Add Entitlement License to OEMCrypto

This CL adds entitlement license features and moves cipher mode from LoadKeys to SelectKeys. Merge from Widevine repo of http://go/wvgerrit/41660 bug: 70334840 Entitlement License - cdm layer bug: 70334345 Entitlement License - reference code and unit tests test: Entitlement license unit tests pass. Change-Id: Ic7d7f42c15e6d83ef7fcfd8a866c778adc4c8095
2018-01-23 15:55:43 -08:00
parent 95fa4ffca9
commit 979ed70c7b
11 changed files with 1136 additions and 595 deletions
--- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.h
+++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.h
@@ -30,6 +30,34 @@ typedef uint32_t SessionId;

 enum SRMVersionStatus { NoSRMVersion, ValidSRMVersion, InvalidSRMVersion };

+// TODO(jfore): Is there a better name?
+class SessionContextKeys {
+ public:
+  virtual OEMCrypto_LicenseType type() = 0;
+  virtual size_t size() = 0;
+  virtual bool Insert(const KeyId& key_id, const Key& key_data) = 0;
+  virtual Key* Find(const KeyId& key_id) = 0;
+  virtual void Remove(const KeyId& key_id) = 0;
+  virtual void UpdateDuration(const KeyControlBlock& control) = 0;
+
+  // Methods supported exclusively for entitlement keys. Returns false if
+  // entitlement keys are not found or not supported by the current key table.
+  // It is the caller's responsibility to check the context.
+  virtual bool SetContentKey(const KeyId& entitlement_id,
+                             const KeyId& content_key_id,
+                             const std::vector<uint8_t>& content_key) = 0;
+  virtual bool GetEntitlementKey(const KeyId& entitlement_id,
+                                 const std::vector<uint8_t>** key) = 0;
+
+  virtual ~SessionContextKeys() {}
+
+ protected:
+  SessionContextKeys() {}
+
+ private:
+  CORE_DISALLOW_COPY_AND_ASSIGN(SessionContextKeys);
+};
+
 class SessionContext {
 private:
  SessionContext() {}
@@ -40,6 +68,7 @@ class SessionContext {
        ce_(ce),
        id_(sid),
        current_content_key_(NULL),
+        session_keys_(NULL),
        rsa_key_(rsa_key),
        allowed_schemes_(kSign_RSASSA_PSS),
        usage_entry_(NULL),
@@ -89,19 +118,22 @@ class SessionContext {
                                 size_t signature_length);
  void StartTimer();
  uint32_t CurrentTimer();  // (seconds).
-  OEMCryptoResult LoadKeys(const uint8_t* message, size_t message_length,
-                           const uint8_t* signature, size_t signature_length,
-                           const uint8_t* enc_mac_key_iv,
-                           const uint8_t* enc_mac_keys, size_t num_keys,
-                           const OEMCrypto_KeyObject* key_array,
-                           const uint8_t* pst, size_t pst_length,
-                           const uint8_t* srm_requirement);
+  OEMCryptoResult LoadKeys(
+      const uint8_t* message, size_t message_length, const uint8_t* signature,
+      size_t signature_length, const uint8_t* enc_mac_key_iv,
+      const uint8_t* enc_mac_keys, size_t num_keys,
+      const OEMCrypto_KeyObject* key_array, const uint8_t* pst,
+      size_t pst_length, const uint8_t* srm_requirement,
+      OEMCrypto_LicenseType license_type);
+  OEMCryptoResult LoadEntitledContentKeys(
+      size_t num_keys,
+      const OEMCrypto_EntitledContentKeyObject* key_array);
  OEMCryptoResult InstallKey(const KeyId& key_id,
                             const std::vector<uint8_t>& key_data,
                             const std::vector<uint8_t>& key_data_iv,
                             const std::vector<uint8_t>& key_control,
                             const std::vector<uint8_t>& key_control_iv,
-                             bool ctr_mode, bool second_license);
+                             bool second_license);
  bool InstallRSAEncryptedKey(const uint8_t* encrypted_message_key,
                              size_t encrypted_message_key_length);
  bool DecryptRSAKey(const uint8_t* enc_rsa_key, size_t enc_rsa_key_length,
@@ -115,7 +147,8 @@ class SessionContext {
  bool UpdateMacKeys(const std::vector<uint8_t>& mac_keys,
                     const std::vector<uint8_t>& iv);
  bool QueryKeyControlBlock(const KeyId& key_id, uint32_t* data);
-  OEMCryptoResult SelectContentKey(const KeyId& key_id);
+  OEMCryptoResult SelectContentKey(const KeyId& key_id,
+                                   OEMCryptoCipherMode cipher_mode);
  const Key* current_content_key(void) { return current_content_key_; }
  void set_mac_key_server(const std::vector<uint8_t>& mac_key_server) {
    mac_key_server_ = mac_key_server;
@@ -157,6 +190,10 @@ class SessionContext {
                      const std::vector<uint8_t>& iv,
                      const std::vector<uint8_t>& message,
                      std::vector<uint8_t>* decrypted);
+  bool DecryptEntitlement(const std::vector<uint8_t>& key,
+                          const std::vector<uint8_t>& iv,
+                          const std::vector<uint8_t>& message,
+                          std::vector<uint8_t>* decrypted);
  // Either verify the nonce or usage entry, as required by the key control
  // block.
  OEMCryptoResult CheckNonceOrEntry(const KeyControlBlock& key_control_block);
@@ -193,7 +230,7 @@ class SessionContext {
  std::vector<uint8_t> encryption_key_;
  std::vector<uint8_t> session_key_;
  const Key* current_content_key_;
-  SessionKeyTable session_keys_;
+  SessionContextKeys* session_keys_;
  NonceTable nonce_table_;
  RSA_shared_ptr rsa_key_;
  uint32_t allowed_schemes_;  // for RSA signatures.