widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add a DecryptCENC call after SelectKey for entitled sessions

Browse Source 
Merge from Widevine repo of http://go/wvgerrit/154874

We do not require an error to come from SelectKey immediately, it can
come from a following call to DecryptCENC. This adds a function
Session::TestDecryptCENC to be called instead of SelectKey for the tests
that use entitled sessions.

Bug: 232225906
Test: tested with http://go/ag/20420224

Change-Id: If5695a5034cce371b6eb6bcf1b6467d84456c21d
This commit is contained in:
Vicky Min
2022-11-08 13:56:10 -08:00
committed by Fred Gylys-Colwell
parent e88bcf51c8
commit 579b9144b5
3 changed files with 82 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
libwvdrmengine/oemcrypto/test/oec_session_util.cpp
View File

@@ -1588,6 +1588,42 @@ void Session::TestDecryptCTR(bool select_key_first,
} }
} }
void Session::TestDecryptEntitled(OEMCryptoResult expected_result,
OEMCrypto_SESSION session_id,
const uint8_t* content_key_id,
size_t content_key_id_length) {
OEMCryptoResult select_result = OEMCrypto_SUCCESS;
// Select the key (from FillSimpleMessage)
select_result = OEMCrypto_SelectKey(
session_id, reinterpret_cast<const uint8_t*>(content_key_id),
content_key_id_length, OEMCrypto_CipherMode_CENC);
vector<uint8_t> unencrypted_data;
vector<uint8_t> output_buffer;
vector<uint8_t> encrypted_data(kTestSubsampleSectionSize);
vector<uint8_t> in_buffer(256);
vector<uint8_t> out_buffer(in_buffer.size());
OEMCrypto_SampleDescription sample_description;
OEMCrypto_SubSampleDescription subsample_description;
ASSERT_NO_FATAL_FAILURE(GenerateSimpleSampleDescription(
in_buffer, out_buffer, &sample_description, &subsample_description));
OEMCrypto_CENCEncryptPatternDesc pattern = {0, 0};
EncryptCTR(unencrypted_data, content_key_id, &sample_description.iv[0],
&encrypted_data);
// Try to decrypt the data with oemcrypto session id.
const OEMCryptoResult decrypt_result =
OEMCrypto_DecryptCENC(session_id, &sample_description, 1, &pattern);
// We only have a few errors that we test are reported.
ASSERT_NO_FATAL_FAILURE(
TestDecryptResult(expected_result, select_result, decrypt_result))
<< "Either SelectKey or DecryptCENC should return " << expected_result
<< ", but they returned " << select_result << " and " << decrypt_result
<< ", respectively.";
}
void Session::TestDecryptResult(OEMCryptoResult expected_result, void Session::TestDecryptResult(OEMCryptoResult expected_result,
OEMCryptoResult actual_select_result, OEMCryptoResult actual_select_result,
OEMCryptoResult actual_decrypt_result) { OEMCryptoResult actual_decrypt_result) {

6
libwvdrmengine/oemcrypto/test/oec_session_util.h
View File

@@ -561,6 +561,12 @@ class Session {
void TestDecryptCTR(bool select_key_first = true, void TestDecryptCTR(bool select_key_first = true,
OEMCryptoResult expected_result = OEMCrypto_SUCCESS, OEMCryptoResult expected_result = OEMCrypto_SUCCESS,
size_t key_index = 0); size_t key_index = 0);
// Encrypt some data and pass to OEMCrypto_DecryptCENC to verify decryption
// for entitled sessions.
void TestDecryptEntitled(OEMCryptoResult expected_result = OEMCrypto_SUCCESS,
OEMCrypto_SESSION session = 0,
const uint8_t* content_key_id = nullptr,
size_t content_key_id_length = 0);
// Verify that an attempt to select an expired key either succeeds, or gives // Verify that an attempt to select an expired key either succeeds, or gives
// an actionable error code. // an actionable error code.
void TestSelectExpired(size_t key_index); void TestSelectExpired(size_t key_index);

90
libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
View File

@@ -3051,11 +3051,10 @@ TEST_P(OEMCryptoLicenseTest, SelectKeyEntitledKeyNotThereAPI17) {
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(OEMCrypto_SUCCESS)); ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(OEMCrypto_SUCCESS));
const char* content_key_id = "no_key"; const char* content_key_id = "no_key";
ASSERT_EQ( ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_ERROR_NO_CONTENT_KEY, OEMCrypto_ERROR_INVALID_CONTEXT, key_session_id,
OEMCrypto_SelectKey(key_session_id, reinterpret_cast<const uint8_t*>(content_key_id),
reinterpret_cast<const uint8_t*>(content_key_id), strlen(content_key_id)));
strlen(content_key_id), OEMCrypto_CipherMode_CENC));
} }
// Select key with entitlement license fails if the key id is entitilement key // Select key with entitlement license fails if the key id is entitilement key
@@ -3075,11 +3074,10 @@ TEST_P(OEMCryptoLicenseTest, SelectKeyEntitlementKeyAPI17) {
entitled_message_1.SetEntitledKeySession(key_session_id); entitled_message_1.SetEntitledKeySession(key_session_id);
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(OEMCrypto_SUCCESS)); ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(OEMCrypto_SUCCESS));
ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT, ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_SelectKey(session_.session_id(), OEMCrypto_ERROR_INVALID_CONTEXT, session_.session_id(),
session_.license().keys[0].key_id, session_.license().keys[0].key_id,
session_.license().keys[0].key_id_length, session_.license().keys[0].key_id_length));
OEMCrypto_CipherMode_CENC));
} }
// This verifies that entitled key sessions can be created and removed. // This verifies that entitled key sessions can be created and removed.
@@ -3127,11 +3125,10 @@ TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) {
entitled_message_1.SetContentKeyId(0, content_key_id_1); entitled_message_1.SetContentKeyId(0, content_key_id_1);
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(OEMCrypto_SUCCESS)); ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(OEMCrypto_SUCCESS));
// We can select content key 1 in entitled key session 1. // We can select content key 1 in entitled key session 1.
ASSERT_EQ( ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_SUCCESS, OEMCrypto_SUCCESS, key_session_id_1,
OEMCrypto_SelectKey(key_session_id_1, reinterpret_cast<const uint8_t*>(content_key_id_1),
reinterpret_cast<const uint8_t*>(content_key_id_1), strlen(content_key_id_1)));
strlen(content_key_id_1), OEMCrypto_CipherMode_CENC));
// Create another entitled key session. // Create another entitled key session.
uint32_t key_session_id_2; uint32_t key_session_id_2;
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
@@ -3146,23 +3143,20 @@ TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) {
entitled_message_2.SetContentKeyId(0, content_key_id_2); entitled_message_2.SetContentKeyId(0, content_key_id_2);
ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadKeys(OEMCrypto_SUCCESS)); ASSERT_NO_FATAL_FAILURE(entitled_message_2.LoadKeys(OEMCrypto_SUCCESS));
// We can select content key 2 in entitled key session 2. // We can select content key 2 in entitled key session 2.
ASSERT_EQ( ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_SUCCESS, OEMCrypto_SUCCESS, key_session_id_2,
OEMCrypto_SelectKey(key_session_id_2, reinterpret_cast<const uint8_t*>(content_key_id_2),
reinterpret_cast<const uint8_t*>(content_key_id_2), strlen(content_key_id_2)));
strlen(content_key_id_2), OEMCrypto_CipherMode_CENC));
// Content key id 1 is not in entitled key session 2. // Content key id 1 is not in entitled key session 2.
ASSERT_EQ( ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_ERROR_NO_CONTENT_KEY, OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id_2,
OEMCrypto_SelectKey(key_session_id_2, reinterpret_cast<const uint8_t*>(content_key_id_1),
reinterpret_cast<const uint8_t*>(content_key_id_1), strlen(content_key_id_1)));
strlen(content_key_id_1), OEMCrypto_CipherMode_CENC));
// Content key id 2 is not in entitled key session 1. // Content key id 2 is not in entitled key session 1.
ASSERT_EQ( ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_ERROR_NO_CONTENT_KEY, OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id_1,
OEMCrypto_SelectKey(key_session_id_1, reinterpret_cast<const uint8_t*>(content_key_id_2),
reinterpret_cast<const uint8_t*>(content_key_id_2), strlen(content_key_id_2)));
strlen(content_key_id_2), OEMCrypto_CipherMode_CENC));
} }
// This verifies that within an entitled key session, each entitlement key can // This verifies that within an entitled key session, each entitlement key can
@@ -3186,28 +3180,25 @@ TEST_P(OEMCryptoLicenseTest,
entitled_message_1.SetContentKeyId(0, content_key_id_1); entitled_message_1.SetContentKeyId(0, content_key_id_1);
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(OEMCrypto_SUCCESS)); ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(OEMCrypto_SUCCESS));
// We can select content key 1 in entitled key session. // We can select content key 1 in entitled key session.
ASSERT_EQ( ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_SUCCESS, OEMCrypto_SUCCESS, key_session_id,
OEMCrypto_SelectKey(key_session_id, reinterpret_cast<const uint8_t*>(content_key_id_1),
reinterpret_cast<const uint8_t*>(content_key_id_1), strlen(content_key_id_1)));
strlen(content_key_id_1), OEMCrypto_CipherMode_CENC));
// Load content key with new content id. // Load content key with new content id.
const char* content_key_id_2 = "content_key_id_2"; const char* content_key_id_2 = "content_key_id_2";
entitled_message_1.SetContentKeyId(0, content_key_id_2); entitled_message_1.SetContentKeyId(0, content_key_id_2);
ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(OEMCrypto_SUCCESS)); ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(OEMCrypto_SUCCESS));
// We can select content key 2 in entitled key session. // We can select content key 2 in entitled key session.
ASSERT_EQ( ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_SUCCESS, OEMCrypto_SUCCESS, key_session_id,
OEMCrypto_SelectKey(key_session_id, reinterpret_cast<const uint8_t*>(content_key_id_2),
reinterpret_cast<const uint8_t*>(content_key_id_2), strlen(content_key_id_2)));
strlen(content_key_id_2), OEMCrypto_CipherMode_CENC));
// Content key one is no longer in the entitled key session as they use the // Content key one is no longer in the entitled key session as they use the
// same entitlement key. // same entitlement key.
ASSERT_EQ( ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_ERROR_NO_CONTENT_KEY, OEMCrypto_ERROR_NO_CONTENT_KEY, key_session_id,
OEMCrypto_SelectKey(key_session_id, reinterpret_cast<const uint8_t*>(content_key_id_1),
reinterpret_cast<const uint8_t*>(content_key_id_1), strlen(content_key_id_1)));
strlen(content_key_id_1), OEMCrypto_CipherMode_CENC));
} }
// Decrypt should fail if the license is entitlement license, and the decrypt // Decrypt should fail if the license is entitlement license, and the decrypt
@@ -3231,11 +3222,10 @@ TEST_P(OEMCryptoLicenseTest,
const char* content_key_id = "content_key_id"; const char* content_key_id = "content_key_id";
entitled_message.SetContentKeyId(0, content_key_id); entitled_message.SetContentKeyId(0, content_key_id);
ASSERT_NO_FATAL_FAILURE(entitled_message.LoadKeys(OEMCrypto_SUCCESS)); ASSERT_NO_FATAL_FAILURE(entitled_message.LoadKeys(OEMCrypto_SUCCESS));
ASSERT_EQ( ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
OEMCrypto_SUCCESS, OEMCrypto_SUCCESS, key_session_id,
OEMCrypto_SelectKey(key_session_id, reinterpret_cast<const uint8_t*>(content_key_id),
reinterpret_cast<const uint8_t*>(content_key_id), strlen(content_key_id)));
strlen(content_key_id), OEMCrypto_CipherMode_CENC));
vector<uint8_t> in_buffer(256); vector<uint8_t> in_buffer(256);
vector<uint8_t> out_buffer(in_buffer.size()); vector<uint8_t> out_buffer(in_buffer.size());