Update entitlement unit tests

This patch updates the entitlement keys in the sample code and in the unit tests to use AES 256.
2018-02-02 15:37:05 -08:00
parent 7b71a449d0
commit 44e206898d
14 changed files with 812 additions and 137 deletions
--- a/mock/oec_mock.gyp
+++ b/mock/oec_mock.gyp
@@ -1,41 +0,0 @@
-# Copyright 2013 Google Inc. All Rights Reserved.
-
-{
-  'target_defaults': {
-    # It seems that if one target uses -fPIC, then all targets will need that
-    # flag or else there will be linking errors.  For generating a shared
-    # library, we need position independent code.
-    'cflags': [
-      '-g',
-      '-fPIC',
-      '-std=gnu++98',
-    ],
-    'ldflags': [
-      '-fPIC',
-    ],
-  },
-  'targets': [
-    {
-      'target_name': 'oec_mock',
-      'type': 'static_library',
-      'sources': [
-        'src/oemcrypto_keybox_testkey.cpp',
-        'src/oemcrypto_engine_device_properties.cpp',
-      ],
-      'variables': {
-        'oec_mock_dir': '.',
-      },
-      'includes': [
-        'oec_mock_kernel.gypi',
-      ],
-    },
-    {
-      'target_name': 'oec_mock_shared',
-      'type': 'shared_library',
-      'dependencies': [
-        'oec_mock'
-        # TODO(joeyparrish or fredgc): circular dependencies. 'wvcdm_sysdep'
-      ],
-    },
-  ],
-}
--- a/mock/oec_mock_kernel.gypi
+++ b/mock/oec_mock_kernel.gypi
@@ -1,37 +0,0 @@
-# Copyright 2013 Google Inc. All Rights Reserved.
-
-# Define oec_mock_dir and include into your oec target.
-
-{
-  'include_dirs': [
-    '<(oec_mock_dir)/../../core/include',  # for lock.h and wvcdm_types.h
-    '<(oec_mock_dir)/../include',
-    '<(oec_mock_dir)/src',
-  ],
-  'direct_dependent_settings': {
-    'include_dirs': [
-      '<(oec_mock_dir)/../../core/include',
-      '<(oec_mock_dir)/../include',
-      '<(oec_mock_dir)/src',
-    ],
-  },
-  'sources': [
-    '<(oec_mock_dir)/src/keys.cpp',
-    '<(oec_mock_dir)/src/oemcrypto_auth_mock.cpp',
-    '<(oec_mock_dir)/src/oemcrypto_engine_mock.cpp',
-    '<(oec_mock_dir)/src/oemcrypto_key_mock.cpp',
-    '<(oec_mock_dir)/src/oemcrypto_keybox_mock.cpp',
-    '<(oec_mock_dir)/src/oemcrypto_mock.cpp',
-    '<(oec_mock_dir)/src/oemcrypto_nonce_table.cpp',
-    '<(oec_mock_dir)/src/oemcrypto_old_usage_table_mock.cpp',
-    '<(oec_mock_dir)/src/oemcrypto_rsa_key_shared.cpp',
-    '<(oec_mock_dir)/src/oemcrypto_session.cpp',
-    '<(oec_mock_dir)/src/oemcrypto_session_key_table.cpp',
-    '<(oec_mock_dir)/src/oemcrypto_usage_table_mock.cpp',
-    '<(oec_mock_dir)/src/wvcrc.cpp',
-    '<(oec_mock_dir)/src/oemcrypto_logging.cpp',
-  ],
-  'dependencies': [
-    '<(oec_mock_dir)/../../third_party/boringssl/boringssl.gyp:crypto',
-  ],
-}
--- a/mock/src/oemcrypto_key_mock.h
+++ b/mock/src/oemcrypto_key_mock.h
@@ -95,8 +95,8 @@ class EntitlementKey : public Key {
  const std::vector<uint8_t>& content_key() { return content_key_; }
  const std::vector<uint8_t>& content_key_id() { return content_key_id_; }
  const std::vector<uint8_t>& entitlement_key() { return Key::value(); }
-  bool SetContentKey(const std::vector<uint8_t>& content_key,
-                     const std::vector<uint8_t>& content_key_id) {
+  bool SetContentKey(const std::vector<uint8_t>& content_key_id,
+                     const std::vector<uint8_t>& content_key) {
    content_key_.assign(content_key.begin(), content_key.end());
    content_key_id_.assign(content_key_id.begin(), content_key_id.end());
    return true;
--- a/mock/src/oemcrypto_session.cpp
+++ b/mock/src/oemcrypto_session.cpp
@@ -73,9 +73,8 @@ class ContentKeysContext : public SessionContextKeys {
  virtual bool SetContentKey(const KeyId& entitlement_id,
                             const KeyId& content_key_id,
                             const std::vector<uint8_t>& content_key);
-  virtual bool GetEntitlementKey(
-      const KeyId& entitlement_id,
-      const std::vector<uint8_t>** entitlement_key);
+  virtual bool GetEntitlementKey(const KeyId& entitlement_id,
+                                 const std::vector<uint8_t>** entitlement_key);

 private:
  SessionKeyTable session_keys_;
@@ -105,8 +104,8 @@ bool ContentKeysContext::SetContentKey(
  return false;
 }

-bool ContentKeysContext::GetEntitlementKey(
-    const KeyId& entitlement_id, const std::vector<uint8_t>** key) {
+bool ContentKeysContext::GetEntitlementKey(const KeyId& entitlement_id,
+                                           const std::vector<uint8_t>** key) {
  // Unsupported action for this type.
  return false;
 };
@@ -314,7 +313,7 @@ bool SessionContext::GenerateSignature(const uint8_t* message,
    return false;
  }

-  const uint8_t *mac_key = NULL;
+  const uint8_t* mac_key = NULL;
  bool using_usage_mac_key_client = false;
  if (mac_key_client_.size() == wvcdm::MAC_KEY_SIZE) {
    // If we have a mac key, use it.
@@ -333,7 +332,7 @@ bool SessionContext::GenerateSignature(const uint8_t* message,
  }

  if (using_usage_mac_key_client &&
-        LogCategoryEnabled(kLoggingDumpDerivedKeys)) {
+      LogCategoryEnabled(kLoggingDumpDerivedKeys)) {
    std::vector<uint8_t> usage_entry_mac_key_client(
        usage_entry_->mac_key_client(),
        usage_entry_->mac_key_client() + wvcdm::MAC_KEY_SIZE * sizeof(uint8_t));
@@ -620,9 +619,9 @@ OEMCryptoResult SessionContext::LoadKeys(
    key_control_iv.assign(key_array[i].key_control_iv,
                          key_array[i].key_control_iv + wvcdm::KEY_IV_SIZE);

-    OEMCryptoResult result = InstallKey(
-        key_id, enc_key_data, key_data_iv, key_control, key_control_iv,
-        second_license);
+    OEMCryptoResult result =
+        InstallKey(key_id, enc_key_data, key_data_iv, key_control,
+                   key_control_iv, second_license);
    if (result != OEMCrypto_SUCCESS) {
      status = result;
      break;
@@ -683,8 +682,7 @@ OEMCryptoResult SessionContext::LoadKeys(
 }

 OEMCryptoResult SessionContext::LoadEntitledContentKeys(
-      size_t num_keys,
-      const OEMCrypto_EntitledContentKeyObject* key_array) {
+    size_t num_keys, const OEMCrypto_EntitledContentKeyObject* key_array) {
  if (!key_array) {
    return OEMCrypto_ERROR_UNKNOWN_FAILURE;
  }
@@ -694,9 +692,9 @@ OEMCryptoResult SessionContext::LoadEntitledContentKeys(
  for (size_t i = 0; i < num_keys; ++i) {
    const OEMCrypto_EntitledContentKeyObject* key_data = &key_array[i];
    std::vector<uint8_t> entitlement_key_id;
-    entitlement_key_id.assign(key_data->entitlement_key_id,
-                              key_data->entitlement_key_id +
-                              key_data->entitlement_key_id_length);
+    entitlement_key_id.assign(
+        key_data->entitlement_key_id,
+        key_data->entitlement_key_id + key_data->entitlement_key_id_length);

    const std::vector<uint8_t>* entitlement_key = NULL;
    if (!session_keys_->GetEntitlementKey(entitlement_key_id,
@@ -716,12 +714,12 @@ OEMCryptoResult SessionContext::LoadEntitledContentKeys(
    content_key_id.assign(
        key_data->content_key_id,
        key_data->content_key_id + key_data->content_key_id_length);
-    if (!DecryptEntitlement(*entitlement_key, iv,
-                            encrypted_content_key, &content_key)) {
+    if (!DecryptMessage(*entitlement_key, iv, encrypted_content_key,
+                        &content_key)) {
      return OEMCrypto_ERROR_UNKNOWN_FAILURE;
    }
-    if (!session_keys_->SetContentKey(
-        entitlement_key_id, content_key_id, content_key)) {
+    if (!session_keys_->SetContentKey(entitlement_key_id, content_key_id,
+                                      content_key)) {
      return OEMCrypto_ERROR_UNKNOWN_FAILURE;
    }
  }
@@ -732,8 +730,7 @@ OEMCryptoResult SessionContext::InstallKey(
    const KeyId& key_id, const std::vector<uint8_t>& key_data,
    const std::vector<uint8_t>& key_data_iv,
    const std::vector<uint8_t>& key_control,
-    const std::vector<uint8_t>& key_control_iv,
-    bool second_license) {
+    const std::vector<uint8_t>& key_control_iv, bool second_license) {
  // Decrypt encrypted key_data using derived encryption key and offered iv
  std::vector<uint8_t> content_key;
  std::vector<uint8_t> key_control_str;
@@ -1339,26 +1336,7 @@ bool SessionContext::DecryptMessage(const std::vector<uint8_t>& key,
  uint8_t iv_buffer[16];
  memcpy(iv_buffer, &iv[0], 16);
  AES_KEY aes_key;
-  AES_set_decrypt_key(&key[0], 128, &aes_key);
-  AES_cbc_encrypt(&message[0], &(decrypted->front()), message.size(), &aes_key,
-                  iv_buffer, AES_DECRYPT);
-  return true;
-}
-
-bool SessionContext::DecryptEntitlement(
-    const std::vector<uint8_t>& key,
-    const std::vector<uint8_t>& iv,
-    const std::vector<uint8_t>& message,
-    std::vector<uint8_t>* decrypted) {
-  if (key.empty() || iv.empty() || message.empty() || !decrypted) {
-    LOGE("[DecryptMessage(): OEMCrypto_ERROR_INVALID_CONTEXT]");
-    return false;
-  }
-  decrypted->resize(message.size());
-  uint8_t iv_buffer[16];
-  memcpy(iv_buffer, &iv[0], 16);
-  AES_KEY aes_key;
-  AES_set_decrypt_key(&key[0], 256, &aes_key);
+  AES_set_decrypt_key(&key[0], key.size() * 8, &aes_key);
  AES_cbc_encrypt(&message[0], &(decrypted->front()), message.size(), &aes_key,
                  iv_buffer, AES_DECRYPT);
  return true;
--- a/mock/src/oemcrypto_session.h
+++ b/mock/src/oemcrypto_session.h
@@ -190,10 +190,6 @@ class SessionContext {
                      const std::vector<uint8_t>& iv,
                      const std::vector<uint8_t>& message,
                      std::vector<uint8_t>* decrypted);
-  bool DecryptEntitlement(const std::vector<uint8_t>& key,
-                          const std::vector<uint8_t>& iv,
-                          const std::vector<uint8_t>& message,
-                          std::vector<uint8_t>* decrypted);
  // Either verify the nonce or usage entry, as required by the key control
  // block.
  OEMCryptoResult CheckNonceOrEntry(const KeyControlBlock& key_control_block);