Source release 15.1.0

oemcrypto/test/oec_session_util.cpp

@@ -80,6 +80,8 @@ void dump_boringssl_error() {
   }
 }
 
+// A smart pointer for BoringSSL objects.  It uses the specified free function
+// to release resources and free memory when the pointer is deleted.
 template <typename T, void (*func)(T*)>
 class boringssl_ptr {
  public:
@@ -163,6 +165,7 @@ void Session::close() {
 }
 
 void Session::GenerateNonce(int* error_counter) {
+  // We make one attempt.  If it fails, we assume there was a nonce flood.
   if (OEMCrypto_SUCCESS == OEMCrypto_GenerateNonce(session_id(), &nonce_)) {
     return;
   }
@@ -170,6 +173,8 @@ void Session::GenerateNonce(int* error_counter) {
     (*error_counter)++;
   } else {
     sleep(1);  // wait a second, then try again.
+    // The following is after a 1 second pause, so it cannot be from a nonce
+    // flood.
     ASSERT_EQ(OEMCrypto_SUCCESS,
               OEMCrypto_GenerateNonce(session_id(), &nonce_));
   }
@@ -196,6 +201,9 @@ void Session::FillDefaultContext(vector<uint8_t>* mac_context,
       "180120002a0c31383836373837343035000000000080");
 }
 
+// This generates the truth data for deriving one key.  If there are failures in
+// this function, then there is something wrong with the test program and its
+// dependency on BoringSSL.
 void Session::DeriveKey(const uint8_t* key, const vector<uint8_t>& context,
                         int counter, vector<uint8_t>* out) {
   ASSERT_FALSE(context.empty());
@@ -222,6 +230,9 @@ void Session::DeriveKey(const uint8_t* key, const vector<uint8_t>& context,
   CMAC_CTX_free(cmac_ctx);
 }
 
+// This generates the truth data for deriving a set of keys.  If there are
+// failures in this function, then there is something wrong with the test
+// program and its dependency on BoringSSL.
 void Session::DeriveKeys(const uint8_t* master_key,
                          const vector<uint8_t>& mac_key_context,
                          const vector<uint8_t>& enc_key_context) {
@@ -241,6 +252,8 @@ void Session::DeriveKeys(const uint8_t* master_key,
   DeriveKey(master_key, enc_key_context, 1, &enc_key_);
 }
 
+// This should only be called if the device uses Provisioning 2.0. A failure in
+// this function is probably caused by a bad keybox.
 void Session::GenerateDerivedKeysFromKeybox(
     const wvoec::WidevineKeybox& keybox) {
   GenerateNonce();
@@ -261,10 +274,13 @@ void Session::GenerateDerivedKeysFromSessionKey() {
   vector<uint8_t> session_key;
   vector<uint8_t> enc_session_key;
   if (public_rsa_ == NULL) PreparePublicKey();
+  // A failure here probably indicates that there is something wrong with the
+  // test program and its dependency on BoringSSL.
   ASSERT_TRUE(GenerateRSASessionKey(&session_key, &enc_session_key));
   vector<uint8_t> mac_context;
   vector<uint8_t> enc_context;
   FillDefaultContext(&mac_context, &enc_context);
+  // A failure here is probably caused by having the wrong RSA key loaded.
   ASSERT_EQ(OEMCrypto_SUCCESS,
             OEMCrypto_DeriveKeysFromSessionKey(
                 session_id(), enc_session_key.data(), enc_session_key.size(),
@@ -424,6 +440,10 @@ void Session::LoadEntitledContentKeys(OEMCryptoResult expected_sts) {
   VerifyEntitlementTestKeys();
 }
 
+// This function verifies that the key control block reported by OEMCrypto agree
+// with the truth key control block.  Failures in this function probably
+// indicate the OEMCrypto_LoadKeys did not correctly process the key control
+// block.
 void Session::VerifyTestKeys() {
   for (unsigned int i = 0; i < num_keys_; i++) {
     KeyControlBlock block;
@@ -446,6 +466,10 @@ void Session::VerifyTestKeys() {
   }
 }
 
+// This function verifies that the key control block reported by OEMCrypto agree
+// with the truth key control block.  Failures in this function probably
+// indicate the OEMCrypto_LoadEntitledKeys did not correctly process the key
+// control block.
 void Session::VerifyEntitlementTestKeys() {
   for (unsigned int i = 0; i < num_keys_; i++) {
     KeyControlBlock block;