In `Combine Decrypt Calls to OEMCrypto`,
OEMCrypto_ERROR_BUFFER_TOO_LARGE is used as the default error code to
signal fallback to legacy decrypt (sending subsamples separately).
The error code would not be updated if no calls to OEMCrypto were
made (e.g. 0-length buffers).
This change resets error code to OEMCrypto_SUCCESS after fall back to
legacy decrypt. Consequently, buffers that do no require OEMCrypto
calls would return OEMCrypto_SUCCESS.
Merge of http://go/wvgerrit/96743
Bug: 150188155
Test: GtsMediaTestCases
Test: DashTest#testWidevineH264AdaptiveWithRendererDisabling
Change-Id: Ib23803c51f16bc809bda5c2720e628e81f1df1dc
Merge from Widevine repo of http://go/wvgerrit/96783
This CL updates the reference code, unit tests, and adapter to use the
new v16 function OEMCrypto_LoadDRMPrivateKey. This is just an API
change to allow ECC support in the future. The reference code does not
yet support ECC certificates, and the CDM code assumes that all
certificates have an RSA key.
Bug: 152558018
Test: unit tests on taimen and w/v16 mod mock.
Change-Id: I0793b416513b81b3d74849f0b58dbdc91f075ac6
[ Merge of http://go/wvgerrit/96514 ]
The combined decryption call feature was introduced in android R.
In earlier releases, subsamples were passed one at a time for
decryption within the plugin. A decryption request that consists
entirely of clear data should be passed on to OEMCrypto even if
no keys are loaded.
A sample might consist of subsamples of clear and protected data.
In legacy mode, this proved to be an issue for OEMCrypto if the clear
subsamples were passed on but the protected ones were rejected (b/110251447).
For legacy mode and in the absence of keys being loaded, the subsample will
be passed to OEMCrypto only if the clear lead/frame is in a single subsample
and not broken up across multiple subsamples.
Bug: 150316417
Test: WV android unit/integration tests
Change-Id: Iff8ae8f58530cb9c5d31ce388742443ae807c16f
(This is a merge of http://go/wvgerrit/96723.)
This syncs the document with the current version in Google Docs. Changes
since the last version:
* Specified that the Cobalt table only applies to First-Party Platforms
* Filled in gaps in Cobalt table
* Updated the Android R entry to reflect that some devices will stay on
v15
* Added further details on the contents of various OEMCrypto v16
versions
* Corrected Cobalt versions erroneously marked as Supported
* Updated copyright statement for 2020
* Reworded the header on the CE CDM section
* Corrected which CE CDM versions used OEMCrypto v8
* Put a section heading on the first table in the document to clarify
that it is not a table of contents nor a document version history
Bug: 151455443
Test: Verified PDF visually
Change-Id: I0a15f79a58a94cda178018373852582abb6c1463
Merge from Widevine repo of http://go/wvgerrit/96508
This adds a unit test for to verify that a preloaded license may be
loaded into OEMCrypto. A preloaded license is a license that does not
have a nonce, and for which there is no license request. This is used
in CAS and ATSC.
I also updated the test version string to
OEMCrypto unit tests for API 16.2. Tests last updated 2020-03-27
Bug: 144105097
Test: ran oemcrypto unit tests on taimen and with v16 modmock.
Change-Id: I6a4926917f36a084d15defa7b908d067612c4dcf
(This is a merge of http://go/wvgerrit/96226.)
This patch does a number of different things in order to re-enable the
CDM to use OpenSSL 1.1.0+ out of the box, instead of just BoringSSL:
* To support https://cryptography.io/, BoringSSL has reimplemented just
enough of the OpenSSL PKCS7 API that we can fulfill our purposes with
code that works on either library. This patch replaces code in
privacy_crypto_boringssl.cpp and oec_session_util.cpp that was only
compatible with BoringSSL with code that also works in OpenSSL.
* Replaces code in oec_session_util.cpp that used the deprecated OpenSSL
1.0.0 API with OpenSSL 1.1.0-compatible code. This code previously
worked on BoringSSL because they have not yet removed the OpenSSL
1.0.0 functions, even though they also implemented the 1.1.0 API.
* Replaces openssl/mem.h (which does not work in OpenSSL 1.1.0 and
higher) with openssl/crypto.h. (which works in all OpenSSL and
BoringSSL releases) This does not require any function code changes.
* The OID-comparison code in privacy_crypto_boringssl.cpp was using
BoringSSL-exclusive functions to convert OBJ-format OIDs to text.
Conversion functions that work on either library exist. However, the
new code uses a different technique instead, pre-converting the
passed-in OID to OBJ format. This allows it to be compared to the
certificate directly, avoiding converting every certificate extension
OID to text.
* Allows the selection of "openssl" as the privacy_crypto_impl and adds
a variable to configure OpenSSL. More will follow in future patches
as more configurations of OpenSSL are supported.
Bug: 140053043
Test: CE CDM Unit Tests
Test: CE CDM Unit Tests w/ the x86-64 Platform Reconfigured to OpenSSL
Test: Android Unit Tests
Change-Id: I57cebbbfb59e0bcab85b589b98fb9ffd18885415
Merge from Widevine repo of http://go/wvgerrit/95945
The reference oemcrypto and testbed still use old style pointers, even
though we now require a more modern C++ compiler. Updated a few places
where smart pointer would be appropriate.
Bug: 141393616
Test: Ran unit tests
Change-Id: I8b1e155bce241075928e373478d6f8e1001233f9
Merge from Widevine repo of http://go/wvgerrit/96163
This CL just addresses some review comments from the big merge to
master. The header OEMCryptoCENC.h is now synced with the
document http://go/oemcrypto.
Test: unit tests
Bug: 148907684
Change-Id: Ic825126e0dd3d7e86eefab2c51b4abb5d57fb568
[ Merge of http://go/wvgerrit/95405 ]
There are several OEMCrypto functions that do not require an open
session to be called. This change updates the OEMCrypto functions
related to the Usage Table Header.
Bug: 150888316
Test: Linux unit tests and Android build
Change-Id: Ic879876dd190fb3e058bbe8e0cce37273030b105
[ Merge of http://go/wvgerrit/95404 ]
There are three situtations where error codes from a usage table
operations were not being mapped to unique CDM response types. These
particular errors provide useful information for the CDM during table
defragging.
Also fixed misspelled error code.
Bug: 150890014
Bug: 150891685
Test: Linux unit tests and Android build
Change-Id: I683abdd5fc0871317eede960ea36cfafac7e7f49
Merge from Widevine repo of http://go/wvgerrit/95483
This adds a log message to the oemcrypto unit tests so that if
somebody sends us a log, we can tell which version they are
running.
With this CL, the version string is
OEMCrypto unit tests for API 16.2. Tests last updated 2020-03-18
This can be found in the logs and in stdout when running the unit test
OEMCryptoClientTest.VersionNumber. One can verify the executable on
android using
strings $OUT/data/nativetest/oemcrypto_test | grep -i "oemcrypto unit tests"
Test: ran oemcrypto_test and verified version string
Bug: 144713981
Change-Id: Ie10b2f270b783ed10a3ff9855b7ca32a5327ea1c
Transport errors usually happen when hidl client crashes in DRM event
handler.
Merged from http://go/wvgerrit/95963
Bug: 150204874
Test: artificial crashes in client DRM event listener
Change-Id: I8037374550357d003e302f2a25fbb2305ae5a5e7
Merge from Widevine repo of http://go/wvgerrit/95968
Un-initialized int array allocated on heap is detected by MemorySanitizer using this command:
rabbit test --config=msan --keep_going --compilation_mode=opt --runs_per_test=1 //video/widevine/export/common/oemcrypto_core_message/odk:odk_test
Bug: 151339875
Test: cdm and odk unit tests
Change-Id: Ic3329b918636a58eccb518ded7b262c4d98c3644
[ Merge of http://go/wvgerrit/95943 ]
The CDM version for android is now defined in a platform specific
header file. A check for version number match has been removed
from integration tests as it will always be true. We will still
get a notification to change the CDM version when the Android OS
version gets updated.
Bug: 151663718
Test: WV unit/integration tests
Change-Id: I96bac87186e30a709585514be7f338ad2209cdf6
Merge from Widevine repo of http://go/wvgerrit/95848
The production provisioning server supports v16 now. Time to go back
home.
Bug: 149720416
Test: unit tests w/v16 mod mock
Change-Id: Ie67165d7e30dd22c54a08626d50346c4aa57cb72
Merge of http://go/wvgerrit/95723
This is to remove the reference to net.hostname in
get_unique_id_android.cpp for L3. Keep ro.serialno, and just change the
net.hostname call to setting the constant string.
Bug: 130028203
Test: Ran unit tests
Change-Id: I90d955c117924c16c71f145dea53fe32644d2875
After succeeding openSessionCommon(), when the call to
getSecurityLevel() fails, the code calls closeSession()
and only clears the sessionId if closeSession() fails.
We should always clear sessionId in this case.
Also, make it clearer that the status returned by
getSecurityLevel() does not overwrite the value from
openSessionCommon().
Merged from http://go/wvgerrit/95845
Test: unit test
adb shell LD_LIBRARY_PATH="/vendor/lib64" /data/nativetest/libwvdrmdrmplugin_hidl_test
Bug: 151364587
Change-Id: I3a9106ffa44c654d3e072a0b0597398d410fc84f
Merge of http://go/wvgerrit/95666
Mostly fixing coding styles and a few vulnerability check.
Updating tests according to the fix.
Bug: 150614088
Bug: 150881959
Test: Ran cdm and odk unit tests
Change-Id: I109a96ee8ded089d59ab49c2f94b6833c932fd1e
[ Merge of http://go/wvgerrit/95784 ]
On unprovisioning, all persistent state/files are deleted. If a
provisioning session is opened soon after, |OEMCrypto_Terminate|
and |OEMCrypto_Initialize| will not be called. The (deleted) device
key will remain resident in memory and will not be regenerated until
|OEMCrypto_Initialize| is called. Any L3 licenses created will be
associated with a device key that does not exist, at least after
OEMCrypto is terminated.
By disabling delayed termination of OEMCrypto, OEMCrypto will be
terminated and initialized immediately on unprovisioning.
Bug: 149808504
Test: WV unit/integration tests on L3
Change-Id: Id3fbce621b47a723ff624cf45f1ac203421a8dba
[ Merge of http://go/wvgerrit/95508 ]
The provisioning ID length will be 32 bytes when the device supports a
keybox or OEM certificates and does not implement |OEMCrypto_GetDeviceId|.
If a device supports OEM Certificates and implements |OEMCrypto_GetDeviceId|
it may be an arbitrary length upto 64 bytes.
Bug: 150393659
Test: WV unit/integration tests
Change-Id: I5e4dbc8f2f9ca326425d0313f4823b72bd6ac7c0
Currently, if requestedLevel is not the same as the
current security level, openSession_1_1 still returns
Status::OK, we should return an error status.
Merged from http://go/wvgerrit/95507
Test: unit test
adb shell LD_LIBRARY_PATH="/vendor/lib64" /data/nativetest/libwvdrmdrmplugin_hidl_test
Bug: 150407669
Change-Id: I5673ac7bbe7a234ddd07bb9c145135486fb9e583
Merge from Widevine repo of http://go/wvgerrit/95463
In the unit tests ReloadUsageTableWithSkew, we load a header that has
a generation number off by 1. This is allowed. However, we then try to
load the current entry, which is newer than the header. Instead, we
should try to load the entry that went with the header.
Bug: 139828114
Test: Ran unit tests
Change-Id: I87261501d8ee2b91a07c2b5dff17fc0ea950244d
Merge from Widevine repo of http://go/wvgerrit/95403
This updates the test code CreateDefaultResponse to make sure that
license releases do not have a core message, and that the key control
block is correctly set for renewals.
Also, the unit test OEMCryptoUsageTableTest.TimingTest is changed to
only a license release when the license is inactive. If the license is
still active, then the license is loaded before generating a usage
report.
Test: Ran full unit tests
Bug: 151092673
Change-Id: I7c01fd17f9b66e88ab3c57aa0f3d40740f13507c
