[RESTRICT AUTOMERGE] Sync OEMCrypto, ODK files and unit tests

run android/copy_files from cdm repo to sync files in Android tm-widevine-release. Changes include: 1. Update ODK to 17.1 2. update in license_protocol.proto 3. updates in oemcrypto unit tests 4. A few cdm and util test updates 5. Prov4 unit test fixes Originating CLs: https://widevine-internal-review.googlesource.com/c/cdm/+/155289/ https://widevine-internal-review.googlesource.com/c/cdm/+/155429/ https://widevine-internal-review.googlesource.com/c/cdm/+/155430/ https://widevine-internal-review.googlesource.com/c/cdm/+/154415/ https://widevine-internal-review.googlesource.com/c/cdm/+/156457/ https://widevine-internal-review.googlesource.com/c/cdm/+/156878/ https://widevine-internal-review.googlesource.com/c/cdm/+/156879/ https://widevine-internal-review.googlesource.com/c/cdm/+/156425/ https://widevine-internal-review.googlesource.com/c/cdm/+/156486/ https://widevine-internal-review.googlesource.com/c/cdm/+/156539/ https://widevine-internal-review.googlesource.com/c/cdm/+/156542/ Test: ran oemcrypto unit tests and ODK tests Test: ran gts media test cases Bug: 239201888 Change-Id: Iad9aff72aec5ba42296582837f34dd704bc11810
2022-09-22 13:39:14 -07:00
parent fa8c0a9a62
commit 0f32f41bd1
38 changed files with 770 additions and 413 deletions
--- a/libwvdrmengine/cdm/core/src/license_protocol.proto
+++ b/libwvdrmengine/cdm/core/src/license_protocol.proto
@@ -221,6 +221,7 @@ message License {
      // for verifying the received ECM/EMM signature. Only EC key is supported
      // for now.
      PROVIDER_ECM_VERIFIER_PUBLIC_KEY = 7;
+      OEM_ENTITLEMENT = 8;  // Partner-specific entitlement key.
    }

    // The SecurityLevel enumeration allows the server to communicate the level
--- a/libwvdrmengine/cdm/core/test/cdm_engine_test.cpp
+++ b/libwvdrmengine/cdm/core/test/cdm_engine_test.cpp
@@ -2,7 +2,7 @@
 // source code may only be used and distributed under the Widevine License
 // Agreement.
 // These tests are for the cdm engine, and code below it in the stack.  In
-// particular, we assume that the OEMCrypo layer works, and has a valid keybox.
+// particular, we assume that the OEMCrypto layer works, and has a valid keybox.
 // This is because we need a valid RSA certificate, and will attempt to connect
 // to the provisioning server to request one if we don't.

@@ -65,7 +65,7 @@ class WvCdmEnginePreProvTest : public WvCdmTestBaseWithEngine {
    CdmResponseType status = cdm_engine_.OpenSession(
        config_.key_system(), nullptr, nullptr, &session_id_);
    if (status == NEED_PROVISIONING) {
-      Provision();
+      EnsureProvisioned();
      status = cdm_engine_.OpenSession(config_.key_system(), nullptr, nullptr,
                                       &session_id_);
    }
@@ -335,20 +335,22 @@ TEST_F(WvCdmEngineTest, SetLicensingServiceInvalidCertificate) {
            NO_ERROR);
 };

-TEST_F(WvCdmEnginePreProvTestStaging, ProvisioningTest) { Provision(); }
+TEST_F(WvCdmEnginePreProvTestStaging, ProvisioningTest) { EnsureProvisioned(); }

-TEST_F(WvCdmEnginePreProvTestUatBinary, ProvisioningTest) { Provision(); }
+TEST_F(WvCdmEnginePreProvTestUatBinary, ProvisioningTest) {
+  EnsureProvisioned();
+}

 // Test that provisioning works.
-TEST_F(WvCdmEngineTest, ProvisioningTest) { Provision(); }
+TEST_F(WvCdmEngineTest, ProvisioningTest) { EnsureProvisioned(); }

 // Test that provisioning works, even if device is already provisioned.
 TEST_F(WvCdmEngineTest, ReprovisioningTest) {
  // Provision once.
-  Provision();
+  EnsureProvisioned();
  // Verify that we can provision a second time, even though we already
  // provisioned once.
-  Provision();
+  EnsureProvisioned();
 }

 TEST_F(WvCdmEngineTest, BaseIsoBmffMessageTest) {
--- a/libwvdrmengine/cdm/core/test/crypto_session_unittest.cpp
+++ b/libwvdrmengine/cdm/core/test/crypto_session_unittest.cpp
@@ -96,6 +96,9 @@ TEST_F(CryptoSessionMetricsTest, OpenSessionValidMetrics) {
  } else if (token_type == kClientTokenDrmCert) {
    // TODO(blueeyes): Add support for getting the system id from a
    // pre-installed DRM certificate..
+  } else if (token_type == kClientTokenBootCertChain) {
+    EXPECT_EQ(OEMCrypto_BootCertificateChain,
+              metrics_proto.oemcrypto_provisioning_method().int_value());
  } else {
    FAIL() << "Unexpected token type: " << token_type;
  }
@@ -134,9 +137,9 @@ TEST_F(CryptoSessionMetricsTest, GetProvisioningTokenValidMetrics) {
    ASSERT_GE(metrics_proto.oemcrypto_get_oem_public_certificate().size(), 1);
    EXPECT_THAT(metrics_proto.oemcrypto_get_oem_public_certificate(0).count(),
                AllOf(Ge(1), Le(2)));
-
-    ASSERT_GE(metrics_proto.crypto_session_get_token().size(), 1);
-    EXPECT_GE(metrics_proto.crypto_session_get_token(0).count(), 1);
+  } else if (token_type == kClientTokenBootCertChain) {
+    EXPECT_EQ(OEMCrypto_BootCertificateChain,
+              metrics_proto.oemcrypto_provisioning_method().int_value());
  } else {
    ASSERT_EQ(0, metrics_proto.crypto_session_get_token().size());
  }
--- a/libwvdrmengine/cdm/core/test/fake_provisioning_server.cpp
+++ b/libwvdrmengine/cdm/core/test/fake_provisioning_server.cpp
@@ -284,7 +284,8 @@ bool FakeProvisioningServer::MakeResponse(
  wvoec::KeyDeriver key_deriver;
  // Not only is this Prov 2.0 specific, it assumes the device is using the
  // standard test keybox.
-  key_deriver.DeriveKeys(wvoec::kTestKeybox.device_key_, mac_context_v,
+  key_deriver.DeriveKeys(wvoec::kTestKeybox.device_key_,
+                         sizeof(wvoec::kTestKeybox.device_key_), mac_context_v,
                         enc_context_v);

  // Create a structure to hold the RSA private key. This is used by the key
--- a/libwvdrmengine/cdm/core/test/reboot_test.cpp
+++ b/libwvdrmengine/cdm/core/test/reboot_test.cpp
@@ -222,9 +222,11 @@ void RebootTest::SetUp() {
    EXPECT_EQ(read, file_size) << "Error reading persistent data file.";
    EXPECT_TRUE(ParseDump(dump, &persistent_data_));
  }
+  TestSleep::SyncFakeClock();
 }

 void RebootTest::TearDown() {
+  TestSleep::SyncFakeClock();
  auto file = file_system_->Open(persistent_data_filename_,
                                 FileSystem::kCreate | FileSystem::kTruncate);
  ASSERT_TRUE(file) << "Failed to open file: " << persistent_data_filename_;
@@ -404,6 +406,7 @@ class OfflineLicense {
  // Fetch and load the license. The session is left open.
  void LoadLicense() {
    license_holder_.OpenSession();
+    TestSleep::SyncFakeClock();
    start_of_rental_clock_ = wvutil::Clock().GetCurrentTime();
    license_holder_.FetchLicense();
    license_holder_.LoadLicense();
@@ -433,6 +436,7 @@ class OfflineLicense {

  // Verify that the license may be used to decrypt content.
  void Decrypt() {
+    TestSleep::SyncFakeClock();
    if (start_of_playback_ == 0) {
      start_of_playback_ = wvutil::Clock().GetCurrentTime();
    }
@@ -450,6 +454,7 @@ class OfflineLicense {
  // Verify that the license has expired, and may not be used to decrypt
  // content.
  void FailDecrypt() {
+    TestSleep::SyncFakeClock();
    const KeyId key_id = "0000000000000000";
    EXPECT_EQ(NEED_KEY, license_holder_.Decrypt(key_id))
        << "Decrypt should have failed for " << content_id_
@@ -628,6 +633,7 @@ class OfflineLicenseTest : public RebootTest {
    int decrypt_count = 0;
    int fail_count = 0;
    for (auto time : interesting_times_) {
+      TestSleep::SyncFakeClock();
      int64_t now = wvutil::Clock().GetCurrentTime();
      int64_t delta = (time - now);
      // It is not necessarily an error for the delta to be negative. But it is
@@ -672,6 +678,7 @@ class OfflineLicenseTest : public RebootTest {
      for (size_t i = first_valid_[n] + 1; i < test_case_[n].size(); i++) {
        OfflineLicense* license = test_case_[n][i].get();
        ASSERT_NO_FATAL_FAILURE(license->ReloadLicense());
+        TestSleep::SyncFakeClock();
        int64_t now = wvutil::Clock().GetCurrentTime();
        if (now <= license->cutoff() - kFudge) {
          license->Decrypt();