Refresh Current Key in Level 3 am: 38b5e8c71c

am: 9dec53c46c Change-Id: I93173fbb539bc1ac5ed1e41b3693d4bc9fede542
2017-05-05 01:56:10 +00:00
parent 6707a84d55 9dec53c46c
commit 5f1e21e1f1
9 changed files with 50 additions and 28 deletions
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
@@ -1528,6 +1528,49 @@ TEST_P(SessionTestRefreshKeyTest, RefreshLargeBuffer) {
                                            s.get_nonce(), OEMCrypto_SUCCESS));
 }

+// This situation would occur if an app only uses one key in the license.  When
+// that happens, SelectKey would be called before the first decrypt, and then
+// would not need to be called again, even if the license is refreshed.
+TEST_P(SessionTestRefreshKeyTest, RefreshWithNoSelectKey) {
+  Session s;
+  ASSERT_NO_FATAL_FAILURE(s.open());
+  ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s));
+  ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(
+      kDuration, wvoec_mock::kControlNonceEnabled, s.get_nonce()));
+  ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign());
+  ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", new_mac_keys_));
+  // Call select key before the refresh.  No calls below to TestDecryptCTR with
+  // select key set to true.
+  ASSERT_NO_FATAL_FAILURE(s.TestDecryptCTR(true));
+
+  s.GenerateNonce();
+  // License renewal message is signed by client and verified by the server.
+  ASSERT_NO_FATAL_FAILURE(s.VerifyClientSignature());
+  // Note: we store the message in encrypted_license_, but the refresh key
+  // message is not actually encrypted.  It is, however, signed.
+  // FillRefreshMessage fills the message with a duration of kLongDuration.
+  ASSERT_NO_FATAL_FAILURE(s.FillRefreshMessage(
+      num_keys_, wvoec_mock::kControlNonceEnabled, s.get_nonce()));
+  s.ServerSignBuffer(reinterpret_cast<const uint8_t*>(&s.encrypted_license()),
+                     s.message_size(), &s.signature());
+  OEMCrypto_KeyRefreshObject key_array[num_keys_];
+  s.FillRefreshArray(key_array, num_keys_);
+  ASSERT_EQ(OEMCrypto_SUCCESS,
+            OEMCrypto_RefreshKeys(s.session_id(), s.message_ptr(),
+                                  s.message_size(), &s.signature()[0],
+                                  s.signature().size(), num_keys_, key_array));
+  ASSERT_NO_FATAL_FAILURE(s.TestDecryptCTR(false));
+  //  This should still be valid key, even if the refresh failed, because this
+  //  is before the original license duration.
+  sleep(kShortSleep);
+  ASSERT_NO_FATAL_FAILURE(s.TestDecryptCTR(false));
+  // This should be after duration of the original license, but before the
+  // expiration of the refresh message.  This should succeed if and only if the
+  // refresh succeeded.
+  sleep(kShortSleep + kLongSleep);
+  ASSERT_NO_FATAL_FAILURE(s.TestDecryptCTR(false));
+}
+
 // Of only one key control block in the refesh, we update all the keys.
 INSTANTIATE_TEST_CASE_P(TestRefreshAllKeys, SessionTestRefreshKeyTest,
                        Values(std::make_pair(true, 1),