Unit Test for OEMCrypto_ERROR_KEY_EXPIRED

Merge from widevine repo of http://go/wvgerrit/21141 All of the decrypt calls and the SelectKey call should return OEMCrypto_ERROR_KEY_EXPIRED on error. This CL updates the oemcrypto unit tests, reference mock, and level 3 code. b/28294273 Change-Id: I7ac6a3652e0b2fe5a46071e1c2eda00daeed7a33
2016-11-28 21:52:11 -08:00
parent 7214064635
commit 47f454839e
4 changed files with 31 additions and 10 deletions
--- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.cpp
+++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.cpp
@@ -1145,7 +1145,7 @@ bool SessionContext::QueryKeyControlBlock(const KeyId& key_id, uint32_t* data) {
  return true;
 }

-bool SessionContext::SelectContentKey(const KeyId& key_id) {
+OEMCryptoResult SessionContext::SelectContentKey(const KeyId& key_id) {
  const Key* content_key = session_keys_.Find(key_id);

  if (LogCategoryEnabled(kLoggingTraceDecryption)){
@@ -1157,10 +1157,17 @@ bool SessionContext::SelectContentKey(const KeyId& key_id) {

  if (NULL == content_key) {
    LOGE("[SelectContentKey(): No key matches key id]");
-    return false;
+    return OEMCrypto_ERROR_NO_CONTENT_KEY;
  }
  current_content_key_ = content_key;
-  return true;
+  const KeyControlBlock& control = current_content_key()->control();
+  if (control.duration() > 0) {
+    if (control.duration() < CurrentTimer()) {
+      LOGE("[SelectContentKey(): KEY_EXPIRED]");
+      return OEMCrypto_ERROR_KEY_EXPIRED;
+    }
+  }
+  return OEMCrypto_SUCCESS;
 }

 void SessionContext::AddNonce(uint32_t nonce) {
--- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.h
+++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.h
@@ -166,7 +166,7 @@ class SessionContext {
  bool UpdateMacKeys(const std::vector<uint8_t>& mac_keys,
                     const std::vector<uint8_t>& iv);
  bool QueryKeyControlBlock(const KeyId& key_id, uint32_t* data);
-  bool SelectContentKey(const KeyId& key_id);
+  OEMCryptoResult SelectContentKey(const KeyId& key_id);
  const Key* current_content_key(void) { return current_content_key_; }
  void set_mac_key_server(const std::vector<uint8_t>& mac_key_server) {
    mac_key_server_ = mac_key_server;
--- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_mock.cpp
+++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_mock.cpp
@@ -556,12 +556,7 @@ OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,

  const std::vector<uint8_t> key_id_str =
      std::vector<uint8_t>(key_id, key_id + key_id_length);
-  if (!session_ctx->SelectContentKey(key_id_str)) {
-    LOGE("[OEMCrypto_SelectKey(): FAIL]");
-    return OEMCrypto_ERROR_NO_CONTENT_KEY;
-  }
-
-  return OEMCrypto_SUCCESS;
+  return session_ctx->SelectContentKey(key_id_str);
 }

 OEMCryptoResult SetDestination(OEMCrypto_DestBufferDesc* out_buffer,
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
@@ -1857,6 +1857,9 @@ TEST_F(OEMCryptoSessionTests, KeyDuration) {
  ASSERT_NO_FATAL_FAILURE(s.TestDecryptCTR(false, OEMCrypto_SUCCESS));
  sleep(kLongSleep);  // Should be expired key.
  ASSERT_NO_FATAL_FAILURE(s.TestDecryptCTR(false, OEMCrypto_ERROR_KEY_EXPIRED));
+  ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED,
+            OEMCrypto_SelectKey(s.session_id(), s.license().keys[0].key_id,
+                                s.license().keys[0].key_id_length));
 }

 //
@@ -3779,6 +3782,10 @@ TEST_F(GenericCryptoTest, KeyDurationEncrypt) {
                session_.session_id(), &clear_buffer_[0], clear_buffer_.size(),
                iv_, OEMCrypto_AES_CBC_128_NO_PADDING, &encrypted[0]));
  ASSERT_NE(encrypted, expected_encrypted);
+  ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED,
+            OEMCrypto_SelectKey(session_.session_id(),
+                                session_.license().keys[key_index].key_id,
+                                session_.license().keys[key_index].key_id_length));
 }

 TEST_F(GenericCryptoTest, KeyDurationDecrypt) {
@@ -3810,6 +3817,10 @@ TEST_F(GenericCryptoTest, KeyDurationDecrypt) {
                session_.session_id(), &encrypted[0], encrypted.size(), iv_,
                OEMCrypto_AES_CBC_128_NO_PADDING, &resultant[0]));
  ASSERT_NE(clear_buffer_, resultant);
+  ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED,
+            OEMCrypto_SelectKey(session_.session_id(),
+                                session_.license().keys[key_index].key_id,
+                                session_.license().keys[key_index].key_id_length));
 }

 TEST_F(GenericCryptoTest, KeyDurationSign) {
@@ -3843,6 +3854,10 @@ TEST_F(GenericCryptoTest, KeyDurationSign) {
                                   clear_buffer_.size(), OEMCrypto_HMAC_SHA256,
                                   &signature[0], &signature_length));
  ASSERT_NE(expected_signature, signature);
+  ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED,
+            OEMCrypto_SelectKey(session_.session_id(),
+                                session_.license().keys[key_index].key_id,
+                                session_.license().keys[key_index].key_id_length));
 }

 TEST_F(GenericCryptoTest, KeyDurationVerify) {
@@ -3871,6 +3886,10 @@ TEST_F(GenericCryptoTest, KeyDurationVerify) {
            OEMCrypto_Generic_Verify(
                session_.session_id(), &clear_buffer_[0], clear_buffer_.size(),
                OEMCrypto_HMAC_SHA256, &signature[0], signature.size()));
+  ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED,
+            OEMCrypto_SelectKey(session_.session_id(),
+                                session_.license().keys[key_index].key_id,
+                                session_.license().keys[key_index].key_id_length));
 }

 const unsigned int kLongKeyId = 2;