diff --git a/whitebox-dev/impl/BUILD b/whitebox-dev/impl/BUILD index 5e37782..9b3ca1b 100644 --- a/whitebox-dev/impl/BUILD +++ b/whitebox-dev/impl/BUILD @@ -76,6 +76,17 @@ cc_test( ], ) +cc_test( + name = "remote_attestation_and_verification_test", + size = "small", + timeout = "moderate", + deps = [ + ":license_whitebox", + ":test_data", + "@whitebox_api_repo//api:remote_attestation_and_verification_test", + ], +) + cc_test( name = "aead_whitebox_benchmark", size = "small", diff --git a/whitebox-prod/impl/BUILD b/whitebox-prod/impl/BUILD index 5e37782..9b3ca1b 100644 --- a/whitebox-prod/impl/BUILD +++ b/whitebox-prod/impl/BUILD @@ -76,6 +76,17 @@ cc_test( ], ) +cc_test( + name = "remote_attestation_and_verification_test", + size = "small", + timeout = "moderate", + deps = [ + ":license_whitebox", + ":test_data", + "@whitebox_api_repo//api:remote_attestation_and_verification_test", + ], +) + cc_test( name = "aead_whitebox_benchmark", size = "small", diff --git a/whitebox/api/BUILD b/whitebox/api/BUILD index 04e21ae..1ffab98 100644 --- a/whitebox/api/BUILD +++ b/whitebox/api/BUILD @@ -126,6 +126,24 @@ cc_library( alwayslink = True, ) +cc_library( + name = "license_whitebox_test_base", + testonly = True, + srcs = [ + "license_whitebox_test_base.cc", + ], + hdrs = [ + "license_whitebox_test_base.h", + ], + deps = [ + ":golden_data", + ":license_whitebox", + ":test_public_key", + "//chromium_deps/testing", + "//crypto_utils:rsa_key", + ], +) + cc_library( name = "license_whitebox_test", testonly = True, @@ -140,23 +158,37 @@ cc_library( "license_whitebox_security_level_test.cc", "license_whitebox_sign_license_request_test.cc", "license_whitebox_sign_renewal_request_test.cc", - "license_whitebox_test_base.cc", "license_whitebox_verify_renewal_response_test.cc", - "remote_attestation_and_verification_test.cc", - ], - hdrs = [ - "license_whitebox_test_base.h", ], visibility = ["//visibility:public"], deps = [ ":golden_data", ":license_whitebox", + ":license_whitebox_test_base", + ":test_license_builder", + "//chromium_deps/testing", + ], + alwayslink = True, +) + +# These tests should only be ran when using a VMP+RA supported white-box as +# they are testing that the white-box will reduce the key security level when +# RA + VMP are present. +# +# TODO(vaage): Create another version of these tests for the non-VMP+RA +# white-boxes to ensure that they are not reducing key security levels. +cc_library( + name = "remote_attestation_and_verification_test", + testonly = True, + srcs = [ + "remote_attestation_and_verification_test.cc", + ], + visibility = ["//visibility:public"], + deps = [ + ":license_whitebox", + ":license_whitebox_test_base", ":test_license_builder", - ":test_public_key", - "//chromium_deps/cdm/keys:api", - "//chromium_deps/cdm/protos:license_protocol_proto", "//chromium_deps/testing", - "//crypto_utils:rsa_key", ], alwayslink = True, ) diff --git a/whitebox/api/remote_attestation_and_verification_test.cc b/whitebox/api/remote_attestation_and_verification_test.cc index 939b247..1ae8b98 100644 --- a/whitebox/api/remote_attestation_and_verification_test.cc +++ b/whitebox/api/remote_attestation_and_verification_test.cc @@ -14,6 +14,7 @@ namespace widevine { namespace { using RemoteAttestation = TestLicenseBuilder::RemoteAttestation; using VerificationStatus = TestLicenseBuilder::VerificationStatus; +using Padding = TestLicenseBuilder::Padding; // We can't use the actual keys with TEST_P, so define an enum that we can use // to communicate which key to use. @@ -36,14 +37,17 @@ enum class Mode { class RemoteAttestationAndVerificationTest : public LicenseWhiteboxTestBase, - public testing::WithParamInterface< - std::tuple> { + public testing::WithParamInterface>> { protected: void SetUp() override { LicenseWhiteboxTestBase::SetUp(); Key key; - std::tie(key, ra_, vmp_, mode_) = GetParam(); + const auto& params = GetParam(); + padding_ = std::get<0>(params); + std::tie(key, ra_, vmp_, mode_) = std::get<1>(params); switch (key) { case Key::kCrypto: @@ -60,11 +64,13 @@ class RemoteAttestationAndVerificationTest WB_Result LoadLicense(const GoldenData::Key& key, RemoteAttestation remote_attestation, - VerificationStatus verification_status) { + VerificationStatus verification_status, + Padding padding) { TestLicenseBuilder builder; builder.AddContentKey(key.level, key.id, key.content->key); builder.GetSettings().remote_attestation = remote_attestation; builder.GetSettings().verification_status = verification_status; + builder.GetSettings().padding = padding; License license; builder.Build(*public_key_, &license); @@ -133,6 +139,7 @@ class RemoteAttestationAndVerificationTest return result; } + Padding padding_; GoldenData::Key key_; RemoteAttestation ra_; VerificationStatus vmp_; @@ -144,7 +151,7 @@ class RemoteAttestationAndVerificationTest }; TEST_P(RemoteAttestationAndVerificationTest, Decrypt) { - ASSERT_EQ(LoadLicense(key_, ra_, vmp_), WB_RESULT_OK); + ASSERT_EQ(LoadLicense(key_, ra_, vmp_, padding_), WB_RESULT_OK); switch (mode_) { case Mode::kDecryptPass: @@ -181,277 +188,297 @@ TEST_P(RemoteAttestationAndVerificationTest, Decrypt) { // | VMP OTHER | 0 | 0 | 0 | // |----------------------------------------------------------| -INSTANTIATE_TEST_SUITE_P(NoRemoteAttestationNoVerification, - RemoteAttestationAndVerificationTest, - ::testing::Values( - // Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kUnavailable, - VerificationStatus::kUnavailable, - Mode::kDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kUnavailable, - VerificationStatus::kUnavailable, - Mode::kDecryptFail), - std::make_tuple(Key::kHardware, - RemoteAttestation::kUnavailable, - VerificationStatus::kUnavailable, - Mode::kDecryptFail), - // Masked Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kUnavailable, - VerificationStatus::kUnavailable, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kUnavailable, - VerificationStatus::kUnavailable, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kHardware, - RemoteAttestation::kUnavailable, - VerificationStatus::kUnavailable, - Mode::kMaskedDecryptFail))); +// There should be no different in outcomes between padding and no padding, +// however, we have seen issues between VMP + RA + PADDING. -INSTANTIATE_TEST_SUITE_P(UnverifiedRemoteAttestationNoVerification, - RemoteAttestationAndVerificationTest, - ::testing::Values( - // Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kUnverified, - VerificationStatus::kUnavailable, - Mode::kDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kUnverified, - VerificationStatus::kUnavailable, - Mode::kDecryptFail), - std::make_tuple(Key::kHardware, - RemoteAttestation::kUnverified, - VerificationStatus::kUnavailable, - Mode::kDecryptFail), - // Masked Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kUnverified, - VerificationStatus::kUnavailable, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kUnverified, - VerificationStatus::kUnavailable, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kHardware, - RemoteAttestation::kUnverified, - VerificationStatus::kUnavailable, - Mode::kMaskedDecryptFail))); +INSTANTIATE_TEST_SUITE_P( + NoRemoteAttestationNoVerification, + RemoteAttestationAndVerificationTest, + ::testing::Combine(::testing::Values(Padding::kNone, Padding::kPKSC8), + ::testing::Values( + // Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kUnavailable, + VerificationStatus::kUnavailable, + Mode::kDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kUnavailable, + VerificationStatus::kUnavailable, + Mode::kDecryptFail), + std::make_tuple(Key::kHardware, + RemoteAttestation::kUnavailable, + VerificationStatus::kUnavailable, + Mode::kDecryptFail), + // Masked Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kUnavailable, + VerificationStatus::kUnavailable, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kUnavailable, + VerificationStatus::kUnavailable, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kHardware, + RemoteAttestation::kUnavailable, + VerificationStatus::kUnavailable, + Mode::kMaskedDecryptFail)))); -INSTANTIATE_TEST_SUITE_P(VerifiedRemoteAttestationNoVerification, - RemoteAttestationAndVerificationTest, - ::testing::Values( - // Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kVerified, - VerificationStatus::kUnavailable, - Mode::kDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kVerified, - VerificationStatus::kUnavailable, - Mode::kDecryptPass), - std::make_tuple(Key::kHardware, - RemoteAttestation::kVerified, - VerificationStatus::kUnavailable, - Mode::kDecryptPass), - // Masked Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kVerified, - VerificationStatus::kUnavailable, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kVerified, - VerificationStatus::kUnavailable, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kHardware, - RemoteAttestation::kVerified, - VerificationStatus::kUnavailable, - Mode::kMaskedDecryptPass))); +INSTANTIATE_TEST_SUITE_P( + UnverifiedRemoteAttestationNoVerification, + RemoteAttestationAndVerificationTest, + ::testing::Combine(::testing::Values(Padding::kNone, Padding::kPKSC8), + ::testing::Values( + // Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kUnverified, + VerificationStatus::kUnavailable, + Mode::kDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kUnverified, + VerificationStatus::kUnavailable, + Mode::kDecryptFail), + std::make_tuple(Key::kHardware, + RemoteAttestation::kUnverified, + VerificationStatus::kUnavailable, + Mode::kDecryptFail), + // Masked Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kUnverified, + VerificationStatus::kUnavailable, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kUnverified, + VerificationStatus::kUnavailable, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kHardware, + RemoteAttestation::kUnverified, + VerificationStatus::kUnavailable, + Mode::kMaskedDecryptFail)))); + +INSTANTIATE_TEST_SUITE_P( + VerifiedRemoteAttestationNoVerification, + RemoteAttestationAndVerificationTest, + ::testing::Combine(::testing::Values(Padding::kNone, Padding::kPKSC8), + ::testing::Values( + // Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kVerified, + VerificationStatus::kUnavailable, + Mode::kDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kVerified, + VerificationStatus::kUnavailable, + Mode::kDecryptPass), + std::make_tuple(Key::kHardware, + RemoteAttestation::kVerified, + VerificationStatus::kUnavailable, + Mode::kDecryptPass), + // Masked Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kVerified, + VerificationStatus::kUnavailable, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kVerified, + VerificationStatus::kUnavailable, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kHardware, + RemoteAttestation::kVerified, + VerificationStatus::kUnavailable, + Mode::kMaskedDecryptPass)))); INSTANTIATE_TEST_SUITE_P( NoRemoteAttestationHardwareVerification, RemoteAttestationAndVerificationTest, - ::testing::Values( - // Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kUnavailable, - VerificationStatus::kHardwareVerified, - Mode::kDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kUnavailable, - VerificationStatus::kHardwareVerified, - Mode::kDecryptPass), - std::make_tuple(Key::kHardware, - RemoteAttestation::kUnavailable, - VerificationStatus::kHardwareVerified, - Mode::kDecryptPass), - // Masked Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kUnavailable, - VerificationStatus::kHardwareVerified, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kUnavailable, - VerificationStatus::kHardwareVerified, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kHardware, - RemoteAttestation::kUnavailable, - VerificationStatus::kHardwareVerified, - Mode::kMaskedDecryptPass))); + ::testing::Combine( + ::testing::Values(Padding::kNone, Padding::kPKSC8), + ::testing::Values( + // Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kUnavailable, + VerificationStatus::kHardwareVerified, + Mode::kDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kUnavailable, + VerificationStatus::kHardwareVerified, + Mode::kDecryptPass), + std::make_tuple(Key::kHardware, + RemoteAttestation::kUnavailable, + VerificationStatus::kHardwareVerified, + Mode::kDecryptPass), + // Masked Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kUnavailable, + VerificationStatus::kHardwareVerified, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kUnavailable, + VerificationStatus::kHardwareVerified, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kHardware, + RemoteAttestation::kUnavailable, + VerificationStatus::kHardwareVerified, + Mode::kMaskedDecryptPass)))); INSTANTIATE_TEST_SUITE_P( UnverifiedRemoteAttestationHardwareVerification, RemoteAttestationAndVerificationTest, - ::testing::Values( - // Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kUnverified, - VerificationStatus::kHardwareVerified, - Mode::kDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kUnverified, - VerificationStatus::kHardwareVerified, - Mode::kDecryptFail), - std::make_tuple(Key::kHardware, - RemoteAttestation::kUnverified, - VerificationStatus::kHardwareVerified, - Mode::kDecryptFail), - // Masked Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kUnverified, - VerificationStatus::kHardwareVerified, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kUnverified, - VerificationStatus::kHardwareVerified, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kHardware, - RemoteAttestation::kUnverified, - VerificationStatus::kHardwareVerified, - Mode::kMaskedDecryptFail))); + ::testing::Combine( + ::testing::Values(Padding::kNone, Padding::kPKSC8), + ::testing::Values( + // Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kUnverified, + VerificationStatus::kHardwareVerified, + Mode::kDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kUnverified, + VerificationStatus::kHardwareVerified, + Mode::kDecryptFail), + std::make_tuple(Key::kHardware, + RemoteAttestation::kUnverified, + VerificationStatus::kHardwareVerified, + Mode::kDecryptFail), + // Masked Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kUnverified, + VerificationStatus::kHardwareVerified, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kUnverified, + VerificationStatus::kHardwareVerified, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kHardware, + RemoteAttestation::kUnverified, + VerificationStatus::kHardwareVerified, + Mode::kMaskedDecryptFail)))); INSTANTIATE_TEST_SUITE_P( VerifiedRemoteAttestationHardwareVerification, RemoteAttestationAndVerificationTest, - ::testing::Values( - // Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kVerified, - VerificationStatus::kHardwareVerified, - Mode::kDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kVerified, - VerificationStatus::kHardwareVerified, - Mode::kDecryptPass), - std::make_tuple(Key::kHardware, - RemoteAttestation::kVerified, - VerificationStatus::kHardwareVerified, - Mode::kDecryptPass), - // Masked Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kVerified, - VerificationStatus::kHardwareVerified, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kVerified, - VerificationStatus::kHardwareVerified, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kHardware, - RemoteAttestation::kVerified, - VerificationStatus::kHardwareVerified, - Mode::kMaskedDecryptPass))); + ::testing::Combine( + ::testing::Values(Padding::kNone, Padding::kPKSC8), + ::testing::Values( + // Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kVerified, + VerificationStatus::kHardwareVerified, + Mode::kDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kVerified, + VerificationStatus::kHardwareVerified, + Mode::kDecryptPass), + std::make_tuple(Key::kHardware, + RemoteAttestation::kVerified, + VerificationStatus::kHardwareVerified, + Mode::kDecryptPass), + // Masked Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kVerified, + VerificationStatus::kHardwareVerified, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kVerified, + VerificationStatus::kHardwareVerified, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kHardware, + RemoteAttestation::kVerified, + VerificationStatus::kHardwareVerified, + Mode::kMaskedDecryptPass)))); -INSTANTIATE_TEST_SUITE_P(NoRemoteAttestationOtherVerification, - RemoteAttestationAndVerificationTest, - ::testing::Values( - // Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kUnavailable, - VerificationStatus::kOther, - Mode::kDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kUnavailable, - VerificationStatus::kOther, - Mode::kDecryptFail), - std::make_tuple(Key::kHardware, - RemoteAttestation::kUnavailable, - VerificationStatus::kOther, - Mode::kDecryptFail), - // Masked Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kUnavailable, - VerificationStatus::kOther, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kUnavailable, - VerificationStatus::kOther, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kHardware, - RemoteAttestation::kUnavailable, - VerificationStatus::kOther, - Mode::kMaskedDecryptFail))); +INSTANTIATE_TEST_SUITE_P( + NoRemoteAttestationOtherVerification, + RemoteAttestationAndVerificationTest, + ::testing::Combine(::testing::Values(Padding::kNone, Padding::kPKSC8), + ::testing::Values( + // Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kUnavailable, + VerificationStatus::kOther, + Mode::kDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kUnavailable, + VerificationStatus::kOther, + Mode::kDecryptFail), + std::make_tuple(Key::kHardware, + RemoteAttestation::kUnavailable, + VerificationStatus::kOther, + Mode::kDecryptFail), + // Masked Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kUnavailable, + VerificationStatus::kOther, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kUnavailable, + VerificationStatus::kOther, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kHardware, + RemoteAttestation::kUnavailable, + VerificationStatus::kOther, + Mode::kMaskedDecryptFail)))); -INSTANTIATE_TEST_SUITE_P(UnverifiedRemoteAttestationOtherVerification, - RemoteAttestationAndVerificationTest, - ::testing::Values( +INSTANTIATE_TEST_SUITE_P( + UnverifiedRemoteAttestationOtherVerification, + RemoteAttestationAndVerificationTest, + ::testing::Combine(::testing::Values(Padding::kNone, Padding::kPKSC8), + ::testing::Values( + // Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kUnverified, + VerificationStatus::kOther, + Mode::kDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kUnverified, + VerificationStatus::kOther, + Mode::kDecryptFail), + std::make_tuple(Key::kHardware, + RemoteAttestation::kUnverified, + VerificationStatus::kOther, + Mode::kDecryptFail), + // Masked Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kUnverified, + VerificationStatus::kOther, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kUnverified, + VerificationStatus::kOther, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kHardware, + RemoteAttestation::kUnverified, + VerificationStatus::kOther, + Mode::kMaskedDecryptFail)))); - // Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kUnverified, - VerificationStatus::kOther, - Mode::kDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kUnverified, - VerificationStatus::kOther, - Mode::kDecryptFail), - std::make_tuple(Key::kHardware, - RemoteAttestation::kUnverified, - VerificationStatus::kOther, - Mode::kDecryptFail), - // Masked Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kUnverified, - VerificationStatus::kOther, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kUnverified, - VerificationStatus::kOther, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kHardware, - RemoteAttestation::kUnverified, - VerificationStatus::kOther, - Mode::kMaskedDecryptFail))); - -INSTANTIATE_TEST_SUITE_P(VerifiedRemoteAttestationOtherVerification, - RemoteAttestationAndVerificationTest, - ::testing::Values( - // Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kVerified, - VerificationStatus::kOther, - Mode::kDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kVerified, - VerificationStatus::kOther, - Mode::kDecryptFail), - std::make_tuple(Key::kHardware, - RemoteAttestation::kVerified, - VerificationStatus::kOther, - Mode::kDecryptFail), - // Masked Decrypt - std::make_tuple(Key::kCrypto, - RemoteAttestation::kVerified, - VerificationStatus::kOther, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kDecode, - RemoteAttestation::kVerified, - VerificationStatus::kOther, - Mode::kMaskedDecryptPass), - std::make_tuple(Key::kHardware, - RemoteAttestation::kVerified, - VerificationStatus::kOther, - Mode::kMaskedDecryptFail))); +INSTANTIATE_TEST_SUITE_P( + VerifiedRemoteAttestationOtherVerification, + RemoteAttestationAndVerificationTest, + ::testing::Combine(::testing::Values(Padding::kNone, Padding::kPKSC8), + ::testing::Values( + // Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kVerified, + VerificationStatus::kOther, + Mode::kDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kVerified, + VerificationStatus::kOther, + Mode::kDecryptFail), + std::make_tuple(Key::kHardware, + RemoteAttestation::kVerified, + VerificationStatus::kOther, + Mode::kDecryptFail), + // Masked Decrypt + std::make_tuple(Key::kCrypto, + RemoteAttestation::kVerified, + VerificationStatus::kOther, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kDecode, + RemoteAttestation::kVerified, + VerificationStatus::kOther, + Mode::kMaskedDecryptPass), + std::make_tuple(Key::kHardware, + RemoteAttestation::kVerified, + VerificationStatus::kOther, + Mode::kMaskedDecryptFail)))); } // namespace widevine diff --git a/whitebox/api/test_license_builder.cc b/whitebox/api/test_license_builder.cc index c8d5af9..8d4f7d2 100644 --- a/whitebox/api/test_license_builder.cc +++ b/whitebox/api/test_license_builder.cc @@ -347,6 +347,9 @@ uint16_t GetOdkMinorVersion(TestLicenseBuilder::OdkVersion odk_version) { case TestLicenseBuilder::OdkVersion::kNone: DCHECK(false); return 0; + default: + CHECK(false) << "Unknown ODK Version"; + return 0; } } diff --git a/whitebox/impl/reference/BUILD b/whitebox/impl/reference/BUILD index 6d979c1..1e7eeb3 100644 --- a/whitebox/impl/reference/BUILD +++ b/whitebox/impl/reference/BUILD @@ -21,12 +21,12 @@ cc_library( cc_library( name = "odk", - hdrs = ["odk.h",], - srcs = ["odk.cc",], + srcs = ["odk.cc"], + hdrs = ["odk.h"], deps = [ "//api:result", - "//external:odk", "//chromium_deps/base:glog", + "//external:odk", ], ) @@ -45,6 +45,7 @@ cc_library( deps = [ ":license_private_key", ":memory_util", + ":odk", "//api:license_whitebox", "//api:result", "//chromium_deps/cdm/keys:dev_certs", @@ -53,7 +54,6 @@ cc_library( "//crypto_utils:aes_ctr_encryptor", "//crypto_utils:crypto_util", "//crypto_utils:rsa_key", - ":odk", ], ) @@ -111,6 +111,16 @@ cc_test( ], ) +cc_test( + name = "remote_attestation_and_verification_test", + size = "small", + deps = [ + ":license_test_data", + ":license_whitebox", + "//api:remote_attestation_and_verification_test", + ], +) + cc_test( name = "license_whitebox_benchmark", size = "small",