Before the VMP/RA tests only tested that decryption was successful
(checking the return code) but did not test the actual success of the
decryption (checking the decrypted plaintext against golden
plaintext).
This brings this repo in sync with the internal repo's commit
58d85cf6b19ecfb932f8edc2eaa8e907a1d21489.
It is possible for the key security level to be omitted from the
key container. When this happens, SW_SECURE_CRYPTO should be used
as the key's security level (as per the protobuf definition).
This only matters when reading the security level from the key
container since the security level must appear in the key control
block.
This change adds a test that will purposely omit the key security
level from the key container.
We were missing break-statements when parsing the security levels
from the key control block.
To confirm this, the key control block tests were updated to attempt
decrypting so that we will try using the keys. The test that used
the KCB was failing since they key security level was "hardware".
This brings this repo in sync with the internal repo at commit
499bfbbb5beb6842071e47125842aedb12b1a8e0.
This change updates the external copy of the reference to match the
internal copy at commit cda42fa07b533f8aad3183cd7eb99ce553949f88 which
introduces the tests (and fix) to handle an encrypted key block.
Rather than having init data for the license white-box be passed in
via WB_License_Create, this changes it so that it is assumed that
the private key is compiled into the white-box code.
Minor changes in this code drop include:
- Updating the git attributes to avoid line-ending conflicts between
different operating systems
- Resolving a linking issue seen on Windows
- Removing default parameter for padding in conformance tests
To make it easier to have separate implementations, we have
structured the repo so that there are three Bazel workspaces:
- The API (and reference)
- The vendor implementation for dev
- The vendor implementation for prod
This allows the vendor implementation to be separated from
the API, while it makes little difference in this repo. While
it makes little difference for this repo, it makes managing versions
much easier internally. We do it here to better reflect our internal
structure to partners.
A vendor implementation has been stubbed in (BUILD file and directory
structure) to provide vendors with some scaffolding to organize their
implementation.
