* changes:
Use std::move for key strings.
Changed Prov4.0 handler to accept only recent requests.
Separate OEM unprovisioning from DRM unprovisioing.
Added state to CertificateProvisioning.
[ Cherry-pick of v19 http://go/wvgerrit/219351 ]
[ Merge of http://go/wvgerrit/219455 ]
Coverity discovered an oppertunity to use the C++'s move semantics
for the prov 4.0 keys. A similar possibility was available for the
matching wrapped key. The CryptoWrappedKey class was updated to
enable moving of the wrapped key as well.
Bug: 406539167
Bug: 391469176
Change-Id: I7d76013638c220fc81d6d9c42add2516abd7374a
[ Cherry-pick of v19 http://go/wvgerrit/219291 ]
[ Merge of http://go/wvgerrit/219432 ]
If the same app/origin generates multiple provisioning 4.0
requests it is possible that a mismatch between the OEM/DRM
certificate and the wrapped OEM/DRM private key occurs. The CDM
would use the OEM/DRM certificate of the first response one
received, and the wrapped private key of the last request generated.
To avoid this issue, the public key from the most recent request
is cached and checked against the responses received. If the
keys match, that response is accepted; if the keys don't match
than the response is assumed "stale" and the response is dropped.
In an attempt to maintain existing behavior of the CDM, "stale"
responses will return NO_ERROR to the app.
Note: This was tested using both RSA and ECC cert key types.
VIC-specific: Needed to add implementation of StringContains() and
StringEndsWith().
Bug: 391469176
Test: run_prov40_tests
Change-Id: Id45d40d9af355c46a61c3cc2c19c252cf17c7489
[ Cherry-pick of v19 http://go/wvgerrit/219330 ]
[ Merge of http://go/wvgerrit/219454 ]
For two-staged provisioning devices, the behavior of
CdmEngine::Unprovision() varied by platform and context.
For production Android, unprovisioning would remove both;
for production and testing CE CDM it would only remove
DRM provisioning; for testing Android may remove both or
remove everything (both certs and licenses).
This behavior was not documented, making use of the
CdmEngine::Unprovision() API rather unpredictable.
This change attempts to document the unpredictable behavior
and add a way to explicitly remove the OEM certificate
in the core code.
The new CdmEngine::UnprovisionOemCert() will remove only
the OEM certificate.
Bug: 391469176
Test: run_x86_64_tests
Test: WvTs on oriole
Change-Id: Ib2f6ef61f45b5320c71d7e8e8460f7fe8e0e2248
[ Cherry-pick of v19 http://go/wvgerrit/219310 ]
[ Merge of http://go/wvgerrit/219453 ]
To enable the CDM to determine between OEM vs DRM responses,
a state variable was needed in CertificateProvisioning.
Previously, the presence/absence of the OEM certificate in the
file system was used; however, if two apps (or single app with
multiple origins) attempts provisioning simultaneously, the
later response would trigger unexpected failures.
The main functional changes this provides is that a more informative
error will be returned to the app if they provide a provisioning
response without ever creating a provisioning request; and that
if multiple clients attempted first-stage provisioning simultaneously,
fewer errors will occur.
Bug: 391469176
Test: run_prov40_tests
Change-Id: I51a118ce73aa809bad6ecee640139a92d8518575
[ Cherry-pick of v19 http://go/wvgerrit/219592 ]
[ Merge of http://go/wvgerrit/219554 ]
The original CheckBuildInformation_OutputLengthAPI17 test was
written with the assumption that the estimated length would not
be too much larger than the real length of the build info; however
this is not true for some vendors.
This CL changes the short-buffer length to be based on a real
build info length from a successful call to OEMCrypto.
Bug: 411308060
Change-Id: I6504288ca59d7d41facaadc45adc76a5236826d9
[ Merge of http://go/wvgerrit/219452 ]
Allow ProvisioningHolder to load the a provisioning response
without triggering test failure if the CDM rejects the response.
This is to allow testing cases where we expect the CDM to
reject the response.
VIC-specific: No specialized provisioning dump call.
Bug: 391469176
Change-Id: Ief1791f23035fe9b554f8e82e049343aa7e97362
[ Merge of http://go/wvgerrit/219451 ]
An upcoming provisioning test requires the ability to perform
generate, fetch and load operations separately (similar to the
current behavior of LicenseHolder).
This CL separates the 3 operations into different methods and
documents the pre/post conditions of each. The original API
is maintained for backwards compatibility.
VIC-specific: Excludes Golden-data refactoring and merges main
change (216510) and typo fix (216570).
Bug: 391469176
Test: run_x86_64_tests
Change-Id: Iec83dfce9d235eedf04ed32d98f7700de4bade12
[ Merge of http://go/wvgerrit/219213 ]
Updates CheckJsonBuildInformationAPI18 to better check the contents
of the JSON build information introduced in V18.
Bug: 348498112
Bug: 348497732
Change-Id: I567700eb2ba451a9b10c52159d5fd30d5ae94841
[ Merge of http://go/wvgerrit/219212 ]
This CL adds a new OEMCrypto test CheckBuildInformation*API17 which
ensures that OEMCrypto_BuildInformation() is generating valid build
information.
Bug: 348498112
Bug: 348497732
Change-Id: I22f9878d8ffa05b2b1b1b6ec28718e231438d4a7
Merged-In: I22f9878d8ffa05b2b1b1b6ec28718e231438d4a7
In some rare cases when |oec_session| was already closed, |key_session|
with the same session id will not exist any longer. This is a fix to
allow such case to not return an error.
Test: run opk tests
Bug: 343093320
Change-Id: I3218145ee8c1047a5cc756560e448b178c2c7a93
The widevine service is restarted before tests are run as
unit tests are unable to connect to trusty. It then falls back
and runs the tests in L3 mode. Fix will be addressed in b/380710738
Bug: 339917270
Test: wv unit/integration tests
Change-Id: Idd4de73a9667cd360101f50a474a26ba8e73973b
[ Cherry-pick of http://go/wvgerrit/212250 ]
Certain OEMCrypto implementations are returning build info with
trailing C-string null bytes; others are returning all null bytes.
This change attempts to trim any trailing zeros. For build info
with a single trailing zero, this should fix the format; for those
containing all zeros, this will indicate a failure on OEMCrypto's part
for returning all zeros. The CDM will not prevent request generation,
but will omit the result in the ClientIdentification. The server
will decide whether to provide a response or not.
Bug: 348497732
Bug: 348498112
Bug: 366819137
Change-Id: I281ab14e0e46116825321a7965d971b9d68c49fc
(cherry picked from commit 7c81f7bed4fec8199f7fbdb5e95452eacdf3b3c7)
[ Merge of http://go/wvgerrit/210652 ]
The CDM API RemoveOfflineLicense() is used to remove an offline
license by key set ID. From the app's perspective, removing the
offline license should not depend on an app to be provisioned, or
the license being loadable. However, internally, the CDM attempts
to restore the license to lock out its usage entry.
An issue arises when the license is not able to be restored, which
will cause errors related to the restoration to be returned to the
app. The license is still deleted in case of errors, but certain
partners have experienced GTS failures when using the MediaDRM API
removeOfflineLicense().
This change attempts to catch some of the common errors, but not all.
If certain errors are encountered during the restoration process, the
are not returned to the app.
Additional error cases may be added later, depending on vendor
feedback.
Bug: 319055420
Bug: 357863269
Bug: 370195605
Bug: 288118860
Bug: 302049654
Bug: 346845333
Bug: 312595506
Bug: 345232142
Bug: 303261245
Bug: 287735498
Bug: 372105842
Test: WVTS on Oriole
Change-Id: I020bbea30e5f6e0ae2777d8a1d4858c4f2af107b
[ Merge of http://go/wvgerrit/210651 ]
The Android FileSystem implementation for List() would return an error
if the directory does not exist. This creates an issue for the case
where the CDM attempts to list offline licenses after clearing all
data. This typically won't effect a regular user, it causes
integration tests which re-provision to fail.
Bug: 372105842
Test: file_store_unittest on Oriole
Change-Id: I121b52ab95e36249ae5b196e987bc950a278131f
[ Merge of http://go/wvgerrit/209871 ]
The filestore unit tests have not been updated in a while, and
contained several test statements which could crash the test
when failed (accessing elements in a vector or characters in a
string without proper size checks). Other parts of the tests
had non-obvious purposes without detailed knowledge of how the
file system works on the different platforms.
Significant parts of the tests have been refactored to include
better checking and to add error messages to explain the
expectations. Several of the tests have been documented, and the
FileSystem header has been updated to explain what the API does.
Bug: 376533901
Test: file_store_unittest on Oriole
Change-Id: I5af9fd2a2ed01aa6186026761c9e0814604ec610
(cherry picked from commit bc4382b075)
[ Merge of http://go/wvgerrit/209611 ]
[Reset crypto session pointers on RemoveKeys](http://go/wvgerrit/189590)
changed the plugin behavior. When RemoveKeys are called the
Provider Session Token present in the license is cleared when
CdmLicense object is reset. This causes a test expectation to
fail. Since SecureStop are slated for removal, we will introduce
a workaround to avoid this expectation check. The work around is to
not expect usage information.
Bug: 339917270
Test: request_license_test (WvCdmRequestLicenseTest.SecureStop_RecoveryTest)
Flag: Test only code
Change-Id: Ib6922372faf0a38b7bf131f699c4626cb2b533d0
[ Merge of http://go/wvgerrit/208470 ]
The MediaDrm plugin API removeOfflineLicense() would check both
L1 and L3 for the offline license. While this is generally acceptable,
apps might force set L3 via the setStringProperty(), which should
cause the DRM plugin to behave as if it is L3 only.
This change will cause the WVDrmPlugin only remove L3 key set IDs while
in L3 mode. L1 key set IDs in this case will be treated as non-existing.
Bug: 357863269
Bug: 372105842
Test: DRM Compliance ATP via ABTD
Test: libwvdrmdrmplugin_hal_test on Oriole
Change-Id: I81dddbacaee28da6c0a94527b0e390e86f55f81f
(cherry picked from commit 0aa6aad1af)
[ Merge of http://go/wvgerrit/208430 ]
The MediaDrm plugin API getOfflineLicenseKeySetIds() was listing
both L1 and L3 offline licenses. While this is generally acceptable,
apps might force set L3 via the setStringProperty(), which should
cause the DRM plugin to behave as if it is L3 only.
This change will cause the WVDrmPlugin list L3 only if the app had
set the security level to L3.
Bug: 357863269
Bug: 372105842
Test: DRM Compliance ATP via ABTD
Test: libwvdrmdrmplugin_hal_test on Oriole
Change-Id: I1a6e10b7eb880eef4ba36ed31b12ebfe8617f002
(cherry picked from commit 26b888b094)
