Add canonicalization requirements and a few more required fields.
Fixed a few typos.
Bug: 314882572
Change-Id: I3fe74c5b78292378fe146afa7236ece2c30942ae
Since enabling C++17 for Widevine, we should be able to use absl::string_view since copybara can automatically translate between absl::string_view and std::string_view.
PiperOrigin-RevId: 586780379
Change-Id: I94d04bd3ab75085c482682539cf4bb2f046db864
We should talk about protected and unprotected regions in a
subsample instead of talking about encrypted and clear subsamples.
Bug: 148230379
Change-Id: Id19e693948cdbd332fa965c9d8775148d10e8368
Some tests were not in a doxygen group, so they were not
showing up on the dev site.
Bug: 298719677
Change-Id: Ic86b7999ac7ab324eb40a30023b74897f87d97e5
Each entry in BCC is signed by its parent. BCC validator should be able to
validate the signature along the chain.
In OPK reference, EdDSA is used. Also adding functions to support ECDSA
in oemcrypto_ecc_key module.
Test: opk_ta_p40
Bug: 300310163
Bug: 307968622
Change-Id: Ibed895933eeb71b18c467604588cca449cac1af9
The returned BCC from OEMCrypto_GetBootCertificateChain() can be
validated by unit tests with BccValidator.
Test: run_fake_l1_tests, opk_ta_p40
Bug: 300304834
Bug: 307968622
Change-Id: I6312cb45548f5d8a711c13ea0356d6ec8db51082
A Bcc validator that can parse and validate BCC. This is to support better
prov40 unit tests regarding OEMCrypto_GetBootCertificateChain() later.
Test: opk_ta_p40
Bug: 300304834
Bug: 307968622
Change-Id: I3cfdad9f1891c6abc83051af1d80a20e0adeb58b
I added an empty ODK_ParsedRelease struct in ODK in case we want to add fields for release requests in the future but this is causing an error in C. Removing it for now. Will add it if needed for future unit tests.
PiperOrigin-RevId: 581059171
Change-Id: Ic547cf3cef3cf89f503f39cff27888d77056eddc
For context, see cl/578224540
This CL is produced via
- Do the removal
- `$ /google/src/head/depot/google3/devtools/scripts/csearch_apply --includefile 'video/widevine/export/common/oemcrypto_core_message/' --search='Copyright \d{4} Google LLC. All rights reserved.' --apply='s,\ All rights reserved\.,,g'`
- Manually deleted a few periods. I.e., for cases where the comment is ONLY "Copyright <year> Google LLC.", I removed the period at the end.
PiperOrigin-RevId: 580020267
Change-Id: I4b2f647d6e3bbb34868e1822591bc953a94cca42
Also removed L3 function pointers to the function headers added in
go/wvgerrit/186010 because they weren't stubbed out and was causing the
new script to fail.
Bug: 293359147
Change-Id: I15606bb636a8bd2637bcf48c421a85d82044762b
Add new OEMCrypto_GetBCCType() function in v19.
Re-generate serialization and test files.
Test: opk_ta, opk_linux_ipc_ta, run_fake_l1_tests
Bug: 297918188
Change-Id: Id5f422776cd50c71ab483c06bbe3ac399461fb31
Disable clang-tidy checks that enforce coding patterns specific to C++17
until the codebase can be updated.
Change-Id: Ic720dec6720b325b1f19d3c2e4c31f4a8e081a01
Updated compiler flags from c++14 to c++17 everywhere.
L3 haystack still uses c++14 and needs more testing.
Bug: 254108623
Test: Build and run CE CDM unit tests
Change-Id: I3883c466705aeb239d22c178605029fec7d46bff
Starting in v19, OEMCrypto implementers will need to implement KDF generation in OEMCrypto. To make it easier, this adds a utility to generate them based on the request context.
PiperOrigin-RevId: 572693987
Change-Id: Ife382bf35ceede508499e3677de115ef12999dcc
For DRM, but not for CAS, we allow the entitlement session
and the entitled session to be the same.
Bug: 301462149
Change-Id: Ib830484be8437b1c4ce34500ae912e6c119dcfc3
(cherry picked from commit c1ec1c248d3ca1d3bc414c71cc9222c77d56f043)
This updates the code and tests to allow for using license protocol 2.2
when using OEMCrypto v19.
Issue: 80428549
Issue: 121031064
Issue: 232464183
Change-Id: Ib6bb61f86dd310b566227462658530bca5940b88
Since we want to migrate to using GTEST_SKIP to skip unit tests instead
of GTEST_FILTER, we can remove the RestrictFilter() function which
filters the tests out using GTEST_FILTER. To do this, the RSAPerformance
test needs to be removed, which is acceptable since no one uses this
test anymore. However, b/299135804 is being used to track a new way to
either execute/track permance.
Bug: 251240681, 299135804
Change-Id: Ife59c468ee127f4c39d3be91707ca38a061b7895
Since KDF functions are only used right before specific functions, this
merges them to simplify internal state within OEMCrypto.
Fixes: 299527712
Change-Id: I426cfcdc102bd73cf65cd809b213da2474f44b34
OEMCrypto_PrepAndSignLicenseRequest() documentation needs to be updated
to match the current behavior.
Bug: 296608852
Change-Id: Ib76dc2f1afa705b5f71e654afa2889b2dcca36ce
MSVC supports static_assert but won't always set __STDC_VERSION__ correctly. So we just assume it is supported.
PiperOrigin-RevId: 559166904
Change-Id: I9a62094686405c58fe9be202bce0f4fefb764d48
In v19, SetDecryptHash() was updated to only work with CRC-32.
While updating OEMCrypto, L1 (opk, intertrust, etc.) and L3, the
V18 version was not added to the dynamic adapter. This change
adds the backwards compatible call for L1s running V18 and earlier.
Bug: 296918528
Test: run_dynamic_oemcrypto_v18
Change-Id: I8f3efc1ffac4fa7a87e029166ee866567829897d
The current implementation of OEMCrypto_SetDecryptHash gives developers
flexibility to use different types of hashes. However, all the
implementations we have seen thus far use crc32. Because of this, crc32
should be sufficient and we can refactor OEMCrypto_SetDecryptHash to
only use the crc32 hash.
Bug: 287706586
Change-Id: I4aaa253b2656dfd9c984f77dfb08fe160b23b47c
The extra call to OEMCrypto_GenerateNonce is not needed. And it would
also lead to failure when the fuzzers are linked with the OPK
serialization layer.
Bug: 324666282
Change-Id: I43941fd5ee1f15f7106e6f0be2b65dce206225cf
The feature RenewOnLicenseLoad is not expected to work for an offline
license when the device has no usage table.
Bug: 310498829
Merged from https://widevine-internal-review.googlesource.com/190789
Change-Id: I601c332ed6cd17f9682082ea6acda7e67492b381
Creates parameterized certificate provisioning tests to prepare for DRM
reprovisioning implementation.
- Create parameterized certificate provisioning test suite.
- Change RETURN_IF_NOT_OPEN macro to call IsOpen instead of checking
the |open_| variable to make mocking of CryptoSession methods easier.
Bug: b/305093063
Merged from https://widevine-internal-review.googlesource.com/188051
Change-Id: Ic1c344af64073a8ff5626530a0864bfeea90fc6e
Creates new token types for the DRM reprovisioning scheme that will be
used by L3 CDMs with baked-in certificates to allow for use of unique
serial numbers.
- Create new `CdmClientTokenType` for DRM reprovisioning in the CDM
core.
- Create a new `ProvisioningType` for DRM reprovisioning in the
provisioning message proto.
- Create new enum value for `DEVICE_EMBEDDED` in DrmCertificate type.
- Update uses of the above to include the new token types.
Bug: b/305093063
Merged from https://widevine-internal-review.googlesource.com/186934
Change-Id: I7e6cc8744b80cbbb624d31e5be1eab1be8a9680f
