Update copyright notice and fix entitlement key sizes

This change updates the copyright notice to make it more clear that the code is distribued under the Widevine Master License Agreement. It also updates the unit tests and sample code to correct the useage of AES 256. AES 256 is used to decrypt entitled content keys, but it is not used to decrypt key control blocks.
2018-04-18 11:43:47 -07:00
parent 44e206898d
commit 16d9abca4c
45 changed files with 186 additions and 90 deletions
--- a/include/OEMCryptoCENC.h
+++ b/include/OEMCryptoCENC.h
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.

 /*********************************************************************
 * OEMCryptoCENC.h
--- a/include/level3.h
+++ b/include/level3.h
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.

 /*********************************************************************
 * level3.h
--- a/include/level3_file_system.h
+++ b/include/level3_file_system.h
@@ -1,4 +1,6 @@
-// Copyright 2017 Google Inc. All Rights Reserved
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.

 /*********************************************************************
 * level3_file_system.h
--- a/include/oemcrypto_logging.h
+++ b/include/oemcrypto_logging.h
@@ -1,4 +1,6 @@
-// Copyright 2014 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.

 #ifndef WVOEC_OEMCRYPTO_LOGGING_H_
 #define WVOEC_OEMCRYPTO_LOGGING_H_
--- a/include/pst_report.h
+++ b/include/pst_report.h
@@ -1,4 +1,6 @@
-// Copyright 2017 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.

 /*********************************************************************
 * pst_report.h
--- a/mock/README.md
+++ b/mock/README.md
@@ -0,0 +1,5 @@
+# Mock OEMCrypto
+
+This directory contains a testing-only implementation of OEMCrypto. **This
+implementation is *NOT* suitable for production use and should *NOT* be released
+on devices.**
--- a/mock/src/oemcrypto_auth_mock.cpp
+++ b/mock/src/oemcrypto_auth_mock.cpp
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_auth_mock.h
+++ b/mock/src/oemcrypto_auth_mock.h
@@ -1,4 +1,6 @@
-// Copyright 2016 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_engine_device_properties.cpp
+++ b/mock/src/oemcrypto_engine_device_properties.cpp
@@ -1,4 +1,6 @@
-// Copyright 2014 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_engine_device_properties_L1.cpp
+++ b/mock/src/oemcrypto_engine_device_properties_L1.cpp
@@ -1,4 +1,6 @@
-// Copyright 2014 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_engine_device_properties_cert.cpp
+++ b/mock/src/oemcrypto_engine_device_properties_cert.cpp
@@ -1,4 +1,6 @@
-// Copyright 2015 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_engine_device_properties_mod.cpp
+++ b/mock/src/oemcrypto_engine_device_properties_mod.cpp
@@ -1,4 +1,6 @@
-// Copyright 2017 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_engine_device_properties_prov30.cpp
+++ b/mock/src/oemcrypto_engine_device_properties_prov30.cpp
@@ -1,4 +1,6 @@
-// Copyright 2016 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_engine_mock.cpp
+++ b/mock/src/oemcrypto_engine_mock.cpp
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_engine_mock.h
+++ b/mock/src/oemcrypto_engine_mock.h
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_key_mock.cpp
+++ b/mock/src/oemcrypto_key_mock.cpp
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_key_mock.h
+++ b/mock/src/oemcrypto_key_mock.h
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_keybox_mock.cpp
+++ b/mock/src/oemcrypto_keybox_mock.cpp
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_keybox_mock.h
+++ b/mock/src/oemcrypto_keybox_mock.h
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_keybox_testkey.cpp
+++ b/mock/src/oemcrypto_keybox_testkey.cpp
@@ -1,4 +1,6 @@
-// Copyright 2014 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Test keybox.

--- a/mock/src/oemcrypto_logging.cpp
+++ b/mock/src/oemcrypto_logging.cpp
@@ -1,4 +1,6 @@
-// Copyright 2014 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.

 #include "oemcrypto_logging.h"

--- a/mock/src/oemcrypto_mock.cpp
+++ b/mock/src/oemcrypto_mock.cpp
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 // Reference implementation of OEMCrypto APIs
 //
@@ -115,7 +117,7 @@ extern "C" OEMCryptoResult OEMCrypto_OpenSession(OEMCrypto_SESSION* session) {
  SessionId sid = crypto_engine->CreateSession();
  *session = (OEMCrypto_SESSION)sid;
  if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
-    LOGD("[OEMCrypto_OpenSession(): SID=%08x]", sid);
+    LOGD("[OEMCrypto_OpenSession(): SID=%08X]", sid);
  }
  return OEMCrypto_SUCCESS;
 }
@@ -238,7 +240,7 @@ extern "C" OEMCryptoResult OEMCrypto_GenerateNonce(OEMCrypto_SESSION session,
  session_ctx->AddNonce(nonce_value);
  *nonce = nonce_value;
  if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
-    LOGI("nonce = %08x\n", nonce_value);
+    LOGI("nonce = %08X\n", nonce_value);
  }
  return OEMCrypto_SUCCESS;
 }
--- a/mock/src/oemcrypto_nonce_table.cpp
+++ b/mock/src/oemcrypto_nonce_table.cpp
@@ -1,4 +1,6 @@
-// Copyright 2017 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_nonce_table.h
+++ b/mock/src/oemcrypto_nonce_table.h
@@ -1,4 +1,6 @@
-// Copyright 2017 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_old_usage_table_mock.cpp
+++ b/mock/src/oemcrypto_old_usage_table_mock.cpp
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_old_usage_table_mock.h
+++ b/mock/src/oemcrypto_old_usage_table_mock.h
@@ -1,4 +1,6 @@
- // Copyright 2013 Google Inc. All Rights Reserved.
+ // Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+ // source code may only be used and distributed under the Widevine Master
+ // License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_rsa_key_shared.cpp
+++ b/mock/src/oemcrypto_rsa_key_shared.cpp
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
@@ -14,20 +16,19 @@

 #include "oemcrypto_logging.h"

-namespace {
-
-void dump_openssl_error() {
-  while (unsigned long err = ERR_get_error()) {
-    char buffer[120];
-    LOGE("openssl error -- %lu -- %s",
-         err, ERR_error_string(err, buffer));
-  }
-}
-
-}  // namespace
-
 namespace wvoec_mock {

+void dump_boringssl_error() {
+  int count = 0;
+  while (unsigned long err = ERR_get_error()) {
+    count++;
+    char buffer[120];
+    ERR_error_string_n(err, buffer, sizeof(buffer));
+    LOGE("BoringSSL Error %d -- %lu -- %s", count, err, buffer);
+  }
+  LOGE("Reported %d BoringSSL Errors", count);
+}
+
 void RSA_shared_ptr::reset() {
  if (rsa_key_ && key_owned_) {
    RSA_free(rsa_key_);
@@ -52,6 +53,7 @@ bool RSA_shared_ptr::LoadPkcs8RsaKey(const uint8_t* buffer, size_t length) {
    pkcs8_pki = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL);
    if (pkcs8_pki == NULL) {
      LOGE("[LoadPkcs8RsaKey(): d2i_PKCS8_PRIV_KEY_INFO_bio returned NULL]");
+      dump_boringssl_error();
      success = false;
    }
  }
@@ -60,6 +62,7 @@ bool RSA_shared_ptr::LoadPkcs8RsaKey(const uint8_t* buffer, size_t length) {
    evp = EVP_PKCS82PKEY(pkcs8_pki);
    if (evp == NULL) {
      LOGE("[LoadPkcs8RsaKey(): EVP_PKCS82PKEY returned NULL]");
+      dump_boringssl_error();
      success = false;
    }
  }
@@ -86,11 +89,11 @@ bool RSA_shared_ptr::LoadPkcs8RsaKey(const uint8_t* buffer, size_t length) {
      return true;
    case 0:  // not valid.
      LOGE("[LoadPkcs8RsaKey(): rsa key not valid]");
-      dump_openssl_error();
+      dump_boringssl_error();
      return false;
    default:  // -1 == check failed.
      LOGE("[LoadPkcs8RsaKey(): error checking rsa key]");
-      dump_openssl_error();
+      dump_boringssl_error();
      return false;
  }
 }
--- a/mock/src/oemcrypto_rsa_key_shared.h
+++ b/mock/src/oemcrypto_rsa_key_shared.h
@@ -1,4 +1,6 @@
-// Copyright 2016 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
@@ -32,6 +34,9 @@ class RSA_shared_ptr {
  bool key_owned_;
 };

+// Log errors from BoringSSL.
+void dump_boringssl_error();
+
 }  // namespace wvoec_mock

 #endif  // OEMCRYPTO_RSA_KEY_SHARED_H_
--- a/mock/src/oemcrypto_session.cpp
+++ b/mock/src/oemcrypto_session.cpp
@@ -1,4 +1,6 @@
-// Copyright 2017 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
@@ -43,15 +45,6 @@ void ctr128_inc64(uint8_t* counter) {
    if (++counter[--n] != 0) return;
  } while (n > 8);
 }
-
-void dump_boringssl_error() {
-  while (unsigned long err = ERR_get_error()) {
-    char buffer[120];
-    ERR_error_string_n(err, buffer, sizeof(buffer));
-    LOGE("BoringSSL Error -- %lu -- %s", err, buffer);
-  }
-}
-
 }  // namespace

 namespace wvoec_mock {
@@ -715,7 +708,7 @@ OEMCryptoResult SessionContext::LoadEntitledContentKeys(
        key_data->content_key_id,
        key_data->content_key_id + key_data->content_key_id_length);
    if (!DecryptMessage(*entitlement_key, iv, encrypted_content_key,
-                        &content_key)) {
+                        &content_key, 256 /* key size */)) {
      return OEMCrypto_ERROR_UNKNOWN_FAILURE;
    }
    if (!session_keys_->SetContentKey(entitlement_key_id, content_key_id,
@@ -735,7 +728,8 @@ OEMCryptoResult SessionContext::InstallKey(
  std::vector<uint8_t> content_key;
  std::vector<uint8_t> key_control_str;

-  if (!DecryptMessage(encryption_key_, key_data_iv, key_data, &content_key)) {
+  if (!DecryptMessage(encryption_key_, key_data_iv, key_data, &content_key,
+                      128 /* key size */)) {
    LOGE("[Installkey(): Could not decrypt key data]");
    return OEMCrypto_ERROR_UNKNOWN_FAILURE;
  }
@@ -758,7 +752,7 @@ OEMCryptoResult SessionContext::InstallKey(
    return OEMCrypto_ERROR_INVALID_CONTEXT;
  }
  if (!DecryptMessage(content_key, key_control_iv, key_control,
-                      &key_control_str)) {
+                      &key_control_str, 128 /* key size */)) {
    LOGE("[Installkey(): ERROR: Could not decrypt content key]");
    return OEMCrypto_ERROR_UNKNOWN_FAILURE;
  }
@@ -890,7 +884,7 @@ OEMCryptoResult SessionContext::RefreshKey(
      LOGD("Key control block is encrypted.");
    }
    if (!DecryptMessage(content_key_value, key_control_iv, key_control,
-                        &control)) {
+                        &control, 128 /* key size */)) {
      if (LogCategoryEnabled(kLoggingDumpKeyControlBlocks)) {
        LOGD("Error decrypting key control block.");
      }
@@ -1179,7 +1173,8 @@ bool SessionContext::UpdateMacKeys(const std::vector<uint8_t>& enc_mac_keys,
                                   const std::vector<uint8_t>& iv) {
  // Decrypt mac key from enc_mac_key using device_keya
  std::vector<uint8_t> mac_keys;
-  if (!DecryptMessage(encryption_key_, iv, enc_mac_keys, &mac_keys)) {
+  if (!DecryptMessage(encryption_key_, iv, enc_mac_keys, &mac_keys,
+                      128 /* key size */)) {
    return false;
  }
  mac_key_server_ = std::vector<uint8_t>(
@@ -1327,7 +1322,8 @@ OEMCryptoResult SessionContext::CopyOldUsageEntry(
 bool SessionContext::DecryptMessage(const std::vector<uint8_t>& key,
                                    const std::vector<uint8_t>& iv,
                                    const std::vector<uint8_t>& message,
-                                    std::vector<uint8_t>* decrypted) {
+                                    std::vector<uint8_t>* decrypted,
+                                    uint32_t key_size) {
  if (key.empty() || iv.empty() || message.empty() || !decrypted) {
    LOGE("[DecryptMessage(): OEMCrypto_ERROR_INVALID_CONTEXT]");
    return false;
@@ -1336,7 +1332,7 @@ bool SessionContext::DecryptMessage(const std::vector<uint8_t>& key,
  uint8_t iv_buffer[16];
  memcpy(iv_buffer, &iv[0], 16);
  AES_KEY aes_key;
-  AES_set_decrypt_key(&key[0], key.size() * 8, &aes_key);
+  AES_set_decrypt_key(&key[0], key_size, &aes_key);
  AES_cbc_encrypt(&message[0], &(decrypted->front()), message.size(), &aes_key,
                  iv_buffer, AES_DECRYPT);
  return true;
--- a/mock/src/oemcrypto_session.h
+++ b/mock/src/oemcrypto_session.h
@@ -1,4 +1,6 @@
-// Copyright 2017 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
@@ -189,7 +191,8 @@ class SessionContext {
  bool DecryptMessage(const std::vector<uint8_t>& key,
                      const std::vector<uint8_t>& iv,
                      const std::vector<uint8_t>& message,
-                      std::vector<uint8_t>* decrypted);
+                      std::vector<uint8_t>* decrypted,
+                      uint32_t key_size);  // AES key size, in bits.
  // Either verify the nonce or usage entry, as required by the key control
  // block.
  OEMCryptoResult CheckNonceOrEntry(const KeyControlBlock& key_control_block);
--- a/mock/src/oemcrypto_session_key_table.cpp
+++ b/mock/src/oemcrypto_session_key_table.cpp
@@ -1,4 +1,6 @@
-// Copyright 2017 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_session_key_table.h
+++ b/mock/src/oemcrypto_session_key_table.h
@@ -1,4 +1,6 @@
-// Copyright 2017 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_usage_table_mock.cpp
+++ b/mock/src/oemcrypto_usage_table_mock.cpp
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/oemcrypto_usage_table_mock.h
+++ b/mock/src/oemcrypto_usage_table_mock.h
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 //  Mock implementation of OEMCrypto APIs
 //
--- a/mock/src/wv_keybox.h
+++ b/mock/src/wv_keybox.h
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.

 #ifndef WV_KEYBOX_H_
 #define WV_KEYBOX_H_
--- a/mock/src/wvcrc.cpp
+++ b/mock/src/wvcrc.cpp
@@ -1,4 +1,6 @@
-// Copyright 2012 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 // Compute CRC32 Checksum. Needed for verification of WV Keybox.
 //
--- a/mock/src/wvcrc32.h
+++ b/mock/src/wvcrc32.h
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 // Compute CRC32 Checksum. Needed for verification of WV Keybox.
 //
--- a/mock/test/oemcrypto_logging_test.cpp
+++ b/mock/test/oemcrypto_logging_test.cpp
@@ -1,4 +1,6 @@
-// Copyright 2014 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.

 #include "OEMCryptoCENC.h"

--- a/test/oec_device_features.cpp
+++ b/test/oec_device_features.cpp
@@ -1,4 +1,6 @@
-// Copyright 2016 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 // OEMCrypto device features for unit tests
 //
@@ -186,8 +188,8 @@ bool DeviceFeatures::IsTestKeyboxInstalled() {
  size_t key_data_len = sizeof(key_data);
  if (OEMCrypto_GetKeyData(key_data, &key_data_len) != OEMCrypto_SUCCESS)
    return false;
-  if (key_data_len != sizeof(kTestKeybox.data_)) return false;
-  if (memcmp(key_data, kTestKeybox.data_, key_data_len)) return false;
+  if (key_data_len != sizeof(kValidKeybox01.data_)) return false;
+  if (memcmp(key_data, kValidKeybox01.data_, key_data_len)) return false;
  uint8_t dev_id[128] = {0};
  size_t dev_id_len = 128;
  if (OEMCrypto_GetDeviceID(dev_id, &dev_id_len) != OEMCrypto_SUCCESS)
@@ -195,8 +197,8 @@ bool DeviceFeatures::IsTestKeyboxInstalled() {
  // We use strncmp instead of memcmp because we don't really care about the
  // multiple '\0' characters at the end of the device id.
  return 0 == strncmp(reinterpret_cast<const char*>(dev_id),
-                      reinterpret_cast<const char*>(kTestKeybox.device_id_),
-                      sizeof(kTestKeybox.device_id_));
+                      reinterpret_cast<const char*>(kValidKeybox01.device_id_),
+                      sizeof(kValidKeybox01.device_id_));
 }

 void DeviceFeatures::FilterOut(std::string* current_filter,
--- a/test/oec_session_util.cpp
+++ b/test/oec_session_util.cpp
@@ -1,4 +1,6 @@
-// Copyright 2016 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 // OEMCrypto unit tests
 //
@@ -105,8 +107,9 @@ Session::Session()
      enc_key_(wvcdm::KEY_SIZE),
      public_rsa_(0),
      message_size_(sizeof(MessageData)),
-      num_keys_(4) {  // Most tests only use 4 keys.
+      num_keys_(4),  // Most tests only use 4 keys.
      // Other tests will explicitly call set_num_keys.
+      has_entitlement_license_(false) {
  // Stripe the padded message.
  for (size_t i = 0; i < sizeof(padded_message_.padding); i++) {
    padded_message_.padding[i] = i % 0x100;
@@ -310,6 +313,7 @@ void Session::LoadEnitlementTestKeys(const std::string& pst,
 }

 void Session::FillEntitledKeyArray() {
+  has_entitlement_license_ = true;
  for (size_t i = 0; i < num_keys_; ++i) {
    EntitledContentKeyData* key_data = &entitled_key_data_[i];

@@ -594,10 +598,10 @@ void Session::EncryptAndSign() {
  AES_cbc_encrypt(&license_.mac_keys[0], &encrypted_license().mac_keys[0],
                  2 * wvcdm::MAC_KEY_SIZE, &aes_key, iv_buffer, AES_ENCRYPT);

+  int key_size = has_entitlement_license() ? 256 : 128;
  for (unsigned int i = 0; i < num_keys_; i++) {
    memcpy(iv_buffer, &license_.keys[i].control_iv[0], wvcdm::KEY_IV_SIZE);
-    AES_set_encrypt_key(&license_.keys[i].key_data[0],
-                        license_.keys[i].key_data_length * 8, &aes_key);
+    AES_set_encrypt_key(&license_.keys[i].key_data[0], key_size, &aes_key);
    AES_cbc_encrypt(
        reinterpret_cast<const uint8_t*>(&license_.keys[i].control),
        reinterpret_cast<uint8_t*>(&encrypted_license().keys[i].control),
--- a/test/oec_session_util.h
+++ b/test/oec_session_util.h
@@ -1,7 +1,9 @@
 #ifndef CDM_OEC_SESSION_UTIL_H_
 #define CDM_OEC_SESSION_UTIL_H_

-// Copyright 2016 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 // OEMCrypto unit tests
 //
@@ -370,6 +372,9 @@ class Session {
  // The size of the encrypted message.
  size_t message_size() { return message_size_; }

+  // If this session has an entitlement license.
+  bool has_entitlement_license() const { return has_entitlement_license_; }
+
 private:
  // Generate mac and enc keys give the master key.
  void DeriveKeys(const uint8_t* master_key,
@@ -399,6 +404,7 @@ class Session {
  vector<uint8_t> encrypted_usage_entry_;
  uint32_t usage_entry_number_;
  string pst_;
+  bool has_entitlement_license_;

  // Clear Entitlement key data. This is the backing data for
  // |entitled_key_array_|.
--- a/test/oec_test_data.h
+++ b/test/oec_test_data.h
@@ -1,4 +1,6 @@
-// Copyright 2016 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 // Test data for OEMCrypto unit tests.
 //
--- a/test/oemcrypto_session_tests_helper.cpp
+++ b/test/oemcrypto_session_tests_helper.cpp
@@ -104,10 +104,10 @@ void SessionUtil::EnsureTestKeys() {
    case DeviceFeatures::LOAD_TEST_KEYBOX:
      keybox_ = kTestKeybox;
      /* Note: If you are upgrading from an older version, it may be easier to
-       * uncomment the following line.  This uses the same test keybox as we
+       * force the following condition.  This uses the same test keybox as we
       * used in older versions of this test.
      */
-      // keybox_ = kValidKeybox01;
+      if (global_features.api_version < 14) keybox_ = kValidKeybox01;
      ASSERT_EQ(OEMCrypto_SUCCESS,
                OEMCrypto_LoadTestKeybox(
                    reinterpret_cast<const uint8_t*>(&keybox_),
@@ -117,8 +117,8 @@ void SessionUtil::EnsureTestKeys() {
      ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_LoadTestRSAKey());
      break;
    case DeviceFeatures::EXISTING_TEST_KEYBOX:
-      // already has test keybox.
-      keybox_ = kTestKeybox;
+      // already has old test keybox.
+      keybox_ = kValidKeybox01;
      break;
    case DeviceFeatures::FORCE_TEST_KEYBOX:
      keybox_ = kTestKeybox;
--- a/test/oemcrypto_test.cpp
+++ b/test/oemcrypto_test.cpp
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 // OEMCrypto unit tests
 //
@@ -828,7 +830,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithNoMAC) {
  ASSERT_EQ(expected_signature, signature);
 }

-TEST_F(OEMCryptoSessionTests, LoadEntitlementKeys) {
+TEST_F(OEMCryptoSessionTests, LoadEntitlementKeysAPI14) {
  Session s;
  ASSERT_NO_FATAL_FAILURE(s.open());
  ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s));
@@ -841,7 +843,7 @@ TEST_F(OEMCryptoSessionTests, LoadEntitlementKeys) {
  ASSERT_NO_FATAL_FAILURE(s.LoadEntitledContentKeys());
 }

-TEST_F(OEMCryptoSessionTests, LoadEntitlementKeysNoEntitlementKeys) {
+TEST_F(OEMCryptoSessionTests, LoadEntitlementKeysNoEntitlementKeysAPI14) {
  Session s;
  ASSERT_NO_FATAL_FAILURE(s.open());
  ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s));
--- a/test/oemcrypto_test_android.cpp
+++ b/test/oemcrypto_test_android.cpp
@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 //
 // OEMCrypto unit tests - extra tests required for Android platform.
 //