widevine-partner/whitebox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix feature configuration and assert it in tests

Browse Source 
- ENABLE_LICENSE_PROTOCOL_2_2 and WORKAROUND_STRIP_PADDING_BUG
  were only enabled in chrome and chromeos build types, but it
  should be in ce as well.
- Modify tests to assert that features are not implemented if
  not specified in build type configuration.
- Update readme to list all build types.
This commit is contained in:
Vasily Tarasov
2024-05-24 22:42:51 +00:00
parent 8471679a9f
commit 5229a4fdd4
12 changed files with 331 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
whitebox/README.md
View File

@@ -30,7 +30,26 @@ To build the full repo and run all tests, from within or below the repo root
bazel build "//..."
bazel test "//..."
```
## Security Level
## Build Types
Tests and the reference implementation support three build types:
```bash
bazel test "//..." --//:build_type=chrome
bazel test "//..." --//:build_type=chromeos
bazel test "//..." --//:build_type=ce
```
Bazel configures preprocessor definitions for both tests and reference
implementation according to which features are expected to be present
or not.
The external implementations don't need to use these pre-processor defines to
control which interpretation is used, but they must conform to one of them and
pass the tests for the corresponding build type.
### Security Level
There are two possible interpretations of the `SW_SECURE_DECODE` security level:
first is used by Chrome, where it can only be used with the "masked" decrypt
@@ -40,17 +59,7 @@ path; the second is used by the CE CDM where it is treated the same as
Both the tests and the reference implementation support both interpretations.
Selecting which one is done using a pre-processor define
`ALWAYS_DECRYPT_TO_CLEAR`. This is set automatically by Bazel based on the
build type, which can be set with either `--//:build_type=chrome` or
`--//:build_type=ce` (defaulting to Chrome). This also controls the tests and
their expectations. e.g.
```bash
bazel test ... --//:build_type=ce
```
The external implementations don't need to use this pre-processor define to
control which interpretation is used, but it must conform to one of them and
pass the associated tests.
build type.
## API

15
whitebox/api/BUILD
View File

@@ -4,7 +4,13 @@ package(default_visibility = ["//visibility:private"])
cc_library(
name = "shared_settings",
defines = select({
defines = [
"ENABLE_LICENSE_PROTOCOL_2_2",
# Needed when talking to server SDKs [v16.3.3, v16.4.3] with license
# protocol v2.2 enabled (b/177271059).
# TODO(kqyang): Remove the flag after deprecating v16.x server SDKs.
"WORKAROUND_STRIP_PADDING_BUG",
] + select({
"//:is_ce_disable_entitlement": [],
"//:is_ce": ["HAS_ENTITLEMENT"],
"//conditions:default": [],
@@ -16,13 +22,8 @@ cc_library(
],
"//:is_old_api": [],
"//:is_old_vmpra": [],
"//conditions:default": [ # Chrome
"//conditions:default": [ # Chrome, including ChromeOS
"HAS_PROVIDER_KEYS",
"ENABLE_LICENSE_PROTOCOL_2_2",
# Needed when talking to server SDKs [v16.3.3, v16.4.3] with license
# protocol v2.2 enabled (b/177271059).
# TODO(kqyang): Remove the flag after deprecating v16.x server SDKs.
"WORKAROUND_STRIP_PADDING_BUG",
"PROVIDER_KEY_SW_SECURE_CRYPTO_ABOVE",
],
}) + select({

4
whitebox/api/license_whitebox_decrypt_test.cc
View File

@@ -77,8 +77,10 @@ class LicenseWhiteboxDecryptTest
license.session_key.size(), provider_key_id, license.request.data(),
license.request.size());
#ifndef HAS_PROVIDER_KEYS
if (provider_key_id != 0 && result == WB_RESULT_NOT_IMPLEMENTED)
if (provider_key_id != kNoProviderKeyId) {
EXPECT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
return false;
}
#endif
EXPECT_EQ(result, WB_RESULT_OK);
return true;

72
whitebox/api/license_whitebox_entitlement_content_key_test.cc
View File

@@ -36,18 +36,25 @@ class LicenseWhiteboxEntitlementContentKeyTest
};
TEST_P(LicenseWhiteboxEntitlementContentKeyTest, Decrypt) {
int provider_key_id = GetParam();
auto result = WB_License_ProcessLicenseResponse(
whitebox_, WB_LICENSE_KEY_MODE_DUAL_KEY, license_.core_message.data(),
license_.core_message.size(), license_.message.data(),
license_.message.size(), license_.signature.data(),
license_.signature.size(), license_.session_key.data(),
license_.session_key.size(), GetParam(), license_.request.data(),
license_.session_key.size(), provider_key_id, license_.request.data(),
license_.request.size());
#ifndef HAS_ENTITLEMENT
if (result == WB_RESULT_NOT_IMPLEMENTED)
#ifndef HAS_PROVIDER_KEYS
if (provider_key_id != kNoProviderKeyId) {
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
GTEST_SKIP();
}
#endif
#ifndef HAS_ENTITLEMENT
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
const KeyId key_id = golden_data_.GetFreeId();
auto& content = golden_data_.EntitlementContent();
@@ -57,21 +64,25 @@ TEST_P(LicenseWhiteboxEntitlementContentKeyTest, Decrypt) {
content.key_data_iv.data(), content.key_data_iv.size(),
content.key_data.data(), content.key_data.size());
#ifndef HAS_ENTITLEMENT
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
std::vector<uint8_t> decrypted(content.plaintext.size());
size_t decrypted_size = decrypted.size();
ASSERT_EQ(
WB_License_Decrypt(whitebox_, WB_CIPHER_MODE_CTR, key_id.data(),
key_id.size(), content.ciphertext.data(),
content.ciphertext.size(), content.iv.data(),
content.iv.size(), &decrypted[0], &decrypted_size),
WB_RESULT_OK);
result = WB_License_Decrypt(
whitebox_, WB_CIPHER_MODE_CTR, key_id.data(), key_id.size(),
content.ciphertext.data(), content.ciphertext.size(), content.iv.data(),
content.iv.size(), &decrypted[0], &decrypted_size);
#ifndef HAS_ENTITLEMENT
ASSERT_EQ(result, WB_RESULT_INVALID_STATE);
#else
ASSERT_EQ(result, WB_RESULT_OK);
decrypted.resize(decrypted_size);
EXPECT_EQ(decrypted, content.plaintext);
#endif
}
TEST_F(LicenseWhiteboxEntitlementContentKeyTest, Remove) {
@@ -83,10 +94,10 @@ TEST_F(LicenseWhiteboxEntitlementContentKeyTest, Remove) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_ENTITLEMENT
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
const KeyId key_id = golden_data_.GetFreeId();
auto& content = golden_data_.EntitlementContent();
@@ -96,23 +107,30 @@ TEST_F(LicenseWhiteboxEntitlementContentKeyTest, Remove) {
content.key_data_iv.data(), content.key_data_iv.size(),
content.key_data.data(), content.key_data.size());
#ifndef HAS_ENTITLEMENT
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
ASSERT_EQ(WB_License_RemoveEntitledContentKey(whitebox_, key_id.data(),
key_id.size()),
WB_RESULT_OK);
result = WB_License_RemoveEntitledContentKey(whitebox_, key_id.data(),
key_id.size());
#ifndef HAS_ENTITLEMENT
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
std::vector<uint8_t> decrypted(content.plaintext.size());
size_t decrypted_size = decrypted.size();
ASSERT_EQ(
WB_License_Decrypt(whitebox_, WB_CIPHER_MODE_CTR, key_id.data(),
key_id.size(), content.ciphertext.data(),
content.ciphertext.size(), content.iv.data(),
content.iv.size(), &decrypted[0], &decrypted_size),
WB_RESULT_KEY_UNAVAILABLE);
result = WB_License_Decrypt(
whitebox_, WB_CIPHER_MODE_CTR, key_id.data(), key_id.size(),
content.ciphertext.data(), content.ciphertext.size(), content.iv.data(),
content.iv.size(), &decrypted[0], &decrypted_size);
#ifndef HAS_ENTITLEMENT
ASSERT_EQ(result, WB_RESULT_INVALID_STATE);
#else
ASSERT_EQ(result, WB_RESULT_KEY_UNAVAILABLE);
#endif
}
INSTANTIATE_TEST_SUITE_P(WithAndWithoutProviderKeyId,

227
whitebox/api/license_whitebox_generic_crypto_test.cc
View File

@@ -122,10 +122,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, NoContentDecrypt) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id =
@@ -137,10 +137,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, NoContentDecrypt) {
content.encrypted.size(), content.iv.data(),
content.iv.size(), actual.data(), &actual_size);
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_INVALID_STATE);
#else
ASSERT_EQ(result, WB_RESULT_KEY_UNAVAILABLE);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, NoGenericWithContent) {
@@ -159,10 +159,7 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, NoGenericWithContent) {
license_.signature.size(), license_.session_key.data(),
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
// Content key, expecting success regardless of HAS_GENERIC_CRYPTO support.
ASSERT_EQ(result, WB_RESULT_OK);
std::vector<uint8_t> actual(content.plaintext.size());
@@ -172,10 +169,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, NoGenericWithContent) {
content.ciphertext.size(), content.iv.data(), content.iv.size(),
actual.data(), &actual_size);
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_KEY_UNAVAILABLE);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, Decrypt) {
@@ -187,10 +184,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, Decrypt) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id =
@@ -202,14 +199,14 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, Decrypt) {
content.encrypted.size(), content.iv.data(), content.iv.size(),
actual.data(), &actual_size);
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
ASSERT_LE(actual_size, actual.size());
actual.resize(actual_size);
EXPECT_EQ(actual, content.plaintext);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptShortBuffer) {
@@ -221,10 +218,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptShortBuffer) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id =
@@ -235,11 +232,11 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptShortBuffer) {
content.encrypted.size(), content.iv.data(), content.iv.size(), nullptr,
&actual_size);
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_BUFFER_TOO_SMALL);
ASSERT_GT(actual_size, 0u);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptMissingKey) {
@@ -251,10 +248,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptMissingKey) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id =
@@ -266,10 +263,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptMissingKey) {
content.encrypted.size(), content.iv.data(), content.iv.size(),
actual.data(), &actual_size);
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_KEY_UNAVAILABLE);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptKeyUsage) {
@@ -281,10 +278,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptKeyUsage) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id = GetParam() ? content.sign_verify_key.id : content.sign_key.id;
@@ -295,10 +292,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptKeyUsage) {
content.encrypted.size(), content.iv.data(), content.iv.size(),
actual.data(), &actual_size);
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_INSUFFICIENT_PERMISSIONS);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptDataSize) {
@@ -310,10 +307,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptDataSize) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id =
@@ -326,10 +323,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptDataSize) {
content.encrypted.size() - 5, content.iv.data(), content.iv.size(),
actual.data(), &actual_size);
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_INVALID_PARAMETER);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, Encrypt) {
@@ -341,10 +338,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, Encrypt) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id =
@@ -356,14 +353,14 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, Encrypt) {
content.plaintext.size(), content.iv.data(), content.iv.size(),
actual.data(), &actual_size);
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
ASSERT_LE(actual_size, actual.size());
actual.resize(actual_size);
EXPECT_EQ(actual, content.encrypted);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptShortBuffer) {
@@ -375,10 +372,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptShortBuffer) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id =
@@ -389,11 +386,11 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptShortBuffer) {
content.plaintext.size(), content.iv.data(), content.iv.size(), nullptr,
&actual_size);
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_BUFFER_TOO_SMALL);
ASSERT_GT(actual_size, 0u);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptMissingKey) {
@@ -405,10 +402,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptMissingKey) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id =
@@ -420,10 +417,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptMissingKey) {
content.plaintext.size(), content.iv.data(), content.iv.size(),
actual.data(), &actual_size);
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_KEY_UNAVAILABLE);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptKeyUsage) {
@@ -435,10 +432,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptKeyUsage) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id = GetParam() ? content.sign_verify_key.id : content.sign_key.id;
@@ -449,10 +446,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptKeyUsage) {
content.plaintext.size(), content.iv.data(), content.iv.size(),
actual.data(), &actual_size);
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_INSUFFICIENT_PERMISSIONS);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptDataSize) {
@@ -464,10 +461,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptDataSize) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id =
@@ -480,10 +477,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptDataSize) {
content.plaintext.size() - 5, content.iv.data(), content.iv.size(),
actual.data(), &actual_size);
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_INVALID_PARAMETER);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, Sign) {
@@ -495,10 +492,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, Sign) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id = GetParam() ? content.sign_verify_key.id : content.sign_key.id;
@@ -508,14 +505,14 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, Sign) {
whitebox_, key_id.data(), key_id.size(), content.plaintext.data(),
content.plaintext.size(), actual.data(), &actual_size);
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
ASSERT_LE(actual_size, actual.size());
actual.resize(actual_size);
EXPECT_EQ(actual, content.signature);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, SignShortBuffer) {
@@ -527,10 +524,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, SignShortBuffer) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id = GetParam() ? content.sign_verify_key.id : content.sign_key.id;
@@ -539,11 +536,11 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, SignShortBuffer) {
whitebox_, key_id.data(), key_id.size(), content.plaintext.data(),
content.plaintext.size(), nullptr, &actual_size);
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_BUFFER_TOO_SMALL);
ASSERT_GT(actual_size, 0u);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, SignMissingKey) {
@@ -555,10 +552,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, SignMissingKey) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id = !GetParam() ? content.sign_verify_key.id : content.sign_key.id;
@@ -568,10 +565,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, SignMissingKey) {
whitebox_, key_id.data(), key_id.size(), content.plaintext.data(),
content.plaintext.size(), actual.data(), &actual_size);
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_KEY_UNAVAILABLE);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, SignKeyUsage) {
@@ -583,10 +580,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, SignKeyUsage) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id =
@@ -597,10 +594,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, SignKeyUsage) {
whitebox_, key_id.data(), key_id.size(), content.plaintext.data(),
content.plaintext.size(), actual.data(), &actual_size);
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_INSUFFICIENT_PERMISSIONS);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, Verify) {
@@ -612,10 +609,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, Verify) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id =
@@ -627,11 +624,11 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, Verify) {
whitebox_, key_id.data(), key_id.size(), content.plaintext.data(),
content.plaintext.size(), temp_signature.data(), temp_signature.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, i == 0 ? WB_RESULT_OK : WB_RESULT_INVALID_SIGNATURE);
temp_signature[2] ^= 0xaa;
#endif
}
}
@@ -644,10 +641,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, VerifyMissingKey) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id =
@@ -657,10 +654,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, VerifyMissingKey) {
whitebox_, key_id.data(), key_id.size(), content.plaintext.data(),
content.plaintext.size(), temp_signature.data(), temp_signature.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_KEY_UNAVAILABLE);
#endif
}
TEST_P(LicenseWhiteboxGenericCryptoTest, VerifyKeyUsage) {
@@ -672,10 +669,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, VerifyKeyUsage) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
auto& content = golden_data_.GenericContent();
auto& key_id =
@@ -685,10 +682,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, VerifyKeyUsage) {
whitebox_, key_id.data(), key_id.size(), content.plaintext.data(),
content.plaintext.size(), temp_signature.data(), temp_signature.size());
#ifndef HAS_GENERIC_CRYPTO
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_INSUFFICIENT_PERMISSIONS);
#endif
}
INSTANTIATE_TEST_SUITE_P(All,

4
whitebox/api/license_whitebox_masked_decrypt_test.cc
View File

@@ -83,8 +83,10 @@ class LicenseWhiteboxMaskedDecryptTest
license.session_key.size(), provider_key_id, license.request.data(),
license.request.size());
#ifndef HAS_PROVIDER_KEYS
if (provider_key_id != 0 && result == WB_RESULT_NOT_IMPLEMENTED)
if (provider_key_id != kNoProviderKeyId) {
EXPECT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
return false;
}
#endif
EXPECT_EQ(result, WB_RESULT_OK);
return true;

12
whitebox/api/license_whitebox_process_license_response_benchmark.cc
View File

@@ -103,8 +103,10 @@ TEST_P(LicenseWhiteboxProcessLicenseResponseBenchmark,
license_.session_key.size(), provider_key_id_, license_.request.data(),
license_.request.size());
#ifndef HAS_PROVIDER_KEYS
if (provider_key_id_ != 0 && result == WB_RESULT_NOT_IMPLEMENTED)
if (provider_key_id_ != kNoProviderKeyId) {
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
GTEST_SKIP();
}
#endif
ASSERT_EQ(result, WB_RESULT_OK);
@@ -142,8 +144,10 @@ TEST_P(LicenseWhiteboxProcessLicenseResponseBenchmark,
license_.session_key.size(), provider_key_id_, license_.request.data(),
license_.request.size());
#ifndef HAS_PROVIDER_KEYS
if (provider_key_id_ != 0 && result == WB_RESULT_NOT_IMPLEMENTED)
if (provider_key_id_ != kNoProviderKeyId) {
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
GTEST_SKIP();
}
#endif
ASSERT_EQ(result, WB_RESULT_OK);
@@ -179,8 +183,10 @@ TEST_P(LicenseWhiteboxProcessLicenseResponseBenchmark, ProcessLicenseResponse) {
license_.session_key.size(), provider_key_id_, license_.request.data(),
license_.request.size());
#ifndef HAS_PROVIDER_KEYS
if (provider_key_id_ != 0 && result == WB_RESULT_NOT_IMPLEMENTED)
if (provider_key_id_ != kNoProviderKeyId) {
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
GTEST_SKIP();
}
#endif
ASSERT_EQ(result, WB_RESULT_OK);

63
whitebox/api/license_whitebox_process_license_response_test.cc
View File

@@ -111,10 +111,10 @@ TEST_F(LicenseWhiteboxProcessLicenseResponseTest, SuccessWithEntitlementKey) {
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_ENTITLEMENT
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
}
// If there were multiple signing keys (this can only happen if a license server
@@ -174,10 +174,10 @@ TEST_F(LicenseWhiteboxProcessLicenseResponseTest, SuccessWithProviderKey) {
license_.session_key.size(), kProviderKeyId, license_.request.data(),
license_.request.size());
#ifndef HAS_PROVIDER_KEYS
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
ASSERT_EQ(result, WB_RESULT_OK);
#endif
}
TEST_F(LicenseWhiteboxProcessLicenseResponseTest, InvalidProviderKey) {
@@ -195,10 +195,11 @@ TEST_F(LicenseWhiteboxProcessLicenseResponseTest, InvalidProviderKey) {
license_.session_key.size(), kInvalidProviderKey, license_.request.data(),
license_.request.size());
#ifndef HAS_PROVIDER_KEYS
if (result == WB_RESULT_NOT_IMPLEMENTED)
GTEST_SKIP();
#endif
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
#else
// Invalid key id treated as if no key id is provided.
ASSERT_EQ(result, WB_RESULT_OK);
#endif
}
class LicenseWhiteboxProcessLicenseResponseErrorTest
@@ -461,4 +462,48 @@ TEST_F(LicenseWhiteboxMultiLicenseTest, SuccessAfterFailure) {
WB_RESULT_OK);
}
class LicenseWhiteboxProtocol2_2Test
: public LicenseWhiteboxProcessLicenseResponseTest,
public testing::WithParamInterface<ssize_t> {};
TEST_P(LicenseWhiteboxProtocol2_2Test, Test) {
UseLicenseWithNoKeys();
const size_t kSha512Size = 64;
const size_t context_size = license_.request.size();
#ifdef ENABLE_LICENSE_PROTOCOL_2_2
EXPECT_EQ(context_size, kSha512Size);
#else
// Sanity check that request wasn't using protocol 2.2.
// No way to fit entire license request in 64 bytes.
EXPECT_GT(context_size, kSha512Size);
#endif
// Use license request (hash) as-is, or resize, to be longer or shorter.
ssize_t resize_context_by = GetParam();
license_.request.resize(context_size + resize_context_by);
const auto result = WB_License_ProcessLicenseResponse(
whitebox_, WB_LICENSE_KEY_MODE_DUAL_KEY, license_.core_message.data(),
license_.core_message.size(), license_.message.data(),
license_.message.size(), license_.signature.data(),
license_.signature.size(), license_.session_key.data(),
license_.session_key.size(), kNoProviderKeyId, license_.request.data(),
license_.request.size());
if (resize_context_by == 0) {
EXPECT_EQ(result, WB_RESULT_OK);
} else {
#ifdef ENABLE_LICENSE_PROTOCOL_2_2
EXPECT_EQ(result, WB_RESULT_INVALID_PARAMETER);
#else
EXPECT_EQ(result, WB_RESULT_INVALID_SIGNATURE);
#endif
}
}
INSTANTIATE_TEST_SUITE_P(All,
LicenseWhiteboxProtocol2_2Test,
testing::Values(0, -1, 1));
} // namespace widevine

36
whitebox/api/license_whitebox_sign_renewal_request_test.cc
View File

@@ -106,7 +106,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, SuccessWithInvalidRequest) {
sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(),
signature_.data(), &signature_size_);
#ifndef HAS_SIGN_PST_REPORT
if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) {
if (GetParam() != kRenewal) {
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
GTEST_SKIP();
}
#endif
@@ -125,7 +126,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, SuccessWithSigningKeyPKSC8Padding) {
sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(),
signature_.data(), &signature_size_);
#ifndef HAS_SIGN_PST_REPORT
if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) {
if (GetParam() != kRenewal) {
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
GTEST_SKIP();
}
#endif
@@ -144,7 +146,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, InvalidParameterForNullWhitebox) {
sign_func_(nullptr, garbage_request_.data(), garbage_request_.size(),
signature_.data(), &signature_size_);
#ifndef HAS_SIGN_PST_REPORT
if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) {
if (GetParam() != kRenewal) {
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
GTEST_SKIP();
}
#endif
@@ -159,7 +162,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, InvalidParameterForNullMessage) {
const auto result = sign_func_(whitebox_, nullptr, garbage_request_.size(),
signature_.data(), &signature_size_);
#ifndef HAS_SIGN_PST_REPORT
if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) {
if (GetParam() != kRenewal) {
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
GTEST_SKIP();
}
#endif
@@ -174,7 +178,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, InvalidParameterForZeroMessageSize) {
const auto result = sign_func_(whitebox_, garbage_request_.data(), 0,
signature_.data(), &signature_size_);
#ifndef HAS_SIGN_PST_REPORT
if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) {
if (GetParam() != kRenewal) {
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
GTEST_SKIP();
}
#endif
@@ -191,7 +196,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, CanProbeSizeWithNullSignature) {
sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(),
nullptr, &signature_size_);
#ifndef HAS_SIGN_PST_REPORT
if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) {
if (GetParam() != kRenewal) {
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
GTEST_SKIP();
}
#endif
@@ -208,7 +214,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, InvalidParameterForNullSignature) {
sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(),
nullptr, &signature_size_);
#ifndef HAS_SIGN_PST_REPORT
if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) {
if (GetParam() != kRenewal) {
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
GTEST_SKIP();
}
#endif
@@ -225,7 +232,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest,
sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(),
signature_.data(), nullptr);
#ifndef HAS_SIGN_PST_REPORT
if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) {
if (GetParam() != kRenewal) {
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
GTEST_SKIP();
}
#endif
@@ -246,7 +254,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, BufferTooSmall) {
sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(),
signature_.data(), &signature_size_);
#ifndef HAS_SIGN_PST_REPORT
if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) {
if (GetParam() != kRenewal) {
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
GTEST_SKIP();
}
#endif
@@ -267,7 +276,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, InvalidStateForNoLicense) {
sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(),
signature_.data(), &signature_size_);
#ifndef HAS_SIGN_PST_REPORT
if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) {
if (GetParam() != kRenewal) {
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
GTEST_SKIP();
}
#endif
@@ -301,7 +311,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, KeyUnavailableForNoSigningKey) {
sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(),
signature_.data(), &signature_size_);
#ifndef HAS_SIGN_PST_REPORT
if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) {
if (GetParam() != kRenewal) {
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
GTEST_SKIP();
}
#endif
@@ -320,7 +331,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, KeyUnavailableForInvalidKey) {
sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(),
signature_.data(), &signature_size_);
#ifndef HAS_SIGN_PST_REPORT
if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) {
if (GetParam() != kRenewal) {
ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED);
GTEST_SKIP();
}
#endif

4
whitebox/reference/impl/license_parser.cc
View File

@@ -44,6 +44,10 @@ bool LicenseParser::UnwrapKey(
(provider_key_id >= 1 && provider_key_id <= provider_keys.size() &&
key_type == KeyType::kContentKey);
#ifndef HAS_PROVIDER_KEYS
CHECK(provider_keys.empty());
#endif
#ifdef PROVIDER_KEY_SW_SECURE_CRYPTO_ABOVE
provider_key_id_valid =
provider_key_id_valid &&

40
whitebox/reference/impl/license_whitebox_impl.cc
View File

@@ -248,6 +248,7 @@ std::vector<widevine::LicenseParser::ProviderKey> CreateProviderKeys(
const uint8_t* whitebox_init_data,
size_t whitebox_init_data_size) {
std::vector<widevine::LicenseParser::ProviderKey> result;
#ifdef HAS_PROVIDER_KEYS
for (size_t i = 0; i < whitebox_init_data_size / 32; ++i) {
widevine::LicenseParser::ProviderKey provider_key;
provider_key.mask.assign(whitebox_init_data, whitebox_init_data + 16);
@@ -255,6 +256,7 @@ std::vector<widevine::LicenseParser::ProviderKey> CreateProviderKeys(
result.emplace_back(provider_key);
whitebox_init_data += 32;
}
#endif
return result;
}
@@ -417,6 +419,12 @@ WB_Result WB_License_ProcessLicenseResponse(WB_License_Whitebox* whitebox,
}
#endif
#ifndef HAS_PROVIDER_KEYS
if (provider_key_id != 0) {
return WB_RESULT_NOT_IMPLEMENTED;
}
#endif
// Because we use SHA256, the hash will be 32 bytes (256 bits).
if (signature_size != 32) {
DVLOG(1) << "Invalid parameter: invalid signature size.";
@@ -539,8 +547,12 @@ WB_Result WB_License_ProcessLicenseResponse(WB_License_Whitebox* whitebox,
}
whitebox->content_keys = parser->GetContentKeys();
#ifdef HAS_ENTITLEMENT
whitebox->entitlement_keys = parser->GetEntitlementKeys();
#endif
#ifdef HAS_GENERIC_CRYPTO
whitebox->generic_keys = parser->GetGenericKeys();
#endif
whitebox->initialized = true;
@@ -556,6 +568,9 @@ WB_Result WB_License_LoadEntitledContentKey(WB_License_Whitebox* whitebox,
size_t iv_size,
const uint8_t* key_data,
size_t key_data_size) {
#ifndef HAS_ENTITLEMENT
return WB_RESULT_NOT_IMPLEMENTED;
#else
if (!whitebox || !key_data || !iv || !entitlement_key_id || !content_key_id) {
DVLOG(1) << "Invalid parameter: null pointer.";
return WB_RESULT_INVALID_PARAMETER;
@@ -605,11 +620,15 @@ WB_Result WB_License_LoadEntitledContentKey(WB_License_Whitebox* whitebox,
std::copy(clear_data.begin(), clear_data.begin() + 16, new_key.key.begin());
whitebox->content_keys.emplace(new_key_id, new_key);
return WB_RESULT_OK;
#endif
}
WB_Result WB_License_RemoveEntitledContentKey(WB_License_Whitebox* whitebox,
const uint8_t* content_key_id,
size_t content_key_id_size) {
#ifndef HAS_ENTITLEMENT
return WB_RESULT_NOT_IMPLEMENTED;
#else
if (!whitebox || !content_key_id) {
DVLOG(1) << "Invalid parameter: null pointer.";
return WB_RESULT_INVALID_PARAMETER;
@@ -629,6 +648,7 @@ WB_Result WB_License_RemoveEntitledContentKey(WB_License_Whitebox* whitebox,
return WB_RESULT_KEY_UNAVAILABLE;
}
return WB_RESULT_OK;
#endif
}
WB_Result WB_License_QueryKeyStatus(const WB_License_Whitebox* whitebox,
@@ -770,8 +790,12 @@ WB_Result WB_License_SignPstReport(const WB_License_Whitebox* whitebox,
size_t message_size,
uint8_t* signature,
size_t* signature_size) {
#ifndef HAS_SIGN_PST_REPORT
return WB_RESULT_NOT_IMPLEMENTED;
#else
return WB_License_SignCommon(whitebox, message, message_size, signature,
signature_size, /* sha256= */ false);
#endif
}
WB_Result WB_License_VerifyRenewalResponse(const WB_License_Whitebox* whitebox,
@@ -898,6 +922,9 @@ WB_Result WB_License_GenericEncrypt(const WB_License_Whitebox* whitebox,
size_t iv_size,
uint8_t* output_data,
size_t* output_data_size) {
#ifndef HAS_GENERIC_CRYPTO
return WB_RESULT_NOT_IMPLEMENTED;
#else
if (!whitebox || !key_id || !output_data_size) {
DVLOG(1) << "Invalid parameter: null pointer.";
return WB_RESULT_INVALID_PARAMETER;
@@ -940,6 +967,7 @@ WB_Result WB_License_GenericEncrypt(const WB_License_Whitebox* whitebox,
return WB_RESULT_INVALID_PARAMETER;
}
return WB_RESULT_OK;
#endif
}
WB_Result WB_License_GenericDecrypt(const WB_License_Whitebox* whitebox,
@@ -951,6 +979,9 @@ WB_Result WB_License_GenericDecrypt(const WB_License_Whitebox* whitebox,
size_t iv_size,
uint8_t* output_data,
size_t* output_data_size) {
#ifndef HAS_GENERIC_CRYPTO
return WB_RESULT_NOT_IMPLEMENTED;
#else
if (!whitebox || !key_id || !output_data_size) {
DVLOG(1) << "Invalid parameter: null pointer.";
return WB_RESULT_INVALID_PARAMETER;
@@ -993,6 +1024,7 @@ WB_Result WB_License_GenericDecrypt(const WB_License_Whitebox* whitebox,
return WB_RESULT_INVALID_PARAMETER;
}
return WB_RESULT_OK;
#endif
}
WB_Result WB_License_GenericSign(const WB_License_Whitebox* whitebox,
@@ -1002,6 +1034,9 @@ WB_Result WB_License_GenericSign(const WB_License_Whitebox* whitebox,
size_t message_size,
uint8_t* output_data,
size_t* output_data_size) {
#ifndef HAS_GENERIC_CRYPTO
return WB_RESULT_NOT_IMPLEMENTED;
#else
if (!whitebox || !key_id || !message || !output_data_size) {
DVLOG(1) << "Invalid parameter: null pointer.";
return WB_RESULT_INVALID_PARAMETER;
@@ -1043,6 +1078,7 @@ WB_Result WB_License_GenericSign(const WB_License_Whitebox* whitebox,
MakeString(message, message_size));
memcpy(output_data, result.data(), result.size());
return WB_RESULT_OK;
#endif
}
WB_Result WB_License_GenericVerify(const WB_License_Whitebox* whitebox,
@@ -1052,6 +1088,9 @@ WB_Result WB_License_GenericVerify(const WB_License_Whitebox* whitebox,
size_t message_size,
const uint8_t* signature,
size_t signature_size) {
#ifndef HAS_GENERIC_CRYPTO
return WB_RESULT_NOT_IMPLEMENTED;
#else
if (!whitebox || !key_id || !message || !signature) {
DVLOG(1) << "Invalid parameter: null pointer.";
return WB_RESULT_INVALID_PARAMETER;
@@ -1087,6 +1126,7 @@ WB_Result WB_License_GenericVerify(const WB_License_Whitebox* whitebox,
return WB_RESULT_INVALID_SIGNATURE;
}
return WB_RESULT_OK;
#endif
}
WB_Result WB_License_Decrypt(const WB_License_Whitebox* whitebox,

8
whitebox/reference/impl/odk_license_parser.cc
View File

@@ -104,17 +104,25 @@ WB_Result OdkLicenseParser::Parse(const std::string& decryption_key,
KeyType::kContentKey, decryption_key, message, key, provider_keys,
provider_key_id);
if (temp_key.type == KeyType::kGenericCryptoKey) {
#ifndef HAS_GENERIC_CRYPTO
return WB_RESULT_NOT_IMPLEMENTED;
#else
generic_keys_[key_id] = temp_key;
#endif
} else {
content_keys_[key_id] = temp_key;
}
break;
}
case OEMCrypto_EntitlementLicense:
#ifndef HAS_ENTITLEMENT
return WB_RESULT_NOT_IMPLEMENTED;
#else
entitlement_keys_[key_id] = ParseInternalKey(
KeyType::kEntitlementKey, decryption_key, message, key,
provider_keys, provider_key_id);
break;
#endif
default:
VLOG(1) << "Unknown license type " << odk_context.license.license_type;
break;