Add unit test for clear KCB in LS SDK 16.4 response

This is a merge from: https://widevine-internal-review.googlesource.com/c/cdm/+/152897 and http://go/wvgerrit/153709 Adding a new OEMCrypto unit test will allow partners to correct a problem earlier in their integration. Verifies current oemcrypto implementation handles clear KCB in a mocked 16.4 license response. Unit test release date updated to 2022-06-17. Test: run_x86_64_tests; opk_ta Bug: 235870170 Bug: 234645065 Change-Id: I59fef2c25f5c007624447d4f46147d96adeddad9
2022-06-17 14:30:19 -07:00
parent cd593979e9
commit 8c4c238324
3 changed files with 74 additions and 9 deletions
--- a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp
+++ b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp
@@ -28,7 +28,6 @@
 #include "OEMCryptoCENC.h"
 #include "clock.h"
 #include "core_message_deserialize.h"
-#include "core_message_features.h"
 #include "core_message_serialize.h"
 #include "disallow_copy_and_assign.h"
 #include "log.h"
@@ -770,7 +769,7 @@ void LicenseRoundTrip::FillCoreResponseSubstrings() {
  }
 }

-void LicenseRoundTrip::EncryptAndSignResponse() {
+void LicenseRoundTrip::EncryptResponse(bool force_clear_kcb) {
  ASSERT_NO_FATAL_FAILURE(session_->GenerateDerivedKeysFromSessionKey());
  encrypted_response_data_ = response_data_;
  uint8_t iv_buffer[KEY_IV_SIZE];
@@ -786,7 +785,8 @@ void LicenseRoundTrip::EncryptAndSignResponse() {
    // Fuzzing skip encryption: key_data_length being a random value will
    // encrypt data which is not expected to, there by leading to inefficient
    // fuzzing.
-    if (response_data_.keys[i].key_data_length <=
+    if (!force_clear_kcb &&
+        response_data_.keys[i].key_data_length <=
            sizeof(response_data_.keys[i].key_data) &&
        response_data_.keys[i].key_data_length % 16 == 0) {
      memcpy(iv_buffer, &response_data_.keys[i].control_iv[0], KEY_IV_SIZE);
@@ -811,6 +811,10 @@ void LicenseRoundTrip::EncryptAndSignResponse() {
          response_data_.keys[i].key_iv);
    }
  }
+}
+
+void LicenseRoundTrip::CreateCoreLicenseResponseWithFeatures(
+    const CoreMessageFeatures& features) {
  if (api_version_ < kCoreMessagesAPI) {
    serialized_core_message_.resize(0);
  } else {
@@ -823,11 +827,6 @@ void LicenseRoundTrip::EncryptAndSignResponse() {
    }
    std::string request_hash_string(
        reinterpret_cast<const char*>(request_hash_), sizeof(request_hash_));
-    // We might try to test a future api_version_, but we can only make a core
-    // message with at most the current ODK version. This is only done to verify
-    // that OEMCrypto does not attempt to load a future version.
-    CoreMessageFeatures features = CoreMessageFeatures::DefaultFeatures(
-        std::min(api_version_, static_cast<uint32_t>(ODK_MAJOR_VERSION)));
    ASSERT_TRUE(oemcrypto_core_message::serialize::CreateCoreLicenseResponse(
        features, core_response_, core_request_, request_hash_string,
        &serialized_core_message_));
@@ -836,7 +835,9 @@ void LicenseRoundTrip::EncryptAndSignResponse() {
    serialized_core_message_.resize(
        std::max(required_core_message_size_, serialized_core_message_.size()));
  }
+}

+void LicenseRoundTrip::SignEncryptedResponse() {
  // Make the message buffer a just big enough, or the
  // required size, whichever is larger.
  const size_t message_size =
@@ -860,6 +861,24 @@ void LicenseRoundTrip::EncryptAndSignResponse() {
                                            &response_signature_);
 }

+void LicenseRoundTrip::EncryptAndSignResponse() {
+  EncryptResponse();
+  // We might try to test a future api_version_, but we can only make a core
+  // message with at most the current ODK version. This is only done to verify
+  // that OEMCrypto does not attempt to load a future version.
+  CoreMessageFeatures features = CoreMessageFeatures::DefaultFeatures(
+      std::min(api_version_, static_cast<uint32_t>(ODK_MAJOR_VERSION)));
+  CreateCoreLicenseResponseWithFeatures(features);
+  SignEncryptedResponse();
+}
+
+void LicenseRoundTrip::EncryptAndSignResponseWithCoreMessageFeatures(
+    const CoreMessageFeatures& features, bool force_clear_kcb) {
+  EncryptResponse(force_clear_kcb);
+  CreateCoreLicenseResponseWithFeatures(features);
+  SignEncryptedResponse();
+}
+
 OEMCryptoResult LicenseRoundTrip::LoadResponse(Session* session) {
  return LoadResponse(session, true);
 }