Merge from widevine repo of http://go/wvgerrit/21560
For OEMCrypto v12 we explicitly require OEMCrypto_GetRandom to handle
buffers up to 32 bytes long. This CL relaces the use of GetRandom
with openssl's RAND_psuedo_bytes to fill test vectors.
b/31464102
Change-Id: Ia0006b92bb12b98e9c130068dbb31b5f67281de2
Merge from widevine repo of http://go/wvgerrit/21260
This CL adds some oemcrypto unit tests for various buffer sizes, as
described in b/28887904 and the OEMCrypto v12 specification.
Encryption and Decryption buffers can be 100k large. License request
and response messages can be 8k. A provider session token (pst) can be
at most 255 bytes long.
I also passed the code through clang-format.
b/28887904
Change-Id: Ia3e317c0f6466e663461e66b610c9a98a90efb0a
Merge from widevine repo of http://go/wvgerrit/20981
OMECrypto v12 requires at least 20 keys per session and at least 10
sessions. This CL updates the unit tests to verify this, and updates
level 3 and mock code to conform.
This CL also updates the level 3 oemcrypto to support 16 sessions and
320 keys total.
b/30140448 Minimum 20 keys per OEMCrypto_Session
Change-Id: Idd38d8f2cdfd6acde6fa7622b5912372bee9e488
Merge from widevine repo of http://go/wvgerrit/20660
For CTR encryption mode, when a subsample ends with partial block that
is continued on the next subsample, both blocks should have the same
IV. This allows an implementation of OEMCrypto to optimize their
decryption algorithm.
b/31114392
Change-Id: I29a998b00f3bfb12c4bbbcb1fa1ebc371473fefd
In the unit tests, the test case name and test name
are logged, but currently the test case and name are
reversed. This CL orders them correctly, so instead
of, e.g. CheckHDCPCapability.OEMCryptoClientTest, we
get OEMCryptoClientTest.CheckHDCPCapability as intended.
Merge of go/wvgerrit/18045 from widevine repo
Change-Id: I20bb2d47de0c84b3a1f00bb46af5ed0a45d7fc56
Merge from widevine repo of http://go/wvgerrit/17877
The final spec for CENC says that partial encrypted blocks are only
allowed for "cenc" mode, and not for "cens" mode. Also, the
pattern_offset must be 0 for all calls to OEMCrypto_DecryptCENC.
Review doc changes http://go/wvdelta11 and http://go/oemcrypto
Notice that this CL affects documentation and test code only. No
production code is affected.
b/28718266
b/28817376
Change-Id: I1d6a38a763a2b693ea0c26bc909e1c721b8facaf
Merge from widevine repo of http://go/wvgerrit/17463
This CL updates the unit tests to verify that
OEMCrypto_Generic_Encrypt and OEMCrypto_Generic_Decrypt can handle a
buffer size of at least 100k. It also adds code to the
oemcrypto_dynamic_adapter so that buffer sizes that are larger than
100k are broken into chunks of 100k.
All Nexus devices targeted for N pass these tests.
b/27040752
Change-Id: Iaf5c65d2f0b69e60f03cc99732d1ecab60658049
Merge from widevine repo of http://go/wvgerrit/17202
This allows more checks in the test to run. Returning the correct
error code is less important than the next check, which verifies the
signature was not computed.
This helps diagnose b/21708882, but does not fix it.
b/27787064
Change-Id: I65306c54b77370951bc54e8ef9f6140f58bea32c
Merge from widevine of http://go/wvgerrit/17128
This CL adds a unit test for an edge case that would be handled
differently for HLS and CENC standards. We enforce the CENC standard.
b/27524491
Change-Id: Ie3cdfaac0fe37dd0eb991179fd84f4e113e07dae
[ Merge of http://go/wvgerrit/16544, http://go/wvgerrit/16639 ]
* This fixes the oemcrypto unit tests to build with the ce cdm.
The unit tests do not build when it is detected that a long (NULL)
is compared to a pointer.
* Remove NULL pointer comparison
On some platforms ASSERT_NE(NULL, ptr) does not work. This CL
replaces it with ASSERT_TRUE(NULL != ptr).
* Test Simultaneous Decrypt
With the increasing number of devices that support multiple screens or
windows, it is desireable to verify that OEMCrypto can have several
sessions open and actively decrypting at the same time.
Calls to OEMCrypto are still serialized -- this is not a threading
test -- but we still have multiple sessions open and decrypt from each
of them.
* Remove unused variable in initialization_data
Change-Id: I1a4be38fb30a14f610544416db653a81342f16b3
This CL is a merge from the widevine repo of
http://go/wvgerrit/16553 Prebuilt Level 3 OEMCrypto for Android
http://go/wvgerrit/16238 Require OEMCrypto v11 for Android N Unit Tests
http://go/wvgerrit/16484 Shared License Tests (OEMCrypto v11)
http://go/wvgerrit/16448 Pattern Decrypt Unit Tests and Reference Implementation
http://go/wvgerrit/16489 Enforce UNUSED Variables
http://go/wvgerrit/16479 Pattern Decrypt for Level 3 OEMCrypto
http://go/wvgerrit/16280 Correctly handle bad RSA key
http://go/wvgerrit/16315 Security Patch Level - haystack version
http://go/wvgerrit/16282 Correctly handle null pointer in GetKeyData
http://go/wvgerrit/16294 Initialize data for generation number
It contains the Level 3 implementation, as well.
mips/libwvlevel3.a Level3 Library Jan 22 2016 14:30:27
arm/libwvlevel3.a Level3 Library Jan 22 2016 15:03:55
x86/libwvlevel3.a Level3 Library Jan 22 2016 13:52:29
b/26692954 [DRM] OEMCrypto v11 needed for Nexus devices
Change-Id: Ibb1384959620f63a1be1e82ce2952ec9f48f0d3e
Merge from Widevine repo of http://go/wvgerrit/16499
With the increasing number of devices that support multiple screens or
windows, it is desireable to verify that OEMCrypto can have several
sessions open and actively decrypting at the same time.
Calls to OEMCrypto are still serialized -- this is not a threading
test -- but we still have multiple sessions open and decrypt from each
of them.
Change-Id: I5b24f4a464ed05a5b21625c66fe7989644b67a5a
This CL contains the level 3 oemcrypto library built for android. I
used the toolchain from the mnc-emu-release branch because I'm having
problems with the toolchain on master.
This includes the security patch API, and several bug fixes to the library.
Current versions:
mips/libwvlevel3.a Level3 Library Dec 17 2015 21:26:57
arm/libwvlevel3.a Level3 Library Dec 17 2015 21:09:47
x86/libwvlevel3.a Level3 Library Dec 17 2015 21:19:15
http://go/wvgerrit/16371 Level 3 OEMCrypto library
http://go/wvgerrit/16315 Security Patch Level - haystack version
http://go/wvgerrit/16282 Correctly handle null pointer in GetKeyData
http://go/wvgerrit/16294 Initialize data for generation number
http://go/wvgerrit/16280 Correctly handle bad RSA key
bug: 26089773
bug: 26092100
bug: 26086944
Change-Id: I3ea1b5d219dae0c88deafa742f61d67e97297902
Merge from the widevine repo of http://go/wvgerrit/16362
A test class holds a default session that it expects to be able to
close in the tear down. This was not true in the TimingTest because
it calls OEMCrypto_Terminate which closes all open sessions.
This CL closes the default session, and then reopens it again after
OEMCrypto_Initialize.
Change-Id: Ib4128ec3c0a33794c03aa934174cb6fff448483e
Merge of widevine change http://go/wvgerrit/16249
This CL adds unit tests and reference code for the security patch
level, which is a new feature in OEMCrypto v11. This CL also adjusts
the dynamic and static adapters to still run with devices that have a
v10 OEMCrypto.
The level 3 haystack code will be updated in a future CL.
bug: 26188985
Change-Id: I518ef46b4098cf3718fe0c0390bfb6825db4fb6b
Merge from widevine of http://go/wvgerrit/16293
This CL adds ASSERT_NO_FATAL_FAILURE around many subroutines in the
oemcrypto unit tests. This should help debug tradefed tests because
it will cause a test to stop after the first error. This is important
for tests that are failing on OpenSession and then spewing garbage
into the log as every other ASSERT fails after that.
I also replaced the home-grown EXPECT_ALMOST with the standard
EXPECT_NEAR. I also passed the file through clang-format to corect
whitespace problems.
Change-Id: I2c2c1c1dbeac234291dafc9fa8c23da8d270eb4e
Merge from widevine repo of http://go/wvgerrit/16186
These are the OEMCrypto v11 documents and header files. I have updated
just enough code so that existing unit tests pass. New unit tests,
the reference implementation, and the level 3 implementation are in
future CLs.
Change-Id: I9bbf1909e047f63a5877320a2d06740a3c4a3e32
Merge from widevine repo of http://go/wvgerrit/16250
The verification string in the key control block has an obvious
pattern that is incremented every time we update the API. This CL
adds a unit test to make sure an implementation of OEMCrypto is not
casually accepting a future version of the key control block before
the API has even been defined.
Change-Id: I3f837f7346ef7de399441f5fcda9b13b65fa51f4
* Fix strict aliasing error in gcc
[ Merge of http://go/wvgerrit/15856 ]
This also ensures the alignment of 64-bit memory access in a portable
way, without using compiler-specific mechanisms like attributes or
platform-specific mechanisms like memalign.
(The aliasing error does not show up in clang.)
* Return kNotSupported for non-Widevine init data
[ Merge of http://go/wvgerrit/15853 ]
This also improves logging for the init data parser by including a
verbose message for non-Widevine PSSHs and by using a new IsEOF()
method to avoid misleading "Unable to read atom size" logs.
* Cast RSA_size() to int
[ Merge of http://go/wvgerrit/15880 ]
It has been suggested that this may be unsigned on some versions of
OpenSSL or BoringSSL.
* Be strict about warnings for CE CDM
[ Merge of http://go/wvgerrit/15831 ]
* Enable all warnings and treat warnings as errors in the CE build.
* Fix all existing warnings (mostly unused variables, consts, and
functions, and one signed/unsigned comparison).
* Exclude protobuf warnings rather than maintain a divergent copy.
* Fix release build errors
[ Merge of http://go/wvgerrit/15855 ]
* Level 3 Build With Android Emulator
[ Merge of http://go/wvgerrit/15778 ]
This CL rebuilds the level 3 libraries with the android emulator
sdk_phone_*. This seems to avoid problems with the x86 build using
incorrect compiler flags.
These libraries work for arm, x86, mips, arm64, and x86_64. The level
3 library is disabled for mips64.
Versions:
level3/mips/libwvlevel3.a Level3 Library Sep 30 2015 18:29:50
level3/arm/libwvlevel3.a Level3 Library Sep 28 2015 13:18:25
level3/x86/libwvlevel3.a Level3 Library Sep 28 2015 13:08:28
Change-Id: I1e50aa78bdc84ecb905f2e55297d4f48b140341c
Merge from Widevine repo of http://go/wvgerrit/14973 and
http://go/wvgerrit/14573.
Some devices were failing the variable length key id tests, so they
were removed from Android while we decided whether the tests are too
strict for future releases.
This CL re-instates the tests with the understanding that the maximum
key id length is 16 bytes, as discussed in b/24469550. If we decide
that it is OK to have longer key ids, then another CL will be needed
to test with those lengths.
bug: 21935358
Change-Id: Ic6b776a8b119daac961c71280994fcc944984d8a
Merge from widevine repo of http://go/wvgerrit/15659
The clang compiler is more strict about C++11. This is needed for
future Android work.
In particular, iostream no longer converts to bool automtically, so
those instances were replaced with ss.fail().
Arrays or structures that appear to be variable length need to be
placed last in a structure. In oemcrypto_test a variable size
structure was replaced with an explicit buffer size, and a check was
added to make sure the buffer is not exceeded.
bug: 20893039
Change-Id: I5e25fc618dcf68262079c15554ee4ceae1858b8b
Copy from widevine repo of http://go/wvgerrit/15390
Because some devices are failing oemcrypto unit tests related to
signing schemes that they do not support, we are relaxing the
requirement that they return the correct error code.
We are still requiring that the device does NOT sign with a forbidden
scheme. However, it is OK if they do not return an error code from
OEMCrypto_GenerateRSASignature. They will be required to return the
correct error code in the next release.
bug: 21668896
bug: 21708882
Change-Id: I1b8a410909b364d0086cba38eadca11aceaac5f6
Merge from widevine of http://go/wvgerrit/15371
incorrectly have leading 0x00 bytes added to all integers. This
leading 0 should only be added to integers that had a leading byte
larger than 0x80 because those would be parsed as negative numbers.
bug: 23105200
Change-Id: I1dd01cc2b83a807bbdb78c079c6ce4e01d41f616
Merge from widevine repo of http://go/wvgerrit/14970
Even if devices cannot handle key ids with different lengths in the
same license, they should still handle keys with a shorter key id.
This is a partial fix for:
bug: 21935358
Change-Id: Ibc84f0b5d7d9bc5d24a2081f0581a2b256e51f44
Merge from widevine repo of http://go/wvgerrit/14933
There was some confusion what the test DecryptWithNearWrap is
testing. This CL adds some expanatory comments.
Change-Id: I9228830d81c089f80e0878f647e7e94c3e49896a
Merge from widevine repo of http://go/wvgerrit/14870
OEMCrypto_GetMaxNumberOfSessions is not required to return a hard
limit for the number of sessions. This CL adjusts the test to verify
we can open within 5% of the maximum number of sessions.
bug: 22029687
Change-Id: I6e72e39338cead8d547cdb194a32fb7e7dc53037
(This is a merge of http://go/wvgerrit/14810)
By making this constant unsigned, all calculations in EXPECT_ALMOST
were cast to unsigned, leading to underflow problems when it was
subtracted from zero.
Change-Id: Iefc4e30604c45fec8b203375074b26fb12ec385f
Merge from widevine directory of http://go/wvgerrit/14784
These tests are not passing on multiple devices so I will disable them
until I am sure they are giving a clear signal.
bug: 21935358
Change-Id: I1e0cf01e64ea50b02d61d4b8334c0efb55e47d35
(This is a merge of http://go/wvgerrit/14776)
This change widens the range in EXPECT_ALMOST slightly, to allow for
slight timing errors in the tests.
Bug: 21489628
Change-Id: Ibb074c2d037566c307c0438efdda3841bc48f7ed
(This is a merge of http://go/wvgerrit/14775)
This change causes tests that call LoadOfflineLicense() to fail if
the session is still open after that call. Due to the way that gTest
handles ASSERT_*() macros, failures in LoadOfflineLicense() will leave
the session open, causing unexpected state and cascading failures
throughout the rest of the test. With this change, we will abort
sooner, reducing log noise.
Bug: 21489628
Change-Id: Ic35bc77bbc5f676f23deeefaacd1986e383538c8
Merge from widevine of http://go/wvgerrit/14744
The OEMCrypto unit test TestSignatureBoth verifies that a cast
certificate cannot be used to derive session keys. This CL relaxes
the requirement that DeriveKeysFromSessionKey returns a specific error
code instead of just failing.
bug: 21708882
Change-Id: I4163a9616122ad709bab76f488d030239029861c
Merge from widevine repo of http://go/wvgerrit/14720
The QueryKeyControl test expects an error message that the output
buffer is too small. However, it also gives a bad key id. Some
devices were correctly returning key not found. This corrects the key
id length so that the only error is that the buffer is too small.
bug: 21881768
Change-Id: I96f59ede42eeddc9849fbac1e52acecdb562df08
Merge from widevine repo of http://go/wvgerrit/14668
This CL modifies the multiplication routine to avoid memory cache
misses. This shows a 10-20% speed improvment in license requests on
an x86.
Level 3 library version:
level3/arm/libwvlevel3.a Level3 Library Jun 15 2015 14:09:24
level3/x86/libwvlevel3.a Level3 Library Jun 15 2015 14:09:10
bug: 18252910
Change-Id: I4429324374de46d1d710d5fcac80f7ed363c696c
Merge from widevine repo of http:/go/wvgerrit/14707
This CL adds a check to oemcrypto_test to verify that when a
certificate is rewrapped, it does not show up in the clear. We can't
really verify that it is encrypted well, but we can check this.
bug: 21871738
Change-Id: I07c87c38a1e2a099a90a5be4e3350e91e09f6722
Merge from widevine of http://go/wvgerrit/14667
This CL updates oemcrypto_test.cpp so that devices that are not cast
recievers do not attempt to run those tests that are only needed by
cast recievers.
bug: 21708882
bug: 18948285
Change-Id: I75f9170cee13e66667db54c5f298ed5c6cf14a48
Merge from widevine repo of http://go/wvgerrit/14550
This CL adds several tests with different sized key ids to
oemcrypto_test.
bug: 21643096
Change-Id: I62a89c557f3f746f09ee5a2fe5bdd3ca821448e4
Merge from widevine side of http://go/wvgerrit/14462
This cleans up some tests in oemcrypto_test.cpp so that they use
vectors instead of arrays. The two reasons this is needed are that
arrays are more likely to use up stack space, and that arrays on the
stack are not initialized.
The lack of initialization caused some negative tests to fail because
buffers that were reused from unencrypted data still contained values
that the test expected not to be there.
Change-Id: Ic1705b6bc581084a9fe3cd573adf34d8219a1a45
Merge from widevine repo of http://go/wvgerrit/14321
It is expected that OEMCrypto will only be given subsamples with a
block offset when there are multiple subsamples, so that the entire
sample may be decrypted after all calls are made. This CL modifies
the existing tests so that the result of DecryptCTR is only checked
after all subsamples have been decrypted.
Also, the QueryKeyControl test has been modified so that failure does
not require a specific error code.
bug: 20757848
bug: 21063276
Change-Id: Ie2b12b287b0c9c661cd14111b2ae9eab004cd8b8
Merge from widevine of http://go/wvgerrit/14361
In oemcrypto_test, we look at some control duration and control
bits. These are stored in network byte order. However, it is easier
to read error messages if they are converted to host byte order before
printing them.
Change-Id: I116b5f43957351b0e40e05331c282c248128903c
Merge from widevine of http://go/wvgerrit/14263
The unit test PreventNonceFlood3 opens 8 sessions and floods the nonce
table. It then opens one more session after a pause to verify that it
can still request nonces. However, there is no requirement that we
can open more than 8 sessions. This CL reuses one of the already open
sessions to verify that we can continue generating nonces.
Change-Id: If35f146477bd21e381ec5375dde7ec7fdbe8f366
