Source release 14.0.0

oemcrypto/test/oec_session_util.h

@@ -11,6 +11,7 @@
 
 #include "oec_device_features.h"
 #include "pst_report.h"
+#include "test_keybox.h"
 #include "wv_cdm_constants.h"
 
 using namespace std;
@@ -94,13 +95,21 @@ struct RSAPrivateKeyMessage {
 struct Test_PST_Report {
   Test_PST_Report(const std::string& pst_in,
                   OEMCrypto_Usage_Entry_Status status_in)
-      : status(status_in), pst(pst_in) {}
+      : status(status_in), pst(pst_in), time_created(time(NULL)) {}
 
   OEMCrypto_Usage_Entry_Status status;
   int64_t seconds_since_license_received;
   int64_t seconds_since_first_decrypt;
   int64_t seconds_since_last_decrypt;
   std::string pst;
+  time_t time_created;
+};
+
+struct EntitledContentKeyData {
+  uint8_t entitlement_key_id[wvcdm::KEY_SIZE];
+  uint8_t content_key_id[wvcdm::KEY_SIZE];
+  uint8_t content_key_data_iv[wvcdm::KEY_SIZE];
+  uint8_t content_key_data[wvcdm::KEY_SIZE];
 };
 
 // Increment counter for AES-CTR.  The CENC spec specifies we increment only
@@ -112,8 +121,8 @@ void ctr128_inc64(int64_t increaseBy, uint8_t* iv);
 // Some compilers don't like the macro htonl within an ASSERT_EQ.
 uint32_t htonl_fnc(uint32_t x);
 
-// Prints error string from openSSL
-void dump_openssl_error();
+// Prints error string from BoringSSL
+void dump_boringssl_error();
 
 class Session {
  public:
@@ -142,7 +151,8 @@ class Session {
                           vector<uint8_t>* enc_context);
   // Generate known mac and enc keys using OEMCrypto_GenerateDerivedKeys and
   // also fill out enc_key_, mac_key_server_, and mac_key_client_.
-  void GenerateDerivedKeysFromKeybox();
+  void GenerateDerivedKeysFromKeybox(
+      const wvcdm_test_auth::WidevineKeybox& keybox);
   // Generate known mac and enc keys using OEMCrypto_DeriveKeysFromSessionKey
   // and also fill out enc_key_, mac_key_server_, and mac_key_client_.
   void GenerateDerivedKeysFromSessionKey();
@@ -151,9 +161,27 @@ class Session {
   // by FillSimpleMessage, modified if needed, and then encrypted and signed by
   // the server's mac key in EncryptAndSign.
   void LoadTestKeys(const std::string& pst = "", bool new_mac_keys = true);
+  // Loads the entitlement keys in the message pointed to by message_ptr()
+  // using OEMCrypto_LoadKeys.  This message should have already been created
+  // by FillSimpleEntitlementMessage, modified if needed, and then encrypted
+  // and signed by the server's mac key in EncryptAndSign.
+  void LoadEnitlementTestKeys(const std::string& pst = "",
+                              bool new_mac_keys = true,
+                              OEMCryptoResult expected_sts = OEMCrypto_SUCCESS);
+  // Fills an OEMCrypto_EntitledContentKeyObject using the information from
+  // the license_ and randomly generated content keys. This method should be
+  // called after LoadEnitlementTestKeys.
+  void FillEntitledKeyArray();
+  // Encrypts and loads the entitled content keys via
+  // OEMCrypto_LoadEntitledContentKeys.
+  void LoadEntitledContentKeys(
+      OEMCryptoResult expected_sts = OEMCrypto_SUCCESS);
   // This uses OEMCrypto_QueryKeyControl to check that the keys in OEMCrypto
   // have the correct key control data.
   void VerifyTestKeys();
+  // This uses OEMCrypto_QueryKeyControl to check that the keys in OEMCrypto
+  // have the correct key control data.
+  void VerifyEntitlementTestKeys();
   // This creates a refresh key or license renewal message, signs it with the
   // server's mac key, and calls OEMCrypto_RefreshKeys.
   void RefreshTestKeys(const size_t key_count, uint32_t control_bits,
@@ -166,6 +194,12 @@ class Session {
   // before being loaded in LoadTestKeys.
   void FillSimpleMessage(uint32_t duration, uint32_t control, uint32_t nonce,
                          const std::string& pst = "");
+  // This fills the data structure license_ with entitlement key information.
+  // This data can be modified, and then should be encrypted and signed in
+  // EncryptAndSign before being loaded in LoadEnitlementTestKeys.
+  void FillSimpleEntitlementMessage(
+      uint32_t duration, uint32_t control,
+      uint32_t nonce, const std::string& pst = "");
   // Like FillSimpleMessage, this fills encrypted_license_ with data.  The name
   // is a little misleading: the license renewal message is not encrypted, it
   // is just signed.  The signature is computed in RefreshTestKeys, above.
@@ -339,7 +373,18 @@ class Session {
   // The size of the encrypted message.
   size_t message_size() { return message_size_; }
 
+  // If this session has an entitlement license.
+  bool has_entitlement_license() const { return has_entitlement_license_; }
+
  private:
+  // Generate mac and enc keys give the master key.
+  void DeriveKeys(const uint8_t* master_key,
+                  const vector<uint8_t>& mac_key_context,
+                  const vector<uint8_t>& enc_key_context);
+  // Internal utility function to derive key using CMAC-128
+  void DeriveKey(const uint8_t* key, const vector<uint8_t>& context,
+                 int counter, vector<uint8_t>* out);
+
   bool open_;
   bool forced_session_id_;
   OEMCrypto_SESSION session_id_;
@@ -360,6 +405,13 @@ class Session {
   vector<uint8_t> encrypted_usage_entry_;
   uint32_t usage_entry_number_;
   string pst_;
+  bool has_entitlement_license_;
+
+  // Clear Entitlement key data. This is the backing data for
+  // |entitled_key_array_|.
+  EntitledContentKeyData entitled_key_data_[kMaxNumKeys];
+  // Entitled key object. Pointers are backed by |entitled_key_data_|.
+  OEMCrypto_EntitledContentKeyObject entitled_key_array_[kMaxNumKeys];
 };
 
 }  // namespace wvoec