[ Merge of http://go/wvgerrit/119230 ]
This patch adds an annotation to the one place in the codebase where we
intentionally fall through between switch statement cases, in order to
appease stricter compilers.
Bug: 182058081
Test: compile, WV unit/integration tests
Change-Id: I004a6a6e61681fcf22c6bf25d9b0284b8b64e776
[ Merge of http://go/wvgerrit/119564 ]
This closes a crypto session when the provisioning request fails. We
cannot be as eager when handling the response as the app may have
multiple simultaneous provisioning attempts in flight. In this case
all provisioning responses except the one associated with the last
request will fail. If we close the session on error, even the one
associated with the last request may fail.
Bug: 180986725
Test: WV unit/integration tests
Change-Id: Ic3d33a374e442b5bf040e345bed829d91c4ef1dc
[ Merge of http://go/wvgerrit/119563 ]
This also increases the max log size from 1024 to 5120
Bug: 181642154
Test: WV unit/integration tests
Change-Id: Ifae90354dad1165f4d9fa3c9fe33a4dc14df1270
[ Merge of http://go/wvgerrit/118563 ]
Sync with the latest version of drm_certificate.proto to add in
certificate expiry time. Add in signed_drm_certificate.proto and remove
messages from device_certificate.proto.
SignedDrmDeviceCertificate and DrmDeviceCertificate are now named
SignedDrmCertificate and DrmCertificate. This necessitated non-proto
changes.
Bug: 169740403
Test: WV unit/integration tests
Change-Id: Ie5969ac7217a25eb075a41df59b77da2becd4545
The sc-dev branch on Android is out of sync with several important
changes on the CDM master branch. This changes copies several CLs.
[ Merge of http://go/wvgerrit/104524 ]
OEMCrypto unittest: generic crypto APIs
Add unit tests to verify that generic crypto APIs do not crash for large
input buffer lengths and signature lengths.
[ Merge of http://go/wvgerrit/106583 ]
Fix secure buffer tests in OEMCrypto testbed
The secure buffers were not being used correctly in the testbed, and
were failing OEMCryptoMemoryCopyBufferForHugeBufferLengths.
[ Merge of http://go/wvgerrit/109603 ]
Reject block_offsets of 16 or greater in OEC Ref
This is a potential security hole. We will be enforcing that OEMCrypto
rejects this in an upcoming test, so the Ref must be updated to reject
it.
[ Merge of http://go/wvgerrit/110165 ]
Fix Format String Signedness
See above for full description.
[ Merge of http://go/wvgerrit/111784 ]
Fix heap overflow test in L3 and OEMCrypto ref
Check the length of wrapped_rsa_key_length before casting to
WrappedRSAKey struct.
[ Merge of http://go/wvgerrit/113563 ]
Reword "blacklisted" to "forbidden"
[ Merge of http://go/wvgerrit/113583 ]
Use error code from RAND_bytes
The return code from RAND_bytes was not used correctly.
[ Merge of http://go/wvgerrit/113644 ]
Check for buffer overflow when computing subsample size
The test DecryptCENCForNumBytesClearPlusEncryptedOverflowsSize
cleverly picks num_bytes_clear + num_bytes_encrypted = 1 after integer
overflow. This is in the refernce code, level 3, and odkitee.
[ Merge of http://go/wvgerrit/113683 ]
OEMCrypto reference code: respect analog flags for clear buffers
The reference code should honor the analog_display_active flag for
both clear and secure buffers.
[ Merge of http://go/wvgerrit/114883 ]
Add size check for IV in OEMCrypto APIs
IV is supposed to be 16 bytes but the size is never checked before iv
gets used in LoadProvisioning.
Bug: 145026457
Bug: 147569428
Bug: 159847851
Bug: 162372059
Bug: 169278035
Bug: 169980065
Bug: 173460694
Bug: 173994023
Bug: 174523584
Bug: 175001473
Bug: 175041667
Test: No compiled files changed
Change-Id: If0ccd1cd3a56f72eedd2a6cb202a34bc7b43ca0d
[ Merge of http://go/wvgerrit/115549 ]
Our WV CRC-32 implementation is for CRC-32/MPEG-2 (rather than the
documented CRC-32-IEEE). The OEMCrypto document has been updated to
reflect the reference implementation.
Test: oemcrypto_partner_tests
Bug: 135283522
Change-Id: Iea8fc4ec500aec96bdb27102c51dfcca77d7bffb
[ Merge of http://go/wvgerrit/115548 ]
Create a small set of unittests to verify the functionality of OEM
Certificate.
This adds a test OEM Public Certificate and OEM Private Key.
Bug: 135283522
Test: oemcrypto_unittests
Change-Id: Iaa634543d9cb5005d91f1e7c528bf05b2b0c4d68
[ Merge of http://go/wvgerrit/115547 ]
The functionality of OEM Certificates are being abstracted away. This
is to help with the integration of ECC-based DRM certificates and in
preparation for ECC-based OEM Certificates.
Summary of OEM Certificate functionality:
- Parsing OEM Public Certs (PKCS7 signedData)
- Parsing OEM Private Key (PKCS8 PrivateKey)
- Public cert getter
- Implements most of OEMCrypto_GetOEMPublicCertificate()
- Certificate validation
- Implements most of OEMCrypto_IsKeyboxOrOEMCertValid() for OEM
Certificates
- Checking public-private key pairing
Bug: 135283522
Test: Future CL
Change-Id: Ib9580bd83641865c53dd829ff09b142bf111768c
[ Merge of http://go/wvgerrit/115546 ]
Included a set of unittests for RSA keys which ensure client-server
RSA operations work as expected.
Bug: 135283522
Test: oemcrypto_unittests
Change-Id: I8363a82403d0780f3074a05c64c804e700c2b779
This is a squash of several different CLs with chnages only affecting
duration_use_case_test.cpp
* Integration test for license duration with renewal
[ Merge of http://go/wvgerrit/117263 ]
Bug: 180067457
* Add test for infinite renewal
[ Merge of http://go/wvgerrit/107743 ]
This adds a test that verifies an infinite renewal is processed
correctly.
Bug: 162516965
Bug: 170355696
Bug: 169213621
Bug: 166728158
* Add more time to CdmUseCase_Streaming test
[ Merge of http://go/wvgerrit/114146 and http://go/wvgerrit/114147 ]
The duration tests CdmUseCase_Streaming.Case3 was flaky on the
buildbot for platforms with a real clock because there was only room
for 1 second of fudge at the end of playback -- i.e. the rental window
ended at 35s, but the last playback was 34s.
Bug: 175741647
* Set renewal server on command line for tests
[ Merge of http://go/wvgerrit/110903 ]
This CL adds the ability to set the renewal server on the command
line, and adds some comments to the build scripts' README file to
explain how to test a server rollout.
Bug: 173031207
* Change duration test fudge from 1 to 2
[ Merge of http://go/wvgerrit/112143 ]
Some duration tests are flakey. Let's see if this cleans them up
enough.
Bug: 175741647
* Correct some grammar
[ Merged from http://go/wvgerrit/111824 and http://go/wvgerrit/112063 ]
* Add license duration test
[ Merge of http://go/wvgerrit/109143 ]
This adds a license duration test that behaves the same as a rental
duration test. We do not encourage content providers to do this, but
it is reasonable that legacy licenses should work.
Bug: 172099147
* Shorten duration tests
[ Merge of http://go/wvgerrit/108664 ]
This CL tweaks some of the times in the duration use case tests so
that they take less time to run.
These changes the CdmUseCase test time from six and half hours to 3
and a quarter. A 50% savings!
Bug: 170746277
* Improve logging and edge cases in duration tests
[ Merge of http://go/wvgerrit/108663 ]
This cleans up some logging, and handles some edge cases on renewals
when the renewal request round trip overlaps the cutoff time.
Bug: 170746277
* Remove extra cutoff computations
[ Merge of http://go/wvgerrit/106783 ]
The duration tests originally tried to keep track of when the timer
would have gone off if the test was allowed to continue. This proved
impracticle, so the extra parameter has been removed. The tests still
closely match the documented use cases.
Bug: 169453960
* But not too lenient
[ Merge of http://go/wvgerrit/107943 ]
Previously, the duration tests were modified to allow playback to
continue in some cases. See the documentation or code for a list of
these cases. However, the tests had been modified to force playback to
continue in these cases.
This is not desired: in some cases, v15 devices can restrict playback
as requested. This CL changes the tests so that playback restriction
is allowed. In other words, we no longer force older devices to fail
the test.
Bug: 169255315
* Make some integration tests lenient
[ Merge of http://go/wvgerrit/106843 ]
This allows devices that have OEMCrypto version < v16 or do not
support usage tables to continue playback for an offline license after
the playback window has expired.
Bug: 169582310
Test: duration_use_case_test.cpp
* Add Renewal Use Case tests
[ Merge of http://go/wvgerrit/105826 and http://go/wvgerrit/103784 ]
This CL adds several integration tests that match the duration use
cases with renewals. The test classes are designed for the core cdm,
but the test cases match those found in
oemcrypto/odk/test/odk_timer_test.cpp.
Test: tests pass except for documented bugs.
Bug: 161463952
Change-Id: Ib4775d48490cf150b89aeb2cc64e01a1428f0ab5
This is a squash of several different CLs with changes only affecting
policy_integration_test.cpp
* An integration test for secure buffers
[ Merge of http://go/wvgerrit/113905 ]
This extends the previous CL that loads a license that has a key that
requires a secure buffer. It now creates a secure buffer and tries to
decrypt to it.
Bug: 38004627
* Test loading license requiring secure buffer
[ Merge of http://go/wvgerrit/113903 ]
This adds a policy test to verify we can load a license that requires
hardware secure buffers.
Bug: 38004627
Test: WV unit/integration tests
Change-Id: I1cc0b607ddf5b43fc6b7ba648f3c78d6163e14e9
Cherry pick from http://go/wvgerrit/102986, rvc-dev branch of
http://go/wvgerrit/105825, rvc-widevine-release of http://go/ag/12561661
Most of this CL was merged in http://go/ag/12967146 except this
correction of ordering in test listing.
Test: Ran the tests against v16 OEMCrypto. Some fail against v15.
Bug: 161463952
Change-Id: I3fa803a645c745dfce42ad15b5ceec9f28aab630
[ Merge of http://go/wvgerrit/117203 ]
clock_settime isn't available on iOS (even though settimeofday is). But
we can't change the system time on iOS anyway, so this just disallows
iOS.
Bug: 182058081
Test: WV unit/integration tests
Change-Id: I96e5b6634803bd4e6aaf5cc6d64f4441296247d4
[ Merge of http://go/wvgerrit/109144 ]
Because it doesn't help anybody when a buffer overflow test chokes the
logger.
Bug: 182058081
Test: Ran unit tests with verbose logging
Change-Id: Ibcb3379b9eb9bdd94a8959b977e8de32ea116859
[ Merge of http://go/wvgerrit/116243 ]
Currently if a command line argument is not understood, all tests are
skipped and the test suite passes.
Bug: 182058081
Test: WV unit/integration tests
Change-Id: I9725a9ed9446f15f08372e68c7a25dffd99c7cef
[ Merge of http://go/wvgerrit/110903 ]
This CL adds the ability to set the renewal server on the command
line, and adds some comments to the build scripts' README file to
explain how to test a server rollout.
Bug: 173031207
Test: WV unit/integration tests
Change-Id: Ibe71e77469c94601627fb85a1ad4654553d3eb1a
Change-Id: I7e9bfc873c78e26c0cece113dc8a3d08cd9163db
[ Merge of http://go/wvgerrit/117267 ]
This includes some clang-format corrections that were missed in the
original merge from wvgerrit.
Bug: 174174765
Test: WvCdmRequestLicenseTest.ProvisioningRevocationTest,
WV unit/integration tests
Change-Id: Ifd16ab51eb89530fa5e0b91acc42f30864246d38
[ Merge of http://go/wvgerrit/111903 ]
CDM metrics has been updated to include the DRM key type. The CDM
session records the key type when the wrapped DRM key is successfully
loaded into an OEMCrypto session.
Now that the API refers to a general DRM key rather than an RSA key,
the timer metric for loading the DRM key has been renamed on the client
to reflect this.
Test: Metric unit tests
Bug: 140813486
Change-Id: I9069f13ac7c979cc8556e08591e1cf8f623d0a84
(cherry picked from commit 47fc031576)
Merged-In: I9069f13ac7c979cc8556e08591e1cf8f623d0a84
[ Merge of http://go/wvgerrit/115545 ]
This change wraps the RSA key in a public and private key class that is
similar to how ECC keys are wrapped.
This new wrapper replaces deprecated OpenSSL/BoringSSL RSA signing and
signature verification API and uses the generic key digest context for
RSASSA-PSS signatures.
Bug: 135283522
Test: Future CL
Change-Id: Ifff649a3abcca127cc539f937c429c7da8acdcc6
[ Merge of http://go/wvgerrit/114284 ]
The unittests check that the ECC keys are being created as expected
and that they can perform their basic operations.
Bug: 135283522
Test: oemcrypto_unittests
Change-Id: I1bdb26421ba47e1ab135f5ce5a54da304627a7c3
[ Merge of http://go/wvgerrit/117787 ]
The CdmResponseType code CERT_PROVISIONING_RESPONSE_ERROR_9 was
created while the discussion of mapping the other codes to 1.4 HAL
codes. CERT_PROVISIONING_RESPONSE_ERROR_9 should be mapped to the HAL
code PROVISIONING_PARSE_ERROR.
Bug: 180579631
Change-Id: Iba51511bfea3139b3b0d9e3022be17375812b671
This commit is a combination of the following:
* http://go/wvgerrit/117003
* http://go/wvgerrit/118303
Bug: 162255728
Test: MediaDrmTest#testGetLogMessages
Change-Id: I5699b64d5c4bab463e5b587595fa7d324dc1d93f
[ Merge of http://go/wvgerrit/113750 ]
This introduces two classes EccPublicKey and EccPrivateKey which
perform all ECC-specific crypto operations. The main operations
required by ECC are:
- Load/serialize keys from/to X.509 DER formats
- Generate ECC signatures
- Verify ECC signatures
- Derive session keys used by other OEMCrypto operations
These new classes still need to be plugged into rest of the reference
OEMCrypto implementation.
Bug: 135283522
Test: Future CL
Change-Id: Id071cad9129f95a6eb08662322154ba7d1548d40
