[ Merge of go/wvgerrit/186611 ]
Android user can set the property using the developer option.
Bug: 301669353
Change-Id: I730b635f6cc28dfb0471c1d679627c94b9e16af1
Merge from Widevine repo of http://go/wvgerrit/169089
We want to transition to using GTEST_SKIP to skip unit tests instead of
modifying the GTEST_FILTER variable. This does so for tests that require
RSA 3072 support. Note: I think part of this CL got lost in
go/wvgerrit/167740, so this is adding the rest in.
Bug: 251240681
Merged from https://widevine-internal-review.googlesource.com/168237
Change-Id: I3002f705f7e3f4b38d0e5efef355e5c3f3529218
Merge from Widevine repo of http://go/wvgerrit/169080
We want to transition to using GTEST_SKIP to skip unit tests instead of
modifying the GTEST_FILTER variable. This does so for tests that require
CAS support.
Bug: 251240681
Merged from https://widevine-internal-review.googlesource.com/167739
Change-Id: Ifb971bf01e2c21fe672bbe4bfa15c797456256ef
Merge from Widevine repo of http://go/wvgerrit/169076
We want to transition to using GTEST_SKIP to skip unit tests instead of
modifying the GTEST_FILTER variable. This does so for provisioning 4.0
tests.
Bug: 251240681
Merged from https://widevine-internal-review.googlesource.com/167497
Change-Id: I65a879fba24b199bd115980bdd556c123fcc1cdc
Merge from Widevine repo of http://go/wvgerrit/169073
Due to the late-breaking maximum_minor_version change, we had to revise
the CHANGELOG on the release branch. This patch ports this change to the
development branches.
Bug: 275264353
Test: luci tests
Change-Id: I46a18bd05ad1ae2afc766eaaf39c563f82f4eeea
Merge from Widevine repo of http://go/wvgerrit/169070
This turns on the cast receiver tests for any device that
claims to support this feature. Previously, we had to
explicitly request these tests on the command line.
But since they do not pass for Prov 4.0, we fitler them out
in this case and reference a bug tracking that work.
We also switch to using GTEST_SKIP to skip the tests instead
of modifying the GTEST_FILTER.
Bug: 251240681
Bug: 269310676
Bug: 259455058
Bug: 259454969
Merged from https://widevine-internal-review.googlesource.com/166497
Change-Id: I1bcd749243a474b3f638547aa43c2805e86731af
Merge from Widevine repo of http://go/wvgerrit/169068
We want to transition to using GTEST_SKIP to skip unit tests instead of
modifying the GTEST_FILTER variable. This does so for provisioning 3.0
tests.
Bug: 251240681
Merged from https://widevine-internal-review.googlesource.com/167498
Change-Id: I997e1051f3bd7925bc69cf1b269a5bbbae8031b7
Merge from Widevine repo of http://go/wvgerrit/169066
Now that we only have to support the v18 API, we can drop the v17
versions of these functions. For SelectKey, the new function fully
replaces it, so it has been removed. For the other functions, the v18
functions were calling the v17 functions previously. Now, they have been
rolled together.
These functions were not actually deprecated in the OEMCryptoCENC.h
header to allow OPK's serialization generator to still support them for
backwards-compatibility. Now that they are gone, this patch also
deprecates the functions.
Bug: 240995221
Merged from https://widevine-internal-review.googlesource.com/167338
Change-Id: I10261142121d4de8c96e2cd5fac570f7b536a82e
Merge from Widevine repo of http://go/wvgerrit/169064
This CL should cleanup some minor issues that existed after the initial
CLs refactoring the unit tests went in. The issues fixed should be:
1) duplicate decrypt tests
2) decrypt tests added to be run
3) removed unecessary header files
4) refactored some provisioning tests that I had previously overlooked
Bug: 253779846
Merged from https://widevine-internal-review.googlesource.com/167537
Change-Id: Ic474fbcf69a08c0482b5e74d0c80be2cd16702d8
Merge from Widevine repo of http://go/wvgerrit/169050
- Update changelog
- Update copy parter files script to include linux port
- Update opk_partner_test script (used to make sure everything works out
of the box) with third party dependencies, refactored downloads into
a public setup.sh script
- Remove WTPI_BUILD_INFO from OPK makefiles and gyp files, since it is
no longer needed
- Remove FILES.md since it is out of date and ree-sources.mk and
tee-sources.mk satisfy the same purpose
- Add debug flag in comments for OP-TEE and Linux ports. As a hint for
how to enable debug in OPK
- Remove oemcrypto_build_info.h since it is no longer needed. Move the
XSTR macro it contained to oemcrypto_api_macros.h
- Add provisioning method macro to OPTEE and Linux build files to hint
at how to build Prov 2 and Prov 4 using the same build files but
different build-time values.
Merged from https://widevine-internal-review.googlesource.com/166219
Bug: 275264353
Test: luci tests
Change-Id: I220e3296f631d895a7c4504454635fe396efc0a4
Merge from Widevine repo of http://go/wvgerrit/169048
Do not generate a new signature during mutation if a key handle cannot
be retrieved by OEMCrypto_GetKeyHandle().
Bug: 275264353
Test: luci tests
Change-Id: I9a804328c4b6d3e50d14c3f9c71043e71a88e3da
also remove `use_vndk_as_stable: true` to remove dependency to VNDK
libs.
Bug: 251299786
Test: build WV APEX with V and install it on U device
Change-Id: Ie7f7f9b699119478d4b33f95ab9e6ba7f459346c
Disable one oemcrypto v18 unit test which takes nlohmann-json dependency
for now, until the json dependency is fixed.
Test: build widevine and oemcrypto unit tests
Bug: 263397641
Change-Id: I065b28a81cc481b2b64bda27733640e0fdea0c2c
No-Typo-Check: From a third party header file
Bug: 260918793
Test: unit tests
Test: atp v2/widevine-eng/drm_compliance
Change-Id: I36effd6a10a99bdb2399ab1f4a0fad026d607c70
In CreateCoreLicenseResponse(), there seems to be an out of bounds
potential error due to a missing check that the index used for
license_response.parsed_license->key_array is valid. Adding a check
for this here.
Bug: 217677571
Test: fuzz tests
Change-Id: I37f7228f87992ba5284c553d7b07ef97d6a66ab3
(cherry picked from commit eb711ea0ec)
[ Merge of http://go/wvgerrit/153669 ]
The oemcrypto_decrypt_cenc_fuzz fuzz test found a null reference error.
This adds a check to ensure that the input_buffer vector used for the
sample descriptions is not empty before attempting to access it.
Bug: 192310854
Bug: 236317198
Change-Id: If3909b01d3bc19434bbd5b6b77e7cd76182b2bdf
[ Merge of http://go/wvgerrit/153121 ]
`run_oemcrypto_fuzz_tests` script was disabled while OPK was
transitioning between v16 and v17. Now that OPK is v17, the
fuzz tests can be re-enabled.
Some targets could not be built due to a missing header file.
`oemcrypto/ref/src/cppbor.cpp` was updated to include the missing
header.
Bug: 235414753
Bug: 229160033
Bug: 236317198
Test: run_oemcrypto_fuzz_tests
Change-Id: Ieeebae1f6d84c5735a669d44ea45875675fdb5a3
[ Merge of http://go/wvgerrit/151597 ]
* missing #include <string> for 'std::string' For more info see go/clang_tidy/checks/google3-build-missing-std-includes (25 times)
* missing #include <utility> for 'std::move' For more info see go/clang_tidy/checks/google3-build-missing-std-includes (3 times)
* missing #include <algorithm> for 'std::find_if' For more info see go/clang_tidy/checks/google3-build-missing-std-includes (2 times)
* missing #include <algorithm> for 'std::sort' For more info see go/clang_tidy/checks/google3-build-missing-std-includes
This CL looks good? Just LGTM and Approve it!
This CL doesn’t look good? This is what you can do:
* Revert this CL, by replying "REVERT: <provide reason>"
* File a bug under go/clang-tidy-bug for category ClangTidyBuild if there's an issue with the CL content.
* File a bug under go/rosie-bug if there's an issue with how the CL was managed.
* Revert this CL and not get a CL that cleans up these paths in the future by
replying "BLOCKLIST: <provide reason>". This is not reversible! We recommend to
opt out the respective paths in your CL Robot configuration instead:
go/clrobot-opt-out.
This CL was generated by CL Robot - a tool that cleans up code findings
(go/clrobot). The affected code paths have been enabled for CL Robot in //depot/google3/METADATA.
Anything wrong with the signup? File a bug at go/clrobot-bug.
Bug: 236317198
Change-Id: I28f7899b5cf0637be15833659f8ba0dd6ff3ab90
[ Merge of http://go/wvgerrit/150489 ]
* missing #include <string> for 'std::string' For more info see go/clang_tidy/checks/google3-build-missing-std-includes (2 times)
This CL looks good? Just LGTM and Approve it!
This CL doesn’t look good? This is what you can do:
* Revert this CL, by replying "REVERT: <provide reason>"
* File a bug under go/clang-tidy-bug for category ClangTidyBuild if there's an issue with the CL content.
* File a bug under go/rosie-bug if there's an issue with how the CL was managed.
* Revert this CL and not get a CL that cleans up these paths in the future by
replying "BLOCKLIST: <provide reason>". This is not reversible! We recommend to
opt out the respective paths in your CL Robot configuration instead:
go/clrobot-opt-out.
This CL was generated by CL Robot - a tool that cleans up code findings
(go/clrobot). The affected code paths have been enabled for CL Robot in //depot/google3/METADATA.
Anything wrong with the signup? File a bug at go/clrobot-bug.
Bug: 236317198
Change-Id: I9ccf0ce00ee3f6f7b3a2b6ec9dedeff578535217
[ Merge of http://go/wvgerrit/148691 ]
This is a followup to OEM_CONTENT,
a custom key container that was added to Widevine server.
Bug: 193006094
Bug: 236317198
Change-Id: I82285e4e50f981e0cedf2adac5910643f34f8e46
[ Merge of http://go/wvgerrit/153589 ]
Some unit tests call InstallTestRSAKey() a few times. In current
provision 2 with Keybox, the test RSA DRM key is hard coded. But for
provision 4, it will be generated by OEMCrypto.
When a test calls multiple times of InstallTestRSAKey(), we don't want
the key to be generated during each call, and we want to use the same
key in order for the decrytion to work.
The fix to cache the drm key once it is created for prov 4 tests.
Bug: 180530495
Bug: 236317198
Test: oemcrypto_test
Change-Id: I1b2d96a89e0619861492e6d9bc56862e2c440c86
[ Merge of http://go/wvgerrit/150349 ]
The device id for prov4 is hash of the encoded device public key
(COSE_key).
Also replaced a few bug numbers if it is prov3 specific (not related to prov4).
Bug: 225216277
Bug: 236317198
Test: oemcrypto_test
Change-Id: Ica1c8579c0a3ef83c70f331283c9cce629c6bb3f
[ Merge of http://go/wvgerrit/149849 ]
With ECC based DRM cert, the session key is expected to be 32, as
compared to 16 bytes in RSA case. This CL adds supports for 32 bytes
session key.
Bug: 236317198
Test: oemcrypto_test
Change-Id: I657fdd92d17736a23375ddcd457f83efa6ca6d1f
This is a merge from:
https://widevine-internal-review.googlesource.com/c/cdm/+/152897
and http://go/wvgerrit/153709
Adding a new OEMCrypto unit test will allow partners to correct a
problem earlier in their integration.
Verifies current oemcrypto implementation handles clear KCB in a
mocked 16.4 license response.
Unit test release date updated to 2022-06-17.
Test: run_x86_64_tests; opk_ta
Bug: 235870170
Bug: 234645065
Change-Id: I59fef2c25f5c007624447d4f46147d96adeddad9
[ Merge of http://go/wvgerrit/147275 ]
Swapped out use of OpenSSL/BoringSSL RSA and EC_KEY to use OEMCrypto
reference utility classes RsaPublicKey/EccPublicKey. This enables
further test development with ECC keys, and removes duplicate OpenSSL/
BoringSSL code.
For Android makefiles, only the minimally required files have been
added.
Bug: 205902021
Bug: 236317198
Test: run_prov30_test run_prov40_test oemcrypto_test
Change-Id: I64491018e8ffb69bf986083e3aae446eb9e5cf39
[ Merge of http://go/wvgerrit/150789 ]
We had two copies of the wvcrc32.h and wvcrc.cpp files: One in
oemcrypto/util/ and one in oemcrypto/test/. The two were identical
except for the namespaces used. However, this setup created confusion if
the compiler could see both files, as the wrong one could get included.
This patch removes the set from test/ in favor of the more-widely-used
set from util/ and updates the one piece of code using the old
namespace.
Update Android oemcrypto_test makefile for wvcrc32.
[ Merge of http://go/wvgerrit/153657 ]
Duplicated wvcrc files were removed in http://go/wvgerrit/150632,
however, the Android-specific makefile for oemcrypto_test was not
updated with the new source and include directory. This CL makes
the necessary changes to the makefile to build with the OEC ref util
version of wvcrc32.
Bug: 229160397
Bug: 236317198
Test: oemcrypto_test
Change-Id: I0b53255122172fb514e7e0602b59f3ab704e52da
[ Merge of http://go/wvgerrit/152950 ]
This CL introduces several functions for computing a HMAC-SHA256
signature. The functions wrap the OpenSSL/BoringSSL implementation
of HMAC(), allowing for common C++ types to be passed in. Several
of the functions follow several OEMCrypto conventions for generating
signatures (ex. returning OEMCrypto_ERROR_SHORT_BUFFER if signature
buffer is too small).
Also provided limited wrappers for HMAC-SHA-1, which are used for
a limited number of operations within OEMCrypto.
Bug: 154055871
Bug: 145026434
Bug: 236317198
Test: hmac_unittest
Change-Id: I4a9e56066a7c3f14c7159270503225cd794c1bb6
In CreateCoreLicenseResponse(), there seems to be an out of bounds
potential error due to a missing check that the index used for
license_response.parsed_license->key_array is valid. Adding a check
for this here.
Bug: 217677571
Test: fuzz tests
Change-Id: I37f7228f87992ba5284c553d7b07ef97d6a66ab3
This is a merge from:
https://widevine-internal-review.googlesource.com/c/cdm/+/152372
The L3 source change which produced these libraries is:
https://widevine-internal-review.googlesource.com/c/cdm/+/152371/
Original commit message:
To address the bug with certain 16.4.x SDK versions returning a
clear key control block (KCB) for clients newer than 16.5, the
exact version check to determine whether key control blocks are
clear or not has been loosened.
Original behavior:
- ODK version >= 16.5.x --> Assume clear
- ODK version <= 16.4.x --> Assume encrypted
New behavior:
- No KCB IV --> Assume clear
- Otherwise --> Assume encrypted
This CL also includes a change to oemcrypto/include/OEMCryptoCENC.h
The changes to OEMCryptoCENC.h in the CL are comments or variable name
change. So it should be safe.
This change was merged to wv tm-dev here:
https://widevine-internal-review.googlesource.com/c/cdm/+/148411
So, adding it to Android tm-dev.
Test: run_level3_static_tests, CdmDecryptTest/CdmTestWithDecryptParam.* against LS SDK 16.4.2 & 17.0
Bug: 232557453
Change-Id: I2bbb5ab3ea33a16bd6c198077e5aefe960737ea0
