widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OEMCrypto_ReassociateEntitledKeySession() to verify entitlement key IDs

Browse Source 
OEMCrypto_ReassociateEntitledKeySession() should prevent an entitled key
session from being associated to an arbitrary entitlement session. The
target entitlement session is supposed to have all the entitlement keys
that the entitled key session uses.

Updated OPK and ref/testbed implementations.

Test: jenkins/opk_ta entitlement tests
Bug: 262795590
Merged from https://widevine-internal-review.googlesource.com/169774

Change-Id: I4322422f01f7094c3862f33ef3199ff3a44995b0
This commit is contained in:
Cong Lin
2023-04-04 10:04:30 -07:00
committed by Robert Shih
parent b9d857649e
commit ab7c39a450
1 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
View File

@@ -954,11 +954,7 @@ TEST_P(OEMCryptoEntitlementLicenseTest, ReassociateEntitledKeySessionAPI17) {
ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
// Setup another session.
Session session2;
ASSERT_NO_FATAL_FAILURE(session2.open());
ASSERT_NO_FATAL_FAILURE(InstallTestDrmKey(&session2));
ASSERT_NO_FATAL_FAILURE(session2.GenerateDerivedKeysFromSessionKey());
// Setup an entitled key session in the first OEMCrypto session.
uint32_t key_session_id;
OEMCryptoResult sts = OEMCrypto_CreateEntitledKeySession(
@@ -969,7 +965,12 @@ TEST_P(OEMCryptoEntitlementLicenseTest, ReassociateEntitledKeySessionAPI17) {
entitled_message.SetEntitledKeySession(key_session_id);
ASSERT_NO_FATAL_FAILURE(entitled_message.LoadKeys(true));
// Now reassociate the entitled key session to the second OEMCrypto session.
// Setup another session.
Session session2;
ASSERT_NO_FATAL_FAILURE(session2.open());
ASSERT_NO_FATAL_FAILURE(InstallTestDrmKey(&session2));
// session2 does not have entitlement keys. Re-associating the entitled key
// session to session2 should fail
OEMCryptoResult status = OEMCrypto_ReassociateEntitledKeySession(
key_session_id, session2.session_id());
if (status == OEMCrypto_ERROR_NOT_IMPLEMENTED &&
@@ -977,9 +978,18 @@ TEST_P(OEMCryptoEntitlementLicenseTest, ReassociateEntitledKeySessionAPI17) {
GTEST_SKIP() << "Skipping test because "
"OEMCrypto_ReassociateEntitledKeySession not implemented.";
}
ASSERT_EQ(OEMCrypto_SUCCESS, status);
// session2 does not have entitlement keys.
ASSERT_NO_FATAL_FAILURE(entitled_message.LoadKeys(false));
EXPECT_NE(OEMCrypto_SUCCESS, status);
// session2 loads the correct entitlement keys.
LicenseRoundTrip license_messages2(&session2);
license_messages2.set_license_type(OEMCrypto_EntitlementLicense);
ASSERT_NO_FATAL_FAILURE(license_messages2.SignAndVerifyRequest());
ASSERT_NO_FATAL_FAILURE(license_messages2.CreateDefaultResponse());
ASSERT_NO_FATAL_FAILURE(license_messages2.EncryptAndSignResponse());
ASSERT_EQ(OEMCrypto_SUCCESS, license_messages2.LoadResponse());
// Re-associating to session2 should succeed.
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_ReassociateEntitledKeySession(
key_session_id, session2.session_id()));
// Now reassociate the entitled key session back to the first OEMCrypto
// session.