Allow entitlement and entitled session to be the same

Merge from Widevine repo of http://go/wvgerrit/160720 For DRM, but not for CAS, we allow the entitlement session and the entitled session to be the same. Bug: 253471127 Bug: 246566056 Bug: 245018059 Bug: 242815450 Test: oemcrypto unit tests on oriole (all but CAS tests pass) Test: GTS Change-Id: Ib830484be8437b1c4ce34500ae912e6c119dcfc3
2022-11-08 21:09:44 -08:00
parent bc734e1f1f
commit 8f60d8124f
2 changed files with 40 additions and 11 deletions
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
@@ -2181,7 +2181,8 @@ TEST_P(OEMCryptoEntitlementLicenseTest,

  EntitledMessage entitled_message_1(&license_messages_);
  entitled_message_1.FillKeyArray();
-  entitled_message_1.SetEntitledKeySession(0);
+  const uint32_t wrong_key_session_id = key_session_id == 0 ? 1 : 0;
+  entitled_message_1.SetEntitledKeySession(wrong_key_session_id);
  ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(
      OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION));
 }
@@ -2195,7 +2196,8 @@ TEST_P(OEMCryptoEntitlementLicenseTest,

  EntitledMessage entitled_message_1(&license_messages_);
  entitled_message_1.FillKeyArray();
-  entitled_message_1.SetEntitledKeySession(0);
+  const uint32_t wrong_key_session_id = key_session_id == 0 ? 1 : 0;
+  entitled_message_1.SetEntitledKeySession(wrong_key_session_id);
  ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadCasKeys(
      /*load_even=*/true, /*load_odd=*/true,
      OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION));
@@ -2214,6 +2216,11 @@ TEST_P(OEMCryptoEntitlementLicenseTest,

  EntitledMessage entitled_message_1(&license_messages_);
  entitled_message_1.FillKeyArray();
+  if (session_.session_id() == key_session_id) {
+    GTEST_SKIP()
+        << "Skipping test because entitled and entitlement sessions are both "
+        << key_session_id << ".";
+  }
  entitled_message_1.SetEntitledKeySession(session_.session_id());
  ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(
      OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION));
@@ -3074,6 +3081,11 @@ TEST_P(OEMCryptoLicenseTest, SelectKeyEntitlementKeyAPI17) {
  entitled_message_1.SetEntitledKeySession(key_session_id);
  ASSERT_NO_FATAL_FAILURE(entitled_message_1.LoadKeys(OEMCrypto_SUCCESS));

+  if (session_.session_id() == key_session_id) {
+    GTEST_SKIP()
+        << "Skipping test because entitled and entitlement sessions are both "
+        << key_session_id << ".";
+  }
  ASSERT_NO_FATAL_FAILURE(session_.TestDecryptEntitled(
      OEMCrypto_ERROR_INVALID_CONTEXT, session_.session_id(),
      session_.license().keys[0].key_id,
@@ -3131,8 +3143,17 @@ TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) {
      strlen(content_key_id_1)));
  // Create another entitled key session.
  uint32_t key_session_id_2;
-  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession(
-                                   session_.session_id(), &key_session_id_2));
+  OEMCryptoResult status = OEMCrypto_CreateEntitledKeySession(
+      session_.session_id(), &key_session_id_2);
+  // For DRM, but not for CAS, we allow there to be only a single entitled
+  // session.
+  if (!global_features.supports_cas &&
+      (key_session_id_2 == key_session_id_1 ||
+       status == OEMCrypto_ERROR_TOO_MANY_SESSIONS)) {
+    GTEST_SKIP()
+        << "Skipping test because multiple entitled sessions not supported.";
+  }
+  ASSERT_EQ(OEMCrypto_SUCCESS, status);
  // Entitled key sessions should have unique ids.
  ASSERT_NE(key_session_id_1, key_session_id_2);

@@ -3234,11 +3255,12 @@ TEST_P(OEMCryptoLicenseTest,
  ASSERT_NO_FATAL_FAILURE(GenerateSimpleSampleDescription(
      in_buffer, out_buffer, &sample_description, &subsample_description));
  OEMCrypto_CENCEncryptPatternDesc pattern = {0, 0};
-
-  // Try to decrypt the data with oemcrypto session id.
-  EXPECT_EQ(OEMCrypto_DecryptCENC(session_.session_id(), &sample_description, 1,
-                                  &pattern),
-            OEMCrypto_ERROR_INVALID_CONTEXT);
+  if (global_features.supports_cas || session_.session_id() != key_session_id) {
+    // Try to decrypt the data with oemcrypto session id.
+    EXPECT_EQ(OEMCrypto_DecryptCENC(session_.session_id(), &sample_description,
+                                    1, &pattern),
+              OEMCrypto_ERROR_INVALID_CONTEXT);
+  }
  // Decrypt the data with entitled key session id succeed.
  EXPECT_EQ(
      OEMCrypto_DecryptCENC(key_session_id, &sample_description, 1, &pattern),
@@ -3269,8 +3291,14 @@ TEST_P(OEMCryptoLicenseTest, ReassociateEntitledKeySessionAPI17) {
  ASSERT_NO_FATAL_FAILURE(entitled_message.LoadKeys(OEMCrypto_SUCCESS));

  // Now reassociate the entitled key session to the second OEMCrypto session.
-  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_ReassociateEntitledKeySession(
-                                   key_session_id, session2.session_id()));
+  OEMCryptoResult status = OEMCrypto_ReassociateEntitledKeySession(
+      key_session_id, session2.session_id());
+  if (status == OEMCrypto_ERROR_NOT_IMPLEMENTED &&
+      !global_features.supports_cas) {
+    GTEST_SKIP() << "Skipping test because "
+                    "OEMCrypto_ReassociateEntitledKeySession not implemented.";
+  }
+  ASSERT_EQ(OEMCrypto_SUCCESS, status);
  // session2 does not have entitlement keys.
  ASSERT_NO_FATAL_FAILURE(
      entitled_message.LoadKeys(OEMCrypto_ERROR_INVALID_CONTEXT));