Merge from Widevine repo of http://go/wvgerrit/125744
The OEMCrypto tests use a fixed RSA key. This will be loaded using
OEMCrypto_LoadTestRSAKey. This adds that key in DER format. This key
was stored in the kTestRSAPKCS8PrivateKeyInfo2_2048 variable in the
code.
Bug: 202994773
Test: test only data
Change-Id: I372a45c48ddeff5149f3685640fa09ff569a696a
Merge from Widevine repo of http://go/wvgerrit/131249
We no longer need to disable DroidGuard when running our tests.
Bug: 195770435
Change-Id: Ia17e611dd47e125692abe968dc45d63da81b0a13
Merge from Widevine repo of http://go/wvgerrit/130469
Parse and decode persistent data for reboot tests
Merge from Widevine repo of http://go/wvgerrit/130468
Save and restore persistent test data
Merge from Widevine repo of http://go/wvgerrit/130467
Saving and restore the test host's file system
Merge from Widevine repo of http://go/wvgerrit/130466
Add reboot test class
Test: android/run_reboot_test.sh and jenkins/run_fake_l1_tests
Bug: 194342751
Bug: 194342800
Change-Id: Id2f3d9850cb75cb286f7863738aa8fd38a1a5301
Merge from Widevine repo of http://go/wvgerrit/135984
If the MediaDrm property string debugIgnoreKeyboxCount is set to 1,
then the keybox will be ignored on the next initialization. This will
force an OTA keybox reprovisioning.
Equivalently, a 1 may be written to the file
L1/debug_ignore_keybox_count.txt.
In order to test a failed reprovisioning step, a value of 2 may be
used.
Bug: 187646550
Change-Id: Ie7d34a8b355398855f4ec43dd95dd73c5907bdeb
Merge from Widevine repo of http://go/wvgerrit/135982
The basic test was failing when using the testbed oemcrypto
because the testbed deletes its keybox on each
initialization. The test would terminate and re-initialize
oemcrypto whenever all the crypto sessions are deleted. This
has been fixed by holding a crypto session alive until the
end of the test.
bug: 187646550
Test: test only code
Change-Id: I48a3771bf5fd4aae8d262b8c7bf42f004d9b9f4c
Merge from Widevine repo of http://go/wvgerrit/134728
This variable was written to, but the value was never read. Newer
compilers would complain about this. This patch removes the unused
variable.
Bug: 202400919
Change-Id: I87cae291d41b18db91a4c4f8a76edb537635db2c
Merge from Widevine repo of http://go/wvgerrit/131305
The OPK tools are choking on non-ASCII characters when running on the
fuzz bots. This patch removes the problem characters from the header.
This brings these curly quotes in-line with the rest of the quotes in
the header.
Bug: 192275441
Change-Id: I9ba57abcd1275663601efc2a9170d7ab6aa4b4b8
Merge from Widevine repo of http://go/wvgerrit/125263
and http://go/wvgerrit/135749
Define a |major.minor| version in the
serialization layer and check for compatibility
between REE and TEE before accepting connections.
bug: 158857733
test: opk_all_tests
Change-Id: Iad44a1f50a27c6bca4959c6d41c9b361712dbde8
(This is a merge of http://go/wvgerrit/135033 from the Widevine repo.)
Previously, errors from BoringSSL in OEMCrypto were printed to stdout.
This patch moves them to stderr.
Bug: 202752544
Test: OEMCrypto unit tests
Change-Id: Ifad3e4db40e796e0320863e5a58882822e657a31
[ Merge of http://go/wvgerrit/128023 ]
Several of the messages in license_protocol.proto have fallen out of
sync with their source-of-truth in Google3. This change updates most
of the proto messages used by the CDM. None of these changes
immediately affect the CDM.
Bug: 192286204
Test: Build service and unit tests
Change-Id: I83414167d51f2443fe39f02ab160341918e409c9
(This is a merge of http://go/wvgerrit/134311.)
This patch widens the variable type used for lengths in wvcrc32 from
int to size_t. This fixes code that would trigger -Wshorten-64-to-32 by
implicitly narrowing a variable from 64 to 32 bits.
Bug: 194971260
Test: x86-64
Change-Id: I2887c18ff2a2c6dd3d65f966d9d1203fb050f736
The API comments for the two new OTA keybox OEMCrypto functions
required formatting to be compatible with the doxygen comment
strings.
Bug: 190505461
Test: Android unit tests and GTS
Change-Id: Ia45dc9d727a2a904170912193709cd9416b8fe27
[ Cherry pick of http://ag/15854889 ]
[ Merge of http://go/wvgerrit/133943 and http://go/wvgerrit/134043 ]
Certain OEMCrypto implementations will not report their provisioning
method if the keybox is invalid. If the OEMCrypto implementation
supports OTA keybox provisioning and does not report its provisioning
method, then keybox provisioning is assumed.
Bug: 187646550
Test: unit/integration/GtsMediaTestCases
Change-Id: Ie7753546e53fc73fd59803958e88edf416ee5336
[ Cherry pick of http://ag/15847758 ]
Adjust OTA code to account for some design changes and
add integration tests.
Merge from Widevine repo of http://go/wvgerrit/133775
Change use_test_key to uint32_t type
Merge from Widevine repo of http://go/wvgerrit/133774
Cleanup CDM OKP info before tests.
Merge from Widevine repo of http://go/wvgerrit/133773
Change context for derivation in OTA keybox solution
Merge from Widevine repo of http://go/wvgerrit/133772
Updated OTA keybox key derivation.
Merge from Widevine repo of http://go/wvgerrit/133771
Use double provisioning step in integration tests
Merge from Widevine repo of http://go/wvgerrit/133770
Erase keybox on initialization for OEMCrypto testbed
Merge from Widevine repo of http://go/wvgerrit/133769
Add session id to OEMCrypto OTA functions
Merge from Widevine repo of http://go/wvgerrit/133768
Integration test for OTA Keybox reprovisioning
Merge from Widevine repo of http://go/wvgerrit/133767
Add test x509 cert for testing
Merge from Widevine repo of http://go/wvgerrit/133766
OTA Keybox basic functionality in testbed
Merge from Widevine repo of http://go/wvgerrit/133765
Update OTA test script to use newer build scripts
Merge from Widevine repo of http://go/wvgerrit/133764
Adjust comment stype for doxygen
Test: MediaDrmTest and Android unittests
Bug: 190505461
Bug: 190505461
Bug: 190505461
bug: 187646550
Bug: 187646550
Bug: 187646550
Bug: 187646550
Bug: 190505461
Bug: 187646550
Bug: 188228998
Bug: 190505461
Bug: 187646550
Change-Id: I41ff819a1fd8aca2e20adb25127fa0d9c4879b01
[ Cherry pick of http://ag/15836995 ]
[ Merge of http://go/wvgerrit/133744 ]
This changes adds several small classes which contain and manage
system and engine information related to OTA keybox provisioning.
These classes closely map to the OKP device file messages.
Bug: 189232882
Test: Linux unit tests
Change-Id: Ia9334c38f9d7ea89b30d9ad05f0595570bb38658
Storing and loading OKP info.
[ Merge of http://go/wvgerrit/133763 and http://go/ag/15645333 ]
This change extends the DeviceFiles module to be able to store and
load OKP info. Mild data validation is performed when storing and
loading the information.
Bug: 189232882
Test: Android unit tests
Change-Id: I077de3234157252f2255a4389bf82a8d5344a355
System OKP fallback policy.
[ Merge of http://go/wvgerrit/133783 and http://go/ag/15645334 ]
SystemFallbackPolicy provides a thread-safe interface for accessing
and modifying OKP info.
Bug: 189232882
Test: Android unit tests
Change-Id: I4e43e3bc047ed5fb6cb517b53e4094e812b70e1e
Engine OKP provisioner.
[ Merge of http://go/wvgerrit/133803 and http://go/ag/15645335 ]
The OtaKeyboxProvisioner provides a CdmEngine-specific context for
performing OTA keybox provisioning. Utilizes the system-wide
SystemFallbackPolicy to relay provisioning status between engines.
The provisioner will handle message wrapping and unwrapping of the
raw OTA keybox request / response into the SignedProvisioningMessage
which is sent to/received from the provisioning server.
[ Partial merge of http://go/wvgerrit/125844 ]
Note: Includes partial CryptoSession changes from various CLs.
CryptoSession functionality has been stripped to reduce impact of
this CL.
Bug: 189232882
Test: Android unit tests
Change-Id: I282bf7d1887daefb2250af1bd595c4dc3dfcfb29
Integrated OKP into CDM Engine
[ Merge of http://go/wvgerrit/133804 and http://go/ag/15646376 ]
Extended the functionality of the CdmEngine to check if the device
requires OKP and to initialize OKP resources if required. The
functionality of OpenSession() and GetProvisioningRequest() have been
the most affected. If OKP is required, these methods will signal to
the app that provisioning is required and will return an OKP request.
Once a device is provisioned, the OKP data is cleared away and the
CdmEngine will resume normal operation. Engines created after a
device is provisioned will immediately enter normal operations.
The exception is for CdmEngines which failed to perform OKP for some
reason and are still running. Those apps will need to restart before
gaining access to L1 operations.
Bug: 187646550
Test: Android integration tests
Change-Id: Ia572a66a7b73479355758aa3d0c682691eaca0fc
[ Merge of http://go/wvgerrit/133729 ]
[ Cherry pick of http://ag/15836224 ]
The OtaKeyboxProvisioner is a system-wide provisioner for sharing the
provisioning workflow between CDM engines.
Bug: 189232882
Test: GtsMediaTestCases
Change-Id: I873af3087cc05e1831bdd1d2c14fb002b73e6902
Added keybox provisioning proto fields.
[ Merge of http://go/wvgerrit/133730 and http://go/ag/15113032 ]
This CL copies over the required license_protocol.proto changes that
are required for OTA keybox provisioning. These fields are defined in
the server-side certificate_provisioning.proto, defined in
http://cl/377533774.
Note, changes are slightly different from server proto due to the RVC
version of license_protocol.proto being out of date with SC and newer
changes.
Bug: 189232882
Test: run_x86_64_tests
Change-Id: I55fcf6a7ac2ba4b6026b9acc63e822ff33c431d9
Added OTA keybox provisioning device files.
[ Merge of http://go/wvgerrit/133743 and http://go/ag/15421141 ]
This change adds a new set of proto messages/fields the CDM's device
files for recording device and engine information around OTA keybox
provisioning (OKP).
To make cleanup and thread protection possible, there is a single file
which will contain all the information for the device as a whole and
each CDM engine tied to an app/origin.
Bug: 189232882
Test: Linux unit tests
Change-Id: Iaf80cd6342f32657e04416750d9b278d935821a5
Client ID for OKP requests.
[ Merge of http://go/wvgerrit/133744 and http://go/ag/15645331 ]
Extended the CDM ClientIdentification class to support a subset of
client info used for OKP requests.
Bug: 189232882
Test: Android unit tests
Change-Id: I6aafb4f2164efe69bc733ece0a912f0e91893b91
Merge from Widevine repo of http://go/wvgerrit/133703 and
http://ag/14707867
[ Cherry-pick of http://ag/15835345 ]
In order to use a local provisioning server, we need to use a
different test keybox system id that is in the dev device database
instead of the production database. We also need to use a local
license server that uses the dev license server.
Bug: 187646550
Test: GtsMediaTestCases
Change-Id: Ice89143dd26de22757375a770c6bac716fcbc057
Add Keybox OTA Provisioning functions to OEMCrypto header
Merge from Widevine repo of http://go/wvgerrit/133704 and
http://go/ag/14707868
Bug: 188228998
Change-Id: Iff54bc2870e87bf7239e179e1d02fbcc8df6198f
Stub build changes to support OTA Keybox
Merge from Widevine repo of http://go/wvgerrit/133725 and
http://go/ag/14781459
This CL adds a new unit test file for testing OTA keybox
reprovisioning functionality. This new test is built when running the
dynamic adapter in the linux build, and in the Android build.
Bug: 187646550
Change-Id: I625513840188f95e74831ef2ea399e827e837439
Add OTA Keybox functions to dynamic adapter
Merge from Widevine repo of http://go/wvgerrit/125843
and http://go/ag/14781460
Bug: 187646550
Change-Id: Ief78ed10599c091690e0d7dc488ea71674c763b5
Refactor dynamic adapter keybox verification
Merge from Widevine repo of http://go/wvgerrit/133727http://go/ag/14812524
The keybox validation needs to be done separately from initializing
the library so that we can support Keybox OTA Reprovisioning.
If L1 loads, but the keybox is missing, the initialization should
succeed. When the keybox is validated, the adapter should try to look
for a keybox on the filesystem. if none is found, it should either
return NEEDS PROVISIONING or an error.
Bug: 187646550
Change-Id: I34a8c365a5a5ca35c379bea827c85c749964744c
Update crypto session to use new OTA keybox functionality
Merge from Widevine repo of http://go/wvgerrit/133728 and
http://go/ag/14812525
This CL stubs out two new CryptoSession functions that call the new
OEMCrypto functions for OTA Keybox Provisioning. It builds! Yay!
It also adds a boolean needs_keybox_provisioning that is set to true
when OEMCrypto reports that it needs a keybox. This should only happen
if there is no keybox installed and oemcrypto supports provisioning.
Bug: 187646550
Change-Id: Ide9533943125aa13b8899b652b118a0b410c882c
(This is a merge from the Widevine repo of http://go/wvgerrit/131084.)
This patch updates the OEM Certificate scripts to work in Python 3.
Previously, the scripts were nominally Python-2-only, though I actually
couldn't get them to run in either Python 2 or 3. The following changes
were necessary to make the scripts work in Python 3:
1) print() is now a function, not a keyword.
2) xrange() is now range().
3) StringIO is now part of the io package.
4) Python 3 no longer lets you mix strings and byte buffers
indiscriminately. As such, the code needed to be made more crisp
about when it is treating a file or other blob of data as binary vs.
text. Many instances of StringIO had to become BytesIO, and several
literals had to be turned into byte literals. Passphrase command-line
parameters are now parsed to UTF-8 bytes during argument parsing.
Bug: 151736642
Test: oem_certificate_test.py
Change-Id: I8ea5d0fda2ea5a2c0289be7612be0b4e508c4abf
(This is a merge from the Widevine Repo of http://go/wvgerrit/134310.)
This patch fixes code that would trigger -Wshorten-64-to-32 by
implicitly narrowing a variable from 64 to 32 bits. Most of the time, it
does this by making the implicit conversion explicit. The cause of most
of these is that OpenSSL uses "int" for the length of things rather than
size_t. (While BoringSSL sometimes uses int and sometimes uses size_t.)
One exception is LogBoringSSLError(). We have a couple copies of this
function around, and they varied slightly. This patch brings them all
in-line, which conveniently also removes any code in them that would
deal with integer variables.
GetRandBytes() now takes a size_t and downcasts to BoringSSL's native
int internally, so that callers can pass in a size_t value as they would
expect.
There's also an interesting case in oec_session_util.cpp. Because
BoringSSL and OpenSSL disagree about the width of an error code, we have
to use the "auto" type for a temporary variable that holds an error, in
order to retain compatibility with both.
Bug: 194971260
Test: x86-64
Test: x86-64-openssl
Change-Id: I88bc62b4cda396f8a1eabd1a3cb7d1b03f47a33f
test: adb reboot while playing netflix and check logcat
to make sure session are closed.
[ Merge of http://go/wvgerrit/133063 ]
bug: 193099676
Change-Id: I375695673b0c366e09fb857f5ae7a9cb6b946779
On the gcc 9.3 compiler, oemcrypto/test/oemcrypto_test.cpp will not
compile without curly braces in some places so we must add them to
these 4 tests.
Test: OEMCryptoLoadsCertificateAlternates tests and CheckUsageTableSizeAPI16
Bug: 200057124
Change-Id: Ia097ba992a024adfd3311b82b812de60985a0de1
Merge from http://go/wvgerrit/133446
Commit message from Widevine repo:
"This change is to protect L3 RSA key from leaking in memory. After
this change, the RSA key, when loaded in memory, is XOR masked with
a key_mask."
The source CL that generates the new L3 libraries is here:
http://go/wvgerrit/130949
Test: L3 unit tests
Test: GTS test result https://android-build.googleplex.com/builds/abtd/run/L24400000950905884
Test: RSA performance test OEMCryptoLoadsCertificate.RSAPerformance
Test: Manual reboot tests on Pixel4
Bug: 183417993
Change-Id: I190e585ad03b8749e3487f9d3f0109be61a3c815
Because the fake clock is getting out of sync with the real clock
for the nonce flood tests, add a call to TestSleep::SyncFakeClock()
in Clock::GetCurrentTime() to force a sync.
Merged from http://go/wvgerrit/133223
Test: duration_use_case_test and nonce flood tests on bonito
Bug: 198329759
Change-Id: Idfd92c6cc57750a52477189461220c682b302082
Drm tests have moved to android.mediadrm.cts package.
As part of bug b/171226061 to separate DRM test
classes to enable better tracking of test failures
through the OWNERs files.
Also remove obsolete MediaPlayer2DrmTest to match
ag/15388921 once it is merged.
Test: atest CtsMediaDrmTestCases
Bug: 190625926
Change-Id: I906889b32ac6be2335757fc4e17ca4b695236b4a
