From 2db837bce45656979dc748e35f291c1ddb81057c Mon Sep 17 00:00:00 2001 From: Cong Lin Date: Wed, 19 Jul 2023 22:24:43 -0700 Subject: [PATCH] Update OEMCrypto CHANGELOG.md for v17.2 Bug: 241146324 Merged from https://widevine-internal-review.googlesource.com/178978 Merged from https://widevine-internal-review.googlesource.com/179710 Change-Id: I385cab041e795d9ef2a5cb01e7ee71fe3290c84d --- libwvdrmengine/oemcrypto/CHANGELOG.md | 40 +++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/libwvdrmengine/oemcrypto/CHANGELOG.md b/libwvdrmengine/oemcrypto/CHANGELOG.md index 72cdac19..0059febe 100644 --- a/libwvdrmengine/oemcrypto/CHANGELOG.md +++ b/libwvdrmengine/oemcrypto/CHANGELOG.md @@ -243,6 +243,46 @@ OS. 4.0. - The OPK does not yet support MediaCAS functionality. +## [Version 17.2][To add link] + +This release contains the first version of OPK to support MediaCAS, an +end-to-end demo of OEMCrypto CAS functionality, several bug fixes in OPK and a +few updates to the OEMCrypto unit tests and fuzz tests. + +MediaCAS support has been added to OPK. `OPK_Pack_LoadCasECMKeys_Request()`, +`OPK_Unpack_LoadCasECMKeys_Request()`, `OPK_Pack_LoadCasECMKeys_Response()`, +`OPK_Unpack_LoadCasECMKeys_Response()` are moved out of the auto-generated +serialization code and are added to the special cases, to allow implementor to +pack customized data. CAS-specific WTPI functions along with a reference +implementation have been added. + +A new `cas` directory is added to the `ports/linux` project. This contains +an end-to-end demo of OEMCrypto CAS functionality. The OEMCrypto CAS test client +communicates with the Linux `tee_simulator_cas` via `liboemcrypto.so` and +`libtuner.so`. `tee_simulator_cas` loads CAS keys and performs descrambling. + +All CAS specific code in OPK is guarded by the compiler flag `SUPPORT_CAS`. + +Several other updates and fixes to OPK in this release include: +- `strnlen()` is removed from OPK to avoid issue caused by the terminating '\0'. +- Explicit call to `builtin_add_overflow()` is removed and `oemcrypto_overflow` + wrappers are used instead. +- Added non-NULL checks in `WTPI_UnwrapValidateAndInstallKeybox()`, + `OEMCrypto_OPK_SerializationVersion()`, and `OPKI_GetFromObjectTable()`. +- Validated the wrapped key size to be non-zero. +- Set OP-TEE serialized request size to the maximum size expected. +- HMACs are compared in constant time. +- Fixed pointer arithmetic with size_t to avoid unexpected truncation of the + calculated address. +- No-op for zero-sized subsample instead of aborting OPK. + +This release also contains a few updates to the OEMCrypto unit tests and fuzz +tests: +- Reduced clock skew in flaky duration tests. +- Removed device ID check since it is not required for v17. +- Added a test for zero subsample size. +- Cleaned up fuzz helper classes and added more fuzz test coverage. + ## [OPK Version 17.1.1][v17.1+opk-v17.1.1] This release fixes a flaw in the OPK code that could allow content that requires