Snap for 4773106 from aa183af75b to pi-release

am: 8f7051dc89

Change-Id: Ie83040816f05c398ed7b3fdeb4de7f30a488f8d9

libwvdrmengine/mediadrm/src_hidl/WVDrmPlugin.cpp

@@ -142,14 +142,16 @@ WVDrmPlugin::~WVDrmPlugin() {
     }
   }
   mCryptoSessions.clear();
-  CdmIdentifier identifier;
-  Status status = mCdmIdentifierBuilder.getCdmIdentifier(&identifier);
-  if (status != Status::OK) {
-    ALOGE("Failed to get cdm identifier %d", status);
-  } else {
-    status = mapCdmResponseType(mCDM->CloseCdm(identifier));
+  if (mCdmIdentifierBuilder.is_sealed()) {
+    CdmIdentifier identifier;
+    Status status = mCdmIdentifierBuilder.getCdmIdentifier(&identifier);
     if (status != Status::OK) {
-      ALOGE("Failed to close cdm. status %d", status);
+      ALOGE("Failed to get cdm identifier %d", status);
+    } else {
+      status = mapCdmResponseType(mCDM->CloseCdm(identifier));
+      if (status != Status::OK) {
+        ALOGE("Failed to close cdm. status %d", status);
+      }
     }
   }
 }

libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.cpp

@@ -749,10 +749,7 @@ OEMCryptoResult SessionContext::InstallKey(
     return OEMCrypto_ERROR_INVALID_CONTEXT;
   }
   if (!DecryptMessage(content_key, key_control_iv, key_control,
-                      &key_control_str,
-                      (session_keys_->type() == OEMCrypto_EntitlementLicense
-                           ? 256
-                           : 128) /* key size */)) {
+                      &key_control_str, 128 /* key size */)) {
     LOGE("[Installkey(): ERROR: Could not decrypt content key]");
     return OEMCrypto_ERROR_UNKNOWN_FAILURE;
   }

libwvdrmengine/oemcrypto/test/oec_session_util.cpp

@@ -107,9 +107,9 @@ Session::Session()
       enc_key_(wvcdm::KEY_SIZE),
       public_rsa_(0),
       message_size_(sizeof(MessageData)),
-      num_keys_(4),  // Most tests only use 4 keys.
-      // Other tests will explicitly call set_num_keys.
-      has_entitlement_license_(false) {
+      // Most tests only use 4 keys. Other tests will explicitly call
+      // set_num_keys.
+      num_keys_(4) {
   // Stripe the padded message.
   for (size_t i = 0; i < sizeof(padded_message_.padding); i++) {
     padded_message_.padding[i] = i % 0x100;
@@ -313,7 +313,6 @@ void Session::LoadEnitlementTestKeys(const std::string& pst,
 }
 
 void Session::FillEntitledKeyArray() {
-  has_entitlement_license_ = true;
   for (size_t i = 0; i < num_keys_; ++i) {
     EntitledContentKeyData* key_data = &entitled_key_data_[i];
 
@@ -518,7 +517,6 @@ void Session::FillSimpleMessage(uint32_t duration, uint32_t control,
 void Session::FillSimpleEntitlementMessage(
     uint32_t duration, uint32_t control, uint32_t nonce,
     const std::string& pst) {
-  has_entitlement_license_ = true;
   EXPECT_EQ(
       1, GetRandBytes(license_.mac_key_iv, sizeof(license_.mac_key_iv)));
   EXPECT_EQ(1, GetRandBytes(license_.mac_keys, sizeof(license_.mac_keys)));
@@ -599,10 +597,9 @@ void Session::EncryptAndSign() {
   AES_cbc_encrypt(&license_.mac_keys[0], &encrypted_license().mac_keys[0],
                   2 * wvcdm::MAC_KEY_SIZE, &aes_key, iv_buffer, AES_ENCRYPT);
 
-  int key_size = has_entitlement_license() ? 256 : 128;
   for (unsigned int i = 0; i < num_keys_; i++) {
     memcpy(iv_buffer, &license_.keys[i].control_iv[0], wvcdm::KEY_IV_SIZE);
-    AES_set_encrypt_key(&license_.keys[i].key_data[0], key_size, &aes_key);
+    AES_set_encrypt_key(&license_.keys[i].key_data[0], 128, &aes_key);
     AES_cbc_encrypt(
         reinterpret_cast<const uint8_t*>(&license_.keys[i].control),
         reinterpret_cast<uint8_t*>(&encrypted_license().keys[i].control),

libwvdrmengine/oemcrypto/test/oec_session_util.h

@@ -378,9 +378,6 @@ class Session {
   // The size of the encrypted message.
   size_t message_size() { return message_size_; }
 
-  // If this session has an entitlement license.
-  bool has_entitlement_license() const { return has_entitlement_license_; }
-
  private:
   // Generate mac and enc keys give the master key.
   void DeriveKeys(const uint8_t* master_key,
@@ -410,7 +407,6 @@ class Session {
   vector<uint8_t> encrypted_usage_entry_;
   uint32_t usage_entry_number_;
   string pst_;
-  bool has_entitlement_license_;
 
   // Clear Entitlement key data. This is the backing data for
   // |entitled_key_array_|.

libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp

@@ -1076,6 +1076,59 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithRepeatNonce) {
   ASSERT_NE(OEMCrypto_SUCCESS, sts);
 }
 
+// This tests that a nonce cannot be used in new session.
+TEST_F(OEMCryptoSessionTests, LoadKeyNonceReopenSession) {
+  Session s;
+  ASSERT_NO_FATAL_FAILURE(s.open());
+  ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s));
+  uint32_t nonce = s.get_nonce();
+  // Do not use the nonce now.  Close session and use it after re-opening.
+  ASSERT_NO_FATAL_FAILURE(s.close());
+
+  // Actually, this isn't the same session.  OEMCrypto opens a new session, but
+  // we are guarding against the possiblity that it re-uses the session data
+  // and might not clear out the nonce table correctly.
+  ASSERT_NO_FATAL_FAILURE(s.open());
+  ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s));
+  ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(0,
+                                              wvoec_mock::kControlNonceEnabled,
+                                              nonce));  // same old nonce
+  ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign());
+  OEMCryptoResult sts = OEMCrypto_LoadKeys(
+      s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0],
+      s.signature().size(), s.encrypted_license().mac_key_iv,
+      s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0,
+      NULL, OEMCrypto_ContentLicense);
+
+  ASSERT_NE(OEMCrypto_SUCCESS, sts);
+}
+
+// This tests that a nonce cannot be used in wrong session.
+TEST_F(OEMCryptoSessionTests, LoadKeyNonceWrongSession) {
+  Session s1;
+  ASSERT_NO_FATAL_FAILURE(s1.open());
+  ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s1));
+  uint32_t nonce = s1.get_nonce();
+  // Do not use the nonce.  Also, leave the session open.  We want to make sure
+  // that s and s1 do NOT share a nonce table.  This is different from the
+  // LoadKeyNonceReopenSession in that we do not close s1.
+
+  Session s2;
+  ASSERT_NO_FATAL_FAILURE(s2.open());
+  ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s2));
+  ASSERT_NO_FATAL_FAILURE(s2.FillSimpleMessage(0,
+                                              wvoec_mock::kControlNonceEnabled,
+                                              nonce));  // nonce from session s1
+  ASSERT_NO_FATAL_FAILURE(s2.EncryptAndSign());
+  OEMCryptoResult sts = OEMCrypto_LoadKeys(
+      s2.session_id(), s2.message_ptr(), s2.message_size(), &s2.signature()[0],
+      s2.signature().size(), s2.encrypted_license().mac_key_iv,
+      s2.encrypted_license().mac_keys, s2.num_keys(), s2.key_array(), NULL, 0,
+      NULL, OEMCrypto_ContentLicense);
+
+  ASSERT_NE(OEMCrypto_SUCCESS, sts);
+}
+
 TEST_F(OEMCryptoSessionTests, LoadKeyWithBadVerification) {
   Session s;
   ASSERT_NO_FATAL_FAILURE(s.open());