diff --git a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp index 9feba5b7..6f7aa002 100644 --- a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp +++ b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp @@ -62,7 +62,7 @@ typedef OEMCryptoResult (*L1_LoadKeys_t)( const uint8_t* enc_mac_key_iv, const uint8_t* enc_mac_key, size_t num_keys, const OEMCrypto_KeyObject* key_array, const uint8_t* pst, size_t pst_length); -typedef OEMCryptoResult (*L1_LoadKeys_V10_t)( +typedef OEMCryptoResult (*L1_LoadKeys_V9_or_V10_t)( OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, const uint8_t* signature, size_t signature_length, const uint8_t* enc_mac_key_iv, const uint8_t* enc_mac_key, size_t num_keys, @@ -72,7 +72,7 @@ typedef OEMCryptoResult (*L1_LoadKeys_V8_t)( OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, const uint8_t* signature, size_t signature_length, const uint8_t* enc_mac_key_iv, const uint8_t* enc_mac_key, size_t num_keys, - const OEMCrypto_KeyObject* key_array); + const OEMCrypto_KeyObject_V10* key_array); typedef OEMCryptoResult (*L1_RefreshKeys_t)( OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, const uint8_t* signature, size_t signature_length, size_t num_keys, @@ -91,7 +91,7 @@ typedef OEMCryptoResult (*L1_DecryptCENC_t)( OEMCrypto_SESSION session, const uint8_t* data_addr, size_t data_length, bool is_encrypted, const uint8_t* iv, size_t offset, const OEMCrypto_DestBufferDesc* out_buffer, - const OEMCrypto_PatternDesc* pattern, uint8_t subsample_flags); + const OEMCrypto_CENCEncryptPatternDesc* pattern, uint8_t subsample_flags); typedef OEMCryptoResult (*L1_CopyBuffer_t)(const uint8_t* data_addr, size_t data_length, OEMCrypto_DestBufferDesc* out_buffer, @@ -229,7 +229,7 @@ struct FunctionPointers { L1_LoadKeys_V8_t LoadKeys_V8; L1_GenerateRSASignature_V8_t GenerateRSASignature_V8; L1_GetHDCPCapability_V9_t GetHDCPCapability_V9; - L1_LoadKeys_V10_t LoadKeys_V10; + L1_LoadKeys_V9_or_V10_t LoadKeys_V9_or_V10; }; struct LevelSession { @@ -338,7 +338,6 @@ class Adapter { LOOKUP(LoadKeys_V8, OEMCrypto_LoadKeys_V8); LOOKUP(GenerateRSASignature_V8, OEMCrypto_GenerateRSASignature_V8); } else { - LOOKUP(LoadKeys, OEMCrypto_LoadKeys); LOOKUP(GenerateRSASignature, OEMCrypto_GenerateRSASignature); LOOKUP(SupportsUsageTable, OEMCrypto_SupportsUsageTable); LOOKUP(UpdateUsageTable, OEMCrypto_UpdateUsageTable); @@ -347,6 +346,7 @@ class Adapter { LOOKUP(DeleteUsageEntry, OEMCrypto_DeleteUsageEntry); LOOKUP(DeleteUsageTable, OEMCrypto_DeleteUsageTable); if (level1_.version == 9) { + LOOKUP(LoadKeys_V9_or_V10, OEMCrypto_LoadKeys_V9_or_V10); LOOKUP(GetHDCPCapability_V9, OEMCrypto_GetHDCPCapability_V9); } else { LOOKUP(LoadTestKeybox, OEMCrypto_LoadTestKeybox); @@ -359,9 +359,9 @@ class Adapter { LOOKUP(GetMaxNumberOfSessions, OEMCrypto_GetMaxNumberOfSessions); LOOKUP(ForceDeleteUsageEntry, OEMCrypto_ForceDeleteUsageEntry); if (level1_.version == 10) { - LOOKUP(LoadKeys_V10, OEMCrypto_LoadKeys_V10); - LOOKUP(DecryptCTR_V10, OEMCrypto_DecryptCTR_V10); - } else { + LOOKUP(LoadKeys_V9_or_V10, OEMCrypto_LoadKeys_V9_or_V10); + LOOKUP(DecryptCTR_V10, OEMCrypto_DecryptCTR_V10); + } else { // version 11. LOOKUP(LoadKeys, OEMCrypto_LoadKeys); LOOKUP(DecryptCENC, OEMCrypto_DecryptCENC); LOOKUP(SecurityPatchLevel, OEMCrypto_Security_Patch_Level); @@ -420,7 +420,7 @@ class Adapter { level3_.GenerateDerivedKeys = Level3_GenerateDerivedKeys; level3_.GenerateNonce = Level3_GenerateNonce; level3_.GenerateSignature = Level3_GenerateSignature; - level3_.LoadKeys_V10 = Level3_LoadKeys; + level3_.LoadKeys_V9_or_V10 = Level3_LoadKeys; level3_.RefreshKeys = Level3_RefreshKeys; level3_.QueryKeyControl = Level3_QueryKeyControl; level3_.SelectKey = Level3_SelectKey; @@ -609,7 +609,7 @@ uint8_t OEMCrypto_Security_Patch_Level(SecurityLevel level) { if (!kAdapter) return 0; const FunctionPointers* fcn = kAdapter->get(level); if (!fcn) return 0; - if (fcn->version < 10) return 0; + if (fcn->version < 11) return 0; return fcn->SecurityPatchLevel(); } @@ -742,13 +742,9 @@ extern "C" OEMCryptoResult OEMCrypto_LoadKeys( if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; LevelSession pair = kAdapter->get(session); if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION; - if (pair.fcn->version == 8) { - return pair.fcn->LoadKeys_V8(pair.session, message, message_length, - signature, signature_length, enc_mac_key_iv, - enc_mac_key, num_keys, key_array); - } else if (pair.fcn->version < 11) { + if (pair.fcn->version < 11) { std::vector key_array_v10(num_keys); - for(int i=0; i< num_keys; i++) { + for(size_t i=0; i < num_keys; i++) { key_array_v10[i].key_id = key_array[i].key_id; key_array_v10[i].key_id_length = key_array[i].key_id_length; key_array_v10[i].key_data_iv = key_array[i].key_data_iv; @@ -761,10 +757,17 @@ extern "C" OEMCryptoResult OEMCrypto_LoadKeys( return OEMCrypto_ERROR_NOT_IMPLEMENTED; } } - return pair.fcn->LoadKeys_V10(pair.session, message, message_length, - signature, - signature_length, enc_mac_key_iv, enc_mac_key, - num_keys, &key_array_v10[0], pst, pst_length); + if (pair.fcn->version == 8) { + return pair.fcn->LoadKeys_V8(pair.session, message, message_length, + signature, signature_length, enc_mac_key_iv, + enc_mac_key, num_keys, &key_array_v10[0]); + } else { + return pair.fcn->LoadKeys_V9_or_V10(pair.session, message, message_length, + signature, signature_length, + enc_mac_key_iv, enc_mac_key, + num_keys, &key_array_v10[0], + pst, pst_length); + } } else { return pair.fcn->LoadKeys(pair.session, message, message_length, signature, signature_length, enc_mac_key_iv, enc_mac_key, @@ -806,7 +809,8 @@ extern "C" OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session, extern "C" OEMCryptoResult OEMCrypto_DecryptCENC( OEMCrypto_SESSION session, const uint8_t* data_addr, size_t data_length, bool is_encrypted, const uint8_t* iv, size_t offset, - OEMCrypto_DestBufferDesc* out_buffer, const OEMCrypto_PatternDesc* pattern, + OEMCrypto_DestBufferDesc* out_buffer, + const OEMCrypto_CENCEncryptPatternDesc* pattern, uint8_t subsample_flags) { if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; LevelSession pair = kAdapter->get(session); @@ -944,6 +948,10 @@ extern "C" uint32_t OEMCrypto_APIVersion() { return OEMCrypto_APIVersion(kLevelDefault); } +extern "C" uint8_t OEMCrypto_Security_Patch_Level() { + return OEMCrypto_Security_Patch_Level(kLevelDefault); +} + extern "C" const char* OEMCrypto_SecurityLevel() { return OEMCrypto_SecurityLevel(kLevelDefault); } diff --git a/libwvdrmengine/docs/WidevineModularDRMSecurityIntegrationGuideforCENC.pdf b/libwvdrmengine/docs/WidevineModularDRMSecurityIntegrationGuideforCENC.pdf index b6abb48c..05dc4576 100644 Binary files a/libwvdrmengine/docs/WidevineModularDRMSecurityIntegrationGuideforCENC.pdf and b/libwvdrmengine/docs/WidevineModularDRMSecurityIntegrationGuideforCENC.pdf differ diff --git a/libwvdrmengine/docs/Widevine_Modular_DRM_Version_11_Delta.pdf b/libwvdrmengine/docs/Widevine_Modular_DRM_Version_11_Delta.pdf index 88e60734..855cb556 100644 Binary files a/libwvdrmengine/docs/Widevine_Modular_DRM_Version_11_Delta.pdf and b/libwvdrmengine/docs/Widevine_Modular_DRM_Version_11_Delta.pdf differ diff --git a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h index 585cd3ad..73f16132 100644 --- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h +++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h @@ -204,7 +204,7 @@ typedef enum OEMCrypto_Algorithm { #define OEMCrypto_FirstSubsample 1 #define OEMCrypto_LastSubsample 2 -/* OEMCrypto_PatternDesc +/* OEMCrypto_CENCEncryptPatternDesc * This is used in OEMCrypto_DecryptCENC to indicate the encrypt/skip pattern * used, as specified in the CENC standard. */ @@ -212,7 +212,7 @@ typedef struct { size_t encrypt; // number of 16 byte blocks to decrypt. size_t skip; // number of 16 byte blocks to leave in clear. size_t offset; // offset into the pattern in blocks for this call. -} OEMCrypto_PatternDesc; +} OEMCrypto_CENCEncryptPatternDesc; /* * OEMCrypto_Usage_Entry_Status. @@ -281,7 +281,7 @@ typedef enum OEMCrypto_HDCP_Capability { #define OEMCrypto_WrapKeybox _oecc08 #define OEMCrypto_OpenSession _oecc09 #define OEMCrypto_CloseSession _oecc10 -#define OEMCrypto_DecryptCTR _oecc11 +#define OEMCrypto_DecryptCTR_V10 _oecc11 #define OEMCrypto_GenerateDerivedKeys _oecc12 #define OEMCrypto_GenerateSignature _oecc13 #define OEMCrypto_GenerateNonce _oecc14 @@ -305,7 +305,7 @@ typedef enum OEMCrypto_HDCP_Capability { #define OEMCrypto_ReportUsage _oecc32 #define OEMCrypto_DeleteUsageEntry _oecc33 #define OEMCrypto_DeleteUsageTable _oecc34 -#define OEMCrypto_LoadKeys_v10 _oecc35 +#define OEMCrypto_LoadKeys_V9_or_V10 _oecc35 #define OEMCrypto_GenerateRSASignature _oecc36 #define OEMCrypto_GetMaxNumberOfSessions _oecc37 #define OEMCrypto_GetNumberOfOpenSessions _oecc38 @@ -1076,7 +1076,7 @@ OEMCryptoResult OEMCrypto_DecryptCENC(OEMCrypto_SESSION session, const uint8_t *iv, size_t block_offset, OEMCrypto_DestBufferDesc* out_buffer, - const OEMCrypto_PatternDesc* pattern, + const OEMCrypto_CENCEncryptPatternDesc* pattern, uint8_t subsample_flags); diff --git a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_device_properties.cpp b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_device_properties.cpp index a8e17218..7965ab64 100644 --- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_device_properties.cpp +++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_device_properties.cpp @@ -50,4 +50,10 @@ const char* CryptoEngine::security_level() { return "L3"; } +// This should start at 0, and be incremented only when a security patch has +// been applied to the device that fixes a security bug. +uint8_t CryptoEngine::security_patch_level() { + return 0; +} + } // namespace wvoec_mock diff --git a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_device_properties_L1.cpp b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_device_properties_L1.cpp index 29cd0a95..62db4319 100644 --- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_device_properties_L1.cpp +++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_device_properties_L1.cpp @@ -51,4 +51,10 @@ const char* CryptoEngine::security_level() { return "L1"; } +// This should start at 0, and be incremented only when a security patch has +// been applied to the device that fixes a security bug. +uint8_t CryptoEngine::security_patch_level() { + return 3; +} + } // namespace wvoec_mock diff --git a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_device_properties_cert.cpp b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_device_properties_cert.cpp index c0535d13..352e2eeb 100644 --- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_device_properties_cert.cpp +++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_device_properties_cert.cpp @@ -53,4 +53,10 @@ const char* CryptoEngine::security_level() { return "L2"; } +// This should start at 0, and be incremented only when a security patch has +// been applied to the device that fixes a security bug. +uint8_t CryptoEngine::security_patch_level() { + return 0; +} + } // namespace wvoec_mock diff --git a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.cpp b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.cpp index b0c03ca8..339dd1d0 100644 --- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.cpp +++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.cpp @@ -683,6 +683,14 @@ bool SessionContext::InstallKey(const KeyId& key_id, LOGE("Anti-rollback hardware is required but hardware not present."); return false; } + uint8_t minimum_patch_level + = (key_control_block.control_bits() & kControlSecurityPatchLevelMask) >> + kControlSecurityPatchLevelShift; + if (minimum_patch_level > OEMCrypto_Security_Patch_Level()) { + LOGE("[InstallKey(): security patch level: %d. Minimum:%d]", + OEMCrypto_Security_Patch_Level(), minimum_patch_level); + return false; + } if (!CheckNonceOrEntry(key_control_block, pst)) { LOGE("Failed Nonce/PST check."); diff --git a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.h b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.h index 63f831de..e53bc7a5 100644 --- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.h +++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.h @@ -259,6 +259,7 @@ class CryptoEngine { bool supports_keybox(); bool is_anti_rollback_hw_present(); const char* security_level(); + uint8_t security_patch_level(); private: bool LoadPkcs8RsaKey(const uint8_t* buffer, size_t length); diff --git a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_key_mock.cpp b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_key_mock.cpp index 811ea058..b48eeb38 100644 --- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_key_mock.cpp +++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_key_mock.cpp @@ -17,7 +17,8 @@ namespace wvoec_mock { bool KeyControlBlock::Validate() { if (memcmp(verification_, "kctl", 4) && // original verification memcmp(verification_, "kc09", 4) && // add in version 9 api - memcmp(verification_, "kc10", 4)) { // add in version 10 api + memcmp(verification_, "kc10", 4) && // add in version 10 api + memcmp(verification_, "kc11", 4)) { // add in version 11 api LOGE("KCB: BAD verification string: %4.4s", verification_); valid_ = false; } else { @@ -71,6 +72,9 @@ KeyControlBlock::KeyControlBlock( LOGD(" bits kControlKDCPVersion 0x%02x.", (control_bits() & kControlHDCPVersionMask) >> kControlHDCPVersionShift); + LOGD(" bits kControlSecurityPatchLevel 0x%02x.", + (control_bits() & kControlSecurityPatchLevelMask) + >> kControlSecurityPatchLevelShift); LOGD(" bit kControlAllowEncrypt %s.", (control_bits() & kControlAllowEncrypt) ? "set" : "unset"); LOGD(" bit kControlAllowDecrypt %s.", diff --git a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_key_mock.h b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_key_mock.h index 1895446d..d5016c74 100644 --- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_key_mock.h +++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_key_mock.h @@ -15,6 +15,9 @@ const uint32_t kControlObserveDataPath = (1<<31); const uint32_t kControlObserveHDCP = (1<<30); const uint32_t kControlObserveCGMS = (1<<29); const uint32_t kControlRequireAntiRollbackHardware = (1<<28); +const uint32_t kControlSecurityPatchLevelShift = 15; +const uint32_t kControlSecurityPatchLevelMask = + (0x3F<LoadKeys(message, message_length, signature, @@ -603,7 +609,7 @@ OEMCryptoResult OEMCrypto_DecryptCENC(OEMCrypto_SESSION session, const uint8_t* iv, size_t block_offset, OEMCrypto_DestBufferDesc* out_buffer, - const OEMCrypto_PatternDesc* pattern, + const OEMCrypto_CENCEncryptPatternDesc* pattern, uint8_t subsample_flags) { if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) { LOGI("-- OEMCryptoResult OEMCrypto_DecryptCTR" @@ -1214,14 +1220,19 @@ uint32_t OEMCrypto_APIVersion() { extern "C" uint8_t OEMCrypto_Security_Patch_Level() { - return 0; + uint8_t security_patch_level = crypto_engine->security_patch_level(); + if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) { + LOGI("-- uint8_t OEMCrypto_Security_Patch_Level(); // returns %d.\n", + security_patch_level); + } + return security_patch_level; } extern "C" const char* OEMCrypto_SecurityLevel() { const char* security_level = crypto_engine->security_level(); if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) { - LOGI("-- bool OEMCrypto_SecurityLevel(); // returns %s.\n", security_level); + LOGI("-- const char* OEMCrypto_SecurityLevel(); // returns %s.\n", security_level); } return security_level; } diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp index 2945a55c..bcc9dcbe 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp @@ -443,6 +443,7 @@ std::string DeviceFeatures::RestrictFilter(const std::string& initial_filter) { if (!usage_table) FilterOut(&filter, "*UsageTable*"); if (derive_key_method == NO_METHOD) FilterOut(&filter, "*SessionTest*"); if (api_version < 10) FilterOut(&filter, "*API10*"); + if (api_version < 11) FilterOut(&filter, "*API11*"); // Performance tests take a long time. Filter them out if they are not // specifically requested. if (filter.find("Performance") == std::string::npos) { @@ -717,7 +718,9 @@ class Session { EXPECT_EQ(OEMCrypto_SUCCESS, OEMCrypto_GetRandom(license_.keys[i].control_iv, sizeof(license_.keys[i].control_iv))); - if (control & wvoec_mock::kControlRequireAntiRollbackHardware) { + if (control & wvoec_mock::kControlSecurityPatchLevelMask) { + memcpy(license_.keys[i].control.verification, "kc11", 4); + } else if (control & wvoec_mock::kControlRequireAntiRollbackHardware) { memcpy(license_.keys[i].control.verification, "kc10", 4); } else if (control & (wvoec_mock::kControlHDCPVersionMask | wvoec_mock::kControlReplayMask)) { @@ -882,7 +885,7 @@ class Session { destBuffer.type = OEMCrypto_BufferType_Clear; destBuffer.buffer.clear.address = outputBuffer.data(); destBuffer.buffer.clear.max_length = outputBuffer.size(); - OEMCrypto_PatternDesc pattern; + OEMCrypto_CENCEncryptPatternDesc pattern; pattern.encrypt = 1; // TODO(fredgc): test other values. pattern.skip = 0; pattern.offset = 0; @@ -2088,6 +2091,48 @@ TEST_F(OEMCryptoSessionTests, AntiRollbackHardwareRequired) { } } +TEST_F(OEMCryptoSessionTests, CheckMinimumPatchLevel) { + uint8_t patch_level = OEMCrypto_Security_Patch_Level(); + printf(" Current Patch Level: %u.\n", patch_level); + Session s; + ASSERT_NO_FATAL_FAILURE(s.open()); + ASSERT_NO_FATAL_FAILURE(s.GenerateTestSessionKeys()); + ASSERT_NO_FATAL_FAILURE( + s.FillSimpleMessage(0, patch_level + << wvoec_mock::kControlSecurityPatchLevelShift, 0)); + ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); + ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_LoadKeys( + s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0], + s.signature().size(), s.encrypted_license().mac_key_iv, + s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0)); + if (patch_level < 0x3F) { + Session s; + ASSERT_NO_FATAL_FAILURE(s.open()); + ASSERT_NO_FATAL_FAILURE(s.GenerateTestSessionKeys()); + ASSERT_NO_FATAL_FAILURE( + s.FillSimpleMessage(0, (patch_level+1) + << wvoec_mock::kControlSecurityPatchLevelShift, 0)); + ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); + ASSERT_EQ(OEMCrypto_ERROR_UNKNOWN_FAILURE, OEMCrypto_LoadKeys( + s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0], + s.signature().size(), s.encrypted_license().mac_key_iv, + s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0)); + } + if (patch_level > 0) { + Session s; + ASSERT_NO_FATAL_FAILURE(s.open()); + ASSERT_NO_FATAL_FAILURE(s.GenerateTestSessionKeys()); + ASSERT_NO_FATAL_FAILURE( + s.FillSimpleMessage(0, (patch_level-1) + << wvoec_mock::kControlSecurityPatchLevelShift, 0)); + ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); + ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_LoadKeys( + s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0], + s.signature().size(), s.encrypted_license().mac_key_iv, + s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0)); + } +} + class SessionTestDecryptWithHDCP : public OEMCryptoSessionTests, public WithParamInterface { public: @@ -2243,7 +2288,7 @@ TEST_F(OEMCryptoSessionTests, DecryptPerformance) { OEMCrypto_DestBufferDesc destBuffer; destBuffer.type = OEMCrypto_BufferType_Clear; destBuffer.buffer.clear.address = &output[0]; - OEMCrypto_PatternDesc pattern; + OEMCrypto_CENCEncryptPatternDesc pattern; pattern.encrypt = 1; // TODO(fredgc): test other values. pattern.skip = 0; pattern.offset = 0; @@ -2361,7 +2406,7 @@ class OEMCryptoSessionTestsDecryptEdgeCases : public OEMCryptoSessionTests { s.license().keys[0].key_id_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - OEMCrypto_PatternDesc pattern; + OEMCrypto_CENCEncryptPatternDesc pattern; pattern.encrypt = 1; // TODO(fredgc): test other values. pattern.skip = 0; pattern.offset = 0; @@ -2521,7 +2566,7 @@ TEST_F(OEMCryptoSessionTests, DecryptUnencrypted) { destBuffer.type = OEMCrypto_BufferType_Clear; destBuffer.buffer.clear.address = &outputBuffer[0]; destBuffer.buffer.clear.max_length = outputBuffer.size(); - OEMCrypto_PatternDesc pattern; + OEMCrypto_CENCEncryptPatternDesc pattern; pattern.encrypt = 1; // TODO(fredgc): test other values. pattern.skip = 0; pattern.offset = 0; @@ -2560,7 +2605,7 @@ TEST_F(OEMCryptoSessionTests, DecryptUnencryptedNoKey) { destBuffer.type = OEMCrypto_BufferType_Clear; destBuffer.buffer.clear.address = &outputBuffer[0]; destBuffer.buffer.clear.max_length = outputBuffer.size(); - OEMCrypto_PatternDesc pattern; + OEMCrypto_CENCEncryptPatternDesc pattern; pattern.encrypt = 1; // TODO(fredgc): test other values. pattern.skip = 0; pattern.offset = 0;