widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,716 Commits 2 Branches 0 Tags
8a9be792c90ab4a406db82b20c2f6e8b9fe55688
Commit Graph

14 Commits

Author SHA1 Message Date
John "Juce" Bruce
c823a85e7d First-stage Provisioning 4.0 client ID encryption 
(This is a merge of http://go/wvgerrit/150131 to the Android repo.)

This patch changes the code path in the CDM so that the first-stage
provisioning request for Provisioning 4.0 is always encrypted with the
Widevine service certificate instead of the client-set service
certificate, reflecting that the first-stage provisioning is always
handled by Widevine.

This patch also makes several methods on the ServiceCertificate class
const. This has no impact on their behavior.

Bug: 221443151
Test: prov40 tests
Change-Id: Ide4c3927afadcd45ae7fb629b99e2f55cc29d56e
 2022-04-25 17:33:53 -07:00
Rahul Frias
6a1f050ffc Update Widevine Copyright header for core CDM 
[ Merge of http://go/wvgerrit/108064 ]

The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the core directory.

Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I8ae5a10cbfdf7faae6a2735e57b33729763f10b8
 2020-10-21 12:05:05 -07:00
Rahul Frias
47c2068d6a Reformat wv core/include files 
[ Merge of http://go/wvgerrit/80483 ]

Clang-format has been run on files in core/include

Bug: 134365840
Test: WV unit/integration tests
Change-Id: I890127f23f30f0e63f826d3638521b4cc12fb995
 2019-06-03 13:53:31 -07:00
John W. Bruce
b182a7445e Replace scoped_ptr With std::unique_ptr 
(This is a merge of http://go/wvgerrit/65782)

We have had our own scoped_ptr implementation that is used throughout
the codebase. Now that we support C++11, we can replace these with
std::unique_ptr.

Doing this replacement exposed a few places where the two were not
interchangeable. OEMCrypto Ref was doing some unsafe things with passing
scoped_ptrs to functions and has been updated to use move semantics. And
a few constructors were explicitly constructing a scoped_ptr with NULL,
which is ambiguous with std::unique_ptr. These have been replaced with
default constructor calls.

Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I37d6d7aad4906709381c74f0c5439f826d2be768
 2018-11-14 10:50:34 -08:00
Fred Gylys-Colwell
4af5aaf18a Add test base that catches nonce flood 
Merge from Widevine repo of http://go/wvgerrit/56520

This CL adds a test base that installs a test keybox and catches nonce
flood errors for all CDM tests.

In order to do this, a new class is added called a
CryptoSessionFactory.  The default factory just creates a new
CryptoSession.  All places in the code that create a new CryptoSession
now call the static method MakeCryptoSession, which uses the current
factory to create a CryptoSession.  If MakeCryptoSession is called and
there is no current factory, a default factory is created.

The CryptoSession constructor is now private, so that we do not
accidentally try to create one without using the factory.

For the new test base, we first create a special test
CryptoSessionFactory that creates a TestCryptoSession.  The test
factory catches the first call to MakeCryptoSession and injects an
installation of the test keybox after OEMCrypto_Initialize is called.

The TestCryptoSession injects a sleep statement and a retry whenever
it detects a nonce flood.

Test: current unit tests still pass.
bug: 72354901 Fix Generic Crypto tests.
bug: 111361440 Remove #ifdef from unit tests
Change-Id: I248e7f3c53721c04d2af412ef835e19bb4d15d9a
 2018-09-18 16:33:11 -07:00
Fred Gylys-Colwell
947531a6a9 Refactor oemcrypto mock into stand alone reference code 
Merge from Widevine repo of http://go/wvgerrit/46204
Refactor utility code - split the mock, step 1

Merge from Widevine repo of http://go/wvgerrit/46205
Move some OEMCrypto types to common header - split the mock, step 2

Merge from Widevine repo of http://go/wvgerrit/46206
Split mock into two -- step 3

Merge from Widevine repo of http://go/wvgerrit/47460
Split the mock into two -- step 3.5

The CL moves several files used by oemcrypto and cdm into a common
subdirectory, so that it may more easily be shared with partners.

The CORE_DISALLOW_COPY_AND_ASSIGN macro was moved to its own header in
the util/include directory.

This CL removes some references to the mock from other code, and puts
some constants and types, such as the definition of the keybox, into a
header in oemcrypto.

Test: tested as part of http://go/ag/4674759
bug: 76393338
Change-Id: I75b4bde7062ed8ee572c97ebc2f4da018f4be0c9
 2018-09-02 11:45:16 -07:00
Fred Gylys-Colwell
1a25cbdad6 Update Copyright 
Merge from Widevine repo of http://go/wvgerrit/47860

This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.

bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
 2018-04-16 16:38:05 -07:00
Rahul Frias
5d690be108 Merges to android Pi release (part 11) 
These are a set of CLs merged from the wv cdm repo to the android repo.

* Get System ID From OEM Cert

  Author: John W. Bruce <juce@google.com>

  [ Merge of http://go/wvgerrit/37940 ]

  (This is a merge of http://go/wvgerrit/30220 .  However, it has been
  significantly modified in the merge due to needing to support both
  OpenSSL and BoringSSL.)

  Previously, extracting the system ID was only supported on Keybox-based
  systems. This patch adds support for extracting the system ID from the
  OEM Certificate chain on Provisioning 3.0 devices. This is done by
  getting the Widevine intermediate cert from the chain, finding the
  Widevine System ID extension in that cert, and extracting the value.

  The code that does the extraction is separate from any code that calls
  OEMCrypto so that it can be unit-tested in isolation. This patch adds a
  crypto_session_unittest test to do this unit-testing.

  Bug: 34776194
  Test: crypto_session_unittest
  Test: widevine_ce_cdm_unittest

* Remove unique_ptr from oemcrypto mod mock

  Author: Fred Gylys-Colwell <fredgc@google.com>

  [ Merge of http://go/wvgerrit/38500 ]

  Because we can't have C++11.

  Bug: 69935608

* Update CHANGELOG.md

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/38460 ]

   - Add items about adapter support.
   - Add mention of SRM support.

  Merged from cdm_partner_3.5
  (Change-Id: I6d891e157edc3afb2797bf281ef3f06bdb8fe474)

* Add Adapter for OEMCrypto v13 to v12.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/38440 ]

  Also fix OEMCrypto_LoadKeys() definition broken by wvcl/38160
  (srm_requirement param).

* Allow certain warnings in protobuf build.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/38424 ]

  maybe-uninitialized is triggered in release build. Allow it.

* Enable -fPIC for jsmc.c build.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/38423 ]

  -fPIC was removed for common c/c++ build rules. Add it back.

* Missing OEMCrypto_LoadKeys param in static adapter.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/38422 ]

  srm_requirement param was omitted in v11 static adapter.

* Remove OEMCrypto v12 specification.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/38421 ]

* Update documentation for v3.5.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/38420 ]

* Added padded preprov key for 7880

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/36924 ]

  Bug: 68765915

* Change overrides in CE L3FileSystem

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/38380 ]

  The 'override's are changed to the macro defined in override.h to
  be gnu++98 compliant.

* Use source android level3 + add cache_flush call

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/37900 ]

  I put both changes in this CL since I have to generate Level3 libraries
  for both anyways. The first change involves shifting from using a
  prebuilt static library to using an obfuscated source library output
  from the Haystack tool on google3. The second change is from here:
  https://critique.corp.google.com/#review/176536782, and addresses
  b/69387416. Since the cache_flush function wasn't being used, the
  execution on Angler gave inconsistent segfaults, which this CL fixes.

  Verified on Angler, Sailfish, and Linux.

  11/27/17: Added mips and mips64 libraries.

* Make CDM result codes constexprs

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/38280 ]

  The values in the enumeration list of CdmResponseType error codes
  were earlier implicit. Comments were added to denote the actual
  values. This changes to make it fixed values, which makes it slightly
  more error prone, but cleaner when errors are retired.

* Change watchdog timer to 2 minutes

  [ Merge of http://go/wvgerrit/36340 ]

  This relaxes the watchdog timer around the level 3 oemcrypto
  initialization to 120 seconds.  There are also a couple of new log
  messages at the end of initialization and at termination.

  Library for arm updated:
  level3/arm/libwvlevel3.a       Level3 Library 4445 Oct  4 2017 17:06:25

  Bug: 65379279

  Merged from https://widevine-internal-review.googlesource.com/35480

* Add test to get service certificate from server.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/37780 ]

  This was extracted from Ic38dd27d06dc7528ae4cd995da4261fe6c34ad55

* Add watch dog timer to OEMCrypto L3

commit ec624ea483cbf8fb3d4e8f393bc25c90a0e29d4b
  Author: Fred Gylys-Colwell <fredgc@google.com>

  [ Merge of http://go/wvgerrit/34260 ]

  This code adds a watchdog timer to the level 3 initialization.  If
  initialization does not finish within 5 seconds, the process
  will abort, printing a small amount of debugging information.

  arm/libwvlevel3.a Level3 Library 4445 Sep 11 2017 14:05:15

  Test: unit tests on bullhead. Video on Play Movies.
  GTS tests run on loop overnight.

  Bug: 65379279
  Merged from https://widevine-internal-review.googlesource.com/33540

* Remove libwidevinehidl_utils dependency

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/37822 ]

  libwvdrmcryptoplugin_hidl has a dependency on libwidevinehidl_utils
  which was introduced due to an out of order merge from oc-mr1-dev
  to master.

  Bug: 69573113

* Automatically generate log location information

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/36563 ]

  Currently class and method names are manually added to each log message
  in the CDM on android and some other platforms. This change prepends
  log messages with file name, line number and function name automatically.

  The code is platform specific so it can be enabled and the precise
  format configured on a per-platform basis.

  As an example, here is a log on android before the change,

  11-01 02:48:48.658 D/WVCdm   (32198): CryptoSession::Open:
  Lock: requested_security_level: Default

  and after,

  11-01 02:48:48.658 D/WVCdm   (32198): [crypto_session.cpp(1108):Open]
  Lock: requested_security_level: Default

  A follow on CL will remove the manually added class/method information.

  Bug: 9261010

* Fix BoringSSL Compatibility of oec_session_util.cpp

  Author: John W. Bruce <juce@google.com>

  [ Merge of http://go/wvgerrit/37121 ]

  A previous change inadvertantly used APIs from OpenSSL that do not exist
  in BoringSSL in oec_session_util.cpp. As a temporary fix until we can
  move all targets to BoringSSL, this patch switches that file to use
  conditional compilation to choose the correct API depending on the
  library in use. It does not otherwise change the behavior of the file.

  Bug: 67908123
  Test: wv_ce_cdm_unittest on x86-64
  Test: linux_unit_tests

* Create local shared_ptr implementation

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/37600 ]

  Derived from protobuf version, which came from google3.
  Removed locking (not thread-safe) and removed weak pointers (not
  needed for usages in CDM).

  Locking can easily be added if needed.

* Revert C++11 usage - back to gnu++98

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/37440 ]

  These changes roll back C++11-specific constructs:
    std::unique_ptr -> std::auto_ptr
    container initializers
    nullptr -> NULL
    std::shared_ptr to local shared_ptr
    compiler flags (-std=c++11 -> -sdt=gnu++98)

  NOTE: the "local" shared_ptr implementation is temporarily
  a direct reference to the shared_ptr implementation in
  third_party/protobuf. This has been fixed (implementation
  extracted and moved to core/include) in CL 37600.

BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
  commit in the chain.

Change-Id: Ie09ecb970aa06fe9301ac255375ca7d8e7ead8bc
 2018-01-16 19:33:36 -08:00
Rahul Frias
8b416ae165 Merges to android Pi release (part 10) 
These are a set of CLs merged from the wv cdm repo to the android repo.

* Level3 cleanup for SHA + field provision headers

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/37581 ]

  Moved some redundant macro and struct definitions out of hmac.cpp and
  sha.cpp into a separate header file to make the build easier and
  cleaner. Also cleaned up unnecessary includes and method signatures
  in field_provision.h.

* Address CDM_All_Tests failures

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/37580 ]

  CDM engine tests for CE CDM occasionally fails when CDM_All_Tests
  is run by the build server. The failures are due to a nonce generation
  error. If provisioning fails due to a nonce generation error, a delay
  followed by a retry will be attempted.

* Update OEMCrypto version to 13 in cdm.gyp

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/37520 ]

* Use per-session service certificates for licensing

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/37260 ]

  These changes allow for service certificates to be specified on a
  per-session basis rather than use one common to a CdmEngine instance.

  This also allows for a service certificate request and response handling
  when allowed on the platform, when privacy mode is enabled and a service
  certificate is not provided.

  Request license tests accept a service certificate command line
  parameter in hex (ascii). Earlier it expected it in binary.

  Bug: 68328352

* Refactor service certificate parsing

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/37060 ]

  Service certificates may still be set in CdmEngine but service
  certificate requests and responses have been moved from CdmEngine
  to ServiceCertificate. This allows them to be called from lower
  in the heirarchy (a class that CdmEngine depends on).

  Bug: 68328352

* Revert "C++11: Replace OVERRIDE def with override keyword"

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/37020 ]

  This reverts commit 2d3fb5c4c8f4cf5c986ee43723914a23cf76e8f0.

* Modified scripts/makefiles for L3 build

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/37220 ]

  Changed build-android-haystack.sh and make_fastball_libwvlevel3.sh
  to build using the new liboemcrypto.cpp file. Also changed
  makefiles to build using the new file. Renamed liboemcrypto.cc to
  liboemcrypto.cpp to make it consistent across android and CE CDM. Added
  static libraries that were rebuilt using this change.

* Added android implementations for Level3

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/37181 ]

  Moved getUniqueID and added Level3FileSystem implementations for
  android. Also deleted redundant and unnecessary methods from
  anroid_keybox.cpp.

* Refactored getUniqueID and updated libl3oemcrypto.cc

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/37160 ]

  Renamed getUniqueID header and added comments to make it clear what the
  function is doing. Also removed obfuscation of the method name since it
  is implemented by the partner. Updated the libl3oemcrypto.cc file to
  reflect the change as well as be obfuscated.

* Moved clear_cache function out of entry_points

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/37040 ]

  clear_cache function is unobfuscated and relies on compiler flags to
  work properly, and therefore should be removed from the
  libl3oemcrypto.cpp file and linked during the final build.

* Minor gyp changes and added L3 build file

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/36480 ]

  Gyp changes to cdm_unittests.gyp to make the test Level3FileSystem build
  only on a level3 build and to oec_level3.gyp to be compatible with the
  changes to the x86-64 platform settings changes (and to use -Wno-unused
  to catch all unused warnings the libl3oemcrypto.cc might cause). This
  change also includes an x86-64 libl3oemcrypto.cc so a Level3 OEMCrypto can build.

* Merge CE & Linux file system/factory + dynamic adapter changes

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/36220 ]

  This CL merges the changes from
  I27f5037e4fcea94abd84181f55053843b68f3e8d - it adds the CE
  implementation for the file system, as well as the factory methods
  needed to build the file system (and their implementations for both CE
  and linux). As part of the merge, since the Linux build relies on the
  dynamic adapter, that was fixed and gyp changes were made to reflect the
  change.

* Cherry pick change to retrieve/save provisioning cert

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/30000 ]

  This is cherry pick from level3-dev-3.3 of a merge of
  I4f5dc5c216fa916e0bca0631c4ceda68859baf1d to save the
  certificate for future tests with the current test host setup.

* Merged changes of usage/linux impl of L3FileSystem

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/35541 ]

  This is a merge of change I15d38b3c36933d061d168e0ec30bcefd0182f32d. It
  also adds a similar change in usage of L3FileSystem write for a line in
  usage_table.cpp.

* Add cdm build changes for new Level3 build

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/34600 ]

  Original CL: Ib611cf8a8589afa5cd25d6dc5b0aa43922cfda1e

  Adds level3 oemcrypto library for static adapter. Includes changes to
  gyp files to choose between oemcrypto libraries. Also includes changes
  to the dynamic adapter, level3 headers, and entry_points to be
  compatible with the function signature differences when using the
  static adapter.

* Merge OEMCrypto Level3FileSystem interface

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/34541 ]

  This merges in the interface for the Level3FileSystem object from
  level3_dev_3.3 as well as the linux implementation. Furthermore, this
  merge includes changes in properties and gyp files to allow compilation.
  The associated changes are I3f1c58f0e3782de0669a96725a38673a26cc1a49,
  I9fb2d10b0f966896bea685166c6b6b2e33c995dd, and
  I4c87a5412a8a022fa9cfba43f33bd4d683e61536.

* Merged misc. changes to Level3 files

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/33303 ]

  Continuation of I03d3aa1a308f2f010dcb6f5e15f927e81e42925b. These changes
  are miscellaneous changes from level3-dev-3.3 involving include
  statements, Caligo compatibility, and new Level3 signatures from changes
  Ibc5befd492b295970e839f3481e2b512b52dcb08 and
  If599e62c72b5eb40c53633cd72a4d20dc859ee52.

* Merged change involving getUniqueId()

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/33302 ]

  This is a merge from level3-dev-3.3. This change
  (Ibc5befd492b295970e839f3481e2b512b52dcb08) involves
  separating out the method getUniqueId() from the linux_ and
  android_keybox.cpp. This was done so that clients can
  supply the necessary implementation for the method.

* Merged needle file changes from level3-dev-3.3

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/33301 ]

  Continuation of I3dbf34bab526945720280f819dd3212ae982d2f7. These are
  changes (Ibc5befd492b295970e839f3481e2b512b52dcb08) involving the
  compiled needles for Haystack. Major changes include function signature
  changes, adding non-state needles automatically, and include statements.

* Merged keybox/usage table access and function sigs

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/33300 ]

  These are changes from level3-dev-3.3. They involve changing function
  signatures/include files for the new Haystack runtime
  (Ibc5befd492b295970e839f3481e2b512b52dcb08). They are also
  related to change I0285e6d85e80b06b7df1ed298cd1145a6c9c4842. Keybox and
  usage table file names are replaced with constant needles. Furthermore,
  a state needle was added that removes the OldUsageTable file. In
  addition, this CL includes removals of method references that are now
  stale due to the introduction of change
  I9fb2d10b0f966896bea685166c6b6b2e33c995dd.

* Android unit test build fixes

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/37380 ]

  Removed crypto_session_unittest from build script (introduced
  in http://go/wvgerrit/32824), since crypto_session.cpp requires
  some changes to be merged over from oc-mr1-dev (b/64456400).
  Added oemcrypto_session_tests_helper.cpp to the oemcrypto test
  makefile so the oemcrypto unit tests can link in the
  methods from the refactor in http://go/wvgerrit/36562.

BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
  commit in the chain.

Change-Id: I7e45901a151e51da96d192d359edddc5fe74946e
 2018-01-16 19:32:22 -08:00
Rahul Frias
1884cf738e Merges to android Pi release (part 8) 
These are a set of CLs merged from the wv cdm repo to the android
	   repo.

* Android build fixes

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/36322 ]

* Address android compilation errors and warnings

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/36300 ]

* Gyp cleanup and OpenSSL v10.1 support.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/36001 ]

  OpenSSL 10.1 has a small number of incompatible changes.

  A desktop system upgrade exposed some issue in the build scripts.
  Specifically, the linux build was using both third_party/protobufs (2.6.1)
  and the version installed on the system (3.0 in this case). The linux
  cdm.gyp depended on cdm/cdm.gyp which caused that plus some
  additional issues.

  These changes are necessary to support g++ version:
    g++ (Debian 6.3.0-18) 6.3.0 20170516

  Also did some cosmetic rework on run_current_tests to make it easier
  to figure out what is going on when something fails.

  Also tweaked some of the compiler settings for g++ support (revisit
  this later).

* Refactored Service Certificate encryption to allow encryption of arbitrary data.

  Author: Thomas Inskip <tinskip@google.com>

  [ Merge of http://go/wvgerrit/36141 ]

* Send cdm test requests to UAT.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/36221 ]

  This change resolves the all of the
  CdmDecryptTest/CdmTestWithDecryptParam.DecryptToClearBuffer
  tests.

  The license servers will return different keys and keyids.
  Sending the request to staging returned key ids and keys that were
  not matching what was expected in the unit tests.

* Fix for building L3 OEMCrypto with clang and libc++

  Author: yucliu <yucliu@google.com>

  [ Merge of http://go/wvgerrit/35740 ]

  1. Include <time.h> for time(time_t*).
  2. Create endian check union on stack. Clang may create const union
  somewhere else, which may cause crash.

* Remove error result when a sublicense session does
  not exist. This is not considered an error.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/36080 ]

* Set default mock handler for GetSupportedCertificateTypes
  for all unit tests and removed the use of StrictMock from
  MockCryptoSession.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/35922 ]

  The handler for this was only set for one test and resulted
  in a number of failures.

* Set default handler for GetHdcpCapabilities. For
  now the default action is to call the real
  GetHdcpCapabilities of crypto_session.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/36140 ]

  I also changed the mock to a NiceMock to silence
  responses to unexpected calls to GetHdcpCapabilities.

  The default handler can be overridden as needed in
  the individual tests.

  This resolves the policy engine test failures.

* Finalize merge of cdm_partner_3.4 to master.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/35360 ]

  This is the final set of updates to merge all v3.4.1
  changes into master.

* Embedded license: Sublicense rotation.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/35360 ]

  Handle sublicense rotation event.

* Embedded license: Initial license phase.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/34280 ]

  Initial license phase - key loading subsession.

* Embedded license: generate session data.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/33722 ]

  Generate session data and add it to the license request for
  any embedded license material.

* Resolve missing symbol when building cd-cdm

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/35840 ]

* C++11: Replace OVERRIDE def with override keyword

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/35400 ]

BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
      commit in the chain.

Change-Id: I37d0cb17f255ac6389030047d616ad69f895748c
 2018-01-16 19:29:39 -08:00
Rahul Frias
387147dffe Merges to android Pi release (part 2) 
These are a set of CLs merged from the wv cdm repo to the android repo.

* Update service certificate.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/28065 ]

  The updated service certificate fixes a number of failing tests.
  There are still some that fail, apparently due to mismatches
  with key set IDs and usage tables.

  Also updated QA server URL to point to QA proxy (although neither
  can be used by this client).

  Also fixed segfault in CdmTest.ListUsageRecords.

* Add CDM APIs for Handling Service Certificates.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/28064 ]

  The responsibility for managing Service Certificates has been moved
  out of the CDM. Instead, provide CDM and CdmEngine methods to generate
  a service certificate request message, and handle a service certificate
  response. The API client can use these calls if it needs to get the
  service certificate from the License Server.

  These functions assume the request and response are base64 (web-safe)
  encoded (see b/37481392). Not all servers are operating this way yet.
  Any adaptations for non-compliant servers is handled outside the CDM.
  See test WvCdmEnginePreProvTest::ServiceCertificateRequestResponse in
  cdm_engine_test.cpp for an example of this.

  These changes also eliminate the stored init_data and deferred
  license type which were used to perform a service certificate request
  during a license request.

* Fix and rename ClosesSessionWithoutReturningError test.

  Author: Edwin Wong <edwinwong@google.com>

  [ Merge of http://go/wvgerrit/27880 ]

  ClosesSessionWithoutReturningError should not check for
  Status::OK since it is expecting an error code back.
  The test is renamed to ClosesSessionWithError.

  Test: libwvdrmdrmplugin_hidl_test

  BUG: 62205215

* Get rid of default service certificate.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/27981 ]

  Instead, we need at least two service certs - one for the QA/Test
  servers, and one for UAT (and prod?)

  There are still some issues around the signature verififcation
  of the service cert, and in license_unittest.cpp, the use
  of the default service cert has been commented out.  I don't know
  why this test needs a service cert.  If it really does, then the
  same mechanism that is used elsewhere for selecting a specific
  server type will be needed here.

BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
      commit in the chain.

Change-Id: Ieab815fb202c809ad5714cd0364c4bdfa068f77d
 2018-01-16 19:22:48 -08:00
Rahul Frias
0419b55222 Merges to android Pi release (part: 1) 
Below are a set of CLs being merged from the wv cdm repo to the android repo.

* Fix handling of OEM Cert public key.

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/27921 ]

  This is a potential fix for b/36656190. Set aside public
  key on first call to get the public key, and use it afterwards.
  This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(),
  which has side-effect of staging the OEM private key.

  This also fixes a problem where the public cert string was
  not being trimmed to match the size returned by
  OEMCrypto_GetOEMPublicCertificate().

* Complete provisioning request/response for Provisioning 3.0

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/27780 ]

  Fix bug on provisioning request path where GenerateDerivedKeys()
  was being called when preparing to generate the signature.

  Add message signature verification, and call correct OEMCrypto
  routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30).

* Implement Cdm::deleteAllUsageRecords()

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/27780 ]

  Delete all usage records for current origin.  Removes usage
  records from file system and retains the PSTs.  The deletes
  any usage entries matching those PSTs held by OEMCrypto.

  BUG: 35319024

* Remove stringencoders library from third_party.

  Author: Jacob Trimble <modmaker@google.com>

  [ Merge of http://go/wvgerrit/27585 ]

  We have a fork of the stringencoders library that we use for base64
  encoding.  This reimplements base64 encoding to remove the extra
  dependency and to reduce the amount of code.

* Add Cdm::deleteUsageRecord() based on key_set_id.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/27605 ]

  Delete specified usage record from file system usage info and
  from OEMCrypto.

  BUG: 35319024

* Modifiable OEMCrypto

  Author: Fred Gylys-Colwell <fredgc@google.com>

  [ Merge of http://go/wvgerrit/24729 ]

  This CL adds a new variant of the OEMCrypto mock code that adjusts its
  behavior based on a configuration file.  This is intended for
  testing.

  For example, a tester can set current_hdcp to 2 in the options.txt
  file, push it to the device, and verify that a license is granted for
  HDCP 2.0.  Then the tester can edit the value of current_hdcp to 1 and
  push the file to the device.  Playback should stop because the license
  is no longer valid.

  This variant uses a real level 1 liboemcrypto.so to push data to a
  secure buffer.  That means we can test playback for a license that
  requires secure buffers on an Android device with real secure buffers.

  BUG: 35141278
  BUG: 37353534

BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
      commit in the chain.

Change-Id: I58443c510919e992bb455192e70373490a00e2b6
 2018-01-16 19:21:54 -08:00
Rahul Frias
a483c18c59 Provisioning 3.0: Changes to Provisioning and Service Certs. 
[ Merge of http://go/wvgerrit/23360 ]

Service Certificates are used in two places, provisioning and
licensing. The service certificate code depended on a session_id
to get and set the service certificate properties, but the session_id
was not available in the provisioning path.

This patch pulls out the property lookup by session_id dependency,
and passes the CdmImpl's property_set into the provisioning code, so
the service certificate can be read and written there.

Bug: 62972441

Test: WV unit/integration tests. This introduces three test failures
  * WvCdmRequestLicenseTest.PrivacyModeWithServiceCertificateTest
  * Cdm/WvCdmStreamingLicenseRenewalTest.WithClientId/4
  * Cdm/WvCdmOfflineLicenseReleaseTest.WithClientId/3

Change-Id: I6e9d4e23a9e7e81a63a994db8ec0b443893449a6
 2018-01-16 19:18:52 -08:00
Rahul Frias
2812c3d2ac Support Keybox, DRM Cert, and OEM Cert for Client ID 
[ Merge of http://go/wvgerrit/22900 ]

Add GetClientToken(), GetProvisioningToken(), GetPreProvisionTokenType()
to CryptoSession.  They return the correct token bytes and token type
for preparing the ClientIdentification message for provisioning and
license server transactions.

Also refactor service certificate handling.

OEM certs are introduced in Provisioning 3.0

b/30811184

* Address build breaks

[ Merge of http://go/wvgerrit/23162 ]

This addresses issues introduced by http://go/wvgerrit/22900

b/30811184

* When http://go/wvgerrit/18012 was merged (ag/1446934) some changes
were not merged for mapErrors-inl.h. These changes are included in this CL.

* When ag/1678104 was reverse merged to http//go/wvgerrit/21981/ a variable
was renamed and some comments were added to add clarity in cdm_engine.cpp.
These changes are included in this CL.

Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.

Change-Id: Ie0215509f2f985f2a610f5a4c865db47edec8662
 2017-01-20 16:42:21 -08:00