(This is a merge of http://go/wvgerrit/139630.)
This patch fixes a few places that were using NULL or 0 instead of
nullptr.
Bug: 207702482
Test: x86-64 build
Change-Id: I10e19febebd093fe4445208a082216002d9a4482
(This is a merge from the Widevine Repo of http://go/wvgerrit/134310.)
This patch fixes code that would trigger -Wshorten-64-to-32 by
implicitly narrowing a variable from 64 to 32 bits. Most of the time, it
does this by making the implicit conversion explicit. The cause of most
of these is that OpenSSL uses "int" for the length of things rather than
size_t. (While BoringSSL sometimes uses int and sometimes uses size_t.)
One exception is LogBoringSSLError(). We have a couple copies of this
function around, and they varied slightly. This patch brings them all
in-line, which conveniently also removes any code in them that would
deal with integer variables.
GetRandBytes() now takes a size_t and downcasts to BoringSSL's native
int internally, so that callers can pass in a size_t value as they would
expect.
There's also an interesting case in oec_session_util.cpp. Because
BoringSSL and OpenSSL disagree about the width of an error code, we have
to use the "auto" type for a temporary variable that holds an error, in
order to retain compatibility with both.
Bug: 194971260
Test: x86-64
Test: x86-64-openssl
Change-Id: I88bc62b4cda396f8a1eabd1a3cb7d1b03f47a33f
(This change is merged from http://go/wvgerrit/124825)
The OEMCrypto tests have tests that verify that entitled keys can be
loaded but not that they can be successfully used for decrypt. This
patch adds a decrypt portion to the existing tests.
As part of this, the existing Session::EncryptCTR() method and portions
of Session::TestDecryptCTR() are lifted to be static functions so they
can be shared across unrelated classes in oec_session_util.cpp.
EncryptCTR() had no dependence on its enclosing class and is unchanged
other than being moved outside the class.
To reduce ambiguity with the new decrypt verification, this patch also
renames EntitledMessage::VerifyEntitlementTestKeys() to the
more-specific EntitledMessage::VerifyKCBs(). Its behavior is unchanged.
Bug: 186782279
Test: x86-64 platform
Test: opk_ta platform
Test: build_and_run_all_unit_tests
Change-Id: I15156882907b0987215087aaf43b4666fedc171a
Merge from Widevine repo of http://go/wvgerrit/121950
Remove term "Master" from "Widevine Master License Agreement".
Bug: 168562298
Change-Id: I655babf1bc447f4872f6a0f849107262be42df7a
Merge from Widevine repo of http://go/wvgerrit/121886
This CL merges some changes from branch rvc-dev to sc-dev
that prepared it for merge.
One change is that the unit tests now say they are part of
Android S instead of R.
Bug: 180546871
Change-Id: I2ebbd8f7b8586389ebb75f3743a2dc2ad8caa214
This is a cherry pick of recent changes to OEMCrypto and ODK. Most of
these are part of the document migration to doxygen.
See http://go/wvgerrit/106005 and its parents for code reviews.
Bug: 144715340
Bug: 148232693
Bug: 167580674
Change-Id: I658f99c8117b974faed97322d61fac0f382283af
Merge from Widevine repo of http://go/wvgerrit/100964
The previous nonce-free test used the same session to generate the
request as to load the license. However, it is a realistic use case to
have a new session used for loading the license.
The use case relates to a pre-loaded, shared license.
Test: Ran unit tests on taimen and on v16 ref implementation
Bug: 156853321
Change-Id: Ibc07744a16edcd3952d88d73660a75d0c3e8eeb8
Merge from Widevine repo of http://go/wvgerrit/96508
This adds a unit test for to verify that a preloaded license may be
loaded into OEMCrypto. A preloaded license is a license that does not
have a nonce, and for which there is no license request. This is used
in CAS and ATSC.
I also updated the test version string to
OEMCrypto unit tests for API 16.2. Tests last updated 2020-03-27
Bug: 144105097
Test: ran oemcrypto unit tests on taimen and with v16 modmock.
Change-Id: I6a4926917f36a084d15defa7b908d067612c4dcf
Merge from Widevine repo of http://go/wvgerrit/96163
This CL just addresses some review comments from the big merge to
master. The header OEMCryptoCENC.h is now synced with the
document http://go/oemcrypto.
Test: unit tests
Bug: 148907684
Change-Id: Ic825126e0dd3d7e86eefab2c51b4abb5d57fb568
Merge from Widevine repo of two CLs.
Merge from Widevine repo of http://go/wvgerrit/94743
A license release should not have a core message. This CL adjusts the
existing unit tests to verify this. There is also a new unit test called
SecureStop that explicitly tests sending a secure stop in a new
session without first loading the license.
Merge from Widevine repo of http://go/wvgerrit/94865
This CL has the following changes copied from google3:
http://cr/298871728 Remove odk_static_assert for Message size temporarily
http://cr/298755935 Fix a compiling error during macro expansion
http://cr/298481745 Add missing header for android
http://cr/298448142 Fix odk_test gyp file
http://cr/298419641 Remove header from Android.bp
http://cr/298402053 Separate sizeOf(args) bytes in fuzz tests
http://cr/297730316 No core messages for license release
http://cr/297714346 Add copybara_test and piper_sot_to_gerrit
http://cr/297636713 Adding some comments around boolean conversion code
http://cr/297420679 Autofuzzer when ran with address sanitizer ...
http://cr/296513584 Minor fix with fuzzing odk clock values
http://cr/296322024 Fixing errors in code with how request ...
http://cr/296313159 Fuzzing ODK clock values by setting aside ...
http://cr/295763207 Add more odk tests and move helper functions to test helper
http://cr/294524098 Adding a Build Rule for ODK_KDO_Fuzzer and updating
http://cr/294492213 Address a few review comments of ODK
http://cr/293674368 odk_fuzz: add TODOs & comments
http://cr/293492806 Fix spelling
Bug: 150243585
Bug: 150020278
Bug: 150095506
Bug: 147297226
Bug: 148290294
Bug: 148907684
Bug: 150608451
Test: unit tests
Change-Id: I25fd406f29f4eba40f5cb27e9a1317dce4ffc2f5
Merge from Widevine repo of http://go/wvgerrit/93404
This is the unit tests, reference code, and documentation for
OEMCrypto v16.2. Backwards compatibility should work for a v15
OEMCrypto.
Some review comments will be addressed in future CLs.
Bug: 141247171
Test: Unit tests
Test: Media GTS tests on bonito
Change-Id: I9d427c07580e180c0a4cfdc4a68f538d351c0ddd
Merge of http://go/wvgerrit/93404
This CL updates the Widevine CDM to support OEMCrypto v16.1
Test: Tested in 16.2 CL
Bug: 141247171
Change-Id: I69bd993500f6fb63bf6010c8b0250dc7acc3d71b
Merge from Widevine repo of http://go/wvgerrit/77609
For v15.2 we require that nonces not collide across sessions and there are
restrictions placed on the mac key's IV in LoadKeys.
Test: ran unit tests on reference code
Bug: 131325434
Bug: 131326334
Change-Id: I1bb01c30d8c15d66d762c28b57d7700c44daa835
Merge from master branch of Widevine repo of http://go/wvgerrit/66073
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64083
As part of the update to v15, LoadKeys, RefreshKeys, and
LoadEntitledContentKeys should all use offsets and lengths into the
message rather than a pointer for its parameters. The CDM, tests,
adapters, and OEMCrypto implementations are changed to reflect this.
Test: tested as part of http://go/ag/5501993
Bug: 115874964
Change-Id: I981fa322dec7c565066fd163ca5775dbff71fccf
Merge from master branch of Widevine repo of http://go/wvgerrit/66072
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63764
This adds the function OEMCrypto_ResourceRatingTier to the oemcrypto referenece
code, dynamic adapter, and unit tests.
Bug: 117110800
Test: tested as part of http://go/ag/5501993
Change-Id: Idf47af405f0c69601108b75c788a97b30abdb39d
Merge from master branch of Widevine repo of http://go/wvgerrit/66066
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63628
The error code OEMCrypto_KEY_NOT_LOADED is redundant with
OEMCrypto_ERROR_NO_CONTENT_KEY and OEMCrypto_KEY_NOT_ENTITLED. The
function LoadEntitledContentKey should return KEY_NOT_ENTITLED if it
does not find the corresponding entitlement key in its key table. All
other functions that do not find a key id in the key table should
return OEMCrypto_ERROR_NO_CONTENT_KEY. This includes QueryKeyControl,
SelectKey, and RefreshKeys.
Test: unit tests
Test: tested as part of http://go/ag/5501993
Bug: 115574797
Change-Id: Ida2111f32e331b99f3f0c77fa404a42654d0870c
Merge from Widevine repo of http://go/wvgerrit/46204
Refactor utility code - split the mock, step 1
Merge from Widevine repo of http://go/wvgerrit/46205
Move some OEMCrypto types to common header - split the mock, step 2
Merge from Widevine repo of http://go/wvgerrit/46206
Split mock into two -- step 3
Merge from Widevine repo of http://go/wvgerrit/47460
Split the mock into two -- step 3.5
The CL moves several files used by oemcrypto and cdm into a common
subdirectory, so that it may more easily be shared with partners.
The CORE_DISALLOW_COPY_AND_ASSIGN macro was moved to its own header in
the util/include directory.
This CL removes some references to the mock from other code, and puts
some constants and types, such as the definition of the keybox, into a
header in oemcrypto.
Test: tested as part of http://go/ag/4674759
bug: 76393338
Change-Id: I75b4bde7062ed8ee572c97ebc2f4da018f4be0c9
Merge from Widevine repo of http://go/wvgerrit/58440
This CL modifies the oemcrypto test TwoHundredEntries so that it
attempts to create more than 200 entries. A device is allowed to fail
when such an attempt is made, but it must return an insufficient
resources error.
The test then verifies that each of the entries that were succesfully
created can be used to reload its license and the keys can be used for
decryption.
It then shrinks the usage table header, and verifies that the
remaining licenses can still be used for decryption.
bug: 112486006
test: unit tests (test code only)
Change-Id: I6e6edfb00f0553724e0f99fb4e5ea5c817450937
Merge from Widevine repo of http://go/wvgerrit/49805
This aligns the oemcrypto reference code and unit tests to match the
API design doc: http://go/oemcrypto
bug: 79375509
test: unit tests pass
Change-Id: I13761a7384a17e99d88e61aaf80b4a22941fd172
Merge from http://go/wvgerrit/47640
Test: unit/integration tests
Bug: b/62058202
The usage table keeps track of license duration by using the current
system time. However, if a user were to rollback the time, they can
effectively continue offline playback indefinitely. This changes the way
we compute time by computing offsets by which the user rollbacked the
time and adding it to the current time. This change also includes a test
to verify protection against rollback for usage entries that is only run
when the user is root.
Change-Id: I97c430e1443747b0f9759ae5390b8f5d06bdebf1
Merge from Widevine repo of http://go/wvgerrit/47860
This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.
bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
Merge from Widevine repo of http://go/wvgerrit/43721
This CL allows the tester to change the nonce flood rate from the
default of 20. A tester would want this value to be larger to make
tests run more quickly.
Setting the rate to 1 makes every other nonce request a flood error.
A tester wants to do this in order to verify cdm code responds to
nonce flood correctly. Several failing oemcrypto tests have also been
corrected.
This CL changes test code only.
bug: 73607610
test: unit tests
Change-Id: I3f52ff7ea9bcc1db7bc0e010da0b64a12d3b4dd3
Merge from Widevine repo of http://go/wvgerrit/42402
This changes the AES key size back to 128 for keys that are not
entitlment keys.
bug: 72904259
test: unit tests
Change-Id: I07cc56050cafb82c65b67c56df3f18d375047eb8
Merge from Widevine repo of http://go/wvgerrit/41662
This CL updates oemcrypto unit tests to use the new test keybox.
bug: 69552641 Update OEMCrypto_LoadTestKeybox
test: Unit tests compile and run -- many tests won't pass until merged
with vendor code
Change-Id: I73bdca3958b2c985d4c61801aa95807a2e6d4299
This CL adds entitlement license features and moves cipher mode from
LoadKeys to SelectKeys.
Merge from Widevine repo of http://go/wvgerrit/41660
bug: 70334840 Entitlement License - cdm layer
bug: 70334345 Entitlement License - reference code and unit tests
test: Entitlement license unit tests pass.
Change-Id: Ic7d7f42c15e6d83ef7fcfd8a866c778adc4c8095
These are a set of CLs merged from the wv cdm repo to the android repo.
* Correct error logging
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/40000 ]
In tests, we set the cipher list to avoid using insecure
ciphers when connecting to the provisioning/license service.
The result of setting the cipher list was being incorrectly
validated.
Bug: 64847919
* Move mips cache headers to clear_cache_function.h
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39700 ]
Since the clear_cache function has been moved away from the dynamic
adapter, we need these conditional includes to be migrated as well for
MIPS.
* Comment out Level 3 debug call until merge
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39761 ]
This call was introduced in go/wvgerrit/34260/. Since the haystack tool
in google3 still needs this merge, this should be commented out so the
tool can still build until the merge has finished.
* Add logging for MAC keys to mock
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39740 ]
Bug: 70637842
* Move external interfaces into level3.h + refactor
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39673 ]
As part of b/70523618, this CL moves interfaces that partners are
responsible for in Level 3 to level3.h so they can be visible as
part of the CDM release process. It also cleans up some of the
names of the files and adds documentation.
* Corrected close session logging level
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39676 ]
Bug: 69460963
* Remove Security Level Path Backward Compatibility Support
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39505 ]
From the android K release onwards certificates were stored in
security level specific directories. If upgrading from
previous releases persistent information needed to be moved
to those directories.
Since no device is likely to upgrade from J to Pi, comptibility
support can be removed.
Bug: 70160032
* Rename privacy_crypto_openssl To privacy_crypto_boringssl
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37122 ]
Now that we no longer support OpenSSL in the Shared Source CDM, the name
of this file can be updated.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Remove Conditional Compilation from OpenSSL/BoringSSL
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/39460 ]
This change removes the usages of conditional compilation to support
both BoringSSL and OpenSSL, as well as to support multiple versions of
the OpenSSL API. All code is now compiled against one of the two
versions of BoringSSL in third_party/.
Note that in some cases, the kit/ and legacy_kit/ versions of BoringSSL
had different APIs, so when removing the OpenSSL version compatibility
conditional compilation, sometimes the older branch was kept and
sometimes the newer branch was kept.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Build CE & Jenkins CDMs With BoringSSL from third_party/
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37120 ]
Up until now, integrators have been responsible for providing a
compatible crypto library for use by the CE CDM. (either OpenSSL or
BoringSSL) After this change, this decision will no longer be in their
hands. The CE CDM build will always use the copy of BoringSSL in
third_party/, which will be statically linked with our library with
hidden visibility. This allows us to better control what crypto library
we use and will prevent continuing problems with trying to support both
OpenSSL and BoringSSL.
Unfortunately, BoringSSL began using C++11 in mid-2017, and we can't
support C++11 right now. Until we can, we need to use a C++11-free
version of BoringSSL for libssl. The CDM itself will continue to use a
recent BoringSSL, as it only needs libcrypto. But the unit tests that
need libssl have to use the legacy version.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Modified RNG for Level3 to use more entropy
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39220 ]
Bug: 65165076
Modified seed generation to use an xor of clock_gettime and
client-implemented code to supply random seeds to the RNG. Modified the RNG
as well to use xoroshiro128+ instead of xorshift, since it uses more
than one seed/state (which are 64-bit) and has higher "statistical quality".
The default implementations for the seed generation use /dev/urandom.
* Configure base path for Level3FileSystem
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39506 ]
This is in response to b/70354006. This change makes the
Android Level3FileSystem use the existing properties method
GetDevicesFilesBasePath for binderization. The same is done for the
Linux implementation.
* Add legacy_kit/ to BoringSSL Directory
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38861 ]
This adds a second copy of BoringSSL to the third_party/boringssl/
directory. This second copy is pinned to the last revision of BoringSSL
not to require C++11 and is not updated by the UPDATE_BORINGSSL.sh
script. This second copy will be used to provide libssl to the tests on
devices that do not support C++11.
Once we support C++11 in the CDM again, this weight should be removed
and all targets should use the copy of BoringSSL in the kit/ directory.
Bug: 67907873
* Use Shared Libraries for Unit Tests
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38860 ]
Some unit tests were using a statically-linked CDM instead of a
dynamically-linked one. (Or, in one case, trying to link both ways into
the same binary.) For now, we need to only link dynamically, so that the
unit tests and the CDM can use different versions of BoringSSL.
Long-term, we would like to test both kinds of linkage. (See b/69548115
for that.)
Some unit tests were also using a dynamicaly-linked CDM that was named
such that it appeared to be statically-linked. This patch renames some
targets to make the linkage clearer.
Bug: 67907873
* Change CDM_Backwards_Compatiblity_Tests to dedicated brances
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/39003 ]
The build scripts used by CDM_Backwards_Compatiblity_Tests now pull
old versions of oemcrypto from the dedicated branches oemcrypto-v*,
which [will eventually] contain old oemcrypto versions, that build
with the current build system with a current boringssl version.
bug: 67907873
* Fix spacing on level3 header
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/38760 ]
* Correct Query status calls
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38640 ]
Bug: 70160032
* Refactoring to allow encryption of client ID
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37460 ]
The code has been restructured to allow encryption of client
identification in provisioning requests. This will be enabled
when server side changes have been made (b/69427217).
* Additional information is included in the Client Identification
portion of the provisioning request.
* Client identification will be encrypted with a service
certificate provided by the app/client. Platform changes
to enable passing this to core are needed. If a service certificate
is not provided, a default one associated with the production Keysmith
will be used.
* Switched APIs in CdmEngine to take a service certificate for
provisioning rather than licensing. Service certificates for
licensing are session based and passed as properties from platform
code.
Bug: 30737060
* Allow some CDM errors to be reported from multiple locations
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38360 ]
This creates some CdmResponseType errors which may be reused
PARAMETER_NULL, NOT_INITIALIZED_ERROR, REINIT_ERROR.
I have made changes to a few classes to report these errors.
Will work on additional classes in a separate CL.
Bug: 69864404
BUG: 71650075
Test: WV Unit/integration tests
Change-Id: Icc048770d424ac537d11ff327cda2cb142da802d
These are a set of CLs merged from the wv cdm repo to the android repo.
* Add CDM status return for decrypt blocked by HDCP.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28062 ]
New status code is kKeyUsageBlockedByPolicy. It is returned by the decrypt()
call instead of kDecryptError or kNoKey.
Also shuffled the CDM status returns to define the EME-aligned codes
first, and added comments to highlight the differences in handling.
BUG: 37540672
* Change division and mod ops to relocatables
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/28600 ]
This is similar to I2dad1028acf295288cd10817a2bcff2513c053c9.
We should be using the relocatable functions instead of the
native division and mod operations.
* Cleanup Encrypted ClientID in provisioning request
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28083 ]
b/36897239
Staging server does not support it (or the client is not constructing
it properly). Leave it disabled pending investigation.
* Certificate Provisioning fixes.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28066 ]
Partial fix for BUG: 37482676
Partial fix for BUG: 37481392
Update service certificates, get rid of DEV/QA root certificate.
Provisioning request and response are base64 (web-safe) encoded.
Response is optionally JSON-wrapped.
Change ConfigTestEnv; clearer comments and a closer match to reality.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I79d3c4bf1124e5e0d3e4d40baead65a8266ea874
Below are a set of CLs being merged from the wv cdm repo to the android repo.
* Fix handling of OEM Cert public key.
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/27921 ]
This is a potential fix for b/36656190. Set aside public
key on first call to get the public key, and use it afterwards.
This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(),
which has side-effect of staging the OEM private key.
This also fixes a problem where the public cert string was
not being trimmed to match the size returned by
OEMCrypto_GetOEMPublicCertificate().
* Complete provisioning request/response for Provisioning 3.0
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Fix bug on provisioning request path where GenerateDerivedKeys()
was being called when preparing to generate the signature.
Add message signature verification, and call correct OEMCrypto
routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30).
* Implement Cdm::deleteAllUsageRecords()
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Delete all usage records for current origin. Removes usage
records from file system and retains the PSTs. The deletes
any usage entries matching those PSTs held by OEMCrypto.
BUG: 35319024
* Remove stringencoders library from third_party.
Author: Jacob Trimble <modmaker@google.com>
[ Merge of http://go/wvgerrit/27585 ]
We have a fork of the stringencoders library that we use for base64
encoding. This reimplements base64 encoding to remove the extra
dependency and to reduce the amount of code.
* Add Cdm::deleteUsageRecord() based on key_set_id.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27605 ]
Delete specified usage record from file system usage info and
from OEMCrypto.
BUG: 35319024
* Modifiable OEMCrypto
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/24729 ]
This CL adds a new variant of the OEMCrypto mock code that adjusts its
behavior based on a configuration file. This is intended for
testing.
For example, a tester can set current_hdcp to 2 in the options.txt
file, push it to the device, and verify that a license is granted for
HDCP 2.0. Then the tester can edit the value of current_hdcp to 1 and
push the file to the device. Playback should stop because the license
is no longer valid.
This variant uses a real level 1 liboemcrypto.so to push data to a
secure buffer. That means we can test playback for a license that
requires secure buffers on an Android device with real secure buffers.
BUG: 35141278
BUG: 37353534
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I58443c510919e992bb455192e70373490a00e2b6
Merge from Widevine repo of http://go/wvgerrit/27461
In order to sign a license release message, the mac keys from the
usage entry should be used whenever keys have not been loaded.
This CL updates the reference code, the unit tests, and the level 3
oemcrypto.
b/38203566
Test: unit tests passing on bullhead.
Change-Id: Ic71fee4b4b7b45801548ab80fbbbf8f4ccab3e6e
Merge from Widevine repo of http://go/wvgerrit/24241
The CL also only modifies existing tests so that they will pass
with an old version of OEMCrypto, or it filters out the tests so
that they do not run. This positions us so that we can more
easily verify how much backwards compatibility we expect to work.
bug: 35877886
Change-Id: Iadc06672d7f9cef75800662ff83389c504a3fd04
Merge from Widevine repo of http://go/wvgerrit/23581
This CL adds some unit tests to oemcrypto to verify that DecryptCENC
and the generic encrypt and decrypt functions behave correctly when
the input and output buffer is the same. i.e. decrypt in place.
The mock and haystack are also updated to pass the tests.
b/34080119
Change-Id: Ie295bdaddbb8058bebb36f6dab092d307f249ecd
Merge from Widevine repo of http://go/wvgerrit/24042
This CL adjusts the tolerance in tests that check the license_received
time. This was periodically failing because a nonce flood might delay
the test by 1 second, which was being rounded up to 2. The tolerance
is now 3. The time is explicily used when it is available. Some
extra logging is also added to the mock.
bug:31458046
Change-Id: I450880cb3cd8bd5ef66cba13b94dd963d2663d9a
This CL removes some unused variables, and changes some integers to
unsigned integers. On some platforms, we were getting compiler errors
and unit test failures.
Merge from Widevine repo of http://go/wvgerrit/23840
Use unsigned integer literals
Merge from Widevine repo of http://go/wvgerrit/23767
Fix Gyp Files
Merge from Widevine repo of http://go/wvgerrit/23500
Remove unused variables
bug: 31458046
Change-Id: I4dfec95ae49187262552fbbf322f3310ab777826
Merge from Widevine repo of http://go/wvgerrit/23436
This change is just comment changes: minor rewording and grammar
fixes.
Change-Id: I4cb2ef77715623fdb2567f5b504ffaceb937a480
Merge from widevine repo of http://go/wvgerrit/23421
This CL adds some more unit tests for big usage tables, and corrects a
problem found in the reference code.
Change-Id: Iae9a4406d79a13362223c2b4da7365b845d92382
Merge from widevine of http://go/wvgerrit/23283
This CL adds the backwards compatiblity functions to the new usage
tables in the oemcrypto mock reference code.
b/31458046
b/32554171
Change-Id: I04901d95aceb8910406f7c514c26c29c2c575322
Merge from widevine of http://go/wvgerrit/23283
This CL adds some big usage table functionality to the oemcrypto
mock and unit tests.
Still missing are: backwards compatibility, defragging the table,
haystack code, and lots of new unit tests.
The haystack now reports it doesn't support usage tables, so that
the unit tests will pass. This will be fixed in a future CL.
b/31458046
b/32554171
b/34173776
b/34174907
Change-Id: I6e08e76f7612ffb77e413151e00f830339298c62
Merge from Widevine repo of http://go/wvgerrit/23044
On some platforms, the compiler will not pack structures. This CL
replaces the OECrypto_PST_Report packed structure with a simple buffer
of uint8_t. This changes the signature of OEMCrypto_ReportUsage as
part of OEMCrypto v13.
There is also a new wrapper class that test code, the mock, and debug
code can use to access data in the report.
The old packed structure definition is moved to the level 3, where we
use a compiler that packs sructs when asked nicely.
arm/libwvlevel3.a Level3 Library 4445 Jan 20 2017 11:29:15
x86/libwvlevel3.a Level3 Library 4464 Jan 20 2017 11:10:49
mips/libwvlevel3.a Level3 Library 4465 Jan 20 2017 10:56:08
b/32180083
Change-Id: Ie138f034cb12780a2f8636888cebf022c52169e5
Merge from widevine repo of http://go/wvgerrit/21683
This CL adds unit tests for OEMCrypto_RewrapDeviceRSAKey30 for devices
that use provisioning 3.0.
Change-Id: Ib1a5566de343365b2ae3531f375ac2cc6d86ee53
Merge from widevine repo of http://go/wvgerrit/21682
This CL updates oemcrypto/test/oec_device_features.cpp to figure out
the provisioning method and filter out tests that are not relevant to
the device's method.
This CL also introduces unit tests for GetOEMPublicCertificate.
Unit tests for RewrapDeviceRSAKey30 will be in a future CL.
Change-Id: Ib7065ce866d1171ca61b9aa08188fa2ac8d90fc2
Merge from widevine repo of http://go/wvgerrit/21681
This CL refactors some oemcrypto unit tests in preparation for adding
Provisioning 3.0 tests.
- The signature GenerateNonce has changed. Instead of the caller
passing in a pointer for the nonce, we store the nonce in a member
variable of Session.
- GenerateDerivedKeys is being replaced by InstallTestSessionKeys.
This sets up and calls the appropriate derive keys method. This
function is in the test class, instead of the session class so that
multiple sessions in a class can share the same wrapped rsa key.
This will be modified for provisioning 3.0 in a future CL.
- Rename tests that require a keybox. Some tests are specific for
using a keybox to request a DRM cert. These tests are renamed so we
can filter them out on devices that use an OEM Cert. Corresponding
tests for devices using provisioning 3.0 will be in a future CL.
- Some member variables and methods in the class Session were not
used. They are removed.
- Added openssl smart pointer.
- Comments. I added comments.
- clang format.
Change-Id: Ib579a322858e0ef92652a42167241b35cf85a041
Merge from widevine repo of http://go/wvgerrit/21521
On devices that use provisioning 3.0, the function
OEMCrypto_GenerateSignature will only be used for a license renewal.
This CL adds a call to OEMCrypto_GenerateSignature to the refresh key
tests. Otherwise, there would be no coverage at all for that
function.
Change-Id: Icbd568eea3f9f256cc9b0b441f7907b316bb5b69
Merge from widevine repo of http://go/wvgerrit/21260
This CL adds some oemcrypto unit tests for various buffer sizes, as
described in b/28887904 and the OEMCrypto v12 specification.
Encryption and Decryption buffers can be 100k large. License request
and response messages can be 8k. A provider session token (pst) can be
at most 255 bytes long.
I also passed the code through clang-format.
b/28887904
Change-Id: Ia3e317c0f6466e663461e66b610c9a98a90efb0a
Merge from widevine repo of http://go/wvgerrit/20981
OMECrypto v12 requires at least 20 keys per session and at least 10
sessions. This CL updates the unit tests to verify this, and updates
level 3 and mock code to conform.
This CL also updates the level 3 oemcrypto to support 16 sessions and
320 keys total.
b/30140448 Minimum 20 keys per OEMCrypto_Session
Change-Id: Idd38d8f2cdfd6acde6fa7622b5912372bee9e488
