Merge from Widevine repo of http://go/wvgerrit/110024
The document now has a date for the R release, and talks about 16.4.
It also more clearly describes how the CDM matches the HIDL interface
version, not the Android OS version.
Test: Doc change only
Bug: 169155700
Change-Id: I463642fbb779388a2ff7758db1a03d998e89510c
Merge from Widevine repo of http://go/wvgerrit/121790
Some unit tests expected OEMCrypto to be the latest ODK version,
but we do not require this for v16.
Bug: 184905579
Change-Id: Iccdbcc0b28587aad79a2a63d8c39a564a47fb585
Merge from Widevine repo of http://go/wvgerrit/121886
This CL merges some changes from branch rvc-dev to sc-dev
that prepared it for merge.
One change is that the unit tests now say they are part of
Android S instead of R.
Bug: 180546871
Change-Id: I2ebbd8f7b8586389ebb75f3743a2dc2ad8caa214
This CL adds AllocateSecureBuffer and FreeSecureBuffer to the list of
function names that are obfuscated. It also corrects some spelling and
formatting in OEMCrypto headers. This is still version 16.4.
Merge from Widevine repo of
http://go/wvgerrit/115803http://go/wvgerrit/111104http://go/wvgerrit/108703http://go/wvgerrit/108703
Bug: 139814713
Bug: 141202789
bug: 168634557
bug: 168635928
bug: 168637230
bug: 168639188
Change-Id: I6f06549b2cf104c6751b2947964569e974fcdcd2
Merge from Widevine repo of http://go/wvgerrit/120903
Some comments in the duration tests had stale numbers in them. This
was fixed.
Also, the tests CdmUseCase_LicenseDuration were failing with a v16 CDM
and a v15 OEMCrypto because the exact cutoff time is different in
those two cases. That is exactly why specifying the license duration
is not recommended. The tests have been modified to handle both
acceptable behaviors.
Bug: 182237739
Change-Id: I05765beacfe69d02e7366bb3f651f0d5888ab3e5
Merge from Widevine repo of http://go/wvgerrit/121883
There was a problem in the v16.3 header that did not rename
OEMCrypto_AllocateSecureBuffer to _oecc109 or
OEMCrypto_FreeSecureBuffer to _oecc110. These functions are only used
in testing.
This changes the dynamic adapter to accept either name for those
functions.
Bug: 171121061
Change-Id: I30121c7524e8db580ba85f3e686a7a7c429d80a9
[ Merge of http://go/wvgerrit/121566 ]
This clean up is part of a larger usage table initialization fix.
Bug: 169195093
Change-Id: I3ee818d1e5621f1f2fa64b189da4e66503d5e680
[ Merge of http://go/wvgerrit/116944 ]
This change is the last part of a three part change for restructing
the root of trust used by the reference implementation.
OEM Certificates are now managed by the root of trust of the crypto
engine. Previously, OEM certs where handled separately on a session
by session basis.
Bug: 135283522
Test: oemcrypto_unittests ce_cdm_tests
Change-Id: I6cf1fa3fade28baad85b5fce57a8eab6f2ed17c1
[ Merge of http://go/wvgerrit/115551 ]
This change is the second part of a three part change for restructing
the root of trust used by the reference implementation.
The use of RSA_shared_ptr has been replaced with the standard library
std::shared_ptr using the RsaPrivateKey wrapper class. The
AuthenticationRoot class now uses this for the built-in DRM cert key.
RSA decryption and signature operations within the session context are
now performed the RsaPrivateKey class. This has reduced the code size
and complexity within the reference and testbed, focusing their
implementation on key policy and less on mechanics.
Bug: 168544740
Bug: 135283522
Test: oemcrypto_unittests ce_cdm_tests
Change-Id: Ic743a529a9858f3182290d8bcf5e1633737b005b
[ Merge of http://go/wvgerrit/115550 ]
This change is the first part of a three part change for restructing
the root of trust used by the reference implementation.
The API of the AuthenticationRoot class has been updated to reflect
the OEMCrypto functions that relate to the root of trust. This
involves changing the keybox and DRM Cert methods and adding in new
stubs for OEM Certificates.
The WvKeybox now uses a RAII-like interface to ensure that keyboxes
are provisioned correctly or not at all.
Bug: 135283522
Test: oemcrypto_unittests ce_cdm_tests
Change-Id: I3f2baf29c1022e1806b6196fa6650d761785c626
[ Merge of http://go/wvgerrit/119806 ]
This change replaces all calls for base64 encoding which first converts
a string to a vector. The new base64 encoding function allow for
encoding binary data contained within strings.
Bug: 181732604
Test: Android unittests
Change-Id: Ibfe79dba99e6a2ee2f2a96e85b62fbd22519aea7
[ Merge of http://go/wvgerrit/119805 ]
This change adds 3 new functions for encoding binary data from a C++
string to a base64 encoded ASCII string.
The CDM and protobuf generated code use C++ strings to store binary
data. These binary strings are commonly converted into a base64
encoded ASCII string for logging and for returning to the app.
This change also cleans up some of the internal components of the
string_conversions library to use several standard library C++11
method.
Bug: 181732604
Test: CE CDM unittests
Change-Id: I547568c6402e011344260f2df2a06e972122ab8a
[ Merge of http://go/wvgerrit/120512 ]
Wrapped DRM private keys are loaded when a key request is made or when
offline/usage sessions are restored. They were earlier loaded when a
session was opened.
For streaming sessions, key material will be fetched from the default
or legacy certificates and loaded when a key request is made.
For offline and usage sessions, key material may be retrieved from
license or usage records if available. If not available, information
associated with the legacy certificate will be loaded.
Certificate and wrapped keys are also written out when an offline
license or usage record is saved.
Bug: 169740403
Test: WV unit/integration tests
WvCdmRequestLicenseTest.ProvisioningWithExpiringCertTest
WvCdmRequestLicenseTest.StreamingWithExpiringCertTest
WvCdmRequestLicenseTest.RestoreOfflineKeysWithExpiringCertTest
Change-Id: Ice0154c632170c46da171cbbb23a97380c610a98
[ Merge of http://go/wvgerrit/120509 ]
Certificates and wrapped key material are stored in the usage information
file but apart from usage information records. Usage info records include
an identifier which indicates the associated certificate. Routines to
help with finding, inserting or removal of associated certificates have
been included. After a usage entry is deleted, a garbage collection
routine is run to remove any certificates not used by usage infomation
records.
Bug: 169740403
Test: WV unit/integration tests
Change-Id: I49075a7704a58c2488b73eb7c38b007958af566d
[ Merge of http://go/wvgerrit/120508 ]
Offline licenses will now store the DRM certificate information. This
allows for expired certificates to be deleted and replaced without
losing the ability to use offline licenses.
Bug: 169740403
Test: WV unit/integration tests
DeviceFilesTest.RetrieveLicenses
DeviceFilesTest.StoreLicenses
Change-Id: Ic0de6328d32e0000d1b58c81019e6c2227278cc4
[ Merge of http://go/wvgerrit/120510 ]
* Added some comments to clarify which clock times are computed at the
client and at the provisioning service. More detail is present in the
device_files.proto
* Moved helper methods |SetDeviceCertificate| and
|ExtractFromDeviceCertificate| from class methods to anonymous
namespace
* Removed some commented out code
Bug: 169740403
Test: WV unit/integration
Change-Id: Ic263f3dfe296fff6d9b5380b2e7c663d87022cb2
[ Merge of http://go/wvgerrit/120445 ]
Switch TestHost and FakeClock to use chrono::system_clock (wall time)
rather than chrono::steady_clock (ticks since boot time).
Bug: 183160800
Test: CE CDM tests
Change-Id: I6ef4c02c01ff96453847ee8f42e6037c298866b5
[ Merge of http://go/wvgerrit/120123 ]
DRM certificate creation and expiration times are now validated.
* New DRM (default) certificates will have an expiration time specified
by the provisioning service.
When stored, the client will include the time the certificate was
received. This allows for expiration calculation to occur when client
and provisioning service clocks are out of sync.
When read out, creation, expiration and acquisition times are
validated. The certificate is checked for expiry by making sure
that the time at the client since the license was acquired is not
greater than the expiration period. The time information stored at the
client may be tampered with. The license service will perform an
expiration check and reject the license request if tampered with.
The expiration time may be set to never expires/unlimited. This is not
a valid value for creation or acquisition time.
* Pre-existing (legacy) certificates from upgrading devices will not
have an expiration time set by the provisioning service. Instead
the client will calculate an expiration time 6 months with + or -
a random two month period in the future. This is stored along with the
certificate.
When read out, if no expiration time has been set by the client, one
will be calculated and written out. The certificate will be declared as
valid. If a client calculated expiration time is present, the
certificate will be validated. In case of tampering, the license service
can reject license requests and force reprovisioning when appropriate.
* ATSC certificates will continue to not have an expiration time.
No additional validation is required.
Other changes for non-ATSC licenses involve managing both default and
legacy certificate co-existance. When checking for DRM certificates,
the default certificate is attempted first. This is followed by a check
for the legacy certificate, if the default certificate is not present.
Bug: 169740403
Test: WV unit/integration tests
DeviceFilesTest.StoreCertificateInvalidParams
DeviceFilesTest.RetrieveAtscCertificate
DeviceFilesTest.RetrieveAtscCertificateNotFound
DeviceFilesTest.RetrieveCertificateInvalidParams
DeviceFilesTest.RetrieveLegacyCertificateWithoutExpirationTime
DeviceFilesTest.RetrieveLegacyCertificateWithClientExpirationTime
DeviceFilesTest.RetrieveLegacyExpiredCertificateByClientExpirationTime
DeviceFilesTest.RetrieveLegacyCertificateInvalidClientExpirationTime
DeviceFilesTest.RetrieveCertificateWithoutKeyType
DeviceFilesTest.RetrieveDefaultCertificate
DeviceFilesTest.RetrieveDefaultCertificateNeverExpires
DeviceFilesTest.HasCertificateAtsc
DeviceFilesTest.HasCertificateDefault
DeviceFilesTest.HasCertificateLegacy
DeviceFilesTest.HasCertificateNone
CertificateTest.StoreCertificateTest.DefaultAndLegacy/*
CertificateTest.RetrieveLegacyCertificateTest.ErrorScenarios/*
CertificateTest.RetrieveDefaultCertificateTest.ErrorScenarios/*
Change-Id: I7dbec7555fbd493c1ec61c6bb5d9428a2405b1fd
[ Merge of http://go/wvgerrit/119843 ]
Creation and expiration times are extracted from the device DRM
certificate. They are reported as
* -1 if not set in the proto
* 0 if unlimited
* positive number otherwise
Bug: 169740403
Test: WV unit, integraiton tests
Change-Id: I9463954dfeb82b6a88ff5d608ed74d20f2424e83
[ Merge of http://go/wvgerrit/119684 ]
This allows for a default DRM certificate that includes an expiration
time and a legacy one without for each app+origin specific identifier.
Existing offline licenses/secure stops are not associated with a
certificate, and so we cannot delete legacy certificates even after
fetching a new one. New offline licenses/secure stops will be associated
with certificate information, so we will not have this problem going
forward.
Bug: 169740403
Test: WV unit/integration tests
Change-Id: I0f08f6bf98775fd43927243dc4a9f75f21bfbbcc
[ Merge of http://go/wvgerrit/119644 ]
This change includes additional fields in DeviceCertificate, License and
UsageInfo.
New DRM certificate will include a creation and expiration time.
In addition acquisition_time_seconds will allow the client to calulate
expiration time even when client and provisioning service clocks
are not in sync.
expiration_time_seconds will allow clients to expire DRM certificates
that do include an expiration time. A random value within a window
(4-8 months after update) will be calculated to avoid
a provisioning storm.
Drm certificate will be added to offline licenses. In a future release,
licenses will be removed on expiry and the certification information
that needs to be sent to the license service will be reduced.
This should reduce space overhead.
UsageInfo will use a certificate cache in case multiple usage info
entries use the same DRM certificate.
Bug: 169740403
Test: WV unit/integration tests
Change-Id: I2f34a1df526fa8168162a1b1ea930a2f257b87cd
[ Merge of http://go/wvgerrit/119804 ]
The coverage framework used by Android requires the process to call
exit() for coverage information to be dumped after the tests.
Android unit tests have been adapted to use the a new main module.
The core test_main.cpp used by integration tests has been updated to
call exit().
Bug: 138941105
Test: Linux and Android unittests
Change-Id: Ifffc7b8290c50dffe527738a36547c1d2fb90bd3
