widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Pick widevine oemcrypto-v18 change

Browse Source 
No-Typo-Check: From a third party header file
Bug: 260918793
Test: unit tests
Test: atp v2/widevine-eng/drm_compliance
Change-Id: I36effd6a10a99bdb2399ab1f4a0fad026d607c70
This commit is contained in:
Kyle Zhang
2022-12-16 03:21:08 +00:00
parent 4586522c07
commit 11255b7426
105 changed files with 324641 additions and 299787 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
libwvdrmengine/oemcrypto/test/oec_session_util.h
View File

@@ -11,6 +11,7 @@
#include <time.h>
#include <unordered_map>
#include <mutex>
#include <string>
#include <vector>
@@ -305,7 +306,7 @@ class ProvisioningRoundTrip
size_t* wrapped_key_length);
// This takes a pointer in the response_data_ and remaps it to the same
// pointer within the encrypted message. This is used for backwards
// compatibliity testing, so that a v15 oemcrypto will accept range checks.
// compatibility testing, so that a v15 oemcrypto will accept range checks.
template <typename T>
const T* RemapPointer(const T* response_pointer) const;
@@ -318,6 +319,56 @@ class ProvisioningRoundTrip
std::vector<uint8_t> wrapped_rsa_key_;
};
class Provisioning40RoundTrip
: public RoundTrip<
/* CoreRequest */ oemcrypto_core_message::ODK_Provisioning40Request,
OEMCrypto_PrepAndSignProvisioningRequest,
/* CoreResponse */ ODK_ParsedProvisioning,
/* ResponseData */ Prov40CertMessage> {
public:
Provisioning40RoundTrip(Session* session)
: RoundTrip(session), allowed_schemes_(kSign_RSASSA_PSS) {}
void PrepareSession(bool is_oem_key);
// Not used. Use Load*CertResponse() below to load OEM/DRM response
// respectively.
void CreateDefaultResponse() override{};
void EncryptAndSignResponse() override{};
OEMCryptoResult LoadResponse(Session* session) override {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
OEMCryptoResult LoadOEMCertResponse();
OEMCryptoResult LoadDRMCertResponse();
const std::vector<uint8_t>& wrapped_oem_key() { return wrapped_oem_key_; }
const std::vector<uint8_t>& oem_public_key() { return oem_public_key_; }
OEMCrypto_PrivateKeyType oem_key_type() { return oem_key_type_; }
const std::vector<uint8_t>& wrapped_drm_key() { return wrapped_drm_key_; }
const std::vector<uint8_t>& drm_public_key() { return drm_public_key_; }
OEMCrypto_PrivateKeyType drm_key_type() { return drm_key_type_; }
void set_allowed_schemes(uint32_t allowed_schemes) {
allowed_schemes_ = allowed_schemes;
}
protected:
bool RequestHasNonce() override { return true; }
void VerifyRequestSignature(const vector<uint8_t>& data,
const vector<uint8_t>& generated_signature,
size_t core_message_length) override;
// Verify the values of the core response.
virtual void FillAndVerifyCoreRequest(
const std::string& core_message_string) override;
uint32_t allowed_schemes_;
std::vector<uint8_t> wrapped_oem_key_;
std::vector<uint8_t> oem_public_key_;
OEMCrypto_PrivateKeyType oem_key_type_;
std::vector<uint8_t> wrapped_drm_key_;
std::vector<uint8_t> drm_public_key_;
OEMCrypto_PrivateKeyType drm_key_type_;
};
class LicenseRoundTrip
: public RoundTrip<
/* CoreRequest */ oemcrypto_core_message::ODK_LicenseRequest,
@@ -570,12 +621,18 @@ class Session {
// and also fill out enc_key_, mac_key_server_, and mac_key_client_.
void GenerateDerivedKeysFromSessionKey();
// Encrypt some data and pass to OEMCrypto_DecryptCENC to verify decryption.
void TestDecryptCTR(bool select_key_first = true,
void TestDecryptCTR(bool get_fresh_key_handle_first = true,
OEMCryptoResult expected_result = OEMCrypto_SUCCESS,
size_t key_index = 0);
// Verify that an attempt to select an expired key either succeeds, or gives
// an actionable error code.
void TestSelectExpired(size_t key_index);
// Encrypt some data and pass to OEMCrypto_DecryptCENC to verify decryption
// for entitled sessions.
void TestDecryptEntitled(OEMCryptoResult expected_result = OEMCrypto_SUCCESS,
OEMCrypto_SESSION session = 0,
const uint8_t* content_key_id = nullptr,
size_t content_key_id_length = 0);
// Verify that an attempt to get a key handle for an expired key either
// succeeds or gives an actionable error code.
void TestGetKeyHandleExpired(size_t key_index);
// Calls OEMCrypto_GetOEMPublicCertificate and OEMCrypto_LoadOEMPrivateKey and
// loads the OEM cert's public rsa key into public_rsa_.
void LoadOEMCert(bool verify_cert = false);
@@ -586,7 +643,7 @@ class Session {
vector<uint8_t>* wrapped_key, bool force);
// Loads the default test RSA public key into public_rsa_.
void SetTestRsaPublicKey();
// Loads the specified DRM public key into the appropriate key.
// Loads the specified DRM or OEM public key into the appropriate key.
// The provided key is serialized as an ASN.1 DER encoded PrivateKeyInfo.
void SetPublicKeyFromPrivateKeyInfo(OEMCrypto_PrivateKeyType key_type,
const uint8_t* buffer, size_t length);
@@ -597,7 +654,7 @@ class Session {
// The provided key is serialized as an ASN.1 DER encoded PrivateKeyInfo.
void SetEccPublicKeyFromPrivateKeyInfo(const uint8_t* buffer, size_t length);
// Loads the specified DRM public key into the appropriate key.
// Loads the specified DRM or OEM public key into the appropriate key.
// The provided key is serialized as an ASN.1 DER encoded SubjectPublicKey.
void SetPublicKeyFromSubjectPublicKey(OEMCrypto_PrivateKeyType key_type,
const uint8_t* buffer, size_t length);
@@ -714,16 +771,29 @@ class Session {
void set_license(const MessageData& license) { license_ = license; }
// Gives access to the last key handle used by the Session. Useful if a test
// case uses one of the decrypt test functions above and then wants to perform
// further crypto operations using the same key handle. Also useful if a test
// case needs to inject a specific erroneous key handle into the decrypt test
// functions.
vector<uint8_t>& key_handle() { return key_handle_; }
const KeyDeriver& key_deriver() const { return key_deriver_; }
void set_mac_keys(const uint8_t* mac_keys) {
key_deriver_.set_mac_keys(mac_keys);
}
bool IsPublicKeySet() {
return public_rsa_ != nullptr || public_ec_ != nullptr;
}
private:
OEMCryptoResult GetKeyHandle(
vector<uint8_t>& key_handle, size_t key_index = 0,
OEMCryptoCipherMode cipher_mode = OEMCrypto_CipherMode_CENC);
// This compares the actual result with the expected result. If OEMCrypto is
// an older version, we allow it to report an equivalent error code.
void TestDecryptResult(OEMCryptoResult expected_result,
OEMCryptoResult actual_select_result,
OEMCryptoResult actual_getkeyhandle_result,
OEMCryptoResult actual_decryt_result);
bool open_ = false;
@@ -749,6 +819,7 @@ class Session {
static std::mutex ephemeral_key_map_lock_;
vector<uint8_t> pst_report_buffer_;
MessageData license_ = {};
vector<uint8_t> key_handle_;
vector<uint8_t> encrypted_usage_entry_;
uint32_t usage_entry_number_ = 0;
@@ -766,6 +837,18 @@ template <PrepAndSignRequest_t PrepAndSignRequest>
void GetDefaultRequestSignatureAndCoreMessageLengths(
uint32_t& session_id, const size_t& small_size,
size_t* gen_signature_length, size_t* core_message_length);
// Loads the key matching the given |key_id| into the |session| in OEMCrypto for
// the given |cipher_mode| and returns a handle to that key. This function
// handles negotiating the size of the |key_handle| buffer. For non-bypassing
// systems, this is equivalent to the old SelectKey call and will deselect any
// previous keys selected in the session. For bypassing systems, multiple key
// handles may be valid simultaneously, but this call may invalidate any
// previous handles.
OEMCryptoResult GetKeyHandleIntoVector(OEMCrypto_SESSION session,
const uint8_t* key_id,
size_t key_id_length,
OEMCryptoCipherMode cipher_mode,
vector<uint8_t>& key_handle);
} // namespace wvoec
#endif // CDM_OEC_SESSION_UTIL_H_