This CL contains the level 3 oemcrypto library built for android. I
used the toolchain from the mnc-emu-release branch because I'm having
problems with the toolchain on master.
This includes the security patch API, and several bug fixes to the library.
Current versions:
mips/libwvlevel3.a Level3 Library Dec 17 2015 21:26:57
arm/libwvlevel3.a Level3 Library Dec 17 2015 21:09:47
x86/libwvlevel3.a Level3 Library Dec 17 2015 21:19:15
http://go/wvgerrit/16371 Level 3 OEMCrypto library
http://go/wvgerrit/16315 Security Patch Level - haystack version
http://go/wvgerrit/16282 Correctly handle null pointer in GetKeyData
http://go/wvgerrit/16294 Initialize data for generation number
http://go/wvgerrit/16280 Correctly handle bad RSA key
bug: 26089773
bug: 26092100
bug: 26086944
Change-Id: I3ea1b5d219dae0c88deafa742f61d67e97297902
Merge from widevine of http://go/wvgerrit/16363
Add temporary OEMCrypto API to the stub file used by android mips 64
devices.
bug: 26213020
Change-Id: I4b71fd21c5cf5dbb14645f606586af54d03ccaea
* Fix strict aliasing error in gcc
[ Merge of http://go/wvgerrit/15856 ]
This also ensures the alignment of 64-bit memory access in a portable
way, without using compiler-specific mechanisms like attributes or
platform-specific mechanisms like memalign.
(The aliasing error does not show up in clang.)
* Return kNotSupported for non-Widevine init data
[ Merge of http://go/wvgerrit/15853 ]
This also improves logging for the init data parser by including a
verbose message for non-Widevine PSSHs and by using a new IsEOF()
method to avoid misleading "Unable to read atom size" logs.
* Cast RSA_size() to int
[ Merge of http://go/wvgerrit/15880 ]
It has been suggested that this may be unsigned on some versions of
OpenSSL or BoringSSL.
* Be strict about warnings for CE CDM
[ Merge of http://go/wvgerrit/15831 ]
* Enable all warnings and treat warnings as errors in the CE build.
* Fix all existing warnings (mostly unused variables, consts, and
functions, and one signed/unsigned comparison).
* Exclude protobuf warnings rather than maintain a divergent copy.
* Fix release build errors
[ Merge of http://go/wvgerrit/15855 ]
* Level 3 Build With Android Emulator
[ Merge of http://go/wvgerrit/15778 ]
This CL rebuilds the level 3 libraries with the android emulator
sdk_phone_*. This seems to avoid problems with the x86 build using
incorrect compiler flags.
These libraries work for arm, x86, mips, arm64, and x86_64. The level
3 library is disabled for mips64.
Versions:
level3/mips/libwvlevel3.a Level3 Library Sep 30 2015 18:29:50
level3/arm/libwvlevel3.a Level3 Library Sep 28 2015 13:18:25
level3/x86/libwvlevel3.a Level3 Library Sep 28 2015 13:08:28
Change-Id: I1e50aa78bdc84ecb905f2e55297d4f48b140341c
Merge from widevine of http://go/wvgerrit/15778
This CL rebuilds the level 3 libraries with the android emulator
sdk_phone_*. This seems to avoid problems with the x86 build using
incorrect compiler flags.
Versions:
level3/mips/libwvlevel3.a Level3 Library Sep 28 2015 13:25:25
level3/arm/libwvlevel3.a Level3 Library Sep 28 2015 13:18:25
level3/x86/libwvlevel3.a Level3 Library Sep 28 2015 13:08:28
bug: 21766765
Change-Id: I0470d3ea55bf9fc18ff7c69f6f39d532c9865404
Merge from Widevine of http://go/wvgerrit/15507
This change recompiles the oemcrypto libraries on the emulators
because those should have the "least common denomintor" of compiler
options.
New Versions:
android/level3/mips/libwvlevel3.a Level3 Library Aug 27 2015 11:53:29
android/level3/arm/libwvlevel3.a Level3 Library Aug 27 2015 11:43:45
android/level3/x86/libwvlevel3.a Level3 Library Aug 27 2015 11:48:16
bug: 21766765
Change-Id: Ic69bacd71af835df940af1c21166b0ade57abf04
(This is a merge of http://go/wvgerrit/14795)
This change restores the ability to build the Widevine CDM for Android
for MIPS devices. It restores the precompiled binaries for MIPS and
re-adds MIPS to all makefiles.
This change includes a new build of the obfuscated binaries for
MIPS32r1 that were built using a MIPS device on the emulator.
level3/mips/libwvlevel3.a Level3 Library Jun 19 2015 12:32:49
Bug: 19482469
Change-Id: Ifa1c299a5751f3772c42289d8333a2b8cec51f69
Merge from widevine repo of http://go/wvgerrit/14668
This CL modifies the multiplication routine to avoid memory cache
misses. This shows a 10-20% speed improvment in license requests on
an x86.
Level 3 library version:
level3/arm/libwvlevel3.a Level3 Library Jun 15 2015 14:09:24
level3/x86/libwvlevel3.a Level3 Library Jun 15 2015 14:09:10
bug: 18252910
Change-Id: I4429324374de46d1d710d5fcac80f7ed363c696c
Merge from widevine repo of http://go/wvgerrit/14502
If any OEMCrypto session call is made after Terminate is called, then
there was a null pointer access. This is protected by the oemcrypto
adapter, but could still be a problem in unit tests which by-pass the
adapter.
bug: 21642892
Level 3 versions:
level3/arm/libwvlevel3.a Level3 Library May 29 2015 14:03:11
level3/x86/libwvlevel3.a Level3 Library May 29 2015 14:03:12
Change-Id: I84fd098c2faea71a79bc21658485593e22a8e994
This is a merge from the widevine repo of http://go/wvgerrit/14262
This CL replaces AES with a psuedorandom number generator to encrypt
the needles in the oemcyrpto level 3 haystack. This speeds up the
overhead significantly, and reduces decrypt times by as much as 75%
for small buffers (1-3 kb). This makes the obfuscation slightly less
secure but is worth the overall performance boost.
Level 3 library versions:
level3/arm/libwvlevel3.a Level3 Library May 1 2015 15:45:12
level3/x86/libwvlevel3.a Level3 Library May 1 2015 15:45:55
b/19582757 L3 Widevine extremely choppy on Nexus 6 (480p)
Change-Id: I3077c04047a7f2da6f64869d7a9af5ddcc62671f
This is a merge from the Widevine repository of
http://go/wvgerrit/14024
Add Level 3 Oemcrypto Unit Tests To Run All Tests Script
This CL adds the ability to restrict the oemcrypto unit tests to only
use the fall back level 3. This restriction is per-process, and is
only used while running the unit tests. This allows us to automate
running the unit tests on an android device as both level 1 and level
3 without modifying files in /system/lib. To turn on the restriction,
set the environment variable: FORCE_LEVEL3_OEMCRYPTO=yes.
New level 3 library versions are:
level3/arm/libwvlevel3.a Level3 Library Apr 8 2015 13:09:05
level3/x86/libwvlevel3.a Level3 Library Apr 8 2015 13:15:42
http://go/wvgerrit/14055
Remove Redundant Tests
This CL modifies the UsageTableTests in oemcrypto_test.cpp so that
they are not all parameterized by new_mac_keys_. This parameter is
used when testing signatures. In particular, we do not need to verify
timing twice.
Also, I modified the run_all_unit_tests.sh script so that the
environment variable GTEST_FILTER is passed down to the android
process. This allows us to use the script to run a limited list of
tests while debugging.
http://go/wvgerrit/14054
Filter Out API Version 10 Tests
This CL updates the OEMCrypto tests so that all but one test will pass
for a device that implements the version 9 API.
Android LMP devices should pass tests with
GTEST_FILTER="*-*MNC*:*CanLoadTestKeys*"
http://go/wvgerrit/13886
Update Documentation about Optional Features
The intergration guide has been updated to include reference to
OEMCrypto_LoadTestRSAKey. It also now discusses optional features.
The Delta 10 document now mentions OEMCrypto_LoadTestRSAKey.
The android supplement warns that most optional features are required.
This also adds clarification about which functions should save the
usage table, in answer to:
b/16799904 OEMCrypto v9 ambiguous about saving usage table information
Change-Id: Ifb517d58952c9b332b2958ca99af64bc293b985f
Merge from Widevine repo of http://go/wvgerrit/10308
There was a memory leak in the oemcrypto RSA code.
Also, when saving the usage table, some session variables were
allocated twice. This results in session data being lost.
There were also some leaks and uninitialized values in oemcrypto_test.
I added some checks and profiling to the debug runtime for the
haystack. It will warn if a variable is left unencrypted or is
unencrypted twice. I also added the profile code.
Versions of L3 library:
android/level3/arm/libwvlevel3.a Level3 Library Apr 1 2015 11:40:06
android/level3/x86/libwvlevel3.a Level3 Library Apr 1 2015 12:44:32
b/19950814
Change-Id: Ic752e36c09fce121dcaf92f9209591e74f3eb070
This is a merge of http://go/wvgerrit/13710
The oemcrypto adapter loads a version 8, 9 or 10 library and adds
backwards compatibility for version 8 or 9.
The only function whose signature has changed from v9 to v10 is
OEMCrypto_GetHDCPCability. This CL adds backwards compatibility for
that function.
Level 3 libraries are now:
level3/arm/libwvlevel3.a Level3 Library Mar 17 2015 14:33:34
level3/x86/libwvlevel3.a Level3 Library Mar 17 2015 14:30:23
b/19785099 L1 Widevine missing/broken on master (Fugu)
b/19789909 L1 Widevine missing on master (AAY75B)
Change-Id: I9bd716f5cdffaf1bfbdfcd8ed067af3f5d0ac9ba
This is a merge of http://go/wvgerrit/13391 from the Widevine repository.
This CL adds the OEMCrypto version 10 API to the header, and changes
just enough code so that code still compiles. There are no unit tests
or implementation.
The level 3 libraries are just stubs so that tests will compile.
level3/arm/libwvlevel3.a Level3 Library Mar 11 2015 13:33:21
level3/x86/libwvlevel3.a Level3 Library Mar 11 2015 15:20:27
Change-Id: I41de753a2a60da29b756c3327341ece72069d8bb
(This is a merge of http://go/wvgerrit/13420 from the Widevine
repository.)
Generates new obfuscated libraries that include @kqyang's recent
changes to add OEMCrypto_GetMaxNumberOfSessions().
libwvdrmengine/level3/arm/libwvlevel3.a Level3 Library Mar 6 2015 15:16:17
libwvdrmengine/level3/x86/libwvlevel3.a Level3 Library Mar 6 2015 15:20:30
Change-Id: Ibea299a372617f98c0f24861c673f56a97845ad8
* Replace an stlport static assert with a C++11 static_assert.
* Move some libraries that were being built with the NDK but
statically included into platform code off the NDK.
* Rebuild the obfuscated binaries to use the new STL.
* Remove MIPS support temporarily due to an inability to generate
obfuscated binaries for it. (To be fixed in b/19482469.)
Bug: 15193147
Change-Id: Icc166583b0c6af68550baf17ab8c33076a1179d3
This CL is a merge of the widevine change
https://widevine-internal-review.googlesource.com/#/c/11881
The function rand() was not available on the mips build used to
generate the level 3 oemcrypto fallback library. This function has
been replaced by the openssl RAND_bytes(), so that compilation may
complete.
New version of library:
libwvdrmengine/level3/mips/libwvlevel3.a NONOB Level3 Library Dec 3 2014 17:11:00
bug: 17288466
Change-Id: Ibe2ae3add4f5830ddc1cce501d76aeb4be5ce926
This is a merge of the Widevine change:
https://widevine-internal-review.googlesource.com/#/c/11871
The level 3 oemcrypto fall back now compiles cleanly on a Fugu, and
passes all unit tests.
New version of library:
libwvdrmengine/level3/x86/libwvlevel3.a Level3 Library Dec 3 2014 13:06:03
bug: 17289103
Change-Id: I677888536dd2ca12e27b5985737e080b69d81477
This is a merge of the widevine change:
https://widevine-internal-review.googlesource.com/#/c/11781
The OEMCrypto did not save the usage table correctly after a key was
loaded and not used.
Also, oemcrypto uses the keybox to verify and sign the usage table.
On library initialization, the usage table was being loaded before the
keybox, so the signature was not verified correctly.
Both these problems have been corrected.
Current Library Version:
arm: Level3 Library Nov 19 2014 16:53:43
bug: 17328418 Can't play pinned content
Change-Id: Ia753e2f47b36433931fbe8dba78939581e647222
This is a merge of the widevine CL:
https://widevine-internal-review.googlesource.com/11254
On arm64, some devices are having random issues that probaby relate to
a stale instruction cache. This code change flushes the cache for
pages that are going to be made executable.
b/17400000
Current Library Version:
arm64: Level3 Library Sep 25 2014 17:10:03
Change-Id: I3904e96e922654c055a478079aa52c29cbde8b9f
This is a copy of
https://widevine-internal-review.googlesource.com/#/c/11110/
The level 3 oemcrypto library version of DeactivateUsageEntry now
returns OEMCrypto_ERROR_INVALID_CONTEXT if there is no entry in the
usage table.
Current Library Version:
arm: Level3 Library Sep 3 2014 18:13:47
b/17373630
Change-Id: Iaeb65b4ad4b2b9f3c6733a2c9c8d96e2be263d09
This is a copy of
https://widevine-internal-review.googlesource.com/#/c/11030
It is an error for the key control block to have a nonzero replay
control flag and a null pst. This CL adds unit tests to
oemcrypto_test to verify that oemcrypto checkes this. A unit test is
also added for verifying that an offline license has a valid nonce the
first time it is loaded.
It also updates the reference implementation (mock) to check that the
pst is not empty when the replay control flag is nonzero.
It also updates the level 3 implementation to check that the pst is
not empty when the replay control flag is nonzero.
This change is compiled into the arm library, but because of
compilation errors, is not included in x86 or mips.
Current Library Version:
arm: Level3 Library Aug 27 2014 18:42:40
bug: 16525204 OEMCrypto unit test for reloading offline license
bug: 16844305 Mock OEMCrypto does not catch null pst
Change-Id: Icdb090e80fc92522c187b26f30e5ba082f26363b
Because the OEMCrypto_PST_Report is sent as a signed block to the
server, it needs to be a fixed, platform independent, size. This CL
adds the packed attribute to the structure, which reduces its size
from 56 bytes to 48 bytes.
Copy of widevine change:
https://widevine-internal-review.googlesource.com/#/c/10321/
Library Versions:
libwvdrmengine/level3/x86/libwvlevel3.a Level3 Library May 30 2014 15:40:50
libwvdrmengine/level3/arm/libwvlevel3.a Level3 Library May 30 2014 15:39:04
bug: 15184821
Change-Id: I54db2c3bbc4e20ee0c19c33d6fd56f86f432e110
This is a copy of the widevine CL.
https://widevine-internal-review.googlesource.com/#/c/10174/
This CL adds the OEMCrypto v9 functionality to the level 3 haystack
version of OEMCrypto. Mostly, this is to support usage tables.
The code is feature complete, but the timing tests are a little flakey
-- I'm not sure if the problem is in the code or if the test has too
tight a tolerance.
Also, the storage of the generation number needs to be made more
secure.
Change-Id: I73fecf8934b6a46785f1f8b6f40b40ffe39b88de
From Widevine CL:
https://widevine-internal-review.googlesource.com/#/c/9184/
This is some shim code that will load either an OEMCrypto
version 8 or version 9 library. This should allow us
to test and run stable devices until all OEM's have
updated to version 9.
Android Level 3 library versions are:
level3/mips/libwvlevel3.a Level3 Library Feb 27 2014 18:18:34
level3/x86/libwvlevel3.a Level3 Library Feb 27 2014 18:22:14
level3/arm/libwvlevel3.a Level3 Library Feb 27 2014 12:31:29
Change-Id: I82911e3b4d9056cf3c3ab2b47194fe81ac2776d9
Support builds for multiple architectures the same time:
Use LOCAL_MODULE_TARGET_ARCH to restrict building to specific arches
Use LOCAL_C_INCLUDES_x86 to set the include path for only x86 builds
Change-Id: I7c33c27f1c9bfb6e3318a07514698992482f6cd7
Previously, Level 3 SelectKey returned no error when called before
any keys were loaded. After this CL, it will return
OEMCrypto_ERROR_NO_CONTENT_KEY.
Library version:
arm - Level3 Library Nov 20 2013 18:09:31
mips - Level3 Library Nov 20 2013 17:58:56
x86 - Level3 Library Nov 20 2013 18:13:01
bug: 11769839
Change-Id: I1b3f057e3ae9f2f174cae91f6849080345f02003
This CL contains working versions of the haystack tools and the
OEMCrypto Level 3 library for android ARM, MIPS and x86.
The version number of the level 3 library is:
android/level3/arm/libwvlevel3.a Level3 Library Nov 4 2013 18:39:06
android/level3/mips/libwvlevel3.a Level3 Library Nov 4 2013 18:42:29
android/level3/x86/libwvlevel3.a Level3 Library Nov 4 2013 18:41:07
bug: 9374954 MediaDrm haystack based L3 code hardening implementation.
Change-Id: Ifef13900a11e83e4257723d3c6fc7107550882a8
This merges the following changes from the Widevine CDM repository:
564f4cc Add CdmClientPropertySet to CDM
Adds an interface to the CDM that allows it to query its client for
certain properties. In this case, this includes the ability to
specify what security level is desired, as well as support for
service ceritifcate privacy mode.
9cfbd3e Force Level 3 fallback
Adds support for voluntarily invoking L3 crypto to the OEMCrypto
wrapper.
95d12c1 Add pointer to CdmClientPropertySet class to OpenSession.
Adds support for storing the property set on a session-by-session
basis and choosing the appropriate crypto level.
17de442 Add Settable Properties for Clank to Android
Adds support for setting the aforementioned properties to the
DrmEngine
bbe704d Fixes to force fallback to level three security
Corrections to invoke provisioning, OEMCrypto API with configured
security level rather than the default. Unit tests were also revised.
Note that some parts of this are also support for the ability to use
a service certificate-based privacy mode. The remaining code for
supporting this mode is still forthcoming.
Bug: 10109249
Change-Id: I2755e4dea1de3e8a56cff237360298f7b7f1bddc
This merges the following changes from the Widevine CDM repository:
1a72a7e Combine utility code into single library on Android
Combines several previously-separate files into a static library,
libcdm_utils, so that it can easily be used by both CDM and
OEMCrypto.
8c4d04d Install Keybox
If the keybox has not been installed, install it from
/factory/wv.keys.
Bug: 9972451
Change-Id: I8688ecd0adcf321e0c7d0faf55dd10f3910c12ec
The field provisioning code generates a randum number to use as the
device id, and then restricts the data to alphanumeric characters.
Previously, it could have also included a 0 byte in the data. This CL
corrects that.
bug: 9073146
Merge of https://widevine-internal-review.googlesource.com/#/c/5740/
from the Widevine CDM repository
Change-Id: Iaf3e9e733f7c66c19d4168178a8e25ee0ba7e936
Upgrade to version 2.1 of license protocol in OEMCrypto.
related-to-bug: 8621521
Merge of https://widevine-internal-review.googlesource.com/#/c/4952/
from Widevine CDM repository to android repository.
Change-Id: I0d85dae1981b7525ab17aec5f21cf668d078bf47
bug: 8601053
This import syncs to the widevine git repository change
commit 6a99ad1b59ad39495f62954b3065ddc22b78da49
It includes the following changes from the widevine git
repository, which complete the jb-mr2 features
Fix Unit Test Makefile
Adds support for device certificate provisioning.
Support application parameters
Certificate based licensing
Proto for client files
Implement Property Query API
Add Device Query For Unique ID
Implement Generic Crypto in DrmEngine
Do not validate Key IDs on clear playback
Allow OEMCrypto_DecryptCTR with clear content and no key
Add a case to the MediaDrm API test to repro b/8594163
Implement requiresSecureDecoderComponent
Implement Eventing API
Add end-to-end decryption test with vectors
Refactoring of properties class
Refactor OEMCrypto unittest.
Fix for b/8567853: License renewal doesn't renew license.
Add KEY_ERROR callback to WvContentDecryptionModule() ctor.
Merged certificate_provisioning.proto and
client_identification.proto to license_protocol.proto.
Fix nonce check failure after a malformed key in OEC Mock.
asynchronize decryption
Allow querying of control information
make debugging AddKey & Decrypt statuses easier
Revert "Revert "Send KEY_ERROR event to app on license
expiration or failure""
Revert "Send KEY_ERROR event to app on license expiration
or failure"
Send KEY_ERROR event to app on license expiration or failure
remove extra session id copy
use KeyError constants directly
replace variable-length arrays with std::vector and fixed-sized array
pass session ids as const references
refactor key extraction and update keys on renewal
Updates to enable renewals and signaling license expiration.
fix error constant in OEMCrypto_DecryptCTR
Change-Id: I5f7236c7bdff1d5ece6115fd2893f8a1e1e07c50
This change incorporates the following CLs from the Widevine
cdm repository:
Update the java request/response test app to match Drm API changes
Don't build the mock liboemcrypto.so by default
Do not build CDM tests by default
Fix Build Break in DrmEngine Unit Tests
Fix Build Break in WVDrmPlugin
Initial version of roadmap for CDM projects.
Implement License Query
Implement Generic DRM in OEMCrypto Reference Implementation
Add key_data_length field when calling OEMCrypto_LoadKeys
Policy engine unittests
Generalized DRM API for OEMCrypto
Fixes proto buf libraries build.
Add Version Number to OEMCrypto API
Test key control block duration field in OEMCrypto
Add fix for missing crypto offset.
Fixed android/media*/test builds and added proto files for Cert. provisioning
Refactor and clean up callback code in CDM.
Add "device_id" name-value pair to LicenseRequest::ClientIdentification
Separate unit and end-to-end tests from the top level makefie.
Includes changes for 'fall back to l3 oemcrypto lib' in top level makefile.
Fall Back to Level 3 if Level 1 Fails
Fix compilation error in wvcdm_unittest.
Fix Android build break due to Decrypt() signature change in cdm_engine.h.
Wire up callbacks and errors in the Steel proxy.
Fix lock assert if there is no keybox on the device.
RSA Certificate Unit Test
Change Generic_Verify signature to constant.
Change-Id: I2e42db9d0b4f8d4e833675ae81d0714509bbfd2c
Builds libwvmdrmengine.so, which is loaded by the new
MediaDrm APIs to support playback of Widevine/CENC
protected content.
Change-Id: I6f57dd37083dfd96c402cb9dd137c7d74edc8f1c
