From 8f60d8124fec8dd20d5e9d35907f0f823351caf8 Mon Sep 17 00:00:00 2001 From: Fred Gylys-Colwell Date: Tue, 8 Nov 2022 21:09:44 -0800 Subject: [PATCH] Allow entitlement and entitled session to be the same Merge from Widevine repo of http://go/wvgerrit/160720 For DRM, but not for CAS, we allow the entitlement session and the entitled session to be the same. Bug: 253471127 Bug: 246566056 Bug: 245018059 Bug: 242815450 Test: oemcrypto unit tests on oriole (all but CAS tests pass) Test: GTS Change-Id: Ib830484be8437b1c4ce34500ae912e6c119dcfc3 --- .../oemcrypto/include/OEMCryptoCENC.h | 1 + .../oemcrypto/test/oemcrypto_test.cpp | 50 +++++++++++++++---- 2 files changed, 40 insertions(+), 11 deletions(-) diff --git a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h index dd5bc044..6faa650d 100644 --- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h +++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h @@ -932,6 +932,7 @@ OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session); * @retval OEMCrypto_SUCCESS success * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED * @retval OEMCrypto_ERROR_INVALID_SESSION + * @retval OEMCrypto_ERROR_TOO_MANY_SESSIONS * * @version * This method is new in API version 17. diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp index 97bed18e..985484a7 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp @@ -2181,7 +2181,8 @@ TEST_P(OEMCryptoEntitlementLicenseTest, EntitledMessage entitled_message_1(&license_messages_); entitled_message_1.FillKeyArray(); - entitled_message_1.SetEntitledKeySession(0); + const uint32_t wrong_key_session_id = key_session_id == 0 ? 1 : 0; + entitled_message_1.SetEntitledKeySession(wrong_key_session_id); ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys( OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION)); } @@ -2195,7 +2196,8 @@ TEST_P(OEMCryptoEntitlementLicenseTest, EntitledMessage entitled_message_1(&license_messages_); entitled_message_1.FillKeyArray(); - entitled_message_1.SetEntitledKeySession(0); + const uint32_t wrong_key_session_id = key_session_id == 0 ? 1 : 0; + entitled_message_1.SetEntitledKeySession(wrong_key_session_id); ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys( /*load_even=*/true, /*load_odd=*/true, OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION)); @@ -2214,6 +2216,11 @@ TEST_P(OEMCryptoEntitlementLicenseTest, EntitledMessage entitled_message_1(&license_messages_); entitled_message_1.FillKeyArray(); + if (session_.session_id() == key_session_id) { + GTEST_SKIP() + << "Skipping test because entitled and entitlement sessions are both " + << key_session_id << "."; + } entitled_message_1.SetEntitledKeySession(session_.session_id()); ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys( OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION)); @@ -3074,6 +3081,11 @@ TEST_P(OEMCryptoLicenseTest, SelectKeyEntitlementKeyAPI17) { entitled_message_1.SetEntitledKeySession(key_session_id); ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(OEMCrypto_SUCCESS)); + if (session_.session_id() == key_session_id) { + GTEST_SKIP() + << "Skipping test because entitled and entitlement sessions are both " + << key_session_id << "."; + } ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled( OEMCrypto_ERROR_INVALID_CONTEXT, session_.session_id(), session_.license().keys[0].key_id, @@ -3131,8 +3143,17 @@ TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) { strlen(content_key_id_1))); // Create another entitled key session. uint32_t key_session_id_2; - ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( - session_.session_id(), &key_session_id_2)); + OEMCryptoResult status = OEMCrypto_CreateEntitledKeySession( + session_.session_id(), &key_session_id_2); + // For DRM, but not for CAS, we allow there to be only a single entitled + // session. + if (!global_features.supports_cas && + (key_session_id_2 == key_session_id_1 || + status == OEMCrypto_ERROR_TOO_MANY_SESSIONS)) { + GTEST_SKIP() + << "Skipping test because multiple entitled sessions not supported."; + } + ASSERT_EQ(OEMCrypto_SUCCESS, status); // Entitled key sessions should have unique ids. ASSERT_NE(key_session_id_1, key_session_id_2); @@ -3234,11 +3255,12 @@ TEST_P(OEMCryptoLicenseTest, ASSERT_NO_FATAL_FAILURE(GenerateSimpleSampleDescription( in_buffer, out_buffer, &sample_description, &subsample_description)); OEMCrypto_CENCEncryptPatternDesc pattern = {0, 0}; - - // Try to decrypt the data with oemcrypto session id. - EXPECT_EQ(OEMCrypto_DecryptCENC(session_.session_id(), &sample_description, 1, - &pattern), - OEMCrypto_ERROR_INVALID_CONTEXT); + if (global_features.supports_cas || session_.session_id() != key_session_id) { + // Try to decrypt the data with oemcrypto session id. + EXPECT_EQ(OEMCrypto_DecryptCENC(session_.session_id(), &sample_description, + 1, &pattern), + OEMCrypto_ERROR_INVALID_CONTEXT); + } // Decrypt the data with entitled key session id succeed. EXPECT_EQ( OEMCrypto_DecryptCENC(key_session_id, &sample_description, 1, &pattern), @@ -3269,8 +3291,14 @@ TEST_P(OEMCryptoLicenseTest, ReassociateEntitledKeySessionAPI17) { ASSERT_NO_FATAL_FAILURE(entitled_message.LoadKeys(OEMCrypto_SUCCESS)); // Now reassociate the entitled key session to the second OEMCrypto session. - ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_ReassociateEntitledKeySession( - key_session_id, session2.session_id())); + OEMCryptoResult status = OEMCrypto_ReassociateEntitledKeySession( + key_session_id, session2.session_id()); + if (status == OEMCrypto_ERROR_NOT_IMPLEMENTED && + !global_features.supports_cas) { + GTEST_SKIP() << "Skipping test because " + "OEMCrypto_ReassociateEntitledKeySession not implemented."; + } + ASSERT_EQ(OEMCrypto_SUCCESS, status); // session2 does not have entitlement keys. ASSERT_NO_FATAL_FAILURE( entitled_message.LoadKeys(OEMCrypto_ERROR_INVALID_CONTEXT));