b5637c89cb
There were no new changes to the OEMCrypto code. However, the ODK library changed, so we rolled the minor version number to 3. The ODK library was updated to support a nonce-free offline license. An offline license would not require a nonce if, for example, it is preloaded onto the device and does not have an entry in the usage table. Also, the following unit tests have been updated: 1. Various tests: Keys are not derived if they are not used. This is more in line with the “OEMCrypto state” diagram below. 2. The decrypt hash is not verified when there are multiple samples or no key is selected. 3. LoadKeyWithNoRequest. A nonce-free license is loaded in a session that did not sign the request. (Requires 16.3 ODK library) 4. RefreshLargeBuffer. The renewal message was set to the large size. Previously, only the license request was set to the larger size. 5. OEMCryptoGenericCryptoTest.*LargeBuffer. The correct buffer size is now being used. 6. ShrinkOverOpenSessions: The correct error code OEMCrypto_ERROR_ENTRY_IN_USE is now verified. 7. TimeRollbackPrevention: The test was refactored and fixed. Comments were added.
149 lines
5.3 KiB
C++
149 lines
5.3 KiB
C++
// Copyright 2019 Google LLC. All Rights Reserved. This file and proprietary
|
|
// source code may only be used and distributed under the Widevine Master
|
|
// License Agreement.
|
|
|
|
#include "test_sleep.h"
|
|
|
|
#ifdef _WIN32
|
|
# include <windows.h>
|
|
#else
|
|
# include <sys/types.h>
|
|
#endif
|
|
|
|
#include <errno.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
|
|
#include <chrono>
|
|
|
|
#include "clock.h"
|
|
#include "log.h"
|
|
|
|
namespace wvcdm {
|
|
|
|
bool TestSleep::real_sleep_ = true;
|
|
TestSleep::CallBack* TestSleep::callback_ = nullptr;
|
|
int TestSleep::total_clock_rollback_ = 0;
|
|
|
|
void TestSleep::Sleep(unsigned int seconds) {
|
|
int64_t milliseconds = 1000 * seconds;
|
|
if (real_sleep_) {
|
|
// This next bit of logic is to avoid slow drift apart of the real clock and
|
|
// the fake clock. We compute how far from the real clock has advanced in
|
|
// total since the start, and then compare to a running total of sleep
|
|
// calls. We sleep for approximately x second, and then advance the clock by
|
|
// the amount of time that has actually passed.
|
|
static auto start_real = std::chrono::system_clock().now();
|
|
static int64_t fake_clock = 0;
|
|
sleep(seconds);
|
|
auto now_real = std::chrono::system_clock().now();
|
|
int64_t total_real = (now_real - start_real) / std::chrono::milliseconds(1);
|
|
// We want to advance the fake clock by the difference between the real
|
|
// clock, and the previous value on the fake clock.
|
|
milliseconds = total_real - fake_clock;
|
|
fake_clock += milliseconds;
|
|
}
|
|
if (callback_ != nullptr) callback_->ElapseTime(milliseconds);
|
|
}
|
|
|
|
void TestSleep::SyncFakeClock() {
|
|
// Syncing can be done by sleeping 0 seconds.
|
|
Sleep(0);
|
|
}
|
|
|
|
bool TestSleep::RollbackSystemTime(int seconds) {
|
|
if (real_sleep_) {
|
|
#ifdef _WIN32
|
|
// See remarks from this for why this series is used.
|
|
// https://msdn.microsoft.com/en-us/f77cdf86-0f97-4a89-b565-95b46fa7d65b
|
|
SYSTEMTIME time;
|
|
GetSystemTime(&time);
|
|
FILETIME file_time;
|
|
if (!SystemTimeToFileTime(time, &file_time)) return false;
|
|
uint64_t long_time =
|
|
static_cast<uint64_t>(file_time.dwLowDateTime) |
|
|
(static_cast<uint64_t>(file_time.dwHighDateTime) << 32);
|
|
long_time += static_cast<uint64_t>(delta_seconds) *
|
|
1e7; // long_time is in 100-nanosecond intervals.
|
|
file_time.dwLowDateTime = long_time & ((1ull << 32) - 1);
|
|
file_time.dwHighDateTime = long_time >> 32;
|
|
if (!FileTimeToSystemTime(&file_time, &time)) return false;
|
|
if (!SetSystemTime(&time)) return false;
|
|
#else
|
|
auto time = std::chrono::system_clock::now();
|
|
auto modified_time = time - std::chrono::seconds(seconds);
|
|
;
|
|
timespec time_spec;
|
|
time_spec.tv_sec = std::chrono::duration_cast<std::chrono::seconds>(
|
|
modified_time.time_since_epoch())
|
|
.count();
|
|
time_spec.tv_nsec = std::chrono::duration_cast<std::chrono::nanoseconds>(
|
|
modified_time.time_since_epoch())
|
|
.count() %
|
|
(1000 * 1000 * 1000);
|
|
if (clock_settime(CLOCK_REALTIME, &time_spec)) {
|
|
LOGE("Error setting clock: %s", strerror(errno));
|
|
return false;
|
|
}
|
|
#endif
|
|
} // end if(real_sleep_)...
|
|
|
|
// For both real and fake sleep we still update the callback and we still keep
|
|
// track of the total amount of time slept.
|
|
total_clock_rollback_ += seconds;
|
|
if (callback_ != nullptr) callback_->ElapseTime(-1000 * seconds);
|
|
return true;
|
|
}
|
|
|
|
bool TestSleep::CanChangeSystemTime() {
|
|
// If we are using a fake clock, then we can move the clock backwards by
|
|
// just going backwards.
|
|
// ElapseTime.
|
|
if (!real_sleep_) {
|
|
return true;
|
|
}
|
|
#ifdef _WIN32
|
|
LUID desired_id;
|
|
if (!LookupPrivilegeValue(nullptr, SE_SYSTEMTIME_NAME, &desired_id)) {
|
|
LOGE("Win32 time rollback: no SYSTEMTIME permission.");
|
|
return false;
|
|
}
|
|
HANDLE token;
|
|
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &token)) {
|
|
LOGE("Win32 time rollback: cannot access process token.");
|
|
return false;
|
|
}
|
|
std::unique_ptr<void, decltype(&CloseHandle)> safe_token(token, &CloseHandle);
|
|
|
|
// This queries all the permissions given to the token to determine if we can
|
|
// change the system time. Note this is subtly different from PrivilegeCheck
|
|
// as that only checks "enabled" privileges; even with admin rights, the
|
|
// privilege is default disabled, even when granted.
|
|
|
|
DWORD size = 0;
|
|
// Determine how big we need to allocate first.
|
|
GetTokenInformation(token, TokenPrivileges, nullptr, 0, &size);
|
|
// Since TOKEN_PRIVILEGES uses a variable-length array, we need to use malloc
|
|
std::unique_ptr<TOKEN_PRIVILEGES, decltype(&free)> privileges(
|
|
(TOKEN_PRIVILEGES*)malloc(size), &free);
|
|
if (privileges && GetTokenInformation(token, TokenPrivileges,
|
|
privileges.get(), size, &size)) {
|
|
for (int i = 0; i < privileges->PrivilegeCount; i++) {
|
|
if (privileges->Privileges[i].Luid.HighPart == desired_id.HighPart &&
|
|
privileges->Privileges[i].Luid.LowPart == desired_id.LowPart) {
|
|
return true;
|
|
}
|
|
}
|
|
}
|
|
LOGE("Win32 time rollback: cannot set system time.");
|
|
return false;
|
|
#else
|
|
// Otherwise, the test needs to be run as root.
|
|
const uid_t uid = getuid();
|
|
if (uid == 0) return true;
|
|
LOGE("Unix time rollback: not running as root (uid=%u.", uid);
|
|
return false;
|
|
#endif
|
|
}
|
|
} // namespace wvcdm
|