[ Merge of http://go/wvgerrit/116944 ]
This change is the last part of a three part change for restructing
the root of trust used by the reference implementation.
OEM Certificates are now managed by the root of trust of the crypto
engine. Previously, OEM certs where handled separately on a session
by session basis.
Bug: 135283522
Test: oemcrypto_unittests ce_cdm_tests
Change-Id: I6cf1fa3fade28baad85b5fce57a8eab6f2ed17c1
[ Merge of http://go/wvgerrit/115551 ]
This change is the second part of a three part change for restructing
the root of trust used by the reference implementation.
The use of RSA_shared_ptr has been replaced with the standard library
std::shared_ptr using the RsaPrivateKey wrapper class. The
AuthenticationRoot class now uses this for the built-in DRM cert key.
RSA decryption and signature operations within the session context are
now performed the RsaPrivateKey class. This has reduced the code size
and complexity within the reference and testbed, focusing their
implementation on key policy and less on mechanics.
Bug: 168544740
Bug: 135283522
Test: oemcrypto_unittests ce_cdm_tests
Change-Id: Ic743a529a9858f3182290d8bcf5e1633737b005b
[ Merge of http://go/wvgerrit/115550 ]
This change is the first part of a three part change for restructing
the root of trust used by the reference implementation.
The API of the AuthenticationRoot class has been updated to reflect
the OEMCrypto functions that relate to the root of trust. This
involves changing the keybox and DRM Cert methods and adding in new
stubs for OEM Certificates.
The WvKeybox now uses a RAII-like interface to ensure that keyboxes
are provisioned correctly or not at all.
Bug: 135283522
Test: oemcrypto_unittests ce_cdm_tests
Change-Id: I3f2baf29c1022e1806b6196fa6650d761785c626
[ Merge of http://go/wvgerrit/119806 ]
This change replaces all calls for base64 encoding which first converts
a string to a vector. The new base64 encoding function allow for
encoding binary data contained within strings.
Bug: 181732604
Test: Android unittests
Change-Id: Ibfe79dba99e6a2ee2f2a96e85b62fbd22519aea7
[ Merge of http://go/wvgerrit/119805 ]
This change adds 3 new functions for encoding binary data from a C++
string to a base64 encoded ASCII string.
The CDM and protobuf generated code use C++ strings to store binary
data. These binary strings are commonly converted into a base64
encoded ASCII string for logging and for returning to the app.
This change also cleans up some of the internal components of the
string_conversions library to use several standard library C++11
method.
Bug: 181732604
Test: CE CDM unittests
Change-Id: I547568c6402e011344260f2df2a06e972122ab8a
[ Merge of http://go/wvgerrit/120512 ]
Wrapped DRM private keys are loaded when a key request is made or when
offline/usage sessions are restored. They were earlier loaded when a
session was opened.
For streaming sessions, key material will be fetched from the default
or legacy certificates and loaded when a key request is made.
For offline and usage sessions, key material may be retrieved from
license or usage records if available. If not available, information
associated with the legacy certificate will be loaded.
Certificate and wrapped keys are also written out when an offline
license or usage record is saved.
Bug: 169740403
Test: WV unit/integration tests
WvCdmRequestLicenseTest.ProvisioningWithExpiringCertTest
WvCdmRequestLicenseTest.StreamingWithExpiringCertTest
WvCdmRequestLicenseTest.RestoreOfflineKeysWithExpiringCertTest
Change-Id: Ice0154c632170c46da171cbbb23a97380c610a98
[ Merge of http://go/wvgerrit/120509 ]
Certificates and wrapped key material are stored in the usage information
file but apart from usage information records. Usage info records include
an identifier which indicates the associated certificate. Routines to
help with finding, inserting or removal of associated certificates have
been included. After a usage entry is deleted, a garbage collection
routine is run to remove any certificates not used by usage infomation
records.
Bug: 169740403
Test: WV unit/integration tests
Change-Id: I49075a7704a58c2488b73eb7c38b007958af566d
[ Merge of http://go/wvgerrit/120508 ]
Offline licenses will now store the DRM certificate information. This
allows for expired certificates to be deleted and replaced without
losing the ability to use offline licenses.
Bug: 169740403
Test: WV unit/integration tests
DeviceFilesTest.RetrieveLicenses
DeviceFilesTest.StoreLicenses
Change-Id: Ic0de6328d32e0000d1b58c81019e6c2227278cc4
[ Merge of http://go/wvgerrit/120510 ]
* Added some comments to clarify which clock times are computed at the
client and at the provisioning service. More detail is present in the
device_files.proto
* Moved helper methods |SetDeviceCertificate| and
|ExtractFromDeviceCertificate| from class methods to anonymous
namespace
* Removed some commented out code
Bug: 169740403
Test: WV unit/integration
Change-Id: Ic263f3dfe296fff6d9b5380b2e7c663d87022cb2
[ Merge of http://go/wvgerrit/120445 ]
Switch TestHost and FakeClock to use chrono::system_clock (wall time)
rather than chrono::steady_clock (ticks since boot time).
Bug: 183160800
Test: CE CDM tests
Change-Id: I6ef4c02c01ff96453847ee8f42e6037c298866b5
