This updates the code and tests to allow for using license protocol 2.2
when using OEMCrypto v19.
Issue: 80428549
Issue: 121031064
Issue: 232464183
Change-Id: Ib6bb61f86dd310b566227462658530bca5940b88
Since KDF functions are only used right before specific functions, this
merges them to simplify internal state within OEMCrypto.
Fixes: 299527712
Change-Id: I426cfcdc102bd73cf65cd809b213da2474f44b34
- Initialize allowed_schemes_ since it is used by CreateDefaultResponse.
- Issue was detected by Coverity.
Change-Id: I368c4773f6316b65196aaa39e23e70717299c570
Adds a new `cas` directory to the ports/linux project. This contains
an end-to-end demo of OEMCrypto CAS functionality, using the Linux
tee_simulator as a base.
Test: from ports/linux/cas dir: `CDM_DIR=~/work/cdm-dupe ./scripts/build.sh && CDM_DIR=~/work/cdm-dupe ./scripts/run.sh`
Merged from https://widevine-internal-review.googlesource.com/178250
Change-Id: I781b403100ad2e069d99650d9ddae8e7acbc309a
Expected flow, which begins with a device that has already been
provisioned with Prov 4 stage 1:
1. OEMCrypto_InstallOEMPrivateKey()
2. OEMCrypto_GenerateCertificateKeyPair() -> wrapped_csr_priv
3. OEMCrypto_LoadDRMPrivateKey(wrapped_csr_priv)
4. OEMCrypto_PrepAndSignProvisioningRequest() to create a Prov 4
provisioning request message type with a CAST request in the
message body
5. Server sends a Prov 2 response. Server side derivation uses CSR keys
to derive session key, mac keys, and encryption keys.
6. OEMCrypto_DeriveKeysFromSessionKey(), same derivation as server side
7. OEMCrypto_LoadProvisioning(), use derived keys to verify + decrypt
The OEMCrypto_LoadDRMPrivateKey() step can happen before or after the
PrepAndSignProvisioningRequest() call.
Test: tests fail
Bug: 259452440
Merged from https://widevine-internal-review.googlesource.com/172310
Change-Id: Id5e6737b187339ec93e3d0d03c28e2b379d60747
No-Typo-Check: From a third party header file
Bug: 260918793
Test: unit tests
Test: atp v2/widevine-eng/drm_compliance
Change-Id: I36effd6a10a99bdb2399ab1f4a0fad026d607c70
[ Merge of http://go/wvgerrit/149849 ]
With ECC based DRM cert, the session key is expected to be 32, as
compared to 16 bytes in RSA case. This CL adds supports for 32 bytes
session key.
Bug: 236317198
Test: oemcrypto_test
Change-Id: I657fdd92d17736a23375ddcd457f83efa6ca6d1f
This is a merge from:
https://widevine-internal-review.googlesource.com/c/cdm/+/152897
and http://go/wvgerrit/153709
Adding a new OEMCrypto unit test will allow partners to correct a
problem earlier in their integration.
Verifies current oemcrypto implementation handles clear KCB in a
mocked 16.4 license response.
Unit test release date updated to 2022-06-17.
Test: run_x86_64_tests; opk_ta
Bug: 235870170
Bug: 234645065
Change-Id: I59fef2c25f5c007624447d4f46147d96adeddad9
[ Merge of http://go/wvgerrit/147275 ]
Swapped out use of OpenSSL/BoringSSL RSA and EC_KEY to use OEMCrypto
reference utility classes RsaPublicKey/EccPublicKey. This enables
further test development with ECC keys, and removes duplicate OpenSSL/
BoringSSL code.
For Android makefiles, only the minimally required files have been
added.
Bug: 205902021
Bug: 236317198
Test: run_prov30_test run_prov40_test oemcrypto_test
Change-Id: I64491018e8ffb69bf986083e3aae446eb9e5cf39
(This is a merge of http://go/wvgerrit/139630.)
This patch fixes a few places that were using NULL or 0 instead of
nullptr.
Bug: 207702482
Test: x86-64 build
Change-Id: I10e19febebd093fe4445208a082216002d9a4482
(This is a merge from the Widevine Repo of http://go/wvgerrit/134310.)
This patch fixes code that would trigger -Wshorten-64-to-32 by
implicitly narrowing a variable from 64 to 32 bits. Most of the time, it
does this by making the implicit conversion explicit. The cause of most
of these is that OpenSSL uses "int" for the length of things rather than
size_t. (While BoringSSL sometimes uses int and sometimes uses size_t.)
One exception is LogBoringSSLError(). We have a couple copies of this
function around, and they varied slightly. This patch brings them all
in-line, which conveniently also removes any code in them that would
deal with integer variables.
GetRandBytes() now takes a size_t and downcasts to BoringSSL's native
int internally, so that callers can pass in a size_t value as they would
expect.
There's also an interesting case in oec_session_util.cpp. Because
BoringSSL and OpenSSL disagree about the width of an error code, we have
to use the "auto" type for a temporary variable that holds an error, in
order to retain compatibility with both.
Bug: 194971260
Test: x86-64
Test: x86-64-openssl
Change-Id: I88bc62b4cda396f8a1eabd1a3cb7d1b03f47a33f
(This change is merged from http://go/wvgerrit/124825)
The OEMCrypto tests have tests that verify that entitled keys can be
loaded but not that they can be successfully used for decrypt. This
patch adds a decrypt portion to the existing tests.
As part of this, the existing Session::EncryptCTR() method and portions
of Session::TestDecryptCTR() are lifted to be static functions so they
can be shared across unrelated classes in oec_session_util.cpp.
EncryptCTR() had no dependence on its enclosing class and is unchanged
other than being moved outside the class.
To reduce ambiguity with the new decrypt verification, this patch also
renames EntitledMessage::VerifyEntitlementTestKeys() to the
more-specific EntitledMessage::VerifyKCBs(). Its behavior is unchanged.
Bug: 186782279
Test: x86-64 platform
Test: opk_ta platform
Test: build_and_run_all_unit_tests
Change-Id: I15156882907b0987215087aaf43b4666fedc171a
Merge from Widevine repo of http://go/wvgerrit/121950
Remove term "Master" from "Widevine Master License Agreement".
Bug: 168562298
Change-Id: I655babf1bc447f4872f6a0f849107262be42df7a
Merge from Widevine repo of http://go/wvgerrit/121886
This CL merges some changes from branch rvc-dev to sc-dev
that prepared it for merge.
One change is that the unit tests now say they are part of
Android S instead of R.
Bug: 180546871
Change-Id: I2ebbd8f7b8586389ebb75f3743a2dc2ad8caa214
This is a cherry pick of recent changes to OEMCrypto and ODK. Most of
these are part of the document migration to doxygen.
See http://go/wvgerrit/106005 and its parents for code reviews.
Bug: 144715340
Bug: 148232693
Bug: 167580674
Change-Id: I658f99c8117b974faed97322d61fac0f382283af
Merge from Widevine repo of http://go/wvgerrit/100964
The previous nonce-free test used the same session to generate the
request as to load the license. However, it is a realistic use case to
have a new session used for loading the license.
The use case relates to a pre-loaded, shared license.
Test: Ran unit tests on taimen and on v16 ref implementation
Bug: 156853321
Change-Id: Ibc07744a16edcd3952d88d73660a75d0c3e8eeb8
Merge from Widevine repo of http://go/wvgerrit/96508
This adds a unit test for to verify that a preloaded license may be
loaded into OEMCrypto. A preloaded license is a license that does not
have a nonce, and for which there is no license request. This is used
in CAS and ATSC.
I also updated the test version string to
OEMCrypto unit tests for API 16.2. Tests last updated 2020-03-27
Bug: 144105097
Test: ran oemcrypto unit tests on taimen and with v16 modmock.
Change-Id: I6a4926917f36a084d15defa7b908d067612c4dcf
Merge from Widevine repo of http://go/wvgerrit/96163
This CL just addresses some review comments from the big merge to
master. The header OEMCryptoCENC.h is now synced with the
document http://go/oemcrypto.
Test: unit tests
Bug: 148907684
Change-Id: Ic825126e0dd3d7e86eefab2c51b4abb5d57fb568
Merge from Widevine repo of two CLs.
Merge from Widevine repo of http://go/wvgerrit/94743
A license release should not have a core message. This CL adjusts the
existing unit tests to verify this. There is also a new unit test called
SecureStop that explicitly tests sending a secure stop in a new
session without first loading the license.
Merge from Widevine repo of http://go/wvgerrit/94865
This CL has the following changes copied from google3:
http://cr/298871728 Remove odk_static_assert for Message size temporarily
http://cr/298755935 Fix a compiling error during macro expansion
http://cr/298481745 Add missing header for android
http://cr/298448142 Fix odk_test gyp file
http://cr/298419641 Remove header from Android.bp
http://cr/298402053 Separate sizeOf(args) bytes in fuzz tests
http://cr/297730316 No core messages for license release
http://cr/297714346 Add copybara_test and piper_sot_to_gerrit
http://cr/297636713 Adding some comments around boolean conversion code
http://cr/297420679 Autofuzzer when ran with address sanitizer ...
http://cr/296513584 Minor fix with fuzzing odk clock values
http://cr/296322024 Fixing errors in code with how request ...
http://cr/296313159 Fuzzing ODK clock values by setting aside ...
http://cr/295763207 Add more odk tests and move helper functions to test helper
http://cr/294524098 Adding a Build Rule for ODK_KDO_Fuzzer and updating
http://cr/294492213 Address a few review comments of ODK
http://cr/293674368 odk_fuzz: add TODOs & comments
http://cr/293492806 Fix spelling
Bug: 150243585
Bug: 150020278
Bug: 150095506
Bug: 147297226
Bug: 148290294
Bug: 148907684
Bug: 150608451
Test: unit tests
Change-Id: I25fd406f29f4eba40f5cb27e9a1317dce4ffc2f5
Merge from Widevine repo of http://go/wvgerrit/93404
This is the unit tests, reference code, and documentation for
OEMCrypto v16.2. Backwards compatibility should work for a v15
OEMCrypto.
Some review comments will be addressed in future CLs.
Bug: 141247171
Test: Unit tests
Test: Media GTS tests on bonito
Change-Id: I9d427c07580e180c0a4cfdc4a68f538d351c0ddd
Merge of http://go/wvgerrit/93404
This CL updates the Widevine CDM to support OEMCrypto v16.1
Test: Tested in 16.2 CL
Bug: 141247171
Change-Id: I69bd993500f6fb63bf6010c8b0250dc7acc3d71b
Merge from Widevine repo of http://go/wvgerrit/77609
For v15.2 we require that nonces not collide across sessions and there are
restrictions placed on the mac key's IV in LoadKeys.
Test: ran unit tests on reference code
Bug: 131325434
Bug: 131326334
Change-Id: I1bb01c30d8c15d66d762c28b57d7700c44daa835
Merge from master branch of Widevine repo of http://go/wvgerrit/66073
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64083
As part of the update to v15, LoadKeys, RefreshKeys, and
LoadEntitledContentKeys should all use offsets and lengths into the
message rather than a pointer for its parameters. The CDM, tests,
adapters, and OEMCrypto implementations are changed to reflect this.
Test: tested as part of http://go/ag/5501993
Bug: 115874964
Change-Id: I981fa322dec7c565066fd163ca5775dbff71fccf
Merge from master branch of Widevine repo of http://go/wvgerrit/66072
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63764
This adds the function OEMCrypto_ResourceRatingTier to the oemcrypto referenece
code, dynamic adapter, and unit tests.
Bug: 117110800
Test: tested as part of http://go/ag/5501993
Change-Id: Idf47af405f0c69601108b75c788a97b30abdb39d
Merge from master branch of Widevine repo of http://go/wvgerrit/66066
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63628
The error code OEMCrypto_KEY_NOT_LOADED is redundant with
OEMCrypto_ERROR_NO_CONTENT_KEY and OEMCrypto_KEY_NOT_ENTITLED. The
function LoadEntitledContentKey should return KEY_NOT_ENTITLED if it
does not find the corresponding entitlement key in its key table. All
other functions that do not find a key id in the key table should
return OEMCrypto_ERROR_NO_CONTENT_KEY. This includes QueryKeyControl,
SelectKey, and RefreshKeys.
Test: unit tests
Test: tested as part of http://go/ag/5501993
Bug: 115574797
Change-Id: Ida2111f32e331b99f3f0c77fa404a42654d0870c
Merge from Widevine repo of http://go/wvgerrit/46204
Refactor utility code - split the mock, step 1
Merge from Widevine repo of http://go/wvgerrit/46205
Move some OEMCrypto types to common header - split the mock, step 2
Merge from Widevine repo of http://go/wvgerrit/46206
Split mock into two -- step 3
Merge from Widevine repo of http://go/wvgerrit/47460
Split the mock into two -- step 3.5
The CL moves several files used by oemcrypto and cdm into a common
subdirectory, so that it may more easily be shared with partners.
The CORE_DISALLOW_COPY_AND_ASSIGN macro was moved to its own header in
the util/include directory.
This CL removes some references to the mock from other code, and puts
some constants and types, such as the definition of the keybox, into a
header in oemcrypto.
Test: tested as part of http://go/ag/4674759
bug: 76393338
Change-Id: I75b4bde7062ed8ee572c97ebc2f4da018f4be0c9
Merge from Widevine repo of http://go/wvgerrit/58440
This CL modifies the oemcrypto test TwoHundredEntries so that it
attempts to create more than 200 entries. A device is allowed to fail
when such an attempt is made, but it must return an insufficient
resources error.
The test then verifies that each of the entries that were succesfully
created can be used to reload its license and the keys can be used for
decryption.
It then shrinks the usage table header, and verifies that the
remaining licenses can still be used for decryption.
bug: 112486006
test: unit tests (test code only)
Change-Id: I6e6edfb00f0553724e0f99fb4e5ea5c817450937
Merge from Widevine repo of http://go/wvgerrit/49805
This aligns the oemcrypto reference code and unit tests to match the
API design doc: http://go/oemcrypto
bug: 79375509
test: unit tests pass
Change-Id: I13761a7384a17e99d88e61aaf80b4a22941fd172
Merge from http://go/wvgerrit/47640
Test: unit/integration tests
Bug: b/62058202
The usage table keeps track of license duration by using the current
system time. However, if a user were to rollback the time, they can
effectively continue offline playback indefinitely. This changes the way
we compute time by computing offsets by which the user rollbacked the
time and adding it to the current time. This change also includes a test
to verify protection against rollback for usage entries that is only run
when the user is root.
Change-Id: I97c430e1443747b0f9759ae5390b8f5d06bdebf1
Merge from Widevine repo of http://go/wvgerrit/47860
This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.
bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
Merge from Widevine repo of http://go/wvgerrit/43721
This CL allows the tester to change the nonce flood rate from the
default of 20. A tester would want this value to be larger to make
tests run more quickly.
Setting the rate to 1 makes every other nonce request a flood error.
A tester wants to do this in order to verify cdm code responds to
nonce flood correctly. Several failing oemcrypto tests have also been
corrected.
This CL changes test code only.
bug: 73607610
test: unit tests
Change-Id: I3f52ff7ea9bcc1db7bc0e010da0b64a12d3b4dd3
Merge from Widevine repo of http://go/wvgerrit/42402
This changes the AES key size back to 128 for keys that are not
entitlment keys.
bug: 72904259
test: unit tests
Change-Id: I07cc56050cafb82c65b67c56df3f18d375047eb8
Merge from Widevine repo of http://go/wvgerrit/41662
This CL updates oemcrypto unit tests to use the new test keybox.
bug: 69552641 Update OEMCrypto_LoadTestKeybox
test: Unit tests compile and run -- many tests won't pass until merged
with vendor code
Change-Id: I73bdca3958b2c985d4c61801aa95807a2e6d4299
This CL adds entitlement license features and moves cipher mode from
LoadKeys to SelectKeys.
Merge from Widevine repo of http://go/wvgerrit/41660
bug: 70334840 Entitlement License - cdm layer
bug: 70334345 Entitlement License - reference code and unit tests
test: Entitlement license unit tests pass.
Change-Id: Ic7d7f42c15e6d83ef7fcfd8a866c778adc4c8095
These are a set of CLs merged from the wv cdm repo to the android repo.
* Correct error logging
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/40000 ]
In tests, we set the cipher list to avoid using insecure
ciphers when connecting to the provisioning/license service.
The result of setting the cipher list was being incorrectly
validated.
Bug: 64847919
* Move mips cache headers to clear_cache_function.h
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39700 ]
Since the clear_cache function has been moved away from the dynamic
adapter, we need these conditional includes to be migrated as well for
MIPS.
* Comment out Level 3 debug call until merge
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39761 ]
This call was introduced in go/wvgerrit/34260/. Since the haystack tool
in google3 still needs this merge, this should be commented out so the
tool can still build until the merge has finished.
* Add logging for MAC keys to mock
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39740 ]
Bug: 70637842
* Move external interfaces into level3.h + refactor
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39673 ]
As part of b/70523618, this CL moves interfaces that partners are
responsible for in Level 3 to level3.h so they can be visible as
part of the CDM release process. It also cleans up some of the
names of the files and adds documentation.
* Corrected close session logging level
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39676 ]
Bug: 69460963
* Remove Security Level Path Backward Compatibility Support
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39505 ]
From the android K release onwards certificates were stored in
security level specific directories. If upgrading from
previous releases persistent information needed to be moved
to those directories.
Since no device is likely to upgrade from J to Pi, comptibility
support can be removed.
Bug: 70160032
* Rename privacy_crypto_openssl To privacy_crypto_boringssl
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37122 ]
Now that we no longer support OpenSSL in the Shared Source CDM, the name
of this file can be updated.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Remove Conditional Compilation from OpenSSL/BoringSSL
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/39460 ]
This change removes the usages of conditional compilation to support
both BoringSSL and OpenSSL, as well as to support multiple versions of
the OpenSSL API. All code is now compiled against one of the two
versions of BoringSSL in third_party/.
Note that in some cases, the kit/ and legacy_kit/ versions of BoringSSL
had different APIs, so when removing the OpenSSL version compatibility
conditional compilation, sometimes the older branch was kept and
sometimes the newer branch was kept.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Build CE & Jenkins CDMs With BoringSSL from third_party/
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37120 ]
Up until now, integrators have been responsible for providing a
compatible crypto library for use by the CE CDM. (either OpenSSL or
BoringSSL) After this change, this decision will no longer be in their
hands. The CE CDM build will always use the copy of BoringSSL in
third_party/, which will be statically linked with our library with
hidden visibility. This allows us to better control what crypto library
we use and will prevent continuing problems with trying to support both
OpenSSL and BoringSSL.
Unfortunately, BoringSSL began using C++11 in mid-2017, and we can't
support C++11 right now. Until we can, we need to use a C++11-free
version of BoringSSL for libssl. The CDM itself will continue to use a
recent BoringSSL, as it only needs libcrypto. But the unit tests that
need libssl have to use the legacy version.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Modified RNG for Level3 to use more entropy
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39220 ]
Bug: 65165076
Modified seed generation to use an xor of clock_gettime and
client-implemented code to supply random seeds to the RNG. Modified the RNG
as well to use xoroshiro128+ instead of xorshift, since it uses more
than one seed/state (which are 64-bit) and has higher "statistical quality".
The default implementations for the seed generation use /dev/urandom.
* Configure base path for Level3FileSystem
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39506 ]
This is in response to b/70354006. This change makes the
Android Level3FileSystem use the existing properties method
GetDevicesFilesBasePath for binderization. The same is done for the
Linux implementation.
* Add legacy_kit/ to BoringSSL Directory
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38861 ]
This adds a second copy of BoringSSL to the third_party/boringssl/
directory. This second copy is pinned to the last revision of BoringSSL
not to require C++11 and is not updated by the UPDATE_BORINGSSL.sh
script. This second copy will be used to provide libssl to the tests on
devices that do not support C++11.
Once we support C++11 in the CDM again, this weight should be removed
and all targets should use the copy of BoringSSL in the kit/ directory.
Bug: 67907873
* Use Shared Libraries for Unit Tests
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38860 ]
Some unit tests were using a statically-linked CDM instead of a
dynamically-linked one. (Or, in one case, trying to link both ways into
the same binary.) For now, we need to only link dynamically, so that the
unit tests and the CDM can use different versions of BoringSSL.
Long-term, we would like to test both kinds of linkage. (See b/69548115
for that.)
Some unit tests were also using a dynamicaly-linked CDM that was named
such that it appeared to be statically-linked. This patch renames some
targets to make the linkage clearer.
Bug: 67907873
* Change CDM_Backwards_Compatiblity_Tests to dedicated brances
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/39003 ]
The build scripts used by CDM_Backwards_Compatiblity_Tests now pull
old versions of oemcrypto from the dedicated branches oemcrypto-v*,
which [will eventually] contain old oemcrypto versions, that build
with the current build system with a current boringssl version.
bug: 67907873
* Fix spacing on level3 header
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/38760 ]
* Correct Query status calls
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38640 ]
Bug: 70160032
* Refactoring to allow encryption of client ID
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37460 ]
The code has been restructured to allow encryption of client
identification in provisioning requests. This will be enabled
when server side changes have been made (b/69427217).
* Additional information is included in the Client Identification
portion of the provisioning request.
* Client identification will be encrypted with a service
certificate provided by the app/client. Platform changes
to enable passing this to core are needed. If a service certificate
is not provided, a default one associated with the production Keysmith
will be used.
* Switched APIs in CdmEngine to take a service certificate for
provisioning rather than licensing. Service certificates for
licensing are session based and passed as properties from platform
code.
Bug: 30737060
* Allow some CDM errors to be reported from multiple locations
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38360 ]
This creates some CdmResponseType errors which may be reused
PARAMETER_NULL, NOT_INITIALIZED_ERROR, REINIT_ERROR.
I have made changes to a few classes to report these errors.
Will work on additional classes in a separate CL.
Bug: 69864404
BUG: 71650075
Test: WV Unit/integration tests
Change-Id: Icc048770d424ac537d11ff327cda2cb142da802d
These are a set of CLs merged from the wv cdm repo to the android repo.
* Add CDM status return for decrypt blocked by HDCP.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28062 ]
New status code is kKeyUsageBlockedByPolicy. It is returned by the decrypt()
call instead of kDecryptError or kNoKey.
Also shuffled the CDM status returns to define the EME-aligned codes
first, and added comments to highlight the differences in handling.
BUG: 37540672
* Change division and mod ops to relocatables
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/28600 ]
This is similar to I2dad1028acf295288cd10817a2bcff2513c053c9.
We should be using the relocatable functions instead of the
native division and mod operations.
* Cleanup Encrypted ClientID in provisioning request
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28083 ]
b/36897239
Staging server does not support it (or the client is not constructing
it properly). Leave it disabled pending investigation.
* Certificate Provisioning fixes.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28066 ]
Partial fix for BUG: 37482676
Partial fix for BUG: 37481392
Update service certificates, get rid of DEV/QA root certificate.
Provisioning request and response are base64 (web-safe) encoded.
Response is optionally JSON-wrapped.
Change ConfigTestEnv; clearer comments and a closer match to reality.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I79d3c4bf1124e5e0d3e4d40baead65a8266ea874
Below are a set of CLs being merged from the wv cdm repo to the android repo.
* Fix handling of OEM Cert public key.
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/27921 ]
This is a potential fix for b/36656190. Set aside public
key on first call to get the public key, and use it afterwards.
This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(),
which has side-effect of staging the OEM private key.
This also fixes a problem where the public cert string was
not being trimmed to match the size returned by
OEMCrypto_GetOEMPublicCertificate().
* Complete provisioning request/response for Provisioning 3.0
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Fix bug on provisioning request path where GenerateDerivedKeys()
was being called when preparing to generate the signature.
Add message signature verification, and call correct OEMCrypto
routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30).
* Implement Cdm::deleteAllUsageRecords()
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Delete all usage records for current origin. Removes usage
records from file system and retains the PSTs. The deletes
any usage entries matching those PSTs held by OEMCrypto.
BUG: 35319024
* Remove stringencoders library from third_party.
Author: Jacob Trimble <modmaker@google.com>
[ Merge of http://go/wvgerrit/27585 ]
We have a fork of the stringencoders library that we use for base64
encoding. This reimplements base64 encoding to remove the extra
dependency and to reduce the amount of code.
* Add Cdm::deleteUsageRecord() based on key_set_id.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27605 ]
Delete specified usage record from file system usage info and
from OEMCrypto.
BUG: 35319024
* Modifiable OEMCrypto
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/24729 ]
This CL adds a new variant of the OEMCrypto mock code that adjusts its
behavior based on a configuration file. This is intended for
testing.
For example, a tester can set current_hdcp to 2 in the options.txt
file, push it to the device, and verify that a license is granted for
HDCP 2.0. Then the tester can edit the value of current_hdcp to 1 and
push the file to the device. Playback should stop because the license
is no longer valid.
This variant uses a real level 1 liboemcrypto.so to push data to a
secure buffer. That means we can test playback for a license that
requires secure buffers on an Android device with real secure buffers.
BUG: 35141278
BUG: 37353534
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I58443c510919e992bb455192e70373490a00e2b6
Merge from Widevine repo of http://go/wvgerrit/27461
In order to sign a license release message, the mac keys from the
usage entry should be used whenever keys have not been loaded.
This CL updates the reference code, the unit tests, and the level 3
oemcrypto.
b/38203566
Test: unit tests passing on bullhead.
Change-Id: Ic71fee4b4b7b45801548ab80fbbbf8f4ccab3e6e
