Use mac keys from usage entry if keys are not loaded

Merge from Widevine repo of http://go/wvgerrit/27461

In order to sign a license release message, the mac keys from the
usage entry should be used whenever keys have not been loaded.

This CL updates the reference code, the unit tests, and the level 3
oemcrypto.

b/38203566
Test: unit tests passing on bullhead.

Change-Id: Ic71fee4b4b7b45801548ab80fbbbf8f4ccab3e6e

libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.cpp

@@ -192,9 +192,14 @@ bool SessionContext::GenerateSignature(const uint8_t* message,
     return false;
   }
 
-  if (mac_key_client_.empty() ||
+  const uint8_t *mac_key = NULL;
-      mac_key_client_.size() != wvcdm::MAC_KEY_SIZE) {
+  if (mac_key_client_.size() == wvcdm::MAC_KEY_SIZE) {
-    LOGE("[GenerateSignature(): No MAC Key]");
+    // If we have a mac key, use it.
+    mac_key = &mac_key_client_[0];
+  } else if (usage_entry_status_ == kUsageEntryLoaded) {
+    // If not, but we have a usage entry, use its key.
+    mac_key = usage_entry_->mac_key_client();
+  } else {
     return false;
   }
 
@@ -204,7 +209,7 @@ bool SessionContext::GenerateSignature(const uint8_t* message,
   }
 
   unsigned int md_len = *signature_length;
-  if (HMAC(EVP_sha256(), &mac_key_client_[0], mac_key_client_.size(), message,
+  if (HMAC(EVP_sha256(), mac_key, wvcdm::MAC_KEY_SIZE, message,
            message_length, signature, &md_len)) {
     *signature_length = md_len;
     return true;

libwvdrmengine/oemcrypto/mock/src/oemcrypto_usage_table_mock.h

@@ -69,6 +69,8 @@ class UsageTableEntry {
   void set_index(int32_t index) { data_.index = index; }
   uint32_t index() { return data_.index; }
   static size_t SignedEntrySize();
+  const uint8_t* mac_key_server() { return data_.mac_key_server; }
+  const uint8_t* mac_key_client() { return data_.mac_key_client; }
 
  private:
   UsageTable* usage_table_;  // Owner of this object.

libwvdrmengine/oemcrypto/test/oec_session_util.cpp

@@ -927,6 +927,9 @@ void Session::GenerateReport(const std::string& pst,
   EXPECT_GE(kHardwareSecureClock, pst_report().clock_security_level());
   EXPECT_EQ(pst.length(), pst_report().pst_length());
   EXPECT_EQ(0, memcmp(pst.c_str(), pst_report().pst(), pst.length()));
+  // Also, we the session to be able to sign the release message with the
+  // correct mac keys from the usage table entry.
+  ASSERT_NO_FATAL_FAILURE(VerifyClientSignature());
 }
 
 void Session::VerifyPST(const Test_PST_Report& expected) {

libwvdrmengine/oemcrypto/test/oec_session_util.h

@@ -293,7 +293,8 @@ class Session {
   wvcdm::Unpacked_PST_Report pst_report() {
     return wvcdm::Unpacked_PST_Report(&pst_report_buffer_[0]);
   }
-  // Verify the PST report.
+  // Verify the values in the PST report.  The signature should have been
+  // verified in GenerateReport, above.
   void VerifyPST(const Test_PST_Report& report);
   // Generate and Verify the Usage Report. If any time is greater than 10
   // minutes, it is assumed to be an absolute time, and time_since will be