The interface is defined in
hardware/interfaces/drm/aidl(http://go/ag/15329852).
Test: build
m android.hardware.drm-service.widevine -j128
Test: build_and_run_all_unit_tests.sh
for hidl tests
Test: atest VtsAidlHalDrmTargetTest
Bug: 200055138
Bug: 170964303
Change-Id: If2f2a129914436ba5cef1c46f6cb9415e12c3d1c
Merge from Widevine repo of http://go/wvgerrit/131305
The OPK tools are choking on non-ASCII characters when running on the
fuzz bots. This patch removes the problem characters from the header.
This brings these curly quotes in-line with the rest of the quotes in
the header.
Bug: 192275441
Change-Id: I9ba57abcd1275663601efc2a9170d7ab6aa4b4b8
Merge from Widevine repo of http://go/wvgerrit/125263
and http://go/wvgerrit/135749
Define a |major.minor| version in the
serialization layer and check for compatibility
between REE and TEE before accepting connections.
bug: 158857733
test: opk_all_tests
Change-Id: Iad44a1f50a27c6bca4959c6d41c9b361712dbde8
The API comments for the two new OTA keybox OEMCrypto functions
required formatting to be compatible with the doxygen comment
strings.
Bug: 190505461
Test: Android unit tests and GTS
Change-Id: Ia45dc9d727a2a904170912193709cd9416b8fe27
[ Cherry pick of http://ag/15847758 ]
Adjust OTA code to account for some design changes and
add integration tests.
Merge from Widevine repo of http://go/wvgerrit/133775
Change use_test_key to uint32_t type
Merge from Widevine repo of http://go/wvgerrit/133774
Cleanup CDM OKP info before tests.
Merge from Widevine repo of http://go/wvgerrit/133773
Change context for derivation in OTA keybox solution
Merge from Widevine repo of http://go/wvgerrit/133772
Updated OTA keybox key derivation.
Merge from Widevine repo of http://go/wvgerrit/133771
Use double provisioning step in integration tests
Merge from Widevine repo of http://go/wvgerrit/133770
Erase keybox on initialization for OEMCrypto testbed
Merge from Widevine repo of http://go/wvgerrit/133769
Add session id to OEMCrypto OTA functions
Merge from Widevine repo of http://go/wvgerrit/133768
Integration test for OTA Keybox reprovisioning
Merge from Widevine repo of http://go/wvgerrit/133767
Add test x509 cert for testing
Merge from Widevine repo of http://go/wvgerrit/133766
OTA Keybox basic functionality in testbed
Merge from Widevine repo of http://go/wvgerrit/133765
Update OTA test script to use newer build scripts
Merge from Widevine repo of http://go/wvgerrit/133764
Adjust comment stype for doxygen
Test: MediaDrmTest and Android unittests
Bug: 190505461
Bug: 190505461
Bug: 190505461
bug: 187646550
Bug: 187646550
Bug: 187646550
Bug: 187646550
Bug: 190505461
Bug: 187646550
Bug: 188228998
Bug: 190505461
Bug: 187646550
Change-Id: I41ff819a1fd8aca2e20adb25127fa0d9c4879b01
Merge from Widevine repo of http://go/wvgerrit/133703 and
http://ag/14707867
[ Cherry-pick of http://ag/15835345 ]
In order to use a local provisioning server, we need to use a
different test keybox system id that is in the dev device database
instead of the production database. We also need to use a local
license server that uses the dev license server.
Bug: 187646550
Test: GtsMediaTestCases
Change-Id: Ice89143dd26de22757375a770c6bac716fcbc057
Add Keybox OTA Provisioning functions to OEMCrypto header
Merge from Widevine repo of http://go/wvgerrit/133704 and
http://go/ag/14707868
Bug: 188228998
Change-Id: Iff54bc2870e87bf7239e179e1d02fbcc8df6198f
Stub build changes to support OTA Keybox
Merge from Widevine repo of http://go/wvgerrit/133725 and
http://go/ag/14781459
This CL adds a new unit test file for testing OTA keybox
reprovisioning functionality. This new test is built when running the
dynamic adapter in the linux build, and in the Android build.
Bug: 187646550
Change-Id: I625513840188f95e74831ef2ea399e827e837439
Add OTA Keybox functions to dynamic adapter
Merge from Widevine repo of http://go/wvgerrit/125843
and http://go/ag/14781460
Bug: 187646550
Change-Id: Ief78ed10599c091690e0d7dc488ea71674c763b5
Refactor dynamic adapter keybox verification
Merge from Widevine repo of http://go/wvgerrit/133727http://go/ag/14812524
The keybox validation needs to be done separately from initializing
the library so that we can support Keybox OTA Reprovisioning.
If L1 loads, but the keybox is missing, the initialization should
succeed. When the keybox is validated, the adapter should try to look
for a keybox on the filesystem. if none is found, it should either
return NEEDS PROVISIONING or an error.
Bug: 187646550
Change-Id: I34a8c365a5a5ca35c379bea827c85c749964744c
Update crypto session to use new OTA keybox functionality
Merge from Widevine repo of http://go/wvgerrit/133728 and
http://go/ag/14812525
This CL stubs out two new CryptoSession functions that call the new
OEMCrypto functions for OTA Keybox Provisioning. It builds! Yay!
It also adds a boolean needs_keybox_provisioning that is set to true
when OEMCrypto reports that it needs a keybox. This should only happen
if there is no keybox installed and oemcrypto supports provisioning.
Bug: 187646550
Change-Id: Ide9533943125aa13b8899b652b118a0b410c882c
Merge from Widevine repo of http://go/wvgerrit/121950
Remove term "Master" from "Widevine Master License Agreement".
Bug: 168562298
Change-Id: I655babf1bc447f4872f6a0f849107262be42df7a
This CL adds AllocateSecureBuffer and FreeSecureBuffer to the list of
function names that are obfuscated. It also corrects some spelling and
formatting in OEMCrypto headers. This is still version 16.4.
Merge from Widevine repo of
http://go/wvgerrit/115803http://go/wvgerrit/111104http://go/wvgerrit/108703http://go/wvgerrit/108703
Bug: 139814713
Bug: 141202789
bug: 168634557
bug: 168635928
bug: 168637230
bug: 168639188
Change-Id: I6f06549b2cf104c6751b2947964569e974fcdcd2
Merging CL:
* http://go/wvgerrit/108203
* http://go/wvgerrit/103904 (changes to L3 source files excluded)
Also added ODK dependency which is required by L3 v16.
Do not replace constant sizeof() with a hard-coded value in L3 library because it is target-specific.
Test: Unit tests on gLinux
jenkins/linux_unit_tests
jenkins/ce_cdm_tests
Test: Unit tests on Pixel 4(flame-userdebug, rvc-qpr-dev)
vendor/widevine/libwvdrmengine/build_and_run_all_unit_tests.sh
Test: Manual ExoPlayer L1/L3 playback tests (flame-userdebug)
WV: Secure HD/SD (cenc,MP4,H264)
WV: Secure HD/SD (cbc1,MP4,H264)
WV: Secure HD/SD (cbcs,MP4,H264)
Test: Widevine GTS tests(bramble-userdebug, master)
http://ab/I23800006571451275
Bug: 136317881
Bug: 139814713
Bug: 173331251
Change-Id: I1656e83a74a0eaf650f55f5e2388819bf5020c0d
This is a cherry pick of recent changes to OEMCrypto and ODK. Most of
these are part of the document migration to doxygen.
See http://go/wvgerrit/106005 and its parents for code reviews.
Bug: 144715340
Bug: 148232693
Bug: 167580674
Change-Id: I658f99c8117b974faed97322d61fac0f382283af
Merge from Widevine repo of http://go/wvgerrit/101243
Changed the version number to 16.3 and the date to June 1st. The
delta document has a short description of CL's added since
April 6th.
Test: documentation changes only
Bug: 157030231
Change-Id: I93c2b09d6a24efc71ed77110b115cafbd6fde1c6
Merge from Widevine repo of http://go/wvgerrit/97763
There were no function signature changes, so the API version number
did not change from 16.2. There were several grammar and spelling
errors. There were also the following corrections:
1. The description of OEMCrypto_LoadProvisioning now says that devices
with a keybox use keys derived from the keybox device key, and devices
using Provisioning 3.0 use keys derived from the session key. The
description was previously reversed.
2. The function OEMCrypto_SupportedPatterns is no longer
discussed. This function was never fully defined.
3. The function OEMCrypto_LoadRenewal no longer says that keys and key
control blocks should be verified. This is because the function
OEMCrypto_LoadRenewal processes a message with no key control
block. It should update timers for the entire license.
Test: doc and comment change only
Bug: 153731804
Change-Id: I11a3069fcdbf67b369e2e2bc3fea8c08842eeb7b
Merge from Widevine repo of http://go/wvgerrit/96163
This CL just addresses some review comments from the big merge to
master. The header OEMCryptoCENC.h is now synced with the
document http://go/oemcrypto.
Test: unit tests
Bug: 148907684
Change-Id: Ic825126e0dd3d7e86eefab2c51b4abb5d57fb568
Merge from Widevine repo of http://go/wvgerrit/93404
This is the unit tests, reference code, and documentation for
OEMCrypto v16.2. Backwards compatibility should work for a v15
OEMCrypto.
Some review comments will be addressed in future CLs.
Bug: 141247171
Test: Unit tests
Test: Media GTS tests on bonito
Change-Id: I9d427c07580e180c0a4cfdc4a68f538d351c0ddd
Merge of http://go/wvgerrit/93404
This CL updates the Widevine CDM to support OEMCrypto v16.1
Test: Tested in 16.2 CL
Bug: 141247171
Change-Id: I69bd993500f6fb63bf6010c8b0250dc7acc3d71b
Merge from Widevine repo of http://go/wvgerrit/77604
Test: ran unit tests
Bug: 131326334 Nonce collision should be avoided in open sessions
Bug: 131325434 mac key iv should not be 16 bytes before encrypted mac key
Bug: 129368634 HDCP 2.3 and 2.2 are not distinguishable
Bug: 127423611 Question about OEMCrypto V15 API
Bug: 124312571 Picture-in-Picture -- is it really needed for Android TV?
Bug: 131175454 Extend Provisioning 3.0 Schedule
Bug: 131359743 Do not allow multiple LoadKeys in a session
Change-Id: I8db4ec921978ea918adb17420db86de69e806120
Merge of http://go/wvgerrit/68986
Bug: b/120797208
Test: Android + Linux unit tests
OEMCrypto v15.1 introduced changes to full decrypt path testing.
This CL reflects those changes for the Level 3 code, including
removing InitializeDecryptHash and changes to error reporting.
Change-Id: I09cec6743524d326cb1a6c3ba4dd1764dbefff5f
Merge from Widevine repo of http://go/wvgerrit/68184
Please add comments to the original documents at http://go/oemcrypto
or http://go/wvdelta15.
Some unit tests will need to be updated. Those will be in a separate CL.
bug: 120795057 Full Decrypt Path Testing - change design
bug: 119688262 Full Decryption Path Test update section in go/wvdelta15
bug: 117898271 Corrections to Documentation
bug: 119881959 Remove shared license from documentation.
bug: 80540710 Document double call to OEMCrypto_DeactivateUsageEntry
Test: documentation and comment change only
Change-Id: I1ef35e15207d3dabea8329a1f05518370ec099e6
Bug: b/70299597
Merge of http://go/wvgerrit/67304
Test: Android, CE CDM, and Linux tests
There's a few different things that can go wrong in the L3
initialization, with seeding and device key failures among others. They
should be recorded in metrics to track. Along the same lines, since
multiple errors can happen in conjunction, metrics needs to change to
add more fields for errors. This CL also adds the
hidl_metrics_adapter_unittest to the Android test scripts.
Change-Id: Ie5bcf81bbe294a1136c58410f90087a13b3d911d
Bug: b/117558570
Merge of http://go/wvgerrit/67565
This CL adds the methods and functionalities needed to compute and
verify hashes as part of decrypt as part of v15.
Change-Id: Ic0626b204571b5f748a6c913ab378fa353ab45d0
Bug: b/117558570
Merge of http://go/wvgerrit/67564
This CL updates LoadKeys, LoadEntitlementKeys, and RefreshKeys to use
OEMCrypto_Substrings of the provided message.
Change-Id: I47f7ef958adfb0a78c54db2e27b5c0a636ddad49
Bug: b/117558570
Merge of http://go/wvgerrit/67563
This CL adds certificate validation, a resource rating, sandbox
functions, build info, modifications to CopyBuffer, and an API
version update.
Change-Id: Id84a33f3553220a659ff628ceb99ab0dbb0ae7b4
Merge from master branch of Widevine repo of http://go/wvgerrit/66080
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64002
This CL updates OEMCrypto reference code and unit tests to support full decrypt
path testing.
Test: unit tests
Test: tested as part of http://go/ag/5501993
Bug: 34078913
Change-Id: Ia67374599d6619698a336f41513068ad04294e7f
Merge from master branch of Widevine repo of http://go/wvgerrit/66073
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64083
As part of the update to v15, LoadKeys, RefreshKeys, and
LoadEntitledContentKeys should all use offsets and lengths into the
message rather than a pointer for its parameters. The CDM, tests,
adapters, and OEMCrypto implementations are changed to reflect this.
Test: tested as part of http://go/ag/5501993
Bug: 115874964
Change-Id: I981fa322dec7c565066fd163ca5775dbff71fccf
Merge from master branch of Widevine repo of http://go/wvgerrit/66070
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63662
To make the threading model more clear, CopyBuffer is now a session function.
This means we need to pass in which session the current thread locks.
Test: unit tests.
Test: tested as part of http://go/ag/5501993
Bug: 113680369
Change-Id: I2fdd2cfcaab99f3793950b3845941463675f5e4c
Merge from master branch of Widevine repo of http://go/wvgerrit/66067
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63002
The OEMCryptoCENC.h comments are now generated from the doc. This corrects
several years of drift caused by small changes to the doc that were not copied
to the header.
Test: tested as part of http://go/ag/5501993
Bug: 111939411
Change-Id: I56ab9c6cf280bc72b39f6ddafc26cf21f6074c98
Merge from master branch of Widevine repo of http://go/wvgerrit/66066
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63628
The error code OEMCrypto_KEY_NOT_LOADED is redundant with
OEMCrypto_ERROR_NO_CONTENT_KEY and OEMCrypto_KEY_NOT_ENTITLED. The
function LoadEntitledContentKey should return KEY_NOT_ENTITLED if it
does not find the corresponding entitlement key in its key table. All
other functions that do not find a key id in the key table should
return OEMCrypto_ERROR_NO_CONTENT_KEY. This includes QueryKeyControl,
SelectKey, and RefreshKeys.
Test: unit tests
Test: tested as part of http://go/ag/5501993
Bug: 115574797
Change-Id: Ida2111f32e331b99f3f0c77fa404a42654d0870c
Merge from master branch of Widevine repo of http://go/wvgerrit/66063
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/62960
This CL reorders the functions in the OEMCrypto header to be the same as the
order in the API document.
Test: unit tests
Test: tested as part of http://go/ag/5501993
Bug: 111939411
Change-Id: Ic233b11141bf10f4a34b7d9c9c9288afed67aa14
Merge from master branch of Widevine repo of http://go/wvgerrit/66062
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/62880
This CL updates the OEMCrypto v15 header to add new functions and change the
signatures of functions that need changing.
Note: It does not update all of the comments in the functions. This will be
done in a future CL.
Bug: 111939411
Test: unit tests
Test: tested as part of http://go/ag/5501993
Change-Id: Ie08a8fd4b749f61cbac08fd67ac32dcd404848fc
Merge from Widevine repo of http://go/wvgerrit/55461
This CL allows provisioning 3.0 devices to install their OEM certs
from an initialization partition. This method is already used for
keyboxes on Android -- we are just adding the ability to use it for
OEM certs, also.
Also, for v15, we require OEMCrypto to report a valid certificate in
the unit tests.
bug: 111725154
test: unit tests
Change-Id: I142c84a1a67bdb4cee943cfd12a632421901eb24
Merge from Widevine repo of http://go/wvgerrit/46204
Refactor utility code - split the mock, step 1
Merge from Widevine repo of http://go/wvgerrit/46205
Move some OEMCrypto types to common header - split the mock, step 2
Merge from Widevine repo of http://go/wvgerrit/46206
Split mock into two -- step 3
Merge from Widevine repo of http://go/wvgerrit/47460
Split the mock into two -- step 3.5
The CL moves several files used by oemcrypto and cdm into a common
subdirectory, so that it may more easily be shared with partners.
The CORE_DISALLOW_COPY_AND_ASSIGN macro was moved to its own header in
the util/include directory.
This CL removes some references to the mock from other code, and puts
some constants and types, such as the definition of the keybox, into a
header in oemcrypto.
Test: tested as part of http://go/ag/4674759
bug: 76393338
Change-Id: I75b4bde7062ed8ee572c97ebc2f4da018f4be0c9
Some documentation updates.
Merge from Widevine repo of http://go/wvgerrit/50941
bug: 79940606 OEMCrypto_PST_Report are network byte order
bug: 79874942 [Documentation] PST_Report struct layout differs from documentation
bug: 74010869 CGMS Best Effort
test: documentation change only
Change-Id: I1e9149efcfa5d91c503b74e6776ebb8f25cda15c
Merge from Widevine repo of http://go/wvgerrit/47860
This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.
bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
Merge from Widevine repo of http://go/wvgerrit/42063
The dynamic adapter could not load old LoadKeys functions because the
spelling was wrong.
bug: 72646612
Change-Id: Ia6d917a17a95c48925496c5959ddb2bdff771241
Merge from Widevine repo of http://go/wvgerrit/41680
These changes change the signature of LoadKeys to LoadKeys_V13 for the
Level 3. This change will be reverted once we update Level 3 to v14.
level3/x86/libl3oemcrypto.cpp Level3 Library 4464 Jan 23 2018 13:22:20
level3/arm/libl3oemcrypto.cpp Level3 Library 4445 Jan 23 2018 12:12:32
level3/mips64/libl3oemcrypto.cpp Level3 Library 7285 Jan 23 2018 15:48:51
level3/arm64/libl3oemcrypto.cpp Level3 Library 7283 Jan 23 2018 12:47:26
level3/mips/libl3oemcrypto.cpp Level3 Library 4465 Jan 23 2018 15:13:13
level3/x86_64/libl3oemcrypto.cpp Level3 Library 7284 Jan 23 2018 13:50:10
test: Play Movies plays on sailfish.
Change-Id: Ia492463cd15178b12908faa24af7fbbcfef22e77
Merge from Widevine repo of http://go/wvgerrit/41641
test: In child CL.
bug: 64001862 OEMCrypto V14 for Android P
Change-Id: I707c4dc24aa534c92b099cd310b9afd09168d456
These are a set of CLs merged from the wv cdm repo to the android repo.
* Correct error logging
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/40000 ]
In tests, we set the cipher list to avoid using insecure
ciphers when connecting to the provisioning/license service.
The result of setting the cipher list was being incorrectly
validated.
Bug: 64847919
* Move mips cache headers to clear_cache_function.h
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39700 ]
Since the clear_cache function has been moved away from the dynamic
adapter, we need these conditional includes to be migrated as well for
MIPS.
* Comment out Level 3 debug call until merge
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39761 ]
This call was introduced in go/wvgerrit/34260/. Since the haystack tool
in google3 still needs this merge, this should be commented out so the
tool can still build until the merge has finished.
* Add logging for MAC keys to mock
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39740 ]
Bug: 70637842
* Move external interfaces into level3.h + refactor
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39673 ]
As part of b/70523618, this CL moves interfaces that partners are
responsible for in Level 3 to level3.h so they can be visible as
part of the CDM release process. It also cleans up some of the
names of the files and adds documentation.
* Corrected close session logging level
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39676 ]
Bug: 69460963
* Remove Security Level Path Backward Compatibility Support
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39505 ]
From the android K release onwards certificates were stored in
security level specific directories. If upgrading from
previous releases persistent information needed to be moved
to those directories.
Since no device is likely to upgrade from J to Pi, comptibility
support can be removed.
Bug: 70160032
* Rename privacy_crypto_openssl To privacy_crypto_boringssl
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37122 ]
Now that we no longer support OpenSSL in the Shared Source CDM, the name
of this file can be updated.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Remove Conditional Compilation from OpenSSL/BoringSSL
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/39460 ]
This change removes the usages of conditional compilation to support
both BoringSSL and OpenSSL, as well as to support multiple versions of
the OpenSSL API. All code is now compiled against one of the two
versions of BoringSSL in third_party/.
Note that in some cases, the kit/ and legacy_kit/ versions of BoringSSL
had different APIs, so when removing the OpenSSL version compatibility
conditional compilation, sometimes the older branch was kept and
sometimes the newer branch was kept.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Build CE & Jenkins CDMs With BoringSSL from third_party/
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37120 ]
Up until now, integrators have been responsible for providing a
compatible crypto library for use by the CE CDM. (either OpenSSL or
BoringSSL) After this change, this decision will no longer be in their
hands. The CE CDM build will always use the copy of BoringSSL in
third_party/, which will be statically linked with our library with
hidden visibility. This allows us to better control what crypto library
we use and will prevent continuing problems with trying to support both
OpenSSL and BoringSSL.
Unfortunately, BoringSSL began using C++11 in mid-2017, and we can't
support C++11 right now. Until we can, we need to use a C++11-free
version of BoringSSL for libssl. The CDM itself will continue to use a
recent BoringSSL, as it only needs libcrypto. But the unit tests that
need libssl have to use the legacy version.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Modified RNG for Level3 to use more entropy
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39220 ]
Bug: 65165076
Modified seed generation to use an xor of clock_gettime and
client-implemented code to supply random seeds to the RNG. Modified the RNG
as well to use xoroshiro128+ instead of xorshift, since it uses more
than one seed/state (which are 64-bit) and has higher "statistical quality".
The default implementations for the seed generation use /dev/urandom.
* Configure base path for Level3FileSystem
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39506 ]
This is in response to b/70354006. This change makes the
Android Level3FileSystem use the existing properties method
GetDevicesFilesBasePath for binderization. The same is done for the
Linux implementation.
* Add legacy_kit/ to BoringSSL Directory
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38861 ]
This adds a second copy of BoringSSL to the third_party/boringssl/
directory. This second copy is pinned to the last revision of BoringSSL
not to require C++11 and is not updated by the UPDATE_BORINGSSL.sh
script. This second copy will be used to provide libssl to the tests on
devices that do not support C++11.
Once we support C++11 in the CDM again, this weight should be removed
and all targets should use the copy of BoringSSL in the kit/ directory.
Bug: 67907873
* Use Shared Libraries for Unit Tests
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38860 ]
Some unit tests were using a statically-linked CDM instead of a
dynamically-linked one. (Or, in one case, trying to link both ways into
the same binary.) For now, we need to only link dynamically, so that the
unit tests and the CDM can use different versions of BoringSSL.
Long-term, we would like to test both kinds of linkage. (See b/69548115
for that.)
Some unit tests were also using a dynamicaly-linked CDM that was named
such that it appeared to be statically-linked. This patch renames some
targets to make the linkage clearer.
Bug: 67907873
* Change CDM_Backwards_Compatiblity_Tests to dedicated brances
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/39003 ]
The build scripts used by CDM_Backwards_Compatiblity_Tests now pull
old versions of oemcrypto from the dedicated branches oemcrypto-v*,
which [will eventually] contain old oemcrypto versions, that build
with the current build system with a current boringssl version.
bug: 67907873
* Fix spacing on level3 header
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/38760 ]
* Correct Query status calls
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38640 ]
Bug: 70160032
* Refactoring to allow encryption of client ID
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37460 ]
The code has been restructured to allow encryption of client
identification in provisioning requests. This will be enabled
when server side changes have been made (b/69427217).
* Additional information is included in the Client Identification
portion of the provisioning request.
* Client identification will be encrypted with a service
certificate provided by the app/client. Platform changes
to enable passing this to core are needed. If a service certificate
is not provided, a default one associated with the production Keysmith
will be used.
* Switched APIs in CdmEngine to take a service certificate for
provisioning rather than licensing. Service certificates for
licensing are session based and passed as properties from platform
code.
Bug: 30737060
* Allow some CDM errors to be reported from multiple locations
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38360 ]
This creates some CdmResponseType errors which may be reused
PARAMETER_NULL, NOT_INITIALIZED_ERROR, REINIT_ERROR.
I have made changes to a few classes to report these errors.
Will work on additional classes in a separate CL.
Bug: 69864404
BUG: 71650075
Test: WV Unit/integration tests
Change-Id: Icc048770d424ac537d11ff327cda2cb142da802d
These are a set of CLs merged from the wv cdm repo to the android repo.
* Level3 cleanup for SHA + field provision headers
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37581 ]
Moved some redundant macro and struct definitions out of hmac.cpp and
sha.cpp into a separate header file to make the build easier and
cleaner. Also cleaned up unnecessary includes and method signatures
in field_provision.h.
* Address CDM_All_Tests failures
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37580 ]
CDM engine tests for CE CDM occasionally fails when CDM_All_Tests
is run by the build server. The failures are due to a nonce generation
error. If provisioning fails due to a nonce generation error, a delay
followed by a retry will be attempted.
* Update OEMCrypto version to 13 in cdm.gyp
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37520 ]
* Use per-session service certificates for licensing
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37260 ]
These changes allow for service certificates to be specified on a
per-session basis rather than use one common to a CdmEngine instance.
This also allows for a service certificate request and response handling
when allowed on the platform, when privacy mode is enabled and a service
certificate is not provided.
Request license tests accept a service certificate command line
parameter in hex (ascii). Earlier it expected it in binary.
Bug: 68328352
* Refactor service certificate parsing
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37060 ]
Service certificates may still be set in CdmEngine but service
certificate requests and responses have been moved from CdmEngine
to ServiceCertificate. This allows them to be called from lower
in the heirarchy (a class that CdmEngine depends on).
Bug: 68328352
* Revert "C++11: Replace OVERRIDE def with override keyword"
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37020 ]
This reverts commit 2d3fb5c4c8f4cf5c986ee43723914a23cf76e8f0.
* Modified scripts/makefiles for L3 build
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37220 ]
Changed build-android-haystack.sh and make_fastball_libwvlevel3.sh
to build using the new liboemcrypto.cpp file. Also changed
makefiles to build using the new file. Renamed liboemcrypto.cc to
liboemcrypto.cpp to make it consistent across android and CE CDM. Added
static libraries that were rebuilt using this change.
* Added android implementations for Level3
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37181 ]
Moved getUniqueID and added Level3FileSystem implementations for
android. Also deleted redundant and unnecessary methods from
anroid_keybox.cpp.
* Refactored getUniqueID and updated libl3oemcrypto.cc
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37160 ]
Renamed getUniqueID header and added comments to make it clear what the
function is doing. Also removed obfuscation of the method name since it
is implemented by the partner. Updated the libl3oemcrypto.cc file to
reflect the change as well as be obfuscated.
* Moved clear_cache function out of entry_points
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37040 ]
clear_cache function is unobfuscated and relies on compiler flags to
work properly, and therefore should be removed from the
libl3oemcrypto.cpp file and linked during the final build.
* Minor gyp changes and added L3 build file
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/36480 ]
Gyp changes to cdm_unittests.gyp to make the test Level3FileSystem build
only on a level3 build and to oec_level3.gyp to be compatible with the
changes to the x86-64 platform settings changes (and to use -Wno-unused
to catch all unused warnings the libl3oemcrypto.cc might cause). This
change also includes an x86-64 libl3oemcrypto.cc so a Level3 OEMCrypto can build.
* Merge CE & Linux file system/factory + dynamic adapter changes
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/36220 ]
This CL merges the changes from
I27f5037e4fcea94abd84181f55053843b68f3e8d - it adds the CE
implementation for the file system, as well as the factory methods
needed to build the file system (and their implementations for both CE
and linux). As part of the merge, since the Linux build relies on the
dynamic adapter, that was fixed and gyp changes were made to reflect the
change.
* Cherry pick change to retrieve/save provisioning cert
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/30000 ]
This is cherry pick from level3-dev-3.3 of a merge of
I4f5dc5c216fa916e0bca0631c4ceda68859baf1d to save the
certificate for future tests with the current test host setup.
* Merged changes of usage/linux impl of L3FileSystem
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/35541 ]
This is a merge of change I15d38b3c36933d061d168e0ec30bcefd0182f32d. It
also adds a similar change in usage of L3FileSystem write for a line in
usage_table.cpp.
* Add cdm build changes for new Level3 build
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/34600 ]
Original CL: Ib611cf8a8589afa5cd25d6dc5b0aa43922cfda1e
Adds level3 oemcrypto library for static adapter. Includes changes to
gyp files to choose between oemcrypto libraries. Also includes changes
to the dynamic adapter, level3 headers, and entry_points to be
compatible with the function signature differences when using the
static adapter.
* Merge OEMCrypto Level3FileSystem interface
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/34541 ]
This merges in the interface for the Level3FileSystem object from
level3_dev_3.3 as well as the linux implementation. Furthermore, this
merge includes changes in properties and gyp files to allow compilation.
The associated changes are I3f1c58f0e3782de0669a96725a38673a26cc1a49,
I9fb2d10b0f966896bea685166c6b6b2e33c995dd, and
I4c87a5412a8a022fa9cfba43f33bd4d683e61536.
* Merged misc. changes to Level3 files
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/33303 ]
Continuation of I03d3aa1a308f2f010dcb6f5e15f927e81e42925b. These changes
are miscellaneous changes from level3-dev-3.3 involving include
statements, Caligo compatibility, and new Level3 signatures from changes
Ibc5befd492b295970e839f3481e2b512b52dcb08 and
If599e62c72b5eb40c53633cd72a4d20dc859ee52.
* Merged change involving getUniqueId()
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/33302 ]
This is a merge from level3-dev-3.3. This change
(Ibc5befd492b295970e839f3481e2b512b52dcb08) involves
separating out the method getUniqueId() from the linux_ and
android_keybox.cpp. This was done so that clients can
supply the necessary implementation for the method.
* Merged needle file changes from level3-dev-3.3
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/33301 ]
Continuation of I3dbf34bab526945720280f819dd3212ae982d2f7. These are
changes (Ibc5befd492b295970e839f3481e2b512b52dcb08) involving the
compiled needles for Haystack. Major changes include function signature
changes, adding non-state needles automatically, and include statements.
* Merged keybox/usage table access and function sigs
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/33300 ]
These are changes from level3-dev-3.3. They involve changing function
signatures/include files for the new Haystack runtime
(Ibc5befd492b295970e839f3481e2b512b52dcb08). They are also
related to change I0285e6d85e80b06b7df1ed298cd1145a6c9c4842. Keybox and
usage table file names are replaced with constant needles. Furthermore,
a state needle was added that removes the OldUsageTable file. In
addition, this CL includes removals of method references that are now
stale due to the introduction of change
I9fb2d10b0f966896bea685166c6b6b2e33c995dd.
* Android unit test build fixes
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37380 ]
Removed crypto_session_unittest from build script (introduced
in http://go/wvgerrit/32824), since crypto_session.cpp requires
some changes to be merged over from oc-mr1-dev (b/64456400).
Added oemcrypto_session_tests_helper.cpp to the oemcrypto test
makefile so the oemcrypto unit tests can link in the
methods from the refactor in http://go/wvgerrit/36562.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I7e45901a151e51da96d192d359edddc5fe74946e
These are a set of CLs merged from the wv cdm repo to the android repo.
* Resolve intermittent decrypt error.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/35720 ]
The CdmSession's closed state was not properly
initialized resulting in intermittent
SESSION_NOT_FOUND_FOR_DECRYPT errors.
In CdmEngine::Decrypt the session is looked up by
the key id. A list of open sessions is acquired
by calling CdmSessionMap::GetSessionList and each
session in the list is queried to see if it has
the key.
In building the list in CdmSessionMap::GetSessionList,
sessions are only added to the query list *if* the session
is not closed.
The closed status was not initialized and during testing
the query list would not contain the session causing
CdmEngine::Decrypt to return SESSION_NOT_FOUND_FOR_DECRYPT
resulting in the ce cdm api returning widevine::Cdm::kNoKey.
* No support for pre- C++11 compilation.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/35381 ]
* Handle unaligned nonce pointer in RewrapDeviceRSAKey calls.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/35340 ]
The pointer points into a message and it may not be aligned.
Always copy the nonce into aligned memory before checking it.
BUG: 38140370
Add note to CHANGELOG for this.
* Compiler strictness: more checks and code cleanup.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/35300 ]
Use the switches proposed in b/38033653 (as much as possible - some
conflicts with protobufs and gtest prevent fully accepting them).
Switch to clang for x32 build; ensure that both x86-64 and x86-32 builds
compile and link cleanly.
BUG: 38032429
BUG: 38033653
This partially resolves b/38458986
* Android build fixes
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/35102 ]
These corrections address compile warnings and errors for android
and unit tests.
* Embedded License: Add sub license key sessions.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/33680 ]
NOTE: this adds the AddSubSession() method, but it is not yet being
used. Use and proper cleanup is in an upcoming CL.
* Embedded license: Add track label field.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/33660 ]
A new track label field (a string) is added to the key container and the
sub session data objects.
This field will be used in handling sub license requests.
* Embedded license: extract keys from init_data.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/33621 ]
* Embedded license: add protobuf messages.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/33620 ]
also sync the widevine header definition with recent naming changes.
* Improve handling of provisioning response errors.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/33600 ]
Separate out the case of no response and the case
where the message is believed to be a JSON+base64
message but it doesn't parse properly.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I3c86f1c54980b071aec7461ac58541836551f896
These are a set of CLs merged from the wv cdm repo to the android repo.
* Enable Cast for Android Things build.
Author: Thoren Paulson <thoren@google.com>
[ Merge of http://go/wvgerrit/29941 ]
Added a path to make_cast_libwvlevel3 for Android Things. Added the new
system id to the preprocessor guards in android_keybox.cpp. Guarded the
references to stderr in page_allocator.cpp because for some reason they
don't get resolved when we link against the resulting library.
BUG: 63443584
* Resolve memory leaks in use of OpenSSL.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32700 ]
Use of EVP_CIPHER_CTX requires a call to EVP_CIPHER_CTX_cleanup().
* Memory leak in OpenSSL RSA key handling.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32621 ]
This fixes a range of tests. --gtest_filter="CdmDecrypt*" runs
five tests and still loses 5 objects totalling 1320 bytes (down
from 6200 bytes).
* Unit test and mock OEMCrypto memory leaks.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32640 ]
More memory leak cleanup. All remaining leaks are due
to calls to CRYPTO_malloc() without the matching free
(i.e., calls into openssl).
* Clean up memory leaks in tests.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32600 ]
This is the first pass at cleaning up memory leaks. These leaks
were affecting a lot of tests, making it hard to identify more
serious leaks.
Switch to unique_ptr<> pointers for CdmEngine in
generic_crypto_unittest tests for FileSystem object in
mock OEMCrypto's CryptoEngine object.
* Fix broken tests - linux-only & address sanitizer failures.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32460 ]
Fix broken test:
WvCdmEnginePreProvTestStaging.ServiceCertificateInitialNoneTest
Fix failures found by address sanitizer:
DeviceFilesUsageInfoTest.RetrieveByProviderSessionToken
DeviceFilesUsageInfoTest.UpdateUsageInfo
NOTE: address sanitizer cannot handle EXPECT_CALL macros containing
a call with a Contains matcher as an argument, e.g.:
EXPECT_CALL(file,
Write(Contains(certificate, wrapped_private_key, 0),
Gt(certificate.size() + wrapped_private_key.size())))
The address sanitizer reports a crash, issues a report, and stops. A
temporary fix is to replace the "Contains()" argument with "_".
* Usage license handling corrections
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/28540 ]
Validate that offline licenses that do not contain a provider session
token are not handled by the TEE.
BUG: 38490468
Test: WV Unit/integration tests, GtsMediaTestCases,
WvCdmRequestLicenseTest.ReleaseRetryL3OfflineKeySessionUsageDisabledTest
* UsageTableEntry::CopyOldUsageEntry memcpy read out of range.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32220 ]
The function copies the pst from a variable length input vector
into a 256 byte character array. But the length argument was a
fixed value - MAC_KEY_SIZE. Depending on the actual PST length this
can lead to memcpy reading out of bounds or the PST getting truncated.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I81a4593d7d04d0ef6069ce48d0601b6fbdd85de9
Below are a set of CLs being merged from the wv cdm repo to the android repo.
* Fix handling of OEM Cert public key.
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/27921 ]
This is a potential fix for b/36656190. Set aside public
key on first call to get the public key, and use it afterwards.
This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(),
which has side-effect of staging the OEM private key.
This also fixes a problem where the public cert string was
not being trimmed to match the size returned by
OEMCrypto_GetOEMPublicCertificate().
* Complete provisioning request/response for Provisioning 3.0
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Fix bug on provisioning request path where GenerateDerivedKeys()
was being called when preparing to generate the signature.
Add message signature verification, and call correct OEMCrypto
routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30).
* Implement Cdm::deleteAllUsageRecords()
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Delete all usage records for current origin. Removes usage
records from file system and retains the PSTs. The deletes
any usage entries matching those PSTs held by OEMCrypto.
BUG: 35319024
* Remove stringencoders library from third_party.
Author: Jacob Trimble <modmaker@google.com>
[ Merge of http://go/wvgerrit/27585 ]
We have a fork of the stringencoders library that we use for base64
encoding. This reimplements base64 encoding to remove the extra
dependency and to reduce the amount of code.
* Add Cdm::deleteUsageRecord() based on key_set_id.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27605 ]
Delete specified usage record from file system usage info and
from OEMCrypto.
BUG: 35319024
* Modifiable OEMCrypto
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/24729 ]
This CL adds a new variant of the OEMCrypto mock code that adjusts its
behavior based on a configuration file. This is intended for
testing.
For example, a tester can set current_hdcp to 2 in the options.txt
file, push it to the device, and verify that a license is granted for
HDCP 2.0. Then the tester can edit the value of current_hdcp to 1 and
push the file to the device. Playback should stop because the license
is no longer valid.
This variant uses a real level 1 liboemcrypto.so to push data to a
secure buffer. That means we can test playback for a license that
requires secure buffers on an Android device with real secure buffers.
BUG: 35141278
BUG: 37353534
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I58443c510919e992bb455192e70373490a00e2b6
[ Merge of http://go/wvgerrit/28265 ]
A vendor specific error (10008) in response to OEMCrypto_LoadKeys
indicates that usage table corruption has occurred and that
the only way to recover is to regenerate usage tables.
Recreating usage tables will result in loss of offline licenses
and usage information. To make the app aware that this information
will be lost, a provisioning exception is generated when this error
is detected. The app can then choose to reprovision and in turn
delete and recreate usage tables.
A new OEMCrypto error has been added whose use has been reserved.
Rather than correct OEMCrypto behaviour to use the new error code,
we choose to handle this within the CDM. The fix can then be ported
to prior android releases. Also this error will not be generated
with OEMCrypto V13+.
b/33817629
Test: WV Unit, integration and GTS tests.
Change-Id: I936fc234d101b6a92d86f5735d035d19ddcf19e3
