diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp index 355d426a..051fb054 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp @@ -298,37 +298,6 @@ TEST_P(OEMCryptoEntitlementLicenseTest, LoadEntitlementKeysAPI17) { ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadKeys(true)); } -TEST_P(OEMCryptoEntitlementLicenseTest, CasOnlyLoadCasKeysAPI17) { - if (wvoec::global_features.api_version < 17) { - GTEST_SKIP() << "Test for versions 17 and up only."; - } - if (!global_features.supports_cas) { - GTEST_SKIP() << "OEMCrypto does not support CAS"; - } - LoadEntitlementLicense(); - uint32_t key_session_id = 0; - ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( - session_.session_id(), &key_session_id)); - - EntitledMessage entitled_message_1(&license_messages_); - entitled_message_1.FillKeyArray(); - entitled_message_1.SetEntitledKeySession(key_session_id); - ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys( - /*load_even=*/true, /*load_odd=*/true, OEMCrypto_SUCCESS)); - EntitledMessage entitled_message_2(&license_messages_); - entitled_message_2.FillKeyArray(); - entitled_message_2.SetEntitledKeySession(key_session_id); - ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadCasKeys( - /*load_even=*/true, /*load_odd=*/false, OEMCrypto_SUCCESS)); - EntitledMessage entitled_message_3(&license_messages_); - entitled_message_3.FillKeyArray(); - entitled_message_3.SetEntitledKeySession(key_session_id); - ASSERT_NO_FATAL_FAILURE(entitled_message_3.LoadCasKeys( - /*load_even=*/false, /*load_odd=*/true, OEMCrypto_SUCCESS)); - ASSERT_NO_FATAL_FAILURE(entitled_message_3.LoadCasKeys( - /*load_even=*/false, /*load_odd=*/false, OEMCrypto_SUCCESS)); -} - /** * This verifies that entitled content keys cannot be loaded if we have not yet * loaded the entitlement keys. @@ -352,30 +321,6 @@ TEST_P(OEMCryptoEntitlementLicenseTest, ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false)); } -/** - * This verifies that entitled content keys cannot be loaded if we have loaded - * the wrong entitlement keys. - */ -TEST_P(OEMCryptoEntitlementLicenseTest, - CasOnlyLoadCasKeysNoEntitlementKeysAPI17) { - if (!global_features.supports_cas) { - GTEST_SKIP() << "OEMCrypto does not support CAS"; - } - license_messages_.set_license_type(OEMCrypto_EntitlementLicense); - ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest()); - ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse()); - ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse()); - uint32_t key_session_id = 0; - ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( - session_.session_id(), &key_session_id)); - - EntitledMessage entitled_message_1(&license_messages_); - entitled_message_1.FillKeyArray(); - entitled_message_1.SetEntitledKeySession(key_session_id); - ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys( - /*load_even=*/true, /*load_odd=*/true, OEMCrypto_ERROR_INVALID_CONTEXT)); -} - /** * This verifies that entitled content keys cannot be loaded if we have loaded * the wrong entitlement keys. @@ -398,28 +343,6 @@ TEST_P(OEMCryptoEntitlementLicenseTest, ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false)); } -TEST_P(OEMCryptoEntitlementLicenseTest, - CasOnlyLoadCasKeysWrongEntitlementKeysAPI17) { - if (wvoec::global_features.api_version < 17) { - GTEST_SKIP() << "Test for versions 17 and up only."; - } - if (!global_features.supports_cas) { - GTEST_SKIP() << "OEMCrypto does not support CAS"; - } - LoadEntitlementLicense(); - uint32_t key_session_id = 0; - ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( - session_.session_id(), &key_session_id)); - - EntitledMessage entitled_message_1(&license_messages_); - entitled_message_1.FillKeyArray(); - const std::string key_id = "no_key"; - entitled_message_1.SetEntitlementKeyId(0, key_id); - entitled_message_1.SetEntitledKeySession(key_session_id); - ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys( - /*load_even=*/true, /*load_odd=*/true, OEMCrypto_KEY_NOT_ENTITLED)); -} - /** * This verifies that entitled content keys cannot be loaded if we specify an * entitled key session that has not been created. @@ -441,77 +364,6 @@ TEST_P(OEMCryptoEntitlementLicenseTest, ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false)); } -TEST_P(OEMCryptoEntitlementLicenseTest, - CasOnlyLoadCasKeysWrongEntitledKeySessionAPI17) { - if (wvoec::global_features.api_version < 17) { - GTEST_SKIP() << "Test for versions 17 and up only."; - } - if (!global_features.supports_cas) { - GTEST_SKIP() << "OEMCrypto does not support CAS"; - } - LoadEntitlementLicense(); - uint32_t key_session_id = 0; - ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( - session_.session_id(), &key_session_id)); - - EntitledMessage entitled_message_1(&license_messages_); - entitled_message_1.FillKeyArray(); - const uint32_t wrong_key_session_id = key_session_id == 0 ? 1 : 0; - entitled_message_1.SetEntitledKeySession(wrong_key_session_id); - ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys( - /*load_even=*/true, /*load_odd=*/true, - OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION)); -} - -/** - * This verifies that entitled content keys cannot be loaded if we specify an - * entitled key session that is actually an oemcrypto session. - */ -TEST_P(OEMCryptoEntitlementLicenseTest, - LoadEntitlementKeysOemcryptoSessionAPI17) { - if (!global_features.supports_cas) { - GTEST_SKIP() << "OEMCrypto does not support CAS"; - } - if (wvoec::global_features.api_version < 17) { - GTEST_SKIP() << "Test for versions 17 and up only."; - } - LoadEntitlementLicense(); - uint32_t key_session_id = 0; - ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( - session_.session_id(), &key_session_id)); - - EntitledMessage entitled_message_1(&license_messages_); - entitled_message_1.FillKeyArray(); - if (session_.session_id() == key_session_id) { - GTEST_SKIP() - << "Skipping test because entitled and entitlement sessions are both " - << key_session_id << "."; - } - entitled_message_1.SetEntitledKeySession(session_.session_id()); - ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false)); -} - -TEST_P(OEMCryptoEntitlementLicenseTest, - CasOnlyLoadCasKeysOemcryptoSessionAPI17) { - if (wvoec::global_features.api_version < 17) { - GTEST_SKIP() << "Test for versions 17 and up only."; - } - if (!global_features.supports_cas) { - GTEST_SKIP() << "OEMCrypto does not support CAS"; - } - LoadEntitlementLicense(); - uint32_t key_session_id = 0; - ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( - session_.session_id(), &key_session_id)); - - EntitledMessage entitled_message_1(&license_messages_); - entitled_message_1.FillKeyArray(); - entitled_message_1.SetEntitledKeySession(session_.session_id()); - ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys( - /*load_even=*/true, /*load_odd=*/true, - OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION)); -} - INSTANTIATE_TEST_SUITE_P(TestAll, OEMCryptoEntitlementLicenseTest, Range(kCoreMessagesAPI, kCurrentAPI + 1)); @@ -778,42 +630,6 @@ TEST_P(OEMCryptoLicenseTest, SelectKeyEntitledKeyNotThereAPI17) { strlen(content_key_id))); } -/** - * Select key with entitlement license fails if the key id is entitlement key - * id. - */ -TEST_P(OEMCryptoLicenseTest, SelectKeyEntitlementKeyAPI17) { - if (!global_features.supports_cas) { - GTEST_SKIP() << "OEMCrypto does not support CAS"; - } - if (wvoec::global_features.api_version < 17) { - GTEST_SKIP() << "Test for versions 17 and up only."; - } - license_messages_.set_license_type(OEMCrypto_EntitlementLicense); - ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest()); - ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse()); - ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse()); - ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse()); - - uint32_t key_session_id; - ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( - session_.session_id(), &key_session_id)); - EntitledMessage entitled_message_1(&license_messages_); - entitled_message_1.FillKeyArray(); - entitled_message_1.SetEntitledKeySession(key_session_id); - ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true)); - - if (session_.session_id() == key_session_id) { - GTEST_SKIP() - << "Skipping test because entitled and entitlement sessions are both " - << key_session_id << "."; - } - ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled( - OEMCrypto_ERROR_INVALID_CONTEXT, session_.session_id(), - session_.license().keys[0].key_id, - session_.license().keys[0].key_id_length)); -} - // This verifies that entitled key sessions can be created and removed. TEST_P(OEMCryptoLicenseTest, EntitledKeySessionsAPI17) { if (wvoec::global_features.api_version < 17) { @@ -867,77 +683,6 @@ TEST_P(OEMCryptoLicenseTest, session_.open(); } -// This verifies that multiple entitled key sessions can be created. They can -// load and select keys independently. -TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) { - if (!global_features.supports_cas) { - GTEST_SKIP() << "OEMCrypto does not support CAS"; - } - if (wvoec::global_features.api_version < 17) { - GTEST_SKIP() << "Test for versions 17 and up only."; - } - license_messages_.set_license_type(OEMCrypto_EntitlementLicense); - ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest()); - ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse()); - ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse()); - ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse()); - - uint32_t key_session_id_1; - ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( - session_.session_id(), &key_session_id_1)); - EntitledMessage entitled_message_1(&license_messages_); - entitled_message_1.FillKeyArray(); - entitled_message_1.SetEntitledKeySession(key_session_id_1); - const char* content_key_id_1 = "content_key_id_1"; - entitled_message_1.SetContentKeyId(0, content_key_id_1); - ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true)); - // We can select content key 1 in entitled key session 1. - ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled( - OEMCrypto_SUCCESS, key_session_id_1, - reinterpret_cast(content_key_id_1), - strlen(content_key_id_1))); - - // Create another entitled key session. - uint32_t key_session_id_2; - OEMCryptoResult status = OEMCrypto_CreateEntitledKeySession( - session_.session_id(), &key_session_id_2); - // For DRM, but not for CAS, we allow there to be only a single entitled - // session. - if (!global_features.supports_cas && - (key_session_id_2 == key_session_id_1 || - status == OEMCrypto_ERROR_TOO_MANY_SESSIONS)) { - GTEST_SKIP() - << "Skipping test because multiple entitled sessions not supported."; - } - ASSERT_EQ(OEMCrypto_SUCCESS, status); - // Entitled key sessions should have unique ids. - ASSERT_NE(key_session_id_1, key_session_id_2); - - EntitledMessage entitled_message_2(&license_messages_); - entitled_message_2.FillKeyArray(); - entitled_message_2.SetEntitledKeySession(key_session_id_2); - const char* content_key_id_2 = "content_key_id_2"; - entitled_message_2.SetContentKeyId(0, content_key_id_2); - ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadKeys(true)); - // We can select content key 2 in entitled key session 2. - ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled( - OEMCrypto_SUCCESS, key_session_id_2, - reinterpret_cast(content_key_id_2), - strlen(content_key_id_2))); - - // Content key id 1 is not in entitled key session 2. - ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled( - OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id_2, - reinterpret_cast(content_key_id_1), - strlen(content_key_id_1))); - - // Content key id 2 is not in entitled key session 1. - ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled( - OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id_1, - reinterpret_cast(content_key_id_2), - strlen(content_key_id_2))); -} - // This verifies that within an entitled key session, each entitlement key can // corresponds to only one content key at most. TEST_P(OEMCryptoLicenseTest, @@ -1536,7 +1281,260 @@ INSTANTIATE_TEST_SUITE_P(TestAll, OEMCryptoLicenseOverflowTest, /// @addtogroup cas /// @{ +TEST_P(OEMCryptoEntitlementLicenseTest, CasOnlyLoadCasKeysAPI17) { + if (wvoec::global_features.api_version < 17) { + GTEST_SKIP() << "Test for versions 17 and up only."; + } + if (!global_features.supports_cas) { + GTEST_SKIP() << "OEMCrypto does not support CAS"; + } + LoadEntitlementLicense(); + uint32_t key_session_id = 0; + ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( + session_.session_id(), &key_session_id)); + EntitledMessage entitled_message_1(&license_messages_); + entitled_message_1.FillKeyArray(); + entitled_message_1.SetEntitledKeySession(key_session_id); + ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys( + /*load_even=*/true, /*load_odd=*/true, OEMCrypto_SUCCESS)); + EntitledMessage entitled_message_2(&license_messages_); + entitled_message_2.FillKeyArray(); + entitled_message_2.SetEntitledKeySession(key_session_id); + ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadCasKeys( + /*load_even=*/true, /*load_odd=*/false, OEMCrypto_SUCCESS)); + EntitledMessage entitled_message_3(&license_messages_); + entitled_message_3.FillKeyArray(); + entitled_message_3.SetEntitledKeySession(key_session_id); + ASSERT_NO_FATAL_FAILURE(entitled_message_3.LoadCasKeys( + /*load_even=*/false, /*load_odd=*/true, OEMCrypto_SUCCESS)); + ASSERT_NO_FATAL_FAILURE(entitled_message_3.LoadCasKeys( + /*load_even=*/false, /*load_odd=*/false, OEMCrypto_SUCCESS)); +} + +/** + * This verifies that entitled content keys cannot be loaded if we have loaded + * the wrong entitlement keys. + */ +TEST_P(OEMCryptoEntitlementLicenseTest, + CasOnlyLoadCasKeysNoEntitlementKeysAPI17) { + if (!global_features.supports_cas) { + GTEST_SKIP() << "OEMCrypto does not support CAS"; + } + license_messages_.set_license_type(OEMCrypto_EntitlementLicense); + ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest()); + ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse()); + ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse()); + uint32_t key_session_id = 0; + ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( + session_.session_id(), &key_session_id)); + + EntitledMessage entitled_message_1(&license_messages_); + entitled_message_1.FillKeyArray(); + entitled_message_1.SetEntitledKeySession(key_session_id); + ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys( + /*load_even=*/true, /*load_odd=*/true, OEMCrypto_ERROR_INVALID_CONTEXT)); +} + +TEST_P(OEMCryptoEntitlementLicenseTest, + CasOnlyLoadCasKeysWrongEntitlementKeysAPI17) { + if (wvoec::global_features.api_version < 17) { + GTEST_SKIP() << "Test for versions 17 and up only."; + } + if (!global_features.supports_cas) { + GTEST_SKIP() << "OEMCrypto does not support CAS"; + } + LoadEntitlementLicense(); + uint32_t key_session_id = 0; + ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( + session_.session_id(), &key_session_id)); + + EntitledMessage entitled_message_1(&license_messages_); + entitled_message_1.FillKeyArray(); + const std::string key_id = "no_key"; + entitled_message_1.SetEntitlementKeyId(0, key_id); + entitled_message_1.SetEntitledKeySession(key_session_id); + ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys( + /*load_even=*/true, /*load_odd=*/true, OEMCrypto_KEY_NOT_ENTITLED)); +} + +TEST_P(OEMCryptoEntitlementLicenseTest, + CasOnlyLoadCasKeysWrongEntitledKeySessionAPI17) { + if (wvoec::global_features.api_version < 17) { + GTEST_SKIP() << "Test for versions 17 and up only."; + } + if (!global_features.supports_cas) { + GTEST_SKIP() << "OEMCrypto does not support CAS"; + } + LoadEntitlementLicense(); + uint32_t key_session_id = 0; + ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( + session_.session_id(), &key_session_id)); + + EntitledMessage entitled_message_1(&license_messages_); + entitled_message_1.FillKeyArray(); + const uint32_t wrong_key_session_id = key_session_id == 0 ? 1 : 0; + entitled_message_1.SetEntitledKeySession(wrong_key_session_id); + ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys( + /*load_even=*/true, /*load_odd=*/true, + OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION)); +} + +/** + * This verifies that entitled content keys cannot be loaded if we specify an + * entitled key session that is actually an oemcrypto session. + */ +TEST_P(OEMCryptoEntitlementLicenseTest, + LoadEntitlementKeysOemcryptoSessionAPI17) { + if (!global_features.supports_cas) { + GTEST_SKIP() << "OEMCrypto does not support CAS"; + } + if (wvoec::global_features.api_version < 17) { + GTEST_SKIP() << "Test for versions 17 and up only."; + } + LoadEntitlementLicense(); + uint32_t key_session_id = 0; + ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( + session_.session_id(), &key_session_id)); + + EntitledMessage entitled_message_1(&license_messages_); + entitled_message_1.FillKeyArray(); + if (session_.session_id() == key_session_id) { + GTEST_SKIP() + << "Skipping test because entitled and entitlement sessions are both " + << key_session_id << "."; + } + entitled_message_1.SetEntitledKeySession(session_.session_id()); + ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(false)); +} + +TEST_P(OEMCryptoEntitlementLicenseTest, + CasOnlyLoadCasKeysOemcryptoSessionAPI17) { + if (wvoec::global_features.api_version < 17) { + GTEST_SKIP() << "Test for versions 17 and up only."; + } + if (!global_features.supports_cas) { + GTEST_SKIP() << "OEMCrypto does not support CAS"; + } + LoadEntitlementLicense(); + uint32_t key_session_id = 0; + ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( + session_.session_id(), &key_session_id)); + + EntitledMessage entitled_message_1(&license_messages_); + entitled_message_1.FillKeyArray(); + entitled_message_1.SetEntitledKeySession(session_.session_id()); + ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys( + /*load_even=*/true, /*load_odd=*/true, + OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION)); +} + +/** + * Select key with entitlement license fails if the key id is entitlement key + * id. + */ +TEST_P(OEMCryptoLicenseTest, SelectKeyEntitlementKeyAPI17) { + if (!global_features.supports_cas) { + GTEST_SKIP() << "OEMCrypto does not support CAS"; + } + if (wvoec::global_features.api_version < 17) { + GTEST_SKIP() << "Test for versions 17 and up only."; + } + license_messages_.set_license_type(OEMCrypto_EntitlementLicense); + ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest()); + ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse()); + ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse()); + ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse()); + + uint32_t key_session_id; + ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( + session_.session_id(), &key_session_id)); + EntitledMessage entitled_message_1(&license_messages_); + entitled_message_1.FillKeyArray(); + entitled_message_1.SetEntitledKeySession(key_session_id); + ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true)); + + if (session_.session_id() == key_session_id) { + GTEST_SKIP() + << "Skipping test because entitled and entitlement sessions are both " + << key_session_id << "."; + } + ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled( + OEMCrypto_ERROR_INVALID_CONTEXT, session_.session_id(), + session_.license().keys[0].key_id, + session_.license().keys[0].key_id_length)); +} + +// This verifies that multiple entitled key sessions can be created. They can +// load and select keys independently. +TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) { + if (!global_features.supports_cas) { + GTEST_SKIP() << "OEMCrypto does not support CAS"; + } + if (wvoec::global_features.api_version < 17) { + GTEST_SKIP() << "Test for versions 17 and up only."; + } + license_messages_.set_license_type(OEMCrypto_EntitlementLicense); + ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest()); + ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse()); + ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse()); + ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse()); + + uint32_t key_session_id_1; + ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( + session_.session_id(), &key_session_id_1)); + EntitledMessage entitled_message_1(&license_messages_); + entitled_message_1.FillKeyArray(); + entitled_message_1.SetEntitledKeySession(key_session_id_1); + const char* content_key_id_1 = "content_key_id_1"; + entitled_message_1.SetContentKeyId(0, content_key_id_1); + ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(true)); + // We can select content key 1 in entitled key session 1. + ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled( + OEMCrypto_SUCCESS, key_session_id_1, + reinterpret_cast(content_key_id_1), + strlen(content_key_id_1))); + + // Create another entitled key session. + uint32_t key_session_id_2; + OEMCryptoResult status = OEMCrypto_CreateEntitledKeySession( + session_.session_id(), &key_session_id_2); + // For DRM, but not for CAS, we allow there to be only a single entitled + // session. + if (!global_features.supports_cas && + (key_session_id_2 == key_session_id_1 || + status == OEMCrypto_ERROR_TOO_MANY_SESSIONS)) { + GTEST_SKIP() + << "Skipping test because multiple entitled sessions not supported."; + } + ASSERT_EQ(OEMCrypto_SUCCESS, status); + // Entitled key sessions should have unique ids. + ASSERT_NE(key_session_id_1, key_session_id_2); + + EntitledMessage entitled_message_2(&license_messages_); + entitled_message_2.FillKeyArray(); + entitled_message_2.SetEntitledKeySession(key_session_id_2); + const char* content_key_id_2 = "content_key_id_2"; + entitled_message_2.SetContentKeyId(0, content_key_id_2); + ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadKeys(true)); + // We can select content key 2 in entitled key session 2. + ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled( + OEMCrypto_SUCCESS, key_session_id_2, + reinterpret_cast(content_key_id_2), + strlen(content_key_id_2))); + + // Content key id 1 is not in entitled key session 2. + ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled( + OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id_2, + reinterpret_cast(content_key_id_1), + strlen(content_key_id_1))); + + // Content key id 2 is not in entitled key session 1. + ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled( + OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id_1, + reinterpret_cast(content_key_id_2), + strlen(content_key_id_2))); +} /// @} /// @addtogroup security