This patch adds a suite of tests for OEMCrypto that verifying buffer
overflow and off-by-one errors. The reference code has also been
updated to pass these tests.
The ODK library and the OEMCrypto API have not changed since the
release of version 16.4.
There were no new changes to the OEMCrypto code. However, the ODK
library changed, so we rolled the minor version number to 3. The ODK
library was updated to support a nonce-free offline license. An
offline license would not require a nonce if, for example, it is
preloaded onto the device and does not have an entry in the usage
table.
Also, the following unit tests have been updated:
1. Various tests: Keys are not derived if they are not used. This is more
in line with the “OEMCrypto state” diagram below.
2. The decrypt hash is not verified when there are multiple samples or no
key is selected.
3. LoadKeyWithNoRequest. A nonce-free license is loaded in a session that
did not sign the request. (Requires 16.3 ODK library)
4. RefreshLargeBuffer. The renewal message was set to the large
size. Previously, only the license request was set to the larger size.
5. OEMCryptoGenericCryptoTest.*LargeBuffer. The correct buffer size is
now being used.
6. ShrinkOverOpenSessions: The correct error code
OEMCrypto_ERROR_ENTRY_IN_USE is now verified.
7. TimeRollbackPrevention: The test was refactored and fixed. Comments
were added.
This commit contains the updated v16.1 documentation dated Nov 12th,
as well has the headers and update ODK library.
Unit tests and reference code is partially implemented, but not yet
complete.
This commit has the initial ODK library. Partners may use this code
to begin integrating the ODK library into their platform. The
functionality is not complete, but this should help partners get an
early start playing with build files.
