Merge of several CLs from the widevine repo.
Merge from widevine repo of http://go/wvgerrit/22440
Build OEMCrypto v12 Haystacks with cache flush
level3/mips/libwvlevel3.a Level3 Library 4465 Nov 29 2016 13:34:45
level3/arm/libwvlevel3.a Level3 Library 4445 Nov 29 2016 14:02:08
level3/x86/libwvlevel3.a Level3 Library 4464 Nov 29 2016 14:22:21
Merge from widevine repo of http://go/wvgerrit/22403
Pull cache flush out of Haystack
Merge from widevine repo of http://go/wvgerrit/21145
OEMCrypto v12 stubs -- just the header file changes.
Merge from widevine repo of http://go/wvgerrit/21146
Add OEMCrypto v12 functions to profiler
This CL adds the new oemcrypto v12 functions for provision 3.0 to the
list of profiler functions.
Merge from widevine repo of http://go/wvgerrit/21143
OEMCrypto v12 adapter
This CL updates the oemcrypto dynamic and static adpaters to include
oemcrypto v12 funtionality. It adds the three new Provisioning 3.0
functions.
It also adds code in the initialization routine to null out all of
the function pointers if any of them fail to load. It is better to
fall back to level 3 than to use an inconsistent level 1.
b/31528025
Change-Id: I3579dc93e00ad7e7c743beecdd8291eac557d4e4
Merge from widevine repo of http://go/wvgerrit/21710
This is the header changes for OEMCrypto v12. This includes
Provisioning 3.0 changes.
This CL was split off from http://go/wvgerrit//18603 because that
review is now concentrating on clarification and wording issues.
This CL is just for the header, and API changes.
Change-Id: I7cc423726433dcac9fb907246b6b6dd64f5c3367
Merge from widevine repo of http://go/wvgerrit/21521
On devices that use provisioning 3.0, the function
OEMCrypto_GenerateSignature will only be used for a license renewal.
This CL adds a call to OEMCrypto_GenerateSignature to the refresh key
tests. Otherwise, there would be no coverage at all for that
function.
Change-Id: Icbd568eea3f9f256cc9b0b441f7907b316bb5b69
Merge from widevine repo of http://go/wvgerrit/21141
All of the decrypt calls and the SelectKey call should return
OEMCrypto_ERROR_KEY_EXPIRED on error. This CL updates the oemcrypto
unit tests, reference mock, and level 3 code.
b/28294273
Change-Id: I7ac6a3652e0b2fe5a46071e1c2eda00daeed7a33
Merge from widevine repo of http://go/wvgerrit/21560
For OEMCrypto v12 we explicitly require OEMCrypto_GetRandom to handle
buffers up to 32 bytes long. This CL relaces the use of GetRandom
with openssl's RAND_psuedo_bytes to fill test vectors.
b/31464102
Change-Id: Ia0006b92bb12b98e9c130068dbb31b5f67281de2
Merge from widevine repo of http://go/wvgerrit/21260
This CL adds some oemcrypto unit tests for various buffer sizes, as
described in b/28887904 and the OEMCrypto v12 specification.
Encryption and Decryption buffers can be 100k large. License request
and response messages can be 8k. A provider session token (pst) can be
at most 255 bytes long.
I also passed the code through clang-format.
b/28887904
Change-Id: Ia3e317c0f6466e663461e66b610c9a98a90efb0a
Merge from widevine repo of http://go/wvgerrit/20981
OMECrypto v12 requires at least 20 keys per session and at least 10
sessions. This CL updates the unit tests to verify this, and updates
level 3 and mock code to conform.
This CL also updates the level 3 oemcrypto to support 16 sessions and
320 keys total.
b/30140448 Minimum 20 keys per OEMCrypto_Session
Change-Id: Idd38d8f2cdfd6acde6fa7622b5912372bee9e488
[ Merge of http://go/wvgerrit/22140 ]
There are occasional issues when trying to connect to
http://widevine-proxy.appspot.com/proxy . This changes introduces upto
3 retry attempts. The UAT server on appspot is being replaced by UAT on borg
and so it is not worth our while to debug these issues furthur.
b/30022298
Change-Id: I76c1421e93c7c14b5d2bcd7ad07119a705245922
(This is a merge of go/wvgerrit/21580)
The version number for N-MR1 has been increased to 7.1.1, which
triggered our version number canary. Since this is still N-MR1, no
Widevine version number update is necessary as we already updated it for
N-MR1, but the canary needs to be updated.
Bug: 32018966
Change-Id: Ia1d673f837d9c6a5935f26beec7372b25ea3a6b9
This CL merges several CLs from the widevine repo:
http://go/wvgerrit/18012 Add support for querying allowed usage for key.
http://go/wvgerrit/17971 Add per-origin storage.
http://go/wvgerrit/18152 Add OEMCrypto's generic crypto operations to CDM.
http://go/wvgerrit/17911 QueryKeyControlInfo => QueryOemCryptoSessionId
Note: numbering in wv_cdm_types.h was added in this CL and will be
back ported to wvgerrit in a future CL.
Change-Id: Idb9e9a67e94f62f25dc16c5307f75a08b3430b64
Merge of http://go/wvgerrit/20924
This CL pulls the cache flush code out of the haystack code and into
the adapter level. This is so it will be built with processor
specific compiler flags instead of as part of the precompiled binary.
level3/mips/libwvlevel3.a Level3 Library 4465 Sep 10 2016 21:44:37
level3/arm/libwvlevel3.a Level3 Library 4445 Sep 10 2016 21:30:01
level3/x86/libwvlevel3.a Level3 Library 4464 Sep 10 2016 21:49:53
b/30550782 Battery Problems
Change-Id: I8967da498a43cabe82e78345162705dc2fcdb859
Merge from widevine repo of http://go/wvgerrit/20660
For CTR encryption mode, when a subsample ends with partial block that
is continued on the next subsample, both blocks should have the same
IV. This allows an implementation of OEMCrypto to optimize their
decryption algorithm.
b/31114392
Change-Id: I29a998b00f3bfb12c4bbbcb1fa1ebc371473fefd
(This is a merge of go/wvgerrit/20500)
This patch removes the logic that calculates the "pattern offset" from
the Android glue layer. There is no such thing as a pattern offset, and
setting this value to anything other than zero may break cens mode on
some devices.
To reduce the risk of setting this value to anything other than zero,
the offset_blocks parameter has been removed from the pattern descriptor
in the CDM Core. It will have to remain part of OEMCrypto v11,
unfortunately, but the code to set it to zero is now centralized in
CryptoSession.
Bug: 28726863
Change-Id: I9c5bfe470fe251c7a57901dc2e998f4dab7fe7d7
(This is a merge of go/wvgerrit/20402)
This updates the version number to v4.1.0 for the NYC-MR1 release. It
also updates the canary to pass on the nyc-mr1-dev branch.
Bug: 30813903
Change-Id: I05de038ff52e9f7633efff7011052b48b59d90fa
[ Merge of http://go/wvgerrit/19960 ]
Protections schemes are specified using a 4CC code {"cbc1", "cbcs",
"cenc", "cens"}. A host to network conversion was performed when the
PSSH was created and inserted into the license request. A reverse
conversion was performed when the code was extracted from the
license response.
These conversions are problematic if the PSSH is created externally and
passed into mediaDrm. To address this, the conversions have been removed
and allow protobuf to handle byte ordering. For backward compatibility
we allow codes in either ordering.
b/30713238
Change-Id: I25f01ecc621549fd3c13b443e4c8b89168463249
This makes it easier to translate an error code
number to the corresponding enum.
Merge of https://widevine-internal-review.googlesource.com/18793/
from the widevine repo.
Change-Id: I7d07f16e5477decd27fcc5391fc62b1bd254d4a3
[ Merge of http://go/wvgerrit/18295 ]
SSL v3 is being disabled across Google infrastructure. Networking
code in integration tests used SSL v3 during HTTPS protocol negotiation.
Once this is disabled, it will cause integration test failures at
staging and UAT license servers.
With this change the client will use TLS 1.2. Insecure cipher suites
(TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_RC4_128_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA)
have been disabled as well.
b/29356581
Change-Id: I98a04d345fe83c48132b9d79986a21cc84827dc8
In the unit tests, the test case name and test name
are logged, but currently the test case and name are
reversed. This CL orders them correctly, so instead
of, e.g. CheckHDCPCapability.OEMCryptoClientTest, we
get OEMCryptoClientTest.CheckHDCPCapability as intended.
Merge of go/wvgerrit/18045 from widevine repo
Change-Id: I20bb2d47de0c84b3a1f00bb46af5ed0a45d7fc56
[ Merge of http://go/wvgerrit/17959 ]
This will allow the license server to base licensing decisions on the
devices security module revision.
b/28882058
Change-Id: I574e7686bb305397946d2bfaff504cfae242e628
Merge from widevine repo of http://go/wvgerrit/17877
The final spec for CENC says that partial encrypted blocks are only
allowed for "cenc" mode, and not for "cens" mode. Also, the
pattern_offset must be 0 for all calls to OEMCrypto_DecryptCENC.
Review doc changes http://go/wvdelta11 and http://go/oemcrypto
Notice that this CL affects documentation and test code only. No
production code is affected.
b/28718266
b/28817376
Change-Id: I1d6a38a763a2b693ea0c26bc909e1c721b8facaf
Merge of http://go/wvgerrit/17652
This CL changes the android/build_and_run_all_unit_tests.sh script to
push exectuables to /data if it can't push to /system/bin.
The script run_all_unit_tests.sh will check if test files are in /data
and run those first, if not, it runs the files in /system/bin.
This change is needed to test unit tests on devices where /system/bin
is a read only file system, even after running "adb remount".
This CL will help verify, but will not fix
b/27678092
Change-Id: Ia0fe8c2e68722f58c2626f22113abdbdc8c5e408
(This is a merge of http://go/wvgerrit/17661)
Because Widevine core always has a decrypt mode set, even on unencrypted
calls where we potentially do not know the crypto mode, it will reject
unencrypted decrypt calls for sessions that have been flagged as
AES-CBC, since the crypto mode defaults to AES-CTR.
The fix is to not validate the crypto mode on unencrypted decrypt calls,
as the data won't be getting decrypted anyway.
Bug: 28423928
Change-Id: If848834dd498ca96983a2b69d448b8d81d50e0a4
Merge from widevine repo of http://go/wvgerrit/17463
This CL updates the unit tests to verify that
OEMCrypto_Generic_Encrypt and OEMCrypto_Generic_Decrypt can handle a
buffer size of at least 100k. It also adds code to the
oemcrypto_dynamic_adapter so that buffer sizes that are larger than
100k are broken into chunks of 100k.
All Nexus devices targeted for N pass these tests.
b/27040752
Change-Id: Iaf5c65d2f0b69e60f03cc99732d1ecab60658049
[ Merge of http://go/wvgerrit/17501 ]
Widevine request_license_tests were written with the expectation that
devices would by default be enabled for security level 1 and fallback
to level 3 if needed. Some devices such as seed are L3 only and results
in failures in the QueryStatusL3 test. This CL corrects the test's
expectation.
b/26902214
Change-Id: Ie84554337cd3716d120f67e592888af0cde719c7
This adds display and logging values to help with debugging b/28024277.
Matching Widevine cl: go/wvgerrit/17446
Bug: 28024277
Change-Id: Ib25ebf37f885b60ae4ab41851df4af4e75b5aace
