Merges to android Pi release (part 9)

These are a set of CLs merged from the wv cdm repo to the android repo. * Make Android NDK Builds Work With Latest BoringSSL Author: John W. Bruce <juce@google.com> [ Merge of http://go/wvgerrit/37000 ] The latest updates to BoringSSL require C99 or later. Our NDK-based builds (OEMCrypto Variants & Fastball) were not specifying a C standard. This patch adds compiler flags so that C files are compiled as C11 now. Note that this is about the *C* standard in use, not the *C++* standard, which this patch leaves untouched. BUG: 67907873 Test: build_android_mock.sh * Update BoringSSL to f7412cb072cc6b1847140e0c4f8b3ceeccd0e708 Author: John W. Bruce <juce@google.com> [ Merge of http://go/wvgerrit/36761 ] This is the result of running UPDATE_BORINGSSL.sh. Future runs of this script should produce much smaller sets of changed files, but because the BoringSSL revision already in this directory was so old and contained many extraneous files from the Android operating system, the set of changed files is extensive this time. BUG: 67907873 * Refactoring the build files. Author: Vasantha Rao Polipelli <vasanthap@google.com> [ Merge of http://go/wvgerrit/37041 ] Move all common build dependencies to .gypi so that all fuzz test binary targets can be added to .gyp file without repeating code. * Introduce service certificate request property Author: Rahul Frias <rfrias@google.com> [ Merge of http://go/wvgerrit/36941 ] Platforms differ on whether they allows service certificates to be requested if privacy mode is enabled and a certificate is not present. This property allows behavior to be configurable. Generating the service certificate request will be introduced in a follow on CL. BUG: 68328352 * Deprecate using keyboxes as identification Author: Rahul Frias <rfrias@google.com> [ Merge of http://go/wvgerrit/36740 ] Previously some platforms supported using keyboxes rather than certificates as the identification tokens in the license request message. All platforms that share core CDM code of the master branch now either provision using a keybox and use a DRM certificate or an OEM certificate as identification. No future usage of keyboxes as identifying tokens is planned. Since the platform property use_certificates_as_identification is always set to true, the negative code paths are never taken and can be removed. * OEMCrypto_GenerateSignature API Fuzz Test. Author: Vasantha Rao Polipelli <vasanthap@google.com> [ Merge of http://go/wvgerrit/36863 ] - The first automated API fuzz test. - Also sumitting the corpus for the API fuzzed. * Add Script to Update BoringSSL from Source Author: John W. Bruce <juce@google.com> [ Merge of http://go/wvgerrit/36760 ] Adds a script to third_party/boringssl/ that, when run, deletes all the auto-generated files in the generated/ directory and regenerates them from scratch, starting from the latest public HEAD of BoringSSL. Bug: 67907873 * Fix Fastball / OEMCrypto Variant BoringSSL Makefiles Author: John W. Bruce <juce@google.com> [ Merge of http://go/wvgerrit/36926 ] Previously, when moving the BoringSSL source within the tree, I was not able to verify that I had not broken the NDK-compatible makefiles used by Fastball because that build is broken on master. I had to make a best-guess as to how they should be updated and hope. Now, however, I have been informed that the OEMCrypto Variants also use these makefiles, and I have been able to use that build to find where I broke them and get them fully working. Bug: 67386164 Test: build_android_mock.sh * Add kit/ to BoringSSL Include Path for Fastball & OEMCrypto Variants Author: John W. Bruce <juce@google.com> [ Merge of http://go/wvgerrit/36925 ] When I moved the BoringSSL source in the tree, I updated the Android.mk files that pointed to it in order to build it. I did not realize that some makefiles outside that directory also contained hardcoded pointers into that directory. These references broke after the move. This patch fixes those paths to point to the new BoringSSL location. Bug: 67386164 Test: build_android_mock.sh * OEMCrypto Unit Test Refactor. Author: Vasantha Rao Polipelli <vasanthap@google.com> [ Merge of http://go/wvgerrit/36562 ] Refactoring OEMCrypto Tests so the Session Utility test code can be reused in fuzz tests. * Reorder license server config table to match ids Author: Jeff Fore <jfore@google.com> [ Merge of http://go/wvgerrit/36743 ] * Separate Hand-Written BoringSSL Files from Downloaded/Generated Ones Author: John W. Bruce <juce@google.com> [ Merge of http://go/wvgerrit/36561 ] I want to make updating BoringSSL as simple as possible for us going forward. A future commit will add a script that automatically downloads and sets up the latest version of BoringSSL. To facilitate this script, a clear distinction needs to be made between the files that can be downloaded with / regenerated from the BoringSSL source and the files that are maintained by us by hand. The version of BoringSSL in this change is exactly the same as the one already in this directory. It has just been moved one folder deeper. Bug: 67907873 * Remove BoringSSL Symlinks, They Are Confusing Gerrit Author: John W. Bruce <juce@google.com> [ Merge of http://go/wvgerrit/36560 ] There are some symlinks in the current copy of BoringSSL that are causing headaches when I try to upload future changes to Gerrit. These were inherited from the Android OS and are not used by our build anywhere. They would be wiped out when I update BoringSSL anyway, but wiping them out in a separate change before I upload any other changes avoids confusing Gerrit. Bug: 67907873 * Add group master key id to support sublicense master key rotation, and content identification. Author: Jeff Fore <jfore@google.com> [ Merge of http://go/wvgerrit/36180 ] * OEMCrypto Fuzzer test framework Author: Vasantha Rao Polipelli <vasanthap@google.com> [ Merge of http://go/wvgerrit/36280 ] - Adding a sample fuzz test. - Adding build scripts for building the new Fuzz Tests to come. Design doc: go/oemcrypt_ref_impl_fuzz * Build Mod Mock with C++ 11 Author: Fred Gylys-Colwell <fredgc@google.com> [ Merge of http://go/wvgerrit/36328 ] This should fix the android oemcrypto mock build: http://go/wvbuild/job/Android_OEMCrypto_Variants BUG: 71650075 Test: Not currently passing. Will be addressed in a subsequent commit in the chain. Change-Id: Ic4d5be3118ef97e3f7d386149a2b5d9be8f0a87e
2018-01-10 18:01:48 -08:00
parent 1884cf738e
commit 81d607c008
35 changed files with 688 additions and 1055 deletions
--- a/libwvdrmengine/cdm/core/test/cdm_engine_test.cpp
+++ b/libwvdrmengine/cdm/core/test/cdm_engine_test.cpp
@@ -334,7 +334,7 @@ class WvCdmEngineTest : public WvCdmEnginePreProvTest {

  static void SetUpTestCase() {
    // NOTE: Select server configuration
-    CommonSetup(kContentProtectionStagingServer);
+    CommonSetup(kContentProtectionUatServer);
  }

  virtual void SetUp() {
--- a/libwvdrmengine/cdm/core/test/cdm_session_unittest.cpp
+++ b/libwvdrmengine/cdm/core/test/cdm_session_unittest.cpp
@@ -102,7 +102,8 @@ class MockDeviceFiles : public DeviceFiles {

 class MockCryptoSession : public CryptoSession {
 public:
-  MockCryptoSession() : CryptoSession(NULL) { }
+  MockCryptoSession(metrics::CryptoMetrics* crypto_metrics)
+      : CryptoSession(crypto_metrics) { }
  MOCK_METHOD1(GetClientToken, bool(std::string*));
  MOCK_METHOD1(GetProvisioningToken, bool(std::string*));
  MOCK_METHOD0(GetPreProvisionTokenType, CdmClientTokenType());
@@ -148,7 +149,7 @@ class CdmSessionTest : public ::testing::Test {
    // Inject testing mocks.
    license_parser_ = new MockCdmLicense(cdm_session_->session_id());
    cdm_session_->set_license_parser(license_parser_);
-    crypto_session_ = new MockCryptoSession();
+    crypto_session_ = new MockCryptoSession(&crypto_metrics_);
    cdm_session_->set_crypto_session(crypto_session_);
    policy_engine_ = new MockPolicyEngine();
    cdm_session_->set_policy_engine(policy_engine_);
@@ -165,6 +166,7 @@ class CdmSessionTest : public ::testing::Test {
  metrics::SessionMetrics metrics_;
  scoped_ptr<CdmSession> cdm_session_;
  MockCdmLicense* license_parser_;
+  metrics::CryptoMetrics crypto_metrics_;
  MockCryptoSession* crypto_session_;
  MockPolicyEngine* policy_engine_;
  MockDeviceFiles* file_handle_;
@@ -194,8 +196,6 @@ TEST_F(CdmSessionTest, InitWithBuiltInCertificate) {
                   Eq(kEmptyString), Eq(crypto_session_), Eq(policy_engine_)))
      .WillOnce(Return(true));

-  Properties::set_use_certificates_as_identification(true);
-
  ASSERT_EQ(NO_ERROR, cdm_session_->Init(NULL));
 }

@@ -223,33 +223,6 @@ TEST_F(CdmSessionTest, InitWithCertificate) {
                   Eq(kEmptyString), Eq(crypto_session_), Eq(policy_engine_)))
      .WillOnce(Return(true));

-  Properties::set_use_certificates_as_identification(true);
-
-  ASSERT_EQ(NO_ERROR, cdm_session_->Init(NULL));
-}
-
-TEST_F(CdmSessionTest, InitWithKeybox) {
-  Sequence crypto_session_seq;
-  CdmSecurityLevel level = kSecurityLevelL1;
-  EXPECT_CALL(*crypto_session_, Open(Eq(kLevelDefault)))
-      .InSequence(crypto_session_seq)
-      .WillOnce(Return(NO_ERROR));
-  EXPECT_CALL(*crypto_session_, GetSecurityLevel())
-      .InSequence(crypto_session_seq)
-      .WillOnce(Return(level));
-  EXPECT_CALL(*crypto_session_, GetClientToken(NotNull()))
-      .InSequence(crypto_session_seq)
-      .WillOnce(DoAll(SetArgPointee<0>(kToken), Return(true)));
-  EXPECT_CALL(*crypto_session_, GetPreProvisionTokenType())
-      .WillOnce(Return(kClientTokenKeybox));
-  EXPECT_CALL(*file_handle_, Init(Eq(level))).WillOnce(Return(true));
-  EXPECT_CALL(*license_parser_,
-              Init(NULL, Eq(kToken), Eq(kClientTokenKeybox),
-                   Eq(kEmptyString), Eq(crypto_session_), Eq(policy_engine_)))
-      .WillOnce(Return(true));
-
-  Properties::set_use_certificates_as_identification(false);
-
  ASSERT_EQ(NO_ERROR, cdm_session_->Init(NULL));
 }

@@ -277,8 +250,6 @@ TEST_F(CdmSessionTest, ReInitFail) {
                   Eq(kEmptyString), Eq(crypto_session_), Eq(policy_engine_)))
      .WillOnce(Return(true));

-  Properties::set_use_certificates_as_identification(true);
-
  ASSERT_EQ(NO_ERROR, cdm_session_->Init(NULL));
  ASSERT_NE(NO_ERROR, cdm_session_->Init(NULL));
 }
@@ -287,8 +258,6 @@ TEST_F(CdmSessionTest, InitFailCryptoError) {
  EXPECT_CALL(*crypto_session_, Open(Eq(kLevelDefault)))
      .WillOnce(Return(UNKNOWN_ERROR));

-  Properties::set_use_certificates_as_identification(true);
-
  ASSERT_EQ(UNKNOWN_ERROR, cdm_session_->Init(NULL));
 }

@@ -308,8 +277,6 @@ TEST_F(CdmSessionTest, InitNeedsProvisioning) {
                                                 NotNull(), _))
      .WillOnce(Return(false));

-  Properties::set_use_certificates_as_identification(true);
-
  ASSERT_EQ(NEED_PROVISIONING, cdm_session_->Init(NULL));
 }

--- a/libwvdrmengine/cdm/core/test/config_test_env.cpp
+++ b/libwvdrmengine/cdm/core/test/config_test_env.cpp
@@ -197,16 +197,17 @@ const std::string kWrongKeyId =

 const ConfigTestEnv::LicenseServerConfiguration license_servers[] = {
    {kGooglePlayServer, kGpLicenseServer, "", kGpClientAuth, kGpKeyId,
-     kGpOfflineKeyId, kCpProductionProvisioningServerUrl, ""},
-    {kContentProtectionProductionServer, kCpProductionLicenseServer,
-      kCpProductionServiceCertificate, kCpClientAuth, kCpKeyId, kCpOfflineKeyId,
-      kCpProductionProvisioningServerUrl, kCpProductionServiceCertificate},
+        kGpOfflineKeyId, kCpProductionProvisioningServerUrl, ""},
    {kContentProtectionUatServer, kCpUatLicenseServer, kCpUatServiceCertificate,
-      kCpClientAuth, kCpKeyId, kCpOfflineKeyId,
-      kCpUatProvisioningServerUrl, kCpUatServiceCertificate},
+        kCpClientAuth, kCpKeyId, kCpOfflineKeyId, kCpUatProvisioningServerUrl,
+        kCpUatServiceCertificate},
    {kContentProtectionStagingServer, kCpStagingLicenseServer,
-      kCpStagingServiceCertificate, kCpClientAuth, kCpKeyId, kCpOfflineKeyId,
-      kCpStagingProvisioningServerUrl, kCpStagingServiceCertificate},
+        kCpStagingServiceCertificate, kCpClientAuth, kCpKeyId, kCpOfflineKeyId,
+        kCpStagingProvisioningServerUrl, kCpStagingServiceCertificate},
+    {kContentProtectionProductionServer, kCpProductionLicenseServer,
+          kCpProductionServiceCertificate, kCpClientAuth, kCpKeyId,
+          kCpOfflineKeyId, kCpProductionProvisioningServerUrl,
+          kCpProductionServiceCertificate},
 };

 }  // namespace
--- a/libwvdrmengine/cdm/core/test/license_unittest.cpp
+++ b/libwvdrmengine/cdm/core/test/license_unittest.cpp
@@ -115,7 +115,8 @@ const CryptoSession::SupportedCertificateTypes kDefaultSupportedCertTypes = {

 class MockCryptoSession : public CryptoSession {
 public:
-  MockCryptoSession() : CryptoSession(NULL) { }
+  MockCryptoSession(metrics::CryptoMetrics* crypto_metrics)
+      : CryptoSession(crypto_metrics) { }
  MOCK_METHOD0(IsOpen, bool());
  MOCK_METHOD1(GenerateRequestId, bool(std::string*));
  MOCK_METHOD1(UsageInformationSupport, bool(bool*));
@@ -170,7 +171,7 @@ class CdmLicenseTest : public ::testing::Test {
      : pssh_(pssh) {}
  virtual void SetUp() {
    clock_ = new MockClock();
-    crypto_session_ = new MockCryptoSession();
+    crypto_session_ = new MockCryptoSession(&crypto_metrics_);
    init_data_ = new MockInitializationData(CENC_INIT_DATA_FORMAT, pssh_);
    policy_engine_ = new MockPolicyEngine(crypto_session_);

@@ -194,6 +195,7 @@ class CdmLicenseTest : public ::testing::Test {

  CdmLicense* cdm_license_;
  MockClock* clock_;
+  metrics::CryptoMetrics crypto_metrics_;
  MockCryptoSession* crypto_session_;
  MockInitializationData* init_data_;
  MockPolicyEngine* policy_engine_;
@@ -277,7 +279,6 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidation) {

  CdmAppParameterMap app_parameters;
  CdmKeyMessage signed_request;
-  Properties::set_use_certificates_as_identification(true);
  std::string server_url;
  EXPECT_EQ(cdm_license_->PrepareKeyRequest(
      *init_data_, kLicenseTypeStreaming, app_parameters,
@@ -411,7 +412,6 @@ TEST_F(SubLicenseTest, VerifySubSessionData) {
      crypto_session_, policy_engine_));
  CdmAppParameterMap app_parameters;
  CdmKeyMessage signed_request;
-  Properties::set_use_certificates_as_identification(true);
  std::string server_url;
  EXPECT_EQ(cdm_license_->PrepareKeyRequest(*init_data_, kLicenseTypeStreaming,
                                            app_parameters, &signed_request,
--- a/libwvdrmengine/cdm/core/test/policy_engine_constraints_unittest.cpp
+++ b/libwvdrmengine/cdm/core/test/policy_engine_constraints_unittest.cpp
@@ -5,6 +5,7 @@

 #include "crypto_session.h"
 #include "license.h"
+#include "metrics_collections.h"
 #include "policy_engine.h"
 #include "mock_clock.h"
 #include "scoped_ptr.h"
@@ -61,7 +62,8 @@ const int64_t kHdcpInterval = 10;

 class HdcpOnlyMockCryptoSession : public CryptoSession {
 public:
-  HdcpOnlyMockCryptoSession() : CryptoSession(NULL) { }
+  HdcpOnlyMockCryptoSession(metrics::CryptoMetrics* crypto_metrics)
+      : CryptoSession(crypto_metrics) { }

  MOCK_METHOD2(GetHdcpCapabilities, bool(HdcpCapability*, HdcpCapability*));
 };
@@ -79,6 +81,11 @@ class MockCdmEventListener : public WvCdmEventListener {
 }  // namespace

 class PolicyEngineConstraintsTest : public Test {
+ public:
+  PolicyEngineConstraintsTest() :
+      crypto_session_(&dummy_metrics_) {
+  }
+
 protected:
  virtual void SetUp() {
    current_time_ = 0;
@@ -206,6 +213,7 @@ class PolicyEngineConstraintsTest : public Test {
  scoped_ptr<PolicyEngine> policy_engine_;
  MockClock* mock_clock_;
  int64_t current_time_;
+  metrics::CryptoMetrics dummy_metrics_;
  StrictMock<HdcpOnlyMockCryptoSession> crypto_session_;
  StrictMock<MockCdmEventListener> mock_event_listener_;
  License license_;
--- a/libwvdrmengine/cdm/core/test/policy_engine_unittest.cpp
+++ b/libwvdrmengine/cdm/core/test/policy_engine_unittest.cpp
@@ -56,8 +56,8 @@ int64_t ParseInt(const std::string& str) {

 class HdcpOnlyMockCryptoSession : public CryptoSession {
 public:
-  HdcpOnlyMockCryptoSession() :
-      CryptoSession(NULL) {}
+  HdcpOnlyMockCryptoSession(metrics::CryptoMetrics* metrics) :
+      CryptoSession(metrics) {}

  MOCK_METHOD2(GetHdcpCapabilities, bool(HdcpCapability*, HdcpCapability*));
  bool DoRealGetHdcpCapabilities(HdcpCapability* current,
@@ -97,6 +97,9 @@ using ::testing::StrictMock;
 using ::testing::UnorderedElementsAre;

 class PolicyEngineTest : public ::testing::Test {
+ public:
+  PolicyEngineTest() : crypto_session_(&dummy_metrics_) {
+  }
 protected:
  virtual void SetUp() {
    policy_engine_.reset(
@@ -163,6 +166,7 @@ class PolicyEngineTest : public ::testing::Test {
                    expected_has_new_usable_key));
  }

+  metrics::CryptoMetrics dummy_metrics_;
  NiceMock<HdcpOnlyMockCryptoSession> crypto_session_;
  StrictMock<MockCdmEventListener> mock_event_listener_;
  MockClock* mock_clock_;
--- a/libwvdrmengine/cdm/core/test/usage_table_header_unittest.cpp
+++ b/libwvdrmengine/cdm/core/test/usage_table_header_unittest.cpp
@@ -140,7 +140,8 @@ class MockDeviceFiles : public DeviceFiles {

 class MockCryptoSession : public CryptoSession {
 public:
-  MockCryptoSession() : CryptoSession(NULL) {}
+  MockCryptoSession(metrics::CryptoMetrics* metrics)
+      : CryptoSession(metrics) {}
  MOCK_METHOD1(Open, CdmResponseType(SecurityLevel));
  MOCK_METHOD1(LoadUsageTableHeader,
               CdmResponseType(const CdmUsageTableHeader&));
@@ -170,7 +171,7 @@ class UsageTableHeaderTest : public ::testing::Test {
  virtual void SetUp() {
    // UsageTableHeader will take ownership of the pointer
    device_files_ = new MockDeviceFiles();
-    crypto_session_ = new MockCryptoSession();
+    crypto_session_ = new MockCryptoSession(&crypto_metrics_);
    usage_table_header_ = new UsageTableHeader();

    // usage_table_header_ object takes ownership of these objects
@@ -196,6 +197,7 @@ class UsageTableHeaderTest : public ::testing::Test {
  }

  MockDeviceFiles* device_files_;
+  metrics::CryptoMetrics crypto_metrics_;
  MockCryptoSession* crypto_session_;
  UsageTableHeader* usage_table_header_;
 };