widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update OEMCrypto CHANGELOG.md for v17.2

Browse Source 
Bug: 241146324
Merged from https://widevine-internal-review.googlesource.com/178978

Merged from https://widevine-internal-review.googlesource.com/179710

Change-Id: I385cab041e795d9ef2a5cb01e7ee71fe3290c84d
This commit is contained in:
Cong Lin
2023-07-19 22:24:43 -07:00
committed by Robert Shih
parent 5715fb527a
commit 2db837bce4
1 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
libwvdrmengine/oemcrypto/CHANGELOG.md
View File

@@ -243,6 +243,46 @@ OS.
4.0.
- The OPK does not yet support MediaCAS functionality.
## [Version 17.2][To add link]
This release contains the first version of OPK to support MediaCAS, an
end-to-end demo of OEMCrypto CAS functionality, several bug fixes in OPK and a
few updates to the OEMCrypto unit tests and fuzz tests.
MediaCAS support has been added to OPK. `OPK_Pack_LoadCasECMKeys_Request()`,
`OPK_Unpack_LoadCasECMKeys_Request()`, `OPK_Pack_LoadCasECMKeys_Response()`,
`OPK_Unpack_LoadCasECMKeys_Response()` are moved out of the auto-generated
serialization code and are added to the special cases, to allow implementor to
pack customized data. CAS-specific WTPI functions along with a reference
implementation have been added.
A new `cas` directory is added to the `ports/linux` project. This contains
an end-to-end demo of OEMCrypto CAS functionality. The OEMCrypto CAS test client
communicates with the Linux `tee_simulator_cas` via `liboemcrypto.so` and
`libtuner.so`. `tee_simulator_cas` loads CAS keys and performs descrambling.
All CAS specific code in OPK is guarded by the compiler flag `SUPPORT_CAS`.
Several other updates and fixes to OPK in this release include:
- `strnlen()` is removed from OPK to avoid issue caused by the terminating '\0'.
- Explicit call to `builtin_add_overflow()` is removed and `oemcrypto_overflow`
wrappers are used instead.
- Added non-NULL checks in `WTPI_UnwrapValidateAndInstallKeybox()`,
`OEMCrypto_OPK_SerializationVersion()`, and `OPKI_GetFromObjectTable()`.
- Validated the wrapped key size to be non-zero.
- Set OP-TEE serialized request size to the maximum size expected.
- HMACs are compared in constant time.
- Fixed pointer arithmetic with size_t to avoid unexpected truncation of the
calculated address.
- No-op for zero-sized subsample instead of aborting OPK.
This release also contains a few updates to the OEMCrypto unit tests and fuzz
tests:
- Reduced clock skew in flaky duration tests.
- Removed device ID check since it is not required for v17.
- Added a test for zero subsample size.
- Cleaned up fuzz helper classes and added more fuzz test coverage.
## [OPK Version 17.1.1][v17.1+opk-v17.1.1]
This release fixes a flaw in the OPK code that could allow content that requires