The original clear lead integration tests weren't following the flow of
the original bug because there was only one sample, so
DecryptMultipleSamples wasn't being called in the same way. This should
fix this.
Bug: 320785945
Merged from https://widevine-internal-review.googlesource.com/198137
(cherry picked from commit 4141e271d44c32da88dc0f02a0173fae0b45ead9)
Change-Id: Ia70e3fd78381d8d34261b95931fdb303f77f73fd
Bug: 330354107
Test: CI
Flag: NONE
Ignore-AOSP-First: It is easier to detect all the mismatch in internal
master.
Change-Id: Ib7f679e34521afcee7fae648415315f4cbab91d6
(cherry picked from commit a6f7ac137ca1ab00985c1eb8b3e96a647a5d8400)
Merge of
https://widevine-internal-review.git.corp.google.com/c/cdm/+/199044
L3 builds created for this fix:
https://widevine-internal-review.git.corp.google.com/c/cdm/+/199050
Fix to L3 renewal policy bypass attack:
OEMCrypto_DeriveKeysFromSessionKey cannot be called after a license is
loaded.
System IDs:
build_arm_v() { build_arm_with_id 33097; }
build_arm64_v() { build_arm64_with_id 33098; }
build_x86_v() { build_x86_with_id 33099; }
build_x86_64_v() { build_x86_64_with_id 33100; }
Test: tested with
https: //widevine-internal-review.git.corp.google.com/c/cdm/+/196392
Test: run_level3_static_tests
Test: run wvts on Pixel7
Bug: 334154045
Change-Id: Ib188d0a37a2193f56dfd287e2f0274ba65bd7b3e
[ Merge of http://go/wvgerrit/197972 ]
The test only needs to verify that the license has a renewal
server url. It does not need to fetch a renewal from that url.
bug: 338103523
Change-Id: I1513f8692089c3f51a53ffd6ecb62348702b8fb8
[ Merge of http://go/wvgerrit/195850 ]
Since Widevine device builds now include APEX prebuilts,
shared library dependencies for the prebuilts are in
are in /apex/com.google.android.widevine/lib[64] rather
than /system/lib[64] or /vendor/lib[64]. When tests are
run not all the dependencies are present.
These changes include
* Statically linking missing dependencies
* Adding /apex/com.google.android.widevine/lib[64] to
the shared library path
* Searching for some of the test executables in
/data/nativetest[64]/vendor/
Bug: 329888778
Bug: 329891889
Bug: 329891175
Bug: 329891049
Test: ./build_and_run_all_unit_tests.sh
Change-Id: I067685cedc7701c4e6502bdac98b53e22b61ad1e
The test server for UAT and for the SDKs now accept the same
url format for renewals.
Bug: 328763985
Change-Id: I1a58412047735efa26da7986bf19fa9a7fbaf374
widevine currenty uses `use_source_config_var` and product variables to
ensure that products gets the correct selection of source or prebuilts
of widevine apex.
`use_source_config_var` is being deprecated from Soong to unfiy the
mechanisms for source vs prebuilt selection. This CL transitions
widevine to a different mechanism `prefer` for prebuilt selection to aid
the deprecation.
Test: lunch cf_x86_64_phone-trunk_staging-userdebug; m nothing; aninja
-t path droid
vendor/widevine/libwvdrmengine/apex/prebuilt/com.google.android.widevine.nonupdatable.apks;
// no path exists, i.e. uses source
Test: lunch osprey-trunk_staging-userdebug; m nothing; aninja -t path
droid vendor/widevine/libwvdrmengine/apex/prebuilt/com.google.android.widevine.nonupdatable.apks;
// path exists; i.e. uses prebuilts
Bug: 332379718
Change-Id: I78800aee49f1de83ea2ce8160923362871806d87
This reverts commit 95b50d39ba.
Reason for revert: Rikers changes should go on main. We can decide that partner OEMs can pick up this feature for V once it has been well tested on main.
Change-Id: I129303cbc86e267aba013a7c314724e51477dc82
SCP uses the JNI headers in generated code, so several targets need
the include path; this will have no effect on non-SCP builds. Also,
in "protected" builds, there is a generated library that needs to be
linked in the final binary, but this doesn't exist in the "analysis"
step; we create an empty static library if it doesn't exist so it works
on all cases.
Merged from https://widevine-internal-review.googlesource.com/169850
Merged from https://widevine-internal-review.googlesource.com/176177
Bug: 262635528
Change-Id: Ib676d55efbcbec81de9c3123bc70afb570d6caa5
(cherry picked from commit b9482eb23c261788a4432de7566f1b1de1cf9379)
Also added a unit test to verify that decryption without a license fails
with the correct error code. Also changed comment types for policy
integration tests and core integration tests to be picked up by Doxygen.
Bug: 320785945
Merged from https://widevine-internal-review.googlesource.com/194910
Change-Id: Ibdb70683003bb430dde9b4a1bd9fc9839bace342
This is necessary so we can remove `-Wno-unused-parameter` in the CDM and OPK builds.
PiperOrigin-RevId: 618255022
Merged from https://widevine-internal-review.googlesource.com/194110
Change-Id: I67b9b8cd27422c4b62d361d627fd1c05ed0cbdef
* changes:
Unit tests for forbidden RSA key usage
Add DRM reprovisioning request generation
Correct copyright header
Fix bcc length for printing
Update ODK version to 18.4
Adjust skipping tests when provisioning skipped
Change test storage to use protobuf
Remove WvCdmEnginePreProvTestStaging
Rename and clarify Drm Reprovisioning token types
The SetUp for child classes do not automatically quit when
the parent SetUp is skipped.
Bug: 305093063
Change-Id: I606a949ef0e94fa87a97268856b7f2d8b9135ebe
Extract BCC and build info from oemcrypto, construct BCC uploading
record and dumps it out a JSON file.
The BCC uploader will pick up the output file later.
Bug: 312787974
Change-Id: Ie8ef6a75408e8ef8355b1c0de14532de0ae83732
[ Partial merge of http://go/wvgerrit/188279 ]
This CL adds unit tests to verify that the following
forbidden uses of an RSA private key do not work:
- ForbidPrepAndSign -- A cast cert key cannot sign a license
request.
- ForbidUseAsDRMCert -- A cast cert cannot be used with the
DRM cert's padding scheme and it cannot be used to derive
keys from a session key.
- *ForbidRSASignatureForDRMKey* -- A DRM cert key cannot be
used with GenerateRSASignature.
- *OEMCertForbidGenerateRSASignature* -- An OEM cert key
cannot be used with GenerateRSASignature.
Bug: 251875110
Test: WVTS
Change-Id: I55b1eb04465023352edea55ba4ef532d1cd07231
[ Merge of http://go/wvgerrit/192010 ]
Adding files not merged in ag/26501922
Updates the CDM to add support for DRM reprovisioning request creation.
- Load the baked-in certificate for use as the client token.
- Add functions to build and sign a drm reprovisioning request.
- Update the Rikers L3 OEMCrypto implementation to support signing
provisioning requests and getting embedded certificate.
- Update client id token to handle DRM reprovisioning.
- Add OEMCrypto function to load the baked-in device certificate in
Rikers CDMs and stubs for non-Rikers CDMs.
- Add dynamic adapter support for getting embedded device certificate
only on L3.
Bug: 305093063
Test: WVTS
Change-Id: I839db69a48c1add196f9b56e6ee3812f549f814d
[ Merge of http://go/wvgerrit/186825 ]
Remove the words ` All rights reserved.` from Widevine's
existing copyright headers.
For context, see cl/578224540
Bug: 330655176
Test: WVTS
PiperOrigin-RevId: 580020267
Change-Id: I43e845b83f438e4ef7f0f542c2f4e427a188ab06
[ Merge of http://go/wvgerrit/194310 ]
Resize bcc to the correct length to eliminate the trailing zeros.
Bug: 330645490
Test: core unit tests
Change-Id: I56b6d30120735a4d7a0f39f29a9f255bd2d2d18c
[ Merge of http://go/wvgerrit/194254 ]
For some platforms, we cannot provision. In this case, any
test that needs provisioning is skipped. However, when a
test is skipped in a subroutine, the rest of SetUp is still
run. Any failures in SetUp will cause the test to be marked
as a failure.
This CL duplicates the check for skipping the test in SetUp
and in TearDown.
Bug: 329467151
Test: WV and unit/integration tests
Change-Id: I0087b12a3f26b52ecf62bf7b0e7bcf4fa2c6c763
[ Merge of http://go/wvgerrit/193190 ]
This changes the persistent test storage to use protobufs instead of
manual parsing. This simplifies the code but makes the files less
"human readable". Files can be read using 'gqui' if needed.
Bug: 312529037
Test: unit/integration tests
Change-Id: I1b025eac96458c0061e0883e1e4fd05484842ff2
[ Merge of http://go/wvgerrit/194370 ]
This test explicitly provisions against the staging server,
which we do not require from partners.
Bug: 329293570
Test: WV unit/integration tests
Change-Id: Id88840f188ec99b386837d83f69844b0990594a9
[ Merge of http://go/wvgerrit/194374 ]
Renames and adds clarifying comments to Drm Reprovisioning token types.
All provisioning methods can be forced to reprovision by apps which can
cause reprovisioning to be an overloaded term. Renaming token types
used by the Drm Reprovisioning method to more clearly state they are
used for Drm Certificate Reprovisioning should help to avoid confusion.
This change also adds comments to help clarify when and where Drm
Reprovisioning is used as a provisioning type.
Bug: b/305093063
Test: WVTS
* Added dependency to dynamic perf tests to fix missing header build
error.
Change-Id: I158eb5672ad9e655a60bc68e0f4f2f7a0d464b4e
