Add Shared License bit to key control block

Merge from widevine of http://go/wvgerrit/23184 This adds the shared license bit to the key control block for the reference code and the unit tests. b/31458046 Change-Id: I4e360ea5dd2e6cee145663d4ab4f384b65cac427
2017-01-27 15:20:03 -08:00
parent 3d977d999c
commit 650a0fdead
5 changed files with 68 additions and 18 deletions
--- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.cpp
+++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.cpp
@@ -433,6 +433,10 @@ OEMCryptoResult SessionContext::LoadKeys(

  StartTimer();

+  // If there are already keys installed in this session, then we can load
+  // a shared license.
+  bool second_license = (session_keys_.size() > 0);
+
  // Decrypt and install keys in key object
  // Each key will have a key control block.  They will all have the same nonce.
  OEMCryptoResult status = OEMCrypto_SUCCESS;
@@ -459,7 +463,7 @@ OEMCryptoResult SessionContext::LoadKeys(

    OEMCryptoResult result = InstallKey(
        key_id, enc_key_data, key_data_iv, key_control, key_control_iv,
-        key_array[i].cipher_mode == OEMCrypto_CipherMode_CTR);
+        key_array[i].cipher_mode == OEMCrypto_CipherMode_CTR, second_license);
    if (result != OEMCrypto_SUCCESS) {
      status = result;
      break;
@@ -505,7 +509,7 @@ OEMCryptoResult SessionContext::LoadKeys(
          return OEMCrypto_ERROR_WRONG_PST;
        }
        if (!usage_entry_->VerifyMacKeys(mac_key_server_, mac_key_client_)) {
-          LOGE("LoadKeys: Usage table entry does not match.\n");
+          LOGE("LoadKeys: Usage table entry mac keys do not match.\n");
          return OEMCrypto_ERROR_WRONG_KEYS;
        }
        if (usage_entry_->Inactive()) return OEMCrypto_ERROR_LICENSE_INACTIVE;
@@ -519,7 +523,8 @@ OEMCryptoResult SessionContext::InstallKey(
    const KeyId& key_id, const std::vector<uint8_t>& key_data,
    const std::vector<uint8_t>& key_data_iv,
    const std::vector<uint8_t>& key_control,
-    const std::vector<uint8_t>& key_control_iv, bool ctr_mode) {
+    const std::vector<uint8_t>& key_control_iv, bool ctr_mode,
+    bool second_license) {
  // Decrypt encrypted key_data using derived encryption key and offered iv
  std::vector<uint8_t> content_key;
  std::vector<uint8_t> key_control_str;
@@ -579,6 +584,13 @@ OEMCryptoResult SessionContext::InstallKey(
    return result;
  }

+  if (key_control_block.control_bits() & kSharedLicense) {
+    if (!second_license) {
+      LOGE("LoadKeys: Shared License, but no keys previously loaded.");
+      return OEMCrypto_ERROR_MISSING_MASTER;
+    }
+  }
+
  Key key(content_key, key_control_block, ctr_mode);
  session_keys_.Insert(key_id, key);
  return OEMCrypto_SUCCESS;
--- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.h
+++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.h
@@ -44,6 +44,7 @@ class SessionKeyTable {
  Key* Find(const KeyId key_id);
  void Remove(const KeyId key_id);
  void UpdateDuration(const KeyControlBlock& control);
+  size_t size() const { return keys_.size(); }

 private:
  KeyMap keys_;
@@ -144,7 +145,7 @@ class SessionContext {
                             const std::vector<uint8_t>& key_data_iv,
                             const std::vector<uint8_t>& key_control,
                             const std::vector<uint8_t>& key_control_iv,
-                             bool ctr_mode);
+                             bool ctr_mode, bool second_license);
  bool InstallRSAEncryptedKey(const uint8_t* encrypted_message_key,
                              size_t encrypted_message_key_length);
  bool DecryptRSAKey(const uint8_t* enc_rsa_key, size_t enc_rsa_key_length,
--- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_key_mock.cpp
+++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_key_mock.cpp
@@ -59,6 +59,8 @@ KeyControlBlock::KeyControlBlock(
    LOGD("  nonce:    %08X", nonce());
    LOGD("  magic:    %08X", verification());
    LOGD("  bits:     %08X", control_bits());
+    LOGD("  bit kSharedLicense %s.",
+         (control_bits() & kSharedLicense) ? "set" : "unset");
    LOGD("  bit kControlSRMVersionRequired %s.",
         (control_bits() & kControlSRMVersionRequired) ? "set" : "unset");
    LOGD("  bit kControlDisableAnalogOutput %s.",
--- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_key_mock.h
+++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_key_mock.h
@@ -15,6 +15,7 @@ const uint32_t kControlObserveDataPath = (1<<31);
 const uint32_t kControlObserveHDCP     = (1<<30);
 const uint32_t kControlObserveCGMS     = (1<<29);
 const uint32_t kControlRequireAntiRollbackHardware = (1<<28);
+const uint32_t kSharedLicense          = (1<<23);
 const uint32_t kControlSRMVersionRequired = (1<<22);
 const uint32_t kControlDisableAnalogOutput = (1<<21);
 const uint32_t kControlSecurityPatchLevelShift = 15;