Merge from Widevine repo of http://go/wvgerrit/122403
Re-merge of http://go/wvgerrit/105184 which was accidentally
undone by http://go/wvgerrit/107063.
Unused params are reported as warning when built in Android.
Test: Ran oemcrypto unit tests
Bug: 160734070
Change-Id: Id8384c58c8ace0b214464380fb961d108f1b5c3b
Merge from Widevine repo of http://go/wvgerrit/122223
This adds the ODK unit tests to the CE CDM tests so that they run as
part of the presubmit tests.
The test helper had some pointer problems converting a bool to a
uint32, so it has been updated to handle this correctly.
Some other tests failed comparing signed to unsigned, to these have
also been fixed.
test: ran odk_test
bug: 118657876
Change-Id: I744a1e89f4e4729c31d3f53e729984ffac1d96fd
Merge from Widevine repo of http://go/wvgerrit/121950
Remove term "Master" from "Widevine Master License Agreement".
Bug: 168562298
Change-Id: I655babf1bc447f4872f6a0f849107262be42df7a
Merge from Widevine repo of http://go/wvgerrit/121790
Some unit tests expected OEMCrypto to be the latest ODK version,
but we do not require this for v16.
Bug: 184905579
Change-Id: Iccdbcc0b28587aad79a2a63d8c39a564a47fb585
Merge from Widevine repo of http://go/wvgerrit/121886
This CL merges some changes from branch rvc-dev to sc-dev
that prepared it for merge.
One change is that the unit tests now say they are part of
Android S instead of R.
Bug: 180546871
Change-Id: I2ebbd8f7b8586389ebb75f3743a2dc2ad8caa214
This CL adds AllocateSecureBuffer and FreeSecureBuffer to the list of
function names that are obfuscated. It also corrects some spelling and
formatting in OEMCrypto headers. This is still version 16.4.
Merge from Widevine repo of
http://go/wvgerrit/115803http://go/wvgerrit/111104http://go/wvgerrit/108703http://go/wvgerrit/108703
Bug: 139814713
Bug: 141202789
bug: 168634557
bug: 168635928
bug: 168637230
bug: 168639188
Change-Id: I6f06549b2cf104c6751b2947964569e974fcdcd2
[ Merge of http://go/wvgerrit/116944 ]
This change is the last part of a three part change for restructing
the root of trust used by the reference implementation.
OEM Certificates are now managed by the root of trust of the crypto
engine. Previously, OEM certs where handled separately on a session
by session basis.
Bug: 135283522
Test: oemcrypto_unittests ce_cdm_tests
Change-Id: I6cf1fa3fade28baad85b5fce57a8eab6f2ed17c1
[ Merge of http://go/wvgerrit/115551 ]
This change is the second part of a three part change for restructing
the root of trust used by the reference implementation.
The use of RSA_shared_ptr has been replaced with the standard library
std::shared_ptr using the RsaPrivateKey wrapper class. The
AuthenticationRoot class now uses this for the built-in DRM cert key.
RSA decryption and signature operations within the session context are
now performed the RsaPrivateKey class. This has reduced the code size
and complexity within the reference and testbed, focusing their
implementation on key policy and less on mechanics.
Bug: 168544740
Bug: 135283522
Test: oemcrypto_unittests ce_cdm_tests
Change-Id: Ic743a529a9858f3182290d8bcf5e1633737b005b
[ Merge of http://go/wvgerrit/115550 ]
This change is the first part of a three part change for restructing
the root of trust used by the reference implementation.
The API of the AuthenticationRoot class has been updated to reflect
the OEMCrypto functions that relate to the root of trust. This
involves changing the keybox and DRM Cert methods and adding in new
stubs for OEM Certificates.
The WvKeybox now uses a RAII-like interface to ensure that keyboxes
are provisioned correctly or not at all.
Bug: 135283522
Test: oemcrypto_unittests ce_cdm_tests
Change-Id: I3f2baf29c1022e1806b6196fa6650d761785c626
The sc-dev branch on Android is out of sync with several important
changes on the CDM master branch. This changes copies several CLs.
[ Merge of http://go/wvgerrit/104524 ]
OEMCrypto unittest: generic crypto APIs
Add unit tests to verify that generic crypto APIs do not crash for large
input buffer lengths and signature lengths.
[ Merge of http://go/wvgerrit/106583 ]
Fix secure buffer tests in OEMCrypto testbed
The secure buffers were not being used correctly in the testbed, and
were failing OEMCryptoMemoryCopyBufferForHugeBufferLengths.
[ Merge of http://go/wvgerrit/109603 ]
Reject block_offsets of 16 or greater in OEC Ref
This is a potential security hole. We will be enforcing that OEMCrypto
rejects this in an upcoming test, so the Ref must be updated to reject
it.
[ Merge of http://go/wvgerrit/110165 ]
Fix Format String Signedness
See above for full description.
[ Merge of http://go/wvgerrit/111784 ]
Fix heap overflow test in L3 and OEMCrypto ref
Check the length of wrapped_rsa_key_length before casting to
WrappedRSAKey struct.
[ Merge of http://go/wvgerrit/113563 ]
Reword "blacklisted" to "forbidden"
[ Merge of http://go/wvgerrit/113583 ]
Use error code from RAND_bytes
The return code from RAND_bytes was not used correctly.
[ Merge of http://go/wvgerrit/113644 ]
Check for buffer overflow when computing subsample size
The test DecryptCENCForNumBytesClearPlusEncryptedOverflowsSize
cleverly picks num_bytes_clear + num_bytes_encrypted = 1 after integer
overflow. This is in the refernce code, level 3, and odkitee.
[ Merge of http://go/wvgerrit/113683 ]
OEMCrypto reference code: respect analog flags for clear buffers
The reference code should honor the analog_display_active flag for
both clear and secure buffers.
[ Merge of http://go/wvgerrit/114883 ]
Add size check for IV in OEMCrypto APIs
IV is supposed to be 16 bytes but the size is never checked before iv
gets used in LoadProvisioning.
Bug: 145026457
Bug: 147569428
Bug: 159847851
Bug: 162372059
Bug: 169278035
Bug: 169980065
Bug: 173460694
Bug: 173994023
Bug: 174523584
Bug: 175001473
Bug: 175041667
Test: No compiled files changed
Change-Id: If0ccd1cd3a56f72eedd2a6cb202a34bc7b43ca0d
[ Merge of http://go/wvgerrit/115549 ]
Our WV CRC-32 implementation is for CRC-32/MPEG-2 (rather than the
documented CRC-32-IEEE). The OEMCrypto document has been updated to
reflect the reference implementation.
Test: oemcrypto_partner_tests
Bug: 135283522
Change-Id: Iea8fc4ec500aec96bdb27102c51dfcca77d7bffb
[ Merge of http://go/wvgerrit/115548 ]
Create a small set of unittests to verify the functionality of OEM
Certificate.
This adds a test OEM Public Certificate and OEM Private Key.
Bug: 135283522
Test: oemcrypto_unittests
Change-Id: Iaa634543d9cb5005d91f1e7c528bf05b2b0c4d68
[ Merge of http://go/wvgerrit/115547 ]
The functionality of OEM Certificates are being abstracted away. This
is to help with the integration of ECC-based DRM certificates and in
preparation for ECC-based OEM Certificates.
Summary of OEM Certificate functionality:
- Parsing OEM Public Certs (PKCS7 signedData)
- Parsing OEM Private Key (PKCS8 PrivateKey)
- Public cert getter
- Implements most of OEMCrypto_GetOEMPublicCertificate()
- Certificate validation
- Implements most of OEMCrypto_IsKeyboxOrOEMCertValid() for OEM
Certificates
- Checking public-private key pairing
Bug: 135283522
Test: Future CL
Change-Id: Ib9580bd83641865c53dd829ff09b142bf111768c
[ Merge of http://go/wvgerrit/115546 ]
Included a set of unittests for RSA keys which ensure client-server
RSA operations work as expected.
Bug: 135283522
Test: oemcrypto_unittests
Change-Id: I8363a82403d0780f3074a05c64c804e700c2b779
[ Merge of http://go/wvgerrit/115545 ]
This change wraps the RSA key in a public and private key class that is
similar to how ECC keys are wrapped.
This new wrapper replaces deprecated OpenSSL/BoringSSL RSA signing and
signature verification API and uses the generic key digest context for
RSASSA-PSS signatures.
Bug: 135283522
Test: Future CL
Change-Id: Ifff649a3abcca127cc539f937c429c7da8acdcc6
[ Merge of http://go/wvgerrit/114284 ]
The unittests check that the ECC keys are being created as expected
and that they can perform their basic operations.
Bug: 135283522
Test: oemcrypto_unittests
Change-Id: I1bdb26421ba47e1ab135f5ce5a54da304627a7c3
This commit is a combination of the following:
* http://go/wvgerrit/117003
* http://go/wvgerrit/118303
Bug: 162255728
Test: MediaDrmTest#testGetLogMessages
Change-Id: I5699b64d5c4bab463e5b587595fa7d324dc1d93f
[ Merge of http://go/wvgerrit/113750 ]
This introduces two classes EccPublicKey and EccPrivateKey which
perform all ECC-specific crypto operations. The main operations
required by ECC are:
- Load/serialize keys from/to X.509 DER formats
- Generate ECC signatures
- Verify ECC signatures
- Derive session keys used by other OEMCrypto operations
These new classes still need to be plugged into rest of the reference
OEMCrypto implementation.
Bug: 135283522
Test: Future CL
Change-Id: Id071cad9129f95a6eb08662322154ba7d1548d40
Merging CL:
* http://go/wvgerrit/108203
* http://go/wvgerrit/103904 (changes to L3 source files excluded)
Also added ODK dependency which is required by L3 v16.
Do not replace constant sizeof() with a hard-coded value in L3 library because it is target-specific.
Test: Unit tests on gLinux
jenkins/linux_unit_tests
jenkins/ce_cdm_tests
Test: Unit tests on Pixel 4(flame-userdebug, rvc-qpr-dev)
vendor/widevine/libwvdrmengine/build_and_run_all_unit_tests.sh
Test: Manual ExoPlayer L1/L3 playback tests (flame-userdebug)
WV: Secure HD/SD (cenc,MP4,H264)
WV: Secure HD/SD (cbc1,MP4,H264)
WV: Secure HD/SD (cbcs,MP4,H264)
Test: Widevine GTS tests(bramble-userdebug, master)
http://ab/I23800006571451275
Bug: 136317881
Bug: 139814713
Bug: 173331251
Change-Id: I1656e83a74a0eaf650f55f5e2388819bf5020c0d
(This is a merge of the parts of http://go/wvgerrit/105985 that affect
Android.)
This patch fixes some files that, after recent changes, were no longer
building when using OpenSSL instead of BoringSSL. <memory> was missing
in a header, and a function whose return type is different on OpenSSL
was tripping up the format-string warnings.
Bug: 168553979
Test: jenkins/ce_cdm_tests
Test: Android CDM Build
Change-Id: Id6a33d0ce0d3cbe5fe33b3f22aa3ee6b03ac76dd
[ Merge from http://go/wvgerrit/102303 ]
This adds an OEMCrypto test that ensures that usage entries can be
loaded and reloaded without issue within the same crypto client
lifecycle. This is in response to b/158273241 where certain entries
could not be reloaded if new entries are created and loaded in a
particular order.
Bug: 158619296
Test: OEMCrypto test on Android
Change-Id: Ib7422b2003e46a3ee27c6a591177a12d14e628bc
This is a cherry pick of recent changes to OEMCrypto and ODK. Most of
these are part of the document migration to doxygen.
See http://go/wvgerrit/106005 and its parents for code reviews.
Bug: 144715340
Bug: 148232693
Bug: 167580674
Change-Id: I658f99c8117b974faed97322d61fac0f382283af
[ Merge of http://go/wvgerrit/105025 ]
Clang and GCC allow for warnings against the arguments for printf-like
functions (e.i. LOGx). These validate that the format type specified
in the format string match the corresponding argument type.
Most of the time, format specifer errors are benign; hence why they
haven't been seen as an error so far. However, with the enabling of
specifier warnings and the enabling of warnings as errors on certain
platforms, these existing errors need to be addressed.
This CL enables format specifier warnings for most of the Widevine
code, with the OEMCrypto L3 implementation which has a single error
which requires a fix in the haystack code before being fixed in the
Widevine branch.
Strict format string warnings are not enabled for non-LP64 systems.
Bug: 137583127
Test: Compiled for Linux and Android
Change-Id: I051398332d31a20457b86563a90ad8f6d428445f
This CL builds the Widevine drm services and libraries.
Soong makefile conversion for unit and integration
tests will be in a different CL.
This doc may help with the review:
https://docs.google.com/document/d/1lK3X9RFPwbbwewLNlS4TfSMhxIlPuAkHRnGcgwWpChU/edit?usp=sharing
Test: build
Test: Play Movies and Netflix streaming
Test: unit tests
build_and_run_all_tests.sh
Test: gts
ANDROID_BUILD_TOP= ./android-gts/tools/gts-tradefed run gts -m GtsMediaTestCases -t com.google.android.media.gts.MediaDrmTest
atest GtsExoPlayerTestCases:com.google.android.exoplayer.gts.DashTest
Test: vts
ANDROID_BUILD_TOP= PATH="$PWD/android-vts/tools:$PATH" vts-tradefed run commandAndExit vts --module VtsHalDrmV1_3Target
Bug: 162321744
Change-Id: I50c0fb2e8f28dfe7901587e3d3203542943e23b1
Merge from Widevine repo of http://go/wvgerrit/101905
The reference OEMCrypto should not be built as part of Android.
Test: Builds
Bug: 146361995
Change-Id: Ic25e6e567fcac519636f64dabc0d59b3df78990e
libcrypto_static has restricted visibility, which is now being
implemented in Make, so we either need to allow it for all vendor
modules, or use the shared library instead.
Bug: 158599308
Test: treehugger
Test: mmma vendor/widevine/libwvdrmengine
Change-Id: I88ddce7ad221c66a20f4e05409ae77421e4196ad
Merge from Widevine repo of http://go/wvgerrit/101243
Changed the version number to 16.3 and the date to June 1st. The
delta document has a short description of CL's added since
April 6th.
Test: documentation changes only
Bug: 157030231
Change-Id: I93c2b09d6a24efc71ed77110b115cafbd6fde1c6
Merge from Widevine repo of http://go/wvgerrit/101144
This CL updates the version string of the oemcrypto unit tests.
Test: unit tests on taimen and with reference oemcrypto v16.
Bug: 156789529
Change-Id: I504a32f0c3781870052b58d30312c58e090b145c
Merge from Widevine repo of http://go/wvgerrit/101143
This CL removes the check for a decrypt hash error when CopyBuffer is
used instead of DecryptCenc because a key was not selected.
We also remove the attempt to check the decrypt hash when there are
multiple buffers, because that is not well defined behavior.
Bug: 155185867
Bug: 155192141
Test: ran unit tests on taimen and on v16 reference oemcrypto
Change-Id: I640e904e256f0913ca606bb5db891430b23f44a3
Merge from Widevine repo of http://go/wvgerrit/100964
The previous nonce-free test used the same session to generate the
request as to load the license. However, it is a realistic use case to
have a new session used for loading the license.
The use case relates to a pre-loaded, shared license.
Test: Ran unit tests on taimen and on v16 ref implementation
Bug: 156853321
Change-Id: Ibc07744a16edcd3952d88d73660a75d0c3e8eeb8
