android

Author	SHA1	Message	Date
Rahul Frias	5d690be108	Merges to android Pi release (part 11) These are a set of CLs merged from the wv cdm repo to the android repo. * Get System ID From OEM Cert Author: John W. Bruce <juce@google.com> [ Merge of http://go/wvgerrit/37940 ] (This is a merge of http://go/wvgerrit/30220 . However, it has been significantly modified in the merge due to needing to support both OpenSSL and BoringSSL.) Previously, extracting the system ID was only supported on Keybox-based systems. This patch adds support for extracting the system ID from the OEM Certificate chain on Provisioning 3.0 devices. This is done by getting the Widevine intermediate cert from the chain, finding the Widevine System ID extension in that cert, and extracting the value. The code that does the extraction is separate from any code that calls OEMCrypto so that it can be unit-tested in isolation. This patch adds a crypto_session_unittest test to do this unit-testing. Bug: 34776194 Test: crypto_session_unittest Test: widevine_ce_cdm_unittest * Remove unique_ptr from oemcrypto mod mock Author: Fred Gylys-Colwell <fredgc@google.com> [ Merge of http://go/wvgerrit/38500 ] Because we can't have C++11. Bug: 69935608 * Update CHANGELOG.md Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/38460 ] - Add items about adapter support. - Add mention of SRM support. Merged from cdm_partner_3.5 (Change-Id: I6d891e157edc3afb2797bf281ef3f06bdb8fe474) * Add Adapter for OEMCrypto v13 to v12. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/38440 ] Also fix OEMCrypto_LoadKeys() definition broken by wvcl/38160 (srm_requirement param). * Allow certain warnings in protobuf build. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/38424 ] maybe-uninitialized is triggered in release build. Allow it. * Enable -fPIC for jsmc.c build. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/38423 ] -fPIC was removed for common c/c++ build rules. Add it back. * Missing OEMCrypto_LoadKeys param in static adapter. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/38422 ] srm_requirement param was omitted in v11 static adapter. * Remove OEMCrypto v12 specification. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/38421 ] * Update documentation for v3.5. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/38420 ] * Added padded preprov key for 7880 Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/36924 ] Bug: 68765915 * Change overrides in CE L3FileSystem Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/38380 ] The 'override's are changed to the macro defined in override.h to be gnu++98 compliant. * Use source android level3 + add cache_flush call Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/37900 ] I put both changes in this CL since I have to generate Level3 libraries for both anyways. The first change involves shifting from using a prebuilt static library to using an obfuscated source library output from the Haystack tool on google3. The second change is from here: https://critique.corp.google.com/#review/176536782, and addresses b/69387416. Since the cache_flush function wasn't being used, the execution on Angler gave inconsistent segfaults, which this CL fixes. Verified on Angler, Sailfish, and Linux. 11/27/17: Added mips and mips64 libraries. * Make CDM result codes constexprs Author: Rahul Frias <rfrias@google.com> [ Merge of http://go/wvgerrit/38280 ] The values in the enumeration list of CdmResponseType error codes were earlier implicit. Comments were added to denote the actual values. This changes to make it fixed values, which makes it slightly more error prone, but cleaner when errors are retired. * Change watchdog timer to 2 minutes [ Merge of http://go/wvgerrit/36340 ] This relaxes the watchdog timer around the level 3 oemcrypto initialization to 120 seconds. There are also a couple of new log messages at the end of initialization and at termination. Library for arm updated: level3/arm/libwvlevel3.a Level3 Library 4445 Oct 4 2017 17:06:25 Bug: 65379279 Merged from https://widevine-internal-review.googlesource.com/35480 * Add test to get service certificate from server. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/37780 ] This was extracted from Ic38dd27d06dc7528ae4cd995da4261fe6c34ad55 * Add watch dog timer to OEMCrypto L3 commit ec624ea483cbf8fb3d4e8f393bc25c90a0e29d4b Author: Fred Gylys-Colwell <fredgc@google.com> [ Merge of http://go/wvgerrit/34260 ] This code adds a watchdog timer to the level 3 initialization. If initialization does not finish within 5 seconds, the process will abort, printing a small amount of debugging information. arm/libwvlevel3.a Level3 Library 4445 Sep 11 2017 14:05:15 Test: unit tests on bullhead. Video on Play Movies. GTS tests run on loop overnight. Bug: 65379279 Merged from https://widevine-internal-review.googlesource.com/33540 * Remove libwidevinehidl_utils dependency Author: Rahul Frias <rfrias@google.com> [ Merge of http://go/wvgerrit/37822 ] libwvdrmcryptoplugin_hidl has a dependency on libwidevinehidl_utils which was introduced due to an out of order merge from oc-mr1-dev to master. Bug: 69573113 * Automatically generate log location information Author: Rahul Frias <rfrias@google.com> [ Merge of http://go/wvgerrit/36563 ] Currently class and method names are manually added to each log message in the CDM on android and some other platforms. This change prepends log messages with file name, line number and function name automatically. The code is platform specific so it can be enabled and the precise format configured on a per-platform basis. As an example, here is a log on android before the change, 11-01 02:48:48.658 D/WVCdm (32198): CryptoSession::Open: Lock: requested_security_level: Default and after, 11-01 02:48:48.658 D/WVCdm (32198): [crypto_session.cpp(1108):Open] Lock: requested_security_level: Default A follow on CL will remove the manually added class/method information. Bug: 9261010 * Fix BoringSSL Compatibility of oec_session_util.cpp Author: John W. Bruce <juce@google.com> [ Merge of http://go/wvgerrit/37121 ] A previous change inadvertantly used APIs from OpenSSL that do not exist in BoringSSL in oec_session_util.cpp. As a temporary fix until we can move all targets to BoringSSL, this patch switches that file to use conditional compilation to choose the correct API depending on the library in use. It does not otherwise change the behavior of the file. Bug: 67908123 Test: wv_ce_cdm_unittest on x86-64 Test: linux_unit_tests * Create local shared_ptr implementation Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/37600 ] Derived from protobuf version, which came from google3. Removed locking (not thread-safe) and removed weak pointers (not needed for usages in CDM). Locking can easily be added if needed. * Revert C++11 usage - back to gnu++98 Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/37440 ] These changes roll back C++11-specific constructs: std::unique_ptr -> std::auto_ptr container initializers nullptr -> NULL std::shared_ptr to local shared_ptr compiler flags (-std=c++11 -> -sdt=gnu++98) NOTE: the "local" shared_ptr implementation is temporarily a direct reference to the shared_ptr implementation in third_party/protobuf. This has been fixed (implementation extracted and moved to core/include) in CL 37600. BUG: 71650075 Test: Not currently passing. Will be addressed in a subsequent commit in the chain. Change-Id: Ie09ecb970aa06fe9301ac255375ca7d8e7ead8bc	2018-01-16 19:33:36 -08:00
Rahul Frias	00da44bb68	Merges to android Pi release (part 6) These are a set of CLs merged from the wv cdm repo to the android repo. * Enable Cast for Android Things build. Author: Thoren Paulson <thoren@google.com> [ Merge of http://go/wvgerrit/29941 ] Added a path to make_cast_libwvlevel3 for Android Things. Added the new system id to the preprocessor guards in android_keybox.cpp. Guarded the references to stderr in page_allocator.cpp because for some reason they don't get resolved when we link against the resulting library. BUG: 63443584 * Resolve memory leaks in use of OpenSSL. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/32700 ] Use of EVP_CIPHER_CTX requires a call to EVP_CIPHER_CTX_cleanup(). * Memory leak in OpenSSL RSA key handling. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/32621 ] This fixes a range of tests. --gtest_filter="CdmDecrypt" runs five tests and still loses 5 objects totalling 1320 bytes (down from 6200 bytes). Unit test and mock OEMCrypto memory leaks. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/32640 ] More memory leak cleanup. All remaining leaks are due to calls to CRYPTO_malloc() without the matching free (i.e., calls into openssl). * Clean up memory leaks in tests. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/32600 ] This is the first pass at cleaning up memory leaks. These leaks were affecting a lot of tests, making it hard to identify more serious leaks. Switch to unique_ptr<> pointers for CdmEngine in generic_crypto_unittest tests for FileSystem object in mock OEMCrypto's CryptoEngine object. * Fix broken tests - linux-only & address sanitizer failures. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/32460 ] Fix broken test: WvCdmEnginePreProvTestStaging.ServiceCertificateInitialNoneTest Fix failures found by address sanitizer: DeviceFilesUsageInfoTest.RetrieveByProviderSessionToken DeviceFilesUsageInfoTest.UpdateUsageInfo NOTE: address sanitizer cannot handle EXPECT_CALL macros containing a call with a Contains matcher as an argument, e.g.: EXPECT_CALL(file, Write(Contains(certificate, wrapped_private_key, 0), Gt(certificate.size() + wrapped_private_key.size()))) The address sanitizer reports a crash, issues a report, and stops. A temporary fix is to replace the "Contains()" argument with "_". * Usage license handling corrections Author: Rahul Frias <rfrias@google.com> [ Merge of http://go/wvgerrit/28540 ] Validate that offline licenses that do not contain a provider session token are not handled by the TEE. BUG: 38490468 Test: WV Unit/integration tests, GtsMediaTestCases, WvCdmRequestLicenseTest.ReleaseRetryL3OfflineKeySessionUsageDisabledTest * UsageTableEntry::CopyOldUsageEntry memcpy read out of range. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/32220 ] The function copies the pst from a variable length input vector into a 256 byte character array. But the length argument was a fixed value - MAC_KEY_SIZE. Depending on the actual PST length this can lead to memcpy reading out of bounds or the PST getting truncated. BUG: 71650075 Test: Not currently passing. Will be addressed in a subsequent commit in the chain. Change-Id: I81a4593d7d04d0ef6069ce48d0601b6fbdd85de9	2018-01-16 19:28:29 -08:00
Rahul Frias	11068accd2	Merges to android Pi release (part 3) These are a set of CLs merged from the wv cdm repo to the android repo. * Add CDM status return for decrypt blocked by HDCP. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/28062 ] New status code is kKeyUsageBlockedByPolicy. It is returned by the decrypt() call instead of kDecryptError or kNoKey. Also shuffled the CDM status returns to define the EME-aligned codes first, and added comments to highlight the differences in handling. BUG: 37540672 * Change division and mod ops to relocatables Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/28600 ] This is similar to I2dad1028acf295288cd10817a2bcff2513c053c9. We should be using the relocatable functions instead of the native division and mod operations. * Cleanup Encrypted ClientID in provisioning request Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/28083 ] b/36897239 Staging server does not support it (or the client is not constructing it properly). Leave it disabled pending investigation. * Certificate Provisioning fixes. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/28066 ] Partial fix for BUG: 37482676 Partial fix for BUG: 37481392 Update service certificates, get rid of DEV/QA root certificate. Provisioning request and response are base64 (web-safe) encoded. Response is optionally JSON-wrapped. Change ConfigTestEnv; clearer comments and a closer match to reality. BUG: 71650075 Test: Not currently passing. Will be addressed in a subsequent commit in the chain. Change-Id: I79d3c4bf1124e5e0d3e4d40baead65a8266ea874	2018-01-16 19:25:31 -08:00
Rahul Frias	387147dffe	Merges to android Pi release (part 2) These are a set of CLs merged from the wv cdm repo to the android repo. * Update service certificate. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/28065 ] The updated service certificate fixes a number of failing tests. There are still some that fail, apparently due to mismatches with key set IDs and usage tables. Also updated QA server URL to point to QA proxy (although neither can be used by this client). Also fixed segfault in CdmTest.ListUsageRecords. * Add CDM APIs for Handling Service Certificates. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/28064 ] The responsibility for managing Service Certificates has been moved out of the CDM. Instead, provide CDM and CdmEngine methods to generate a service certificate request message, and handle a service certificate response. The API client can use these calls if it needs to get the service certificate from the License Server. These functions assume the request and response are base64 (web-safe) encoded (see b/37481392). Not all servers are operating this way yet. Any adaptations for non-compliant servers is handled outside the CDM. See test WvCdmEnginePreProvTest::ServiceCertificateRequestResponse in cdm_engine_test.cpp for an example of this. These changes also eliminate the stored init_data and deferred license type which were used to perform a service certificate request during a license request. * Fix and rename ClosesSessionWithoutReturningError test. Author: Edwin Wong <edwinwong@google.com> [ Merge of http://go/wvgerrit/27880 ] ClosesSessionWithoutReturningError should not check for Status::OK since it is expecting an error code back. The test is renamed to ClosesSessionWithError. Test: libwvdrmdrmplugin_hidl_test BUG: 62205215 * Get rid of default service certificate. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/27981 ] Instead, we need at least two service certs - one for the QA/Test servers, and one for UAT (and prod?) There are still some issues around the signature verififcation of the service cert, and in license_unittest.cpp, the use of the default service cert has been commented out. I don't know why this test needs a service cert. If it really does, then the same mechanism that is used elsewhere for selecting a specific server type will be needed here. BUG: 71650075 Test: Not currently passing. Will be addressed in a subsequent commit in the chain. Change-Id: Ieab815fb202c809ad5714cd0364c4bdfa068f77d	2018-01-16 19:22:48 -08:00
Fred Gylys-Colwell	ab0d00b92a	Use Inheritence for OEMCrypto Mock Properties Merge from Widevine repo of http://go/wvgerrit/24728 We use compiler options to set different properties in the oemcrypto mock. With this CL, we define a base class that has default properties. All other variants need only define the properties that they change. b/35141278 b/37353534 Change-Id: Id38ec5bf35dcd83cea9a066ebe201e6da7c1a2b0	2017-04-20 14:48:48 -07:00
Fred Gylys-Colwell	5748860679	Rename oemcrypto's CryptoEngine configuration functions. Merge from Widevine repo of http://go/wvgerrit/22797 CryptoEngine has a number of functions that return constants that control the configuration of mock OEMCrypto. Give all the functions a common prefix (config_) so their intent is more clear. Change-Id: Idf9d3e9e8941fa0e793b0eb17a3f89bf634d9ed5	2017-01-20 17:02:12 -08:00
Fred Gylys-Colwell	08ad98cad9	Implement provisioning 3.0 functionality in oemcrypto mock Merge from widevine repo of http://go/wvgerrit/21684 This CL adds provisioning 3.0 functionality to the OEMCrypto reference implementation. Change-Id: I60c1fd88f246d443e0ae59ad56862c2ea9d95445	2016-11-29 16:07:00 -08:00

7 Commits