widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use mac keys from usage entry if keys are not loaded

Browse Source 
Merge from Widevine repo of http://go/wvgerrit/27461

In order to sign a license release message, the mac keys from the
usage entry should be used whenever keys have not been loaded.

This CL updates the reference code, the unit tests, and the level 3
oemcrypto.

b/38203566
Test: unit tests passing on bullhead.

Change-Id: Ic71fee4b4b7b45801548ab80fbbbf8f4ccab3e6e
This commit is contained in:
Fred Gylys-Colwell
2017-05-19 15:56:11 -07:00
parent 45c98e47f2
commit 8138df1c86
4 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.cpp
View File

@@ -192,9 +192,14 @@ bool SessionContext::GenerateSignature(const uint8_t* message,
return false;
}
if (mac_key_client_.empty() ||
mac_key_client_.size() != wvcdm::MAC_KEY_SIZE) {
LOGE("[GenerateSignature(): No MAC Key]");
const uint8_t *mac_key = NULL;
if (mac_key_client_.size() == wvcdm::MAC_KEY_SIZE) {
// If we have a mac key, use it.
mac_key = &mac_key_client_[0];
} else if (usage_entry_status_ == kUsageEntryLoaded) {
// If not, but we have a usage entry, use its key.
mac_key = usage_entry_->mac_key_client();
} else {
return false;
}
@@ -204,7 +209,7 @@ bool SessionContext::GenerateSignature(const uint8_t* message,
}
unsigned int md_len = *signature_length;
if (HMAC(EVP_sha256(), &mac_key_client_[0], mac_key_client_.size(), message,
if (HMAC(EVP_sha256(), mac_key, wvcdm::MAC_KEY_SIZE, message,
message_length, signature, &md_len)) {
*signature_length = md_len;
return true;

2
libwvdrmengine/oemcrypto/mock/src/oemcrypto_usage_table_mock.h
View File

@@ -69,6 +69,8 @@ class UsageTableEntry {
void set_index(int32_t index) { data_.index = index; }
uint32_t index() { return data_.index; }
static size_t SignedEntrySize();
const uint8_t* mac_key_server() { return data_.mac_key_server; }
const uint8_t* mac_key_client() { return data_.mac_key_client; }
private:
UsageTable* usage_table_; // Owner of this object.

3
libwvdrmengine/oemcrypto/test/oec_session_util.cpp
View File

@@ -927,6 +927,9 @@ void Session::GenerateReport(const std::string& pst,
EXPECT_GE(kHardwareSecureClock, pst_report().clock_security_level());
EXPECT_EQ(pst.length(), pst_report().pst_length());
EXPECT_EQ(0, memcmp(pst.c_str(), pst_report().pst(), pst.length()));
// Also, we the session to be able to sign the release message with the
// correct mac keys from the usage table entry.
ASSERT_NO_FATAL_FAILURE(VerifyClientSignature());
}
void Session::VerifyPST(const Test_PST_Report& expected) {

3
libwvdrmengine/oemcrypto/test/oec_session_util.h
View File

@@ -293,7 +293,8 @@ class Session {
wvcdm::Unpacked_PST_Report pst_report() {
return wvcdm::Unpacked_PST_Report(&pst_report_buffer_[0]);
}
// Verify the PST report.
// Verify the values in the PST report. The signature should have been
// verified in GenerateReport, above.
void VerifyPST(const Test_PST_Report& report);
// Generate and Verify the Usage Report. If any time is greater than 10
// minutes, it is assumed to be an absolute time, and time_since will be