diff --git a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.cpp b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.cpp index 4a809853..4b9c897f 100644 --- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.cpp +++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.cpp @@ -715,7 +715,7 @@ OEMCryptoResult SessionContext::LoadEntitledContentKeys( key_data->content_key_id, key_data->content_key_id + key_data->content_key_id_length); if (!DecryptMessage(*entitlement_key, iv, encrypted_content_key, - &content_key)) { + &content_key, 256 /* key size */)) { return OEMCrypto_ERROR_UNKNOWN_FAILURE; } if (!session_keys_->SetContentKey(entitlement_key_id, content_key_id, @@ -735,7 +735,8 @@ OEMCryptoResult SessionContext::InstallKey( std::vector content_key; std::vector key_control_str; - if (!DecryptMessage(encryption_key_, key_data_iv, key_data, &content_key)) { + if (!DecryptMessage(encryption_key_, key_data_iv, key_data, &content_key, + 128 /* key size */)) { LOGE("[Installkey(): Could not decrypt key data]"); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } @@ -758,7 +759,7 @@ OEMCryptoResult SessionContext::InstallKey( return OEMCrypto_ERROR_INVALID_CONTEXT; } if (!DecryptMessage(content_key, key_control_iv, key_control, - &key_control_str)) { + &key_control_str, 128 /* key size */)) { LOGE("[Installkey(): ERROR: Could not decrypt content key]"); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } @@ -890,7 +891,7 @@ OEMCryptoResult SessionContext::RefreshKey( LOGD("Key control block is encrypted."); } if (!DecryptMessage(content_key_value, key_control_iv, key_control, - &control)) { + &control, 128 /* key size */)) { if (LogCategoryEnabled(kLoggingDumpKeyControlBlocks)) { LOGD("Error decrypting key control block."); } @@ -1179,7 +1180,8 @@ bool SessionContext::UpdateMacKeys(const std::vector& enc_mac_keys, const std::vector& iv) { // Decrypt mac key from enc_mac_key using device_keya std::vector mac_keys; - if (!DecryptMessage(encryption_key_, iv, enc_mac_keys, &mac_keys)) { + if (!DecryptMessage(encryption_key_, iv, enc_mac_keys, &mac_keys, + 128 /* key size */)) { return false; } mac_key_server_ = std::vector( @@ -1327,7 +1329,8 @@ OEMCryptoResult SessionContext::CopyOldUsageEntry( bool SessionContext::DecryptMessage(const std::vector& key, const std::vector& iv, const std::vector& message, - std::vector* decrypted) { + std::vector* decrypted, + uint32_t key_size) { if (key.empty() || iv.empty() || message.empty() || !decrypted) { LOGE("[DecryptMessage(): OEMCrypto_ERROR_INVALID_CONTEXT]"); return false; @@ -1336,7 +1339,7 @@ bool SessionContext::DecryptMessage(const std::vector& key, uint8_t iv_buffer[16]; memcpy(iv_buffer, &iv[0], 16); AES_KEY aes_key; - AES_set_decrypt_key(&key[0], key.size() * 8, &aes_key); + AES_set_decrypt_key(&key[0], key_size, &aes_key); AES_cbc_encrypt(&message[0], &(decrypted->front()), message.size(), &aes_key, iv_buffer, AES_DECRYPT); return true; diff --git a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.h b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.h index ea653a50..86625e8e 100644 --- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.h +++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.h @@ -189,7 +189,8 @@ class SessionContext { bool DecryptMessage(const std::vector& key, const std::vector& iv, const std::vector& message, - std::vector* decrypted); + std::vector* decrypted, + uint32_t key_size); // AES key size, in bits. // Either verify the nonce or usage entry, as required by the key control // block. OEMCryptoResult CheckNonceOrEntry(const KeyControlBlock& key_control_block); diff --git a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp index bcfa5330..72771c0d 100644 --- a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp +++ b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp @@ -105,8 +105,9 @@ Session::Session() enc_key_(wvcdm::KEY_SIZE), public_rsa_(0), message_size_(sizeof(MessageData)), - num_keys_(4) { // Most tests only use 4 keys. - // Other tests will explicitly call set_num_keys. + num_keys_(4), // Most tests only use 4 keys. + // Other tests will explicitly call set_num_keys. + has_entitlement_license_(false) { // Stripe the padded message. for (size_t i = 0; i < sizeof(padded_message_.padding); i++) { padded_message_.padding[i] = i % 0x100; @@ -310,6 +311,7 @@ void Session::LoadEnitlementTestKeys(const std::string& pst, } void Session::FillEntitledKeyArray() { + has_entitlement_license_ = true; for (size_t i = 0; i < num_keys_; ++i) { EntitledContentKeyData* key_data = &entitled_key_data_[i]; @@ -594,10 +596,10 @@ void Session::EncryptAndSign() { AES_cbc_encrypt(&license_.mac_keys[0], &encrypted_license().mac_keys[0], 2 * wvcdm::MAC_KEY_SIZE, &aes_key, iv_buffer, AES_ENCRYPT); + int key_size = has_entitlement_license() ? 256 : 128; for (unsigned int i = 0; i < num_keys_; i++) { memcpy(iv_buffer, &license_.keys[i].control_iv[0], wvcdm::KEY_IV_SIZE); - AES_set_encrypt_key(&license_.keys[i].key_data[0], - license_.keys[i].key_data_length * 8, &aes_key); + AES_set_encrypt_key(&license_.keys[i].key_data[0], key_size, &aes_key); AES_cbc_encrypt( reinterpret_cast(&license_.keys[i].control), reinterpret_cast(&encrypted_license().keys[i].control), diff --git a/libwvdrmengine/oemcrypto/test/oec_session_util.h b/libwvdrmengine/oemcrypto/test/oec_session_util.h index 15c123ac..c4b35f44 100644 --- a/libwvdrmengine/oemcrypto/test/oec_session_util.h +++ b/libwvdrmengine/oemcrypto/test/oec_session_util.h @@ -370,6 +370,9 @@ class Session { // The size of the encrypted message. size_t message_size() { return message_size_; } + // If this session has an entitlement license. + bool has_entitlement_license() const { return has_entitlement_license_; } + private: // Generate mac and enc keys give the master key. void DeriveKeys(const uint8_t* master_key, @@ -399,6 +402,7 @@ class Session { vector encrypted_usage_entry_; uint32_t usage_entry_number_; string pst_; + bool has_entitlement_license_; // Clear Entitlement key data. This is the backing data for // |entitled_key_array_|.