String obfuscation hides string literals from static analysis but
requires string literals be used inside protected functions.
- Enable string obfuscation for all function groups.
- Change some global `std::string` to `const char[]` to ensure that
the `std::string` is constructed inside a protected function so
that string obfuscation correctly applies to the string literal.
Bug: 270566889
Merged from https://widevine-internal-review.googlesource.com/168485
Merge conflicts were caused by formating changes. Resolved by taking
the newer version.
Merged from https://widevine-internal-review.googlesource.com/169511
Change-Id: Ie7f3e94f89671a34e4792efa174f96a17d713f9e
membarrier_function() for clearing cache in L3 is optional and good to
have. Currently we log it as error if it is not available, which caused
some confusion for CE CDM L3 partners building their own L3.
Also corrected a typo in the function name.
Test: build L3 and run dynamic level3 tests
Change-Id: If20bcb1fe2bace33c43aa178af699f3b190a1fd2
Plugin to provide getPropertyByteArray("deviceSignedCsrPayload")
which returns the signed CSR payload for device registration. It
queries both BCC and device info to be set in plugin before calling this
getPropertyByteArray("deviceSignedCsrPayload") method. The returned csr
payload will be used by assemble the device CSR by the caller for device
registration.
Bug: 286556950
Test: build WV DRM plugin
Merged from https://widevine-internal-review.googlesource.com/178891
Merged from https://widevine-internal-review.googlesource.com/179731
Change-Id: I65d89ed998dd292fc656af2f91f4472c1b5ec33c
This patch adds a new interface that partners must provide to
Cdm::initialize(), ILogger. ILogger replaces stderr as the sink to which
logging messages are sent. For partners that still want to log to
stderr, a reference implementation that logs to stderr is provided.
As a side-effect of this, many test-related source files had to be
updated to thread the new parameter to Cdm::initialize() through them.
This also necessitated adding a new variant of FormatString() that can
be called with a va_list directly so it can be called from other
functions that take varargs.
Bug: 201446862
Merged from https://widevine-internal-review.googlesource.com/177270
Change-Id: Ie31a10162773883b337f3a6144cf180a2b100139
- Initialize allowed_schemes_ since it is used by CreateDefaultResponse.
- Issue was detected by Coverity.
Change-Id: I368c4773f6316b65196aaa39e23e70717299c570
OEMCrypto_ERROR_INVALID_RSA_KEY is deprecated in v17. But
v16 oemcrypto can still return it. Unit test should allow
this error for now.
Test: run_dynamic_oemcrypto_v16.4, run_dynamic_oemcrypto_v16.3
Bug: 307668988
Change-Id: I950b62c8b3e02ea09d4795839a3d69573ab718aa
This CL adds unit tests to verify that the following
forbidden uses of an RSA private key do not work:
- ForbidPrepAndSign -- A cast cert key cannot sign a license
request.
- ForbidUseAsDRMCert -- A cast cert cannot be used with the
DRM cert's padding scheme and it cannot be used to derive
keys from a session key.
- *ForbidRSASignatureForDRMKey* -- A DRM cert key cannot be
used with GenerateRSASignature.
- *OEMCertForbidGenerateRSASignature* -- An OEM cert key
cannot be used with GenerateRSASignature.
Bug: 251875110
Change-Id: Ic2b23e3fd279e878c190a8294078a8d092126a29
This tool will soon be used in LUCI tests. It seemed necessary to
clean it up to make the build cop's job easier if there is a problem.
The following was completed:
* Removed stub for install XML based keyboxes
* This is handled externally
* Improved error checking
* Replace C-style prints with C++ styled prints
* Keybox information is still printed to stdout
* Major erros are printed to stderr
* Updated to follow Google style guide
* Fixed header includes
* Removed unused headers
* Added headers that are used, but were included indirectly
* Ensures OEMCrypto_Terminate() is called
* Particularly if there is an error encountered.
Bug: 299108238
Test: Tested in later CL
Change-Id: Ie6dafc44d050d0c6ae288f88cd5d6f3737d4a88c
The unit test helper function LoadWithAllowedSchemes should
only be used to load a Cast Certificate. So it has been
renamed to make that clear.
The only unit test that used the old function with the
non-cast padding scheme has been removed. A replacement will
be added in the next CL of the chain.
Change-Id: Id4aa2f420435baff664324ee4b3dcb74ab9ffe8a
There was some confusion about which tests loaded a cert and
which ones just used a cert. This distinction is important
when testing devices with a baked-in-cert.
Merged from https://widevine-internal-review.googlesource.com/183333
Change-Id: I3c2b119c3355b3a9190799637ff0860b6153b35b
This adds an install keybox tool to the OEMCrypto unit test
directory. It is built when we build the OPK w/linux IPC.
This CL also adds some scripts to use this tool when running
the OPK Linux TA, and then runs the standard tests.
Bug: 295371549
Change-Id: I11e59faa3b24d906f573bcd3f4855e73a4aa5fdf
Adds a new `cas` directory to the ports/linux project. This contains
an end-to-end demo of OEMCrypto CAS functionality, using the Linux
tee_simulator as a base.
Test: from ports/linux/cas dir: `CDM_DIR=~/work/cdm-dupe ./scripts/build.sh && CDM_DIR=~/work/cdm-dupe ./scripts/run.sh`
Merged from https://widevine-internal-review.googlesource.com/178250
Change-Id: I781b403100ad2e069d99650d9ddae8e7acbc309a
We want to transition to using GTEST_SKIP to skip unit tests instead of
modifying the GTEST_FILTER variable. This does so for tests that require
RSA 3072 support.
Bug: 251240681
Change-Id: I048d31e25316d621771efb5d472f651bff40bf75
Changes the OPK session state machine to allow API_MOVEENTRY in
the same circumstances as API_CREATENEWUSAGEENTRY. Adds a test
to trigger the same situation as the linked bug.
The test cases in the bug fail because OEMCrypto_MoveEntry() is
called immediately after OEMCrypto_CreateNewUsageEntry(), but the
session state machine has different filters for the two calls.
Furthermore, OEMCrypto_CreateNewUsageEntry() doesn't change the
state machine, so we should align the two filters to allow
OEMCrypto_MoveEntry() to be called immediately after
OEMCrypto_CreateNewUsageEntry() in all situations where
OEMCrypto_CreateNewUsageEntry() is allowed.
The existing OEMCrypto defrag tests did not catch this edge case
because the test helper functions always do something to modify the
state machine after calling OEMCrypto_CreateNewUsageEntry().
Test: OEMCryptoUsageTableDefragTest.MakeAndMoveEntry
Bug: 286938572
Merged from https://widevine-internal-review.googlesource.com/178013
(cherry picked from commit a87d66ccb7b2fc5f549142e64a7e45531dd95db6)
Change-Id: I8a8465b2b7479effe4055a014bc94b166178a693
1) Move some provisioning unit tests into
oemcrypto_provisioning_test.cpp
2) Remove some test group comments
Bug: 253779846
Merged from https://widevine-internal-review.googlesource.com/176735
Change-Id: I3d02c23b63eb7949fbc6abf60a7dbe32086ef2c9
Expected flow, which begins with a device that has already been
provisioned with Prov 4 stage 1:
1. OEMCrypto_InstallOEMPrivateKey()
2. OEMCrypto_GenerateCertificateKeyPair() -> wrapped_csr_priv
3. OEMCrypto_LoadDRMPrivateKey(wrapped_csr_priv)
4. OEMCrypto_PrepAndSignProvisioningRequest() to create a Prov 4
provisioning request message type with a CAST request in the
message body
5. Server sends a Prov 2 response. Server side derivation uses CSR keys
to derive session key, mac keys, and encryption keys.
6. OEMCrypto_DeriveKeysFromSessionKey(), same derivation as server side
7. OEMCrypto_LoadProvisioning(), use derived keys to verify + decrypt
The OEMCrypto_LoadDRMPrivateKey() step can happen before or after the
PrepAndSignProvisioningRequest() call.
Test: tests fail
Bug: 259452440
Merged from https://widevine-internal-review.googlesource.com/172310
Change-Id: Id5e6737b187339ec93e3d0d03c28e2b379d60747
OEMCrypto_ReassociateEntitledKeySession() should prevent an entitled key
session from being associated to an arbitrary entitlement session.
Validations added/updated in this CL:
1. at least one entitled key is supposed to have matching entitlement
key in the new session;
2. the key control block in the new entitlement key should remain
unchanged compared to the existing entitlement key.
Updated OPK and ref/testbed implementations.
Test: jenkins/opk_ta, jenkins/run_fake_l1_tests
Bug: 262795590
Merged from https://widevine-internal-review.googlesource.com/171192
Change-Id: I3868aa0d3c5ffb818ed83b9c49313125803939e0
OEMCrypto_ReassociateEntitledKeySession() should prevent an entitled key
session from being associated to an arbitrary entitlement session. The
target entitlement session is supposed to have all the entitlement keys
that the entitled key session uses.
Updated OPK and ref/testbed implementations.
Test: jenkins/opk_ta entitlement tests
Bug: 262795590
Merged from https://widevine-internal-review.googlesource.com/169774
Change-Id: I4322422f01f7094c3862f33ef3199ff3a44995b0
Flags are to be used in new tests when creating tests that potentially
take a long time to run. Certain test suites are intended to be quick
and may skip certain long running tests.
New slow tests should check these flags and skip using GTEST_SKIP().
Bug: 311273599
Test: ./build.py x86-64 --debug
Change-Id: I4fc5a026f23f489bf2ad8b8a11dc467f550f0c5e
