This data was generated using the code in CLs go/wvgerrit/163726 (for v16),
go/wvgerrit/171730 (for v17), and go/wvgerrit/171750 (for v18).
PiperOrigin-RevId: 535679470
Change-Id: Ib644bbed7e7329dfea30ce25d325fd0556fdb7a7
Merged from http://go/wvgerrit/175855
This includes testing overflow functions that are only used in the Widevine client repository.
This patch also includes the following fix for the previous commit:
Add type casting for ODK overflow function unit tests
Merged from http://go/wvgerrit/175893
The new ODK overflow unit tests are causing some unit test failures in oemcrypto-v18 due to mismatched type comparisons.
PiperOrigin-RevId: 535308670
PiperOrigin-RevId: 534890798
Change-Id: I8bb67e47193a92191a91c83bf8a0de61e1b87793
The core message had been throttled to only generate v17 messages because we wanted to stabilize the format before making the code live.
PiperOrigin-RevId: 524309559
Merged from https://widevine-internal-review.googlesource.com/170311
Change-Id: I2d09c9f6c73f844fd509531e86285ad71d22690f
- Replace assert with odk_static_assert for checks that can be handled
at compile time.
- Use explicit bool conversion with memcmp.
Merged from https://widevine-internal-review.googlesource.com/170414
PiperOrigin-RevId: 524277743
Change-Id: I8b32e886e780e80406afceea562be2033d75d340
The previous code fixed a backwards compatibility error for v18 provisioning requests being parsed by a v17 or older server. This bumped the minor version number to v18.1. v17 servers are still expected to fail when trying to parse v18.0 provisioning requests, and v18.1 requests will pass.
However, it did not correctly account for existing v18.0 requests on v18.1+ servers. v18.0 messages were naively detected by a failure to parse, and the parse function was not run again. This left the resulting nonce and session_id values uninitialized.
This CL fixes that by explicitly handling the v18.0 and v18.1+ cases, ensuring that the parse function succeeds and all relevant information is copied over. Furthermore, the unit test that was meant to catch this edge case has been improved to validate the resulting parsed message.
All code changes affect the server. This does not affect the client code eg OEMCrypto
PiperOrigin-RevId: 523714529
Merged from https://widevine-internal-review.googlesource.com/170110
Change-Id: I21911c4bb4304de2d93f092f356402bbd4240874
also remove `use_vndk_as_stable: true` to remove dependency to VNDK
libs.
Bug: 251299786
Test: build WV APEX with V and install it on U device
Change-Id: Ie7f7f9b699119478d4b33f95ab9e6ba7f459346c
No-Typo-Check: From a third party header file
Bug: 260918793
Test: unit tests
Test: atp v2/widevine-eng/drm_compliance
Change-Id: I36effd6a10a99bdb2399ab1f4a0fad026d607c70
In CreateCoreLicenseResponse(), there seems to be an out of bounds
potential error due to a missing check that the index used for
license_response.parsed_license->key_array is valid. Adding a check
for this here.
Bug: 217677571
Test: fuzz tests
Change-Id: I37f7228f87992ba5284c553d7b07ef97d6a66ab3
(cherry picked from commit eb711ea0ec)
[ Merge of http://go/wvgerrit/151597 ]
* missing #include <string> for 'std::string' For more info see go/clang_tidy/checks/google3-build-missing-std-includes (25 times)
* missing #include <utility> for 'std::move' For more info see go/clang_tidy/checks/google3-build-missing-std-includes (3 times)
* missing #include <algorithm> for 'std::find_if' For more info see go/clang_tidy/checks/google3-build-missing-std-includes (2 times)
* missing #include <algorithm> for 'std::sort' For more info see go/clang_tidy/checks/google3-build-missing-std-includes
This CL looks good? Just LGTM and Approve it!
This CL doesn’t look good? This is what you can do:
* Revert this CL, by replying "REVERT: <provide reason>"
* File a bug under go/clang-tidy-bug for category ClangTidyBuild if there's an issue with the CL content.
* File a bug under go/rosie-bug if there's an issue with how the CL was managed.
* Revert this CL and not get a CL that cleans up these paths in the future by
replying "BLOCKLIST: <provide reason>". This is not reversible! We recommend to
opt out the respective paths in your CL Robot configuration instead:
go/clrobot-opt-out.
This CL was generated by CL Robot - a tool that cleans up code findings
(go/clrobot). The affected code paths have been enabled for CL Robot in //depot/google3/METADATA.
Anything wrong with the signup? File a bug at go/clrobot-bug.
Bug: 236317198
Change-Id: I28f7899b5cf0637be15833659f8ba0dd6ff3ab90
[ Merge of http://go/wvgerrit/150489 ]
* missing #include <string> for 'std::string' For more info see go/clang_tidy/checks/google3-build-missing-std-includes (2 times)
This CL looks good? Just LGTM and Approve it!
This CL doesn’t look good? This is what you can do:
* Revert this CL, by replying "REVERT: <provide reason>"
* File a bug under go/clang-tidy-bug for category ClangTidyBuild if there's an issue with the CL content.
* File a bug under go/rosie-bug if there's an issue with how the CL was managed.
* Revert this CL and not get a CL that cleans up these paths in the future by
replying "BLOCKLIST: <provide reason>". This is not reversible! We recommend to
opt out the respective paths in your CL Robot configuration instead:
go/clrobot-opt-out.
This CL was generated by CL Robot - a tool that cleans up code findings
(go/clrobot). The affected code paths have been enabled for CL Robot in //depot/google3/METADATA.
Anything wrong with the signup? File a bug at go/clrobot-bug.
Bug: 236317198
Change-Id: I9ccf0ce00ee3f6f7b3a2b6ec9dedeff578535217
[ Merge of http://go/wvgerrit/148691 ]
This is a followup to OEM_CONTENT,
a custom key container that was added to Widevine server.
Bug: 193006094
Bug: 236317198
Change-Id: I82285e4e50f981e0cedf2adac5910643f34f8e46
In CreateCoreLicenseResponse(), there seems to be an out of bounds
potential error due to a missing check that the index used for
license_response.parsed_license->key_array is valid. Adding a check
for this here.
Bug: 217677571
Test: fuzz tests
Change-Id: I37f7228f87992ba5284c553d7b07ef97d6a66ab3
[ Merge of http://go/wvgerrit/144530 ]
It's time to copy all the v17 work to our main branch.
I had to re-run clang-format to match local style.
Merge from commit b14f08374f9a48aed49850cc230daf384725b15f
Fix allow_null for key control iv in L3 v17
Bug: 161477208
Test: GtsMediaTestCases on sunfish
Change-Id: I97caa851e9e65eb0e42034d2f4a28dfb7499df0d
[ Merge of http://go/wvgerrit/145289 ]
* missing #include <string> for 'std::string' For more info see go/clang_tidy/checks/google3-build-missing-std-includes
This CL looks good? Just LGTM and Approve it!
This CL doesn’t look good? This is what you can do:
* Revert this CL, by replying "REVERT: <provide reason>"
* File a bug under go/clang-tidy-bug for category ClangTidyBuild if the change looks generally problematic.
* Revert this CL and not get a CL that cleans up these paths in the future by
replying "BLOCKLIST: <provide reason>". This is not reversible! We recommend to
opt out the respective paths in your CL Robot configuration instead:
go/clrobot-opt-out.
This CL was generated by CL Robot - a tool that cleans up code findings
(go/clrobot). The affected code paths have been enabled for CL Robot in //depot/google3/METADATA.
Anything wrong with the signup? File a bug at go/clrobot-bug.
Tested:
Local presubmit tests passed.
Bug: 224375138
Test: GtsTestCases on sunfish
PiperOrigin-RevId: 426761099
Merged from https://widevine-internal-review.googlesource.com/145250
Change-Id: I5a66b6eccc2b08ee11f92f90ce3b725f24c8d33c
[ Merge of http://go/wvgerrit/138606 ]
The new error code OEMCrypto_ERROR_INVALID_KEY is to replace the now
deprecated error code OEMCrypto_ERROR_INVALID_RSA_KEY. This error code
serves the same purpose of OEMCrypto_ERROR_INVALID_RSA_KEY, but may be
appied to RSA, ECC and Twisted-Edward ECC keys. In general, this error
code is to indicate that a key is poorly formatted / unparsable, used in
an operation without allow permissions, or used in an operation that it
cannot be association (RSA signing with an ECC key).
Going forward, new OEMCrypto implementation should use
OEMCrypto_ERROR_INVALID_KEY in place of OEMCrypto_ERROR_INVALID_RSA_KEY.
The CDM will continue to support both error codes.
Bug: 201581141
Test: Testbed unit tests
Change-Id: I2cf1af33a9a1d8716eec4cc63bba52d2f4af4c1b
(This is a merge of http://go/wvgerrit/134404.)
There were two lines that were tripping Clang's `-Wshorten-64-to-32`
warning. This CL makes both conversions explicit to appease the warning.
There should be no change in behavior.
Bug: 194971260
Test: ODK Unit Tests
Change-Id: I6d111e9a4efc1f0e31b51e455c47c0e885d48e6b
(This is a merge of http://go/wvgerrit/134403.)
Reported as errors by UBSAN
Bug: 194971260
Test: Ran ODK unit tests
Change-Id: I2f38fb6952d259458af8498e86b3308421e93320
Merge from Widevine repo of http://go/wvgerrit/134728
This variable was written to, but the value was never read. Newer
compilers would complain about this. This patch removes the unused
variable.
Bug: 202400919
Change-Id: I87cae291d41b18db91a4c4f8a76edb537635db2c
Merge from Widevine repo of http://go/wvgerrit/125263
and http://go/wvgerrit/135749
Define a |major.minor| version in the
serialization layer and check for compatibility
between REE and TEE before accepting connections.
bug: 158857733
test: opk_all_tests
Change-Id: Iad44a1f50a27c6bca4959c6d41c9b361712dbde8
Merge from Widevine repo of http://go/wvgerrit/133703 and
http://ag/14707867
[ Cherry-pick of http://ag/15835345 ]
In order to use a local provisioning server, we need to use a
different test keybox system id that is in the dev device database
instead of the production database. We also need to use a local
license server that uses the dev license server.
Bug: 187646550
Test: GtsMediaTestCases
Change-Id: Ice89143dd26de22757375a770c6bac716fcbc057
Add Keybox OTA Provisioning functions to OEMCrypto header
Merge from Widevine repo of http://go/wvgerrit/133704 and
http://go/ag/14707868
Bug: 188228998
Change-Id: Iff54bc2870e87bf7239e179e1d02fbcc8df6198f
Stub build changes to support OTA Keybox
Merge from Widevine repo of http://go/wvgerrit/133725 and
http://go/ag/14781459
This CL adds a new unit test file for testing OTA keybox
reprovisioning functionality. This new test is built when running the
dynamic adapter in the linux build, and in the Android build.
Bug: 187646550
Change-Id: I625513840188f95e74831ef2ea399e827e837439
Add OTA Keybox functions to dynamic adapter
Merge from Widevine repo of http://go/wvgerrit/125843
and http://go/ag/14781460
Bug: 187646550
Change-Id: Ief78ed10599c091690e0d7dc488ea71674c763b5
Refactor dynamic adapter keybox verification
Merge from Widevine repo of http://go/wvgerrit/133727http://go/ag/14812524
The keybox validation needs to be done separately from initializing
the library so that we can support Keybox OTA Reprovisioning.
If L1 loads, but the keybox is missing, the initialization should
succeed. When the keybox is validated, the adapter should try to look
for a keybox on the filesystem. if none is found, it should either
return NEEDS PROVISIONING or an error.
Bug: 187646550
Change-Id: I34a8c365a5a5ca35c379bea827c85c749964744c
Update crypto session to use new OTA keybox functionality
Merge from Widevine repo of http://go/wvgerrit/133728 and
http://go/ag/14812525
This CL stubs out two new CryptoSession functions that call the new
OEMCrypto functions for OTA Keybox Provisioning. It builds! Yay!
It also adds a boolean needs_keybox_provisioning that is set to true
when OEMCrypto reports that it needs a keybox. This should only happen
if there is no keybox installed and oemcrypto supports provisioning.
Bug: 187646550
Change-Id: Ide9533943125aa13b8899b652b118a0b410c882c
Merge from Widevine repo of http://go/wvgerrit/122403
Re-merge of http://go/wvgerrit/105184 which was accidentally
undone by http://go/wvgerrit/107063.
Unused params are reported as warning when built in Android.
Test: Ran oemcrypto unit tests
Bug: 160734070
Change-Id: Id8384c58c8ace0b214464380fb961d108f1b5c3b
Merge from Widevine repo of http://go/wvgerrit/122223
This adds the ODK unit tests to the CE CDM tests so that they run as
part of the presubmit tests.
The test helper had some pointer problems converting a bool to a
uint32, so it has been updated to handle this correctly.
Some other tests failed comparing signed to unsigned, to these have
also been fixed.
test: ran odk_test
bug: 118657876
Change-Id: I744a1e89f4e4729c31d3f53e729984ffac1d96fd
Merge from Widevine repo of http://go/wvgerrit/121950
Remove term "Master" from "Widevine Master License Agreement".
Bug: 168562298
Change-Id: I655babf1bc447f4872f6a0f849107262be42df7a
This is a cherry pick of recent changes to OEMCrypto and ODK. Most of
these are part of the document migration to doxygen.
See http://go/wvgerrit/106005 and its parents for code reviews.
Bug: 144715340
Bug: 148232693
Bug: 167580674
Change-Id: I658f99c8117b974faed97322d61fac0f382283af
Merge from Widevine repo of http://go/wvgerrit/101243
Changed the version number to 16.3 and the date to June 1st. The
delta document has a short description of CL's added since
April 6th.
Test: documentation changes only
Bug: 157030231
Change-Id: I93c2b09d6a24efc71ed77110b115cafbd6fde1c6
Merge from Widevine repo of http://go/wvgerrit/101130https://cr/314253512
ODK Library: roll version number to 16.3
https://cr/314253425
ODK Library: Accept release request as renewal request
To support forward compatibility, the v16 server should parse a
release request as a renewal request.
https://cr/314213725
ODK: Accept larger message sizes
The ODK should accept a message size that is larger than the
current
API requires. This allows for future API versions to append
fields to
a message that current the current license SDK will
ignore.
https://cr/313962712
ODK: accept messages with future API version numbers
This CL updates the ODK parse functions to accept future versions
of
the message. This will allow a v16 server to talk to a v17
device.
https://cr/313814938
ODK Version String
Add an automatically generated version string to odk_structs.h
Bug: 157030231
Bug: 157512150
Bug: 157822248
Bug: 157512322
Test: unit tests on taimen
Change-Id: I346f73c41bc984fe17856d3b61cd08cf92b39919
Merge of http://go/wvgerrit/101183
This is a combination of multiple commits from google3:
* http://cl/313814938
ODK Version String
* http://cl/313962712
ODK: accept messages with future API version numbers
* http://cl/312219187
Ignore hash if initial load of license, and the nonce not required
(squashed into http://cl/313962712)
Test: OEMCryptoLicenseTest.LoadKeyWithNoRequest
Bug: 157822248
Bug: 156853321
Change-Id: I735d355241876bddb0c52440b0049efb72a4b26f
