widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Key Control Verification String

Browse Source 
Merge from widevine repo of http://go/wvgerrit/22382

This updates the key control verification string in the haystack, in
the reference oemcrypto (mock), and in the oemcrypto unit tests.

The unit tests now set the key control block to be kc12 for all
licenses if the API is set to version 12.  Previously, we only used
the more recent verification codes if the key control block used
recent features.

This should help prevent future incidents like b/32830469.

Change-Id: I6c215b4058445a6d807610af94457598f26d591a
This commit is contained in:
Fred Gylys-Colwell
2016-11-29 16:10:13 -08:00
parent 08ad98cad9
commit 7fc037f1a9
2 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
libwvdrmengine/oemcrypto/test/oec_session_util.cpp
View File

@@ -307,7 +307,12 @@ void Session::FillSimpleMessage(uint32_t duration, uint32_t control,
sizeof(license_.keys[i].key_iv)));
EXPECT_EQ(1, RAND_pseudo_bytes(license_.keys[i].control_iv,
sizeof(license_.keys[i].control_iv)));
if (control & wvoec_mock::kControlSecurityPatchLevelMask) {
// For version 12, we require OEMCrypto to handle kc12 for all licenses.
if (global_features.api_version == 12) {
memcpy(license_.keys[i].control.verification, "kc12", 4);
} else if (control & wvoec_mock::kControlSecurityPatchLevelMask) {
// For versions before 12, we require the special key control block only
// when there are newer features present.
memcpy(license_.keys[i].control.verification, "kc11", 4);
} else if (control & wvoec_mock::kControlRequireAntiRollbackHardware) {
memcpy(license_.keys[i].control.verification, "kc10", 4);
@@ -331,7 +336,14 @@ void Session::FillRefreshMessage(size_t key_count, uint32_t control_bits,
encrypted_license().keys[i].key_id_length = license_.keys[i].key_id_length;
memcpy(encrypted_license().keys[i].key_id, license_.keys[i].key_id,
encrypted_license().keys[i].key_id_length);
memcpy(encrypted_license().keys[i].control.verification, "kctl", 4);
if (global_features.api_version == 12) {
// For version 12, we require OEMCrypto to handle kc12 for all licenses.
memcpy(encrypted_license().keys[i].control.verification, "kc12", 4);
} else {
// For versions before 12, we require the special key control block only
// when there are newer features present.
memcpy(encrypted_license().keys[i].control.verification, "kctl", 4);
}
encrypted_license().keys[i].control.duration = htonl(kLongDuration);
encrypted_license().keys[i].control.nonce = htonl(nonce);
encrypted_license().keys[i].control.control_bits = htonl(control_bits);