These are a set of CLs merged from the wv cdm repo to the android repo.
* Add CDM status return for decrypt blocked by HDCP.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28062 ]
New status code is kKeyUsageBlockedByPolicy. It is returned by the decrypt()
call instead of kDecryptError or kNoKey.
Also shuffled the CDM status returns to define the EME-aligned codes
first, and added comments to highlight the differences in handling.
BUG: 37540672
* Change division and mod ops to relocatables
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/28600 ]
This is similar to I2dad1028acf295288cd10817a2bcff2513c053c9.
We should be using the relocatable functions instead of the
native division and mod operations.
* Cleanup Encrypted ClientID in provisioning request
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28083 ]
b/36897239
Staging server does not support it (or the client is not constructing
it properly). Leave it disabled pending investigation.
* Certificate Provisioning fixes.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28066 ]
Partial fix for BUG: 37482676
Partial fix for BUG: 37481392
Update service certificates, get rid of DEV/QA root certificate.
Provisioning request and response are base64 (web-safe) encoded.
Response is optionally JSON-wrapped.
Change ConfigTestEnv; clearer comments and a closer match to reality.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I79d3c4bf1124e5e0d3e4d40baead65a8266ea874
Below are a set of CLs being merged from the wv cdm repo to the android repo.
* Fix handling of OEM Cert public key.
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/27921 ]
This is a potential fix for b/36656190. Set aside public
key on first call to get the public key, and use it afterwards.
This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(),
which has side-effect of staging the OEM private key.
This also fixes a problem where the public cert string was
not being trimmed to match the size returned by
OEMCrypto_GetOEMPublicCertificate().
* Complete provisioning request/response for Provisioning 3.0
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Fix bug on provisioning request path where GenerateDerivedKeys()
was being called when preparing to generate the signature.
Add message signature verification, and call correct OEMCrypto
routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30).
* Implement Cdm::deleteAllUsageRecords()
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Delete all usage records for current origin. Removes usage
records from file system and retains the PSTs. The deletes
any usage entries matching those PSTs held by OEMCrypto.
BUG: 35319024
* Remove stringencoders library from third_party.
Author: Jacob Trimble <modmaker@google.com>
[ Merge of http://go/wvgerrit/27585 ]
We have a fork of the stringencoders library that we use for base64
encoding. This reimplements base64 encoding to remove the extra
dependency and to reduce the amount of code.
* Add Cdm::deleteUsageRecord() based on key_set_id.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27605 ]
Delete specified usage record from file system usage info and
from OEMCrypto.
BUG: 35319024
* Modifiable OEMCrypto
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/24729 ]
This CL adds a new variant of the OEMCrypto mock code that adjusts its
behavior based on a configuration file. This is intended for
testing.
For example, a tester can set current_hdcp to 2 in the options.txt
file, push it to the device, and verify that a license is granted for
HDCP 2.0. Then the tester can edit the value of current_hdcp to 1 and
push the file to the device. Playback should stop because the license
is no longer valid.
This variant uses a real level 1 liboemcrypto.so to push data to a
secure buffer. That means we can test playback for a license that
requires secure buffers on an Android device with real secure buffers.
BUG: 35141278
BUG: 37353534
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I58443c510919e992bb455192e70373490a00e2b6
Merge from Widevine repo of http://go/wvgerrit/27461
In order to sign a license release message, the mac keys from the
usage entry should be used whenever keys have not been loaded.
This CL updates the reference code, the unit tests, and the level 3
oemcrypto.
b/38203566
Test: unit tests passing on bullhead.
Change-Id: Ic71fee4b4b7b45801548ab80fbbbf8f4ccab3e6e
Merge from Widevine repo of http://go/wvgerrit/24241
The CL also only modifies existing tests so that they will pass
with an old version of OEMCrypto, or it filters out the tests so
that they do not run. This positions us so that we can more
easily verify how much backwards compatibility we expect to work.
bug: 35877886
Change-Id: Iadc06672d7f9cef75800662ff83389c504a3fd04
Merge from Widevine repo of http://go/wvgerrit/23581
This CL adds some unit tests to oemcrypto to verify that DecryptCENC
and the generic encrypt and decrypt functions behave correctly when
the input and output buffer is the same. i.e. decrypt in place.
The mock and haystack are also updated to pass the tests.
b/34080119
Change-Id: Ie295bdaddbb8058bebb36f6dab092d307f249ecd
Merge from Widevine repo of http://go/wvgerrit/24042
This CL adjusts the tolerance in tests that check the license_received
time. This was periodically failing because a nonce flood might delay
the test by 1 second, which was being rounded up to 2. The tolerance
is now 3. The time is explicily used when it is available. Some
extra logging is also added to the mock.
bug:31458046
Change-Id: I450880cb3cd8bd5ef66cba13b94dd963d2663d9a
This CL removes some unused variables, and changes some integers to
unsigned integers. On some platforms, we were getting compiler errors
and unit test failures.
Merge from Widevine repo of http://go/wvgerrit/23840
Use unsigned integer literals
Merge from Widevine repo of http://go/wvgerrit/23767
Fix Gyp Files
Merge from Widevine repo of http://go/wvgerrit/23500
Remove unused variables
bug: 31458046
Change-Id: I4dfec95ae49187262552fbbf322f3310ab777826
Merge from Widevine repo of http://go/wvgerrit/23436
This change is just comment changes: minor rewording and grammar
fixes.
Change-Id: I4cb2ef77715623fdb2567f5b504ffaceb937a480
Merge from widevine repo of http://go/wvgerrit/23421
This CL adds some more unit tests for big usage tables, and corrects a
problem found in the reference code.
Change-Id: Iae9a4406d79a13362223c2b4da7365b845d92382
Merge from widevine of http://go/wvgerrit/23283
This CL adds the backwards compatiblity functions to the new usage
tables in the oemcrypto mock reference code.
b/31458046
b/32554171
Change-Id: I04901d95aceb8910406f7c514c26c29c2c575322
Merge from widevine of http://go/wvgerrit/23283
This CL adds some big usage table functionality to the oemcrypto
mock and unit tests.
Still missing are: backwards compatibility, defragging the table,
haystack code, and lots of new unit tests.
The haystack now reports it doesn't support usage tables, so that
the unit tests will pass. This will be fixed in a future CL.
b/31458046
b/32554171
b/34173776
b/34174907
Change-Id: I6e08e76f7612ffb77e413151e00f830339298c62
Merge from Widevine repo of http://go/wvgerrit/23044
On some platforms, the compiler will not pack structures. This CL
replaces the OECrypto_PST_Report packed structure with a simple buffer
of uint8_t. This changes the signature of OEMCrypto_ReportUsage as
part of OEMCrypto v13.
There is also a new wrapper class that test code, the mock, and debug
code can use to access data in the report.
The old packed structure definition is moved to the level 3, where we
use a compiler that packs sructs when asked nicely.
arm/libwvlevel3.a Level3 Library 4445 Jan 20 2017 11:29:15
x86/libwvlevel3.a Level3 Library 4464 Jan 20 2017 11:10:49
mips/libwvlevel3.a Level3 Library 4465 Jan 20 2017 10:56:08
b/32180083
Change-Id: Ie138f034cb12780a2f8636888cebf022c52169e5
Merge from widevine repo of http://go/wvgerrit/21683
This CL adds unit tests for OEMCrypto_RewrapDeviceRSAKey30 for devices
that use provisioning 3.0.
Change-Id: Ib1a5566de343365b2ae3531f375ac2cc6d86ee53
Merge from widevine repo of http://go/wvgerrit/21682
This CL updates oemcrypto/test/oec_device_features.cpp to figure out
the provisioning method and filter out tests that are not relevant to
the device's method.
This CL also introduces unit tests for GetOEMPublicCertificate.
Unit tests for RewrapDeviceRSAKey30 will be in a future CL.
Change-Id: Ib7065ce866d1171ca61b9aa08188fa2ac8d90fc2
Merge from widevine repo of http://go/wvgerrit/21681
This CL refactors some oemcrypto unit tests in preparation for adding
Provisioning 3.0 tests.
- The signature GenerateNonce has changed. Instead of the caller
passing in a pointer for the nonce, we store the nonce in a member
variable of Session.
- GenerateDerivedKeys is being replaced by InstallTestSessionKeys.
This sets up and calls the appropriate derive keys method. This
function is in the test class, instead of the session class so that
multiple sessions in a class can share the same wrapped rsa key.
This will be modified for provisioning 3.0 in a future CL.
- Rename tests that require a keybox. Some tests are specific for
using a keybox to request a DRM cert. These tests are renamed so we
can filter them out on devices that use an OEM Cert. Corresponding
tests for devices using provisioning 3.0 will be in a future CL.
- Some member variables and methods in the class Session were not
used. They are removed.
- Added openssl smart pointer.
- Comments. I added comments.
- clang format.
Change-Id: Ib579a322858e0ef92652a42167241b35cf85a041
Merge from widevine repo of http://go/wvgerrit/21521
On devices that use provisioning 3.0, the function
OEMCrypto_GenerateSignature will only be used for a license renewal.
This CL adds a call to OEMCrypto_GenerateSignature to the refresh key
tests. Otherwise, there would be no coverage at all for that
function.
Change-Id: Icbd568eea3f9f256cc9b0b441f7907b316bb5b69
Merge from widevine repo of http://go/wvgerrit/21260
This CL adds some oemcrypto unit tests for various buffer sizes, as
described in b/28887904 and the OEMCrypto v12 specification.
Encryption and Decryption buffers can be 100k large. License request
and response messages can be 8k. A provider session token (pst) can be
at most 255 bytes long.
I also passed the code through clang-format.
b/28887904
Change-Id: Ia3e317c0f6466e663461e66b610c9a98a90efb0a
Merge from widevine repo of http://go/wvgerrit/20981
OMECrypto v12 requires at least 20 keys per session and at least 10
sessions. This CL updates the unit tests to verify this, and updates
level 3 and mock code to conform.
This CL also updates the level 3 oemcrypto to support 16 sessions and
320 keys total.
b/30140448 Minimum 20 keys per OEMCrypto_Session
Change-Id: Idd38d8f2cdfd6acde6fa7622b5912372bee9e488
