From 98532d313b66562d44b1aa33f7777f9cbcd09a54 Mon Sep 17 00:00:00 2001 From: Fred Gylys-Colwell Date: Tue, 8 May 2018 14:01:45 -0700 Subject: [PATCH] Use 128 bit AES for key control block Merge from Widevine repo of http://go/wvgerrit/49805 This aligns the oemcrypto reference code and unit tests to match the API design doc: http://go/oemcrypto bug: 79375509 test: unit tests pass Change-Id: I13761a7384a17e99d88e61aaf80b4a22941fd172 --- .../oemcrypto/mock/src/oemcrypto_session.cpp | 5 +---- libwvdrmengine/oemcrypto/test/oec_session_util.cpp | 11 ++++------- libwvdrmengine/oemcrypto/test/oec_session_util.h | 4 ---- 3 files changed, 5 insertions(+), 15 deletions(-) diff --git a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.cpp b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.cpp index 40983781..4894cd99 100644 --- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.cpp +++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.cpp @@ -749,10 +749,7 @@ OEMCryptoResult SessionContext::InstallKey( return OEMCrypto_ERROR_INVALID_CONTEXT; } if (!DecryptMessage(content_key, key_control_iv, key_control, - &key_control_str, - (session_keys_->type() == OEMCrypto_EntitlementLicense - ? 256 - : 128) /* key size */)) { + &key_control_str, 128 /* key size */)) { LOGE("[Installkey(): ERROR: Could not decrypt content key]"); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } diff --git a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp index a3fa9f0e..75c461dc 100644 --- a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp +++ b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp @@ -107,9 +107,9 @@ Session::Session() enc_key_(wvcdm::KEY_SIZE), public_rsa_(0), message_size_(sizeof(MessageData)), - num_keys_(4), // Most tests only use 4 keys. - // Other tests will explicitly call set_num_keys. - has_entitlement_license_(false) { + // Most tests only use 4 keys. Other tests will explicitly call + // set_num_keys. + num_keys_(4) { // Stripe the padded message. for (size_t i = 0; i < sizeof(padded_message_.padding); i++) { padded_message_.padding[i] = i % 0x100; @@ -313,7 +313,6 @@ void Session::LoadEnitlementTestKeys(const std::string& pst, } void Session::FillEntitledKeyArray() { - has_entitlement_license_ = true; for (size_t i = 0; i < num_keys_; ++i) { EntitledContentKeyData* key_data = &entitled_key_data_[i]; @@ -518,7 +517,6 @@ void Session::FillSimpleMessage(uint32_t duration, uint32_t control, void Session::FillSimpleEntitlementMessage( uint32_t duration, uint32_t control, uint32_t nonce, const std::string& pst) { - has_entitlement_license_ = true; EXPECT_EQ( 1, GetRandBytes(license_.mac_key_iv, sizeof(license_.mac_key_iv))); EXPECT_EQ(1, GetRandBytes(license_.mac_keys, sizeof(license_.mac_keys))); @@ -599,10 +597,9 @@ void Session::EncryptAndSign() { AES_cbc_encrypt(&license_.mac_keys[0], &encrypted_license().mac_keys[0], 2 * wvcdm::MAC_KEY_SIZE, &aes_key, iv_buffer, AES_ENCRYPT); - int key_size = has_entitlement_license() ? 256 : 128; for (unsigned int i = 0; i < num_keys_; i++) { memcpy(iv_buffer, &license_.keys[i].control_iv[0], wvcdm::KEY_IV_SIZE); - AES_set_encrypt_key(&license_.keys[i].key_data[0], key_size, &aes_key); + AES_set_encrypt_key(&license_.keys[i].key_data[0], 128, &aes_key); AES_cbc_encrypt( reinterpret_cast(&license_.keys[i].control), reinterpret_cast(&encrypted_license().keys[i].control), diff --git a/libwvdrmengine/oemcrypto/test/oec_session_util.h b/libwvdrmengine/oemcrypto/test/oec_session_util.h index 05c9eff3..cea7d8dc 100644 --- a/libwvdrmengine/oemcrypto/test/oec_session_util.h +++ b/libwvdrmengine/oemcrypto/test/oec_session_util.h @@ -378,9 +378,6 @@ class Session { // The size of the encrypted message. size_t message_size() { return message_size_; } - // If this session has an entitlement license. - bool has_entitlement_license() const { return has_entitlement_license_; } - private: // Generate mac and enc keys give the master key. void DeriveKeys(const uint8_t* master_key, @@ -410,7 +407,6 @@ class Session { vector encrypted_usage_entry_; uint32_t usage_entry_number_; string pst_; - bool has_entitlement_license_; // Clear Entitlement key data. This is the backing data for // |entitled_key_array_|.