This is a merge from the Widevine repository of
http://go/wvgerrit/14024
Add Level 3 Oemcrypto Unit Tests To Run All Tests Script
This CL adds the ability to restrict the oemcrypto unit tests to only
use the fall back level 3. This restriction is per-process, and is
only used while running the unit tests. This allows us to automate
running the unit tests on an android device as both level 1 and level
3 without modifying files in /system/lib. To turn on the restriction,
set the environment variable: FORCE_LEVEL3_OEMCRYPTO=yes.
New level 3 library versions are:
level3/arm/libwvlevel3.a Level3 Library Apr 8 2015 13:09:05
level3/x86/libwvlevel3.a Level3 Library Apr 8 2015 13:15:42
http://go/wvgerrit/14055
Remove Redundant Tests
This CL modifies the UsageTableTests in oemcrypto_test.cpp so that
they are not all parameterized by new_mac_keys_. This parameter is
used when testing signatures. In particular, we do not need to verify
timing twice.
Also, I modified the run_all_unit_tests.sh script so that the
environment variable GTEST_FILTER is passed down to the android
process. This allows us to use the script to run a limited list of
tests while debugging.
http://go/wvgerrit/14054
Filter Out API Version 10 Tests
This CL updates the OEMCrypto tests so that all but one test will pass
for a device that implements the version 9 API.
Android LMP devices should pass tests with
GTEST_FILTER="*-*MNC*:*CanLoadTestKeys*"
http://go/wvgerrit/13886
Update Documentation about Optional Features
The intergration guide has been updated to include reference to
OEMCrypto_LoadTestRSAKey. It also now discusses optional features.
The Delta 10 document now mentions OEMCrypto_LoadTestRSAKey.
The android supplement warns that most optional features are required.
This also adds clarification about which functions should save the
usage table, in answer to:
b/16799904 OEMCrypto v9 ambiguous about saving usage table information
Change-Id: Ifb517d58952c9b332b2958ca99af64bc293b985f
This is a merge from the widevine repository of
http://go/wvgerrit/13923 Switch openssl to use the EVP interface for aes-ctr-128
http://go/wvgerrit/13979 Add Test Certificate to OEMCrypto Mock
http://go/wvgerrit/13978 Add Test Keybox to Level 3 OEMCrypto
http://go/wvgerrit/13873 Enable OEMCrypto Unit Tests
This CL adds a main program to oemcrypto_test.cpp, which filters out
tests that are not supported on the specified platform. It also adds
LoadTestKeybox to the mock. This allows oemcrypto unit tests to be run
on devices that have production keybox. It also allows the same set
of unit tests to work on Android and on non-Android platforms.
b/18962381 Use test certificate (partial fix)
b/19867990 Separate cast receiver tests
Change-Id: If89c31530103ed85aa37d7379bd5b4dc2a927f38
Merge from Widevine: http://go/wvgerrit/14022
This test will be called by GTS test to verify secure stops
are reporting the correct time during online playback.
bug: 18625670
Change-Id: Ieb2b9ad860d796eea3c63c4fb349f4e3c6ac8f34
This change:
1) Switches the Makefiles over to using LOCAL_STATIC_LIBRARIES, which I
understand is the new hotness, rather than setting a -I flag directly.
2) Switches to the non-deprecated _ex versions for EVP_EncryptFinal.
3) Uses the EVP_PKEY interface for checking PSS signatures. This is the
only supported interface in OpenSSL: the PSS padding check functions are
only exported in upstream OpenSSL because it's a library from the 90s
and they don't have a concept of "unexported". Also, by using the EVP
functions, OpenSSL/BoringSSL can do a better job of being constant-time.
Since there aren't any obvious tests for checking that the signtaure
verification still works, I tested with the code in the referenced
paste, which includes both the old and new verification functions and
checks that they both work on a sample signature. (And I also checked
that they both fail when a bit in the signature is changed.)
https://paste.googleplex.com/5747976139964416
Change-Id: Iae7409c53eeea9c3892a32c180d7181d72467dcb
Merge from Widevine repo of http://go/wvgerrit/10308
There was a memory leak in the oemcrypto RSA code.
Also, when saving the usage table, some session variables were
allocated twice. This results in session data being lost.
There were also some leaks and uninitialized values in oemcrypto_test.
I added some checks and profiling to the debug runtime for the
haystack. It will warn if a variable is left unencrypted or is
unencrypted twice. I also added the profile code.
Versions of L3 library:
android/level3/arm/libwvlevel3.a Level3 Library Apr 1 2015 11:40:06
android/level3/x86/libwvlevel3.a Level3 Library Apr 1 2015 12:44:32
b/19950814
Change-Id: Ic752e36c09fce121dcaf92f9209591e74f3eb070
Merge from Widevine repository of http://go/wvgerrit/13912
This CL falls back to OEMCrypto_DecryptCTR if the oemcrypto library
does not implement OEMCrypto_CopyBuffer. This allows devices with
oem crypto version 9 to function as they previously did.
Change-Id: Id3a4a94b1fd559f426ee260cfbf7077fa9101d8b
(This is a merge of http://go/wvgerrit/13922 from the Widevine CDM
repository.)
I'm not sure why we chose to pass char* instead of std::string to the
helper functions in DeviceFiles, but it seems to require a lot of
gymnastics of the calling code for minimal gain.
Change-Id: Ie0cdec80ab77c94370648dd74249124aed6e8be1
(This is a merge of http://go/wvgerrit/13910/ from the Widevine CDM
repository.)
DeviceFiles has a lot of repeated code whenever it needs to check for
file existence or remove a file. When reading and writing files, it
has wrappers that handle this repeated burden. This change adds
wrappers for the other functionality used by DeviceFiles as well, to
reduce duplication.
Change-Id: If959b504672c1b907346d28f31648d8028de8bdf
(This is a merge of http://go/wvgerrit/13911/ from the Widevine CDM
repository.)
This wasn't causing problems anywhere yet, but the headers included by
file_store.h were not the headers it actually needed.
Change-Id: I89e6fd30efc8837ba44ce6cfd6d7a7b77db7197a
Copy from Widevine repository of http://go/wvgerrit/13841
This CL adds a nonblocking CopyBuffer to OEMCrypto, its unit tests,
and plumbs it up to the cdm CryptoSession and CdmEngine.
b/19543782
Change-Id: I4c88bd2f8d7f67ecccb549c1934b7c0da15a8429
Merge from Widevine repo http://go/wvgerrit/13818
This CL adds the ability to query OEMCrypto about the key control
block and duration of a key that has been loaded. There are unit
tests and implementation in the level 3 and reference implementation.
b/18503541
Change-Id: I8e40d90a3c64c1ce030af6fef9e98c8eac0df1a5
Merge from Widevine repo if http://go/wvgerrit/13781
This CL adds several unit tests that are specifically designed to test
features that are required for Android CDM but not other platforms.
Once this CL has been merged, future CLs will modify the main
oemcrypto test file so that some tests are skipped if their features
are not implemented.
Change-Id: I55b8cbb9c13d2db88bd4f56bba31a4aab3306067
This is a merge of http://go/wvgerrit/13751 from the widevine
repository.
The CryptoSession had an enumeration for HDCP levels that was copied
from OEMCryptoCENC.h by hand. Since that header is included, there is
no need to have two enumerations.
b/16303994
Change-Id: Ief16ba62163776f9ca80375f3638ef4c7770e742
Also pass session_id and event_listener to PolicyEngine to make it easier
to dispatch events from PolicyEngine.
Bug: 19771437
Merged from Widevine CDM repo:
https://widevine-internal-review.googlesource.com/#/c/13816/
Change-Id: I5723cb371cb3c43c945051af3402b09069ba5859
(This is a merge of http://go/wvgerrit/13761 from the Widevine
repository.)
This cleans up our includes to be in Google Style Guide order and in
alphabetic order, for the parts of the code that are expected to
follow Google Style.
This also converts places in our code that were including C headers
in the C++ style (i.e. <cstring> instead of <string.h>) to use C style
instead. This is because, although it was not causing problems for us
yet, on Android these actually include different headers. (<cstring>
is provided by libcxx, while <string.h> is provided by Bionic)
Lastly, this change puts all headers that do not come from within our
project in <brackets> instead of "quotes," which was not being done
consistently.
This change is explicitly NOT trying to standardize the spacing of our
header includes. I have tried to respect, in each file, the spacing
style already present.
Change-Id: If3dc06532ab9b68010285d64518ef21dce3d6354
It's hard to correlate test failures with the tests that
were running when looking in the logcat. This change adds
the current test name in the log for each test to make it
more clear.
Merge of go/wvgerrit/#/c/13847/ from the widevine cdm repo
b/19822500
Change-Id: Idd37a22f7063d9d686d3ead567954b86fb0fa70f
Remove renewal related expectations from WvCdmStreamingPstTest.
Also clean up the code in cdm_extended_duration_test.cpp.
Bug: 19534907
Merged from Widevine CDM repo:
https://widevine-internal-review.googlesource.com/#/c/13842/
Change-Id: I89f9aafd80c8867af541b29bc8a6778f53a8b7e6
Change anti_rollback_hardware_present field name in ClientCapabilities
message to indicate the field is for usage table rollback prevention.
Merge from go/wvgerrit/13817.
bug: 19869828
Change-Id: I982bfe484aa39a54d0c3a9ae60dd9e46351385d9
This CL allows the framework CLs to compile. The stubs need to
be implemented properly in the DRM plugin and CDM.
bug: 19771299
Change-Id: I9e4b107370a4d73851ee28bcb9ab6087fdffeb13
The return type of GetResponse() has been changed from int to bool a while back.
Fix the return type in unit tests that were still expecting int as the return type.
Also log the response message if there is an error in the http response.
Merged from go/wvgerrit/13783.
bug: 19822500
Change-Id: Ie52df0e19744a847690b788680f59915b0b6b534
Merge of http://go/wvgerrit/13750 in the Widevine repo.
(titled: Add HDCP Capacity to the static adpater)
Updates CryptoSession to use get the HDCP capability from the
oemcrypto with requested security level.
Change-Id: I2338a3f33d0fbe9fe43eb6bf1fe92bf5402f62d6
This is a merge of http://go/wvgerrit/13752
Replace the mock's macro with a memcmp because that is
even cleaner.
Change-Id: Ie402689ca9e14a67736db7eea928204f067427ac
This is a merge of http://go/wvgerrit/13701 and http://go/wvgerrit/13780.
I added a new set of engine properties for the mock oemcrypto. This
set pretends to be level 1. This allows the widevine build bot to test
the dual security level path: a level 1 liboemcrypto.so and a fall
back to L3.
I also adjusted the failing test in oemcrypto_test.cpp. A correct fix
requires us to rewrite some of the oemcrypto mock code so that it
returns real error codes instead of just 'false' on error.
Change-Id: I9cdbfc23c87ad2fb6068eac1394ce4c5b6a32dae
This is a merge of http://go/wvgerrit/13693 in the Widevine
repository.
This adds level 3 and mock implementation and unit tests for the
OEMCrypto function OEMCrypto_ForceDeleteUsageEntry. It also plumbs
this function up into CdmEngine, CdmSession, and CryptoSession so that
deleting all usage information for a given app id will now delete the
entries in OEMCrypto, too.
b/18194071
Change-Id: Iaea4034a507b323878657215784edfe95876386a
