[ Merge of go/wvgerrit/186611 ]
Android user can set the property using the developer option.
Bug: 301669353
Change-Id: I730b635f6cc28dfb0471c1d679627c94b9e16af1
Merge from Widevine repo of http://go/wvgerrit/169089
We want to transition to using GTEST_SKIP to skip unit tests instead of
modifying the GTEST_FILTER variable. This does so for tests that require
RSA 3072 support. Note: I think part of this CL got lost in
go/wvgerrit/167740, so this is adding the rest in.
Bug: 251240681
Merged from https://widevine-internal-review.googlesource.com/168237
Change-Id: I3002f705f7e3f4b38d0e5efef355e5c3f3529218
Merge from Widevine repo of http://go/wvgerrit/169080
We want to transition to using GTEST_SKIP to skip unit tests instead of
modifying the GTEST_FILTER variable. This does so for tests that require
CAS support.
Bug: 251240681
Merged from https://widevine-internal-review.googlesource.com/167739
Change-Id: Ifb971bf01e2c21fe672bbe4bfa15c797456256ef
Merge from Widevine repo of http://go/wvgerrit/169076
We want to transition to using GTEST_SKIP to skip unit tests instead of
modifying the GTEST_FILTER variable. This does so for provisioning 4.0
tests.
Bug: 251240681
Merged from https://widevine-internal-review.googlesource.com/167497
Change-Id: I65a879fba24b199bd115980bdd556c123fcc1cdc
Merge from Widevine repo of http://go/wvgerrit/169070
This turns on the cast receiver tests for any device that
claims to support this feature. Previously, we had to
explicitly request these tests on the command line.
But since they do not pass for Prov 4.0, we fitler them out
in this case and reference a bug tracking that work.
We also switch to using GTEST_SKIP to skip the tests instead
of modifying the GTEST_FILTER.
Bug: 251240681
Bug: 269310676
Bug: 259455058
Bug: 259454969
Merged from https://widevine-internal-review.googlesource.com/166497
Change-Id: I1bcd749243a474b3f638547aa43c2805e86731af
Merge from Widevine repo of http://go/wvgerrit/169068
We want to transition to using GTEST_SKIP to skip unit tests instead of
modifying the GTEST_FILTER variable. This does so for provisioning 3.0
tests.
Bug: 251240681
Merged from https://widevine-internal-review.googlesource.com/167498
Change-Id: I997e1051f3bd7925bc69cf1b269a5bbbae8031b7
Merge from Widevine repo of http://go/wvgerrit/169064
This CL should cleanup some minor issues that existed after the initial
CLs refactoring the unit tests went in. The issues fixed should be:
1) duplicate decrypt tests
2) decrypt tests added to be run
3) removed unecessary header files
4) refactored some provisioning tests that I had previously overlooked
Bug: 253779846
Merged from https://widevine-internal-review.googlesource.com/167537
Change-Id: Ic474fbcf69a08c0482b5e74d0c80be2cd16702d8
Merge from Widevine repo of http://go/wvgerrit/169050
- Update changelog
- Update copy parter files script to include linux port
- Update opk_partner_test script (used to make sure everything works out
of the box) with third party dependencies, refactored downloads into
a public setup.sh script
- Remove WTPI_BUILD_INFO from OPK makefiles and gyp files, since it is
no longer needed
- Remove FILES.md since it is out of date and ree-sources.mk and
tee-sources.mk satisfy the same purpose
- Add debug flag in comments for OP-TEE and Linux ports. As a hint for
how to enable debug in OPK
- Remove oemcrypto_build_info.h since it is no longer needed. Move the
XSTR macro it contained to oemcrypto_api_macros.h
- Add provisioning method macro to OPTEE and Linux build files to hint
at how to build Prov 2 and Prov 4 using the same build files but
different build-time values.
Merged from https://widevine-internal-review.googlesource.com/166219
Bug: 275264353
Test: luci tests
Change-Id: I220e3296f631d895a7c4504454635fe396efc0a4
Merge from Widevine repo of http://go/wvgerrit/169048
Do not generate a new signature during mutation if a key handle cannot
be retrieved by OEMCrypto_GetKeyHandle().
Bug: 275264353
Test: luci tests
Change-Id: I9a804328c4b6d3e50d14c3f9c71043e71a88e3da
Disable one oemcrypto v18 unit test which takes nlohmann-json dependency
for now, until the json dependency is fixed.
Test: build widevine and oemcrypto unit tests
Bug: 263397641
Change-Id: I065b28a81cc481b2b64bda27733640e0fdea0c2c
No-Typo-Check: From a third party header file
Bug: 260918793
Test: unit tests
Test: atp v2/widevine-eng/drm_compliance
Change-Id: I36effd6a10a99bdb2399ab1f4a0fad026d607c70
[ Merge of http://go/wvgerrit/153669 ]
The oemcrypto_decrypt_cenc_fuzz fuzz test found a null reference error.
This adds a check to ensure that the input_buffer vector used for the
sample descriptions is not empty before attempting to access it.
Bug: 192310854
Bug: 236317198
Change-Id: If3909b01d3bc19434bbd5b6b77e7cd76182b2bdf
[ Merge of http://go/wvgerrit/153121 ]
`run_oemcrypto_fuzz_tests` script was disabled while OPK was
transitioning between v16 and v17. Now that OPK is v17, the
fuzz tests can be re-enabled.
Some targets could not be built due to a missing header file.
`oemcrypto/ref/src/cppbor.cpp` was updated to include the missing
header.
Bug: 235414753
Bug: 229160033
Bug: 236317198
Test: run_oemcrypto_fuzz_tests
Change-Id: Ieeebae1f6d84c5735a669d44ea45875675fdb5a3
[ Merge of http://go/wvgerrit/153589 ]
Some unit tests call InstallTestRSAKey() a few times. In current
provision 2 with Keybox, the test RSA DRM key is hard coded. But for
provision 4, it will be generated by OEMCrypto.
When a test calls multiple times of InstallTestRSAKey(), we don't want
the key to be generated during each call, and we want to use the same
key in order for the decrytion to work.
The fix to cache the drm key once it is created for prov 4 tests.
Bug: 180530495
Bug: 236317198
Test: oemcrypto_test
Change-Id: I1b2d96a89e0619861492e6d9bc56862e2c440c86
[ Merge of http://go/wvgerrit/150349 ]
The device id for prov4 is hash of the encoded device public key
(COSE_key).
Also replaced a few bug numbers if it is prov3 specific (not related to prov4).
Bug: 225216277
Bug: 236317198
Test: oemcrypto_test
Change-Id: Ica1c8579c0a3ef83c70f331283c9cce629c6bb3f
[ Merge of http://go/wvgerrit/149849 ]
With ECC based DRM cert, the session key is expected to be 32, as
compared to 16 bytes in RSA case. This CL adds supports for 32 bytes
session key.
Bug: 236317198
Test: oemcrypto_test
Change-Id: I657fdd92d17736a23375ddcd457f83efa6ca6d1f
This is a merge from:
https://widevine-internal-review.googlesource.com/c/cdm/+/152897
and http://go/wvgerrit/153709
Adding a new OEMCrypto unit test will allow partners to correct a
problem earlier in their integration.
Verifies current oemcrypto implementation handles clear KCB in a
mocked 16.4 license response.
Unit test release date updated to 2022-06-17.
Test: run_x86_64_tests; opk_ta
Bug: 235870170
Bug: 234645065
Change-Id: I59fef2c25f5c007624447d4f46147d96adeddad9
[ Merge of http://go/wvgerrit/147275 ]
Swapped out use of OpenSSL/BoringSSL RSA and EC_KEY to use OEMCrypto
reference utility classes RsaPublicKey/EccPublicKey. This enables
further test development with ECC keys, and removes duplicate OpenSSL/
BoringSSL code.
For Android makefiles, only the minimally required files have been
added.
Bug: 205902021
Bug: 236317198
Test: run_prov30_test run_prov40_test oemcrypto_test
Change-Id: I64491018e8ffb69bf986083e3aae446eb9e5cf39
[ Merge of http://go/wvgerrit/150789 ]
We had two copies of the wvcrc32.h and wvcrc.cpp files: One in
oemcrypto/util/ and one in oemcrypto/test/. The two were identical
except for the namespaces used. However, this setup created confusion if
the compiler could see both files, as the wrong one could get included.
This patch removes the set from test/ in favor of the more-widely-used
set from util/ and updates the one piece of code using the old
namespace.
Update Android oemcrypto_test makefile for wvcrc32.
[ Merge of http://go/wvgerrit/153657 ]
Duplicated wvcrc files were removed in http://go/wvgerrit/150632,
however, the Android-specific makefile for oemcrypto_test was not
updated with the new source and include directory. This CL makes
the necessary changes to the makefile to build with the OEC ref util
version of wvcrc32.
Bug: 229160397
Bug: 236317198
Test: oemcrypto_test
Change-Id: I0b53255122172fb514e7e0602b59f3ab704e52da
[ Merge of http://go/wvgerrit/151191 ]
Within the CDM and OEMCrypto tests, there were a few OEMCrypto function
calls where the final size of the output buffers were not being
resized. For several of these functions, an initial call is made with
zero-length output buffers, expecting OEMCrypto to return
ERROR_SHORT_BUFFER; followed by a call with buffers at least as large
as specified by OEMCrypto. However, for some operations, OEMCrypto
makes an estimate on the final size on the first call, specifying the
exact size only after performing the operations.
This is the case for the wrapped key returned by
OEMCrypto_LoadProvisioning(). The provisioning response contains a
padded + encrypted DRM key. OEMCrypto does not know the actual size
of the key until decrypted, and the actual DRM key might be smaller.
There was a OEMCrypto test for OEMCrypto_BuildInformation() which
was enforcing the wrong behaviour. This has been updated.
Bug: 230661565
Test: oemcrypto_test
Change-Id: Iad297d56ffbb085894641fdf8698ce5fd18edbf2
In TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(),
LoadResponse() should be called after EncryptAndSignResponse() so this
is moved in this CL.
Bug: 231368221
Test: OEMCryptoMemoryLoadLicense tests
Change-Id: I7a0224afb21c3ab1d896ce3cfb64e1ad544a581a
Merge from Widevine repo of http://go/wvgerrit/151254
Test: Ran tests on reference oemcrypto
Bug: 228996670
Change-Id: I6ea69bad49fa2d4272fc8bb02895c17f314c7f49
Merge from Widevine repo of http://go/wvgerrit/151253
This updates the OEMCrypto unit test filters to remove
CasOnly tests if the device does not implement the cas
function OEMCrypto_LoadCasECMKeys.
Test: unit tests on Luci
Bug: 221256887
Change-Id: I7026c4318153ada1d85055704e87b2cef397ffca
[ Merge of http://go/wvgerrit/149469 ]
Created a new test for stressing OEMCrypto's ability to generate
OTA Keybox provisioning requests. This forces the TA to retrieve
keys from KM, generate certificate and sign the request. This is
intended to find any unexpected system degradation within the
device's TA(s).
Bug: 227542259
Test: oemcrypto_test
Change-Id: Ib34f2f801a7fe74ca67aa0a16f68f9ae326de24e
[ Merge of http://go/wvgerrit/148157 ]
Fail the test if the returned type is other values.
Bug: 224375138
Test: GtsMediaDrmTests
Change-Id: I4abad9d69865cac99654d3dedd443463dd728a58
* changes:
Change the signature format requirement of OEMCrypto_GenerateCertificateKeyPair
Fix EnsureProvisioned for double provisioning
Update fuzz tests to match output desriptor struct
Use default url to inform app of prov40 stages
Fix key_control_iv in OEMCrypto tests
Fix jenkins/opk_optee after v17 merge
Remove old test license holder
Generic crypto tests: use license holder
Reboot tests: verify offline license is valid after reboot
Policy integration tests: use license holder
Integration tests: add license holder
Reboot test: Initialize fake clock
Reboot test: save large files
Test max number of DRM private keys
Merge oemcrypto-v17 to master
Update cipher mode elsewhere
Fix 1 ClangTidyBuild finding:
Add out of bounds testing for LoadKeys()
Separate invalid session test for ReuseUsageEntry
[ Merge of http://go/wvgerrit/147110 ]
The OEMCrypto_DestBufferDesc had fields address/address_length renamed
to clear_buffer/clear_buffer_length in v17. However this was not updated
for the fuzz tests thus causing some code coverage errors. This should
fix those errors.
Merged from https://widevine-internal-review.googlesource.com/146889
Bug: 220946359, 220946990
Test: GtsMediaTestCases on sunfish
Change-Id: I2837de2f79c0e731d072e3712d6b769df17a1c7e
[ Merge of http://go/wvgerrit/145989 ]
The key_control_iv field is used with an encrypted KCB. With v17, the
KCB is in the clear and this field should have a length of 0. This
updates the tests to set the field correctly.
Bug: 224375138
Test: GtsMediaTestCases on sunfish
Change-Id: I2973bc064705557c878bb1fe943e5fde92977dcc
[ Merge of http://go/wvgerrit/143909 ]
The max. number of DRM keys that can be loaded depends on the resource
rating.
Add a test to verify:
1. We can load up to MAX. drm keys
2. Loading the MAX+1 key can fail
3. The loaded keys should work even if loading other keys failed
Bug: 209084113
Test: opk_ta, run_x86_64_tests, run_level3_static_tests,
run_fake_l1_tests
Test: GtsMediaTestCases on sunfish
Change-Id: Ib9821e8a1994d41d3e9c2063440c109a2332ba89
[ Merge of http://go/wvgerrit/144696 ]
In v17,
OEMCrypto_CipherMode_CTR renamed to OEMCrypto_CipherMode_CENC
OEMCrypto_CipherMode_CBC renamed to OEMCrypto_CipherMode_CBCS
Bug: 224375138
Test: GtsMediaTestCases on sunfish
Change-Id: I2d96e9c6d22a9d9e2fbbd15a8aea3f2d5dac6dcb
[ Merge of http://go/wvgerrit/146249 ]
Update the OEMCryptoMemoryLoadLicense* tests so they cover LoadKeys()
for v15 and prior and LoadLicense() for v16 and later versions.
Merged from https://widevine-internal-review.googlesource.com/145951
Bug: 190749256
Test: GtsMediaTestCases on sunfish
Change-Id: If90f7afd82819375f52a2fe619675bf0c4c4dd3a
