diff --git a/whitebox/README.md b/whitebox/README.md index 060a86a..c937a43 100644 --- a/whitebox/README.md +++ b/whitebox/README.md @@ -30,7 +30,26 @@ To build the full repo and run all tests, from within or below the repo root bazel build "//..." bazel test "//..." ``` -## Security Level + +## Build Types + +Tests and the reference implementation support three build types: + +```bash +bazel test "//..." --//:build_type=chrome +bazel test "//..." --//:build_type=chromeos +bazel test "//..." --//:build_type=ce +``` + +Bazel configures preprocessor definitions for both tests and reference +implementation according to which features are expected to be present +or not. + +The external implementations don't need to use these pre-processor defines to +control which interpretation is used, but they must conform to one of them and +pass the tests for the corresponding build type. + +### Security Level There are two possible interpretations of the `SW_SECURE_DECODE` security level: first is used by Chrome, where it can only be used with the "masked" decrypt @@ -40,17 +59,7 @@ path; the second is used by the CE CDM where it is treated the same as Both the tests and the reference implementation support both interpretations. Selecting which one is done using a pre-processor define `ALWAYS_DECRYPT_TO_CLEAR`. This is set automatically by Bazel based on the -build type, which can be set with either `--//:build_type=chrome` or -`--//:build_type=ce` (defaulting to Chrome). This also controls the tests and -their expectations. e.g. - -```bash -bazel test ... --//:build_type=ce -``` - -The external implementations don't need to use this pre-processor define to -control which interpretation is used, but it must conform to one of them and -pass the associated tests. +build type. ## API diff --git a/whitebox/api/BUILD b/whitebox/api/BUILD index bb8f724..7121077 100644 --- a/whitebox/api/BUILD +++ b/whitebox/api/BUILD @@ -4,7 +4,13 @@ package(default_visibility = ["//visibility:private"]) cc_library( name = "shared_settings", - defines = select({ + defines = [ + "ENABLE_LICENSE_PROTOCOL_2_2", + # Needed when talking to server SDKs [v16.3.3, v16.4.3] with license + # protocol v2.2 enabled (b/177271059). + # TODO(kqyang): Remove the flag after deprecating v16.x server SDKs. + "WORKAROUND_STRIP_PADDING_BUG", + ] + select({ "//:is_ce_disable_entitlement": [], "//:is_ce": ["HAS_ENTITLEMENT"], "//conditions:default": [], @@ -16,13 +22,8 @@ cc_library( ], "//:is_old_api": [], "//:is_old_vmpra": [], - "//conditions:default": [ # Chrome + "//conditions:default": [ # Chrome, including ChromeOS "HAS_PROVIDER_KEYS", - "ENABLE_LICENSE_PROTOCOL_2_2", - # Needed when talking to server SDKs [v16.3.3, v16.4.3] with license - # protocol v2.2 enabled (b/177271059). - # TODO(kqyang): Remove the flag after deprecating v16.x server SDKs. - "WORKAROUND_STRIP_PADDING_BUG", "PROVIDER_KEY_SW_SECURE_CRYPTO_ABOVE", ], }) + select({ diff --git a/whitebox/api/license_whitebox_decrypt_test.cc b/whitebox/api/license_whitebox_decrypt_test.cc index 6ecc55e..8d3e463 100644 --- a/whitebox/api/license_whitebox_decrypt_test.cc +++ b/whitebox/api/license_whitebox_decrypt_test.cc @@ -77,8 +77,10 @@ class LicenseWhiteboxDecryptTest license.session_key.size(), provider_key_id, license.request.data(), license.request.size()); #ifndef HAS_PROVIDER_KEYS - if (provider_key_id != 0 && result == WB_RESULT_NOT_IMPLEMENTED) + if (provider_key_id != kNoProviderKeyId) { + EXPECT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); return false; + } #endif EXPECT_EQ(result, WB_RESULT_OK); return true; diff --git a/whitebox/api/license_whitebox_entitlement_content_key_test.cc b/whitebox/api/license_whitebox_entitlement_content_key_test.cc index aedd838..b610ff6 100644 --- a/whitebox/api/license_whitebox_entitlement_content_key_test.cc +++ b/whitebox/api/license_whitebox_entitlement_content_key_test.cc @@ -36,18 +36,25 @@ class LicenseWhiteboxEntitlementContentKeyTest }; TEST_P(LicenseWhiteboxEntitlementContentKeyTest, Decrypt) { + int provider_key_id = GetParam(); auto result = WB_License_ProcessLicenseResponse( whitebox_, WB_LICENSE_KEY_MODE_DUAL_KEY, license_.core_message.data(), license_.core_message.size(), license_.message.data(), license_.message.size(), license_.signature.data(), license_.signature.size(), license_.session_key.data(), - license_.session_key.size(), GetParam(), license_.request.data(), + license_.session_key.size(), provider_key_id, license_.request.data(), license_.request.size()); -#ifndef HAS_ENTITLEMENT - if (result == WB_RESULT_NOT_IMPLEMENTED) +#ifndef HAS_PROVIDER_KEYS + if (provider_key_id != kNoProviderKeyId) { + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); GTEST_SKIP(); + } #endif +#ifndef HAS_ENTITLEMENT + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif const KeyId key_id = golden_data_.GetFreeId(); auto& content = golden_data_.EntitlementContent(); @@ -57,21 +64,25 @@ TEST_P(LicenseWhiteboxEntitlementContentKeyTest, Decrypt) { content.key_data_iv.data(), content.key_data_iv.size(), content.key_data.data(), content.key_data.size()); #ifndef HAS_ENTITLEMENT - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif std::vector decrypted(content.plaintext.size()); size_t decrypted_size = decrypted.size(); - ASSERT_EQ( - WB_License_Decrypt(whitebox_, WB_CIPHER_MODE_CTR, key_id.data(), - key_id.size(), content.ciphertext.data(), - content.ciphertext.size(), content.iv.data(), - content.iv.size(), &decrypted[0], &decrypted_size), - WB_RESULT_OK); + result = WB_License_Decrypt( + whitebox_, WB_CIPHER_MODE_CTR, key_id.data(), key_id.size(), + content.ciphertext.data(), content.ciphertext.size(), content.iv.data(), + content.iv.size(), &decrypted[0], &decrypted_size); +#ifndef HAS_ENTITLEMENT + ASSERT_EQ(result, WB_RESULT_INVALID_STATE); +#else + ASSERT_EQ(result, WB_RESULT_OK); + decrypted.resize(decrypted_size); EXPECT_EQ(decrypted, content.plaintext); +#endif } TEST_F(LicenseWhiteboxEntitlementContentKeyTest, Remove) { @@ -83,10 +94,10 @@ TEST_F(LicenseWhiteboxEntitlementContentKeyTest, Remove) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_ENTITLEMENT - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif const KeyId key_id = golden_data_.GetFreeId(); auto& content = golden_data_.EntitlementContent(); @@ -96,23 +107,30 @@ TEST_F(LicenseWhiteboxEntitlementContentKeyTest, Remove) { content.key_data_iv.data(), content.key_data_iv.size(), content.key_data.data(), content.key_data.size()); #ifndef HAS_ENTITLEMENT - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif - ASSERT_EQ(WB_License_RemoveEntitledContentKey(whitebox_, key_id.data(), - key_id.size()), - WB_RESULT_OK); + result = WB_License_RemoveEntitledContentKey(whitebox_, key_id.data(), + key_id.size()); +#ifndef HAS_ENTITLEMENT + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else + ASSERT_EQ(result, WB_RESULT_OK); +#endif std::vector decrypted(content.plaintext.size()); size_t decrypted_size = decrypted.size(); - ASSERT_EQ( - WB_License_Decrypt(whitebox_, WB_CIPHER_MODE_CTR, key_id.data(), - key_id.size(), content.ciphertext.data(), - content.ciphertext.size(), content.iv.data(), - content.iv.size(), &decrypted[0], &decrypted_size), - WB_RESULT_KEY_UNAVAILABLE); + result = WB_License_Decrypt( + whitebox_, WB_CIPHER_MODE_CTR, key_id.data(), key_id.size(), + content.ciphertext.data(), content.ciphertext.size(), content.iv.data(), + content.iv.size(), &decrypted[0], &decrypted_size); +#ifndef HAS_ENTITLEMENT + ASSERT_EQ(result, WB_RESULT_INVALID_STATE); +#else + ASSERT_EQ(result, WB_RESULT_KEY_UNAVAILABLE); +#endif } INSTANTIATE_TEST_SUITE_P(WithAndWithoutProviderKeyId, diff --git a/whitebox/api/license_whitebox_generic_crypto_test.cc b/whitebox/api/license_whitebox_generic_crypto_test.cc index 80e8fac..8a73f7b 100644 --- a/whitebox/api/license_whitebox_generic_crypto_test.cc +++ b/whitebox/api/license_whitebox_generic_crypto_test.cc @@ -122,10 +122,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, NoContentDecrypt) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = @@ -137,10 +137,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, NoContentDecrypt) { content.encrypted.size(), content.iv.data(), content.iv.size(), actual.data(), &actual_size); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_INVALID_STATE); +#else ASSERT_EQ(result, WB_RESULT_KEY_UNAVAILABLE); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, NoGenericWithContent) { @@ -159,10 +159,7 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, NoGenericWithContent) { license_.signature.size(), license_.session_key.data(), license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); -#ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + // Content key, expecting success regardless of HAS_GENERIC_CRYPTO support. ASSERT_EQ(result, WB_RESULT_OK); std::vector actual(content.plaintext.size()); @@ -172,10 +169,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, NoGenericWithContent) { content.ciphertext.size(), content.iv.data(), content.iv.size(), actual.data(), &actual_size); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_KEY_UNAVAILABLE); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, Decrypt) { @@ -187,10 +184,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, Decrypt) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = @@ -202,14 +199,14 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, Decrypt) { content.encrypted.size(), content.iv.data(), content.iv.size(), actual.data(), &actual_size); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); ASSERT_LE(actual_size, actual.size()); actual.resize(actual_size); EXPECT_EQ(actual, content.plaintext); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptShortBuffer) { @@ -221,10 +218,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptShortBuffer) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = @@ -235,11 +232,11 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptShortBuffer) { content.encrypted.size(), content.iv.data(), content.iv.size(), nullptr, &actual_size); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_BUFFER_TOO_SMALL); ASSERT_GT(actual_size, 0u); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptMissingKey) { @@ -251,10 +248,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptMissingKey) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = @@ -266,10 +263,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptMissingKey) { content.encrypted.size(), content.iv.data(), content.iv.size(), actual.data(), &actual_size); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_KEY_UNAVAILABLE); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptKeyUsage) { @@ -281,10 +278,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptKeyUsage) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = GetParam() ? content.sign_verify_key.id : content.sign_key.id; @@ -295,10 +292,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptKeyUsage) { content.encrypted.size(), content.iv.data(), content.iv.size(), actual.data(), &actual_size); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_INSUFFICIENT_PERMISSIONS); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptDataSize) { @@ -310,10 +307,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptDataSize) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = @@ -326,10 +323,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, DecryptDataSize) { content.encrypted.size() - 5, content.iv.data(), content.iv.size(), actual.data(), &actual_size); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_INVALID_PARAMETER); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, Encrypt) { @@ -341,10 +338,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, Encrypt) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = @@ -356,14 +353,14 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, Encrypt) { content.plaintext.size(), content.iv.data(), content.iv.size(), actual.data(), &actual_size); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); ASSERT_LE(actual_size, actual.size()); actual.resize(actual_size); EXPECT_EQ(actual, content.encrypted); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptShortBuffer) { @@ -375,10 +372,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptShortBuffer) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = @@ -389,11 +386,11 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptShortBuffer) { content.plaintext.size(), content.iv.data(), content.iv.size(), nullptr, &actual_size); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_BUFFER_TOO_SMALL); ASSERT_GT(actual_size, 0u); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptMissingKey) { @@ -405,10 +402,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptMissingKey) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = @@ -420,10 +417,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptMissingKey) { content.plaintext.size(), content.iv.data(), content.iv.size(), actual.data(), &actual_size); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_KEY_UNAVAILABLE); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptKeyUsage) { @@ -435,10 +432,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptKeyUsage) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = GetParam() ? content.sign_verify_key.id : content.sign_key.id; @@ -449,10 +446,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptKeyUsage) { content.plaintext.size(), content.iv.data(), content.iv.size(), actual.data(), &actual_size); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_INSUFFICIENT_PERMISSIONS); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptDataSize) { @@ -464,10 +461,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptDataSize) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = @@ -480,10 +477,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, EncryptDataSize) { content.plaintext.size() - 5, content.iv.data(), content.iv.size(), actual.data(), &actual_size); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_INVALID_PARAMETER); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, Sign) { @@ -495,10 +492,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, Sign) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = GetParam() ? content.sign_verify_key.id : content.sign_key.id; @@ -508,14 +505,14 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, Sign) { whitebox_, key_id.data(), key_id.size(), content.plaintext.data(), content.plaintext.size(), actual.data(), &actual_size); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); ASSERT_LE(actual_size, actual.size()); actual.resize(actual_size); EXPECT_EQ(actual, content.signature); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, SignShortBuffer) { @@ -527,10 +524,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, SignShortBuffer) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = GetParam() ? content.sign_verify_key.id : content.sign_key.id; @@ -539,11 +536,11 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, SignShortBuffer) { whitebox_, key_id.data(), key_id.size(), content.plaintext.data(), content.plaintext.size(), nullptr, &actual_size); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_BUFFER_TOO_SMALL); ASSERT_GT(actual_size, 0u); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, SignMissingKey) { @@ -555,10 +552,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, SignMissingKey) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = !GetParam() ? content.sign_verify_key.id : content.sign_key.id; @@ -568,10 +565,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, SignMissingKey) { whitebox_, key_id.data(), key_id.size(), content.plaintext.data(), content.plaintext.size(), actual.data(), &actual_size); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_KEY_UNAVAILABLE); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, SignKeyUsage) { @@ -583,10 +580,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, SignKeyUsage) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = @@ -597,10 +594,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, SignKeyUsage) { whitebox_, key_id.data(), key_id.size(), content.plaintext.data(), content.plaintext.size(), actual.data(), &actual_size); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_INSUFFICIENT_PERMISSIONS); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, Verify) { @@ -612,10 +609,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, Verify) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = @@ -627,11 +624,11 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, Verify) { whitebox_, key_id.data(), key_id.size(), content.plaintext.data(), content.plaintext.size(), temp_signature.data(), temp_signature.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, i == 0 ? WB_RESULT_OK : WB_RESULT_INVALID_SIGNATURE); temp_signature[2] ^= 0xaa; +#endif } } @@ -644,10 +641,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, VerifyMissingKey) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = @@ -657,10 +654,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, VerifyMissingKey) { whitebox_, key_id.data(), key_id.size(), content.plaintext.data(), content.plaintext.size(), temp_signature.data(), temp_signature.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_KEY_UNAVAILABLE); +#endif } TEST_P(LicenseWhiteboxGenericCryptoTest, VerifyKeyUsage) { @@ -672,10 +669,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, VerifyKeyUsage) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif auto& content = golden_data_.GenericContent(); auto& key_id = @@ -685,10 +682,10 @@ TEST_P(LicenseWhiteboxGenericCryptoTest, VerifyKeyUsage) { whitebox_, key_id.data(), key_id.size(), content.plaintext.data(), content.plaintext.size(), temp_signature.data(), temp_signature.size()); #ifndef HAS_GENERIC_CRYPTO - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_INSUFFICIENT_PERMISSIONS); +#endif } INSTANTIATE_TEST_SUITE_P(All, diff --git a/whitebox/api/license_whitebox_masked_decrypt_test.cc b/whitebox/api/license_whitebox_masked_decrypt_test.cc index a3bc03f..65fba4f 100644 --- a/whitebox/api/license_whitebox_masked_decrypt_test.cc +++ b/whitebox/api/license_whitebox_masked_decrypt_test.cc @@ -83,8 +83,10 @@ class LicenseWhiteboxMaskedDecryptTest license.session_key.size(), provider_key_id, license.request.data(), license.request.size()); #ifndef HAS_PROVIDER_KEYS - if (provider_key_id != 0 && result == WB_RESULT_NOT_IMPLEMENTED) + if (provider_key_id != kNoProviderKeyId) { + EXPECT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); return false; + } #endif EXPECT_EQ(result, WB_RESULT_OK); return true; diff --git a/whitebox/api/license_whitebox_process_license_response_benchmark.cc b/whitebox/api/license_whitebox_process_license_response_benchmark.cc index 8f125fa..0263c13 100644 --- a/whitebox/api/license_whitebox_process_license_response_benchmark.cc +++ b/whitebox/api/license_whitebox_process_license_response_benchmark.cc @@ -103,8 +103,10 @@ TEST_P(LicenseWhiteboxProcessLicenseResponseBenchmark, license_.session_key.size(), provider_key_id_, license_.request.data(), license_.request.size()); #ifndef HAS_PROVIDER_KEYS - if (provider_key_id_ != 0 && result == WB_RESULT_NOT_IMPLEMENTED) + if (provider_key_id_ != kNoProviderKeyId) { + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); GTEST_SKIP(); + } #endif ASSERT_EQ(result, WB_RESULT_OK); @@ -142,8 +144,10 @@ TEST_P(LicenseWhiteboxProcessLicenseResponseBenchmark, license_.session_key.size(), provider_key_id_, license_.request.data(), license_.request.size()); #ifndef HAS_PROVIDER_KEYS - if (provider_key_id_ != 0 && result == WB_RESULT_NOT_IMPLEMENTED) + if (provider_key_id_ != kNoProviderKeyId) { + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); GTEST_SKIP(); + } #endif ASSERT_EQ(result, WB_RESULT_OK); @@ -179,8 +183,10 @@ TEST_P(LicenseWhiteboxProcessLicenseResponseBenchmark, ProcessLicenseResponse) { license_.session_key.size(), provider_key_id_, license_.request.data(), license_.request.size()); #ifndef HAS_PROVIDER_KEYS - if (provider_key_id_ != 0 && result == WB_RESULT_NOT_IMPLEMENTED) + if (provider_key_id_ != kNoProviderKeyId) { + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); GTEST_SKIP(); + } #endif ASSERT_EQ(result, WB_RESULT_OK); diff --git a/whitebox/api/license_whitebox_process_license_response_test.cc b/whitebox/api/license_whitebox_process_license_response_test.cc index b253e40..b105f1d 100644 --- a/whitebox/api/license_whitebox_process_license_response_test.cc +++ b/whitebox/api/license_whitebox_process_license_response_test.cc @@ -111,10 +111,10 @@ TEST_F(LicenseWhiteboxProcessLicenseResponseTest, SuccessWithEntitlementKey) { license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_ENTITLEMENT - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif } // If there were multiple signing keys (this can only happen if a license server @@ -174,10 +174,10 @@ TEST_F(LicenseWhiteboxProcessLicenseResponseTest, SuccessWithProviderKey) { license_.session_key.size(), kProviderKeyId, license_.request.data(), license_.request.size()); #ifndef HAS_PROVIDER_KEYS - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else ASSERT_EQ(result, WB_RESULT_OK); +#endif } TEST_F(LicenseWhiteboxProcessLicenseResponseTest, InvalidProviderKey) { @@ -195,10 +195,11 @@ TEST_F(LicenseWhiteboxProcessLicenseResponseTest, InvalidProviderKey) { license_.session_key.size(), kInvalidProviderKey, license_.request.data(), license_.request.size()); #ifndef HAS_PROVIDER_KEYS - if (result == WB_RESULT_NOT_IMPLEMENTED) - GTEST_SKIP(); -#endif + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); +#else + // Invalid key id treated as if no key id is provided. ASSERT_EQ(result, WB_RESULT_OK); +#endif } class LicenseWhiteboxProcessLicenseResponseErrorTest @@ -461,4 +462,48 @@ TEST_F(LicenseWhiteboxMultiLicenseTest, SuccessAfterFailure) { WB_RESULT_OK); } +class LicenseWhiteboxProtocol2_2Test + : public LicenseWhiteboxProcessLicenseResponseTest, + public testing::WithParamInterface {}; + +TEST_P(LicenseWhiteboxProtocol2_2Test, Test) { + UseLicenseWithNoKeys(); + + const size_t kSha512Size = 64; + const size_t context_size = license_.request.size(); +#ifdef ENABLE_LICENSE_PROTOCOL_2_2 + EXPECT_EQ(context_size, kSha512Size); +#else + // Sanity check that request wasn't using protocol 2.2. + // No way to fit entire license request in 64 bytes. + EXPECT_GT(context_size, kSha512Size); +#endif + + // Use license request (hash) as-is, or resize, to be longer or shorter. + ssize_t resize_context_by = GetParam(); + license_.request.resize(context_size + resize_context_by); + + const auto result = WB_License_ProcessLicenseResponse( + whitebox_, WB_LICENSE_KEY_MODE_DUAL_KEY, license_.core_message.data(), + license_.core_message.size(), license_.message.data(), + license_.message.size(), license_.signature.data(), + license_.signature.size(), license_.session_key.data(), + license_.session_key.size(), kNoProviderKeyId, license_.request.data(), + license_.request.size()); + + if (resize_context_by == 0) { + EXPECT_EQ(result, WB_RESULT_OK); + } else { +#ifdef ENABLE_LICENSE_PROTOCOL_2_2 + EXPECT_EQ(result, WB_RESULT_INVALID_PARAMETER); +#else + EXPECT_EQ(result, WB_RESULT_INVALID_SIGNATURE); +#endif + } +} + +INSTANTIATE_TEST_SUITE_P(All, + LicenseWhiteboxProtocol2_2Test, + testing::Values(0, -1, 1)); + } // namespace widevine diff --git a/whitebox/api/license_whitebox_sign_renewal_request_test.cc b/whitebox/api/license_whitebox_sign_renewal_request_test.cc index 3e9087c..8150f93 100644 --- a/whitebox/api/license_whitebox_sign_renewal_request_test.cc +++ b/whitebox/api/license_whitebox_sign_renewal_request_test.cc @@ -106,7 +106,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, SuccessWithInvalidRequest) { sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(), signature_.data(), &signature_size_); #ifndef HAS_SIGN_PST_REPORT - if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) { + if (GetParam() != kRenewal) { + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); GTEST_SKIP(); } #endif @@ -125,7 +126,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, SuccessWithSigningKeyPKSC8Padding) { sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(), signature_.data(), &signature_size_); #ifndef HAS_SIGN_PST_REPORT - if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) { + if (GetParam() != kRenewal) { + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); GTEST_SKIP(); } #endif @@ -144,7 +146,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, InvalidParameterForNullWhitebox) { sign_func_(nullptr, garbage_request_.data(), garbage_request_.size(), signature_.data(), &signature_size_); #ifndef HAS_SIGN_PST_REPORT - if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) { + if (GetParam() != kRenewal) { + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); GTEST_SKIP(); } #endif @@ -159,7 +162,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, InvalidParameterForNullMessage) { const auto result = sign_func_(whitebox_, nullptr, garbage_request_.size(), signature_.data(), &signature_size_); #ifndef HAS_SIGN_PST_REPORT - if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) { + if (GetParam() != kRenewal) { + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); GTEST_SKIP(); } #endif @@ -174,7 +178,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, InvalidParameterForZeroMessageSize) { const auto result = sign_func_(whitebox_, garbage_request_.data(), 0, signature_.data(), &signature_size_); #ifndef HAS_SIGN_PST_REPORT - if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) { + if (GetParam() != kRenewal) { + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); GTEST_SKIP(); } #endif @@ -191,7 +196,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, CanProbeSizeWithNullSignature) { sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(), nullptr, &signature_size_); #ifndef HAS_SIGN_PST_REPORT - if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) { + if (GetParam() != kRenewal) { + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); GTEST_SKIP(); } #endif @@ -208,7 +214,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, InvalidParameterForNullSignature) { sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(), nullptr, &signature_size_); #ifndef HAS_SIGN_PST_REPORT - if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) { + if (GetParam() != kRenewal) { + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); GTEST_SKIP(); } #endif @@ -225,7 +232,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(), signature_.data(), nullptr); #ifndef HAS_SIGN_PST_REPORT - if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) { + if (GetParam() != kRenewal) { + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); GTEST_SKIP(); } #endif @@ -246,7 +254,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, BufferTooSmall) { sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(), signature_.data(), &signature_size_); #ifndef HAS_SIGN_PST_REPORT - if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) { + if (GetParam() != kRenewal) { + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); GTEST_SKIP(); } #endif @@ -267,7 +276,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, InvalidStateForNoLicense) { sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(), signature_.data(), &signature_size_); #ifndef HAS_SIGN_PST_REPORT - if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) { + if (GetParam() != kRenewal) { + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); GTEST_SKIP(); } #endif @@ -301,7 +311,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, KeyUnavailableForNoSigningKey) { sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(), signature_.data(), &signature_size_); #ifndef HAS_SIGN_PST_REPORT - if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) { + if (GetParam() != kRenewal) { + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); GTEST_SKIP(); } #endif @@ -320,7 +331,8 @@ TEST_P(LicenseWhiteboxSignRenewalPstTest, KeyUnavailableForInvalidKey) { sign_func_(whitebox_, garbage_request_.data(), garbage_request_.size(), signature_.data(), &signature_size_); #ifndef HAS_SIGN_PST_REPORT - if (GetParam() != kRenewal && result == WB_RESULT_NOT_IMPLEMENTED) { + if (GetParam() != kRenewal) { + ASSERT_EQ(result, WB_RESULT_NOT_IMPLEMENTED); GTEST_SKIP(); } #endif diff --git a/whitebox/reference/impl/license_parser.cc b/whitebox/reference/impl/license_parser.cc index c08e657..c833cca 100644 --- a/whitebox/reference/impl/license_parser.cc +++ b/whitebox/reference/impl/license_parser.cc @@ -44,6 +44,10 @@ bool LicenseParser::UnwrapKey( (provider_key_id >= 1 && provider_key_id <= provider_keys.size() && key_type == KeyType::kContentKey); +#ifndef HAS_PROVIDER_KEYS + CHECK(provider_keys.empty()); +#endif + #ifdef PROVIDER_KEY_SW_SECURE_CRYPTO_ABOVE provider_key_id_valid = provider_key_id_valid && diff --git a/whitebox/reference/impl/license_whitebox_impl.cc b/whitebox/reference/impl/license_whitebox_impl.cc index a46e8ce..3f9697c 100644 --- a/whitebox/reference/impl/license_whitebox_impl.cc +++ b/whitebox/reference/impl/license_whitebox_impl.cc @@ -248,6 +248,7 @@ std::vector CreateProviderKeys( const uint8_t* whitebox_init_data, size_t whitebox_init_data_size) { std::vector result; +#ifdef HAS_PROVIDER_KEYS for (size_t i = 0; i < whitebox_init_data_size / 32; ++i) { widevine::LicenseParser::ProviderKey provider_key; provider_key.mask.assign(whitebox_init_data, whitebox_init_data + 16); @@ -255,6 +256,7 @@ std::vector CreateProviderKeys( result.emplace_back(provider_key); whitebox_init_data += 32; } +#endif return result; } @@ -417,6 +419,12 @@ WB_Result WB_License_ProcessLicenseResponse(WB_License_Whitebox* whitebox, } #endif +#ifndef HAS_PROVIDER_KEYS + if (provider_key_id != 0) { + return WB_RESULT_NOT_IMPLEMENTED; + } +#endif + // Because we use SHA256, the hash will be 32 bytes (256 bits). if (signature_size != 32) { DVLOG(1) << "Invalid parameter: invalid signature size."; @@ -539,8 +547,12 @@ WB_Result WB_License_ProcessLicenseResponse(WB_License_Whitebox* whitebox, } whitebox->content_keys = parser->GetContentKeys(); +#ifdef HAS_ENTITLEMENT whitebox->entitlement_keys = parser->GetEntitlementKeys(); +#endif +#ifdef HAS_GENERIC_CRYPTO whitebox->generic_keys = parser->GetGenericKeys(); +#endif whitebox->initialized = true; @@ -556,6 +568,9 @@ WB_Result WB_License_LoadEntitledContentKey(WB_License_Whitebox* whitebox, size_t iv_size, const uint8_t* key_data, size_t key_data_size) { +#ifndef HAS_ENTITLEMENT + return WB_RESULT_NOT_IMPLEMENTED; +#else if (!whitebox || !key_data || !iv || !entitlement_key_id || !content_key_id) { DVLOG(1) << "Invalid parameter: null pointer."; return WB_RESULT_INVALID_PARAMETER; @@ -605,11 +620,15 @@ WB_Result WB_License_LoadEntitledContentKey(WB_License_Whitebox* whitebox, std::copy(clear_data.begin(), clear_data.begin() + 16, new_key.key.begin()); whitebox->content_keys.emplace(new_key_id, new_key); return WB_RESULT_OK; +#endif } WB_Result WB_License_RemoveEntitledContentKey(WB_License_Whitebox* whitebox, const uint8_t* content_key_id, size_t content_key_id_size) { +#ifndef HAS_ENTITLEMENT + return WB_RESULT_NOT_IMPLEMENTED; +#else if (!whitebox || !content_key_id) { DVLOG(1) << "Invalid parameter: null pointer."; return WB_RESULT_INVALID_PARAMETER; @@ -629,6 +648,7 @@ WB_Result WB_License_RemoveEntitledContentKey(WB_License_Whitebox* whitebox, return WB_RESULT_KEY_UNAVAILABLE; } return WB_RESULT_OK; +#endif } WB_Result WB_License_QueryKeyStatus(const WB_License_Whitebox* whitebox, @@ -770,8 +790,12 @@ WB_Result WB_License_SignPstReport(const WB_License_Whitebox* whitebox, size_t message_size, uint8_t* signature, size_t* signature_size) { +#ifndef HAS_SIGN_PST_REPORT + return WB_RESULT_NOT_IMPLEMENTED; +#else return WB_License_SignCommon(whitebox, message, message_size, signature, signature_size, /* sha256= */ false); +#endif } WB_Result WB_License_VerifyRenewalResponse(const WB_License_Whitebox* whitebox, @@ -898,6 +922,9 @@ WB_Result WB_License_GenericEncrypt(const WB_License_Whitebox* whitebox, size_t iv_size, uint8_t* output_data, size_t* output_data_size) { +#ifndef HAS_GENERIC_CRYPTO + return WB_RESULT_NOT_IMPLEMENTED; +#else if (!whitebox || !key_id || !output_data_size) { DVLOG(1) << "Invalid parameter: null pointer."; return WB_RESULT_INVALID_PARAMETER; @@ -940,6 +967,7 @@ WB_Result WB_License_GenericEncrypt(const WB_License_Whitebox* whitebox, return WB_RESULT_INVALID_PARAMETER; } return WB_RESULT_OK; +#endif } WB_Result WB_License_GenericDecrypt(const WB_License_Whitebox* whitebox, @@ -951,6 +979,9 @@ WB_Result WB_License_GenericDecrypt(const WB_License_Whitebox* whitebox, size_t iv_size, uint8_t* output_data, size_t* output_data_size) { +#ifndef HAS_GENERIC_CRYPTO + return WB_RESULT_NOT_IMPLEMENTED; +#else if (!whitebox || !key_id || !output_data_size) { DVLOG(1) << "Invalid parameter: null pointer."; return WB_RESULT_INVALID_PARAMETER; @@ -993,6 +1024,7 @@ WB_Result WB_License_GenericDecrypt(const WB_License_Whitebox* whitebox, return WB_RESULT_INVALID_PARAMETER; } return WB_RESULT_OK; +#endif } WB_Result WB_License_GenericSign(const WB_License_Whitebox* whitebox, @@ -1002,6 +1034,9 @@ WB_Result WB_License_GenericSign(const WB_License_Whitebox* whitebox, size_t message_size, uint8_t* output_data, size_t* output_data_size) { +#ifndef HAS_GENERIC_CRYPTO + return WB_RESULT_NOT_IMPLEMENTED; +#else if (!whitebox || !key_id || !message || !output_data_size) { DVLOG(1) << "Invalid parameter: null pointer."; return WB_RESULT_INVALID_PARAMETER; @@ -1043,6 +1078,7 @@ WB_Result WB_License_GenericSign(const WB_License_Whitebox* whitebox, MakeString(message, message_size)); memcpy(output_data, result.data(), result.size()); return WB_RESULT_OK; +#endif } WB_Result WB_License_GenericVerify(const WB_License_Whitebox* whitebox, @@ -1052,6 +1088,9 @@ WB_Result WB_License_GenericVerify(const WB_License_Whitebox* whitebox, size_t message_size, const uint8_t* signature, size_t signature_size) { +#ifndef HAS_GENERIC_CRYPTO + return WB_RESULT_NOT_IMPLEMENTED; +#else if (!whitebox || !key_id || !message || !signature) { DVLOG(1) << "Invalid parameter: null pointer."; return WB_RESULT_INVALID_PARAMETER; @@ -1087,6 +1126,7 @@ WB_Result WB_License_GenericVerify(const WB_License_Whitebox* whitebox, return WB_RESULT_INVALID_SIGNATURE; } return WB_RESULT_OK; +#endif } WB_Result WB_License_Decrypt(const WB_License_Whitebox* whitebox, diff --git a/whitebox/reference/impl/odk_license_parser.cc b/whitebox/reference/impl/odk_license_parser.cc index 0718aba..90f2a9e 100644 --- a/whitebox/reference/impl/odk_license_parser.cc +++ b/whitebox/reference/impl/odk_license_parser.cc @@ -104,17 +104,25 @@ WB_Result OdkLicenseParser::Parse(const std::string& decryption_key, KeyType::kContentKey, decryption_key, message, key, provider_keys, provider_key_id); if (temp_key.type == KeyType::kGenericCryptoKey) { +#ifndef HAS_GENERIC_CRYPTO + return WB_RESULT_NOT_IMPLEMENTED; +#else generic_keys_[key_id] = temp_key; +#endif } else { content_keys_[key_id] = temp_key; } break; } case OEMCrypto_EntitlementLicense: +#ifndef HAS_ENTITLEMENT + return WB_RESULT_NOT_IMPLEMENTED; +#else entitlement_keys_[key_id] = ParseInternalKey( KeyType::kEntitlementKey, decryption_key, message, key, provider_keys, provider_key_id); break; +#endif default: VLOG(1) << "Unknown license type " << odk_context.license.license_type; break;