This is a cherry-pick of
https://widevine-internal-review.googlesource.com/c/cdm/+/121763
Original commit message from master branch:
This is a security improvement against an L3 exploit b/182584472.
The change is to store RSA private key in two parts instead of one,
and load it separately when the key is needed. This will make it
more difficult to find the entire RSA key.
OEM private key is split into two parts and stored in Haystack in CL:
cl/367515385. Loading RSA key is to be changed to loading part one first
and then part two. Bytes in each part are parsed in sequence.
Only OEM private key has two non-empty parts. For DRM private key the
first part contains the entire key, and second part is empty. For more
details, please find the comments in the head of rsa_load.cpp.
This change slightly increased the size of LoadRSAKey from 6KB to 7KB
due to the macros introduced. It's unlikely to have overall performance
impact.
Bug: 183416973
Bug: 182584472
Test: jenkins/run_level3_static_tests
Test: GTS test
https: //android-build.googleplex.com/builds/forrest/run/L93800000881790143
Change-Id: I34b3b795e6ac2ce9b41e915c1adf8fcdc489d94a
Merge from Widevine repo of http://go/wvgerrit/125046
Add some extra fudge to the termination time. This assumes that flaky
tests were caused by roundoff error.
Bug: 175741647
Change-Id: I9bcc86f9b9540e5985df647dd1b5c5d439556e2b
[ Merge of http://go/wvgerrit/124004 ]
When the CDM creates a new usage entry for an offline or streaming
license, the new entry is immediately moved to the lowest available
entry index that has been marked as vacant (kStorageTypeUnknown).
When a license is released, its meta data that is managed by the CDM
is cleared; however, the usage entry's index is marked vacant, but it
is not released. This creates wasted entry space in the usage table.
Unfortunately, defragging the table is computationally expensive and
may not be able to actually free up much space depending on when it
is performed.
For a typical user, this will likely not be an issue as the table
can get quite large compared to the number of licenses an app uses
and the table is partially cleaned on each boot.
GTS tests, however, have reached a point where they fill the usage
table before all tests are complete. This is causing many unexpected
failures for devices. Most of these tests release their license, but
the CDM never reaches a state where it can clean up the table.
By moving newly created entries to the lowest available index directly
after creating the entries, the table never needs to grow unless all
entries are in use. Clean up is now almost never required.
Bug: 180639135
Bug: 180638990
Bug: 180638530
Test: MediaDrmTest#testWidevineApi28
Change-Id: I1a68d90d51384094298b27037778747ce7435374
Merge of these CLs from Widevine sc-dev:
modified: libwvdrmengine/level3/include/clear_cache_function.h
Add cache flush assembly for arm64 L3 to Android header | http://go/wvgerrit/124828
Address compilation errors | http://go/wvgerrit/113083
modified: libwvdrmengine/level3/include/level3_file_system_android.h
Update Widevine Copyright header for android | http://go/wvgerrit/108084
Bug: 184866351
Test: Header changes for clearing cache is verified by one of the partners on their arm64 target;
https: //b.corp.google.com/issues/175432203#comment13
Change-Id: I0ac8f339f65d02abb3080020fbc715b9c0db85b2
[ Merge of http://go/wvgerrit/122984 ]
There was an issue encountered by some vendors with how the usage
table was initialized on some devices. Previously, the CDM would
open an OEMCrypto session first, then initialize the usage table
(loading existing or creating a new one). On these devices,
OEMCrypto_CreateUsageTableHeader() and OEMCrypto_LoadUsageTableHeader()
would fail if there were any open sessions.
This CL changes the initialization process to create/load the usage
table before opening an OEMCrypto session.
This change also lays the ground work for another usage table fix
to address GTS tests failure.
In the process, several of the functions for the usage table have been
split up into smaller chunks of code. This required additional changes
to the usage table unittest to keep them up to date.
Bug: 169195093
Bug: 180639135
Test: Linux unittests and MediaDrmTest
Change-Id: Ifbf35f5d8cff5b89fea9b16edb998c84803f4fbe
build
This is a merge of CL from widevine repo (obfuscated code only):
https://widevine-internal-review.googlesource.com/c/cdm/+/124965
The source code change that produced the obfucated code is here:
https://widevine-internal-review.googlesource.com/c/cdm/+/121763
Original commit message from the fix above:
"This is a security improvement against an L3 exploit b/182584472.
The change is to store RSA private key in two parts instead of one,
and load it separately when the key is needed. This will make it
more difficult to find the entire RSA key.
This CL does the key loading part only. Key splitting is done
in Haystack in CL: cl/367515385"
New L3 system IDs included in the obfuscated code:
ID Description
22593 Android S ARM L3 Field Provisioning 3.0
22594 Android S ARM 64 L3 Field Provisioning 3.0
22595 Android S x86 L3 Field Provisioning 3.0
22596 Android S x86 64 L3 Field Provisioning 3.0
Bug: 182584472
Test: L3 unit tests
Test: GTS tests
https://android-build.googleplex.com/builds/forrest/run/L16300000887061939
The only failed case is a test issue due to the new IDs not being added
to the allow list of the test yet. This test passed on local run with
the updated allow list.
Change-Id: If8b8b2cb9291ede0cb2dcc892f5557c3a68c4b96
build
This is a merge of CL from widevine repo (obfuscated code only):
https://widevine-internal-review.googlesource.com/c/cdm/+/125003
Original commit message from the fix above:
"A fix in haystack which wipes out mmapped memory page before unmapping
it is made here: cl/370818768. This is to prevent potential key leaking
in L3. Obfuscated L3 is generated on top of the fix.
Additionally, new system IDs are created to track the L3 build with this
fix. These IDs are built into the updated L3 libraries in this CL also."
New L3 system IDs included in the obfuscated code:
ID Description
22565 - Android ARM 64 L3 Field Provisioning 2021
22566 - Android ARM L3 Field Provisioning 2021
22569 - Android x86 64 L3 Field Provisioning 2021
22570 - Android x86 L3 Field Provisioning 2021
Bug: 182584472
Test: L3 unit tests
Test: GTS tests
run gts --module GtsMediaTestCases
run gts --module GtsExoPlayerTestCases
run gts --module GtsYouTubeTestCases
Change-Id: Ice316de67fac0a5f9f4f2b64d86f51cf4ff2ad07
build
This is a merge of CL from widevine repo (obfuscated code only):
https://widevine-internal-review.googlesource.com/c/cdm/+/124885
The source code change that produced the obfucated code is also included
in the CL above but will not be merged to Android.
Original commit message from the fix above:
"This is a security improvement against an L3 exploit b/182584472.
The change is to store RSA private key in two parts instead of one,
and load it separately when the key is needed. This will make it
more difficult to find the entire RSA key.
This CL does the key loading part only. Key splitting is done
in Haystack in CL: cl/367515385"
New L3 system IDs included in the obfuscated code:
ID Description
22585 Android Q ARM L3 Field Provisioning 3.0
22586 Android Q ARM 64 L3 Field Provisioning 3.0
22587 Android Q x86 L3 Field Provisioning 3.0
22588 Android Q x86 64 L3 Field Provisioning 3.0
Bug: 182584472
Test: L3 unit tests
Test: GTS tests
run gts --module GtsMediaTestCases
run gts --module GtsExoPlayerTestCases
run gts --module GtsYouTubeTestCases
Change-Id: I834d3802690c2fda75cb3cfba186c41b6f5dc749
build
This is a merge of CL from widevine repo (obfuscated code only):
https://widevine-internal-review.googlesource.com/c/cdm/+/124623
The source code change that produced the obfucated code is also included
in the CL above but will not be merged to Android.
Original commit message from the fix above:
"This is a security improvement against an L3 exploit b/182584472.
The change is to store RSA private key in two parts instead of one,
and load it separately when the key is needed. This will make it
more difficult to find the entire RSA key.
This CL does the key loading part only. Key splitting is done
in Haystack in CL: cl/367515385"
New L3 system IDs included in the obfuscated code:
22589 Android R ARM L3 Field Provisioning 3.0
22590 Android R ARM 64 L3 Field Provisioning 3.0
22591 Android R x86 L3 Field Provisioning 3.0
22592 Android R x86 64 L3 Field Provisioning 3.0
Bug: 182584472
Test: L3 unit tests
Test: GTS tests
run gts --module GtsMediaTestCases
run gts --module GtsExoPlayerTestCases
run gts --module GtsYouTubeTestCases
Change-Id: Ie61f39f50a70ab75547d75f89d9e38264f598bc8
build
This is a merge of CL from widevine repo (obfuscated code only):
https://widevine-internal-review.googlesource.com/c/cdm/+/124886
The source code change that produced the obfucated code is also included
in the CL above but will not be merged to Android.
Original commit message from the fix above:
"This is a security improvement against an L3 exploit b/182584472.
The change is to store RSA private key in two parts instead of one,
and load it separately when the key is needed. This will make it
more difficult to find the entire RSA key.
This CL does the key loading part only. Key splitting is done
in Haystack in CL: cl/367515385"
New L3 system IDs included in the obfuscated code:
22589 Android R ARM L3 Field Provisioning 3.0
22590 Android R ARM 64 L3 Field Provisioning 3.0
22591 Android R x86 L3 Field Provisioning 3.0
22592 Android R x86 64 L3 Field Provisioning 3.0
Bug: 182584472
Test: L3 unit tests
Test: GTS tests
run gts --module GtsMediaTestCases
run gts --module GtsExoPlayerTestCases
run gts --module GtsYouTubeTestCases
Change-Id: Ide6962fcaf902bcf31431f9067a89ad75087add6
(This change is merged from http://go/wvgerrit/124825)
The OEMCrypto tests have tests that verify that entitled keys can be
loaded but not that they can be successfully used for decrypt. This
patch adds a decrypt portion to the existing tests.
As part of this, the existing Session::EncryptCTR() method and portions
of Session::TestDecryptCTR() are lifted to be static functions so they
can be shared across unrelated classes in oec_session_util.cpp.
EncryptCTR() had no dependence on its enclosing class and is unchanged
other than being moved outside the class.
To reduce ambiguity with the new decrypt verification, this patch also
renames EntitledMessage::VerifyEntitlementTestKeys() to the
more-specific EntitledMessage::VerifyKCBs(). Its behavior is unchanged.
Bug: 186782279
Test: x86-64 platform
Test: opk_ta platform
Test: build_and_run_all_unit_tests
Change-Id: I15156882907b0987215087aaf43b4666fedc171a
(This change is merged from http://go/wvgerrit/124824)
GenerateSimpleSampleDescription() only had asserts to check parameters
that only came from other test code, so they weren't testing anything of
use. With the asserts removed, it's no longer necessary to wrap calls to
GenerateSimpleSampleDescription() with ASSERT_NO_FATAL_FAILURE(), which
a lot of callers were already forgetting to do anyway. This also
simplifies a future patch that will generalize the decryption test code
to work with entitlement licenses.
Bug: 186782279
Test: x86-64 platform
Test: build_and_run_all_unit_tests
Change-Id: I987427fdfee4826d77ab95344f9aca8c374b2001
Merge from Widevine repo of http://go/wvgerrit/123803
Update fuzz build script to use gyp from third_party folder.
Test: ran fuzz tests on luci
bug: 186271314
bug: 184866351
Change-Id: If530872aa1e60d2108932610415aa5315979390c
[ Merge of http://go/wvgerrit/124063 ]
LicenseDurationRemaining used to indicate the minimum of rental or
license duration till OEMCrypto v16. OEMCrypto v16 onwards it began
reporting rental duration alone.
This is confusing for app developers and content partners. Keeping
LicenseDurationRemaining as apps may depend on it but adding
RentalDurationRemaining for clarity.
Bug: 186838303
Test: WV unit/integration tests, WvCdmRequestLicenseTest.QueryKeyStatus
Change-Id: I6c507150a0945ee36716b4da189f5741b092c0ec
[ Merge of http://go/wvgerrit/123263 ]
In b/65839890 we discovered that an android app loaded an offline
license more than once in a session. We did not intend to allow
this behavior but did not prohibit it. OEMCrypto v16 disallowed
this behavior at the OEMCrypto level but we worked around it
within the CDM to maintain the bad behavior. Now that we have confirmed
that the app no longer relies on that behavior, we are reverting
the CDM workaround.
Bug: 161865160
Test: WV unit/integration test, GtsMediaTestCases
Amazon, Netflix, Google TV streaming and offline playback.
Change-Id: I31254e4c13b81587f88c6c684d08d5aa5c18e39d
[ Merge of http://go/wvgerrit/122613 ]
Further log clean up in the core CDM code.
- Changed several INFO logs to DEBUG and VERBOSE
- Added more identifiers to the DEBUG logs to help match resource
associations
- Added more enum-to-string functions
- Unknown enum values will be formatted to contain their numeric
value
Key areas improved are the UsageTableHeader and CdmSession.
Bug: 183576879
Test: CE CDM unittests
Change-Id: I2d11e714d419e0736d3e2f7a7668e8d36d7ef449
* changes:
Fix CDM Builds w/ OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION
Fix unused param warnings in oemcrypto fuzz test
Add http socket tests to other tests
Turn on ODK tests in CE CDM test and fix test helper
