[ Merge of http://go/wvgerrit/192010 ]
Updates the CDM to add support for DRM reprovisioning request creation.
- Load the baked-in certificate for use as the client token.
- Add functions to build and sign a drm reprovisioning request.
- Update the Rikers L3 OEMCrypto implementation to support signing
provisioning requests and getting embedded certificate.
- Update client id token to handle DRM reprovisioning.
- Add OEMCrypto function to load the baked-in device certificate in
Rikers CDMs and stubs for non-Rikers CDMs.
- Add dynamic adapter support for getting embedded device certificate
only on L3.
Bug: 305093063
Test: WVTS
Change-Id: I9a0ecf95e27213b046f03baa0781fb164179323b
It is used by prov4 only. So L3 will just return
OEMCrypto_ERROR_NOT_IMPLEMENTED.
Test: build L3
Bug: 307969500
Change-Id: Iff6c79a3fb0220a6c995186f5923ce5ad6bc256f
functions
In CL https://widevine-internal-review.git.corp.google.com/c/cdm/+/183531
KDF was merged into new OEMCrypto_LoadLicense() and
OEMCrypto_LoadProvisioning().
This change renames L3 existing old functions with suffix _V18, and adds
the two new functions.
Note: jenkins/run_dynamic_level3 and jenkis/run_level3_static_tests
can't be enabled util https://b.corp.google.com/issues/320525541 is
resolved.
Test: the generated L3 from this CL can pass static and dynamic adapter
tests with commit ID 567069f2fb800c4ec4e844e03273d1924ae6673b. More
updates may be need to L3 source for it to work with the latest
oemcrypto-v19 branch.
Bug: 299333403
Change-Id: If6dec630c00b65468d4194196f3ff6f308c6dbe8
Since the L3 functions are meant to alias the OEMCrypto functions,
they shouldn't appear in a namespace.
Change-Id: I8d11279ff86c5b5c9eab0598d134f6904f0021ad
Add canonicalization requirements and a few more required fields.
Fixed a few typos.
Bug: 314882572
Change-Id: I3fe74c5b78292378fe146afa7236ece2c30942ae
We should talk about protected and unprotected regions in a
subsample instead of talking about encrypted and clear subsamples.
Bug: 148230379
Change-Id: Id19e693948cdbd332fa965c9d8775148d10e8368
Add new OEMCrypto_GetBCCType() function in v19.
Re-generate serialization and test files.
Test: opk_ta, opk_linux_ipc_ta, run_fake_l1_tests
Bug: 297918188
Change-Id: Id5f422776cd50c71ab483c06bbe3ac399461fb31
This updates the code and tests to allow for using license protocol 2.2
when using OEMCrypto v19.
Issue: 80428549
Issue: 121031064
Issue: 232464183
Change-Id: Ib6bb61f86dd310b566227462658530bca5940b88
Since KDF functions are only used right before specific functions, this
merges them to simplify internal state within OEMCrypto.
Fixes: 299527712
Change-Id: I426cfcdc102bd73cf65cd809b213da2474f44b34
OEMCrypto_PrepAndSignLicenseRequest() documentation needs to be updated
to match the current behavior.
Bug: 296608852
Change-Id: Ib76dc2f1afa705b5f71e654afa2889b2dcca36ce
The current implementation of OEMCrypto_SetDecryptHash gives developers
flexibility to use different types of hashes. However, all the
implementations we have seen thus far use crc32. Because of this, crc32
should be sufficient and we can refactor OEMCrypto_SetDecryptHash to
only use the crc32 hash.
Bug: 287706586
Change-Id: I4aaa253b2656dfd9c984f77dfb08fe160b23b47c
The output_descriptor parameter of OEMCrypto_FreeSecureBuffer should be
marked as [in,out].
Bug: 321346771
Change-Id: I4ba1a7f0b0f12a068d655a0d0b8b43a0818980dc
This CL adds unit tests to verify that the following
forbidden uses of an RSA private key do not work:
- ForbidPrepAndSign -- A cast cert key cannot sign a license
request.
- ForbidUseAsDRMCert -- A cast cert cannot be used with the
DRM cert's padding scheme and it cannot be used to derive
keys from a session key.
- *ForbidRSASignatureForDRMKey* -- A DRM cert key cannot be
used with GenerateRSASignature.
- *OEMCertForbidGenerateRSASignature* -- An OEM cert key
cannot be used with GenerateRSASignature.
Bug: 251875110
Change-Id: Ic2b23e3fd279e878c190a8294078a8d092126a29
Clearify usage and paremeters of OEMCrypto_GetDeviceSignedCsrPayload()
and OEMCrypto_GetDeviceInformation().
Bug: 291625901
Merged from https://widevine-internal-review.googlesource.com/179470
Change-Id: I0c69bd6fadded6d749fd6f33553bb4a51d69e719
If the BCC has an RSA key, then it needs to be parsed by
BoringSSL, which expects rsaEncryption as the encoding type.
Bug: 272102162
Change-Id: I9b7dc374d8db80efda062b47f6b17720d9bc2ba2
Merge from Widevine repo of http://go/wvgerrit/169066
Now that we only have to support the v18 API, we can drop the v17
versions of these functions. For SelectKey, the new function fully
replaces it, so it has been removed. For the other functions, the v18
functions were calling the v17 functions previously. Now, they have been
rolled together.
These functions were not actually deprecated in the OEMCryptoCENC.h
header to allow OPK's serialization generator to still support them for
backwards-compatibility. Now that they are gone, this patch also
deprecates the functions.
Bug: 240995221
Merged from https://widevine-internal-review.googlesource.com/167338
Change-Id: I10261142121d4de8c96e2cd5fac570f7b536a82e
No-Typo-Check: From a third party header file
Bug: 260918793
Test: unit tests
Test: atp v2/widevine-eng/drm_compliance
Change-Id: I36effd6a10a99bdb2399ab1f4a0fad026d607c70
[ Merge of http://go/wvgerrit/150349 ]
The device id for prov4 is hash of the encoded device public key
(COSE_key).
Also replaced a few bug numbers if it is prov3 specific (not related to prov4).
Bug: 225216277
Bug: 236317198
Test: oemcrypto_test
Change-Id: Ica1c8579c0a3ef83c70f331283c9cce629c6bb3f
This is a merge from:
https://widevine-internal-review.googlesource.com/c/cdm/+/152372
The L3 source change which produced these libraries is:
https://widevine-internal-review.googlesource.com/c/cdm/+/152371/
Original commit message:
To address the bug with certain 16.4.x SDK versions returning a
clear key control block (KCB) for clients newer than 16.5, the
exact version check to determine whether key control blocks are
clear or not has been loosened.
Original behavior:
- ODK version >= 16.5.x --> Assume clear
- ODK version <= 16.4.x --> Assume encrypted
New behavior:
- No KCB IV --> Assume clear
- Otherwise --> Assume encrypted
This CL also includes a change to oemcrypto/include/OEMCryptoCENC.h
The changes to OEMCryptoCENC.h in the CL are comments or variable name
change. So it should be safe.
This change was merged to wv tm-dev here:
https://widevine-internal-review.googlesource.com/c/cdm/+/148411
So, adding it to Android tm-dev.
Test: run_level3_static_tests, CdmDecryptTest/CdmTestWithDecryptParam.* against LS SDK 16.4.2 & 17.0
Bug: 232557453
Change-Id: I2bbb5ab3ea33a16bd6c198077e5aefe960737ea0
