Allow server to send license with larger ODK_MAX_NUM_KEYS

PiperOrigin-RevId: 538676411 Merged from https://widevine-internal-review.googlesource.com/175915 Change-Id: Iadef2115fe3f9001034223e647cbfa6228484281
2023-06-07 21:22:24 -07:00
parent 57e997fe19
commit ff80927f90
11 changed files with 205 additions and 37 deletions
--- a/libwvdrmengine/oemcrypto/odk/test/fuzzing/odk_fuzz_helper.cpp
+++ b/libwvdrmengine/oemcrypto/odk/test/fuzzing/odk_fuzz_helper.cpp
@@ -4,6 +4,7 @@
 #include "fuzzing/odk_fuzz_helper.h"

 #include <string>
+#include <vector>

 #include "core_message_types.h"
 #include "odk.h"
@@ -133,8 +134,26 @@ bool kdo_serialize_LicenseResponse(const ODK_ParseLicense_Args* args,
      nonce_values.nonce, nonce_values.session_id, counter_info};
  std::string core_request_sha_256(
      reinterpret_cast<const char*>(args->request_hash), ODK_SHA256_HASH_SIZE);
+  ODK_Packing_ParsedLicense parsed_license;
+  parsed_license.enc_mac_keys_iv = parsed_lic.enc_mac_keys_iv;
+  parsed_license.enc_mac_keys = parsed_lic.enc_mac_keys;
+  parsed_license.pst = parsed_lic.pst;
+  parsed_license.srm_restriction_data = parsed_lic.srm_restriction_data;
+  parsed_license.license_type = parsed_lic.license_type;
+  parsed_license.nonce_required = parsed_lic.nonce_required;
+  parsed_license.timer_limits = parsed_lic.timer_limits;
+  parsed_license.watermarking = parsed_lic.watermarking;
+  parsed_license.dtcp2_required = parsed_lic.dtcp2_required;
+  parsed_license.renewal_delay_base = parsed_lic.renewal_delay_base;
+  parsed_license.key_array_length = parsed_lic.key_array_length;
+  std::vector<OEMCrypto_KeyObject> key_array;
+  size_t i;
+  for (i = 0; i < parsed_lic.key_array_length; i++) {
+    key_array.push_back(parsed_lic.key_array[i]);
+  }
+  parsed_license.key_array = key_array.data();
  return serialize::CreateCoreLicenseResponse(
-      CoreMessageFeatures::kDefaultFeatures, parsed_lic, core_request,
+      CoreMessageFeatures::kDefaultFeatures, parsed_license, core_request,
      core_request_sha_256, oemcrypto_core_message);
 }

--- a/libwvdrmengine/oemcrypto/odk/test/odk_test.cpp
+++ b/libwvdrmengine/oemcrypto/odk/test/odk_test.cpp
@@ -978,13 +978,32 @@ TEST_P(OdkVersionTest, LicenseResponseRoundtrip) {
        &(params.clock_values), &(params.core_message.nonce_values),
        &(params.parsed_license), nullptr);
  };
+
+  ODK_Packing_ParsedLicense parsed_license;
+  parsed_license.enc_mac_keys_iv = params.parsed_license.enc_mac_keys_iv;
+  parsed_license.enc_mac_keys = params.parsed_license.enc_mac_keys;
+  parsed_license.pst = params.parsed_license.pst;
+  parsed_license.srm_restriction_data =
+      params.parsed_license.srm_restriction_data;
+  parsed_license.license_type = params.parsed_license.license_type;
+  parsed_license.nonce_required = params.parsed_license.nonce_required;
+  parsed_license.timer_limits = params.parsed_license.timer_limits;
+  parsed_license.watermarking = params.parsed_license.watermarking;
+  parsed_license.dtcp2_required = params.parsed_license.dtcp2_required;
+  parsed_license.renewal_delay_base = params.parsed_license.renewal_delay_base;
+  parsed_license.key_array_length = params.parsed_license.key_array_length;
+  std::vector<OEMCrypto_KeyObject> key_array;
+  for (size_t i = 0; i < params.parsed_license.key_array_length; i++) {
+    key_array.push_back(params.parsed_license.key_array[i]);
+  }
+  parsed_license.key_array = key_array.data();
  const std::string request_hash_string(
      reinterpret_cast<const char*>(request_hash_read),
      sizeof(request_hash_read));
  auto kdo_prepare_func = [&](const ODK_LicenseRequest& core_request,
                              std::string* oemcrypto_core_message) {
-    return CreateCoreLicenseResponse(features_, params.parsed_license,
-                                     core_request, request_hash_string,
+    return CreateCoreLicenseResponse(features_, parsed_license, core_request,
+                                     request_hash_string,
                                     oemcrypto_core_message);
  };
  ValidateResponse<ODK_LicenseRequest>(GetParam(), &(params.core_message),
@@ -992,6 +1011,84 @@ TEST_P(OdkVersionTest, LicenseResponseRoundtrip) {
                                       kdo_prepare_func);
 }

+// Serialize and de-serialize license response with more keys than
+// ODK_MAX_NUM_KEYS.
+TEST_P(OdkVersionTest, LicenseResponseRoundtripMoreThanMaxKeys) {
+  ODK_LicenseResponseParams params;
+  ODK_SetDefaultLicenseResponseParams(&params,
+                                      GetParam().response_major_version);
+  SetRequestVersion(&params);
+  // For v17, we do not use the hash to verify the request. However, the server
+  // needs to be backwards compatible, so it still needs to pass the hash into
+  // CreateCoreLiceseseResponse below. Save a copy of params.request_hash as it
+  // will be zero out during the test
+  uint8_t request_hash_read[ODK_SHA256_HASH_SIZE];
+  memcpy(request_hash_read, params.request_hash, sizeof(request_hash_read));
+  uint8_t* buf = nullptr;
+  uint32_t buf_size = 0;
+  ODK_BuildMessageBuffer(&(params.core_message), params.extra_fields, &buf,
+                         &buf_size);
+
+  uint8_t* zero = new uint8_t[buf_size]{};
+  size_t bytes_read = 0;
+  // zero-out input
+  EXPECT_EQ(OEMCrypto_SUCCESS,
+            ODK_IterFields(ODK_READ, zero, buf_size, &bytes_read,
+                           params.extra_fields));
+
+  // Parse buf with odk
+  const OEMCryptoResult parse_result = ODK_ParseLicense(
+      buf, buf_size + kExtraPayloadSize, buf_size, params.initial_license_load,
+      params.usage_entry_present, 0, &(params.timer_limits),
+      &(params.clock_values), &(params.core_message.nonce_values),
+      &(params.parsed_license), nullptr);
+  EXPECT_EQ(OEMCrypto_SUCCESS, parse_result);
+
+  size_t size_out = 0;
+  if (parse_result != OEMCrypto_SUCCESS) {
+    ODK_IterFields(ODK_FieldMode::ODK_DUMP, buf, buf_size, &size_out,
+                   params.extra_fields);
+  }
+
+  ODK_Packing_ParsedLicense parsed_license;
+  parsed_license.enc_mac_keys_iv = params.parsed_license.enc_mac_keys_iv;
+  parsed_license.enc_mac_keys = params.parsed_license.enc_mac_keys;
+  parsed_license.pst = params.parsed_license.pst;
+  parsed_license.srm_restriction_data =
+      params.parsed_license.srm_restriction_data;
+  parsed_license.license_type = params.parsed_license.license_type;
+  parsed_license.nonce_required = params.parsed_license.nonce_required;
+  parsed_license.timer_limits = params.parsed_license.timer_limits;
+  parsed_license.watermarking = params.parsed_license.watermarking;
+  parsed_license.dtcp2_required = params.parsed_license.dtcp2_required;
+  parsed_license.renewal_delay_base = params.parsed_license.renewal_delay_base;
+  parsed_license.key_array_length = ODK_MAX_NUM_KEYS + 1;
+  std::vector<OEMCrypto_KeyObject> key_array;
+  for (size_t i = 0; i < ODK_MAX_NUM_KEYS + 1; i++) {
+    OEMCrypto_KeyObject key = {{0, 0}, {0, 0}, {0, 0}, {0, 0}, {0, 0}};
+    key_array.push_back(key);
+  }
+  parsed_license.key_array = key_array.data();
+  const std::string request_hash_string(
+      reinterpret_cast<const char*>(request_hash_read),
+      sizeof(request_hash_read));
+
+  // serialize odk output to oemcrypto_core_message
+  std::string oemcrypto_core_message;
+  ODK_LicenseRequest core_request = {};
+  core_request.api_major_version = GetParam().request_major_version;
+  core_request.api_minor_version = GetParam().request_minor_version;
+  core_request.nonce = params.core_message.nonce_values.nonce;
+  core_request.session_id = params.core_message.nonce_values.session_id;
+  bool result =
+      CreateCoreLicenseResponse(features_, parsed_license, core_request,
+                                request_hash_string, &oemcrypto_core_message);
+  EXPECT_FALSE(result);
+
+  delete[] buf;
+  delete[] zero;
+}
+
 TEST_P(OdkVersionTest, RenewalResponseRoundtrip) {
  ODK_RenewalResponseParams params;
  ODK_SetDefaultRenewalResponseParams(&params);