryptoResult ODK_InitializeSessionValues(ODK_TimerLimits* timer_limits, nonce_values->api_minor_version = 2; break; case 18: - nonce_values->api_minor_version = 4; + nonce_values->api_minor_version = 5; break; default: nonce_values->api_minor_version = 0; diff --git a/oemcrypto/odk/test/odk_test.cpp b/oemcrypto/odk/test/odk_test.cpp index 0c3f92a..c6937c3 100644 --- a/oemcrypto/odk/test/odk_test.cpp +++ b/oemcrypto/odk/test/odk_test.cpp @@ -1216,7 +1216,7 @@ std::vector TestCases() { // number. {16, ODK_MAJOR_VERSION, ODK_MINOR_VERSION, 16, 5}, {17, ODK_MAJOR_VERSION, ODK_MINOR_VERSION, 17, 2}, - {18, ODK_MAJOR_VERSION, ODK_MINOR_VERSION, 18, 4}, + {18, ODK_MAJOR_VERSION, ODK_MINOR_VERSION, 18, 5}, // Here are some known good versions. Make extra sure they work. {ODK_MAJOR_VERSION, 16, 3, 16, 3}, {ODK_MAJOR_VERSION, 16, 4, 16, 4}, @@ -1227,12 +1227,14 @@ std::vector TestCases() { {ODK_MAJOR_VERSION, 18, 2, 18, 2}, {ODK_MAJOR_VERSION, 18, 3, 18, 3}, {ODK_MAJOR_VERSION, 18, 4, 18, 4}, + {ODK_MAJOR_VERSION, 18, 5, 18, 5}, {0, 16, 3, 16, 3}, {0, 16, 4, 16, 4}, {0, 16, 5, 16, 5}, {0, 17, 1, 17, 1}, {0, 17, 2, 17, 2}, - {0, 18, 4, 18, 4}, // Change to 19 when the default version is updated. + {0, 18, 4, 18, 4}, + {0, 18, 5, 18, 5}, }; return test_cases; } diff --git a/oemcrypto/oemcrypto_unittests.gyp b/oemcrypto/oemcrypto_unittests.gyp index e8bba24..d546d7e 100644 --- a/oemcrypto/oemcrypto_unittests.gyp +++ b/oemcrypto/oemcrypto_unittests.gyp @@ -16,6 +16,8 @@ 'platform_specific_dir': 'drm_private_key); // TODO(b/225216277): When result is not OEMCrypto_ERROR_NOT_IMPLEMENTED - // above, uncomment this check + // above, uncomment this check. // if (result == OEMCrypto_SUCCESS) - // NOLINTNEXTLINE result = free_key_result; free_key_result = FreeMacAndEncryptionKeys(session_context); - // TODO(b/225216277): When result is not OEMCrypto_ERROR_NOT_IMPLEMENTED - // above, uncomment this check - // if (result == OEMCrypto_SUCCESS) - result = free_key_result; + if (result == OEMCrypto_SUCCESS) result = free_key_result; if (result != OEMCrypto_SUCCESS) session_context->state = SESSION_INVALID; return result; } @@ -2354,6 +2350,8 @@ OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(const uint8_t* keybox, // TODO(b/225216277): We currently only support keyboxes. return WTPI_UnwrapValidateAndInstallKeybox(keybox, length); #else + (void)keybox; + (void)length; return OEMCrypto_ERROR_NOT_IMPLEMENTED; #endif } @@ -2365,6 +2363,8 @@ OEMCryptoResult OEMCrypto_FactoryInstallBCCSignature(const uint8_t* signature, // TODO: add implementation. return OEMCrypto_ERROR_NOT_IMPLEMENTED; #else + (void)signature; + (void)signature_length; return OEMCrypto_ERROR_NOT_IMPLEMENTED; #endif } @@ -2523,11 +2523,11 @@ OEMCryptoResult OEMCrypto_BuildInformation(char* buffer, "\"form_factor\":\"" XSTR(OPK_CONFIG_DEVICE_FORM_FACTOR) "\"," "\"implementer\":\"" XSTR(OPK_CONFIG_IMPLEMENTER_NAME) "\"," "\"is_factory_build\":\"" - #ifdef FACTORY_BUILD_ONLY +#ifdef FACTORY_BUILD_ONLY "true" - #else +#else "false" - #endif +#endif "\"," "\"fused\":"; @@ -2611,9 +2611,10 @@ OEMCryptoResult OEMCrypto_BuildInformation(char* buffer, "\"MAX_ASYMMETRIC_SIGNATURE_SIZE\":\"" XSTR(MAX_ASYMMETRIC_SIGNATURE_SIZE)"\"" "}" -#endif +#else "," - "\"is_debug\":false," + "\"is_debug\":false" +#endif "}"; const size_t build_info_length1 = strlen(kBuildInfo1); @@ -4198,3 +4199,8 @@ OEMCryptoResult OEMCrypto_GetOEMKeyToken(OEMCrypto_SESSION key_session UNUSED, return OEMCrypto_ERROR_NOT_IMPLEMENTED; } #endif + +OEMCryptoResult OEMCrypto_GetEmbeddedDrmCertificate( + uint8_t* public_cert UNUSED, size_t* public_cert_length UNUSED) { + return OEMCrypto_ERROR_NOT_IMPLEMENTED; +} diff --git a/oemcrypto/opk/oemcrypto_ta/oemcrypto_api_macros.h b/oemcrypto/opk/oemcrypto_ta/oemcrypto_api_macros.h index 969b0e6..66d1fb0 100644 --- a/oemcrypto/opk/oemcrypto_ta/oemcrypto_api_macros.h +++ b/oemcrypto/opk/oemcrypto_ta/oemcrypto_api_macros.h @@ -34,7 +34,7 @@ // version bumps to v17.1, the first released OPK implementation would be // v17.1.0 #define API_MAJOR_VERSION 18 -#define API_MINOR_VERSION 4 +#define API_MINOR_VERSION 5 #define OPK_PATCH_VERSION 0 #endif /* OEMCRYPTO_TA_OEMCRYPTO_API_MACROS_H_ */ diff --git a/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_clock_and_gn_layer1.c b/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_clock_and_gn_layer1.c index 59dcdce..c230351 100644 --- a/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_clock_and_gn_layer1.c +++ b/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_clock_and_gn_layer1.c @@ -70,6 +70,7 @@ static OEMCryptoResult InitializeData(void) { uint8_t buffer[PERSISTENT_DATA_SIZE]; OEMCryptoResult status = WTPI_LoadPersistentData(buffer, &data_length); if (status != OEMCrypto_SUCCESS && status != OPK_ERROR_NO_PERSISTENT_DATA) { + LOGE("Failed to load persistent data with result: %d", status); return status; } uint8_t version_number = buffer[0]; @@ -129,6 +130,39 @@ static OEMCryptoResult SaveData(void) { return WTPI_StorePersistentData(buffer, data_length); } +static OEMCryptoResult GetTrustedTimeAndSave(uint64_t* time_in_s, + bool force_save) { + RETURN_INVALID_CONTEXT_IF_NULL(time_in_s); + OEMCryptoResult status = OEMCrypto_SUCCESS; + if (!gInitialized) { + status = InitializeData(); + if (status != OEMCrypto_SUCCESS) return status; + } + uint64_t hw_timer = 0; + status = WTPI_GetSecureTimer(&hw_timer); + if (status != OEMCrypto_SUCCESS) return status; + uint64_t now = hw_timer + gClockDelta; + // If the hardware clock goes backwards, or the clock delta has not been + // initialized by the saved wall clock, then now might be less than the last + // time. In that case, we increase the delta so that our clock continues to + // move forward. + if (now < gLastTime) { + gClockDelta = gLastTime - hw_timer; + now = gLastTime; + LOGD("Clock drift. update now = %" PRIu64 ", and delta %" PRId64 + " = %" PRIu64 " - %" PRIu64, + now, gClockDelta, gLastTime, hw_timer); + } else { + gLastTime = now; + } + *time_in_s = now; + if (force_save || now > gLastSaveTime + PERIODIC_SAVE_TIME) { + status = SaveData(); + if (status != OEMCrypto_SUCCESS) return status; + } + return OEMCrypto_SUCCESS; +} + /****************************************************************************** The following implement the generation number interface. *******************************************************************************/ @@ -171,39 +205,12 @@ OEMCryptoResult WTPI_InitializeClock(void) { OEMCryptoResult WTPI_TerminateClock(void) { if (!gInitialized) return OEMCrypto_SUCCESS; - return SaveData(); + uint64_t temp = 0; + return GetTrustedTimeAndSave(&temp, true); } OEMCrypto_Clock_Security_Level WTPI_GetClockType(void) { return kSecureTimer; } OEMCryptoResult WTPI_GetTrustedTime(uint64_t* time_in_s) { - RETURN_INVALID_CONTEXT_IF_NULL(time_in_s); - OEMCryptoResult status = OEMCrypto_SUCCESS; - if (!gInitialized) { - status = InitializeData(); - if (status != OEMCrypto_SUCCESS) return status; - } - uint64_t hw_timer = 0; - status = WTPI_GetSecureTimer(&hw_timer); - if (status != OEMCrypto_SUCCESS) return status; - uint64_t now = hw_timer + gClockDelta; - // If the hardware clock goes backwards, or the clock delta has not been - // initialized by the saved wall clock, then now might be less than the last - // time. In that case, we increase the delta so that our clock continues to - // move forward. - if (now < gLastTime) { - gClockDelta = gLastTime - hw_timer; - now = gLastTime; - LOGD("Clock drift. update now = %" PRIu64 ", and delta %" PRId64 - " = %" PRIu64 " - %" PRIu64, - now, gClockDelta, gLastTime, hw_timer); - } else { - gLastTime = now; - } - *time_in_s = now; - if (now > gLastSaveTime + PERIODIC_SAVE_TIME) { - status = SaveData(); - if (status != OEMCrypto_SUCCESS) return status; - } - return OEMCrypto_SUCCESS; + return GetTrustedTimeAndSave(time_in_s, false); } diff --git a/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_config.c b/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_config.c index 43397e9..41de430 100644 --- a/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_config.c +++ b/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_config.c @@ -4,7 +4,6 @@ * License Agreement. */ -#include "config/default.h" #include "opk_config.h" #include "wtpi_config_interface.h" diff --git a/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_and_key_management_layer1_openssl.c b/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_and_key_management_layer1_openssl.c index 0dfce14..2a0bbc2 100644 --- a/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_and_key_management_layer1_openssl.c +++ b/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_and_key_management_layer1_openssl.c @@ -86,19 +86,8 @@ static bool IsKeyValid(uint32_t index) { } static bool IsKeyHandleValid(WTPI_K1_SymmetricKey_Handle key_handle) { - if (key_handle == NULL || key_handle->index >= MAX_NUMBER_OF_KEYS || - !IsKeyValid(key_handle->index)) { - return false; - } - if (!key_handle->is_key_cached) { - for (size_t i = 0; i < sizeof(key_handle->cached_key); i++) { - if (key_handle->cached_key[i] != 0) { - LOGE("The key is not supposed to be cached. Something might be wrong."); - return false; - } - } - } - return true; + return key_handle != NULL && key_handle->index < MAX_NUMBER_OF_KEYS && + IsKeyValid(key_handle->index); } static OEMCryptoResult GetKeyType(WTPI_K1_SymmetricKey_Handle key_handle, @@ -547,9 +536,10 @@ OEMCryptoResult WTPI_K1_DeriveKeyFromKeyHandle( out_key_type, out_key_handle); } -OEMCryptoResult WTPI_K1_WrapKey(uint32_t context, +OEMCryptoResult WTPI_K1_WrapKey(uint32_t context UNUSED, WTPI_K1_SymmetricKey_Handle key_handle, - SymmetricKeyType key_type, uint8_t* wrapped_key, + SymmetricKeyType key_type UNUSED, + uint8_t* wrapped_key, size_t wrapped_key_length) { if (key_handle == NULL || wrapped_key == NULL || wrapped_key_length == 0) { return OEMCrypto_ERROR_INVALID_CONTEXT; @@ -574,8 +564,9 @@ OEMCryptoResult WTPI_K1_WrapKey(uint32_t context, } OEMCryptoResult WTPI_K1_UnwrapIntoKeyHandle( - uint32_t context, const uint8_t* wrapped_key, size_t wrapped_key_length, - SymmetricKeyType key_type, WTPI_K1_SymmetricKey_Handle* out_key_handle) { + uint32_t context UNUSED, const uint8_t* wrapped_key, + size_t wrapped_key_length, SymmetricKeyType key_type, + WTPI_K1_SymmetricKey_Handle* out_key_handle) { if (wrapped_key == NULL || wrapped_key_length == 0 || out_key_handle == NULL) { return OEMCrypto_ERROR_INVALID_CONTEXT; @@ -634,8 +625,8 @@ OEMCryptoResult WTPI_C1_RandomBytes(uint8_t* out, size_t size) { } OEMCryptoResult WTPI_K1_PrepareExternalKeyHandle( - WTPI_K1_SymmetricKey_Handle key_handle, uint8_t* out_buffer, - size_t* out_buffer_length) { + WTPI_K1_SymmetricKey_Handle key_handle UNUSED, uint8_t* out_buffer UNUSED, + size_t* out_buffer_length UNUSED) { return OEMCrypto_ERROR_NOT_IMPLEMENTED; } diff --git a/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_asymmetric.c b/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_asymmetric.c index 74a676a..8be0177 100644 --- a/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_asymmetric.c +++ b/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_asymmetric.c @@ -26,35 +26,22 @@ #include "wtpi_device_key_interface.h" #include "wtpi_logging_interface.h" -// Returns true as long as one byte of ed25519_key is non-zero. -static bool HasED25519Key(WTPI_AsymmetricKey_Handle key_handle) { - for (size_t i = 0; i < ED25519_PRIVATE_KEY_LEN; ++i) { - if (key_handle->ed25519_key[i] != 0) { - return true; - } - } - return false; -} - static bool IsAsymmetricKeyHandleValid(WTPI_AsymmetricKey_Handle key_handle) { if (key_handle == NULL) return false; switch (key_handle->key_type) { case DRM_RSA_PRIVATE_KEY: { if (key_handle->rsa_key == NULL) return false; if (key_handle->ecc_key != NULL) return false; - if (HasED25519Key(key_handle)) return false; break; } case DRM_ECC_PRIVATE_KEY: { if (key_handle->ecc_key == NULL) return false; if (key_handle->rsa_key != NULL) return false; - if (HasED25519Key(key_handle)) return false; break; } case PROV40_ED25519_PRIVATE_KEY: { if (key_handle->ecc_key != NULL) return false; if (key_handle->rsa_key != NULL) return false; - if (!HasED25519Key(key_handle)) return false; break; } default: diff --git a/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/GEN_common_serializer.c b/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/GEN_common_serializer.c index 675a491..d887d79 100644 --- a/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/GEN_common_serializer.c +++ b/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/GEN_common_serializer.c @@ -249,12 +249,20 @@ void OPK_Pack_OEMCrypto_KeyObject(ODK_Message* msg, void OPK_Unpack_OEMCrypto_Substring(ODK_Message* msg, OEMCrypto_Substring* obj) { + OEMCrypto_Substring tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_size_t(msg, &obj->offset); OPK_Unpack_size_t(msg, &obj->length); } void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_0( ODK_Message* msg, OEMCrypto_DTCP2_CMI_Descriptor_0* obj) { + OEMCrypto_DTCP2_CMI_Descriptor_0 tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_uint8_t(msg, &obj->id); OPK_Unpack_uint8_t(msg, &obj->extension); OPK_Unpack_uint16_t(msg, &obj->length); @@ -263,6 +271,10 @@ void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_0( void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_1( ODK_Message* msg, OEMCrypto_DTCP2_CMI_Descriptor_1* obj) { + OEMCrypto_DTCP2_CMI_Descriptor_1 tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_uint8_t(msg, &obj->id); OPK_Unpack_uint8_t(msg, &obj->extension); OPK_Unpack_uint16_t(msg, &obj->length); @@ -271,6 +283,10 @@ void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_1( void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_2( ODK_Message* msg, OEMCrypto_DTCP2_CMI_Descriptor_2* obj) { + OEMCrypto_DTCP2_CMI_Descriptor_2 tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_uint8_t(msg, &obj->id); OPK_Unpack_uint8_t(msg, &obj->extension); OPK_Unpack_uint16_t(msg, &obj->length); @@ -279,6 +295,10 @@ void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_2( void OPK_Unpack_OEMCrypto_DTCP2_CMI_Packet(ODK_Message* msg, OEMCrypto_DTCP2_CMI_Packet* obj) { + OEMCrypto_DTCP2_CMI_Packet tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_uint8_t(msg, &obj->dtcp2_required); OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_0(msg, &obj->cmi_descriptor_0); OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_1(msg, &obj->cmi_descriptor_1); @@ -287,6 +307,10 @@ void OPK_Unpack_OEMCrypto_DTCP2_CMI_Packet(ODK_Message* msg, void OPK_Unpack_OEMCrypto_KeyObject(ODK_Message* msg, OEMCrypto_KeyObject* obj) { + OEMCrypto_KeyObject tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_id); OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_data_iv); OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_data); @@ -302,9 +326,11 @@ void OPK_PackNullable_uint64_t(ODK_Message* msg, const uint64_t* value) { } void OPK_UnpackNullable_uint64_t(ODK_Message* msg, uint64_t** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_uint64_t(msg, *value); + } else { + OPK_Unpack_uint64_t(msg, NULL); } } void OPK_UnpackAlloc_uint64_t(ODK_Message* msg, uint64_t** value) { @@ -321,9 +347,11 @@ void OPK_PackNullable_KeySize(ODK_Message* msg, const KeySize* value) { } void OPK_UnpackNullable_KeySize(ODK_Message* msg, KeySize** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_KeySize(msg, *value); + } else { + OPK_Unpack_KeySize(msg, NULL); } } void OPK_UnpackAlloc_KeySize(ODK_Message* msg, KeySize** value) { @@ -340,9 +368,11 @@ void OPK_PackNullable_uint8_t(ODK_Message* msg, const uint8_t* value) { } void OPK_UnpackNullable_uint8_t(ODK_Message* msg, uint8_t** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_uint8_t(msg, *value); + } else { + OPK_Unpack_uint8_t(msg, NULL); } } void OPK_UnpackAlloc_uint8_t(ODK_Message* msg, uint8_t** value) { @@ -361,9 +391,11 @@ void OPK_PackNullable_OPK_OutputBuffer(ODK_Message* msg, void OPK_UnpackNullable_OPK_OutputBuffer(ODK_Message* msg, OPK_OutputBuffer** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_OPK_OutputBuffer(msg, *value); + } else { + OPK_Unpack_OPK_OutputBuffer(msg, NULL); } } void OPK_PackNullable_WTPI_K1_SymmetricKey_Handle( @@ -376,9 +408,11 @@ void OPK_PackNullable_WTPI_K1_SymmetricKey_Handle( void OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle( ODK_Message* msg, WTPI_K1_SymmetricKey_Handle** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_WTPI_K1_SymmetricKey_Handle(msg, *value); + } else { + OPK_Unpack_WTPI_K1_SymmetricKey_Handle(msg, NULL); } } void OPK_UnpackAlloc_WTPI_K1_SymmetricKey_Handle( @@ -397,9 +431,11 @@ void OPK_PackNullable_size_t(ODK_Message* msg, const size_t* value) { } void OPK_UnpackNullable_size_t(ODK_Message* msg, size_t** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_size_t(msg, *value); + } else { + OPK_Unpack_size_t(msg, NULL); } } void OPK_UnpackAlloc_size_t(ODK_Message* msg, size_t** value) { @@ -418,9 +454,11 @@ void OPK_PackNullable_WTPI_AsymmetricKey_Handle( void OPK_UnpackNullable_WTPI_AsymmetricKey_Handle( ODK_Message* msg, WTPI_AsymmetricKey_Handle** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_WTPI_AsymmetricKey_Handle(msg, *value); + } else { + OPK_Unpack_WTPI_AsymmetricKey_Handle(msg, NULL); } } void OPK_UnpackAlloc_WTPI_AsymmetricKey_Handle( @@ -439,9 +477,11 @@ void OPK_PackNullable_uint32_t(ODK_Message* msg, const uint32_t* value) { } void OPK_UnpackNullable_uint32_t(ODK_Message* msg, uint32_t** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_uint32_t(msg, *value); + } else { + OPK_Unpack_uint32_t(msg, NULL); } } void OPK_UnpackAlloc_uint32_t(ODK_Message* msg, uint32_t** value) { @@ -460,9 +500,11 @@ void OPK_PackNullable_OEMCrypto_SignatureHashAlgorithm( void OPK_UnpackNullable_OEMCrypto_SignatureHashAlgorithm( ODK_Message* msg, OEMCrypto_SignatureHashAlgorithm** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_OEMCrypto_SignatureHashAlgorithm(msg, *value); + } else { + OPK_Unpack_OEMCrypto_SignatureHashAlgorithm(msg, NULL); } } void OPK_UnpackAlloc_OEMCrypto_SignatureHashAlgorithm( @@ -483,9 +525,11 @@ void OPK_PackNullable_AsymmetricKeyType(ODK_Message* msg, void OPK_UnpackNullable_AsymmetricKeyType(ODK_Message* msg, AsymmetricKeyType** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_AsymmetricKeyType(msg, *value); + } else { + OPK_Unpack_AsymmetricKeyType(msg, NULL); } } void OPK_UnpackAlloc_AsymmetricKeyType(ODK_Message* msg, @@ -503,9 +547,11 @@ void OPK_PackNullable_bool(ODK_Message* msg, const bool* value) { } void OPK_UnpackNullable_bool(ODK_Message* msg, bool** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_bool(msg, *value); + } else { + OPK_Unpack_bool(msg, NULL); } } void OPK_UnpackAlloc_bool(ODK_Message* msg, bool** value) { diff --git a/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/common_special_cases.c b/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/common_special_cases.c index 0ad4d9d..aeaf159 100644 --- a/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/common_special_cases.c +++ b/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/common_special_cases.c @@ -31,21 +31,11 @@ void OPK_Pack_WTPI_AsymmetricKey_Handle( void OPK_Unpack_WTPI_K1_SymmetricKey_Handle( ODK_Message* message, WTPI_K1_SymmetricKey_Handle* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_size_t(message, (size_t*)value); } void OPK_Unpack_WTPI_AsymmetricKey_Handle(ODK_Message* message, WTPI_AsymmetricKey_Handle* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_size_t(message, (size_t*)value); } @@ -76,9 +66,9 @@ void OPK_Pack_OPK_OutputBuffer(ODK_Message* message, void OPK_Unpack_OPK_OutputBuffer(ODK_Message* message, OPK_OutputBuffer* value) { + OPK_OutputBuffer tmp_value; if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; + value = &tmp_value; } OPK_Unpack_uint32_t(message, (uint32_t*)&value->type); @@ -117,11 +107,6 @@ void OPK_Pack_SymmetricKeyType(ODK_Message* message, void OPK_Unpack_SymmetricKeyType(ODK_Message* message, SymmetricKeyType* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_int(message, (int*)value); } @@ -137,11 +122,6 @@ void OPK_Pack_AsymmetricKeyType(ODK_Message* message, void OPK_Unpack_AsymmetricKeyType(ODK_Message* message, AsymmetricKeyType* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_int(message, (int*)value); } @@ -157,11 +137,6 @@ void OPK_Pack_RSA_Padding_Scheme(ODK_Message* message, void OPK_Unpack_RSA_Padding_Scheme(ODK_Message* message, RSA_Padding_Scheme* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_uint8_t(message, (uint8_t*)value); } @@ -175,11 +150,6 @@ void OPK_Pack_KeySize(ODK_Message* message, const KeySize* value) { } void OPK_Unpack_KeySize(ODK_Message* message, KeySize* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_int(message, (int*)value); } @@ -209,11 +179,6 @@ void OPK_Pack_OEMCrypto_Clock_Security_Level( void OPK_Unpack_OEMCrypto_Clock_Security_Level( ODK_Message* message, OEMCrypto_Clock_Security_Level* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_uint32_t(message, (uint32_t*)value); } @@ -259,41 +224,21 @@ void OPK_Pack_OEMCrypto_HDCP_Capability( void OPK_Unpack_OEMCrypto_Security_Level(ODK_Message* message, OEMCrypto_Security_Level* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_uint32_t(message, (uint32_t*)value); } void OPK_Unpack_OEMCrypto_ProvisioningMethod( ODK_Message* message, OEMCrypto_ProvisioningMethod* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_uint32_t(message, (uint32_t*)value); } void OPK_Unpack_OEMCrypto_WatermarkingSupport( ODK_Message* message, OEMCrypto_WatermarkingSupport* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_uint32_t(message, (uint32_t*)value); } void OPK_Unpack_OEMCrypto_HDCP_Capability(ODK_Message* message, OEMCrypto_HDCP_Capability* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_uint32_t(message, (uint32_t*)value); } @@ -309,10 +254,5 @@ void OPK_Pack_OEMCrypto_SignatureHashAlgorithm( void OPK_Unpack_OEMCrypto_SignatureHashAlgorithm( ODK_Message* message, OEMCrypto_SignatureHashAlgorithm* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_int(message, (int*)value); } diff --git a/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/GEN_ree_serializer.c b/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/GEN_ree_serializer.c index 140fa7a..f01039e 100644 --- a/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/GEN_ree_serializer.c +++ b/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/GEN_ree_serializer.c @@ -78,7 +78,11 @@ void OPK_Unpack_LoadGenerationNumber_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint64_t(msg, value); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint64_t(msg, value); + } else { + OPK_UnpackNullable_uint64_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -140,7 +144,11 @@ void OPK_Unpack_K1_GetKeySize_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_KeySize(msg, size); + if (SuccessResult(*result)) { + OPK_UnpackNullable_KeySize(msg, size); + } else { + OPK_UnpackNullable_KeySize(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -418,7 +426,11 @@ void OPK_Unpack_K1_CreateKeyHandle_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + } else { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -454,7 +466,11 @@ void OPK_Unpack_K1_DeriveDeviceKeyIntoHandle_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + } else { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -494,7 +510,11 @@ void OPK_Unpack_K1_AESDecryptAndCreateKeyHandle_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + } else { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -536,8 +556,16 @@ void OPK_Unpack_K1_AESDecryptAndCreateKeyHandleForMacKeys_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_mac_key_server); - OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_mac_key_client); + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_mac_key_server); + } else { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, NULL); + } + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_mac_key_client); + } else { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -579,7 +607,11 @@ void OPK_Unpack_K1_DeriveKeyFromKeyHandle_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + } else { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -664,7 +696,11 @@ void OPK_Unpack_K1_UnwrapIntoKeyHandle_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + } else { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -772,7 +808,11 @@ void OPK_Unpack_CreateAsymmetricKeyHandle_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_WTPI_AsymmetricKey_Handle(msg, key_handle); + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_AsymmetricKey_Handle(msg, key_handle); + } else { + OPK_UnpackNullable_WTPI_AsymmetricKey_Handle(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -810,8 +850,16 @@ void OPK_Unpack_UnwrapIntoAsymmetricKeyHandle_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_WTPI_AsymmetricKey_Handle(msg, key_handle); - OPK_UnpackNullable_uint32_t(msg, allowed_schemes); + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_AsymmetricKey_Handle(msg, key_handle); + } else { + OPK_UnpackNullable_WTPI_AsymmetricKey_Handle(msg, NULL); + } + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, allowed_schemes); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -876,7 +924,11 @@ void OPK_Unpack_GetWrappedAsymmetricKeySize_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_size_t(msg, buffer_size); + if (SuccessResult(*result)) { + OPK_UnpackNullable_size_t(msg, buffer_size); + } else { + OPK_UnpackNullable_size_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1144,7 +1196,11 @@ void OPK_Unpack_GetSignatureSize_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_size_t(msg, signature_length); + if (SuccessResult(*result)) { + OPK_UnpackNullable_size_t(msg, signature_length); + } else { + OPK_UnpackNullable_size_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1179,7 +1235,11 @@ void OPK_Unpack_GetSignatureHashAlgorithm_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_OEMCrypto_SignatureHashAlgorithm(msg, hash_algorithm); + if (SuccessResult(*result)) { + OPK_UnpackNullable_OEMCrypto_SignatureHashAlgorithm(msg, hash_algorithm); + } else { + OPK_UnpackNullable_OEMCrypto_SignatureHashAlgorithm(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1252,7 +1312,11 @@ void OPK_Unpack_GetMaxBootCertificateChainSize_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_size_t(msg, out_length); + if (SuccessResult(*result)) { + OPK_UnpackNullable_size_t(msg, out_length); + } else { + OPK_UnpackNullable_size_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1293,7 +1357,11 @@ void OPK_Unpack_GenerateRandomCertificateKeyPair_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_AsymmetricKeyType(msg, key_type); + if (SuccessResult(*result)) { + OPK_UnpackNullable_AsymmetricKeyType(msg, key_type); + } else { + OPK_UnpackNullable_AsymmetricKeyType(msg, NULL); + } if (SuccessResult(*result)) { uint8_t* p; OPK_UnpackInPlace(msg, &p, OPK_FromSizeTPtrPtr(wrapped_private_key_length)); @@ -1498,7 +1566,11 @@ void OPK_Unpack_GetMaxBccKeyCoseSign1Size_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_size_t(msg, out_length); + if (SuccessResult(*result)) { + OPK_UnpackNullable_size_t(msg, out_length); + } else { + OPK_UnpackNullable_size_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1529,7 +1601,11 @@ void OPK_Unpack_GetDeviceFusedStatus_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_bool(msg, is_fused); + if (SuccessResult(*result)) { + OPK_UnpackNullable_bool(msg, is_fused); + } else { + OPK_UnpackNullable_bool(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1559,7 +1635,11 @@ void OPK_Unpack_Crc32Init_Response(ODK_Message* msg, OEMCryptoResult* result, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, initial_hash); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, initial_hash); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1594,7 +1674,11 @@ void OPK_Unpack_Crc32Cont_Response(ODK_Message* msg, OEMCryptoResult* result, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, new_crc); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, new_crc); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1645,7 +1729,11 @@ void OPK_Unpack_Crc32Cont_OutputBuffer_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, new_crc); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, new_crc); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1676,7 +1764,11 @@ void OPK_Unpack_GetTrustedTime_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint64_t(msg, time_in_s); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint64_t(msg, time_in_s); + } else { + OPK_UnpackNullable_uint64_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1919,7 +2011,11 @@ void OPK_Unpack_GetCurrentSRMVersion_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, srm_version); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, srm_version); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -2276,7 +2372,11 @@ void OPK_Unpack_GetEncryptAndSignSize_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_size_t(msg, wrapped_length); + if (SuccessResult(*result)) { + OPK_UnpackNullable_size_t(msg, wrapped_length); + } else { + OPK_UnpackNullable_size_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -2406,7 +2506,11 @@ void OPK_Unpack_VerifyAndDecryptUsageData_Legacy_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint8_t(msg, out); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint8_t(msg, out); + } else { + OPK_UnpackNullable_uint8_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { diff --git a/oemcrypto/opk/ports/linux/common/tos_secure_buffers.c b/oemcrypto/opk/ports/linux/common/tos_secure_buffers.c index 841c723..fb9351b 100644 --- a/oemcrypto/opk/ports/linux/common/tos_secure_buffers.c +++ b/oemcrypto/opk/ports/linux/common/tos_secure_buffers.c @@ -30,5 +30,7 @@ void TOS_SecureBuffer_Unpack(ODK_Message* message, bool TOS_SecureBuffer_CheckSize(void* handle, size_t size) { /* without real secure memory, there's nothing we can do here */ + (void)handle; + (void)size; return true; } diff --git a/oemcrypto/opk/ports/linux/common/tos_transport.cpp b/oemcrypto/opk/ports/linux/common/tos_transport.cpp index 8e39108..e8d431e 100644 --- a/oemcrypto/opk/ports/linux/common/tos_transport.cpp +++ b/oemcrypto/opk/ports/linux/common/tos_transport.cpp @@ -91,6 +91,7 @@ ODK_Message TOS_Transport_GetResponse() { void TOS_Transport_ReleaseMessage(ODK_Message* message) { // resources are static, nothing to do here + (void)message; } // Get the size of the message from the mailbox and return it diff --git a/oemcrypto/opk/ports/linux/ta/common/tee_simulator.cpp b/oemcrypto/opk/ports/linux/ta/common/tee_simulator.cpp index 258f391..a0a1a9e 100644 --- a/oemcrypto/opk/ports/linux/ta/common/tee_simulator.cpp +++ b/oemcrypto/opk/ports/linux/ta/common/tee_simulator.cpp @@ -20,6 +20,7 @@ static pthread_t main_thread_tid; static bool thread_running = false; void signalHandler(int signum) { + (void)signum; // TODO(fredgc): this doesn't actually kill anything because the main loop is // stuck waiting for a new message. thread_running = false; @@ -32,6 +33,7 @@ void signalHandler(int signum) { static uint8_t local_buffer[OPK_TRANSPORT_MESSAGE_SIZE]; static void* MainLoop(void* arg) { + (void)arg; OPK_Initialize(); thread_running = true; while (thread_running) { @@ -74,7 +76,7 @@ static void* MainLoop(void* arg) { return nullptr; } -int main(int argc, char** argv) { +int main() { pthread_attr_t p_attr; int result = pthread_attr_init(&p_attr); diff --git a/oemcrypto/opk/ports/optee/Makefile b/oemcrypto/opk/ports/optee/Makefile index 1686be9..82dcc6f 100644 --- a/oemcrypto/opk/ports/optee/Makefile +++ b/oemcrypto/opk/ports/optee/Makefile @@ -38,7 +38,8 @@ DEVICE_FORM_FACTOR := test # overridden later by OP-TEE $(PLATFORM) var. Feel fr IMPLEMENTER := your-name-here OPTEE_PROVISIONING_METHOD := OEMCrypto_Keybox -# set to ECC to generate an EC keypair instead of RSA +# Key type generated by OEMCrypto_GenerateCertificateKeyPair() +# Options are "RSA" or "ECC" OEMCRYPTO_GEN_KEYPAIR_TYPE := RSA # Default toolchain dir from the optee repositories diff --git a/oemcrypto/opk/ports/optee/scripts/qemu-check.py b/oemcrypto/opk/ports/optee/scripts/qemu-check.py index b366664..b64f16a 100644 --- a/oemcrypto/opk/ports/optee/scripts/qemu-check.py +++ b/oemcrypto/opk/ports/optee/scripts/qemu-check.py @@ -56,7 +56,7 @@ def main(argv): else: spawn_cmd = _QEMU.value + ' -nographic -monitor none -machine virt -machine secure=on -cpu cortex-a15 -smp ' + str(_QEMU_SMP.value) + ' -d unimp -semihosting-config enable=on,target=native -m ' + str(_QEMU_MEM.value) + ' -serial stdio -serial ' + tee_serial_out + ' -bios ' + _QEMU_BIOS.value + ' -fsdev local,id=fsdev0,path=' + os.environ['OPTEE_DIR'] + ',security_model=none -device virtio-9p-device,fsdev=fsdev0,mount_tag=host' - child = pexpect.spawn(spawn_cmd, encoding='utf-8', timeout=1800) + child = pexpect.spawn(spawn_cmd, encoding='utf-8', timeout=3600) p = None if _QUIET.value == False: diff --git a/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/genkeypair_ecc.c b/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/genkeypair_ecc.c index b906804..18ff0fd 100644 --- a/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/genkeypair_ecc.c +++ b/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/genkeypair_ecc.c @@ -7,6 +7,7 @@ #include "der_parse.h" #include "oemcrypto_check_macros.h" #include "opk_config.h" +#include "wtpi_logging_interface.h" #include "wtpi_provisioning_4_interface.h" static OEMCryptoResult NewEccKeyPair(uint8_t* private_key_data, @@ -21,7 +22,7 @@ static OEMCryptoResult NewEccKeyPair(uint8_t* private_key_data, size_t raw_pub_y_len = sizeof(raw_pub_y); size_t raw_priv_len = sizeof(raw_priv); - uint32_t curve_type = TEE_ECC_CURVE_NIST_P256; + const uint32_t curve_type = TEE_ECC_CURVE_NIST_P256; TEE_Result tee_res = TEE_SUCCESS; TEE_ObjectHandle key = TEE_HANDLE_NULL; @@ -139,6 +140,10 @@ OEMCryptoResult WTPI_GenerateRandomCertificateKeyPair( if (result != OEMCrypto_SUCCESS) return result; if (*wrapped_private_key_length < actual_wrapped_private_key_length) { // This should not happen as we have checked buffer size. + LOGE( + "wrapped_private_key_length=%zu, " + "WTPI_GetWrappedAsymmetricKeySize()=%zu, which should not happen", + *wrapped_private_key_length, actual_wrapped_private_key_length); *wrapped_private_key_length = actual_wrapped_private_key_length; return OEMCrypto_ERROR_SHORT_BUFFER; } diff --git a/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/wtpi_crypto_and_key_management_layer1.c b/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/wtpi_crypto_and_key_management_layer1.c index eb56257..bcce90a 100644 --- a/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/wtpi_crypto_and_key_management_layer1.c +++ b/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/wtpi_crypto_and_key_management_layer1.c @@ -131,7 +131,7 @@ static OEMCryptoResult Helper_AESCBC(WTPI_K1_SymmetricKey_Handle key, if (output_len != in_length) { EMSG("output_len was changed to %zu", output_len); } - return OEMCrypto_ERROR_UNKNOWN_FAILURE; + goto err; } if (op_handle != TEE_HANDLE_NULL) TEE_FreeOperation(op_handle); if (key_handle != TEE_HANDLE_NULL) TEE_FreeTransientObject(key_handle); @@ -686,7 +686,7 @@ OEMCryptoResult WTPI_K1_DeriveKeyFromKeyHandle( if (output_len != KEY_SIZE_128) { EMSG("output_len was changed to %zu", output_len); } - return OEMCrypto_ERROR_UNKNOWN_FAILURE; + goto err; } } diff --git a/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/wtpi_crypto_asymmetric.c b/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/wtpi_crypto_asymmetric.c index f5cb900..2355855 100644 --- a/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/wtpi_crypto_asymmetric.c +++ b/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/wtpi_crypto_asymmetric.c @@ -43,6 +43,14 @@ static OEMCryptoResult Helper_CreateRSAKeyHandle( if (res != OEMCrypto_SUCCESS) { EMSG("RSA DER parsing failed with result %d", res); WTPI_FreeAsymmetricKeyHandle(sess); + TEE_Free(sess_key->modulus); + TEE_Free(sess_key->exp1); + TEE_Free(sess_key->exp2); + TEE_Free(sess_key->prime1); + TEE_Free(sess_key->prime2); + TEE_Free(sess_key->coefficient); + TEE_Free(sess_key->public_exp); + TEE_Free(sess_key->private_exp); TEE_Free(sess_key); return OEMCrypto_ERROR_INVALID_KEY; } @@ -127,6 +135,9 @@ static OEMCryptoResult Helper_CreateECCKeyHandle( if (res != OEMCrypto_SUCCESS) { EMSG("ECC DER parsing failed with result %d", res); WTPI_FreeAsymmetricKeyHandle(sess); + TEE_Free(sess_key->private_val); + TEE_Free(sess_key->public_x); + TEE_Free(sess_key->public_y); TEE_Free(sess_key); return OEMCrypto_ERROR_INVALID_RSA_KEY; } diff --git a/oemcrypto/opk/ports/optee/ta/oemcrypto_ta/oemcrypto_ta.c b/oemcrypto/opk/ports/optee/ta/oemcrypto_ta/oemcrypto_ta.c index 8829d65..91db916 100644 --- a/oemcrypto/opk/ports/optee/ta/oemcrypto_ta/oemcrypto_ta.c +++ b/oemcrypto/opk/ports/optee/ta/oemcrypto_ta/oemcrypto_ta.c @@ -98,13 +98,20 @@ static TEE_Result HandleRequest(uint32_t param_types, TEE_Param params[4]) { return TEE_ERROR_BAD_PARAMETERS; } - size_t request_size = (size_t)(params[2].value.a); - if (request_size > OPK_TRANSPORT_MESSAGE_SIZE) { - DMSG("Size too large. Input is %zu, limit is %d\n", request_size, + size_t transport_size = params[1].memref.size; + if (transport_size > OPK_TRANSPORT_MESSAGE_SIZE) { + DMSG("Size too large. transport size is %d, limit is %d\n", transport_size, OPK_TRANSPORT_MESSAGE_SIZE); return TEE_ERROR_BAD_PARAMETERS; } + size_t request_size = (size_t)(params[2].value.a); + if (request_size > transport_size) { + DMSG("Size too large. Input is %zu, limit is %d\n", request_size, + transport_size); + return TEE_ERROR_BAD_PARAMETERS; + } + /* * The request message data must be copied into a local buffer * so the contents can't be modified while being parsed. diff --git a/oemcrypto/opk/serialization/common/GEN_common_serializer.c b/oemcrypto/opk/serialization/common/GEN_common_serializer.c index 67775bf..dc23290 100644 --- a/oemcrypto/opk/serialization/common/GEN_common_serializer.c +++ b/oemcrypto/opk/serialization/common/GEN_common_serializer.c @@ -256,6 +256,7 @@ bool Is_Valid_OEMCrypto_ProvisioningMethod(uint32_t value) { case 2: /* OEMCrypto_Keybox */ case 3: /* OEMCrypto_OEMCertificate */ case 4: /* OEMCrypto_BootCertificateChain */ + case 5: /* OEMCrypto_DrmReprovisioning */ return true; default: return false; @@ -453,12 +454,20 @@ void OPK_Pack_OEMCrypto_KeyRefreshObject( void OPK_Unpack_OEMCrypto_Substring(ODK_Message* msg, OEMCrypto_Substring* obj) { + OEMCrypto_Substring tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_size_t(msg, &obj->offset); OPK_Unpack_size_t(msg, &obj->length); } void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_0( ODK_Message* msg, OEMCrypto_DTCP2_CMI_Descriptor_0* obj) { + OEMCrypto_DTCP2_CMI_Descriptor_0 tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_uint8_t(msg, &obj->id); OPK_Unpack_uint8_t(msg, &obj->extension); OPK_Unpack_uint16_t(msg, &obj->length); @@ -467,6 +476,10 @@ void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_0( void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_1( ODK_Message* msg, OEMCrypto_DTCP2_CMI_Descriptor_1* obj) { + OEMCrypto_DTCP2_CMI_Descriptor_1 tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_uint8_t(msg, &obj->id); OPK_Unpack_uint8_t(msg, &obj->extension); OPK_Unpack_uint16_t(msg, &obj->length); @@ -475,6 +488,10 @@ void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_1( void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_2( ODK_Message* msg, OEMCrypto_DTCP2_CMI_Descriptor_2* obj) { + OEMCrypto_DTCP2_CMI_Descriptor_2 tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_uint8_t(msg, &obj->id); OPK_Unpack_uint8_t(msg, &obj->extension); OPK_Unpack_uint16_t(msg, &obj->length); @@ -483,6 +500,10 @@ void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_2( void OPK_Unpack_OEMCrypto_DTCP2_CMI_Packet(ODK_Message* msg, OEMCrypto_DTCP2_CMI_Packet* obj) { + OEMCrypto_DTCP2_CMI_Packet tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_uint8_t(msg, &obj->dtcp2_required); OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_0(msg, &obj->cmi_descriptor_0); OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_1(msg, &obj->cmi_descriptor_1); @@ -491,6 +512,10 @@ void OPK_Unpack_OEMCrypto_DTCP2_CMI_Packet(ODK_Message* msg, void OPK_Unpack_OEMCrypto_KeyObject(ODK_Message* msg, OEMCrypto_KeyObject* obj) { + OEMCrypto_KeyObject tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_id); OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_data_iv); OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_data); @@ -500,8 +525,12 @@ void OPK_Unpack_OEMCrypto_KeyObject(ODK_Message* msg, void OPK_Unpack_OEMCrypto_InputOutputPair(ODK_Message* msg, OEMCrypto_InputOutputPair* obj) { + OEMCrypto_InputOutputPair tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_size_t(msg, &obj->input_data_length); - OEMCrypto_SharedMemory* input_data; + OEMCrypto_SharedMemory* input_data = NULL; OPK_UnpackSharedBuffer(msg, &input_data, OPK_ToLengthType(obj->input_data_length), /* map */ true, /* is_output */ false); @@ -511,6 +540,10 @@ void OPK_Unpack_OEMCrypto_InputOutputPair(ODK_Message* msg, void OPK_Unpack_OEMCrypto_SubSampleDescription( ODK_Message* msg, OEMCrypto_SubSampleDescription* obj) { + OEMCrypto_SubSampleDescription tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_size_t(msg, &obj->num_bytes_clear); OPK_Unpack_size_t(msg, &obj->num_bytes_encrypted); OPK_Unpack_uint8_t(msg, &obj->subsample_flags); @@ -519,10 +552,14 @@ void OPK_Unpack_OEMCrypto_SubSampleDescription( void OPK_Unpack_OEMCrypto_SampleDescription(ODK_Message* msg, OEMCrypto_SampleDescription* obj) { + OEMCrypto_SampleDescription tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_size_t(msg, &obj->subsamples_length); OPK_Unpack_OEMCrypto_InputOutputPair(msg, &obj->buffers); OPK_UnpackArray(msg, &obj->iv[0], sizeof(obj->iv)); - OEMCrypto_SubSampleDescription* subsamples; + OEMCrypto_SubSampleDescription* subsamples = NULL; /* unpack object array with unpacker function * OPK_Unpack_OEMCrypto_SubSampleDescription */ @@ -559,12 +596,20 @@ void OPK_Unpack_OEMCrypto_SampleDescription(ODK_Message* msg, void OPK_Unpack_OEMCrypto_CENCEncryptPatternDesc( ODK_Message* msg, OEMCrypto_CENCEncryptPatternDesc* obj) { + OEMCrypto_CENCEncryptPatternDesc tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_size_t(msg, &obj->encrypt); OPK_Unpack_size_t(msg, &obj->skip); } void OPK_Unpack_OEMCrypto_EntitledContentKeyObject( ODK_Message* msg, OEMCrypto_EntitledContentKeyObject* obj) { + OEMCrypto_EntitledContentKeyObject tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_OEMCrypto_Substring(msg, &obj->entitlement_key_id); OPK_Unpack_OEMCrypto_Substring(msg, &obj->content_key_id); OPK_Unpack_OEMCrypto_Substring(msg, &obj->content_key_data_iv); @@ -575,6 +620,10 @@ void OPK_Unpack_OEMCrypto_EntitledContentKeyObject( void OPK_Unpack_OEMCrypto_CENCEncryptPatternDesc_V15( ODK_Message* msg, OEMCrypto_CENCEncryptPatternDesc_V15* obj) { + OEMCrypto_CENCEncryptPatternDesc_V15 tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_size_t(msg, &obj->encrypt); OPK_Unpack_size_t(msg, &obj->skip); OPK_Unpack_size_t(msg, &obj->offset); @@ -582,6 +631,10 @@ void OPK_Unpack_OEMCrypto_CENCEncryptPatternDesc_V15( void OPK_Unpack_OEMCrypto_EntitledContentKeyObject_V16( ODK_Message* msg, OEMCrypto_EntitledContentKeyObject_V16* obj) { + OEMCrypto_EntitledContentKeyObject_V16 tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_OEMCrypto_Substring(msg, &obj->entitlement_key_id); OPK_Unpack_OEMCrypto_Substring(msg, &obj->content_key_id); OPK_Unpack_OEMCrypto_Substring(msg, &obj->content_key_data_iv); @@ -590,6 +643,10 @@ void OPK_Unpack_OEMCrypto_EntitledContentKeyObject_V16( void OPK_Unpack_OEMCrypto_KeyRefreshObject(ODK_Message* msg, OEMCrypto_KeyRefreshObject* obj) { + OEMCrypto_KeyRefreshObject tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_id); OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_control_iv); OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_control); @@ -603,9 +660,11 @@ void OPK_PackNullable_uint32_t(ODK_Message* msg, const uint32_t* value) { } void OPK_UnpackNullable_uint32_t(ODK_Message* msg, uint32_t** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_uint32_t(msg, *value); + } else { + OPK_Unpack_uint32_t(msg, NULL); } } void OPK_UnpackAlloc_uint32_t(ODK_Message* msg, uint32_t** value) { @@ -622,9 +681,11 @@ void OPK_PackNullable_size_t(ODK_Message* msg, const size_t* value) { } void OPK_UnpackNullable_size_t(ODK_Message* msg, size_t** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_size_t(msg, *value); + } else { + OPK_Unpack_size_t(msg, NULL); } } void OPK_UnpackAlloc_size_t(ODK_Message* msg, size_t** value) { @@ -643,9 +704,11 @@ void OPK_PackNullable_OEMCrypto_EntitledContentKeyObject( void OPK_UnpackNullable_OEMCrypto_EntitledContentKeyObject( ODK_Message* msg, OEMCrypto_EntitledContentKeyObject** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_OEMCrypto_EntitledContentKeyObject(msg, *value); + } else { + OPK_Unpack_OEMCrypto_EntitledContentKeyObject(msg, NULL); } } void OPK_PackNullable_OEMCrypto_CENCEncryptPatternDesc( @@ -658,9 +721,11 @@ void OPK_PackNullable_OEMCrypto_CENCEncryptPatternDesc( void OPK_UnpackNullable_OEMCrypto_CENCEncryptPatternDesc( ODK_Message* msg, OEMCrypto_CENCEncryptPatternDesc** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_OEMCrypto_CENCEncryptPatternDesc(msg, *value); + } else { + OPK_Unpack_OEMCrypto_CENCEncryptPatternDesc(msg, NULL); } } void OPK_PackNullable_OEMCrypto_DestBufferDesc( @@ -673,9 +738,11 @@ void OPK_PackNullable_OEMCrypto_DestBufferDesc( void OPK_UnpackNullable_OEMCrypto_DestBufferDesc( ODK_Message* msg, OEMCrypto_DestBufferDesc** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_OEMCrypto_DestBufferDesc(msg, *value); + } else { + OPK_Unpack_OEMCrypto_DestBufferDesc(msg, NULL); } } void OPK_PackNullable_uint16_t(ODK_Message* msg, const uint16_t* value) { @@ -686,9 +753,11 @@ void OPK_PackNullable_uint16_t(ODK_Message* msg, const uint16_t* value) { } void OPK_UnpackNullable_uint16_t(ODK_Message* msg, uint16_t** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_uint16_t(msg, *value); + } else { + OPK_Unpack_uint16_t(msg, NULL); } } void OPK_UnpackAlloc_uint16_t(ODK_Message* msg, uint16_t** value) { @@ -713,9 +782,11 @@ void OPK_PackNullable_int(ODK_Message* msg, const int* value) { } void OPK_UnpackNullable_int(ODK_Message* msg, int** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_int(msg, *value); + } else { + OPK_Unpack_int(msg, NULL); } } void OPK_UnpackAlloc_int(ODK_Message* msg, int** value) { diff --git a/oemcrypto/opk/serialization/common/common_special_cases.c b/oemcrypto/opk/serialization/common/common_special_cases.c index edd2019..19d60f2 100644 --- a/oemcrypto/opk/serialization/common/common_special_cases.c +++ b/oemcrypto/opk/serialization/common/common_special_cases.c @@ -62,9 +62,9 @@ void OPK_Pack_OEMCrypto_DestBufferDesc(ODK_Message* message, */ void OPK_Unpack_OEMCrypto_DestBufferDesc(ODK_Message* message, OEMCrypto_DestBufferDesc* obj) { + OEMCrypto_DestBufferDesc temp_destbuf; if (obj == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; + obj = &temp_destbuf; } OPK_Unpack_uint32_t(message, (uint32_t*)&obj->type); switch (obj->type) { diff --git a/oemcrypto/opk/serialization/common/opk_serialization_base.c b/oemcrypto/opk/serialization/common/opk_serialization_base.c index f579a5f..0e01eb5 100644 --- a/oemcrypto/opk/serialization/common/opk_serialization_base.c +++ b/oemcrypto/opk/serialization/common/opk_serialization_base.c @@ -249,11 +249,17 @@ static bool CheckTag(ODK_Message* message, TagType tag) { } void OPK_Unpack_bool(ODK_Message* message, bool* value) { - if (!CheckTag(message, TAG_BOOL)) return; - uint8_t b = 0; - UnpackBytes(message, &b, sizeof(b)); - assert(value); - *value = b ? true : false; + if (!CheckTag(message, TAG_BOOL)) { + OPK_Init_bool(value); + return; + } + if (value) { + uint8_t b = 0; + UnpackBytes(message, &b, sizeof(b)); + *value = b ? true : false; + } else { + UnpackBytes(message, NULL, sizeof(uint8_t)); + } } static uint64_t Unpack64(ODK_Message* message) { @@ -271,46 +277,79 @@ static uint64_t Unpack64(ODK_Message* message) { } void OPK_Unpack_int(ODK_Message* message, int* value) { - if (!CheckTag(message, TAG_INT)) return; - assert(value); - *value = (int)Unpack64(message); + if (!CheckTag(message, TAG_INT)) { + OPK_Init_int(value); + return; + } + if (value) { + *value = (int)Unpack64(message); + } else { + Unpack64(message); + } } void OPK_Unpack_size_t(ODK_Message* message, size_t* value) { - if (!CheckTag(message, TAG_SIZE_T)) return; - assert(value); - *value = (size_t)Unpack64(message); + if (!CheckTag(message, TAG_SIZE_T)) { + OPK_Init_size_t(value); + return; + } + if (value) { + *value = (size_t)Unpack64(message); + } else { + Unpack64(message); + } } void OPK_Unpack_uint8_t(ODK_Message* message, uint8_t* value) { - if (!CheckTag(message, TAG_UINT8)) return; + if (!CheckTag(message, TAG_UINT8)) { + OPK_Init_uint8_t(value); + return; + } UnpackBytes(message, value, sizeof(*value)); } void OPK_Unpack_uint16_t(ODK_Message* message, uint16_t* value) { - if (!CheckTag(message, TAG_UINT16)) return; - assert(value); - uint8_t buf[sizeof(uint16_t)] = {0}; - UnpackBytes(message, buf, sizeof(buf)); - *value = buf[0]; - *value |= (uint16_t)buf[1] << 8; + if (!CheckTag(message, TAG_UINT16)) { + OPK_Init_uint16_t(value); + return; + } + if (value) { + uint8_t buf[sizeof(uint16_t)] = {0}; + UnpackBytes(message, buf, sizeof(buf)); + *value = buf[0]; + *value |= (uint16_t)buf[1] << 8; + } else { + UnpackBytes(message, NULL, sizeof(uint16_t)); + } } void OPK_Unpack_uint32_t(ODK_Message* message, uint32_t* value) { - if (!CheckTag(message, TAG_UINT32)) return; - assert(value); - uint8_t buf[sizeof(uint32_t)] = {0}; - UnpackBytes(message, buf, sizeof(buf)); - *value = buf[0]; - *value |= (uint32_t)buf[1] << 8; - *value |= (uint32_t)buf[2] << 16; - *value |= (uint32_t)buf[3] << 24; + if (!CheckTag(message, TAG_UINT32)) { + OPK_Init_uint32_t(value); + return; + } + if (value) { + uint8_t buf[sizeof(uint32_t)] = {0}; + UnpackBytes(message, buf, sizeof(buf)); + *value = buf[0]; + *value |= (uint32_t)buf[1] << 8; + *value |= (uint32_t)buf[2] << 16; + *value |= (uint32_t)buf[3] << 24; + } else { + UnpackBytes(message, NULL, sizeof(uint32_t)); + } } void OPK_Unpack_uint64_t(ODK_Message* message, uint64_t* value) { - if (!CheckTag(message, TAG_UINT64)) return; - assert(value); - *value = Unpack64(message); + if (!CheckTag(message, TAG_UINT64)) { + OPK_Init_uint64_t(value); + return; + } + if (value) { + *value = Unpack64(message); + } else { + Unpack64(message); + } } bool OPK_UnpackBoolValue(ODK_Message* message) { diff --git a/oemcrypto/opk/serialization/ree/GEN_oemcrypto_api.c b/oemcrypto/opk/serialization/ree/GEN_oemcrypto_api.c index 324703f..b9418cc 100644 --- a/oemcrypto/opk/serialization/ree/GEN_oemcrypto_api.c +++ b/oemcrypto/opk/serialization/ree/GEN_oemcrypto_api.c @@ -2966,3 +2966,37 @@ cleanup_and_return: pthread_mutex_unlock(&api_lock); return result; } + +OEMCRYPTO_API OEMCryptoResult OEMCrypto_GetEmbeddedDrmCertificate( + uint8_t* public_cert, size_t* public_cert_length) { + pthread_mutex_lock(&api_lock); + OEMCryptoResult result = OEMCrypto_ERROR_UNKNOWN_FAILURE; + ODK_Message request = ODK_Message_Create(NULL, 0); + ODK_Message response = ODK_Message_Create(NULL, 0); + + API_Initialize(); + request = OPK_Pack_GetEmbeddedDrmCertificate_Request(public_cert, + public_cert_length); + if (ODK_Message_GetStatus(&request) != MESSAGE_STATUS_OK) { + if (ODK_Message_GetStatus(&request) == MESSAGE_STATUS_BUFFER_TOO_LARGE) { + api_result = OEMCrypto_ERROR_BUFFER_TOO_LARGE; + } else { + api_result = OEMCrypto_ERROR_UNKNOWN_FAILURE; + } + goto cleanup_and_return; + } + response = API_Transact(&request); + OPK_Unpack_GetEmbeddedDrmCertificate_Response( + &response, &result, &public_cert, &public_cert_length); + + if (ODK_Message_GetStatus(&response) != MESSAGE_STATUS_OK) { + api_result = OEMCrypto_ERROR_UNKNOWN_FAILURE; + } +cleanup_and_return: + TOS_Transport_ReleaseMessage(&request); + TOS_Transport_ReleaseMessage(&response); + + result = API_CheckResult(result); + pthread_mutex_unlock(&api_lock); + return result; +} diff --git a/oemcrypto/opk/serialization/ree/GEN_ree_serializer.c b/oemcrypto/opk/serialization/ree/GEN_ree_serializer.c index a927db2..ec0cd5f 100644 --- a/oemcrypto/opk/serialization/ree/GEN_ree_serializer.c +++ b/oemcrypto/opk/serialization/ree/GEN_ree_serializer.c @@ -216,7 +216,11 @@ void OPK_Unpack_OpenSession_Response(ODK_Message* msg, OEMCryptoResult* result, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, session); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, session); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -364,7 +368,11 @@ void OPK_Unpack_GenerateNonce_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, nonce); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, nonce); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -641,7 +649,11 @@ void OPK_Unpack_CreateEntitledKeySession_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, key_session); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, key_session); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1644,17 +1656,25 @@ void OPK_Unpack_GetHDCPCapability_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, current); - if (*current) { - if (!Is_Valid_OEMCrypto_HDCP_Capability(**current)) { - ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, current); + if (*current) { + if (!Is_Valid_OEMCrypto_HDCP_Capability(**current)) { + ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + } } + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); } - OPK_UnpackNullable_uint32_t(msg, maximum); - if (*maximum) { - if (!Is_Valid_OEMCrypto_HDCP_Capability(**maximum)) { - ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, maximum); + if (*maximum) { + if (!Is_Valid_OEMCrypto_HDCP_Capability(**maximum)) { + ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + } } + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); } OPK_UnpackEOM(msg); @@ -1687,11 +1707,15 @@ void OPK_Unpack_GetDTCP2Capability_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, capability); - if (*capability) { - if (!Is_Valid_OEMCrypto_DTCP2_Capability(**capability)) { - ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, capability); + if (*capability) { + if (!Is_Valid_OEMCrypto_DTCP2_Capability(**capability)) { + ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + } } + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); } OPK_UnpackEOM(msg); @@ -1788,7 +1812,11 @@ void OPK_Unpack_GetNumberOfOpenSessions_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_size_t(msg, count); + if (SuccessResult(*result)) { + OPK_UnpackNullable_size_t(msg, count); + } else { + OPK_UnpackNullable_size_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1819,7 +1847,11 @@ void OPK_Unpack_GetMaxNumberOfSessions_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_size_t(msg, max); + if (SuccessResult(*result)) { + OPK_UnpackNullable_size_t(msg, max); + } else { + OPK_UnpackNullable_size_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1872,7 +1904,11 @@ void OPK_Unpack_GetCurrentSRMVersion_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint16_t(msg, version); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint16_t(msg, version); + } else { + OPK_UnpackNullable_uint16_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -2003,11 +2039,15 @@ void OPK_Unpack_GetSignatureHashAlgorithm_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, algorithm); - if (*algorithm) { - if (!Is_Valid_OEMCrypto_SignatureHashAlgorithm(**algorithm)) { - ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, algorithm); + if (*algorithm) { + if (!Is_Valid_OEMCrypto_SignatureHashAlgorithm(**algorithm)) { + ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + } } + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); } OPK_UnpackEOM(msg); @@ -2334,7 +2374,11 @@ void OPK_Unpack_CreateNewUsageEntry_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, usage_entry_number); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, usage_entry_number); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -2733,11 +2777,15 @@ void OPK_Unpack_GenerateCertificateKeyPair_Response( OPK_SafeDerefSizeTPtrPtr(wrapped_private_key_length)); } } - OPK_UnpackNullable_uint32_t(msg, key_type); - if (*key_type) { - if (!Is_Valid_OEMCrypto_PrivateKeyType(**key_type)) { - ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, key_type); + if (*key_type) { + if (!Is_Valid_OEMCrypto_PrivateKeyType(**key_type)) { + ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + } } + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); } OPK_UnpackEOM(msg); @@ -2982,7 +3030,11 @@ void OPK_Unpack_GetHashErrorCode_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, failed_frame_number); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, failed_frame_number); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -3018,8 +3070,16 @@ void OPK_Unpack_AllocateSecureBuffer_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_OEMCrypto_DestBufferDesc(msg, output_descriptor); - OPK_UnpackNullable_int(msg, secure_fd); + if (SuccessResult(*result)) { + OPK_UnpackNullable_OEMCrypto_DestBufferDesc(msg, output_descriptor); + } else { + OPK_UnpackNullable_OEMCrypto_DestBufferDesc(msg, NULL); + } + if (SuccessResult(*result)) { + OPK_UnpackNullable_int(msg, secure_fd); + } else { + OPK_UnpackNullable_int(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -3036,7 +3096,7 @@ ODK_Message OPK_Pack_FreeSecureBuffer_Request( uint64_t timestamp = time(0); OPK_Pack_uint64_t(&msg, ×tamp); OPK_Pack_uint32_t(&msg, &session); - OPK_PackIsNull(&msg, output_descriptor); + OPK_PackNullable_OEMCrypto_DestBufferDesc(&msg, output_descriptor); OPK_Pack_int(&msg, &secure_fd); OPK_PackEOM(&msg); OPK_SharedBuffer_FinalizePacking(); @@ -3092,8 +3152,16 @@ void OPK_Unpack_OPK_SerializationVersion_Response( } OPK_UnpackNullable_uint32_t(msg, ree_major); OPK_UnpackNullable_uint32_t(msg, ree_minor); - OPK_UnpackNullable_uint32_t(msg, tee_major); - OPK_UnpackNullable_uint32_t(msg, tee_minor); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, tee_major); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, tee_minor); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -3180,3 +3248,43 @@ void OPK_Unpack_ProcessOTAKeybox_Response(ODK_Message* msg, OPK_SharedBuffer_FinalizeUnpacking(); } } + +ODK_Message OPK_Pack_GetEmbeddedDrmCertificate_Request( + const uint8_t* public_cert, const size_t* public_cert_length) { + uint32_t api_value = 143; /* from _oecc143 */ + ODK_Message msg = TOS_Transport_GetRequest(); + OPK_Pack_uint32_t(&msg, &api_value); + uint64_t timestamp = time(0); + OPK_Pack_uint64_t(&msg, ×tamp); + OPK_PackNullable_size_t(&msg, public_cert_length); + OPK_PackAlloc(&msg, public_cert); + OPK_PackEOM(&msg); + OPK_SharedBuffer_FinalizePacking(); + return msg; +} + +void OPK_Unpack_GetEmbeddedDrmCertificate_Response( + ODK_Message* msg, OEMCryptoResult* result, uint8_t** public_cert, + size_t** public_cert_length) { + uint32_t api_value = UINT32_MAX; + OPK_Unpack_uint32_t(msg, &api_value); + if (api_value != 143) + ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR); + OPK_UnpackNullable_size_t(msg, public_cert_length); + OPK_Unpack_uint32_t(msg, result); + if (!Is_Valid_OEMCryptoResult(*result)) { + ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + } + if (SuccessResult(*result)) { + uint8_t* p; + OPK_UnpackInPlace(msg, &p, OPK_FromSizeTPtrPtr(public_cert_length)); + if (p && *public_cert) { + memcpy(*public_cert, p, OPK_SafeDerefSizeTPtrPtr(public_cert_length)); + } + } + OPK_UnpackEOM(msg); + + if (SuccessResult(*result)) { + OPK_SharedBuffer_FinalizeUnpacking(); + } +} diff --git a/oemcrypto/opk/serialization/ree/GEN_ree_serializer.h b/oemcrypto/opk/serialization/ree/GEN_ree_serializer.h index e76e432..f44c8f8 100644 --- a/oemcrypto/opk/serialization/ree/GEN_ree_serializer.h +++ b/oemcrypto/opk/serialization/ree/GEN_ree_serializer.h @@ -462,6 +462,12 @@ ODK_Message OPK_Pack_ProcessOTAKeybox_Request(OEMCrypto_SESSION session, uint32_t use_test_key); void OPK_Unpack_ProcessOTAKeybox_Response(ODK_Message* msg, OEMCryptoResult* result); +ODK_Message OPK_Pack_GetEmbeddedDrmCertificate_Request( + const uint8_t* public_cert, const size_t* public_cert_length); +void OPK_Unpack_GetEmbeddedDrmCertificate_Response(ODK_Message* msg, + OEMCryptoResult* result, + uint8_t** public_cert, + size_t** public_cert_length); #ifdef __cplusplus } // extern "C" #endif diff --git a/oemcrypto/opk/serialization/tee/GEN_dispatcher.c b/oemcrypto/opk/serialization/tee/GEN_dispatcher.c index 327d852..787fac8 100644 --- a/oemcrypto/opk/serialization/tee/GEN_dispatcher.c +++ b/oemcrypto/opk/serialization/tee/GEN_dispatcher.c @@ -83,7 +83,7 @@ void OPK_Init_OEMCrypto_KeyObject(OEMCrypto_KeyObject* obj) { void OPK_Init_OEMCrypto_InputOutputPair(OEMCrypto_InputOutputPair* obj) { OPK_Init_size_t((size_t*)&obj->input_data_length); - OEMCrypto_SharedMemory* input_data; + OEMCrypto_SharedMemory* input_data = NULL; input_data = (OEMCrypto_SharedMemory*)OPK_VarAlloc(obj->input_data_length); OPK_InitMemory((uint8_t*)input_data, obj->input_data_length); OPK_Init_OEMCrypto_DestBufferDesc( @@ -103,7 +103,7 @@ void OPK_Init_OEMCrypto_SampleDescription(OEMCrypto_SampleDescription* obj) { OPK_Init_size_t((size_t*)&obj->subsamples_length); OPK_Init_OEMCrypto_InputOutputPair((OEMCrypto_InputOutputPair*)&obj->buffers); OPK_InitMemory(&obj->iv[0], 16); - OEMCrypto_SubSampleDescription* subsamples; + OEMCrypto_SubSampleDescription* subsamples = NULL; subsamples = (OEMCrypto_SubSampleDescription*)OPK_VarAlloc( obj->subsamples_length * sizeof(OEMCrypto_SubSampleDescription)); if (subsamples) { @@ -1700,8 +1700,10 @@ ODK_MessageStatus OPK_DispatchMessage(ODK_Message* request, { OEMCrypto_SESSION session; OPK_Init_uint32_t((uint32_t*)&session); - OEMCrypto_DestBufferDesc* output_descriptor; - OPK_InitPointer((uint8_t**)&output_descriptor); + OEMCrypto_DestBufferDesc* output_descriptor = + (OEMCrypto_DestBufferDesc*)OPK_VarAlloc( + sizeof(OEMCrypto_DestBufferDesc)); + OPK_Init_OEMCrypto_DestBufferDesc(output_descriptor); int secure_fd; OPK_Init_int((int*)&secure_fd); OPK_Unpack_FreeSecureBuffer_Request(request, &session, &output_descriptor, @@ -1780,6 +1782,24 @@ ODK_MessageStatus OPK_DispatchMessage(ODK_Message* request, *response = OPK_Pack_ProcessOTAKeybox_Response(result); break; } + case 143: /* OEMCrypto_GetEmbeddedDrmCertificate */ + { + size_t* public_cert_length = (size_t*)OPK_VarAlloc(sizeof(size_t)); + OPK_Init_size_t(public_cert_length); + uint8_t* public_cert; + OPK_InitPointer((uint8_t**)&public_cert); + OPK_Unpack_GetEmbeddedDrmCertificate_Request(request, &public_cert, + &public_cert_length); + if (!ODK_Message_IsValid(request)) goto handle_invalid_request; + OEMCryptoResult result; + OPK_Init_uint32_t((uint32_t*)&result); + LOGD("GetEmbeddedDrmCertificate"); + result = + OEMCrypto_GetEmbeddedDrmCertificate(public_cert, public_cert_length); + *response = OPK_Pack_GetEmbeddedDrmCertificate_Response( + result, public_cert, public_cert_length); + break; + } default: return MESSAGE_STATUS_API_VALUE_ERROR; } diff --git a/oemcrypto/opk/serialization/tee/GEN_tee_serializer.c b/oemcrypto/opk/serialization/tee/GEN_tee_serializer.c index 2ba809c..87d9997 100644 --- a/oemcrypto/opk/serialization/tee/GEN_tee_serializer.c +++ b/oemcrypto/opk/serialization/tee/GEN_tee_serializer.c @@ -2539,8 +2539,7 @@ void OPK_Unpack_FreeSecureBuffer_Request( uint64_t timestamp; OPK_Unpack_uint64_t(msg, ×tamp); OPK_Unpack_uint32_t(msg, session); - *output_descriptor = (OEMCrypto_DestBufferDesc*)OPK_UnpackAlloc( - msg, sizeof(OEMCrypto_DestBufferDesc)); + OPK_UnpackNullable_OEMCrypto_DestBufferDesc(msg, output_descriptor); OPK_Unpack_int(msg, secure_fd); OPK_UnpackEOM(msg); OPK_SharedBuffer_FinalizeUnpacking(); @@ -2659,3 +2658,36 @@ ODK_Message OPK_Pack_ProcessOTAKeybox_Response(OEMCryptoResult result) { OPK_SharedBuffer_FinalizePacking(); return msg; } + +void OPK_Unpack_GetEmbeddedDrmCertificate_Request(ODK_Message* msg, + uint8_t** public_cert, + size_t** public_cert_length) { + uint32_t api_value = UINT32_MAX; + OPK_Unpack_uint32_t(msg, &api_value); + if (api_value != 143) + ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_API_VALUE_ERROR); + uint64_t timestamp; + OPK_Unpack_uint64_t(msg, ×tamp); + OPK_UnpackNullable_size_t(msg, public_cert_length); + *public_cert = (uint8_t*)OPK_UnpackAllocBuffer( + msg, OPK_FromSizeTPtrPtr(public_cert_length), sizeof(uint8_t)); + OPK_UnpackEOM(msg); + OPK_SharedBuffer_FinalizeUnpacking(); +} + +ODK_Message OPK_Pack_GetEmbeddedDrmCertificate_Response( + OEMCryptoResult result, const uint8_t* public_cert, + const size_t* public_cert_length) { + uint32_t api_value = 143; /* from _oecc143 */ + ODK_Message msg = TOS_Transport_GetResponse(); + OPK_Pack_uint32_t(&msg, &api_value); + OPK_PackNullable_size_t(&msg, public_cert_length); + OPK_Pack_uint32_t(&msg, &result); + if (SuccessResult(result)) { + OPK_PackMemory(&msg, (const uint8_t*)public_cert, + OPK_FromSizeTPtr(public_cert_length)); + } + OPK_PackEOM(&msg); + OPK_SharedBuffer_FinalizePacking(); + return msg; +} diff --git a/oemcrypto/opk/serialization/tee/GEN_tee_serializer.h b/oemcrypto/opk/serialization/tee/GEN_tee_serializer.h index 23ad177..83b81e1 100644 --- a/oemcrypto/opk/serialization/tee/GEN_tee_serializer.h +++ b/oemcrypto/opk/serialization/tee/GEN_tee_serializer.h @@ -443,6 +443,12 @@ void OPK_Unpack_ProcessOTAKeybox_Request(ODK_Message* msg, size_t* buffer_length, uint32_t* use_test_key); ODK_Message OPK_Pack_ProcessOTAKeybox_Response(OEMCryptoResult result); +void OPK_Unpack_GetEmbeddedDrmCertificate_Request(ODK_Message* msg, + uint8_t** public_cert, + size_t** public_cert_length); +ODK_Message OPK_Pack_GetEmbeddedDrmCertificate_Response( + OEMCryptoResult result, const uint8_t* public_cert, + const size_t* public_cert_length); #ifdef __cplusplus } // extern "C" #endif diff --git a/oemcrypto/test/GEN_api_lock_file.c b/oemcrypto/test/GEN_api_lock_file.c index 9305120..a60a6cf 100644 --- a/oemcrypto/test/GEN_api_lock_file.c +++ b/oemcrypto/test/GEN_api_lock_file.c @@ -369,3 +369,9 @@ OEMCryptoResult _oecc140(void); // OEMCrypto_FactoryInstallBCCSignature defined in v18.3 OEMCryptoResult _oecc142(const uint8_t* signature, size_t signature_length); + +// OEMCrypto_GetEmbeddedDrmCertificate defined in v18.5 +OEMCryptoResult _oecc143(uint8_t* public_cert, size_t* public_cert_length); + +// OEMCrypto_UseSecondaryKey defined in v18.5 +OEMCryptoResult _oecc144(OEMCrypto_SESSION session_id, bool dual_key); diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc b/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc index 50929b1..112f353 100644 --- a/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc +++ b/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc @@ -46,7 +46,6 @@ void SessionFuzz::Terminate() { void OEMCryptoLicenseAPIFuzz::Initialize() { session_fuzz_.Initialize(); session_fuzz_.InstallTestDrmKey(); - session_fuzz_.session().GenerateNonce(); } void OEMCryptoLicenseAPIFuzz::Terminate() { diff --git a/oemcrypto/test/oec_device_features.cpp b/oemcrypto/test/oec_device_features.cpp index cfb742b..77538c7 100644 --- a/oemcrypto/test/oec_device_features.cpp +++ b/oemcrypto/test/oec_device_features.cpp @@ -173,6 +173,7 @@ void DeviceFeatures::PickDerivedKey() { derive_key_method = TEST_PROVISION_30; return; case OEMCrypto_DrmCertificate: + case OEMCrypto_DrmReprovisioning: if (OEMCrypto_ERROR_NOT_IMPLEMENTED != OEMCrypto_LoadTestRSAKey()) { derive_key_method = LOAD_TEST_RSA_KEY; } @@ -259,6 +260,8 @@ const char* ProvisioningMethodName(OEMCrypto_ProvisioningMethod method) { return "OEMCrypto_OEMCertificate"; case OEMCrypto_BootCertificateChain: return "OEMCrypto_BootCertificateChain"; + case OEMCrypto_DrmReprovisioning: + return "OEMCrypto_DrmReprovisioning"; } // Not reachable return ""; diff --git a/oemcrypto/test/oec_session_util.cpp b/oemcrypto/test/oec_session_util.cpp index 99f1d64..783caa1 100644 --- a/oemcrypto/test/oec_session_util.cpp +++ b/oemcrypto/test/oec_session_util.cpp @@ -114,7 +114,6 @@ OEMCryptoResult DecryptCTR(const vector& key_handle, } // namespace - // Encrypt a block of data using CTR mode. void EncryptCTR(const vector& in_buffer, const uint8_t* key, const uint8_t* starting_iv, vector* out_buffer) { @@ -1137,8 +1136,8 @@ OEMCryptoResult LicenseRoundTrip::LoadResponse(Session* session, response_signature_.size()); if (verify_keys && result == OEMCrypto_SUCCESS) { // Give the session object a copy of the license truth data so that it can - // call SelectKey, use key control information, and so that it has key data - // to verify decrypt operations. + // call GetKeyHandle, use key control information, and so that it has key + // data to verify decrypt operations. session->set_license(response_data_); // Also, if the license has new mac keys, then install them now. if (core_response_.enc_mac_keys.length > 0) { @@ -1233,11 +1232,11 @@ void EntitledMessage::MakeOneKey(size_t entitlement_key_index) { offsets->content_key_data_iv = FindSubstring( key_data->content_key_data_iv, sizeof(key_data->content_key_data_iv)); - EXPECT_EQ(1, GetRandBytes(key_data->content_iv, - sizeof(key_data->content_iv))); + EXPECT_EQ(1, + GetRandBytes(key_data->content_iv, sizeof(key_data->content_iv))); key_data->content_iv_length = sizeof(key_data->content_iv); - offsets->content_iv = FindSubstring( - key_data->content_iv, key_data->content_iv_length); + offsets->content_iv = + FindSubstring(key_data->content_iv, key_data->content_iv_length); } OEMCrypto_EntitledContentKeyObject* EntitledMessage::entitled_key_array() { @@ -1381,13 +1380,15 @@ void EntitledMessage::LoadCasKeys(bool load_even, bool load_odd, even_key.content_key_data_iv = entitled_key_array_[0].content_key_data_iv; even_key.content_key_data = entitled_key_array_[0].content_key_data; even_key.content_iv = entitled_key_array_[0].content_iv; + even_key.cipher_mode = OEMCrypto_CipherMode_CBC; } if (has_odd) { odd_key.entitlement_key_id = entitled_key_array_[1].entitlement_key_id; odd_key.content_key_id = entitled_key_array_[1].content_key_id; odd_key.content_key_data_iv = entitled_key_array_[1].content_key_data_iv; odd_key.content_key_data = entitled_key_array_[1].content_key_data; - even_key.content_iv = entitled_key_array_[1].content_iv; + odd_key.content_iv = entitled_key_array_[1].content_iv; + odd_key.cipher_mode = OEMCrypto_CipherMode_CBC; } OEMCryptoResult sts = OEMCrypto_LoadCasECMKeys( @@ -1468,6 +1469,7 @@ void EntitledMessage::VerifyDecrypt() { void RenewalRoundTrip::VerifyRequestSignature( const vector& data, const vector& generated_signature, size_t core_message_length) { + (void)core_message_length; ASSERT_EQ(HMAC_SHA256_SIGNATURE_SIZE, generated_signature.size()); std::vector expected_signature; session()->key_deriver().ClientSignBuffer(data, &expected_signature); @@ -1774,7 +1776,7 @@ void Session::TestDecryptEntitled(OEMCryptoResult expected_result, // We only have a few errors that we test are reported. ASSERT_NO_FATAL_FAILURE( TestDecryptResult(expected_result, getkeyhandle_result, decrypt_result)) - << "Either SelectKey or DecryptCENC should return " << expected_result + << "Either GetKeyHandle or DecryptCENC should return" << expected_result << ", but they returned " << getkeyhandle_result << " and " << decrypt_result << ", respectively."; } diff --git a/oemcrypto/test/oec_session_util.h b/oemcrypto/test/oec_session_util.h index 0bf13b0..ec11dce 100644 --- a/oemcrypto/test/oec_session_util.h +++ b/oemcrypto/test/oec_session_util.h @@ -340,6 +340,7 @@ class Provisioning40RoundTrip void CreateDefaultResponse() override{}; void EncryptAndSignResponse() override{}; OEMCryptoResult LoadResponse(Session* session) override { + (void)session; return OEMCrypto_ERROR_NOT_IMPLEMENTED; } diff --git a/oemcrypto/test/oemcrypto_basic_test.cpp b/oemcrypto/test/oemcrypto_basic_test.cpp index c53a7a8..015a14b 100644 --- a/oemcrypto/test/oemcrypto_basic_test.cpp +++ b/oemcrypto/test/oemcrypto_basic_test.cpp @@ -156,7 +156,7 @@ TEST_F(OEMCryptoClientTest, FreeUnallocatedSecureBufferNoFailure) { */ TEST_F(OEMCryptoClientTest, VersionNumber) { const std::string log_message = - "OEMCrypto unit tests for API 18.4. Tests last updated 2023-08-07"; + "OEMCrypto unit tests for API 18.5. Tests last updated 2024-03-21"; cout << " " << log_message << "\n"; cout << " " << "These tests are part of Android U." @@ -165,7 +165,7 @@ TEST_F(OEMCryptoClientTest, VersionNumber) { // If any of the following fail, then it is time to update the log message // above. EXPECT_EQ(ODK_MAJOR_VERSION, 18); - EXPECT_EQ(ODK_MINOR_VERSION, 4); + EXPECT_EQ(ODK_MINOR_VERSION, 5); EXPECT_EQ(kCurrentAPI, static_cast(ODK_MAJOR_VERSION)); OEMCrypto_Security_Level level = OEMCrypto_SecurityLevel(); EXPECT_GT(level, OEMCrypto_Level_Unknown); diff --git a/oemcrypto/test/oemcrypto_cast_test.cpp b/oemcrypto/test/oemcrypto_cast_test.cpp index d3c38d4..9173025 100644 --- a/oemcrypto/test/oemcrypto_cast_test.cpp +++ b/oemcrypto/test/oemcrypto_cast_test.cpp @@ -81,7 +81,10 @@ TEST_F(OEMCryptoLoadsCertificateAlternates, ForbidPrepAndSign) { OEMCryptoResult result = OEMCrypto_PrepAndSignLicenseRequest( s.session_id(), message.data(), message.size(), &core_message_length, signature.data(), &signature_length); - ASSERT_EQ(OEMCrypto_ERROR_INVALID_KEY, result); + // TODO: remove OEMCrypto_ERROR_INVALID_RSA_KEY once OEMCrypto v16 is not + // supported anymore. This error code has been deprecated since v17. + ASSERT_TRUE(result == OEMCrypto_ERROR_INVALID_KEY || + result == OEMCrypto_ERROR_INVALID_RSA_KEY); const vector zero(signature.size(), 0); ASSERT_EQ(signature, zero); // Signature should not have been computed. } diff --git a/oemcrypto/test/oemcrypto_cast_test.h b/oemcrypto/test/oemcrypto_cast_test.h index c812ebe..283df69 100644 --- a/oemcrypto/test/oemcrypto_cast_test.h +++ b/oemcrypto/test/oemcrypto_cast_test.h @@ -76,6 +76,9 @@ class OEMCryptoLoadsCertificateAlternates : public OEMCryptoLoadsCertificate { // If force is true, we assert that the key loads successfully. void LoadCastCertificateKey(bool force) { + if (!wvoec::global_features.cast_receiver) { + GTEST_SKIP() << "Cast not supported"; + } // Padding scheme used to sign cast data. constexpr uint32_t schemes = kSign_PKCS1_Block1; // prov 2 or prov 3 diff --git a/oemcrypto/test/oemcrypto_corpus_generator_helper.cpp b/oemcrypto/test/oemcrypto_corpus_generator_helper.cpp index 31b9bb5..6b603dc 100644 --- a/oemcrypto/test/oemcrypto_corpus_generator_helper.cpp +++ b/oemcrypto/test/oemcrypto_corpus_generator_helper.cpp @@ -1,12 +1,14 @@ /* Copyright 2020 Google LLC. All rights reserved. This file and proprietary */ /* source code may only be used and distributed under the Widevine */ /* License Agreement. */ + #include "oemcrypto_corpus_generator_helper.h" #include #include namespace wvoec { + bool g_generate_corpus; void AppendToFile(const std::string& file_name, const char* message, @@ -32,7 +34,7 @@ void AppendSeparator(const std::string& file_name) { std::string GetFileName(const char* directory) { std::string file_name(PATH_TO_CORPUS); file_name += directory; - file_name += "/"; + file_name += '/'; file_name += std::to_string(rand()); return file_name; } @@ -40,5 +42,7 @@ std::string GetFileName(const char* directory) { void SetGenerateCorpus(bool should_generate_corpus) { g_generate_corpus = should_generate_corpus; } + bool ShouldGenerateCorpus() { return g_generate_corpus; } + } // namespace wvoec diff --git a/oemcrypto/test/oemcrypto_corpus_generator_helper.h b/oemcrypto/test/oemcrypto_corpus_generator_helper.h index e3a73b4..005dade 100644 --- a/oemcrypto/test/oemcrypto_corpus_generator_helper.h +++ b/oemcrypto/test/oemcrypto_corpus_generator_helper.h @@ -1,16 +1,18 @@ /* Copyright 2020 Google LLC. All rights reserved. This file and proprietary */ /* source code may only be used and distributed under the Widevine */ /* License Agreement. */ + #ifndef CDM_OEMCRYPTO_CORPUS_GENERATOR_HELPER_H_ #define CDM_OEMCRYPTO_CORPUS_GENERATOR_HELPER_H_ #define PATH_TO_CORPUS "./oemcrypto/test/fuzz_tests/corpus/" -#include +#include #include #include namespace wvoec { + const uint8_t kFuzzDataSeparator[] = {'-', '_', '^', '_'}; void AppendToFile(const std::string& file_name, const char* message, @@ -22,9 +24,11 @@ void AppendSeparator(const std::string& file_name); std::string GetFileName(const char* directory); void SetGenerateCorpus(bool should_generate_corpus); + // Output of this function decides if binary data needs to be written // to corpus files or not. Controlled by --generate_corpus flag. bool ShouldGenerateCorpus(); + } // namespace wvoec #endif // CDM_OEMCRYPTO_CORPUS_GENERATOR_HELPER_H_ diff --git a/oemcrypto/test/oemcrypto_decrypt_test.cpp b/oemcrypto/test/oemcrypto_decrypt_test.cpp index 10c3254..a61c893 100644 --- a/oemcrypto/test/oemcrypto_decrypt_test.cpp +++ b/oemcrypto/test/oemcrypto_decrypt_test.cpp @@ -49,10 +49,9 @@ TEST_P(OEMCryptoLicenseTest, FailDecryptWithOldKeyHandle) { session_.TestDecryptCTR(false, OEMCrypto_ERROR_UNKNOWN_FAILURE)); } -// SelectKey should fail if we attempt to select a key that has not been loaded. -// Also, the error should be NO_CONTENT_KEY. -// This test should pass for v15 devices, except that the exact error code was -// not specified until v16. +// GetKeyHandle should fail if we attempt to select a key that has not been +// loaded. Also, the error should be NO_CONTENT_KEY. This test should pass for +// v15 devices, except that the exact error code was not specified until v16. TEST_P(OEMCryptoLicenseTest, SelectKeyNotThereAPI16) { ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest()); ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse()); @@ -694,4 +693,4 @@ TEST_P(OEMCryptoLicenseTest, KeyDuration) { INSTANTIATE_TEST_SUITE_P(TestAll, OEMCryptoLicenseTest, Range(kCurrentAPI - 2, kCurrentAPI + 1)); -} // namespace wvoec \ No newline at end of file +} // namespace wvoec diff --git a/oemcrypto/test/oemcrypto_license_test.cpp b/oemcrypto/test/oemcrypto_license_test.cpp index 1f47fd3..93065b2 100644 --- a/oemcrypto/test/oemcrypto_license_test.cpp +++ b/oemcrypto/test/oemcrypto_license_test.cpp @@ -871,7 +871,7 @@ TEST_P(OEMCryptoRefreshTest, RefreshLargeBuffer) { } // This situation would occur if an app only uses one key in the license. When -// that happens, SelectKey would be called before the first decrypt, and then +// that happens, GetKeyHandle would be called before the first decrypt, and then // would not need to be called again, even if the license is refreshed. TEST_P(OEMCryptoRefreshTest, RefreshWithNoSelectKey) { LoadLicense(); diff --git a/oemcrypto/test/oemcrypto_security_test.cpp b/oemcrypto/test/oemcrypto_security_test.cpp index 48cd73b..72390ee 100644 --- a/oemcrypto/test/oemcrypto_security_test.cpp +++ b/oemcrypto/test/oemcrypto_security_test.cpp @@ -39,6 +39,8 @@ namespace wvoec { /// @addtogroup security /// @{ +/** Test that OEMCrypto_FreeSecureBuffer fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryAllocateSecureBufferForHugeBufferSize) { Session s; @@ -57,6 +59,8 @@ TEST_F(OEMCryptoClientTest, s.close(); } +/** Test that OEMCrypto_WrapKeyboxOrOEMCert fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryWrapKeyboxOrOEMCertForHugeKeyboxLength) { auto oemcrypto_function = [](size_t keybox_length) { @@ -74,6 +78,8 @@ TEST_F(OEMCryptoClientTest, kHugeInputBufferLength, kCheckStatus); } +/** Test that OEMCrypto_WrapKeyboxOrOEMCert fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryWrapKeyboxOrOEMCertForHugeWrappedKeyboxLength) { auto oemcrypto_function = [](size_t buffer_length) { @@ -91,6 +97,8 @@ TEST_F(OEMCryptoClientTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** Test that OEMCrypto_WrapKeyboxOrOEMCert fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryWrapKeyboxOrOEMCertForHugeTransportKey) { auto oemcrypto_function = [](size_t transport_key_length) { @@ -105,6 +113,8 @@ TEST_F(OEMCryptoClientTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that OEMCrypto_WrapKeyboxOrOEMCert fails gracefully on a huge buffer. + */ TEST_F( OEMCryptoClientTest, OEMCryptoMemoryWrapKeyboxOrOEMCertForHugeKeyboxLengthStartingFromLength1) { @@ -124,7 +134,8 @@ TEST_F( TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } -// Test that set sandbox doesn't crash for a large sandbox id leangth. +/** Test that OEMCrypto_SetSandbox fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemorySetSandboxForHugeSandboxIdLength) { auto oemcrypto_function = [](size_t buffer_length) { vector buffer(buffer_length); @@ -133,6 +144,8 @@ TEST_F(OEMCryptoClientTest, OEMCryptoMemorySetSandboxForHugeSandboxIdLength) { TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** Test that OEMCrypto_CopyBuffer fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryCopyBufferForHugeBufferLengths) { Session s; ASSERT_NO_FATAL_FAILURE(s.open()); @@ -163,6 +176,9 @@ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryCopyBufferForHugeBufferLengths) { TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_CopyBuffer fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryCopyBufferDirectForHugeBufferLengths) { Session s; @@ -184,6 +200,9 @@ TEST_F(OEMCryptoClientTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_CopyBuffer fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryCopyBufferForOutOfRangeOffset) { Session s; ASSERT_NO_FATAL_FAILURE(s.open()); @@ -245,6 +264,9 @@ TEST_F(OEMCryptoKeyboxTest, } #endif +/** @ingroup security + * Test that OEMCrypto_LoadTestKeybox fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryLoadTestKeyBoxForHugeKeyboxBuffer) { auto f = [](size_t keybox_length) { vector keybox(keybox_length); @@ -257,6 +279,9 @@ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryLoadTestKeyBoxForHugeKeyboxBuffer) { kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_LoadTestKeybox fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryLoadTestKeyBoxForHugeKeyboxBufferStartingFromLength1) { auto f = [](size_t keybox_length) { @@ -268,6 +293,8 @@ TEST_F(OEMCryptoKeyboxTest, TestHugeLengthDoesNotCrashAPI(f, !kCheckStatus); } +/** Test that OEMCrypto_GetDeviceID fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryGetDeviceIdForHugeIdLength) { auto oemcrypto_function = [](size_t input_length) { size_t device_id_length = input_length; @@ -277,6 +304,8 @@ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryGetDeviceIdForHugeIdLength) { TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that OEMCrypto_GetKeyData fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryGetKeyIdForHugeIdLength) { auto oemcrypto_function = [](size_t input_length) { size_t key_data_length = input_length; @@ -286,6 +315,8 @@ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryGetKeyIdForHugeIdLength) { TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** Test that OEMCrypto_GenerateDerivedKeys fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryGenerateDerivedKeysForHugeMacContextLength) { Session s; @@ -304,6 +335,8 @@ TEST_F(OEMCryptoKeyboxTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that OEMCrypto_GenerateDerivedKeys fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryGenerateDerivedKeysForHugeEncContextLength) { Session s; @@ -322,6 +355,9 @@ TEST_F(OEMCryptoKeyboxTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that OEMCrypto_GetOEMPublicCertificate fails gracefully on a huge + * buffer. + */ TEST_F(OEMCryptoProv30Test, OEMCryptoMemoryGetOEMPublicCertForHugeCertLength) { if (wrapped_rsa_key_.size() == 0) { // If we don't have a wrapped key yet, create one. @@ -343,6 +379,9 @@ TEST_F(OEMCryptoProv30Test, OEMCryptoMemoryGetOEMPublicCertForHugeCertLength) { TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that OEMCrypto_CreateUsageTableHeader fails gracefully on a huge + * buffer. + */ TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryCreateUsageTableHeaderForHugeHeaderBufferLength) { auto oemcrypto_function = [](size_t buffer_length) { @@ -354,6 +393,9 @@ TEST_F(OEMCryptoSessionTests, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that OEMCrypto_PrepAndSignRenewalRequest fails gracefully on a huge + * buffer. + */ TEST_F(OEMCryptoMemoryLicenseTest, OEMCryptoMemoryPrepareRenewalRequestForHugeBufferLength) { RenewalRoundTrip renewal_messages(&license_messages_); @@ -364,6 +406,9 @@ TEST_F(OEMCryptoMemoryLicenseTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that OEMCrypto_PrepAndSignRenewalRequest fails gracefully on a huge + * buffer. + */ TEST_F(OEMCryptoMemoryLicenseTest, OEMCryptoMemoryPrepareRenewalRequestForHugeSignatureLength) { RenewalRoundTrip renewal_messages(&license_messages_); @@ -374,6 +419,9 @@ TEST_F(OEMCryptoMemoryLicenseTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that OEMCrypto_PrepAndSignRenewalRequest fails gracefully on a huge + * buffer. + */ TEST_F(OEMCryptoMemoryLicenseTest, OEMCryptoMemoryPrepareRenewalRequestForHugeCoreMessageLength) { RenewalRoundTrip renewal_messages(&license_messages_); @@ -384,8 +432,9 @@ TEST_F(OEMCryptoMemoryLicenseTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } -// This verifies that entitled content keys API does not crash for unreasonable -// input message buffer lengths. +/** Test that loading entitled content keys fails gracefully on a huge + * buffer. + */ TEST_F(OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForHugeBufferLength) { auto oemcrypto_function = [&](size_t buffer_length) { @@ -402,6 +451,8 @@ TEST_F(OEMCryptoMemoryLicenseTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** Test that OEMCrypto_LoadLicense fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryLoadLicenseForHugeSignatureLength) { auto oemcrypto_function = [&](size_t signature_size) { @@ -424,6 +475,8 @@ TEST_F(OEMCryptoSessionTests, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** Test that OEMCrypto_LoadRenewal fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryLoadRenewalForHugeResponseLength) { auto oemcrypto_function = [&](size_t message_size) { Session s; @@ -443,6 +496,8 @@ TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryLoadRenewalForHugeResponseLength) { TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that OEMCrypto_LoadRenewal fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryLoadRenewalForHugeSignatureLength) { auto oemcrypto_function = [&](size_t signature_size) { @@ -467,6 +522,8 @@ TEST_F(OEMCryptoSessionTests, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** Test that OEMCrypto_QueryKeyControl fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryLoadRenewalForHugeCoreMessageLength) { auto oemcrypto_function = [&](size_t core_message_size) { @@ -487,7 +544,8 @@ TEST_F(OEMCryptoSessionTests, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } -// Test OEMCrypto_QueryKeyControl doesn't crash for huge key_id_length. +/** Test that OEMCrypto_QueryKeyControl fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryQueryKeyControlForHugeKeyIdLength) { Session session; @@ -512,8 +570,9 @@ TEST_F(OEMCryptoSessionTests, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } -// Test OEMCrypto_QueryKeyControl doesn't crash for huge key_control_block -// length. +/** Test OEMCrypto_QueryKeyControl doesn't crash for huge key_control_block + * length. + */ TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryQueryKeyControlForHugeKeyControlBlockLength) { Session session; @@ -534,8 +593,9 @@ TEST_F(OEMCryptoSessionTests, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } -// This test verifies that OEMCrypto_SetDecryptHash doesn't crash for a very -// large hash buffer. +/** This test verifies that OEMCrypto_SetDecryptHash doesn't crash for a very + large hash buffer. +*/ TEST_F(OEMCryptoMemoryLicenseTest, OEMCryptoMemoryDecryptHashForHugeHashBuffer) { uint32_t session_id = session_.session_id(); @@ -548,6 +608,7 @@ TEST_F(OEMCryptoMemoryLicenseTest, TestHugeLengthDoesNotCrashAPI(f, kCheckStatus); } +/** Test Decrypt fails gracefully for huge input. */ TEST_P(OEMCryptoSessionTestsDecryptTests, OEMCryptoMemoryDecryptCENCForHugeNumberOfSubSamples) { auto oemcrypto_function = [&](size_t number_of_subsamples) { @@ -575,6 +636,7 @@ TEST_P(OEMCryptoSessionTestsDecryptTests, MakeBuffers(); } +/** Test Decrypt fails gracefully for huge input. */ TEST_P(OEMCryptoSessionTestsDecryptTests, OEMCryptoMemoryDecryptCENCForHugeNumberOfSamples) { auto oemcrypto_function = [&](size_t number_of_samples) { @@ -604,6 +666,8 @@ TEST_P(OEMCryptoSessionTestsDecryptTests, MakeBuffers(); } +/** Test that OEMCrypto_LoadProvisioning fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadProvisioningForHugeSignatureLength) { // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for @@ -642,6 +706,8 @@ TEST_F(OEMCryptoLoadsCertificate, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** Test that OEMCrypto_LoadProvisioning fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadProvisioningForHugeWrappedRsaKeyLength) { // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for @@ -673,6 +739,8 @@ TEST_F(OEMCryptoLoadsCertificate, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that OEMCrypto_LoadDRMPrivateKey fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadDrmPrivateKeyForHugeWrappedRsaKeyLength) { // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for @@ -700,6 +768,8 @@ TEST_F(OEMCryptoLoadsCertificate, kHugeInputBufferLength, !kCheckStatus); } +/** Test that OEMCrypto_LoadDRMPrivateKey fails gracefully on a huge buffer. + */ TEST_F( OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadDrmPrivateKeyForHugeWrappedRsaKeyLengthStartingFromLength1) { @@ -726,6 +796,8 @@ TEST_F( TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** Test that OEMCrypto_LoadDRMPrivateKey fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoUsesCertificate, OEMCryptoMemoryDeriveKeysFromSessionKeyForHugeMacContext) { vector session_key; @@ -746,6 +818,8 @@ TEST_F(OEMCryptoUsesCertificate, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that OEMCrypto_DeriveKeysFromSessionKey fails gracefully on a huge + * buffer. */ TEST_F(OEMCryptoUsesCertificate, OEMCryptoMemoryDeriveKeysFromSessionKeyForHugeEncContext) { vector session_key; @@ -766,6 +840,8 @@ TEST_F(OEMCryptoUsesCertificate, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that OEMCrypto_DeriveKeysFromSessionKey fails gracefully on a huge + * buffer. */ TEST_F(OEMCryptoUsesCertificate, OEMCryptoMemoryDeriveKeysFromSessionKeyForHugeEncSessionKey) { vector session_key; @@ -787,6 +863,8 @@ TEST_F(OEMCryptoUsesCertificate, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** Test that OEMCrypto_GenerateRSASignature fails gracefully on a huge + * buffer. */ TEST_F(OEMCryptoLoadsCertificateAlternates, OEMCryptoMemoryGenerateRSASignatureForHugeBuffer) { // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for @@ -828,6 +906,8 @@ TEST_F(OEMCryptoLoadsCertificateAlternates, } } +/** Test that OEMCrypto_GenerateRSASignature fails gracefully on a huge + * buffer. */ TEST_F(OEMCryptoLoadsCertificateAlternates, OEMCryptoMemoryGenerateRSASignatureForHugeSignatureLength) { // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for @@ -860,6 +940,7 @@ TEST_F(OEMCryptoLoadsCertificateAlternates, } } +/** Test that GetKeyHandle fails gracefully on a huge buffer. */ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemorySelectKeyForHugeKeyIdLength) { EncryptAndLoadKeys(); OEMCrypto_SESSION session_id = session_.session_id(); @@ -872,6 +953,7 @@ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemorySelectKeyForHugeKeyIdLength) { TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** Test that API fails gracefully on a huge buffer. */ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemoryGenericKeyEncryptForHugeBuffer) { EncryptAndLoadKeys(); @@ -896,6 +978,7 @@ TEST_P(OEMCryptoGenericCryptoTest, kCheckStatus); } +/** Test that API fails gracefully on a huge buffer. */ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemoryGenericKeyDecryptForHugeBuffer) { EncryptAndLoadKeys(); @@ -921,6 +1004,7 @@ TEST_P(OEMCryptoGenericCryptoTest, kCheckStatus); } +/** Test that API fails gracefully on a huge buffer. */ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemoryGenericKeySignForHugeBuffer) { EncryptAndLoadKeys(); unsigned int key_index = 2; @@ -945,6 +1029,7 @@ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemoryGenericKeySignForHugeBuffer) { TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that API fails gracefully on a huge buffer. */ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemoryGenericKeySignForHugeSignatureLength) { EncryptAndLoadKeys(); @@ -971,6 +1056,7 @@ TEST_P(OEMCryptoGenericCryptoTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that API fails gracefully on a huge buffer. */ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemoryGenericKeyVerifyForHugeBuffer) { EncryptAndLoadKeys(); @@ -993,6 +1079,7 @@ TEST_P(OEMCryptoGenericCryptoTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that API fails gracefully on a huge buffer. */ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemoryGenericKeyVerifyForHugeSignatureLength) { EncryptAndLoadKeys(); @@ -1019,6 +1106,7 @@ TEST_P(OEMCryptoGenericCryptoTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that API fails gracefully on a huge buffer. */ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryUpdateUsageEntryForHugeHeaderBuffer) { if (!wvoec::global_features.usage_table) { @@ -1049,6 +1137,7 @@ TEST_P(OEMCryptoUsageTableTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that API fails gracefully on a huge buffer. */ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryUpdateUsageEntryForHugeUsageEntryBuffer) { if (!wvoec::global_features.usage_table) { @@ -1076,6 +1165,7 @@ TEST_P(OEMCryptoUsageTableTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that API fails gracefully on a huge buffer. */ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryDeactivateUsageEntryForHugePstBuffer) { if (!wvoec::global_features.usage_table) { @@ -1098,6 +1188,7 @@ TEST_P(OEMCryptoUsageTableTest, kCheckStatus); } +/** Test that API fails gracefully on a huge buffer. */ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryLoadUsageTableHeaderForHugeHeader) { if (!wvoec::global_features.usage_table) { @@ -1124,6 +1215,7 @@ TEST_P(OEMCryptoUsageTableTest, kHugeInputBufferLength, !kCheckStatus); } +/** Test that API fails gracefully on a huge buffer. */ TEST_P( OEMCryptoUsageTableTest, OEMCryptoMemoryLoadUsageTableHeaderForHugeHeaderStartingHeaderLengthFrom1) { @@ -1144,6 +1236,7 @@ TEST_P( TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** Test that API fails gracefully on a huge buffer. */ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryLoadUsageEntryForHugeUsageEntryBuffer) { if (!wvoec::global_features.usage_table) { @@ -1175,6 +1268,7 @@ TEST_P(OEMCryptoUsageTableTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** Test that API fails gracefully on a huge buffer. */ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryReportUsageForHugeReportBuffer) { if (!wvoec::global_features.usage_table) { GTEST_SKIP() << "Usage tables are not supported."; @@ -1204,6 +1298,7 @@ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryReportUsageForHugeReportBuffer) { TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** Test that API fails gracefully on a huge buffer. */ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryReportUsageForHugePstBuffer) { if (!wvoec::global_features.usage_table) { GTEST_SKIP() << "Usage tables are not supported."; @@ -1226,6 +1321,7 @@ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryReportUsageForHugePstBuffer) { TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** Test that API fails gracefully on a huge buffer. */ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryShrinkUsageTableHeaderForHugeHeaderBufferLength) { if (!wvoec::global_features.usage_table) { diff --git a/oemcrypto/test/oemcrypto_test.cpp b/oemcrypto/test/oemcrypto_test.cpp index 626fe2d..1b6d5b4 100644 --- a/oemcrypto/test/oemcrypto_test.cpp +++ b/oemcrypto/test/oemcrypto_test.cpp @@ -43,6 +43,11 @@ * * @defgroup security Security Tests * Buffer overflow tests, off-by-one tests, and other security tests. + * + * The way the huge buffer tests work is to create a large buffer and then call + * the API. The test then loops and doubles the buffer until the API returns an + * error. An error is considered a passing test. We expect OEMCrypto to fail + * gracefully on a huge buffer rather than crashing. */ #include @@ -488,6 +493,7 @@ INSTANTIATE_TEST_SUITE_P(TestAll, OEMCryptoEntitlementLicenseTest, /// @addtogroup security /// @{ +/** Test that LoadEntitledContentKeys fails gracefully on huge buffer. */ TEST_F(OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForHugeSubstringContentKeyIdLength) { TestLoadEntitledKeysForHugeBufferLengths( @@ -498,6 +504,7 @@ TEST_F(OEMCryptoMemoryLicenseTest, !kCheckStatus); } +/** Test that LoadEntitledContentKeys fails gracefully on huge buffer. */ TEST_F(OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForHugeSubstringContentKeyIdOffset) { TestLoadEntitledKeysForHugeBufferLengths( @@ -508,6 +515,7 @@ TEST_F(OEMCryptoMemoryLicenseTest, !kCheckStatus); } +/** Test that LoadEntitledContentKeys fails gracefully on huge buffer. */ TEST_F( OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForOutOfRangeSubstringContentKeyIdLength) { @@ -518,6 +526,7 @@ TEST_F( ASSERT_NE(OEMCrypto_SUCCESS, entitled_message_.LoadKeys()); } +/** Test LoadEntitledContentKeys rejects out of range substring. */ TEST_F( OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForOutOfRangeSubstringContentKeyIdOffset) { @@ -528,6 +537,7 @@ TEST_F( ASSERT_NE(OEMCrypto_SUCCESS, entitled_message_.LoadKeys()); } +/** Test that LoadEntitledContentKeys fails gracefully on huge substring. */ TEST_F(OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForHugeSubstringEntitlementKeyIdLength) { TestLoadEntitledKeysForHugeBufferLengths( @@ -538,6 +548,7 @@ TEST_F(OEMCryptoMemoryLicenseTest, !kCheckStatus); } +/** Test LoadEntitledContentKeys rejects out of range substring. */ TEST_F(OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForHugeSubstringEntitlementKeyIdOffset) { TestLoadEntitledKeysForHugeBufferLengths( @@ -548,6 +559,7 @@ TEST_F(OEMCryptoMemoryLicenseTest, !kCheckStatus); } +/** Test LoadEntitledContentKeys rejects out of range substring. */ TEST_F( OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForOutOfRangeSubstringEntitlementKeyIdLength) { @@ -558,6 +570,7 @@ TEST_F( ASSERT_NE(OEMCrypto_SUCCESS, entitled_message_.LoadKeys()); } +/** Test LoadEntitledContentKeys rejects out of range substring. */ TEST_F( OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForOutOfRangeSubstringEntitlementKeyIdOffset) { @@ -568,6 +581,7 @@ TEST_F( ASSERT_NE(OEMCrypto_SUCCESS, entitled_message_.LoadKeys()); } +/** Test LoadEntitledContentKeys rejects out of range substring. */ TEST_F(OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForHugeSubstringContentKeyDataIvLength) { TestLoadEntitledKeysForHugeBufferLengths( @@ -578,6 +592,7 @@ TEST_F(OEMCryptoMemoryLicenseTest, !kCheckStatus); } +/** Test LoadEntitledContentKeys rejects out of range substring. */ TEST_F(OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForHugeSubstringContentKeyDataIvOffset) { TestLoadEntitledKeysForHugeBufferLengths( @@ -588,6 +603,7 @@ TEST_F(OEMCryptoMemoryLicenseTest, !kCheckStatus); } +/** Test LoadEntitledContentKeys rejects out of range substring. */ TEST_F( OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForOutOfRangeSubstringContentKeyDataIvLength) { @@ -598,6 +614,7 @@ TEST_F( ASSERT_NE(OEMCrypto_SUCCESS, entitled_message_.LoadKeys()); } +/** Test LoadEntitledContentKeys rejects out of range substring. */ TEST_F( OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForOutOfRangeSubstringContentKeyDataIvOffset) { @@ -608,6 +625,7 @@ TEST_F( ASSERT_NE(OEMCrypto_SUCCESS, entitled_message_.LoadKeys()); } +/** Test LoadEntitledContentKeys rejects out of range substring. */ TEST_F(OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForHugeSubstringContentKeyDataLength) { TestLoadEntitledKeysForHugeBufferLengths( @@ -618,6 +636,7 @@ TEST_F(OEMCryptoMemoryLicenseTest, !kCheckStatus); } +/** Test LoadEntitledContentKeys rejects out of range substring. */ TEST_F(OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForHugeSubstringContentKeyDataOffset) { TestLoadEntitledKeysForHugeBufferLengths( @@ -628,6 +647,7 @@ TEST_F(OEMCryptoMemoryLicenseTest, !kCheckStatus); } +/** Test LoadEntitledContentKeys rejects out of range substring. */ TEST_F( OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForOutOfRangeSubstringContentKeyDataLength) { @@ -638,6 +658,7 @@ TEST_F( ASSERT_NE(OEMCrypto_SUCCESS, entitled_message_.LoadKeys()); } +/** Test LoadEntitledContentKeys rejects out of range substring. */ TEST_F( OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForOutOfRangeSubstringContentKeyDataOffset) { @@ -648,6 +669,7 @@ TEST_F( ASSERT_NE(OEMCrypto_SUCCESS, entitled_message_.LoadKeys()); } +/** Test LoadEntitledContentKeys rejects out of range substring. */ TEST_F(OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForHugeEntitlementKeyIdLength) { TestLoadEntitledKeysForHugeBufferLengths( @@ -658,6 +680,7 @@ TEST_F(OEMCryptoMemoryLicenseTest, !kCheckStatus); } +/** Test LoadEntitledContentKeys rejects out of range substring. */ TEST_F(OEMCryptoMemoryLicenseTest, OEMCryptoMemoryLoadEntitledKeysForHugeContentKeyIdLength) { TestLoadEntitledKeysForHugeBufferLengths( @@ -1025,6 +1048,7 @@ TEST_P(OEMCryptoEntitlementLicenseTest, ReassociateEntitledKeySessionAPI17) { /// @addtogroup security /// @{ +/** Test that LoadLicense fails gracefully on huge buffer. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyIdLength) { TestLoadLicenseForHugeBufferLengths( @@ -1035,6 +1059,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyIdOffset) { TestLoadLicenseForHugeBufferLengths( @@ -1044,6 +1069,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyIdLength) { TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths( @@ -1053,6 +1079,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyIdOffset) { TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths( @@ -1062,6 +1089,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyDataIvLength) { TestLoadLicenseForHugeBufferLengths( @@ -1072,6 +1100,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyDataIvOffset) { TestLoadLicenseForHugeBufferLengths( @@ -1082,6 +1111,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyDataIvLength) { @@ -1093,6 +1123,7 @@ TEST_P( }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyDataIvOffset) { @@ -1104,6 +1135,7 @@ TEST_P( }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyDataLength) { TestLoadLicenseForHugeBufferLengths( @@ -1114,6 +1146,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyDataOffset) { TestLoadLicenseForHugeBufferLengths( @@ -1123,6 +1156,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyDataLength) { @@ -1134,6 +1168,7 @@ TEST_P( }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyDataOffset) { @@ -1145,6 +1180,7 @@ TEST_P( }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyControlIvLength) { @@ -1156,6 +1192,7 @@ TEST_P( !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyControlIvOffset) { @@ -1167,6 +1204,7 @@ TEST_P( !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyControlIvLengthAPI16) { @@ -1179,6 +1217,7 @@ TEST_P( }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyControlIvOffset) { @@ -1191,6 +1230,7 @@ TEST_P( }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyControlLength) { TestLoadLicenseForHugeBufferLengths( @@ -1201,6 +1241,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyControlOffset) { TestLoadLicenseForHugeBufferLengths( @@ -1211,6 +1252,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyControlLengthAPI16) { @@ -1222,6 +1264,7 @@ TEST_P( }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyControlOffset) { @@ -1233,6 +1276,7 @@ TEST_P( }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringEncMacKeyIvLength) { TestLoadLicenseForHugeBufferLengths( @@ -1242,6 +1286,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringEncMacKeyIvOffset) { TestLoadLicenseForHugeBufferLengths( @@ -1251,6 +1296,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringEncMacKeyIvLength) { @@ -1263,6 +1309,7 @@ TEST_P( }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringEncMacKeyIvOffset) { @@ -1275,6 +1322,7 @@ TEST_P( }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringEncMacKeyLength) { TestLoadLicenseForHugeBufferLengths( @@ -1284,6 +1332,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringEncMacKeyOffset) { TestLoadLicenseForHugeBufferLengths( @@ -1293,6 +1342,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringEncMacKeyLength) { @@ -1303,6 +1353,7 @@ TEST_P( }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringEncMacKeyOffset) { @@ -1313,6 +1364,7 @@ TEST_P( }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringPstLength) { TestLoadLicenseForHugeBufferLengths( @@ -1322,6 +1374,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringPstOffset) { TestLoadLicenseForHugeBufferLengths( @@ -1331,6 +1384,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringPstLength) { TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths( @@ -1340,6 +1394,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringPstOffset) { TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths( @@ -1350,6 +1405,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringSrmRestrictionDataLength) { @@ -1360,6 +1416,7 @@ TEST_P( !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringSrmRestrictionDataOffset) { @@ -1370,6 +1427,7 @@ TEST_P( !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringSrmRestrictionDataLength) { @@ -1382,6 +1440,7 @@ TEST_P( }); } +/** Test that LoadLicense fails gracefully on out of range substring. */ TEST_P( OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringSrmRestrictionDataOffset) { @@ -1394,6 +1453,7 @@ TEST_P( }); } +/** Test that LoadLicense fails gracefully on huge buffer. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeResponseLength) { TestLoadLicenseForHugeBufferLengths( @@ -1403,6 +1463,7 @@ TEST_P(OEMCryptoLicenseOverflowTest, !kCheckStatus, !kUpdateCoreMessageSubstringValues); } +/** Test that LoadLicense fails gracefully on huge buffer. */ TEST_P(OEMCryptoLicenseOverflowTest, OEMCryptoMemoryLoadLicenseForHugeCoreMessageLength) { TestLoadLicenseForHugeBufferLengths( @@ -1425,6 +1486,7 @@ INSTANTIATE_TEST_SUITE_P(TestAll, OEMCryptoLicenseOverflowTest, /// @addtogroup security /// @{ +/** Test that LoadProvisioning fails gracefully on huge buffer. */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadProvisioningForHugeResponseLength) { // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for @@ -1440,6 +1502,7 @@ TEST_F(OEMCryptoLoadsCertificate, !kCheckStatus, !kUpdateCoreMessageSubstringValues); } +/** Test that LoadProvisioning fails gracefully on huge buffer. */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadProvisioningForHugeCoreMessageLength) { // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for @@ -1455,6 +1518,7 @@ TEST_F(OEMCryptoLoadsCertificate, !kCheckStatus, !kUpdateCoreMessageSubstringValues); } +/** Test that LoadProvisioning fails gracefully on huge buffer. */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadProvisioningForHugeCoreMessageEncPrivateKeyLength) { // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for @@ -1470,6 +1534,7 @@ TEST_F(OEMCryptoLoadsCertificate, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadProvisioning fails gracefully on huge buffer. */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadProvisioningForHugeCoreMessageEncPrivateKeyOffset) { // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for @@ -1485,6 +1550,7 @@ TEST_F(OEMCryptoLoadsCertificate, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadProvisioning fails gracefully on out of range substring. */ TEST_F( OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadProvisioningForOutOfRangeCoreMessageEncPrivateKeyLength) { @@ -1504,6 +1570,7 @@ TEST_F( }); } +/** Test that LoadProvisioning fails gracefully on out of range substring. */ TEST_F( OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadProvisioningForOutOfRangeCoreMessageEncPrivateKeyOffset) { @@ -1523,6 +1590,7 @@ TEST_F( }); } +/** Test that LoadProvisioning fails gracefully on out of range substring. */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadProvisioningForHugeCoreMessageEncPrivateKeyIvLength) { // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for @@ -1539,6 +1607,7 @@ TEST_F(OEMCryptoLoadsCertificate, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadProvisioning fails gracefully on out of range substring. */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadProvisioningForHugeCoreMessageEncPrivateKeyIvOffset) { // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for @@ -1555,6 +1624,7 @@ TEST_F(OEMCryptoLoadsCertificate, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadProvisioning fails gracefully on out of range substring. */ TEST_F( OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadProvisioningForOutOfRangeCoreMessageEncPrivateKeyIvLengthAPI16) { @@ -1574,6 +1644,7 @@ TEST_F( }); } +/** Test that LoadProvisioning fails gracefully on out of range substring. */ TEST_F( OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadProvisioningForOutOfRangeCoreMessageEncPrivateKeyIvOffset) { @@ -1593,6 +1664,7 @@ TEST_F( }); } +/** Test that LoadProvisioning fails gracefully on out of range substring. */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadProvisioningForHugeCoreMessageEncMessageKeyLength) { // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for @@ -1609,6 +1681,7 @@ TEST_F(OEMCryptoLoadsCertificate, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadProvisioning fails gracefully on out of range substring. */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadProvisioningForHugeCoreMessageEncMessageKeyOffset) { // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for @@ -1625,6 +1698,7 @@ TEST_F(OEMCryptoLoadsCertificate, !kCheckStatus, kUpdateCoreMessageSubstringValues); } +/** Test that LoadProvisioning fails gracefully on out of range substring. */ TEST_F( OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadProvisioningForOutOfRangeCoreMessageEncMessageKeyLengthProv30) { @@ -1647,6 +1721,7 @@ TEST_F( }); } +/** Test that LoadProvisioning fails gracefully on out of range substring. */ TEST_F( OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadProvisioningForOutOfRangeCoreMessageEncMessageKeyOffsetProv30) { @@ -1674,6 +1749,9 @@ TEST_F( /// @addtogroup security /// @{ +/** Test that OEMCrypto_PrepAndSignProvisioningRequest fails gracefully on a + * huge buffer. + */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryPrepareProvisioningRequestForHugeRequestMessageLength) { // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for @@ -1689,6 +1767,9 @@ TEST_F(OEMCryptoLoadsCertificate, kCheckStatus); } +/** Test that OEMCrypto_PrepAndSignProvisioningRequest fails gracefully on a + * huge buffer. + */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryPrepareProvisioningRequestForHugeSignatureLength) { // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for @@ -1704,6 +1785,9 @@ TEST_F(OEMCryptoLoadsCertificate, !kCheckStatus); } +/** Test that OEMCrypto_PrepAndSignProvisioningRequest fails gracefully on a + * huge buffer. + */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryPrepareProvisioningRequestForHugeCoreMessageLength) { // TODO(b/197141970): Need to revisit OEMCryptoLoadsCert* tests for diff --git a/oemcrypto/test/oemcrypto_usage_table_test.cpp b/oemcrypto/test/oemcrypto_usage_table_test.cpp index ff15b24..40491b4 100644 --- a/oemcrypto/test/oemcrypto_usage_table_test.cpp +++ b/oemcrypto/test/oemcrypto_usage_table_test.cpp @@ -175,9 +175,15 @@ TEST_F(OEMCryptoSessionTests, MasterGeneration_IncrementCounterAPI18) { ASSERT_TRUE(prov_count2 == prov_count1); ASSERT_TRUE(lic_count2 > lic_count1); - ASSERT_TRUE(decrypt_count2 > decrypt_count1); ASSERT_TRUE(master_generation_number2 > master_generation_number1); + + // Log if decrypt counter hasn't gone up. Not a hard requirement, so don't + // assert for it. + if (decrypt_count2 <= decrypt_count1) { + LOGE("Decrypt count did not increase."); + } } + TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryLoadUsageEntryForHugeInvalidUsageEntryNumber) { LicenseWithUsageEntry entry; @@ -1745,4 +1751,4 @@ INSTANTIATE_TEST_SUITE_P(TestAPI16, OEMCryptoUsageTableDefragTest, INSTANTIATE_TEST_SUITE_P(TestAPI16, OEMCryptoUsageTableTestWallClock, Values(kCurrentAPI)); -} // namespace wvoec \ No newline at end of file +} // namespace wvoec