widevine-partner/whitebox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add VMP + RA Tests With Padding

Browse Source 
In order to reproduce the issue in the white-box and VMP+RA, padding
must be used in the license. This change updates the VMP+RA test
to run every test with and without padding. The expected test
outcomes should not different between padding and no padding.

This change brings the partner repo in sync with the internal repo
at commit abcc1f9bebf1f36a108a84155ae821b8764ec4ad.
This commit is contained in:
Aaron Vaage
2021-02-19 17:10:44 -08:00
parent cff64dd7df
commit cd278f3df9
6 changed files with 368 additions and 274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
whitebox-dev/impl/BUILD
View File

@@ -76,6 +76,17 @@ cc_test(
], ],
) )
cc_test(
name = "remote_attestation_and_verification_test",
size = "small",
timeout = "moderate",
deps = [
":license_whitebox",
":test_data",
"@whitebox_api_repo//api:remote_attestation_and_verification_test",
],
)
cc_test( cc_test(
name = "aead_whitebox_benchmark", name = "aead_whitebox_benchmark",
size = "small", size = "small",

11
whitebox-prod/impl/BUILD
View File

@@ -76,6 +76,17 @@ cc_test(
], ],
) )
cc_test(
name = "remote_attestation_and_verification_test",
size = "small",
timeout = "moderate",
deps = [
":license_whitebox",
":test_data",
"@whitebox_api_repo//api:remote_attestation_and_verification_test",
],
)
cc_test( cc_test(
name = "aead_whitebox_benchmark", name = "aead_whitebox_benchmark",
size = "small", size = "small",

50
whitebox/api/BUILD
View File

@@ -126,6 +126,24 @@ cc_library(
alwayslink = True, alwayslink = True,
) )
cc_library(
name = "license_whitebox_test_base",
testonly = True,
srcs = [
"license_whitebox_test_base.cc",
],
hdrs = [
"license_whitebox_test_base.h",
],
deps = [
":golden_data",
":license_whitebox",
":test_public_key",
"//chromium_deps/testing",
"//crypto_utils:rsa_key",
],
)
cc_library( cc_library(
name = "license_whitebox_test", name = "license_whitebox_test",
testonly = True, testonly = True,
@@ -140,23 +158,37 @@ cc_library(
"license_whitebox_security_level_test.cc", "license_whitebox_security_level_test.cc",
"license_whitebox_sign_license_request_test.cc", "license_whitebox_sign_license_request_test.cc",
"license_whitebox_sign_renewal_request_test.cc", "license_whitebox_sign_renewal_request_test.cc",
"license_whitebox_test_base.cc",
"license_whitebox_verify_renewal_response_test.cc", "license_whitebox_verify_renewal_response_test.cc",
"remote_attestation_and_verification_test.cc",
],
hdrs = [
"license_whitebox_test_base.h",
], ],
visibility = ["//visibility:public"], visibility = ["//visibility:public"],
deps = [ deps = [
":golden_data", ":golden_data",
":license_whitebox", ":license_whitebox",
":license_whitebox_test_base",
":test_license_builder",
"//chromium_deps/testing",
],
alwayslink = True,
)
# These tests should only be ran when using a VMP+RA supported white-box as
# they are testing that the white-box will reduce the key security level when
# RA + VMP are present.
#
# TODO(vaage): Create another version of these tests for the non-VMP+RA
# white-boxes to ensure that they are not reducing key security levels.
cc_library(
name = "remote_attestation_and_verification_test",
testonly = True,
srcs = [
"remote_attestation_and_verification_test.cc",
],
visibility = ["//visibility:public"],
deps = [
":license_whitebox",
":license_whitebox_test_base",
":test_license_builder", ":test_license_builder",
":test_public_key",
"//chromium_deps/cdm/keys:api",
"//chromium_deps/cdm/protos:license_protocol_proto",
"//chromium_deps/testing", "//chromium_deps/testing",
"//crypto_utils:rsa_key",
], ],
alwayslink = True, alwayslink = True,
) )

549
whitebox/api/remote_attestation_and_verification_test.cc
View File

@@ -14,6 +14,7 @@ namespace widevine {
namespace { namespace {
using RemoteAttestation = TestLicenseBuilder::RemoteAttestation; using RemoteAttestation = TestLicenseBuilder::RemoteAttestation;
using VerificationStatus = TestLicenseBuilder::VerificationStatus; using VerificationStatus = TestLicenseBuilder::VerificationStatus;
using Padding = TestLicenseBuilder::Padding;
// We can't use the actual keys with TEST_P, so define an enum that we can use // We can't use the actual keys with TEST_P, so define an enum that we can use
// to communicate which key to use. // to communicate which key to use.
@@ -36,14 +37,17 @@ enum class Mode {
class RemoteAttestationAndVerificationTest class RemoteAttestationAndVerificationTest
: public LicenseWhiteboxTestBase, : public LicenseWhiteboxTestBase,
public testing::WithParamInterface< public testing::WithParamInterface<std::tuple<
std::tuple<Key, RemoteAttestation, VerificationStatus, Mode>> { Padding,
std::tuple<Key, RemoteAttestation, VerificationStatus, Mode>>> {
protected: protected:
void SetUp() override { void SetUp() override {
LicenseWhiteboxTestBase::SetUp(); LicenseWhiteboxTestBase::SetUp();
Key key; Key key;
std::tie(key, ra_, vmp_, mode_) = GetParam(); const auto& params = GetParam();
padding_ = std::get<0>(params);
std::tie(key, ra_, vmp_, mode_) = std::get<1>(params);
switch (key) { switch (key) {
case Key::kCrypto: case Key::kCrypto:
@@ -60,11 +64,13 @@ class RemoteAttestationAndVerificationTest
WB_Result LoadLicense(const GoldenData::Key& key, WB_Result LoadLicense(const GoldenData::Key& key,
RemoteAttestation remote_attestation, RemoteAttestation remote_attestation,
VerificationStatus verification_status) { VerificationStatus verification_status,
Padding padding) {
TestLicenseBuilder builder; TestLicenseBuilder builder;
builder.AddContentKey(key.level, key.id, key.content->key); builder.AddContentKey(key.level, key.id, key.content->key);
builder.GetSettings().remote_attestation = remote_attestation; builder.GetSettings().remote_attestation = remote_attestation;
builder.GetSettings().verification_status = verification_status; builder.GetSettings().verification_status = verification_status;
builder.GetSettings().padding = padding;
License license; License license;
builder.Build(*public_key_, &license); builder.Build(*public_key_, &license);
@@ -133,6 +139,7 @@ class RemoteAttestationAndVerificationTest
return result; return result;
} }
Padding padding_;
GoldenData::Key key_; GoldenData::Key key_;
RemoteAttestation ra_; RemoteAttestation ra_;
VerificationStatus vmp_; VerificationStatus vmp_;
@@ -144,7 +151,7 @@ class RemoteAttestationAndVerificationTest
}; };
TEST_P(RemoteAttestationAndVerificationTest, Decrypt) { TEST_P(RemoteAttestationAndVerificationTest, Decrypt) {
ASSERT_EQ(LoadLicense(key_, ra_, vmp_), WB_RESULT_OK); ASSERT_EQ(LoadLicense(key_, ra_, vmp_, padding_), WB_RESULT_OK);
switch (mode_) { switch (mode_) {
case Mode::kDecryptPass: case Mode::kDecryptPass:
@@ -181,277 +188,297 @@ TEST_P(RemoteAttestationAndVerificationTest, Decrypt) {
// | VMP OTHER | 0 | 0 | 0 | // | VMP OTHER | 0 | 0 | 0 |
// |----------------------------------------------------------| // |----------------------------------------------------------|
INSTANTIATE_TEST_SUITE_P(NoRemoteAttestationNoVerification, // There should be no different in outcomes between padding and no padding,
RemoteAttestationAndVerificationTest, // however, we have seen issues between VMP + RA + PADDING.
::testing::Values(
// Decrypt
std::make_tuple(Key::kCrypto,
RemoteAttestation::kUnavailable,
VerificationStatus::kUnavailable,
Mode::kDecryptPass),
std::make_tuple(Key::kDecode,
RemoteAttestation::kUnavailable,
VerificationStatus::kUnavailable,
Mode::kDecryptFail),
std::make_tuple(Key::kHardware,
RemoteAttestation::kUnavailable,
VerificationStatus::kUnavailable,
Mode::kDecryptFail),
// Masked Decrypt
std::make_tuple(Key::kCrypto,
RemoteAttestation::kUnavailable,
VerificationStatus::kUnavailable,
Mode::kMaskedDecryptPass),
std::make_tuple(Key::kDecode,
RemoteAttestation::kUnavailable,
VerificationStatus::kUnavailable,
Mode::kMaskedDecryptPass),
std::make_tuple(Key::kHardware,
RemoteAttestation::kUnavailable,
VerificationStatus::kUnavailable,
Mode::kMaskedDecryptFail)));
INSTANTIATE_TEST_SUITE_P(UnverifiedRemoteAttestationNoVerification, INSTANTIATE_TEST_SUITE_P(
RemoteAttestationAndVerificationTest, NoRemoteAttestationNoVerification,
::testing::Values( RemoteAttestationAndVerificationTest,
// Decrypt ::testing::Combine(::testing::Values(Padding::kNone, Padding::kPKSC8),
std::make_tuple(Key::kCrypto, ::testing::Values(
RemoteAttestation::kUnverified, // Decrypt
VerificationStatus::kUnavailable, std::make_tuple(Key::kCrypto,
Mode::kDecryptPass), RemoteAttestation::kUnavailable,
std::make_tuple(Key::kDecode, VerificationStatus::kUnavailable,
RemoteAttestation::kUnverified, Mode::kDecryptPass),
VerificationStatus::kUnavailable, std::make_tuple(Key::kDecode,
Mode::kDecryptFail), RemoteAttestation::kUnavailable,
std::make_tuple(Key::kHardware, VerificationStatus::kUnavailable,
RemoteAttestation::kUnverified, Mode::kDecryptFail),
VerificationStatus::kUnavailable, std::make_tuple(Key::kHardware,
Mode::kDecryptFail), RemoteAttestation::kUnavailable,
// Masked Decrypt VerificationStatus::kUnavailable,
std::make_tuple(Key::kCrypto, Mode::kDecryptFail),
RemoteAttestation::kUnverified, // Masked Decrypt
VerificationStatus::kUnavailable, std::make_tuple(Key::kCrypto,
Mode::kMaskedDecryptPass), RemoteAttestation::kUnavailable,
std::make_tuple(Key::kDecode, VerificationStatus::kUnavailable,
RemoteAttestation::kUnverified, Mode::kMaskedDecryptPass),
VerificationStatus::kUnavailable, std::make_tuple(Key::kDecode,
Mode::kMaskedDecryptPass), RemoteAttestation::kUnavailable,
std::make_tuple(Key::kHardware, VerificationStatus::kUnavailable,
RemoteAttestation::kUnverified, Mode::kMaskedDecryptPass),
VerificationStatus::kUnavailable, std::make_tuple(Key::kHardware,
Mode::kMaskedDecryptFail))); RemoteAttestation::kUnavailable,
VerificationStatus::kUnavailable,
Mode::kMaskedDecryptFail))));
INSTANTIATE_TEST_SUITE_P(VerifiedRemoteAttestationNoVerification, INSTANTIATE_TEST_SUITE_P(
RemoteAttestationAndVerificationTest, UnverifiedRemoteAttestationNoVerification,
::testing::Values( RemoteAttestationAndVerificationTest,
// Decrypt ::testing::Combine(::testing::Values(Padding::kNone, Padding::kPKSC8),
std::make_tuple(Key::kCrypto, ::testing::Values(
RemoteAttestation::kVerified, // Decrypt
VerificationStatus::kUnavailable, std::make_tuple(Key::kCrypto,
Mode::kDecryptPass), RemoteAttestation::kUnverified,
std::make_tuple(Key::kDecode, VerificationStatus::kUnavailable,
RemoteAttestation::kVerified, Mode::kDecryptPass),
VerificationStatus::kUnavailable, std::make_tuple(Key::kDecode,
Mode::kDecryptPass), RemoteAttestation::kUnverified,
std::make_tuple(Key::kHardware, VerificationStatus::kUnavailable,
RemoteAttestation::kVerified, Mode::kDecryptFail),
VerificationStatus::kUnavailable, std::make_tuple(Key::kHardware,
Mode::kDecryptPass), RemoteAttestation::kUnverified,
// Masked Decrypt VerificationStatus::kUnavailable,
std::make_tuple(Key::kCrypto, Mode::kDecryptFail),
RemoteAttestation::kVerified, // Masked Decrypt
VerificationStatus::kUnavailable, std::make_tuple(Key::kCrypto,
Mode::kMaskedDecryptPass), RemoteAttestation::kUnverified,
std::make_tuple(Key::kDecode, VerificationStatus::kUnavailable,
RemoteAttestation::kVerified, Mode::kMaskedDecryptPass),
VerificationStatus::kUnavailable, std::make_tuple(Key::kDecode,
Mode::kMaskedDecryptPass), RemoteAttestation::kUnverified,
std::make_tuple(Key::kHardware, VerificationStatus::kUnavailable,
RemoteAttestation::kVerified, Mode::kMaskedDecryptPass),
VerificationStatus::kUnavailable, std::make_tuple(Key::kHardware,
Mode::kMaskedDecryptPass))); RemoteAttestation::kUnverified,
VerificationStatus::kUnavailable,
Mode::kMaskedDecryptFail))));
INSTANTIATE_TEST_SUITE_P(
VerifiedRemoteAttestationNoVerification,
RemoteAttestationAndVerificationTest,
::testing::Combine(::testing::Values(Padding::kNone, Padding::kPKSC8),
::testing::Values(
// Decrypt
std::make_tuple(Key::kCrypto,
RemoteAttestation::kVerified,
VerificationStatus::kUnavailable,
Mode::kDecryptPass),
std::make_tuple(Key::kDecode,
RemoteAttestation::kVerified,
VerificationStatus::kUnavailable,
Mode::kDecryptPass),
std::make_tuple(Key::kHardware,
RemoteAttestation::kVerified,
VerificationStatus::kUnavailable,
Mode::kDecryptPass),
// Masked Decrypt
std::make_tuple(Key::kCrypto,
RemoteAttestation::kVerified,
VerificationStatus::kUnavailable,
Mode::kMaskedDecryptPass),
std::make_tuple(Key::kDecode,
RemoteAttestation::kVerified,
VerificationStatus::kUnavailable,
Mode::kMaskedDecryptPass),
std::make_tuple(Key::kHardware,
RemoteAttestation::kVerified,
VerificationStatus::kUnavailable,
Mode::kMaskedDecryptPass))));
INSTANTIATE_TEST_SUITE_P( INSTANTIATE_TEST_SUITE_P(
NoRemoteAttestationHardwareVerification, NoRemoteAttestationHardwareVerification,
RemoteAttestationAndVerificationTest, RemoteAttestationAndVerificationTest,
::testing::Values( ::testing::Combine(
// Decrypt ::testing::Values(Padding::kNone, Padding::kPKSC8),
std::make_tuple(Key::kCrypto, ::testing::Values(
RemoteAttestation::kUnavailable, // Decrypt
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kCrypto,
Mode::kDecryptPass), RemoteAttestation::kUnavailable,
std::make_tuple(Key::kDecode, VerificationStatus::kHardwareVerified,
RemoteAttestation::kUnavailable, Mode::kDecryptPass),
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kDecode,
Mode::kDecryptPass), RemoteAttestation::kUnavailable,
std::make_tuple(Key::kHardware, VerificationStatus::kHardwareVerified,
RemoteAttestation::kUnavailable, Mode::kDecryptPass),
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kHardware,
Mode::kDecryptPass), RemoteAttestation::kUnavailable,
// Masked Decrypt VerificationStatus::kHardwareVerified,
std::make_tuple(Key::kCrypto, Mode::kDecryptPass),
RemoteAttestation::kUnavailable, // Masked Decrypt
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kCrypto,
Mode::kMaskedDecryptPass), RemoteAttestation::kUnavailable,
std::make_tuple(Key::kDecode, VerificationStatus::kHardwareVerified,
RemoteAttestation::kUnavailable, Mode::kMaskedDecryptPass),
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kDecode,
Mode::kMaskedDecryptPass), RemoteAttestation::kUnavailable,
std::make_tuple(Key::kHardware, VerificationStatus::kHardwareVerified,
RemoteAttestation::kUnavailable, Mode::kMaskedDecryptPass),
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kHardware,
Mode::kMaskedDecryptPass))); RemoteAttestation::kUnavailable,
VerificationStatus::kHardwareVerified,
Mode::kMaskedDecryptPass))));
INSTANTIATE_TEST_SUITE_P( INSTANTIATE_TEST_SUITE_P(
UnverifiedRemoteAttestationHardwareVerification, UnverifiedRemoteAttestationHardwareVerification,
RemoteAttestationAndVerificationTest, RemoteAttestationAndVerificationTest,
::testing::Values( ::testing::Combine(
// Decrypt ::testing::Values(Padding::kNone, Padding::kPKSC8),
std::make_tuple(Key::kCrypto, ::testing::Values(
RemoteAttestation::kUnverified, // Decrypt
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kCrypto,
Mode::kDecryptPass), RemoteAttestation::kUnverified,
std::make_tuple(Key::kDecode, VerificationStatus::kHardwareVerified,
RemoteAttestation::kUnverified, Mode::kDecryptPass),
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kDecode,
Mode::kDecryptFail), RemoteAttestation::kUnverified,
std::make_tuple(Key::kHardware, VerificationStatus::kHardwareVerified,
RemoteAttestation::kUnverified, Mode::kDecryptFail),
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kHardware,
Mode::kDecryptFail), RemoteAttestation::kUnverified,
// Masked Decrypt VerificationStatus::kHardwareVerified,
std::make_tuple(Key::kCrypto, Mode::kDecryptFail),
RemoteAttestation::kUnverified, // Masked Decrypt
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kCrypto,
Mode::kMaskedDecryptPass), RemoteAttestation::kUnverified,
std::make_tuple(Key::kDecode, VerificationStatus::kHardwareVerified,
RemoteAttestation::kUnverified, Mode::kMaskedDecryptPass),
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kDecode,
Mode::kMaskedDecryptPass), RemoteAttestation::kUnverified,
std::make_tuple(Key::kHardware, VerificationStatus::kHardwareVerified,
RemoteAttestation::kUnverified, Mode::kMaskedDecryptPass),
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kHardware,
Mode::kMaskedDecryptFail))); RemoteAttestation::kUnverified,
VerificationStatus::kHardwareVerified,
Mode::kMaskedDecryptFail))));
INSTANTIATE_TEST_SUITE_P( INSTANTIATE_TEST_SUITE_P(
VerifiedRemoteAttestationHardwareVerification, VerifiedRemoteAttestationHardwareVerification,
RemoteAttestationAndVerificationTest, RemoteAttestationAndVerificationTest,
::testing::Values( ::testing::Combine(
// Decrypt ::testing::Values(Padding::kNone, Padding::kPKSC8),
std::make_tuple(Key::kCrypto, ::testing::Values(
RemoteAttestation::kVerified, // Decrypt
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kCrypto,
Mode::kDecryptPass), RemoteAttestation::kVerified,
std::make_tuple(Key::kDecode, VerificationStatus::kHardwareVerified,
RemoteAttestation::kVerified, Mode::kDecryptPass),
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kDecode,
Mode::kDecryptPass), RemoteAttestation::kVerified,
std::make_tuple(Key::kHardware, VerificationStatus::kHardwareVerified,
RemoteAttestation::kVerified, Mode::kDecryptPass),
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kHardware,
Mode::kDecryptPass), RemoteAttestation::kVerified,
// Masked Decrypt VerificationStatus::kHardwareVerified,
std::make_tuple(Key::kCrypto, Mode::kDecryptPass),
RemoteAttestation::kVerified, // Masked Decrypt
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kCrypto,
Mode::kMaskedDecryptPass), RemoteAttestation::kVerified,
std::make_tuple(Key::kDecode, VerificationStatus::kHardwareVerified,
RemoteAttestation::kVerified, Mode::kMaskedDecryptPass),
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kDecode,
Mode::kMaskedDecryptPass), RemoteAttestation::kVerified,
std::make_tuple(Key::kHardware, VerificationStatus::kHardwareVerified,
RemoteAttestation::kVerified, Mode::kMaskedDecryptPass),
VerificationStatus::kHardwareVerified, std::make_tuple(Key::kHardware,
Mode::kMaskedDecryptPass))); RemoteAttestation::kVerified,
VerificationStatus::kHardwareVerified,
Mode::kMaskedDecryptPass))));
INSTANTIATE_TEST_SUITE_P(NoRemoteAttestationOtherVerification, INSTANTIATE_TEST_SUITE_P(
RemoteAttestationAndVerificationTest, NoRemoteAttestationOtherVerification,
::testing::Values( RemoteAttestationAndVerificationTest,
// Decrypt ::testing::Combine(::testing::Values(Padding::kNone, Padding::kPKSC8),
std::make_tuple(Key::kCrypto, ::testing::Values(
RemoteAttestation::kUnavailable, // Decrypt
VerificationStatus::kOther, std::make_tuple(Key::kCrypto,
Mode::kDecryptPass), RemoteAttestation::kUnavailable,
std::make_tuple(Key::kDecode, VerificationStatus::kOther,
RemoteAttestation::kUnavailable, Mode::kDecryptPass),
VerificationStatus::kOther, std::make_tuple(Key::kDecode,
Mode::kDecryptFail), RemoteAttestation::kUnavailable,
std::make_tuple(Key::kHardware, VerificationStatus::kOther,
RemoteAttestation::kUnavailable, Mode::kDecryptFail),
VerificationStatus::kOther, std::make_tuple(Key::kHardware,
Mode::kDecryptFail), RemoteAttestation::kUnavailable,
// Masked Decrypt VerificationStatus::kOther,
std::make_tuple(Key::kCrypto, Mode::kDecryptFail),
RemoteAttestation::kUnavailable, // Masked Decrypt
VerificationStatus::kOther, std::make_tuple(Key::kCrypto,
Mode::kMaskedDecryptPass), RemoteAttestation::kUnavailable,
std::make_tuple(Key::kDecode, VerificationStatus::kOther,
RemoteAttestation::kUnavailable, Mode::kMaskedDecryptPass),
VerificationStatus::kOther, std::make_tuple(Key::kDecode,
Mode::kMaskedDecryptPass), RemoteAttestation::kUnavailable,
std::make_tuple(Key::kHardware, VerificationStatus::kOther,
RemoteAttestation::kUnavailable, Mode::kMaskedDecryptPass),
VerificationStatus::kOther, std::make_tuple(Key::kHardware,
Mode::kMaskedDecryptFail))); RemoteAttestation::kUnavailable,
VerificationStatus::kOther,
Mode::kMaskedDecryptFail))));
INSTANTIATE_TEST_SUITE_P(UnverifiedRemoteAttestationOtherVerification, INSTANTIATE_TEST_SUITE_P(
RemoteAttestationAndVerificationTest, UnverifiedRemoteAttestationOtherVerification,
::testing::Values( RemoteAttestationAndVerificationTest,
::testing::Combine(::testing::Values(Padding::kNone, Padding::kPKSC8),
::testing::Values(
// Decrypt
std::make_tuple(Key::kCrypto,
RemoteAttestation::kUnverified,
VerificationStatus::kOther,
Mode::kDecryptPass),
std::make_tuple(Key::kDecode,
RemoteAttestation::kUnverified,
VerificationStatus::kOther,
Mode::kDecryptFail),
std::make_tuple(Key::kHardware,
RemoteAttestation::kUnverified,
VerificationStatus::kOther,
Mode::kDecryptFail),
// Masked Decrypt
std::make_tuple(Key::kCrypto,
RemoteAttestation::kUnverified,
VerificationStatus::kOther,
Mode::kMaskedDecryptPass),
std::make_tuple(Key::kDecode,
RemoteAttestation::kUnverified,
VerificationStatus::kOther,
Mode::kMaskedDecryptPass),
std::make_tuple(Key::kHardware,
RemoteAttestation::kUnverified,
VerificationStatus::kOther,
Mode::kMaskedDecryptFail))));
// Decrypt INSTANTIATE_TEST_SUITE_P(
std::make_tuple(Key::kCrypto, VerifiedRemoteAttestationOtherVerification,
RemoteAttestation::kUnverified, RemoteAttestationAndVerificationTest,
VerificationStatus::kOther, ::testing::Combine(::testing::Values(Padding::kNone, Padding::kPKSC8),
Mode::kDecryptPass), ::testing::Values(
std::make_tuple(Key::kDecode, // Decrypt
RemoteAttestation::kUnverified, std::make_tuple(Key::kCrypto,
VerificationStatus::kOther, RemoteAttestation::kVerified,
Mode::kDecryptFail), VerificationStatus::kOther,
std::make_tuple(Key::kHardware, Mode::kDecryptPass),
RemoteAttestation::kUnverified, std::make_tuple(Key::kDecode,
VerificationStatus::kOther, RemoteAttestation::kVerified,
Mode::kDecryptFail), VerificationStatus::kOther,
// Masked Decrypt Mode::kDecryptFail),
std::make_tuple(Key::kCrypto, std::make_tuple(Key::kHardware,
RemoteAttestation::kUnverified, RemoteAttestation::kVerified,
VerificationStatus::kOther, VerificationStatus::kOther,
Mode::kMaskedDecryptPass), Mode::kDecryptFail),
std::make_tuple(Key::kDecode, // Masked Decrypt
RemoteAttestation::kUnverified, std::make_tuple(Key::kCrypto,
VerificationStatus::kOther, RemoteAttestation::kVerified,
Mode::kMaskedDecryptPass), VerificationStatus::kOther,
std::make_tuple(Key::kHardware, Mode::kMaskedDecryptPass),
RemoteAttestation::kUnverified, std::make_tuple(Key::kDecode,
VerificationStatus::kOther, RemoteAttestation::kVerified,
Mode::kMaskedDecryptFail))); VerificationStatus::kOther,
Mode::kMaskedDecryptPass),
INSTANTIATE_TEST_SUITE_P(VerifiedRemoteAttestationOtherVerification, std::make_tuple(Key::kHardware,
RemoteAttestationAndVerificationTest, RemoteAttestation::kVerified,
::testing::Values( VerificationStatus::kOther,
// Decrypt Mode::kMaskedDecryptFail))));
std::make_tuple(Key::kCrypto,
RemoteAttestation::kVerified,
VerificationStatus::kOther,
Mode::kDecryptPass),
std::make_tuple(Key::kDecode,
RemoteAttestation::kVerified,
VerificationStatus::kOther,
Mode::kDecryptFail),
std::make_tuple(Key::kHardware,
RemoteAttestation::kVerified,
VerificationStatus::kOther,
Mode::kDecryptFail),
// Masked Decrypt
std::make_tuple(Key::kCrypto,
RemoteAttestation::kVerified,
VerificationStatus::kOther,
Mode::kMaskedDecryptPass),
std::make_tuple(Key::kDecode,
RemoteAttestation::kVerified,
VerificationStatus::kOther,
Mode::kMaskedDecryptPass),
std::make_tuple(Key::kHardware,
RemoteAttestation::kVerified,
VerificationStatus::kOther,
Mode::kMaskedDecryptFail)));
} // namespace widevine } // namespace widevine

3
whitebox/api/test_license_builder.cc
View File

@@ -347,6 +347,9 @@ uint16_t GetOdkMinorVersion(TestLicenseBuilder::OdkVersion odk_version) {
case TestLicenseBuilder::OdkVersion::kNone: case TestLicenseBuilder::OdkVersion::kNone:
DCHECK(false); DCHECK(false);
return 0; return 0;
default:
CHECK(false) << "Unknown ODK Version";
return 0;
} }
} }

18
whitebox/impl/reference/BUILD
View File

@@ -21,12 +21,12 @@ cc_library(
cc_library( cc_library(
name = "odk", name = "odk",
hdrs = ["odk.h",], srcs = ["odk.cc"],
srcs = ["odk.cc",], hdrs = ["odk.h"],
deps = [ deps = [
"//api:result", "//api:result",
"//external:odk",
"//chromium_deps/base:glog", "//chromium_deps/base:glog",
"//external:odk",
], ],
) )
@@ -45,6 +45,7 @@ cc_library(
deps = [ deps = [
":license_private_key", ":license_private_key",
":memory_util", ":memory_util",
":odk",
"//api:license_whitebox", "//api:license_whitebox",
"//api:result", "//api:result",
"//chromium_deps/cdm/keys:dev_certs", "//chromium_deps/cdm/keys:dev_certs",
@@ -53,7 +54,6 @@ cc_library(
"//crypto_utils:aes_ctr_encryptor", "//crypto_utils:aes_ctr_encryptor",
"//crypto_utils:crypto_util", "//crypto_utils:crypto_util",
"//crypto_utils:rsa_key", "//crypto_utils:rsa_key",
":odk",
], ],
) )
@@ -111,6 +111,16 @@ cc_test(
], ],
) )
cc_test(
name = "remote_attestation_and_verification_test",
size = "small",
deps = [
":license_test_data",
":license_whitebox",
"//api:remote_attestation_and_verification_test",
],
)
cc_test( cc_test(
name = "license_whitebox_benchmark", name = "license_whitebox_benchmark",
size = "small", size = "small",