Merge from widevine repo of http://go/wvgerrit/17877
The final spec for CENC says that partial encrypted blocks are only
allowed for "cenc" mode, and not for "cens" mode. Also, the
pattern_offset must be 0 for all calls to OEMCrypto_DecryptCENC.
Review doc changes http://go/wvdelta11 and http://go/oemcrypto
Notice that this CL affects documentation and test code only. No
production code is affected.
b/28718266
b/28817376
Change-Id: I1d6a38a763a2b693ea0c26bc909e1c721b8facaf
Merge from widevine repo of http://go/wvgerrit/17463
This CL updates the unit tests to verify that
OEMCrypto_Generic_Encrypt and OEMCrypto_Generic_Decrypt can handle a
buffer size of at least 100k. It also adds code to the
oemcrypto_dynamic_adapter so that buffer sizes that are larger than
100k are broken into chunks of 100k.
All Nexus devices targeted for N pass these tests.
b/27040752
Change-Id: Iaf5c65d2f0b69e60f03cc99732d1ecab60658049
Merge of http://go/wvgerrit/17040
The delta document specified the wrong error code if
Minimum_Security_Patch_Level is not valid. The correct error is
OEMCrypto_ERROR_UNKNOWN_FAILURE.
b/27524999
Change-Id: I0c5d9b6d40b384ae3550348569d78c60093a65d4
Merge of http://go/wvgerrit/16300
This CL removes gtest and boringssl from
build_and_run_all_unit_tests.sh. Instead, we change each "mm"
to "mm || mma". Thus, if mm fails, we assume it is because of a
missing dependency and try mma which builds all dependencies.
bug: 25297287
Change-Id: Ief76fa4077e4cd8653da9306cc92ed14cf080564
Merge of widevine change http://go/wvgerrit/16249
This CL adds unit tests and reference code for the security patch
level, which is a new feature in OEMCrypto v11. This CL also adjusts
the dynamic and static adapters to still run with devices that have a
v10 OEMCrypto.
The level 3 haystack code will be updated in a future CL.
bug: 26188985
Change-Id: I518ef46b4098cf3718fe0c0390bfb6825db4fb6b
Merge from widevine repo of http://go/wvgerrit/16186
These are the OEMCrypto v11 documents and header files. I have updated
just enough code so that existing unit tests pass. New unit tests,
the reference implementation, and the level 3 implementation are in
future CLs.
Change-Id: I9bbf1909e047f63a5877320a2d06740a3c4a3e32
Merge from widevine repo of http://wvgerrit/14219
This updates the integration guide to include a definition of the
keybox. Previously, there was a broken link in the description of
IsKeyboxValid.
This CL also updates the android supplement to describe how to request
a keybox. I just copied the information from the legacy integration
guide.
Change-Id: I486a3ccad9889a732a9c1374c40b793deb249459
This is a merge from the Widevine repository of
http://go/wvgerrit/14024
Add Level 3 Oemcrypto Unit Tests To Run All Tests Script
This CL adds the ability to restrict the oemcrypto unit tests to only
use the fall back level 3. This restriction is per-process, and is
only used while running the unit tests. This allows us to automate
running the unit tests on an android device as both level 1 and level
3 without modifying files in /system/lib. To turn on the restriction,
set the environment variable: FORCE_LEVEL3_OEMCRYPTO=yes.
New level 3 library versions are:
level3/arm/libwvlevel3.a Level3 Library Apr 8 2015 13:09:05
level3/x86/libwvlevel3.a Level3 Library Apr 8 2015 13:15:42
http://go/wvgerrit/14055
Remove Redundant Tests
This CL modifies the UsageTableTests in oemcrypto_test.cpp so that
they are not all parameterized by new_mac_keys_. This parameter is
used when testing signatures. In particular, we do not need to verify
timing twice.
Also, I modified the run_all_unit_tests.sh script so that the
environment variable GTEST_FILTER is passed down to the android
process. This allows us to use the script to run a limited list of
tests while debugging.
http://go/wvgerrit/14054
Filter Out API Version 10 Tests
This CL updates the OEMCrypto tests so that all but one test will pass
for a device that implements the version 9 API.
Android LMP devices should pass tests with
GTEST_FILTER="*-*MNC*:*CanLoadTestKeys*"
http://go/wvgerrit/13886
Update Documentation about Optional Features
The intergration guide has been updated to include reference to
OEMCrypto_LoadTestRSAKey. It also now discusses optional features.
The Delta 10 document now mentions OEMCrypto_LoadTestRSAKey.
The android supplement warns that most optional features are required.
This also adds clarification about which functions should save the
usage table, in answer to:
b/16799904 OEMCrypto v9 ambiguous about saving usage table information
Change-Id: Ifb517d58952c9b332b2958ca99af64bc293b985f
This is a merge of http://go/wvgerrit/13391 from the Widevine
repository. Most of the changes were already merged, but I forgot to
"git add" this new file.
Change-Id: Ie6875dc7f0d5a81c04bc5247e7d5ae0d033f695b
This is a merge of http://go/wvgerrit/13391 from the Widevine repository.
This CL adds the OEMCrypto version 10 API to the header, and changes
just enough code so that code still compiles. There are no unit tests
or implementation.
The level 3 libraries are just stubs so that tests will compile.
level3/arm/libwvlevel3.a Level3 Library Mar 11 2015 13:33:21
level3/x86/libwvlevel3.a Level3 Library Mar 11 2015 15:20:27
Change-Id: I41de753a2a60da29b756c3327341ece72069d8bb
This is a copy of
https://widevine-internal-review.googlesource.com/#/c/11115/
This CL just updates the integration guide. In particular, the
following clarifiaction is made about usage tables:
The sentence:
When the session using this key is closed, the entry in the table will
be marked as inactive.
is replaced by
After the session using this key is closed, the application will
request that the entry in the table will be marked as inactive.
This should make it clear that OEMCrypto should not automaically
deactivate usage entries. This behaviour is already verified by unit
tests.
bug: 17405160
Change-Id: If836c7c76205e6759c1c194a6f31232c52c4f179
This is a copy of
https://widevine-internal-review.googlesource.com/#/c/11030
It is an error for the key control block to have a nonzero replay
control flag and a null pst. This CL adds unit tests to
oemcrypto_test to verify that oemcrypto checkes this. A unit test is
also added for verifying that an offline license has a valid nonce the
first time it is loaded.
It also updates the reference implementation (mock) to check that the
pst is not empty when the replay control flag is nonzero.
It also updates the level 3 implementation to check that the pst is
not empty when the replay control flag is nonzero.
This change is compiled into the arm library, but because of
compilation errors, is not included in x86 or mips.
Current Library Version:
arm: Level3 Library Aug 27 2014 18:42:40
bug: 16525204 OEMCrypto unit test for reloading offline license
bug: 16844305 Mock OEMCrypto does not catch null pst
Change-Id: Icdb090e80fc92522c187b26f30e5ba082f26363b
Because the OEMCrypto_PST_Report is sent as a signed block to the
server, it needs to be a fixed, platform independent, size. This CL
adds the packed attribute to the structure, which reduces its size
from 56 bytes to 48 bytes.
Copy of widevine change:
https://widevine-internal-review.googlesource.com/#/c/10321/
Library Versions:
libwvdrmengine/level3/x86/libwvlevel3.a Level3 Library May 30 2014 15:40:50
libwvdrmengine/level3/arm/libwvlevel3.a Level3 Library May 30 2014 15:39:04
bug: 15184821
Change-Id: I54db2c3bbc4e20ee0c19c33d6fd56f86f432e110
What can the user do with the security setting:
- open and view the doc
- print the doc
- no copying of content
- can add comment, filling in forms and signing existing signature fields
(no forms or signature fields in the doc),this option is bundled together
(it is nice to allow the user to add notes to the doc)
bug: 14294953
Change-Id: I8690ccd16daffbd62549c1e4e137880b196c12d4
This change is copied from the widevine CL:
https://widevine-internal-review.googlesource.com/#/c/10163/
Because the OEMCrypto_PST_Report is sent as a signed block to the
server, it needs to be a fixed, platform independent, size. This CL
adds the packed attribute to the structure, which reduces its size
from 56 bytes to 47 bytes.
Change-Id: I2bae058b7eb0ac54ba9fad355f3d85ddc2cd4a58
This is a copy of the Widevine CL:
https://widevine-internal-review.googlesource.com/#/c/9480/
This change is part of OEMCrypto API version 9.
This CL adds verification that a key control block which requires a
specific version of HDCP can be loaded. Also, if secure data path is
not set, it verifies that data is still decrypted.
This CL also adds test that verify DecryptCTR fails when the current
HDCP version is below that in the key control block. The expected
error is OEMCrypto_ERROR_INSUFFICIENT_HDCP. This error code is newly
introduced in this CL.
This is one attempt to clarify HDCP, as specified in b/13626021, and
is a slight modification from previous behavior for the mock and the
level 3 haystacked code.
This CL also tests the two valid verification codes "kctl"
and "kc09".
bug: 13626021
Change-Id: If380709d2306a3489470b29fb148a45b609b089d
A bug (b/8132682) in "Download as PDF" from Google Docs makes table of
contents links point back to the original document. This causes
problems with external customers.
This change uses the following work around: print the document, and
select "Save as PDF" as the printer.
This only removes the links. It does not fix them. When bug 8132682
is fixed we can re-download the documents with proper links.
bug: 12585419
Merge of https://widevine-internal-review.googlesource.com/#/c/8775/
from the widevine cdm repo.
Change-Id: I5344b85bee213aba3a99913a4bb7be824fdd7acf
This merges the following changes from the Widevine CDM repository:
bef58bc Add new error codes
Adds new error codes to OEMCryptoCENC.h and rearranges it to more
closely match the documentation.
5fcfbca Handle OEMCrypto_ERROR_INSUFFICIENT_RESOURCES on Decrypt
Changes the CDM to support the new errors from the previous change.
d59c09d Report Insufficient Crypto Resources
Changes the DrmEngine to support the new errors from the previous
change.
1085a21 Respond to Too Many Keys or Sessions Errors
Allows errors around having too many keys or sessions to result in
a unique error in the CDM.
Bug: 9695816
Change-Id: I826bc655109fa57e4f75de7158d7f392053666b1
The function OEMCrypto_LoadKeys should accept a null pointer for the
enc_mac_keys pointer. This indicates that the mac_keys are not being
updated. This CL just updates the documentation to clarify this behavior.
bug: 9549308
Change-Id: I1073e72f9c8d0fa712ad02e4c2d517202b3defab
Because we do not want to accidentally install a test keybox on a
production device, most of the oemcrypto unit tests are being disabled
by default.
If you wish to run these tests, you can override this choice, by
running:
adb shell /system/bin/oemcrypto_test --gtest_also_run_disabled_tests
This change prompts for and requires positive confirmation before
running the disabled tests on a device that has a non-test keybox
already installed.
Bug: 8907626
Merge of https://widevine-internal-review.googlesource.com/#/c/5531/
from the Widevine CDM repository
Change-Id: Ib8e3605129ebf0861b4af15d04676f7a06cc5b78
There is an ambiguity in the use of the signature length in
OEMCrypto_GenerateRSASignature. If the pointer to the vector is null,
the function should set the length parameter to be the size of the
buffer needed.
This ambiguity has been clarified in the documentation: the
length returned should be the exact length of the buffer. It
will be corrected in a future release of Qualcomm's L1. However,
we are putting this change in both as a stop-gap and as a
belt-and-suspenders fix.
Bug: 8878371
Merge of https://widevine-internal-review.googlesource.com/#/c/5494/
from the Widevine CDM repository
Change-Id: I7574874884ca10da68d15674c971a565d015767d
Having the integration docs in the tree helps with version
management and distribution to partners.
bug: 8698129
Change-Id: I4c1e4f5902457815eaf58e6bd5313951d2b773ca
