[RESTRICT AUTOMERGE] Sync OEMCrypto, ODK files and unit tests

run android/copy_files from cdm repo to sync files in Android tm-widevine-release. Changes include: 1. Update ODK to 17.1 2. update in license_protocol.proto 3. updates in oemcrypto unit tests 4. A few cdm and util test updates 5. Prov4 unit test fixes Originating CLs: https://widevine-internal-review.googlesource.com/c/cdm/+/155289/ https://widevine-internal-review.googlesource.com/c/cdm/+/155429/ https://widevine-internal-review.googlesource.com/c/cdm/+/155430/ https://widevine-internal-review.googlesource.com/c/cdm/+/154415/ https://widevine-internal-review.googlesource.com/c/cdm/+/156457/ https://widevine-internal-review.googlesource.com/c/cdm/+/156878/ https://widevine-internal-review.googlesource.com/c/cdm/+/156879/ https://widevine-internal-review.googlesource.com/c/cdm/+/156425/ https://widevine-internal-review.googlesource.com/c/cdm/+/156486/ https://widevine-internal-review.googlesource.com/c/cdm/+/156539/ https://widevine-internal-review.googlesource.com/c/cdm/+/156542/ Test: ran oemcrypto unit tests and ODK tests Test: ran gts media test cases Bug: 239201888 Change-Id: Iad9aff72aec5ba42296582837f34dd704bc11810
2022-09-22 13:39:14 -07:00
parent fa8c0a9a62
commit 0f32f41bd1
38 changed files with 770 additions and 413 deletions
--- a/libwvdrmengine/oemcrypto/test/oec_session_util.h
+++ b/libwvdrmengine/oemcrypto/test/oec_session_util.h
@@ -8,9 +8,8 @@
 // OEMCrypto unit tests
 //
 #include <gtest/gtest.h>
-#include <openssl/ec.h>
-#include <openssl/rsa.h>
 #include <time.h>
+#include <unordered_map>

 #include <string>
 #include <vector>
@@ -21,7 +20,9 @@
 #include "odk.h"
 #include "oec_device_features.h"
 #include "oec_key_deriver.h"
+#include "oemcrypto_ecc_key.h"
 #include "oemcrypto_fuzz_structs.h"
+#include "oemcrypto_rsa_key.h"
 #include "oemcrypto_types.h"
 #include "pst_report.h"

@@ -571,38 +572,75 @@ class Session {
  void RewrapRSAKey(const struct RSAPrivateKeyMessage& encrypted,
                    size_t message_size, const std::vector<uint8_t>& signature,
                    vector<uint8_t>* wrapped_key, bool force);
-  // Loads the specified RSA public key into public_rsa_.  If rsa_key is null,
-  // the default test key is loaded.
-  void PreparePublicKey(const uint8_t* rsa_key = nullptr,
-                        size_t rsa_key_length = 0);
+  // Loads the default test RSA public key into public_rsa_.
+  void SetTestRsaPublicKey();
+  // Loads the specified DRM public key into the appropriate key.
+  // The provided key is serialized as an ASN.1 DER encoded PrivateKeyInfo.
+  void SetPublicKeyFromPrivateKeyInfo(OEMCrypto_PrivateKeyType key_type,
+                                      const uint8_t* buffer, size_t length);
  // Loads the specified RSA public key into public_rsa_.
-  void SetRsaPublicKey(const uint8_t* buffer, size_t length);
+  // The provided key is serialized as an ASN.1 DER encoded PrivateKeyInfo.
+  void SetRsaPublicKeyFromPrivateKeyInfo(const uint8_t* buffer, size_t length);
  // Loads the specified EC public key into public_ec_.
-  void SetEcPublicKey(const uint8_t* buffer, size_t length);
+  // The provided key is serialized as an ASN.1 DER encoded PrivateKeyInfo.
+  void SetEccPublicKeyFromPrivateKeyInfo(const uint8_t* buffer, size_t length);
+
+  // Loads the specified DRM public key into the appropriate key.
+  // The provided key is serialized as an ASN.1 DER encoded SubjectPublicKey.
+  void SetPublicKeyFromSubjectPublicKey(OEMCrypto_PrivateKeyType key_type,
+                                        const uint8_t* buffer, size_t length);
+  // Loads the specified RSA public key into public_rsa_.
+  // The provided key is serialized as an ASN.1 DER encoded SubjectPublicKey.
+  void SetRsaPublicKeyFromSubjectPublicKey(const uint8_t* buffer,
+                                           size_t length);
+  // Loads the specified EC public key into public_ec_.
+  // The provided key is serialized as an ASN.1 DER encoded SubjectPublicKey.
+  void SetEccPublicKeyFromSubjectPublicKey(const uint8_t* buffer,
+                                           size_t length);

-  // Verifies the given signature is from the given message and RSA key, pkey.
-  static bool VerifyPSSSignature(EVP_PKEY* pkey, const uint8_t* message,
-                                 size_t message_length,
-                                 const uint8_t* signature,
-                                 size_t signature_length);
  // Verify that the message was signed by the private key associated with
  // |public_rsa_| using the specified padding scheme.
-  void VerifyRSASignature(const vector<uint8_t>& message,
+  void VerifyRsaSignature(const vector<uint8_t>& message,
                          const uint8_t* signature, size_t signature_length,
                          RSA_Padding_Scheme padding_scheme);
+  // Verify that the message was signed by the private key associated with
+  // |public_ecc_| using Widevine ECDSA.
+  void VerifyEccSignature(const vector<uint8_t>& message,
+                          const uint8_t* signature, size_t signature_length);
+  // Verify RSA or ECC signature based on the key type installed. The
+  // padding_scheme will be ignored in case of ECC key.
+  void VerifySignature(const vector<uint8_t>& message, const uint8_t* signature,
+                       size_t signature_length,
+                       RSA_Padding_Scheme padding_scheme);
+
  // Encrypts a known session key with public_rsa_ for use in future calls to
  // OEMCrypto_DeriveKeysFromSessionKey or OEMCrypto_RewrapDeviceRSAKey30.
  // The unencrypted session key is stored in session_key.
-  bool GenerateRSASessionKey(vector<uint8_t>* session_key,
+  bool GenerateRsaSessionKey(vector<uint8_t>* session_key,
                             vector<uint8_t>* enc_session_key);
+  // Derives a session key with public_ec_ and a ephemeral "server" ECC key
+  // for use in future calls to OEMCrypto_DeriveKeysFromSessionKey.
+  // The unencrypted session key is stored in session_key.
+  bool GenerateEccSessionKey(vector<uint8_t>* session_key,
+                             vector<uint8_t>* ecdh_public_key_data);
+  // Based on the key type installed, call GenerateRsaSessionKey or
+  // GenerateEccSessionKey.
+  bool GenerateSessionKey(vector<uint8_t>* session_key,
+                          vector<uint8_t>* key_material);
+
  // Calls OEMCrypto_RewrapDeviceRSAKey30 with the given provisioning response
  // message. If force is true, we assert that the key loads successfully.
  void RewrapRSAKey30(const struct RSAPrivateKeyMessage& encrypted,
                      const std::vector<uint8_t>& encrypted_message_key,
                      vector<uint8_t>* wrapped_key, bool force);
-  // Loads the specified wrapped_rsa_key into OEMCrypto, and then runs
-  // GenerateDerivedKeysFromSessionKey to install known encryption and mac keys.
-  void InstallRSASessionTestKey(const vector<uint8_t>& wrapped_rsa_key);
+
+  void LoadWrappedDrmKey(OEMCrypto_PrivateKeyType key_type,
+                         const vector<uint8_t>& wrapped_drm_key);
+  // Loads the specified wrapped_rsa_key into OEMCrypto.
+  void LoadWrappedRsaDrmKey(const vector<uint8_t>& wrapped_rsa_key);
+  // Loads the specified wrapped_ecc_key into OEMCrypto.
+  void LoadWrappedEccDrmKey(const vector<uint8_t>& wrapped_ecc_key);
+
  // Creates a new usage entry, and keeps track of the index.
  // If status is null, we expect success, otherwise status is set to the
  // return value.
@@ -676,21 +714,34 @@ class Session {
                         OEMCryptoResult actual_select_result,
                         OEMCryptoResult actual_decryt_result);

-  bool open_;
-  bool forced_session_id_;
-  OEMCrypto_SESSION session_id_;
+  bool open_ = false;
+  bool forced_session_id_ = false;
+  OEMCrypto_SESSION session_id_ = 0;
  KeyDeriver key_deriver_;
-  uint32_t nonce_;
+  uint32_t nonce_ = 0;
  // Only one of RSA or EC should be set.
-  RSA* public_rsa_ = nullptr;
-  EC_KEY* public_ec_ = nullptr;
+  std::unique_ptr<util::RsaPublicKey> public_rsa_;
+  std::unique_ptr<util::EccPublicKey> public_ec_;
+  // In provisioning 4.0, the shared session key is derived from either
+  //    1. (client side) client private key + server ephemeral public key, or
+  //    2. (server side) server ephemeral private key + client public key
+  // Encryption key and mac keys are derived from the shared session key, and
+  // are inserted in to the default license response which simulates the
+  // response from a license server. In order for these keys to be deterministic
+  // across multiple test calls of GenerateDerivedKeysFromSessionKey(), which
+  // simulates how the server derives keys, the ephemeral keys used by the
+  // "server" need to be stored for re-use.
+  static std::unordered_map<
+      util::EccCurve, std::unique_ptr<util::EccPrivateKey>, std::hash<int>>
+      server_ephemeral_keys_;
+  static std::mutex ephemeral_key_map_lock_;
  vector<uint8_t> pst_report_buffer_;
  MessageData license_ = {};

  vector<uint8_t> encrypted_usage_entry_;
-  uint32_t usage_entry_number_;
+  uint32_t usage_entry_number_ = 0;
  string pst_;
-};
+};  // class Session

 // Used for OEMCrypto Fuzzing: Convert byte to a valid boolean to avoid errors
 // generated by msan.