This is a cherry pick of recent changes to OEMCrypto and ODK. Most of
these are part of the document migration to doxygen.
See http://go/wvgerrit/106005 and its parents for code reviews.
Bug: 144715340
Bug: 148232693
Bug: 167580674
Change-Id: I658f99c8117b974faed97322d61fac0f382283af
[ Merge of http://go/wvgerrit/105025 ]
Clang and GCC allow for warnings against the arguments for printf-like
functions (e.i. LOGx). These validate that the format type specified
in the format string match the corresponding argument type.
Most of the time, format specifer errors are benign; hence why they
haven't been seen as an error so far. However, with the enabling of
specifier warnings and the enabling of warnings as errors on certain
platforms, these existing errors need to be addressed.
This CL enables format specifier warnings for most of the Widevine
code, with the OEMCrypto L3 implementation which has a single error
which requires a fix in the haystack code before being fixed in the
Widevine branch.
Strict format string warnings are not enabled for non-LP64 systems.
Bug: 137583127
Test: Compiled for Linux and Android
Change-Id: I051398332d31a20457b86563a90ad8f6d428445f
Merge from Widevine repo of http://go/wvgerrit/101905
The reference OEMCrypto should not be built as part of Android.
Test: Builds
Bug: 146361995
Change-Id: Ic25e6e567fcac519636f64dabc0d59b3df78990e
Merge from Widevine repo of http://go/wvgerrit/100110
The unit test TimeRollbackPrevention was broken for several
reasons. This CL reduces the test to its most basic functionality and
updates it to be compatible with a v16 oemcrypto.
This CL also adjusts the fake clock used by the buildbot to fake
sleeping backwards, so that the TimeRollbackPrevention test can also
be run on the buildbot.
Bug: 155773482
Bug: 79422351
Test: unit tests on buildbot, and on flame w/v16 modmock
Change-Id: I3027018b17b738281989e63ae6b0729757217d05
Merge from Widevine repo of http://go/wvgerrit/100385
The map now contains unique_ptr instead of raw pointers
to ensure the memory is released.
Bug: 156780432 OEMCrypto Fuzzing: Fix OEMCrypto Memory Leak.
Test: oemcrypto reference code only
Change-Id: I78054f9207399f052d6e4bfdfa96824f6e050bac
Merge from Widevine repo of http://go/wvgerrit/96843
This CL modifies the system time used by the reference OEMCrypto so
that it recovers from a clock rollback. When the clock rolls back, it
now adjusts the current time and continues forward. This is needed
when running unit tests on some platforms that reset the clock at
the beginning of a test.
Bug: 152649427
Test: unit tests on buildbot. (No production code on Android)
Change-Id: I7edcdc0cd4e5938c9a54e745d3a0e008f9eb13ed
Merge from Widevine repo of http://go/wvgerrit/96783
This CL updates the reference code, unit tests, and adapter to use the
new v16 function OEMCrypto_LoadDRMPrivateKey. This is just an API
change to allow ECC support in the future. The reference code does not
yet support ECC certificates, and the CDM code assumes that all
certificates have an RSA key.
Bug: 152558018
Test: unit tests on taimen and w/v16 mod mock.
Change-Id: I0793b416513b81b3d74849f0b58dbdc91f075ac6
Merge from Widevine repo of http://go/wvgerrit/96508
This adds a unit test for to verify that a preloaded license may be
loaded into OEMCrypto. A preloaded license is a license that does not
have a nonce, and for which there is no license request. This is used
in CAS and ATSC.
I also updated the test version string to
OEMCrypto unit tests for API 16.2. Tests last updated 2020-03-27
Bug: 144105097
Test: ran oemcrypto unit tests on taimen and with v16 modmock.
Change-Id: I6a4926917f36a084d15defa7b908d067612c4dcf
(This is a merge of http://go/wvgerrit/96226.)
This patch does a number of different things in order to re-enable the
CDM to use OpenSSL 1.1.0+ out of the box, instead of just BoringSSL:
* To support https://cryptography.io/, BoringSSL has reimplemented just
enough of the OpenSSL PKCS7 API that we can fulfill our purposes with
code that works on either library. This patch replaces code in
privacy_crypto_boringssl.cpp and oec_session_util.cpp that was only
compatible with BoringSSL with code that also works in OpenSSL.
* Replaces code in oec_session_util.cpp that used the deprecated OpenSSL
1.0.0 API with OpenSSL 1.1.0-compatible code. This code previously
worked on BoringSSL because they have not yet removed the OpenSSL
1.0.0 functions, even though they also implemented the 1.1.0 API.
* Replaces openssl/mem.h (which does not work in OpenSSL 1.1.0 and
higher) with openssl/crypto.h. (which works in all OpenSSL and
BoringSSL releases) This does not require any function code changes.
* The OID-comparison code in privacy_crypto_boringssl.cpp was using
BoringSSL-exclusive functions to convert OBJ-format OIDs to text.
Conversion functions that work on either library exist. However, the
new code uses a different technique instead, pre-converting the
passed-in OID to OBJ format. This allows it to be compared to the
certificate directly, avoiding converting every certificate extension
OID to text.
* Allows the selection of "openssl" as the privacy_crypto_impl and adds
a variable to configure OpenSSL. More will follow in future patches
as more configurations of OpenSSL are supported.
Bug: 140053043
Test: CE CDM Unit Tests
Test: CE CDM Unit Tests w/ the x86-64 Platform Reconfigured to OpenSSL
Test: Android Unit Tests
Change-Id: I57cebbbfb59e0bcab85b589b98fb9ffd18885415
Merge from Widevine repo of http://go/wvgerrit/95945
The reference oemcrypto and testbed still use old style pointers, even
though we now require a more modern C++ compiler. Updated a few places
where smart pointer would be appropriate.
Bug: 141393616
Test: Ran unit tests
Change-Id: I8b1e155bce241075928e373478d6f8e1001233f9
(This is a merge of http://go/wvgerrit/93829,
http://go/wvgerrit/93830, http://go/wvgerrit/93832,
http://go/wvgerrit/93833, and http://go/wvgerrit/93834 from the
Widevine repo.)
This implements the CDM code changes necessary to take advantage of
Combined Decrypt Calls on OEMCrypto v16. The result of this is that
WVCryptoPlugin is much lighter now because it can pass the full sample
down to the core in one call, but CryptoSession is heavier, as it now
has to handle more complex fallback logic when devices can't handle
multiple subsamples at once.
This patch also removes support for the 'cens' and 'cbc1' schema, which
are being dropped in OEMCrypto v16. This fixes an overflow in the code
for handling those schemas by removing it entirely.
This patch also fixes the "in chunks" legacy decrypt path to use larger
chunk sizes on devices with higher resource rating tiers.
Bug: 135285640
Bug: 123435824
Bug: 138584971
Bug: 139257871
Bug: 78289910
Bug: 149361893
Test: no new CE CDM Unit Test failures
Test: Google Play plays
Test: Netflix plays
Test: no new GTS failures
Change-Id: Ic4952c9fa3bc7fd5ed08698e88254380a7a18514
[ Merge of http://go/wvgerrit/93505 ]
During the merge process there were a few CL comments (ag/10122083)
that were not able to be addressed. Most changes in the CL are
spelling / grammar corrections.
Bug: 148907684
Bug: 141247171
Test: CDM unit tests
Change-Id: I9a8648525bbe5ed319521ebf01741a958ab69ae2
Merge from Widevine repo of http://go/wvgerrit/93404
This is the unit tests, reference code, and documentation for
OEMCrypto v16.2. Backwards compatibility should work for a v15
OEMCrypto.
Some review comments will be addressed in future CLs.
Bug: 141247171
Test: Unit tests
Test: Media GTS tests on bonito
Change-Id: I9d427c07580e180c0a4cfdc4a68f538d351c0ddd
Merge of http://go/wvgerrit/93404
This CL updates the Widevine CDM to support OEMCrypto v16.1
Test: Tested in 16.2 CL
Bug: 141247171
Change-Id: I69bd993500f6fb63bf6010c8b0250dc7acc3d71b
Replace libcrypto with libcrypto_static, which can be protected through
visibility to ensure only modules that don't affect FIPS certification
can use it.
Bug: 141248879
Test: m checkbuild
Change-Id: I53757b813fe2984261a3bde963cac1886523dfdf
Merge from Widevine repo of http://go/wvgerrit/79243
Modify failures for LoadKeyWithSuspiciousIV and SelectKeyNotThereAPI15
This turns on some unit tests that were disabled for Q release.
Merge from Widevine repo of http://go/wvgerrit/77948
Mod Mock: Dump entitlement keys - this allows some logging when
running in a test environment.
Merge from Widevine repo of http://go/wvgerrit/75763
Refactor OEMCrypto Decrypt Tests
This CL refactors the oemcyrpto decryption tests. A bunch of boiler
plate code was moved to a common test setup. Also, buffer handling
was streamlined so that it will be easier to use these test with
secure output buffers.
Bug: 131281966
Bug: 129432708
Test: unit tests
Change-Id: Iebf62611a16e0a4def9c4daed1c6cdf12686ba74
Merge from Widevine repo of http://go/wvgerrit/77609
For v15.2 we require that nonces not collide across sessions and there are
restrictions placed on the mac key's IV in LoadKeys.
Test: ran unit tests on reference code
Bug: 131325434
Bug: 131326334
Change-Id: I1bb01c30d8c15d66d762c28b57d7700c44daa835
Merge from Widevine repo of http://go/wvgerrit/78144
This CL verifies that LoadKeys cannot be called twice a second time in
an OEMCrypto session.
Bug: 131359743
Test: unit tests on refernce code and taimen
Change-Id: I3da1c7639ed163799ee5996fd9f7f8b427c7ed30
Merge from Widevine repo of http://go/wvgerrit/72392
This adds the ability of the reference code to set the maximum output
buffer size error discussed in the Recoverable Errors section of
http://go/wvdelta15
Bug: http://b/120572363 Add Recoverable Errors (mod mock)
Change-Id: I688caca22929e29b3548c3f7d1df5de5bd37bfa1
Merge from Widevine repo of http://go/wvgerrit/72388
The unreleased oemcrypto test code has been modifed to keep a
singleton for the life of the process. In order to do that, several
functions in the reference code have been made virtual, and some
initialization and termination has been moved from the constructor and
destructor to Initialize and Terminate.
Bug: http://b/120572363 Add Recoverable Errors (mod mock)
Test: unit tests
Change-Id: I300559195567a537c0700167514be0ea42363695
Merge from Widevine repo of http://go/wvgerrit/72386
This CL changes reference and testbed OEMCyrpto only.
Updates the logging of the key control block for testing by adding new
bits to log and cleaning up the format.
Also, update access to entitlement keys so that they can also have
their key control block logged in tests.
Test: reference and test code only.
Bug: http://b/113594182 Full Decrypt Path Testing - Top Level
Bug: http://b/68648263 Log Key Control Block
Change-Id: I259d6f29eceb9f097640aa50f43443e308797f69
(This is a merge of http://go/wvgerrit/70303)
This adds a platform.h file to abstract some of the differences
between Windows and POSIX platforms. This includes ntohl, setenv,
and ssize_t.
Bug: 122953649
Test: Android Unit Tests
Change-Id: I3235f3f284b53d24d7365ff3f4a06dcd9b403697
[ Merge of http://go/wvgerrit/70203 ]
The earlier property_get() method had a limitation on property length.
Properties of some new devices exceed that length. An error message
is returned rather than a truncated string. Replace its use with
android::base::GetProperty() which does not have a length limitation.
Bug: 115358798
Test: WV unit/integration tests
Change-Id: I46ce9a7e77bcd031225d0082f83c57d484fe5405
Bug: b/119881112
Merge of http://go/wvgerrit/68983
Test: Android + Linux tests for ref and L3
This CL removes tests from OEMCrypto that test shared license
functionality and code in the ref and L3 that handle shared licenses.
Change-Id: Ia11510d8db3fa6e471a4ebbdb371fd76b0812984
Merge from Widevine repo of http://go/wvgerrit/68464
The Full Decrypt Path Testing design has changed to remove
OEMCrypto_InitializeDecryptHash. This CL updates the unit tests and
reference code.
Bug: 120795057
Test: unit tests
Change-Id: Iee28fa9034dc21cee81c5b894c192e260375eeee
[ Merge of http://go/wvgerrit/67985 ]
Now that we can use C++11, we should use the cross-platform types for
clocks instead of the platform-specific versions.
Test: WV unit/integration tests.
Change-Id: I50318e3d1caf9e814f33f497f83c19c9f3c154a1
[ Merge of http://go/wvgerrit/67984 ]
Getting the address of the first element is invalid when the size is
0. Calling data() is valid when the size is zero so long as we
don't use the resulting pointer. This is important when we pass the
pointer to low-level functions like memcpy.
Also, MSVC is stricter about this and doesn't allow indexing the 0-th
element when it is empty. But GCC/Clang seem to be fine with it so
long as the object isn't used.
Test: WV unit/integration tests
Change-Id: Ic5d11da41dd3a185a63f86a6ea91e9b954fd699a
[ Merge of http://go/wvgerrit/67923 ]
Before, all symbols were being exported in the dynamic library. Now
only the public symbols are. This no longer has the unit tests load
the dynamic library, so we lose testing the dynamic integration; but
the unit tests use a lot of internals, even the top-level CDM ones.
Bug: 69271232
Bug: 69548115
Test: WV unit/integration tests
Change-Id: I62919937277ec785aca1f8b36b28caa2f9d8f3ea
[ Merge of http://go/wvgerrit/67884 ]
Now that we can use C++11, we should use the cross-platform std::mutex
type, not the custom pthread version.
Bug: 111850982
Test: WV unit/integration tests
Change-Id: If2fde2836826c5184609e6b1f3a6511206bd4594
* changes:
Changes to adapter + gyp to support v15
Add full decrypt path testing functionality to Level 3
Update pointers to substrings in Level 3
Update level 3 reference API for v15
Bug: b/117558570
Test: Android, CE CDM, and Linux tests
Merge of http://go/wvgerrit/67566
This CL adds changes to support the Level 3 upgrade to v15 with both the
dynamic and static adapters. It also rearranges the wvcrc.cpp files so
that the tests have their own copy and Level 3 can just use the one in
ref/src.
Change-Id: Ieee2859601881aa1800622454e6ce0345eb94aa7
(This is a merge of http://go/wvgerrit/66625)
Google C++ Style dictates that methods which override base class or
interface methods should be declared "override" but not "virtual". Since
our codebase has not had access to "override" until now, many of our
classes do not follow this rule. I've updated as many places as I could
find to follow Google C++ Style, which should hopefully help us catch
errors better in the future.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: Ic23e2e482e967256da306791532b5fec7b81b2f2
Bug: b/119276649
Merge from: http://go/wvgerrit/66367
Test: Android, CE CDM, Linux unit tests
The FileSystem interface as it exists expects an Open for a file and
then a Close when finished. However, the Close doesn't delete the file
itself and depending on the platform, the underlying impl_ as well,
leading to a memory leak. To fix this leak as well as harden against
future memory issues, this change refactors the interface to shift away
from raw pointers and towards smart pointers.
Change-Id: I7a7132ea95cd3775796a540f510b698f4f27dd24
Merge from master branch of Widevine repo of http://go/wvgerrit/66080
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64002
This CL updates OEMCrypto reference code and unit tests to support full decrypt
path testing.
Test: unit tests
Test: tested as part of http://go/ag/5501993
Bug: 34078913
Change-Id: Ia67374599d6619698a336f41513068ad04294e7f
Merge from master branch of Widevine repo of http://go/wvgerrit/66079
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/65662
This CL forces OEMCrypto_Initialize to be called before OEMCrypto_GetRandom is
called in the reference code.
Bug: 34847139
Test: tested as part of http://go/ag/5501993
Change-Id: Ibb94e2fdc11cdb43c2c7bd2a3379f87b0155479a
Merge from master branch of Widevine repo of http://go/wvgerrit/66078
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64022
This CL updates OEMCrypto ref code, unit tests, and core code for
setting the sandbox id before initializing OEMCrypto.
Test: unit tests only
Test: tested as part of http://go/ag/5501993
Bug: 115834255
Change-Id: Id9831680fe4db1c69413815931cae4bc80df0c01
Merge from master branch of Widevine repo of http://go/wvgerrit/66077
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64562
Bug: b/78357351
b/62058202 addressed issues with the Level 3 OEMCrypto in guarding
against rollback. This change does something similar for the ref, so
that OEMCrypto vendors have rollback-prevention code they can refer to.
Test: linux/ce cdm unit tests
Test: tested as part of http://go/ag/5501993
Change-Id: I76128c5def2615ecbdbe94e3af1fec4a025be8c1
Merge from master branch of Widevine repo of http://go/wvgerrit/66073
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64083
As part of the update to v15, LoadKeys, RefreshKeys, and
LoadEntitledContentKeys should all use offsets and lengths into the
message rather than a pointer for its parameters. The CDM, tests,
adapters, and OEMCrypto implementations are changed to reflect this.
Test: tested as part of http://go/ag/5501993
Bug: 115874964
Change-Id: I981fa322dec7c565066fd163ca5775dbff71fccf
Merge from master branch of Widevine repo of http://go/wvgerrit/66072
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63764
This adds the function OEMCrypto_ResourceRatingTier to the oemcrypto referenece
code, dynamic adapter, and unit tests.
Bug: 117110800
Test: tested as part of http://go/ag/5501993
Change-Id: Idf47af405f0c69601108b75c788a97b30abdb39d
Merge from master branch of Widevine repo of http://go/wvgerrit/66070
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63662
To make the threading model more clear, CopyBuffer is now a session function.
This means we need to pass in which session the current thread locks.
Test: unit tests.
Test: tested as part of http://go/ag/5501993
Bug: 113680369
Change-Id: I2fdd2cfcaab99f3793950b3845941463675f5e4c
