widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Snap for 4773106 from aa183af75b to pi-release

Browse Source 
am: 8f7051dc89

Change-Id: Ie83040816f05c398ed7b3fdeb4de7f30a488f8d9
This commit is contained in:
android-build-team Robot
2018-05-10 00:54:42 -07:00
committed by android-build-merger
parent 90bd3ccc8d 8f7051dc89
commit 0eceb4aaec
5 changed files with 67 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libwvdrmengine/mediadrm/src_hidl/WVDrmPlugin.cpp
View File

@@ -142,6 +142,7 @@ WVDrmPlugin::~WVDrmPlugin() {
} }
} }
mCryptoSessions.clear(); mCryptoSessions.clear();
if (mCdmIdentifierBuilder.is_sealed()) {
CdmIdentifier identifier; CdmIdentifier identifier;
Status status = mCdmIdentifierBuilder.getCdmIdentifier(&identifier); Status status = mCdmIdentifierBuilder.getCdmIdentifier(&identifier);
if (status != Status::OK) { if (status != Status::OK) {
@@ -153,6 +154,7 @@ WVDrmPlugin::~WVDrmPlugin() {
} }
} }
} }
}
Status WVDrmPlugin::openSessionCommon(std::vector<uint8_t>& sessionId) { Status WVDrmPlugin::openSessionCommon(std::vector<uint8_t>& sessionId) {
Status status = Status::OK; Status status = Status::OK;

5
libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.cpp
View File

@@ -749,10 +749,7 @@ OEMCryptoResult SessionContext::InstallKey(
return OEMCrypto_ERROR_INVALID_CONTEXT; return OEMCrypto_ERROR_INVALID_CONTEXT;
} }
if (!DecryptMessage(content_key, key_control_iv, key_control, if (!DecryptMessage(content_key, key_control_iv, key_control,
&key_control_str, &key_control_str, 128 /* key size */)) {
(session_keys_->type() == OEMCrypto_EntitlementLicense
? 256
: 128) /* key size */)) {
LOGE("[Installkey(): ERROR: Could not decrypt content key]"); LOGE("[Installkey(): ERROR: Could not decrypt content key]");
return OEMCrypto_ERROR_UNKNOWN_FAILURE; return OEMCrypto_ERROR_UNKNOWN_FAILURE;
} }

11
libwvdrmengine/oemcrypto/test/oec_session_util.cpp
View File

@@ -107,9 +107,9 @@ Session::Session()
enc_key_(wvcdm::KEY_SIZE), enc_key_(wvcdm::KEY_SIZE),
public_rsa_(0), public_rsa_(0),
message_size_(sizeof(MessageData)), message_size_(sizeof(MessageData)),
num_keys_(4), // Most tests only use 4 keys. // Most tests only use 4 keys. Other tests will explicitly call
// Other tests will explicitly call set_num_keys. // set_num_keys.
has_entitlement_license_(false) { num_keys_(4) {
// Stripe the padded message. // Stripe the padded message.
for (size_t i = 0; i < sizeof(padded_message_.padding); i++) { for (size_t i = 0; i < sizeof(padded_message_.padding); i++) {
padded_message_.padding[i] = i % 0x100; padded_message_.padding[i] = i % 0x100;
@@ -313,7 +313,6 @@ void Session::LoadEnitlementTestKeys(const std::string& pst,
} }
void Session::FillEntitledKeyArray() { void Session::FillEntitledKeyArray() {
has_entitlement_license_ = true;
for (size_t i = 0; i < num_keys_; ++i) { for (size_t i = 0; i < num_keys_; ++i) {
EntitledContentKeyData* key_data = &entitled_key_data_[i]; EntitledContentKeyData* key_data = &entitled_key_data_[i];
@@ -518,7 +517,6 @@ void Session::FillSimpleMessage(uint32_t duration, uint32_t control,
void Session::FillSimpleEntitlementMessage( void Session::FillSimpleEntitlementMessage(
uint32_t duration, uint32_t control, uint32_t nonce, uint32_t duration, uint32_t control, uint32_t nonce,
const std::string& pst) { const std::string& pst) {
has_entitlement_license_ = true;
EXPECT_EQ( EXPECT_EQ(
1, GetRandBytes(license_.mac_key_iv, sizeof(license_.mac_key_iv))); 1, GetRandBytes(license_.mac_key_iv, sizeof(license_.mac_key_iv)));
EXPECT_EQ(1, GetRandBytes(license_.mac_keys, sizeof(license_.mac_keys))); EXPECT_EQ(1, GetRandBytes(license_.mac_keys, sizeof(license_.mac_keys)));
@@ -599,10 +597,9 @@ void Session::EncryptAndSign() {
AES_cbc_encrypt(&license_.mac_keys[0], &encrypted_license().mac_keys[0], AES_cbc_encrypt(&license_.mac_keys[0], &encrypted_license().mac_keys[0],
2 * wvcdm::MAC_KEY_SIZE, &aes_key, iv_buffer, AES_ENCRYPT); 2 * wvcdm::MAC_KEY_SIZE, &aes_key, iv_buffer, AES_ENCRYPT);
int key_size = has_entitlement_license() ? 256 : 128;
for (unsigned int i = 0; i < num_keys_; i++) { for (unsigned int i = 0; i < num_keys_; i++) {
memcpy(iv_buffer, &license_.keys[i].control_iv[0], wvcdm::KEY_IV_SIZE); memcpy(iv_buffer, &license_.keys[i].control_iv[0], wvcdm::KEY_IV_SIZE);
AES_set_encrypt_key(&license_.keys[i].key_data[0], key_size, &aes_key); AES_set_encrypt_key(&license_.keys[i].key_data[0], 128, &aes_key);
AES_cbc_encrypt( AES_cbc_encrypt(
reinterpret_cast<const uint8_t*>(&license_.keys[i].control), reinterpret_cast<const uint8_t*>(&license_.keys[i].control),
reinterpret_cast<uint8_t*>(&encrypted_license().keys[i].control), reinterpret_cast<uint8_t*>(&encrypted_license().keys[i].control),

4
libwvdrmengine/oemcrypto/test/oec_session_util.h
View File

@@ -378,9 +378,6 @@ class Session {
// The size of the encrypted message. // The size of the encrypted message.
size_t message_size() { return message_size_; } size_t message_size() { return message_size_; }
// If this session has an entitlement license.
bool has_entitlement_license() const { return has_entitlement_license_; }
private: private:
// Generate mac and enc keys give the master key. // Generate mac and enc keys give the master key.
void DeriveKeys(const uint8_t* master_key, void DeriveKeys(const uint8_t* master_key,
@@ -410,7 +407,6 @@ class Session {
vector<uint8_t> encrypted_usage_entry_; vector<uint8_t> encrypted_usage_entry_;
uint32_t usage_entry_number_; uint32_t usage_entry_number_;
string pst_; string pst_;
bool has_entitlement_license_;
// Clear Entitlement key data. This is the backing data for // Clear Entitlement key data. This is the backing data for
// |entitled_key_array_|. // |entitled_key_array_|.

53
libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
View File

@@ -1076,6 +1076,59 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithRepeatNonce) {
ASSERT_NE(OEMCrypto_SUCCESS, sts); ASSERT_NE(OEMCrypto_SUCCESS, sts);
} }
// This tests that a nonce cannot be used in new session.
TEST_F(OEMCryptoSessionTests, LoadKeyNonceReopenSession) {
Session s;
ASSERT_NO_FATAL_FAILURE(s.open());
ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s));
uint32_t nonce = s.get_nonce();
// Do not use the nonce now. Close session and use it after re-opening.
ASSERT_NO_FATAL_FAILURE(s.close());
// Actually, this isn't the same session. OEMCrypto opens a new session, but
// we are guarding against the possiblity that it re-uses the session data
// and might not clear out the nonce table correctly.
ASSERT_NO_FATAL_FAILURE(s.open());
ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s));
ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(0,
wvoec_mock::kControlNonceEnabled,
nonce)); // same old nonce
ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign());
OEMCryptoResult sts = OEMCrypto_LoadKeys(
s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0],
s.signature().size(), s.encrypted_license().mac_key_iv,
s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0,
NULL, OEMCrypto_ContentLicense);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
}
// This tests that a nonce cannot be used in wrong session.
TEST_F(OEMCryptoSessionTests, LoadKeyNonceWrongSession) {
Session s1;
ASSERT_NO_FATAL_FAILURE(s1.open());
ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s1));
uint32_t nonce = s1.get_nonce();
// Do not use the nonce. Also, leave the session open. We want to make sure
// that s and s1 do NOT share a nonce table. This is different from the
// LoadKeyNonceReopenSession in that we do not close s1.
Session s2;
ASSERT_NO_FATAL_FAILURE(s2.open());
ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s2));
ASSERT_NO_FATAL_FAILURE(s2.FillSimpleMessage(0,
wvoec_mock::kControlNonceEnabled,
nonce)); // nonce from session s1
ASSERT_NO_FATAL_FAILURE(s2.EncryptAndSign());
OEMCryptoResult sts = OEMCrypto_LoadKeys(
s2.session_id(), s2.message_ptr(), s2.message_size(), &s2.signature()[0],
s2.signature().size(), s2.encrypted_license().mac_key_iv,
s2.encrypted_license().mac_keys, s2.num_keys(), s2.key_array(), NULL, 0,
NULL, OEMCrypto_ContentLicense);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
}
TEST_F(OEMCryptoSessionTests, LoadKeyWithBadVerification) { TEST_F(OEMCryptoSessionTests, LoadKeyWithBadVerification) {
Session s; Session s;
ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(s.open());