[ Merge of http://go/wvgerrit/149469 ]
Created a new test for stressing OEMCrypto's ability to generate
OTA Keybox provisioning requests. This forces the TA to retrieve
keys from KM, generate certificate and sign the request. This is
intended to find any unexpected system degradation within the
device's TA(s).
Bug: 227542259
Test: oemcrypto_test
Change-Id: Ib34f2f801a7fe74ca67aa0a16f68f9ae326de24e
[ Merge of http://go/wvgerrit/148552 ]
Extended the CDM layer to report OEMCrypto's watermarking support.
The reporting of watermarking comes in three (3) mechanisms:
1) ClientCapabilities in license requests
2) CryptoSession metrics when queried to OEMCrypto
3) String property query by apps
If OEMCrypto implementents OEMCrypto_GetWatermarkingSupport(), then
the reported watermarking support by the CDM will match that of
OEMCrypto.
If OEMCrypto does not implement OEMCrypto_GetWatermarkingSupport()
or an error occurs, it is assumed that OEMCrypto does not support
watermarking, and the CDM will report "Not Supported".
Bug: 226443788
Test: run_x86_64_tests request_license_test and license_unittest
Change-Id: Id929a356c395e6bcf45d371ee6887eec40d35329
[ Merge of http://go/wvgerrit/149130 ]
When re-initializing OEMCrypto for testing purposes, the
UsageTableHeader must be reset as well. This is to inform future
sessions to load or create a new header before creating new entries.
Bug: 219075437
Test: request_license_test and MediaDrmTests GTS
Change-Id: Ie8bc72bc7ea079d21587e114223fcb67547c756a
[ Merge of http://go/wvgerrit/148469 ]
OEMCrypto_GetOEMPublicCertificate needed to be called
before the OEM private key was loaded due to a bug in OEMCrypto.
The bug has been addressed and the call can now be removed.
OEMCrypto_GetOEMPublicCertificate is only applicable to
devices with OEM certs as their root of trust. Devices with
keyboxes (or BCC) as their RoT would return a spurious
error OEMCrypto_ERROR_NOT_IMPLEMENTED. Removing the call
addresses this as well.
Bug: 190231658
Test: WV unit/integration test
Change-Id: I8216ca5a78b8c2acb5681c7f599cdc41efdf9fc7
[ Merge of http://go/wvgerrit/148450 ]
This CL adds threading requirements to the method doc-comments of
UsageTableHeader.
Bug: 189366337
Test: usage_table_header_unittest
Change-Id: I671f702d3e8ec219cc8daaa220133cb8cec183c8
[ Merged from http://go/wvgerrit/148451 ]
This step is a prelude in adding Widevine unit tests that
use AIDL interface.
Test: ./build_and_run_all_unit_tests.sh
Bug: 217247987
Change-Id: I449050819e6c9b0261066997dd45a6103b3a9a7a
Merged from http://go/wvgerrit/146409
The original http://go/ag/16984707 was reverted due a
merge conflict from tm-dev to master, which
is now fixed by http://go/ag/17035190.
Bug: 219538389
Test: atest GtsMediaTestCases
Test: ./build_and_run_all_unit_tests
Change-Id: I95b639cf7ec138e809540db7a3fc0a234c7f4b2a
The OEMCrypto utils have been copied over from the CDM repo.
Tests have been excluded for this CL.
Files represent a snapshot taken from http://go/wvgerrit/148270
and http://go/wvgerrit/148372.
Bug: 205902021
Change-Id: I1a58952cd1436a48974367c5436bf7296163e6f1
[ Merge of http://go/wvgerrit/148157 ]
Fail the test if the returned type is other values.
Bug: 224375138
Test: GtsMediaDrmTests
Change-Id: I4abad9d69865cac99654d3dedd443463dd728a58
* changes:
Change the signature format requirement of OEMCrypto_GenerateCertificateKeyPair
Fix EnsureProvisioned for double provisioning
Update fuzz tests to match output desriptor struct
Use default url to inform app of prov40 stages
Fix key_control_iv in OEMCrypto tests
Fix jenkins/opk_optee after v17 merge
Remove old test license holder
Generic crypto tests: use license holder
Reboot tests: verify offline license is valid after reboot
Policy integration tests: use license holder
Integration tests: add license holder
Reboot test: Initialize fake clock
Reboot test: save large files
Test max number of DRM private keys
Merge oemcrypto-v17 to master
Update cipher mode elsewhere
Fix 1 ClangTidyBuild finding:
Add out of bounds testing for LoadKeys()
Separate invalid session test for ReuseUsageEntry
[ Merge of http://go/wvgerrit/147593 ]
As we have decided to use hw_bcc service in Trusty to generate BCC and
sign the generated certificate public key, we need to change the
signature format to cose-sign1, which is defined by hw_bcc API.
Bug: 221496117
Test: GtsMediaTestCase on sunfish
Change-Id: I30739a0f0ae49291d343db46ad9e898663985cc8
[ Merge of http://go/wvgerrit/147110 ]
The OEMCrypto_DestBufferDesc had fields address/address_length renamed
to clear_buffer/clear_buffer_length in v17. However this was not updated
for the fuzz tests thus causing some code coverage errors. This should
fix those errors.
Merged from https://widevine-internal-review.googlesource.com/146889
Bug: 220946359, 220946990
Test: GtsMediaTestCases on sunfish
Change-Id: I2837de2f79c0e731d072e3712d6b769df17a1c7e
[ Merge of http://go/wvgerrit/145989 ]
The key_control_iv field is used with an encrypted KCB. With v17, the
KCB is in the clear and this field should have a length of 0. This
updates the tests to set the field correctly.
Bug: 224375138
Test: GtsMediaTestCases on sunfish
Change-Id: I2973bc064705557c878bb1fe943e5fde92977dcc
[ Merged from http://go/wvgerrit/143750 ]
The old test license holder would generate a minimal license response,
but could not correctly mimic important server logic introduced in the
v16 server. Since all integration tests now have policies on the UAT
server, we do not need these minimalist license responses anymore.
Bug: 192700112
Test: GtsMediaTestCases on sunfish
Change-Id: I78c1b6085a6d0239840a11f2b904902210e5e61c
[ Merged from http://go/wvgerrit/143635 ]
Use a license holder for the generic crypto tests.
Bug: 192700112
Test: GtsMediaTestCases on sunfish
Change-Id: Ia2c802263562b11845e55ae0a24254ea54e364c7
[ Merge of http://go/wvgerrit/143749 ]
Tests are added to verify that the policy durations are enforced for
an offline license after a device has been rebooted.
Bug: 26163469
Test: GtsMediaTestCases on sunfish
Change-Id: I54e65d7abc5e59eae7c150555b2244dbf96da3f5
[ Merge of http://go/wvgerrit/143634 ]
Refactor the policy integration tests to use the license holder.
Bug: 195691232
Test: GtsMediaTestCases on sunfish
Change-Id: I58ffa64caec05c617065e4781657e85914f8369e
Merged from http://go/wvgerrit/146154
Many integration tests require a license from a license server. This
CL creates a helper class to fetch, load, and hold a license.
Test: ./build_and_run_all_unit_tests.sh
Bug: 194342800
Bug: 194342778
Change-Id: I0de7bcab4db1b365f074bad29fc157a5eca135d8
[ Merge of http://go/wvgerrit/143630 ]
When we run a test with the fake clock, the clock had been initialized
to the current time, or to 0. This causes a problem for reboot tests
because the clock might go backwards over the reboot. With this
change, we monitor the clock at the end of one reboot pass and
initialize the clock for the next pass based on the previous value.
Bug: 26163469
Test: GtsMediaTestCases on sunfish
Change-Id: Ibd0024f963634382af70553fced38da6e1d857d2
[ Merge of http://go/wvgerrit/143629 ]
The standard b2a_hex only saves about 2k, so we need a special version
that can handle larger strings. This is needed because a license file
is about 7k.
Bug: 194342751
Test: GtsMediaTestCases on sunfish
Change-Id: I6a6ac3f8f4fa6d9cd8a0119fc64fc8f3cc5f3ae8
[ Merge of http://go/wvgerrit/143909 ]
The max. number of DRM keys that can be loaded depends on the resource
rating.
Add a test to verify:
1. We can load up to MAX. drm keys
2. Loading the MAX+1 key can fail
3. The loaded keys should work even if loading other keys failed
Bug: 209084113
Test: opk_ta, run_x86_64_tests, run_level3_static_tests,
run_fake_l1_tests
Test: GtsMediaTestCases on sunfish
Change-Id: Ib9821e8a1994d41d3e9c2063440c109a2332ba89
[ Merge of http://go/wvgerrit/144530 ]
It's time to copy all the v17 work to our main branch.
I had to re-run clang-format to match local style.
Merge from commit b14f08374f9a48aed49850cc230daf384725b15f
Fix allow_null for key control iv in L3 v17
Bug: 161477208
Test: GtsMediaTestCases on sunfish
Change-Id: I97caa851e9e65eb0e42034d2f4a28dfb7499df0d
[ Merge of http://go/wvgerrit/144696 ]
In v17,
OEMCrypto_CipherMode_CTR renamed to OEMCrypto_CipherMode_CENC
OEMCrypto_CipherMode_CBC renamed to OEMCrypto_CipherMode_CBCS
Bug: 224375138
Test: GtsMediaTestCases on sunfish
Change-Id: I2d96e9c6d22a9d9e2fbbd15a8aea3f2d5dac6dcb
[ Merge of http://go/wvgerrit/145289 ]
* missing #include <string> for 'std::string' For more info see go/clang_tidy/checks/google3-build-missing-std-includes
This CL looks good? Just LGTM and Approve it!
This CL doesn’t look good? This is what you can do:
* Revert this CL, by replying "REVERT: <provide reason>"
* File a bug under go/clang-tidy-bug for category ClangTidyBuild if the change looks generally problematic.
* Revert this CL and not get a CL that cleans up these paths in the future by
replying "BLOCKLIST: <provide reason>". This is not reversible! We recommend to
opt out the respective paths in your CL Robot configuration instead:
go/clrobot-opt-out.
This CL was generated by CL Robot - a tool that cleans up code findings
(go/clrobot). The affected code paths have been enabled for CL Robot in //depot/google3/METADATA.
Anything wrong with the signup? File a bug at go/clrobot-bug.
Tested:
Local presubmit tests passed.
Bug: 224375138
Test: GtsTestCases on sunfish
PiperOrigin-RevId: 426761099
Merged from https://widevine-internal-review.googlesource.com/145250
Change-Id: I5a66b6eccc2b08ee11f92f90ce3b725f24c8d33c
[ Merge of http://go/wvgerrit/146249 ]
Update the OEMCryptoMemoryLoadLicense* tests so they cover LoadKeys()
for v15 and prior and LoadLicense() for v16 and later versions.
Merged from https://widevine-internal-review.googlesource.com/145951
Bug: 190749256
Test: GtsMediaTestCases on sunfish
Change-Id: If90f7afd82819375f52a2fe619675bf0c4c4dd3a
[ Merge of http://go/wvgerrit/144729 ]
Since OEMCrypto_ReuseUsageEntry() was introduced in v17, splitting the
test case for an invalid session from the other usage entry methods
since they were implemented in v15/16 as well.
Bug: 216193739
Test: GtsMediaTestCases on a sunfish
Change-Id: I7f4399c07a19227495a15807228b930066f6a794
Merged from http://go/wvgerrit/147689
The default is to build for AIDL Widevine service.
Use "-t hidl" in build_and_run_all_unit_tests.sh or
build_all_unit_tests.sh to build for HIDL service.
Test: ./build_all_unit_tests -t hidl
Test: ./build_and_run_all_unit_tests -t hidl
Test: ./build_all_unit_tests
Test: ./build_and_run_all_unit_tests
Bug: 217247987
Change-Id: Ie7c51033f4aba341c829ccc8f846a6cfeab76df3
