This is a merge of http://go/wvgerrit/13752
Replace the mock's macro with a memcmp because that is
even cleaner.
Change-Id: Ie402689ca9e14a67736db7eea928204f067427ac
This is a merge of http://go/wvgerrit/13701 and http://go/wvgerrit/13780.
I added a new set of engine properties for the mock oemcrypto. This
set pretends to be level 1. This allows the widevine build bot to test
the dual security level path: a level 1 liboemcrypto.so and a fall
back to L3.
I also adjusted the failing test in oemcrypto_test.cpp. A correct fix
requires us to rewrite some of the oemcrypto mock code so that it
returns real error codes instead of just 'false' on error.
Change-Id: I9cdbfc23c87ad2fb6068eac1394ce4c5b6a32dae
This is a merge of http://go/wvgerrit/13693 in the Widevine
repository.
This adds level 3 and mock implementation and unit tests for the
OEMCrypto function OEMCrypto_ForceDeleteUsageEntry. It also plumbs
this function up into CdmEngine, CdmSession, and CryptoSession so that
deleting all usage information for a given app id will now delete the
entries in OEMCrypto, too.
b/18194071
Change-Id: Iaea4034a507b323878657215784edfe95876386a
This is a merge of http://go/wvgerrit/13710
The oemcrypto adapter loads a version 8, 9 or 10 library and adds
backwards compatibility for version 8 or 9.
The only function whose signature has changed from v9 to v10 is
OEMCrypto_GetHDCPCability. This CL adds backwards compatibility for
that function.
Level 3 libraries are now:
level3/arm/libwvlevel3.a Level3 Library Mar 17 2015 14:33:34
level3/x86/libwvlevel3.a Level3 Library Mar 17 2015 14:30:23
b/19785099 L1 Widevine missing/broken on master (Fugu)
b/19789909 L1 Widevine missing on master (AAY75B)
Change-Id: I9bd716f5cdffaf1bfbdfcd8ed067af3f5d0ac9ba
This is a merge of http://go/wvgerrit/13391 from the Widevine repository.
This CL adds the OEMCrypto version 10 API to the header, and changes
just enough code so that code still compiles. There are no unit tests
or implementation.
The level 3 libraries are just stubs so that tests will compile.
level3/arm/libwvlevel3.a Level3 Library Mar 11 2015 13:33:21
level3/x86/libwvlevel3.a Level3 Library Mar 11 2015 15:20:27
Change-Id: I41de753a2a60da29b756c3327341ece72069d8bb
* Replace an stlport static assert with a C++11 static_assert.
* Move some libraries that were being built with the NDK but
statically included into platform code off the NDK.
* Rebuild the obfuscated binaries to use the new STL.
* Remove MIPS support temporarily due to an inability to generate
obfuscated binaries for it. (To be fixed in b/19482469.)
Bug: 15193147
Change-Id: Icc166583b0c6af68550baf17ab8c33076a1179d3
This makefile will be linked to from the vendor/xts project,
and defines how to build the oemcrypto_unittest executable into
an xts compatible native test.
Bug: 18952052
Change-Id: I8158cad703b558b88070cc46dafcf109699ecc77
This project is still using stlport (without telling the build system
about it), which was causing (broken) stlport headers to override
libc++ headers, leading to a broken copy of std::enable_if, which in
turn caused <atomic> to fail to compile. Since this project has
prebuilts that will need to be updated before this project can
actually move away from stlport, tell the build system that it is
still using stlport for now.
Bug: 18433002
Change-Id: I38b356428977ed2184eb28a07bd5e7424a4ace8d
The OEMCrypto library should prevent too many nonces from occuring in
a row. Previously, we tested that GenerateNonce generated an error if
there were too many nonce requests.
This CL makes it possible for OEMCrypto to delay the return from
GenerateNonce if there are too many requests. This is an equally
valid solution to the nonce flood attack.
This is a unit test change only. No production code is affected.
This is a merge from the widevine repository of:
https://widevine-internal-review.googlesource.com/#/c/11604/
bug: 17630253
Change-Id: Ie97f712d70230cd8e7ea7089da0aa18039673bb4
This is a copy of
https://widevine-internal-review.googlesource.com/#/c/11110/
The level 3 oemcrypto library version of DeactivateUsageEntry now
returns OEMCrypto_ERROR_INVALID_CONTEXT if there is no entry in the
usage table.
Current Library Version:
arm: Level3 Library Sep 3 2014 18:13:47
b/17373630
Change-Id: Iaeb65b4ad4b2b9f3c6733a2c9c8d96e2be263d09
This is a copy of
https://widevine-internal-review.googlesource.com/#/c/11030
It is an error for the key control block to have a nonzero replay
control flag and a null pst. This CL adds unit tests to
oemcrypto_test to verify that oemcrypto checkes this. A unit test is
also added for verifying that an offline license has a valid nonce the
first time it is loaded.
It also updates the reference implementation (mock) to check that the
pst is not empty when the replay control flag is nonzero.
It also updates the level 3 implementation to check that the pst is
not empty when the replay control flag is nonzero.
This change is compiled into the arm library, but because of
compilation errors, is not included in x86 or mips.
Current Library Version:
arm: Level3 Library Aug 27 2014 18:42:40
bug: 16525204 OEMCrypto unit test for reloading offline license
bug: 16844305 Mock OEMCrypto does not catch null pst
Change-Id: Icdb090e80fc92522c187b26f30e5ba082f26363b
Copy of widevine change:
https://widevine-internal-review.googlesource.com/#/c/10911/
OEMCrypto_DeleteUsageTable used to return an error on every call
because UsageTable::Clear always returned false. Since there is no
error checking that Clear can do, its return type has been changed to
void, and DeleteUsageTable now returns OEMCrypto_SUCCESS for all
calls.
bug: 16799906
Change-Id: Iaa2f572e4b0feb554877579596a7f43a64d20954
Copy of widevine change:
https://widevine-internal-review.googlesource.com/#/c/10910/
This CL adds a leading 0 to integers in the RSA test key in
oemcrypt_test.cpp. Before this CL, versions of OEMCrypto that
correctly interpret the encoding were treating some large
integers as negative.
bug: 16876126
Change-Id: I1990fdb09509c15566d12d4cfcd055e9d200e08a
Because the OEMCrypto_PST_Report is sent as a signed block to the
server, it needs to be a fixed, platform independent, size. This CL
adds the packed attribute to the structure, which reduces its size
from 56 bytes to 48 bytes.
Copy of widevine change:
https://widevine-internal-review.googlesource.com/#/c/10321/
Library Versions:
libwvdrmengine/level3/x86/libwvlevel3.a Level3 Library May 30 2014 15:40:50
libwvdrmengine/level3/arm/libwvlevel3.a Level3 Library May 30 2014 15:39:04
bug: 15184821
Change-Id: I54db2c3bbc4e20ee0c19c33d6fd56f86f432e110
This is a copy of the widevine CL.
https://widevine-internal-review.googlesource.com/#/c/10174/
This CL adds the OEMCrypto v9 functionality to the level 3 haystack
version of OEMCrypto. Mostly, this is to support usage tables.
The code is feature complete, but the timing tests are a little flakey
-- I'm not sure if the problem is in the code or if the test has too
tight a tolerance.
Also, the storage of the generation number needs to be made more
secure.
Change-Id: I73fecf8934b6a46785f1f8b6f40b40ffe39b88de
This CL removes TODOs and email addresses from comments, unifies some
namespaces and cleans a few variable names. It is a copy of multiple
CLs on the widevine side.
Change-Id: I1bb649096476a5001a56d746427399de6a88ff69
This change is copied from the widevine CL:
https://widevine-internal-review.googlesource.com/#/c/10163/
Because the OEMCrypto_PST_Report is sent as a signed block to the
server, it needs to be a fixed, platform independent, size. This CL
adds the packed attribute to the structure, which reduces its size
from 56 bytes to 47 bytes.
Change-Id: I2bae058b7eb0ac54ba9fad355f3d85ddc2cd4a58
This is a copy of https://widevine-internal-review.googlesource.com/#/c/10040/
The message size was wrong on several OEMCrypto_RewrapDeviceRSAKey
unit tests. The function was supposed to fail in these tests.
However, a vendor found that they were failing with a different error
code because the buffer size was incorrect. Now the function should
fail with the correct error code, and the test should pass for the
vendor.
Change-Id: Iea27b489f9bc386241d9add4f99ccb50560dfef6
This is a copy of the Widevine CL:
https://widevine-internal-review.googlesource.com/#/c/9708/
This CL refactors some of code in oemcrypto/mock and oemcrypto/test in
preparation for adding usage table code.
Change-Id: I7e58c8ecd6d92b3e177cb915733212fcad645485
This is a copy of the Widevine CL:
https://widevine-internal-review.googlesource.com/#/c/9480/
This change is part of OEMCrypto API version 9.
This CL adds verification that a key control block which requires a
specific version of HDCP can be loaded. Also, if secure data path is
not set, it verifies that data is still decrypted.
This CL also adds test that verify DecryptCTR fails when the current
HDCP version is below that in the key control block. The expected
error is OEMCrypto_ERROR_INSUFFICIENT_HDCP. This error code is newly
introduced in this CL.
This is one attempt to clarify HDCP, as specified in b/13626021, and
is a slight modification from previous behavior for the mock and the
level 3 haystacked code.
This CL also tests the two valid verification codes "kctl"
and "kc09".
bug: 13626021
Change-Id: If380709d2306a3489470b29fb148a45b609b089d
This is a copy from the Widevine CDM repository:
https://widevine-internal-review.googlesource.com/#/c/9177/4
This CL modifies some unit tests to make sure that OEMCrypto returns
the correct error code when the key has expired. This behaviour is
required for OEMCrypto version 9.
It also updates the code for the reference implementation and the
Level 3 implementation.
This is half of b/9205119
The other half is for the CDM layer to respond to this error code.
bug: 9205119
Change-Id: I60f934886f4ecdd1ee04825dea289fda1c0a4303
This is a copy of the Widevine CDM change:
https://widevine-internal-review.googlesource.com/#/c/9337/
This CL provides some shim code that allows the Eureka
version 8 oemcrypto library to be linked and run with CDM.
As part of this change, obfuscated names in OEMCryptoCENC.h have been
changed.
Change-Id: I18a1f91f0dfde0006591f800f8f8a034f32d9004
From the Widevine CDM repository:
https://widevine-internal-review.googlesource.com/#/c/9182/
This CL adds a test to verify that at most 20 nonces may be created in
one second. This should prevent the replay attack that an
appplication could do by generating large quantities of nonces until
it finds a repeat.
I've also updated the Level 3 and reference implementations.
This feature is required for OEMCrypto version 9.
Change-Id: Ia86323133810fcbbd79d7bb27bd5a004d7c87314
From the Widevine CDM repository:
https://widevine-internal-review.googlesource.com/#/c/9183/
This adds unit tests for RSA signing with PKCS1 block type 1. It also
adds a reference implementation. This is part of OEMCrypto v9.
Change-Id: I2a40dbff65f6e09d75f16ae048499512f60c168d
From Widevine CL:
https://widevine-internal-review.googlesource.com/#/c/9184/
This is some shim code that will load either an OEMCrypto
version 8 or version 9 library. This should allow us
to test and run stable devices until all OEM's have
updated to version 9.
Android Level 3 library versions are:
level3/mips/libwvlevel3.a Level3 Library Feb 27 2014 18:18:34
level3/x86/libwvlevel3.a Level3 Library Feb 27 2014 18:22:14
level3/arm/libwvlevel3.a Level3 Library Feb 27 2014 12:31:29
Change-Id: I82911e3b4d9056cf3c3ab2b47194fe81ac2776d9
This CL contains working versions of the haystack tools and the
OEMCrypto Level 3 library for android ARM, MIPS and x86.
The version number of the level 3 library is:
android/level3/arm/libwvlevel3.a Level3 Library Nov 4 2013 18:39:06
android/level3/mips/libwvlevel3.a Level3 Library Nov 4 2013 18:42:29
android/level3/x86/libwvlevel3.a Level3 Library Nov 4 2013 18:41:07
bug: 9374954 MediaDrm haystack based L3 code hardening implementation.
Change-Id: Ifef13900a11e83e4257723d3c6fc7107550882a8
Merge of change https://widevine-internal-review.googlesource.com/7950.
In the OEMCrypto library, it is valid to call LoadKeys with an empty
mac key. The library should not update the mac and enc keys and
should not throw an error.
Since we have seen this behavior in several implementations, a unit
test should be added that verifies the correct behavior.
bug: 11032674
Change-Id: I011ba39c8abc47547226a722143e92dac3f63dc5
Swallows the error NEED_KEY if it comes back from AddKey(), as this
is expected behavior. (It means privacy mode is on and the key that
was just added was the privacy certificate, ergo the real decryption
key is still absent.) Note that this carefully does not squelch the
notification that comes from NEED_KEY, which is still necessary in
order for the app to make a second key request.
Also streamlines a test case that I noticed was overcomplicated for
what it did while poaching code from it for new test cases.
Also removes a .gyp file that was erroneously being copied to the
Android tree. Android does not use GYP.
Bug: 10495563
Change-Id: Ife3ff0270a0d09dac1b0eb0d84bddffd811e1eef
In order to run all disabled OEMCrypto unit tests with one gtest
filter, one of them needs to be renamed so it matches the others.
These tests are disabled by default because they install a test
keybox, which would be dangerous on a production device.
Merged from CDM change
https://widevine-internal-review.googlesource.com/7440
bug: 10508973
Change-Id: I9508b133c6500ec28ce8890a4af89f016344b842
