Merge from master branch of Widevine repo of http://go/wvgerrit/66080
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64002
This CL updates OEMCrypto reference code and unit tests to support full decrypt
path testing.
Test: unit tests
Test: tested as part of http://go/ag/5501993
Bug: 34078913
Change-Id: Ia67374599d6619698a336f41513068ad04294e7f
Merge from master branch of Widevine repo of http://go/wvgerrit/66078
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64022
This CL updates OEMCrypto ref code, unit tests, and core code for
setting the sandbox id before initializing OEMCrypto.
Test: unit tests only
Test: tested as part of http://go/ag/5501993
Bug: 115834255
Change-Id: Id9831680fe4db1c69413815931cae4bc80df0c01
Merge from master branch of Widevine repo of http://go/wvgerrit/66076
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64743http://go/wvgerrit/64083 had some refactorings that weren't completely
accurate or slightly changed the meaning of some tests. This CL is an
addendum to that CL to fix those refactorings.
Test: tested as part of http://go/ag/5501993
Bug: 115874964
Change-Id: I37766a4c34de737eb9ca94ef781805435ee30dfd
Merge from master branch of Widevine repo of http://go/wvgerrit/66075
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64702
Bug: 118172995
Tests OEMCrypto_LoadKeys when given a KeyObject with NULL KeyControl or
KeyControl iv.
Test: tested as part of http://go/ag/5501993
Change-Id: I1a5d26b1e2ff395fbd5ef7769af1165222c1877e
Merge from master branch of Widevine repo of http://go/wvgerrit/66073
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64083
As part of the update to v15, LoadKeys, RefreshKeys, and
LoadEntitledContentKeys should all use offsets and lengths into the
message rather than a pointer for its parameters. The CDM, tests,
adapters, and OEMCrypto implementations are changed to reflect this.
Test: tested as part of http://go/ag/5501993
Bug: 115874964
Change-Id: I981fa322dec7c565066fd163ca5775dbff71fccf
Merge from master branch of Widevine repo of http://go/wvgerrit/66072
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63764
This adds the function OEMCrypto_ResourceRatingTier to the oemcrypto referenece
code, dynamic adapter, and unit tests.
Bug: 117110800
Test: tested as part of http://go/ag/5501993
Change-Id: Idf47af405f0c69601108b75c788a97b30abdb39d
Merge from master branch of Widevine repo of http://go/wvgerrit/66071
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63842
OEMCrypto tests log the HDCP value. This CL updates those logs to include logs
for HDCP 2.3.
Test: unit tests
Test: tested as part of http://go/ag/5501993
Bug: 78773763
Change-Id: I7a3003e081c3c848b5d595ac241a0b546dacb747
Merge from master branch of Widevine repo of http://go/wvgerrit/66070
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63662
To make the threading model more clear, CopyBuffer is now a session function.
This means we need to pass in which session the current thread locks.
Test: unit tests.
Test: tested as part of http://go/ag/5501993
Bug: 113680369
Change-Id: I2fdd2cfcaab99f3793950b3845941463675f5e4c
Merge from master branch of Widevine repo of http://go/wvgerrit/66066
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63628
The error code OEMCrypto_KEY_NOT_LOADED is redundant with
OEMCrypto_ERROR_NO_CONTENT_KEY and OEMCrypto_KEY_NOT_ENTITLED. The
function LoadEntitledContentKey should return KEY_NOT_ENTITLED if it
does not find the corresponding entitlement key in its key table. All
other functions that do not find a key id in the key table should
return OEMCrypto_ERROR_NO_CONTENT_KEY. This includes QueryKeyControl,
SelectKey, and RefreshKeys.
Test: unit tests
Test: tested as part of http://go/ag/5501993
Bug: 115574797
Change-Id: Ida2111f32e331b99f3f0c77fa404a42654d0870c
Merge from master branch of Widevine repo of http://go/wvgerrit/66065
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63080
This is for the reference code, the unit tests, and the oemcrypto adapter.
Bug: 116414218
Test: unit tests
Test: tested as part of http://go/ag/5501993
Change-Id: I05a631f6cfcf1584a748b3a0c9ae48633893589f
Merge from master branch of Widevine repo of http://go/wvgerrit/66064
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63063
This is in the reference code for OEMCrypto, and in the unit tetss.
Bug: 111939411
Test: unit tests
Test: tested as part of http://go/ag/5501993
Change-Id: I2cc2e7028f62d1c375eb632452eef94566fa9ae3
Merge from Widevine repo of http://go/wvgerrit/62782
There were still some old test keyboxes in the unit tests for older devices and
in the mod mock. These are removed. Also, the cert with system id 7346 has
been removed.
The new test keybox has system ID 7912.
The new test cert has system id 7913.
bug: 76435251
Test: unit tests (unit tests do not pass on v13 oemcrypto)
Test: tested as part of http://go/ag/5501993
Change-Id: I6007b6650162d9dc9d01384faaafc87acdf8ebd7
Merge from Widevine repo of http://go/wvgerrit/55460
This test ensures that different oemcrypto sessions can use different RSA keys.
bug: 110319198 Test concurrent sessions can use different DRM certificates
test: unit tests on taimen
Change-Id: Id75eedea347d453987dfe42894a8a7301e345674
Merge from Widevine repo of http://go/wvgerrit/57640
Add a unit test for OEMCrypto to handle a small buffer.
Test: unit tests
bug: 78233951
Change-Id: I5efe088705e2d248ab9ea45d8576daf69ad8bcdb
Merge from Widevine repo of http://go/wvgerrit/55461
This CL allows provisioning 3.0 devices to install their OEM certs
from an initialization partition. This method is already used for
keyboxes on Android -- we are just adding the ability to use it for
OEM certs, also.
Also, for v15, we require OEMCrypto to report a valid certificate in
the unit tests.
bug: 111725154
test: unit tests
Change-Id: I142c84a1a67bdb4cee943cfd12a632421901eb24
Merge from Widevine repo of http://go/wvgerrit/56526
This CL removes the test keybox from OEMCrypto reference code.
Test: unit tests
Bug: 76393338 split mock into ref and testbed
Change-Id: I4bf0eb777c6851191d0ac9ccf8e2b42c55c8f6b9
Merge from Widevine repo of http://go/wvgerrit/56520
This CL adds a test base that installs a test keybox and catches nonce
flood errors for all CDM tests.
In order to do this, a new class is added called a
CryptoSessionFactory. The default factory just creates a new
CryptoSession. All places in the code that create a new CryptoSession
now call the static method MakeCryptoSession, which uses the current
factory to create a CryptoSession. If MakeCryptoSession is called and
there is no current factory, a default factory is created.
The CryptoSession constructor is now private, so that we do not
accidentally try to create one without using the factory.
For the new test base, we first create a special test
CryptoSessionFactory that creates a TestCryptoSession. The test
factory catches the first call to MakeCryptoSession and injects an
installation of the test keybox after OEMCrypto_Initialize is called.
The TestCryptoSession injects a sleep statement and a retry whenever
it detects a nonce flood.
Test: current unit tests still pass.
bug: 72354901 Fix Generic Crypto tests.
bug: 111361440 Remove #ifdef from unit tests
Change-Id: I248e7f3c53721c04d2af412ef835e19bb4d15d9a
Merge from widevine of http://go/wvgerrit/48885
iOS prohibits using clock_settime. In order to make the test consistent,
we set time using settimeofday instead.
Test: tested as part of http://go/ag/4674759
Change-Id: I8812b9b099fa8160591fafece070c34afeed82fa
Merge from Widevine repo of http://go/wvgerrit/46204
Refactor utility code - split the mock, step 1
Merge from Widevine repo of http://go/wvgerrit/46205
Move some OEMCrypto types to common header - split the mock, step 2
Merge from Widevine repo of http://go/wvgerrit/46206
Split mock into two -- step 3
Merge from Widevine repo of http://go/wvgerrit/47460
Split the mock into two -- step 3.5
The CL moves several files used by oemcrypto and cdm into a common
subdirectory, so that it may more easily be shared with partners.
The CORE_DISALLOW_COPY_AND_ASSIGN macro was moved to its own header in
the util/include directory.
This CL removes some references to the mock from other code, and puts
some constants and types, such as the definition of the keybox, into a
header in oemcrypto.
Test: tested as part of http://go/ag/4674759
bug: 76393338
Change-Id: I75b4bde7062ed8ee572c97ebc2f4da018f4be0c9
Merge from Widevine repo of http://go/wvgerrit/58440
This CL modifies the oemcrypto test TwoHundredEntries so that it
attempts to create more than 200 entries. A device is allowed to fail
when such an attempt is made, but it must return an insufficient
resources error.
The test then verifies that each of the entries that were succesfully
created can be used to reload its license and the keys can be used for
decryption.
It then shrinks the usage table header, and verifies that the
remaining licenses can still be used for decryption.
bug: 112486006
test: unit tests (test code only)
Change-Id: I6e6edfb00f0553724e0f99fb4e5ea5c817450937
To be compatible with latest googletest.
Test: compile
Change-Id: I15d857ce7b9b28ba5f75c84c61f1c6a970012ca7
Merged-In: I15d857ce7b9b28ba5f75c84c61f1c6a970012ca7
Merge from Widevine repo of http://go/wvgerrit/50600
The entry count was really 201 -- it should be 200.
test: This code is unit tests only -- no production code.
bug: 79875327
Change-Id: Ib81253ce9d51a7157ea0a64cddeb6cc266b3e25e
Merge from Widevine repo of http://go/wvgerrit/50422
This CL adds unit tests to verify that a usage report can have the status
kInactiveUnused.
bug: 79556142
test: unit test code only
Change-Id: I10f71ac2e585ef33727aa8f80d867d80fe156ab8
Merge from Widevine repo of http://go/wvgerrit/49302
This CL adds some unit tests to verify that several OEMCrypto sessions
do not share nonce tables.
bug: 64850992
test: unit tests run on sailfish, taimen, and walleye.
Change-Id: I06cf3fdafb84f8b09cf2f0e58c1866bac511a293
Merge from http://go/wvgerrit/47640
Test: unit/integration tests
Bug: b/62058202
The usage table keeps track of license duration by using the current
system time. However, if a user were to rollback the time, they can
effectively continue offline playback indefinitely. This changes the way
we compute time by computing offsets by which the user rollbacked the
time and adding it to the current time. This change also includes a test
to verify protection against rollback for usage entries that is only run
when the user is root.
Change-Id: I97c430e1443747b0f9759ae5390b8f5d06bdebf1
Merge from Widevine repo of http://go/wvgerrit/47860
This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.
bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
Merge of http://go/wvgerrit/45521/
Bug: b/73818548
Test: request_license_tests and GTS tests on sailfish and taimen
This change loads the mac keys into the session to be used in
GenerateSignature from the last call to one of: DeriveKeysFromSessionKey,
GenerateDerivedKeys, LoadKeys, and LoadUsageEntry. OEMCrypto tests are
changed to reflect this as well (specifically the order in which we call
the above methods).
Merge from Widevine repo of http://go/wvgerrit/43721
This CL allows the tester to change the nonce flood rate from the
default of 20. A tester would want this value to be larger to make
tests run more quickly.
Setting the rate to 1 makes every other nonce request a flood error.
A tester wants to do this in order to verify cdm code responds to
nonce flood correctly. Several failing oemcrypto tests have also been
corrected.
This CL changes test code only.
bug: 73607610
test: unit tests
Change-Id: I3f52ff7ea9bcc1db7bc0e010da0b64a12d3b4dd3
Merge from Widevine repo of http://go/wvgerrit/42403
This CL changes the names of some unit tests so that they don't run
when testing an older version of oemcrypto.
bug: 68275290
test: ran unit tests against v8-v14 oemcrypto.
Change-Id: I773350adf4df3f3b310478400cd4d4e85789fc37
Merge from Widevine repo of http://go/wvgerrit/42064
This adds a unit test to verify that OEMCrypto can load a certificate
with an RSA private key generated using the Carmichael Totient.
bug: 67309725
test: No new failures. This code is part of unit tests only.
Change-Id: I492cf6bcff0ac2d1a838e7aa334c4b2b580ac5c7
Merge from Widevine repo of http://go/wvgerrit/41662
This CL updates oemcrypto unit tests to use the new test keybox.
bug: 69552641 Update OEMCrypto_LoadTestKeybox
test: Unit tests compile and run -- many tests won't pass until merged
with vendor code
Change-Id: I73bdca3958b2c985d4c61801aa95807a2e6d4299
Merge from Widevine repo of http://go/wvgerrit/41661
bug: 64001862 OEMCrypto V14 for Android P
test: Unit tests pass
Change-Id: I3314a881357c12ef63d7b257d83f6f0d07e4725a
This CL adds entitlement license features and moves cipher mode from
LoadKeys to SelectKeys.
Merge from Widevine repo of http://go/wvgerrit/41660
bug: 70334840 Entitlement License - cdm layer
bug: 70334345 Entitlement License - reference code and unit tests
test: Entitlement license unit tests pass.
Change-Id: Ic7d7f42c15e6d83ef7fcfd8a866c778adc4c8095
Bug: b/72320670
Test: Verified by unit/integration tests on sailfish
Merge from Widevine master of http://go/wvgerrit/41240
Previously, OEMCertForbiddenPaddingScheme checks to see if the OEMCrypto
returns a short buffer error on GenerateRSASignature and then resizes it
accordingly if so. If the OEMCrypto does not return this error first
(and instead complains about the padding scheme), the assertion will
return false since the signature has size 1. This CL changes that so it
doesn't matter which error the OEMCrypto returns first.
Change-Id: I2fd3a3814ff3722fd40ae6a3bcbd65293c9baed7
These are a set of CLs merged from the wv cdm repo to the android repo.
* Correct error logging
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/40000 ]
In tests, we set the cipher list to avoid using insecure
ciphers when connecting to the provisioning/license service.
The result of setting the cipher list was being incorrectly
validated.
Bug: 64847919
* Move mips cache headers to clear_cache_function.h
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39700 ]
Since the clear_cache function has been moved away from the dynamic
adapter, we need these conditional includes to be migrated as well for
MIPS.
* Comment out Level 3 debug call until merge
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39761 ]
This call was introduced in go/wvgerrit/34260/. Since the haystack tool
in google3 still needs this merge, this should be commented out so the
tool can still build until the merge has finished.
* Add logging for MAC keys to mock
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39740 ]
Bug: 70637842
* Move external interfaces into level3.h + refactor
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39673 ]
As part of b/70523618, this CL moves interfaces that partners are
responsible for in Level 3 to level3.h so they can be visible as
part of the CDM release process. It also cleans up some of the
names of the files and adds documentation.
* Corrected close session logging level
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39676 ]
Bug: 69460963
* Remove Security Level Path Backward Compatibility Support
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39505 ]
From the android K release onwards certificates were stored in
security level specific directories. If upgrading from
previous releases persistent information needed to be moved
to those directories.
Since no device is likely to upgrade from J to Pi, comptibility
support can be removed.
Bug: 70160032
* Rename privacy_crypto_openssl To privacy_crypto_boringssl
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37122 ]
Now that we no longer support OpenSSL in the Shared Source CDM, the name
of this file can be updated.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Remove Conditional Compilation from OpenSSL/BoringSSL
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/39460 ]
This change removes the usages of conditional compilation to support
both BoringSSL and OpenSSL, as well as to support multiple versions of
the OpenSSL API. All code is now compiled against one of the two
versions of BoringSSL in third_party/.
Note that in some cases, the kit/ and legacy_kit/ versions of BoringSSL
had different APIs, so when removing the OpenSSL version compatibility
conditional compilation, sometimes the older branch was kept and
sometimes the newer branch was kept.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Build CE & Jenkins CDMs With BoringSSL from third_party/
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37120 ]
Up until now, integrators have been responsible for providing a
compatible crypto library for use by the CE CDM. (either OpenSSL or
BoringSSL) After this change, this decision will no longer be in their
hands. The CE CDM build will always use the copy of BoringSSL in
third_party/, which will be statically linked with our library with
hidden visibility. This allows us to better control what crypto library
we use and will prevent continuing problems with trying to support both
OpenSSL and BoringSSL.
Unfortunately, BoringSSL began using C++11 in mid-2017, and we can't
support C++11 right now. Until we can, we need to use a C++11-free
version of BoringSSL for libssl. The CDM itself will continue to use a
recent BoringSSL, as it only needs libcrypto. But the unit tests that
need libssl have to use the legacy version.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Modified RNG for Level3 to use more entropy
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39220 ]
Bug: 65165076
Modified seed generation to use an xor of clock_gettime and
client-implemented code to supply random seeds to the RNG. Modified the RNG
as well to use xoroshiro128+ instead of xorshift, since it uses more
than one seed/state (which are 64-bit) and has higher "statistical quality".
The default implementations for the seed generation use /dev/urandom.
* Configure base path for Level3FileSystem
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39506 ]
This is in response to b/70354006. This change makes the
Android Level3FileSystem use the existing properties method
GetDevicesFilesBasePath for binderization. The same is done for the
Linux implementation.
* Add legacy_kit/ to BoringSSL Directory
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38861 ]
This adds a second copy of BoringSSL to the third_party/boringssl/
directory. This second copy is pinned to the last revision of BoringSSL
not to require C++11 and is not updated by the UPDATE_BORINGSSL.sh
script. This second copy will be used to provide libssl to the tests on
devices that do not support C++11.
Once we support C++11 in the CDM again, this weight should be removed
and all targets should use the copy of BoringSSL in the kit/ directory.
Bug: 67907873
* Use Shared Libraries for Unit Tests
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38860 ]
Some unit tests were using a statically-linked CDM instead of a
dynamically-linked one. (Or, in one case, trying to link both ways into
the same binary.) For now, we need to only link dynamically, so that the
unit tests and the CDM can use different versions of BoringSSL.
Long-term, we would like to test both kinds of linkage. (See b/69548115
for that.)
Some unit tests were also using a dynamicaly-linked CDM that was named
such that it appeared to be statically-linked. This patch renames some
targets to make the linkage clearer.
Bug: 67907873
* Change CDM_Backwards_Compatiblity_Tests to dedicated brances
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/39003 ]
The build scripts used by CDM_Backwards_Compatiblity_Tests now pull
old versions of oemcrypto from the dedicated branches oemcrypto-v*,
which [will eventually] contain old oemcrypto versions, that build
with the current build system with a current boringssl version.
bug: 67907873
* Fix spacing on level3 header
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/38760 ]
* Correct Query status calls
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38640 ]
Bug: 70160032
* Refactoring to allow encryption of client ID
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37460 ]
The code has been restructured to allow encryption of client
identification in provisioning requests. This will be enabled
when server side changes have been made (b/69427217).
* Additional information is included in the Client Identification
portion of the provisioning request.
* Client identification will be encrypted with a service
certificate provided by the app/client. Platform changes
to enable passing this to core are needed. If a service certificate
is not provided, a default one associated with the production Keysmith
will be used.
* Switched APIs in CdmEngine to take a service certificate for
provisioning rather than licensing. Service certificates for
licensing are session based and passed as properties from platform
code.
Bug: 30737060
* Allow some CDM errors to be reported from multiple locations
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38360 ]
This creates some CdmResponseType errors which may be reused
PARAMETER_NULL, NOT_INITIALIZED_ERROR, REINIT_ERROR.
I have made changes to a few classes to report these errors.
Will work on additional classes in a separate CL.
Bug: 69864404
BUG: 71650075
Test: WV Unit/integration tests
Change-Id: Icc048770d424ac537d11ff327cda2cb142da802d
These are a set of CLs merged from the wv cdm repo to the android repo.
* Make Android NDK Builds Work With Latest BoringSSL
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37000 ]
The latest updates to BoringSSL require C99 or later. Our NDK-based
builds (OEMCrypto Variants & Fastball) were not specifying a C standard.
This patch adds compiler flags so that C files are compiled as C11 now.
Note that this is about the *C* standard in use, not the *C++* standard,
which this patch leaves untouched.
BUG: 67907873
Test: build_android_mock.sh
* Update BoringSSL to f7412cb072cc6b1847140e0c4f8b3ceeccd0e708
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36761 ]
This is the result of running UPDATE_BORINGSSL.sh. Future runs of this
script should produce much smaller sets of changed files, but because
the BoringSSL revision already in this directory was so old and
contained many extraneous files from the Android operating system, the
set of changed files is extensive this time.
BUG: 67907873
* Refactoring the build files.
Author: Vasantha Rao Polipelli <vasanthap@google.com>
[ Merge of http://go/wvgerrit/37041 ]
Move all common build dependencies to .gypi so that all fuzz test
binary targets can be added to .gyp file without repeating code.
* Introduce service certificate request property
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36941 ]
Platforms differ on whether they allows service certificates to be
requested if privacy mode is enabled and a certificate is not present.
This property allows behavior to be configurable.
Generating the service certificate request will be introduced
in a follow on CL.
BUG: 68328352
* Deprecate using keyboxes as identification
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36740 ]
Previously some platforms supported using keyboxes rather than
certificates as the identification tokens in the license request
message. All platforms that share core CDM code of the master branch now
either provision using a keybox and use a DRM certificate or an
OEM certificate as identification. No future usage of keyboxes
as identifying tokens is planned.
Since the platform property use_certificates_as_identification
is always set to true, the negative code paths are never taken and
can be removed.
* OEMCrypto_GenerateSignature API Fuzz Test.
Author: Vasantha Rao Polipelli <vasanthap@google.com>
[ Merge of http://go/wvgerrit/36863 ]
- The first automated API fuzz test.
- Also sumitting the corpus for the API fuzzed.
* Add Script to Update BoringSSL from Source
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36760 ]
Adds a script to third_party/boringssl/ that, when run, deletes all the
auto-generated files in the generated/ directory and regenerates them
from scratch, starting from the latest public HEAD of BoringSSL.
Bug: 67907873
* Fix Fastball / OEMCrypto Variant BoringSSL Makefiles
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36926 ]
Previously, when moving the BoringSSL source within the tree, I was not
able to verify that I had not broken the NDK-compatible makefiles used
by Fastball because that build is broken on master. I had to make a
best-guess as to how they should be updated and hope.
Now, however, I have been informed that the OEMCrypto Variants also use
these makefiles, and I have been able to use that build to find where I
broke them and get them fully working.
Bug: 67386164
Test: build_android_mock.sh
* Add kit/ to BoringSSL Include Path for Fastball & OEMCrypto Variants
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36925 ]
When I moved the BoringSSL source in the tree, I updated the Android.mk
files that pointed to it in order to build it. I did not realize that
some makefiles outside that directory also contained hardcoded pointers
into that directory. These references broke after the move. This patch
fixes those paths to point to the new BoringSSL location.
Bug: 67386164
Test: build_android_mock.sh
* OEMCrypto Unit Test Refactor.
Author: Vasantha Rao Polipelli <vasanthap@google.com>
[ Merge of http://go/wvgerrit/36562 ]
Refactoring OEMCrypto Tests so the Session Utility test code can be reused in fuzz tests.
* Reorder license server config table to match ids
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36743 ]
* Separate Hand-Written BoringSSL Files from Downloaded/Generated Ones
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36561 ]
I want to make updating BoringSSL as simple as possible for us going
forward. A future commit will add a script that automatically downloads
and sets up the latest version of BoringSSL. To facilitate this script,
a clear distinction needs to be made between the files that can be
downloaded with / regenerated from the BoringSSL source and the files
that are maintained by us by hand.
The version of BoringSSL in this change is exactly the same as the one
already in this directory. It has just been moved one folder deeper.
Bug: 67907873
* Remove BoringSSL Symlinks, They Are Confusing Gerrit
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36560 ]
There are some symlinks in the current copy of BoringSSL that are
causing headaches when I try to upload future changes to Gerrit. These
were inherited from the Android OS and are not used by our build
anywhere. They would be wiped out when I update BoringSSL anyway, but
wiping them out in a separate change before I upload any other changes
avoids confusing Gerrit.
Bug: 67907873
* Add group master key id to support sublicense master
key rotation, and content identification.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36180 ]
* OEMCrypto Fuzzer test framework
Author: Vasantha Rao Polipelli <vasanthap@google.com>
[ Merge of http://go/wvgerrit/36280 ]
- Adding a sample fuzz test.
- Adding build scripts for building the new Fuzz Tests to come.
Design doc: go/oemcrypt_ref_impl_fuzz
* Build Mod Mock with C++ 11
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/36328 ]
This should fix the android oemcrypto mock build:
http://go/wvbuild/job/Android_OEMCrypto_Variants
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: Ic4d5be3118ef97e3f7d386149a2b5d9be8f0a87e
These are a set of CLs merged from the wv cdm repo to the android
repo.
* Android build fixes
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36322 ]
* Address android compilation errors and warnings
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36300 ]
* Gyp cleanup and OpenSSL v10.1 support.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/36001 ]
OpenSSL 10.1 has a small number of incompatible changes.
A desktop system upgrade exposed some issue in the build scripts.
Specifically, the linux build was using both third_party/protobufs (2.6.1)
and the version installed on the system (3.0 in this case). The linux
cdm.gyp depended on cdm/cdm.gyp which caused that plus some
additional issues.
These changes are necessary to support g++ version:
g++ (Debian 6.3.0-18) 6.3.0 20170516
Also did some cosmetic rework on run_current_tests to make it easier
to figure out what is going on when something fails.
Also tweaked some of the compiler settings for g++ support (revisit
this later).
* Refactored Service Certificate encryption to allow encryption of arbitrary data.
Author: Thomas Inskip <tinskip@google.com>
[ Merge of http://go/wvgerrit/36141 ]
* Send cdm test requests to UAT.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36221 ]
This change resolves the all of the
CdmDecryptTest/CdmTestWithDecryptParam.DecryptToClearBuffer
tests.
The license servers will return different keys and keyids.
Sending the request to staging returned key ids and keys that were
not matching what was expected in the unit tests.
* Fix for building L3 OEMCrypto with clang and libc++
Author: yucliu <yucliu@google.com>
[ Merge of http://go/wvgerrit/35740 ]
1. Include <time.h> for time(time_t*).
2. Create endian check union on stack. Clang may create const union
somewhere else, which may cause crash.
* Remove error result when a sublicense session does
not exist. This is not considered an error.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36080 ]
* Set default mock handler for GetSupportedCertificateTypes
for all unit tests and removed the use of StrictMock from
MockCryptoSession.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/35922 ]
The handler for this was only set for one test and resulted
in a number of failures.
* Set default handler for GetHdcpCapabilities. For
now the default action is to call the real
GetHdcpCapabilities of crypto_session.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36140 ]
I also changed the mock to a NiceMock to silence
responses to unexpected calls to GetHdcpCapabilities.
The default handler can be overridden as needed in
the individual tests.
This resolves the policy engine test failures.
* Finalize merge of cdm_partner_3.4 to master.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/35360 ]
This is the final set of updates to merge all v3.4.1
changes into master.
* Embedded license: Sublicense rotation.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/35360 ]
Handle sublicense rotation event.
* Embedded license: Initial license phase.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/34280 ]
Initial license phase - key loading subsession.
* Embedded license: generate session data.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/33722 ]
Generate session data and add it to the license request for
any embedded license material.
* Resolve missing symbol when building cd-cdm
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/35840 ]
* C++11: Replace OVERRIDE def with override keyword
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/35400 ]
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I37d0cb17f255ac6389030047d616ad69f895748c
These are a set of CLs merged from the wv cdm repo to the android repo.
* Resolve intermittent decrypt error.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/35720 ]
The CdmSession's closed state was not properly
initialized resulting in intermittent
SESSION_NOT_FOUND_FOR_DECRYPT errors.
In CdmEngine::Decrypt the session is looked up by
the key id. A list of open sessions is acquired
by calling CdmSessionMap::GetSessionList and each
session in the list is queried to see if it has
the key.
In building the list in CdmSessionMap::GetSessionList,
sessions are only added to the query list *if* the session
is not closed.
The closed status was not initialized and during testing
the query list would not contain the session causing
CdmEngine::Decrypt to return SESSION_NOT_FOUND_FOR_DECRYPT
resulting in the ce cdm api returning widevine::Cdm::kNoKey.
* No support for pre- C++11 compilation.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/35381 ]
* Handle unaligned nonce pointer in RewrapDeviceRSAKey calls.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/35340 ]
The pointer points into a message and it may not be aligned.
Always copy the nonce into aligned memory before checking it.
BUG: 38140370
Add note to CHANGELOG for this.
* Compiler strictness: more checks and code cleanup.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/35300 ]
Use the switches proposed in b/38033653 (as much as possible - some
conflicts with protobufs and gtest prevent fully accepting them).
Switch to clang for x32 build; ensure that both x86-64 and x86-32 builds
compile and link cleanly.
BUG: 38032429
BUG: 38033653
This partially resolves b/38458986
* Android build fixes
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/35102 ]
These corrections address compile warnings and errors for android
and unit tests.
* Embedded License: Add sub license key sessions.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/33680 ]
NOTE: this adds the AddSubSession() method, but it is not yet being
used. Use and proper cleanup is in an upcoming CL.
* Embedded license: Add track label field.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/33660 ]
A new track label field (a string) is added to the key container and the
sub session data objects.
This field will be used in handling sub license requests.
* Embedded license: extract keys from init_data.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/33621 ]
* Embedded license: add protobuf messages.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/33620 ]
also sync the widevine header definition with recent naming changes.
* Improve handling of provisioning response errors.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/33600 ]
Separate out the case of no response and the case
where the message is believed to be a JSON+base64
message but it doesn't parse properly.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I3c86f1c54980b071aec7461ac58541836551f896
These are a set of CLs merged from the wv cdm repo to the android repo.
* Enable Cast for Android Things build.
Author: Thoren Paulson <thoren@google.com>
[ Merge of http://go/wvgerrit/29941 ]
Added a path to make_cast_libwvlevel3 for Android Things. Added the new
system id to the preprocessor guards in android_keybox.cpp. Guarded the
references to stderr in page_allocator.cpp because for some reason they
don't get resolved when we link against the resulting library.
BUG: 63443584
* Resolve memory leaks in use of OpenSSL.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32700 ]
Use of EVP_CIPHER_CTX requires a call to EVP_CIPHER_CTX_cleanup().
* Memory leak in OpenSSL RSA key handling.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32621 ]
This fixes a range of tests. --gtest_filter="CdmDecrypt*" runs
five tests and still loses 5 objects totalling 1320 bytes (down
from 6200 bytes).
* Unit test and mock OEMCrypto memory leaks.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32640 ]
More memory leak cleanup. All remaining leaks are due
to calls to CRYPTO_malloc() without the matching free
(i.e., calls into openssl).
* Clean up memory leaks in tests.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32600 ]
This is the first pass at cleaning up memory leaks. These leaks
were affecting a lot of tests, making it hard to identify more
serious leaks.
Switch to unique_ptr<> pointers for CdmEngine in
generic_crypto_unittest tests for FileSystem object in
mock OEMCrypto's CryptoEngine object.
* Fix broken tests - linux-only & address sanitizer failures.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32460 ]
Fix broken test:
WvCdmEnginePreProvTestStaging.ServiceCertificateInitialNoneTest
Fix failures found by address sanitizer:
DeviceFilesUsageInfoTest.RetrieveByProviderSessionToken
DeviceFilesUsageInfoTest.UpdateUsageInfo
NOTE: address sanitizer cannot handle EXPECT_CALL macros containing
a call with a Contains matcher as an argument, e.g.:
EXPECT_CALL(file,
Write(Contains(certificate, wrapped_private_key, 0),
Gt(certificate.size() + wrapped_private_key.size())))
The address sanitizer reports a crash, issues a report, and stops. A
temporary fix is to replace the "Contains()" argument with "_".
* Usage license handling corrections
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/28540 ]
Validate that offline licenses that do not contain a provider session
token are not handled by the TEE.
BUG: 38490468
Test: WV Unit/integration tests, GtsMediaTestCases,
WvCdmRequestLicenseTest.ReleaseRetryL3OfflineKeySessionUsageDisabledTest
* UsageTableEntry::CopyOldUsageEntry memcpy read out of range.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32220 ]
The function copies the pst from a variable length input vector
into a 256 byte character array. But the length argument was a
fixed value - MAC_KEY_SIZE. Depending on the actual PST length this
can lead to memcpy reading out of bounds or the PST getting truncated.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I81a4593d7d04d0ef6069ce48d0601b6fbdd85de9
Below are a set of CLs being merged from the wv cdm repo to the android repo.
* Fix handling of OEM Cert public key.
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/27921 ]
This is a potential fix for b/36656190. Set aside public
key on first call to get the public key, and use it afterwards.
This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(),
which has side-effect of staging the OEM private key.
This also fixes a problem where the public cert string was
not being trimmed to match the size returned by
OEMCrypto_GetOEMPublicCertificate().
* Complete provisioning request/response for Provisioning 3.0
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Fix bug on provisioning request path where GenerateDerivedKeys()
was being called when preparing to generate the signature.
Add message signature verification, and call correct OEMCrypto
routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30).
* Implement Cdm::deleteAllUsageRecords()
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Delete all usage records for current origin. Removes usage
records from file system and retains the PSTs. The deletes
any usage entries matching those PSTs held by OEMCrypto.
BUG: 35319024
* Remove stringencoders library from third_party.
Author: Jacob Trimble <modmaker@google.com>
[ Merge of http://go/wvgerrit/27585 ]
We have a fork of the stringencoders library that we use for base64
encoding. This reimplements base64 encoding to remove the extra
dependency and to reduce the amount of code.
* Add Cdm::deleteUsageRecord() based on key_set_id.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27605 ]
Delete specified usage record from file system usage info and
from OEMCrypto.
BUG: 35319024
* Modifiable OEMCrypto
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/24729 ]
This CL adds a new variant of the OEMCrypto mock code that adjusts its
behavior based on a configuration file. This is intended for
testing.
For example, a tester can set current_hdcp to 2 in the options.txt
file, push it to the device, and verify that a license is granted for
HDCP 2.0. Then the tester can edit the value of current_hdcp to 1 and
push the file to the device. Playback should stop because the license
is no longer valid.
This variant uses a real level 1 liboemcrypto.so to push data to a
secure buffer. That means we can test playback for a license that
requires secure buffers on an Android device with real secure buffers.
BUG: 35141278
BUG: 37353534
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I58443c510919e992bb455192e70373490a00e2b6
Merge from Widevine repo of http://go/wvgerrit/26780
and http://go/wvgerrit/26740
Previously, in oemcrypto level 3, a session's current key's duration
was not updated until the next call to SelectKey. This caused
problems with license that only used one key. This CL fixes that.
arm64/libwvlevel3.a Level3 Library 7283 May 2 2017 13:16:21
arm/libwvlevel3.a Level3 Library 4445 May 2 2017 11:49:34
x86_64/libwvlevel3.a Level3 Library 7284 May 2 2017 12:09:21
x86/libwvlevel3.a Level3 Library 4464 May 2 2017 11:53:46
Test: unit tests run on emulator.
b/37481239
b/37523523
Change-Id: Ife90a3358b6620c8fb81324ec2331d3775a38191
Merge from Widevine repo of http://go/wvgerrit/24730
This CL adds SRM functionality to the modable version of oemcrypto
mock. This can be used for end-to-end testing.
b/28955873
b/37353534
Change-Id: I2c6f513495ccfd42f7a3d7a3449db6f810563c04
Merge from Widevine repo of http://go/wvgerrit/24863
The oemcrypto unit tests GenericKeyDecryptSameBuffer and
GenericKeyDecryptSameBuffer require features in oemcrypto v12, so they
should not be run on devices that report oemcrypto v11 or earlier.
b/36071236
Test: Unit tests run on Ryu and Bullhead.
Change-Id: Ia6645559ed98cae8d9807a14d6f0e514c5c4c615
