Merge latest oemcrypto-v17 change

No-Typo-Check: Not related to this change. Bug: 161477208 Change-Id: I99e4780f6855b7045aa0cd5a49c13d2d0d51ed64
2022-01-21 05:58:12 +00:00
parent c924960962
commit 642965c678
176 changed files with 301013 additions and 296749 deletions
--- a/libwvdrmengine/oemcrypto/test/oec_session_util.h
+++ b/libwvdrmengine/oemcrypto/test/oec_session_util.h
@@ -8,8 +8,10 @@
 // OEMCrypto unit tests
 //
 #include <gtest/gtest.h>
+#include <openssl/ec.h>
 #include <openssl/rsa.h>
 #include <time.h>
+
 #include <string>
 #include <vector>

@@ -54,13 +56,6 @@ constexpr int32_t kTimeTolerance = 3 * kSpeedMultiplier;
 constexpr int64_t kUsageTableTimeTolerance = 10 * kSpeedMultiplier;
 }  // namespace

-typedef struct {
-  uint8_t verification[4];
-  uint32_t duration;
-  uint32_t nonce;
-  uint32_t control_bits;
-} KeyControlBlock;
-
 // Note: The API does not specify a maximum key id length.  We specify a
 // maximum just for these tests, so that we have a fixed message size.
 constexpr size_t kTestKeyIdMaxLength = 16;
@@ -218,6 +213,9 @@ class RoundTrip {
  }

 protected:
+  // Returns true if a nonce should be generated before signing the request.
+  virtual bool RequestHasNonce() = 0;
+
  // ----------------------------------------------------------------------
  // Specialized functionality for each message type.

@@ -281,6 +279,7 @@ class ProvisioningRoundTrip
  void InjectFuzzedResponseData(const uint8_t* data, size_t size);

 protected:
+  bool RequestHasNonce() override { return true; }
  void VerifyRequestSignature(const vector<uint8_t>& data,
                              const vector<uint8_t>& generated_signature,
                              size_t core_message_length) override;
@@ -388,6 +387,7 @@ class LicenseRoundTrip
  void SetKeyId(size_t index, const string& key_id);

 protected:
+  bool RequestHasNonce() override { return true; }
  void VerifyRequestSignature(const vector<uint8_t>& data,
                              const vector<uint8_t>& generated_signature,
                              size_t core_message_length) override;
@@ -451,6 +451,7 @@ class RenewalRoundTrip
  void set_is_release(bool is_release) { is_release_ = is_release; }

 protected:
+  bool RequestHasNonce() override { return false; }
  void VerifyRequestSignature(const vector<uint8_t>& data,
                              const vector<uint8_t>& generated_signature,
                              size_t core_message_length) override;
@@ -469,18 +470,26 @@ class EntitledMessage {
      : license_messages_(license_messages), num_keys_() {}
  void FillKeyArray();
  void MakeOneKey(size_t entitlement_key_index);
+  void SetEntitledKeySession(uint32_t key_session) {
+    entitled_key_session_ = key_session;
+  }
  void LoadKeys(OEMCryptoResult expected_sts);
  OEMCryptoResult LoadKeys(const vector<uint8_t>& message);
  OEMCryptoResult LoadKeys();
  void EncryptContentKey();
+  void LoadCasKeys(bool load_even, bool load_odd, OEMCryptoResult expected_sts);
  void set_num_keys(uint32_t num_keys) { num_keys_ = num_keys; }
  uint32_t num_keys() const { return num_keys_; }
  void SetEntitlementKeyId(unsigned int index, const std::string& key_id);
+  void SetContentKeyId(unsigned int index, const std::string& key_id);
  OEMCrypto_EntitledContentKeyObject* entitled_key_array();
  // Returns entitled_key_data_ which is used as input message buffer to
  // load entitled content keys API.
  EntitledContentKeyData* entitled_key_data();
  size_t entitled_key_data_size();
+  // Verify that key control blocks of the loaded keys.
+  void VerifyEntitlementTestKeys();
+  void VerifyEntitlementTestKey(size_t index);

 private:
  // Find the offset of the give pointer, relative to |entitled_key_data_|.
@@ -498,6 +507,7 @@ class EntitledMessage {
  EntitledContentKeyData entitled_key_data_[kMaxNumKeys];
  // Entitled key object. Pointers are backed by |entitled_key_data_|.
  OEMCrypto_EntitledContentKeyObject entitled_key_array_[kMaxNumKeys];
+  uint32_t entitled_key_session_;
 };

 class Session {
@@ -508,6 +518,8 @@ class Session {
  // Returns the most recently generated nonce.
  // Valid after call to GenerateNonce.
  uint32_t nonce() const { return nonce_; }
+  // The nonce can be overridden.
+  void set_nonce(uint32_t nonce) { nonce_ = nonce; }
  // Valid after call to open().
  uint32_t session_id() const { return (uint32_t)session_id_; }
  // Call OEMCrypto_OpenSession, with GTest ASSERTs.
@@ -550,6 +562,11 @@ class Session {
  // the default test key is loaded.
  void PreparePublicKey(const uint8_t* rsa_key = nullptr,
                        size_t rsa_key_length = 0);
+  // Loads the specified RSA public key into public_rsa_.
+  void SetRsaPublicKey(const uint8_t* buffer, size_t length);
+  // Loads the specified EC public key into public_ec_.
+  void SetEcPublicKey(const uint8_t* buffer, size_t length);
+
  // Verifies the given signature is from the given message and RSA key, pkey.
  static bool VerifyPSSSignature(EVP_PKEY* pkey, const uint8_t* message,
                                 size_t message_length,
@@ -610,8 +627,8 @@ class Session {
  string pst() const { return pst_; }
  // Returns a pointer-like thing to the usage report generated by the previous
  // call to GenerateReport.
-  wvcdm::Unpacked_PST_Report pst_report() {
-    return wvcdm::Unpacked_PST_Report(&pst_report_buffer_[0]);
+  wvutil::Unpacked_PST_Report pst_report() {
+    return wvutil::Unpacked_PST_Report(&pst_report_buffer_[0]);
  }
  // Verify the values in the PST report.  The signature should have been
  // verified in GenerateReport, above.
@@ -651,9 +668,11 @@ class Session {
  OEMCrypto_SESSION session_id_;
  KeyDeriver key_deriver_;
  uint32_t nonce_;
-  RSA* public_rsa_;
+  // Only one of RSA or EC should be set.
+  RSA* public_rsa_ = nullptr;
+  EC_KEY* public_ec_ = nullptr;
  vector<uint8_t> pst_report_buffer_;
-  MessageData license_;
+  MessageData license_ = {};

  vector<uint8_t> encrypted_usage_entry_;
  uint32_t usage_entry_number_;