widevine-partner/whitebox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Code Drop Three (Update Two)

Browse Source 
In this update we have:

  - Added the verified platform tests. These tests show how some
    platforms, when verified are allowed to by pass the normal policy
    restrictions. This is done with ChromeOS, thus the name of the
    tests use "chrome_os".

  - Removed WB_RESULT_INVALID_PADDING. This error was when we the
    non-license APIs exposed a AES function with padding. However,
    those functions have been removed from the API and this error is
    no longer used by the API.

  - Tests have been updated to avoid signed-vs-unsigned comparison
    and to use the Chromium path to gTest (which is mocked in this
    library).

  - Tests have been updated to use a new test base and golden data
    system to make them easier to read.
This commit is contained in:
Aaron Vaage
2020-05-30 11:34:32 -07:00
parent ab70a5e358
commit 41e86ecab9
41 changed files with 834 additions and 242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
crypto_utils/BUILD
View File

@@ -14,7 +14,7 @@ cc_library(
hdrs = ["aes_cbc_decryptor.h"],
visibility = ["//visibility:public"],
deps = [
"//chromium_deps/base",
"//chromium_deps/base:glog",
"//chromium_deps/third_party/boringssl",
],
)
@@ -25,7 +25,7 @@ cc_test(
srcs = ["aes_cbc_decryptor_test.cc"],
deps = [
":aes_cbc_decryptor",
"//chromium_deps/testing:gtest",
"//chromium_deps/testing",
],
)
@@ -35,7 +35,7 @@ cc_library(
hdrs = ["aes_cbc_encryptor.h"],
visibility = ["//visibility:public"],
deps = [
"//chromium_deps/base",
"//chromium_deps/base:glog",
"//chromium_deps/third_party/boringssl",
],
)
@@ -46,7 +46,8 @@ cc_test(
srcs = ["aes_cbc_encryptor_test.cc"],
deps = [
":aes_cbc_encryptor",
"//chromium_deps/testing:gtest",
"//chromium_deps/base:glog",
"//chromium_deps/testing",
],
)
@@ -56,7 +57,7 @@ cc_library(
hdrs = ["aes_ctr_encryptor.h"],
visibility = ["//visibility:public"],
deps = [
"//chromium_deps/base",
"//chromium_deps/base:glog",
"//chromium_deps/third_party/boringssl",
],
)
@@ -67,7 +68,7 @@ cc_test(
srcs = ["aes_ctr_encryptor_test.cc"],
deps = [
":aes_ctr_encryptor",
"//chromium_deps/testing:gtest",
"//chromium_deps/testing",
],
)
@@ -77,11 +78,8 @@ cc_library(
hdrs = ["crypto_util.h"],
visibility = ["//visibility:public"],
deps = [
"//chromium_deps/base",
"//chromium_deps/base:glog",
"//chromium_deps/third_party/boringssl",
# TODO(hmchen): replace absl::string_view with std::string so that
# these files can be used by other projects which does not use absl.
"@abseil_repo//absl/strings",
],
)
@@ -91,7 +89,8 @@ cc_test(
srcs = ["crypto_util_test.cc"],
deps = [
":crypto_util",
"//chromium_deps/testing:gtest",
"//chromium_deps/testing",
"@abseil_repo//absl/strings",
],
)
@@ -100,7 +99,6 @@ cc_library(
hdrs = ["private_key_util.h"],
visibility = ["//visibility:public"],
deps = [
"//chromium_deps/base",
"//chromium_deps/third_party/boringssl",
],
)
@@ -112,7 +110,7 @@ cc_library(
visibility = ["//visibility:public"],
deps = [
":private_key_util",
"//chromium_deps/base",
"//chromium_deps/base:glog",
"//chromium_deps/third_party/boringssl",
],
)
@@ -125,8 +123,7 @@ cc_test(
deps = [
":rsa_test_keys",
":rsa_util",
"//chromium_deps/base",
"//chromium_deps/testing:gtest",
"//chromium_deps/testing",
"//chromium_deps/third_party/boringssl",
],
)
@@ -146,7 +143,7 @@ cc_library(
hdrs = ["random_util.h"],
visibility = ["//visibility:public"],
deps = [
"//chromium_deps/base",
"//chromium_deps/base:glog",
"//chromium_deps/third_party/boringssl",
],
)
@@ -157,7 +154,7 @@ cc_test(
srcs = ["random_util_test.cc"],
deps = [
":random_util",
"//chromium_deps/testing:gtest",
"//chromium_deps/testing",
],
)
@@ -169,7 +166,6 @@ cc_library(
deps = [
":rsa_util",
":sha_util",
"//chromium_deps/base",
"//chromium_deps/third_party/boringssl",
],
)
@@ -183,7 +179,7 @@ cc_test(
":rsa_key",
":rsa_test_keys",
":rsa_util",
"//chromium_deps/testing:gtest",
"//chromium_deps/testing",
],
)
@@ -194,7 +190,6 @@ cc_library(
hdrs = ["rsa_test_keys.h"],
visibility = ["//visibility:public"],
deps = [
"//chromium_deps/base",
],
)
@@ -204,7 +199,6 @@ cc_library(
hdrs = ["sha_util.h"],
visibility = ["//visibility:public"],
deps = [
"//chromium_deps/base",
"//chromium_deps/third_party/boringssl",
],
)
@@ -214,7 +208,7 @@ cc_test(
srcs = ["sha_util_test.cc"],
deps = [
":sha_util",
"//chromium_deps/testing:gtest",
"//chromium_deps/testing",
"@abseil_repo//absl/strings",
],
)

4
crypto_utils/aes_cbc_decryptor_test.cc
View File

@@ -5,8 +5,8 @@
#include <cstdint>
#include <vector>
#include "testing/include/gmock/gmock.h"
#include "testing/include/gtest/gtest.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
using ::testing::ElementsAreArray;

4
crypto_utils/aes_cbc_encryptor_test.cc
View File

@@ -5,8 +5,8 @@
#include <cstdint>
#include <vector>
#include "testing/include/gmock/gmock.h"
#include "testing/include/gtest/gtest.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
using ::testing::ElementsAreArray;

4
crypto_utils/aes_ctr_encryptor_test.cc
View File

@@ -3,8 +3,8 @@
#include <cstdint>
#include <vector>
#include "testing/include/gmock/gmock.h"
#include "testing/include/gtest/gtest.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
using ::testing::ElementsAreArray;

1
crypto_utils/crypto_util.cc
View File

@@ -10,7 +10,6 @@
#include "crypto_utils/crypto_util.h"
#include "absl/strings/string_view.h"
#include "base/logging.h"
#include "third_party/boringssl/src/include/openssl/aes.h"
#include "third_party/boringssl/src/include/openssl/cmac.h"

9
crypto_utils/crypto_util.h
View File

@@ -14,11 +14,14 @@
#include <string>
#include "absl/strings/string_view.h"
namespace widevine {
namespace crypto_util {
// Sub in the string view so that we can more easily use this file with code
// that does not have access to absl.
namespace absl {
using string_view = const std::string&;
}
namespace crypto_util {
// Default constants used for key derivation for encryption and signing.
// TODO(user): These are duplicated in session.cc in the sdk. de-dup.
extern const char kWrappingKeyLabel[];

33
crypto_utils/crypto_util_test.cc
View File

@@ -15,13 +15,12 @@
#include "absl/strings/escaping.h"
#include "absl/strings/str_cat.h"
#include "absl/strings/string_view.h"
#include "testing/include/gmock/gmock.h"
#include "testing/include/gtest/gtest.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/boringssl/src/include/openssl/aes.h"
namespace widevine {
namespace crypto_util {
const char kCENCStr[] = "cenc";
const char kCBC1Str[] = "cbc1";
const char kCENSStr[] = "cens";
@@ -108,7 +107,7 @@ TEST_F(CryptoUtilTest, DeriveAes256MasterKeyTest) {
std::string result = DeriveKey(aes_256_key_, label_str, context_str, 128);
EXPECT_EQ(std::string(expected_128, expected_128 + sizeof(expected_128)),
result)
<< absl::BytesToHexString(result);
<< ::absl::BytesToHexString(result);
const unsigned char expected_256[] = {
0xfb, 0x8f, 0xdf, 0x0e, 0x22, 0xfe, 0xf7, 0x2b, 0xd1, 0x9a, 0x1d,
@@ -117,7 +116,7 @@ TEST_F(CryptoUtilTest, DeriveAes256MasterKeyTest) {
result = DeriveKey(aes_256_key_, label_str, context_str, 256);
EXPECT_EQ(std::string(expected_256, expected_256 + sizeof(expected_256)),
result)
<< absl::BytesToHexString(result);
<< ::absl::BytesToHexString(result);
const unsigned char expected_384[] = {
0x65, 0xbc, 0xe3, 0xf3, 0xfb, 0xfa, 0xce, 0x1d, 0x24, 0x63, 0x9c, 0x8f,
@@ -127,7 +126,7 @@ TEST_F(CryptoUtilTest, DeriveAes256MasterKeyTest) {
result = DeriveKey(aes_256_key_, label_str, context_str, 384);
EXPECT_EQ(std::string(expected_384, expected_384 + sizeof(expected_384)),
result)
<< absl::BytesToHexString(result);
<< ::absl::BytesToHexString(result);
}
TEST_F(CryptoUtilTest, DeriveAesInvalidSizeModulus) {
@@ -138,7 +137,7 @@ TEST_F(CryptoUtilTest, DeriveAesInvalidSizeModulus) {
TEST_F(CryptoUtilTest, DeriveAesMaxBlocks) {
EXPECT_EQ(
255 * AES_BLOCK_SIZE,
255u * AES_BLOCK_SIZE,
DeriveKey(aes_128_key_, "foo", "bar", AES_BLOCK_SIZE * 8 * 255).size());
}
@@ -176,7 +175,7 @@ TEST_F(CryptoUtilTest, TestCreateAndVerifySignatureHmacSha256) {
std::string message(message_data, message_data + sizeof(message_data));
std::string signature(CreateSignatureHmacSha256(aes_128_key_, message));
ASSERT_EQ(signature.size(), 32);
ASSERT_EQ(signature.size(), 32u);
ASSERT_TRUE(VerifySignatureHmacSha256(aes_128_key_, signature, message));
}
@@ -196,7 +195,7 @@ TEST_F(CryptoUtilTest, TestFailCreateAndVerifyHmacSha256) {
std::string signature(CreateSignatureHmacSha256(bogus_key, message));
// This should still produce an hmac signature.
ASSERT_EQ(signature.size(), 32);
ASSERT_EQ(signature.size(), 32u);
// Create valid signature to compare.
signature = CreateSignatureHmacSha256(aes_128_key_, message);
@@ -224,7 +223,7 @@ TEST_F(CryptoUtilTest, TestCreateAndVerifySignatureHmacSha1) {
std::string message(message_data, message_data + sizeof(message_data));
std::string signature(CreateSignatureHmacSha1(aes_128_key_, message));
ASSERT_EQ(20, signature.size());
ASSERT_EQ(20u, signature.size());
ASSERT_TRUE(VerifySignatureHmacSha1(aes_128_key_, signature, message));
}
@@ -243,7 +242,7 @@ TEST_F(CryptoUtilTest, TestFailCreateAndVerifyHmacSha1) {
std::string signature(CreateSignatureHmacSha1(bogus_key, message));
// This should still produce an hmac signature.
ASSERT_EQ(20, signature.size());
ASSERT_EQ(20u, signature.size());
// Create valid signature to compare.
signature = CreateSignatureHmacSha1(aes_128_key_, message);
// Test with bogus key.
@@ -261,12 +260,12 @@ TEST_F(CryptoUtilTest, DeriveIv) {
{"1234567890123456", "3278234c7682d1a2e153af4912975f5f"},
{"0987654321098765", "cf09abd30f04b60544910791a6b904cf"}};
for (const auto& id_iv_pair : id_iv_pairs) {
SCOPED_TRACE(absl::StrCat("test case:", id_iv_pair.first));
SCOPED_TRACE(::absl::StrCat("test case:", id_iv_pair.first));
EXPECT_EQ(id_iv_pair.second,
absl::BytesToHexString(DeriveIv(id_iv_pair.first)));
::absl::BytesToHexString(DeriveIv(id_iv_pair.first)));
// Repeat same call to verify derivied result is repeatable.
EXPECT_EQ(id_iv_pair.second,
absl::BytesToHexString(DeriveIv(id_iv_pair.first)));
::absl::BytesToHexString(DeriveIv(id_iv_pair.first)));
}
}
@@ -276,12 +275,12 @@ TEST_F(CryptoUtilTest, DeriveKeyId) {
{"1234567890123456", "a3c4a8c0d0e24e96f38f492254186a9d"},
{"0987654321098765", "084fc6bece9688ccce6b1672d9b47e22"}};
for (const auto& context_id_pair : context_id_pairs) {
SCOPED_TRACE(absl::StrCat("test case:", context_id_pair.first));
SCOPED_TRACE(::absl::StrCat("test case:", context_id_pair.first));
EXPECT_EQ(context_id_pair.second,
absl::BytesToHexString(DeriveKeyId(context_id_pair.first)));
::absl::BytesToHexString(DeriveKeyId(context_id_pair.first)));
// Repeat same call to verify derivied result is repeatable.
EXPECT_EQ(context_id_pair.second,
absl::BytesToHexString(DeriveKeyId(context_id_pair.first)));
::absl::BytesToHexString(DeriveKeyId(context_id_pair.first)));
}
}

2
crypto_utils/random_util_test.cc
View File

@@ -8,7 +8,7 @@
#include "crypto_utils/random_util.h"
#include "testing/include/gtest/gtest.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace widevine {

4
crypto_utils/rsa_key.cc
View File

@@ -26,13 +26,13 @@
#include "crypto_utils/rsa_key.h"
#include "base/logging.h"
#include "crypto_utils/rsa_util.h"
#include "crypto_utils/sha_util.h"
#include "third_party/boringssl/src/include/openssl/bn.h"
#include "third_party/boringssl/src/include/openssl/err.h"
#include "third_party/boringssl/src/include/openssl/evp.h"
#include "third_party/boringssl/src/include/openssl/rsa.h"
#include "third_party/boringssl/src/include/openssl/sha.h"
#include "crypto_utils/rsa_util.h"
#include "crypto_utils/sha_util.h"
static const int kPssSaltLength = 20;

6
crypto_utils/rsa_key_test.cc
View File

@@ -14,9 +14,9 @@
#include <memory>
#include "testing/include/gtest/gtest.h"
#include "crypto_utils/rsa_test_keys.h"
#include "crypto_utils/rsa_util.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace widevine {
@@ -240,8 +240,8 @@ TEST_F(RsaKeyTest, KeySize) {
std::unique_ptr<RsaPublicKey> public_key(
RsaPublicKey::Create(test_keys_.public_test_key_2_2048_bits()));
EXPECT_EQ(256, private_key->KeySize());
EXPECT_EQ(256, public_key->KeySize());
EXPECT_EQ(256u, private_key->KeySize());
EXPECT_EQ(256u, public_key->KeySize());
}
TEST_F(RsaKeyTest, RsaKeyMatch) {

2
crypto_utils/rsa_test_keys.cc
View File

@@ -783,4 +783,6 @@ RsaTestKeys::RsaTestKeys()
std::begin(kTestRsaPrivateKey4CarmichaelTotient_2048),
std::end(kTestRsaPrivateKey4CarmichaelTotient_2048)) {}
RsaTestKeys::~RsaTestKeys() = default;
} // namespace widevine

1
crypto_utils/rsa_test_keys.h
View File

@@ -25,6 +25,7 @@ namespace widevine {
class RsaTestKeys {
public:
RsaTestKeys();
~RsaTestKeys();
// Returns 3072-bit private RSA test key 1
const std::string& private_test_key_1_3072_bits() const {

2
crypto_utils/rsa_util.cc
View File

@@ -18,9 +18,9 @@
#include <memory>
#include "base/logging.h"
#include "crypto_utils/private_key_util.h"
#include "third_party/boringssl/src/include/openssl/pem.h"
#include "third_party/boringssl/src/include/openssl/x509.h"
#include "crypto_utils/private_key_util.h"
namespace {
int BigNumGreaterThanPow2(const BIGNUM* b, int n) {

6
crypto_utils/rsa_util_test.cc
View File

@@ -18,10 +18,10 @@
#include <memory>
#include "base/logging.h"
#include "testing/include/gmock/gmock.h"
#include "testing/include/gtest/gtest.h"
#include "third_party/boringssl/src/include/openssl/bn.h"
#include "crypto_utils/rsa_test_keys.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/boringssl/src/include/openssl/bn.h"
using ::testing::NotNull;

2
crypto_utils/sha_util_test.cc
View File

@@ -9,7 +9,7 @@
#include "crypto_utils/sha_util.h"
#include "absl/strings/escaping.h"
#include "testing/include/gtest/gtest.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace widevine {