[ Merge of http://go/wvgerrit/110923 ]
The CDM is responsible for telling OEMCrypto the underlying DRM
private key type when loading it into a session. To do this, the
CDM must determine and store the key type of a successfully loaded
provisioning response. The type of key is available from the
DRM certificate proto that is provided in the reponse.
This change introduces a class to contain the wrapped key and
type together. To store the type, the CDM device files have been
updated to include a key type with the DRM certificate and to
store from and load to the new class.
Unittests have been updated for using the new class where the
wrapped key was used before.
Test: Linux unit tests
Bug: 140813486
Change-Id: I09249afe9c291632fb651ecd00eac697d6939ec7
(cherry picked from commit 6c457402e944079271cef488aa4699f986da6a2e)
Merged-In: I09249afe9c291632fb651ecd00eac697d6939ec7
[ Merge of http://go/wvgerrit/110824 ]
When generating a provisioning request, the CDM includes the different
certificate key types that are supported.
This change will enable the reporting of ECC certificate types if
OEMCrypto supports them.
Test: Linux unit tests and Android integration test
Bug: 140813486
Change-Id: I713ff1c469dff5c8a41461727ce63486d962575e
(cherry picked from commit 547d2f8775)
Merged-In: I713ff1c469dff5c8a41461727ce63486d962575e
[ Merge of http://go/wvgerrit/106203 ]
CdmSigningAlgorithm are converted into OEMCrypto_Algorithm enums
before being passed as parameters to OEMCrypto generic crypto functions.
The OEMCrypto_Algorithm variables should never be set to values not
specified in the enum declaration.
These private methods have also been moved to the anonymous namespace.
Bug: 168774486
Test: WV unit/integration tests
Change-Id: Ie570a3cf4447b6c133076baa0909d562824c8e4a
[ Merge of http://go/wvgerrit/108064 ]
The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the core directory.
Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I8ae5a10cbfdf7faae6a2735e57b33729763f10b8
(This is a merge of http://go/wvgerrit/97083.)
The switch from LoadKeys to LoadLicense broke entitlement licenses
entirely because the LoadLicense path in CryptoSession didn't include
any affordances for updating the KeySession, unlike the LoadKeys path.
This patch adds code to handle this.
Bug: 152814106
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: Id0c33a566e17e6be8da04e12be4b0fc87559aa8f
[ Merge of http://go/wvgerrit/95405 ]
There are several OEMCrypto functions that do not require an open
session to be called. This change updates the OEMCrypto functions
related to the Usage Table Header.
Bug: 150888316
Test: Linux unit tests and Android build
Change-Id: Ic879876dd190fb3e058bbe8e0cce37273030b105
[ Merge of http://go/wvgerrit/95508 ]
The provisioning ID length will be 32 bytes when the device supports a
keybox or OEM certificates and does not implement |OEMCrypto_GetDeviceId|.
If a device supports OEM Certificates and implements |OEMCrypto_GetDeviceId|
it may be an arbitrary length upto 64 bytes.
Bug: 150393659
Test: WV unit/integration tests
Change-Id: I5e4dbc8f2f9ca326425d0313f4823b72bd6ac7c0
(This is a merge of http://go/wvgerrit/95003.)
To reduce the number of OEMCrypto calls on the decrypt path, the maximum
subsample size will now be cached after the first call to retrieve it.
Bug: 150018606
Test: Android Unit Tests
Test: CE CDM Unit Tests
Test: ExoPlayer high-bitrate playback on OEC v15
Change-Id: I0b5d38d8a082c0a127d2a47f112b76c64085bddb
[ Merge of http://go/wvgerrit/94483 ]
With OEMCrypto V16 comes a new potential error code from calls to
DecryptCENC(). WARNING_MIXED_OUTPUT_PROTECTION may be returned by
supporting devices if one of the output devices does not meet the
required HDCP level for the decryption key/license; however the output
is instead restricted (by OEMCrypto) to devices that are secure. This
warning is informative to the CDM; but no action can/should be taken
by the CDM.
In addition, if DecryptCENC() returns an error/warning, it is likely
that the same status code will be returned on subsequent calls to
decrypt within the same crypto session. To reduce the number of logs
the CDM produces within the same crypto session only changes in error
codes are logged.
Bug: 140825538
Change-Id: Iaf9da3f0c88889525f73f3153a5977c8416286bb
(cherry picked from commit d9c703ef9e)
Merged-In: Iaf9da3f0c88889525f73f3153a5977c8416286bb
(This is a merge of http://go/wvgerrit/93829,
http://go/wvgerrit/93830, http://go/wvgerrit/93832,
http://go/wvgerrit/93833, and http://go/wvgerrit/93834 from the
Widevine repo.)
This implements the CDM code changes necessary to take advantage of
Combined Decrypt Calls on OEMCrypto v16. The result of this is that
WVCryptoPlugin is much lighter now because it can pass the full sample
down to the core in one call, but CryptoSession is heavier, as it now
has to handle more complex fallback logic when devices can't handle
multiple subsamples at once.
This patch also removes support for the 'cens' and 'cbc1' schema, which
are being dropped in OEMCrypto v16. This fixes an overflow in the code
for handling those schemas by removing it entirely.
This patch also fixes the "in chunks" legacy decrypt path to use larger
chunk sizes on devices with higher resource rating tiers.
Bug: 135285640
Bug: 123435824
Bug: 138584971
Bug: 139257871
Bug: 78289910
Bug: 149361893
Test: no new CE CDM Unit Test failures
Test: Google Play plays
Test: Netflix plays
Test: no new GTS failures
Change-Id: Ic4952c9fa3bc7fd5ed08698e88254380a7a18514
[ Merge of http://go/wvgerrit/89848 ]
Apps query a number of properties at initialization. The mediaDrm
API getProperty allows the query of a single property at a time.
This causes a series of requests. If no crypto
sessions are concurrently open, a series of expensive OEMCrypto
Initialization and Termination calls will occur.
In this change OEMCrypto termination is delayed. If an OEMCrypto
Terminate is followed in close succession by an Initialize, neither
will occur avoiding the overhead. A timer enables a countdown process.
If no session activity occurs, the timer will eventually terminate
OEMCrypto and exit.
Bug: 136282358
Test: Android unit/integration tests
Change-Id: I442b7919b4e7835c52583516c8bc64d0c150241d
Merge of http://go/wvgerrit/93404
This CL updates the Widevine CDM to support OEMCrypto v16.1
Test: Tested in 16.2 CL
Bug: 141247171
Change-Id: I69bd993500f6fb63bf6010c8b0250dc7acc3d71b
[ Merge of http://go/wvgerrit/89906 ]
The change allows the GetDecryptHashSupport method to return
an error.
Bug: 144851430
Test: WV android unit/integration tests
Change-Id: Ib3b95788adb21b5ed0daee51ad338f9674b04c3c
[ Merge of http://go/wvgerrit/87964 ]
A preliminary test has been added, more to follow.
Bug: 142747616
Test: android unit tests
Change-Id: Ida8eb853c14f73f60f7bc354f14a02224c2ce66c
[ Merge of http://go/wvgerrit/80805 ]
This change was used only where `typedef` was used for type aliasing,
and not for defining a new type (such as enums, structs, or function
pointer types).
Clang-format was used on the changed files.
Test: WV unit tests
Bug: 134437705
Change-Id: I730b9709a5ac773b3036daa79024caab665b3daa
[ Merge of http://go/wvgerrit/80483 ]
Clang-format has been run on files in core/include
Bug: 134365840
Test: WV unit/integration tests
Change-Id: I890127f23f30f0e63f826d3638521b4cc12fb995
Merge from Widevine repo of http://go/wvgerrit/78623
This updates the license request client identification to include
OEMCrypto build information.
Bug: 129070445
Test: ExoPlayer on crosshatch with mod mock
Change-Id: I0dbce0cca4e9810e14f60561e4e434f1dbcadfb6
(This is a merge of http://go/wvgerrit/72867)
This patch replaces the previous static std::mutexes in CryptoSession
with shared_mutexes, allowing multiple readers to access the resources
they protect. For the shared fields, this means only Initialize(),
Terminate(), and the code that sets up the usage table headers needs
exclusive access. All other CryptoSession code is able to read these
fields in parallel.
For OEMCrypto, the static OEMCrypto lock is joined by a per-session
std::mutex, which are used in concert to enforce the OEMCrypto v15
threading guarantees.
On my machine this results in a noticeable increase in performance for
the parallel unit tests.
Bug: 70889998
Bug: 118584039
Test: CE CDM Unit Tests
Test: Android Unit Tests
Test: Jenkins Tests
Change-Id: Ie6332ae4926ed4f14af897685d37bfe63831b14f
(This is a merge of http://go/wvgerrit/71324)
This patch increases the granularity of the locking in CryptoSession
without substantially changing its locking semantics. Where before
there was a single |crypto_lock_| performing multiple duties, now
there are three locks:
1) |static_field_lock_|, which is used when needing to access the
non-atomic static member fields of CryptoSession.
2) |oem_crypto_lock_|, which is used when needing to call into
OEMCrypto.
3) |factory_lock_|, used only by the functions that interact with the
CryptoSession factory.
All the code in CryptoSession has been updated to use these locks. It
has also been updated to only hold them for the minimal amount of time
necessary, as opposed to holding them for a whole function. This should
help some with the ability of CryptoSession calls to happen
concurrently. To assist in taking locks in a consistent manner, two
helper functions, |WithStaticFieldLock()| and |WithOecLock()| have been
added. Also, for the very common case of reading |initialized_|, the
accessor |IsInitialized()| will read the value safely.
While changing all the code to lock differently, I found that some
places in CryptoSession were *not* locking before accessing static state
or calling into OEMCrypto. I have made these callsites consistent with
the rest of CryptoSession.
As a result of taking locks for only the minimum time necessary, it is
no longer necessary for functions to make assumptions about whether the
lock will already be held before they are called. Locks should not be
held while calling helper functions, and code should always take a lock
for the brief time it is necessary to do so.
In tests, including the concurrent unit tests coming in the following
patch, this code did not perform substantially better or worse than the
code that preceded it, but the hope is that it will experience less
contention on devices that are more resource-constrained than my
desktop, such as older game consoles.
This patch appears to address some real threading issues. Hopefully, it
will also make it easier to maintain soundness in the future and to
reason about when code in CryptoSession needs to take a lock.
This is the first step to implementing the "Finer-Grained Locking in
CryptoSession" specification. A future patch will make some of these
locks reader-writer locks, to allow even greater parallelism.
Bug: 70889998
Bug: 118584039
Bug: 123319961
Test: CE CDM Unit Tests
Test: Android Unit Tests
Test: GTS
Test: Play Movies
Test: Netflix
Change-Id: I346c04a5d9875723db54af33ee91772bf49ca12f
[ Merge of http://go/wvgerrit/71326 ]
Nonce flood, frame size, session and system invalidation errors
will now bubble up to the app. OEMCrypto v15 returns
OEMCrypto_ERROR_BUFFER_TOO_LARGE, OEMCrypto_ERROR_SESSION_LOST_STATE,
OEMCrypto_ERROR_SYSTEM_INVALIDATED and a variety of nonce errors.
These will be reported to HIDL as OUTPUT_TOO_LARGE_ERROR,
ERROR_DRM_SESSION_LOST_STATE, ERROR_DRM_INVALID_STATE and
ERROR_DRM_RESOURCE_CONTENTION.
Bug: 120572706
Test: Unit/Integration tests
Change-Id: Ida177300046327ce81592a273028ef6c3a0d9fd9
(This is a merge of http://go/wvgerrit/70667)
Request ID Index generation has historically worked by incrementing a
shared variable in one place and reading it in another place and
trusting the fact that CdmLicense calls these operations in a certain
order and only once per session to give each session a unique value.
This patch cleans this up a bit, having each session store the current
Request ID Index at the same time as it stores its Request ID Base. This
guarantees that each CryptoSession will receive a unique but stable
combination of Base and ID rather than relying on the calling pattern.
Since all this generation happens during the same function, the full
Request ID can be generated up-front and stored, making
GenerateRequestId() no longer necessary.
This patch also simplifies the threading story around this shared state
by using a std::atomic<uint64_t>. Bringing the code that interacts with
the shared state together into one place and replacing it with atomic
operations will simplify locking around this code when CryptoSession
locking is revamped in a future patch.
Bug: 70889998
Bug: 118584039
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I12d2f6501f872f1973e5a9af5125ca03f23e5a56
[ Merge of http://go/wvgerrit/69724 ]
Some queries no longer require a session to be opened before they
can be answered - security level, current HDCP level, max HDCP level,
usage support, number of open sessions, max sessions,
OEMCrypto API version, current SRM version, SRM update support,
resource rating tier and OEMCrypto build information.
b/117104043
Test: WV unit/integration tests
Change-Id: I92f8249e5599860da8cbf42d3b16f25515a46c55
[ Merge of http://go/wvgerrit/68083 ]
Add ability to query decrypt hash support, set a hash computed over a frame
and retrieve the last error at a later point.
Bug: 34080802
Test: WV unit/integration tests. New tests added to cdm_engine_test,
libwvdrmdrmplugin_hidl_test and request_license_test.
Change-Id: I7548c8798c873a6af3e1cfc0df57c117e1e474a6
[ Merge of http://go/wvgerrit/67884 ]
Now that we can use C++11, we should use the cross-platform std::mutex
type, not the custom pthread version.
Bug: 111850982
Test: WV unit/integration tests
Change-Id: If2fde2836826c5184609e6b1f3a6511206bd4594
[ Merge of http://go/wvgerrit/67324 ]
This introduces the ability to query resource rating tier information
through the plugin and CDM. Resource rating tiers are also
sent in the client identification portion of the license request.
Bug: 117112392
Test: WV unit/integration tests
Change-Id: I68ac6dfc4362f61150af822bd526e346b5cc4bf7
(This is a merge of http://go/wvgerrit/66643)
The sub-license feature has been removed from the server and packager.
So that we do not have to continue maintaining the code that supports
this feature that never shipped, I am removing it from the CDM as well.
Bug: 113165466
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I5d25844b161e74aa19adf19a29c56e4881aa7304
Merge from master branch of Widevine repo of http://go/wvgerrit/66073
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64083
As part of the update to v15, LoadKeys, RefreshKeys, and
LoadEntitledContentKeys should all use offsets and lengths into the
message rather than a pointer for its parameters. The CDM, tests,
adapters, and OEMCrypto implementations are changed to reflect this.
Test: tested as part of http://go/ag/5501993
Bug: 115874964
Change-Id: I981fa322dec7c565066fd163ca5775dbff71fccf
(This is a merge of http://go/wvgerrit/65782)
We have had our own scoped_ptr implementation that is used throughout
the codebase. Now that we support C++11, we can replace these with
std::unique_ptr.
Doing this replacement exposed a few places where the two were not
interchangeable. OEMCrypto Ref was doing some unsafe things with passing
scoped_ptrs to functions and has been updated to use move semantics. And
a few constructors were explicitly constructing a scoped_ptr with NULL,
which is ambiguous with std::unique_ptr. These have been replaced with
default constructor calls.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I37d6d7aad4906709381c74f0c5439f826d2be768
Merge from Widevine repo of http://go/wvgerrit/56520
This CL adds a test base that installs a test keybox and catches nonce
flood errors for all CDM tests.
In order to do this, a new class is added called a
CryptoSessionFactory. The default factory just creates a new
CryptoSession. All places in the code that create a new CryptoSession
now call the static method MakeCryptoSession, which uses the current
factory to create a CryptoSession. If MakeCryptoSession is called and
there is no current factory, a default factory is created.
The CryptoSession constructor is now private, so that we do not
accidentally try to create one without using the factory.
For the new test base, we first create a special test
CryptoSessionFactory that creates a TestCryptoSession. The test
factory catches the first call to MakeCryptoSession and injects an
installation of the test keybox after OEMCrypto_Initialize is called.
The TestCryptoSession injects a sleep statement and a retry whenever
it detects a nonce flood.
Test: current unit tests still pass.
bug: 72354901 Fix Generic Crypto tests.
bug: 111361440 Remove #ifdef from unit tests
Change-Id: I248e7f3c53721c04d2af412ef835e19bb4d15d9a
Merge from Widevine repo of http://go/wvgerrit/49820
Devices with baked-in DRM certs cannot be reprovisioned. As such, we
must protect them against being unprovisioned. Currently, our unit
tests break such devices by attempting to unprovision them. This patch
adds code to block the Unprovision() call on these devices.
Bug: 69264798
Test: CE CDM Unit Tests
Test: tested as part of http://go/ag/4674759
Change-Id: I49322dcb2d3d5c7953e870eb91a9e0b978d4dabe
Merge from Widevine repo of http://go/wvgerrit/46204
Refactor utility code - split the mock, step 1
Merge from Widevine repo of http://go/wvgerrit/46205
Move some OEMCrypto types to common header - split the mock, step 2
Merge from Widevine repo of http://go/wvgerrit/46206
Split mock into two -- step 3
Merge from Widevine repo of http://go/wvgerrit/47460
Split the mock into two -- step 3.5
The CL moves several files used by oemcrypto and cdm into a common
subdirectory, so that it may more easily be shared with partners.
The CORE_DISALLOW_COPY_AND_ASSIGN macro was moved to its own header in
the util/include directory.
This CL removes some references to the mock from other code, and puts
some constants and types, such as the definition of the keybox, into a
header in oemcrypto.
Test: tested as part of http://go/ag/4674759
bug: 76393338
Change-Id: I75b4bde7062ed8ee572c97ebc2f4da018f4be0c9
Merge from Widevine repo of http://go/wvgerrit/47860
This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.
bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
[ Merge of http://go/wvgerrit/46907 ]
The WV client supports root of trusts as keyboxes or OEM certificates.
Devices with keyboxes use provisioning 2.0 protocol to provision
while those with OEM certificates use 3.0. L3 provisioning failures
occur if the L1 and L3 root of trusts differ.
The provisioning method is now retrieved and cached when the
security level is known, when the session is opened.
Earlier it was retrieved and cached at initialization time and
always set to the value of L1 OEMCrypto (if present). This led
to provisioning failures.
A case of acquiring a lock while one was held in GetProvisioningId()
has also fixed.
Bug: 77606913
Test: WV unit/integration tests
Change-Id: I2d66ee2cf64f846cec4a37fbccb554447c8a0e1d
[ Merge of http://go/wvgerrit/42103 ]
* While deprecating keyboxes as identification, some code to
restore a license was mistakenly removed in http:://go/wvgerrit/36740,
http://ag/3442777
* Corrections to keep track of cipher mode, call SelectKeys when cipher
mode changes and to use the backward compatible LoadKeys call in case
OEMCrypto is v13.
Bug: 70160032
Test: Ran WV unit/integration tests. Request license test failures
have been addressed.
Change-Id: Id03c50874085af6d9985d10c19a74a02efb7a1f5
* changes:
Fix some unit tests
Add basic handling for entitlement keys in a license.
Refactor key sessions to move them out of crypto session.
Fix entitlement keys encryption and content key loading.
Merge from Widevine repo of http://go/wvgerrit/41834
Key rotation is not yet supported.
The key statuses are updated from a license. The
mechanism expects content keys tro come in a license.
For entitlement licenses, the content keys come in the
init_data.
This code does not yet support the key rotation event.
(A new pssh with wrapped keys is a passed to the cdm)
The policy engine/key status mechanism needs to be
updated to handle updated from the init_data.
For now, the cdm builds a license with a key container
with the content keys and used that to call
PolicyEngine::SetLicense to setup the policy engine
and key statuses.
Bug: 64003606
Bug: 70334840
Test: In child CL
Change-Id: Ibf46a18f5321cab4ff6f1778ba30527942c8021f
[ Merge of http://go/wvgerrit/41840 ]
Bug: 69867619
Test: WV unit/integration tests
Playback using netflix and play movies on Taimen
Change-Id: I49d0dd9ae12322eecc80efb8cb744419c85e8ae5
This is a merge of Widevine cl 39040.
A few of the metrics were not implemented, or implemented incorrectly in
O MR1. This cleans them up
Bug: 64001676
Test: Re-ran unit tests and added some additional tests. GPlay Movies check.
Change-Id: I1e8bcc36fecd76e72d853306075bc46d82f45161
This CL adds entitlement license features and moves cipher mode from
LoadKeys to SelectKeys.
Merge from Widevine repo of http://go/wvgerrit/41660
bug: 70334840 Entitlement License - cdm layer
bug: 70334345 Entitlement License - reference code and unit tests
test: Entitlement license unit tests pass.
Change-Id: Ic7d7f42c15e6d83ef7fcfd8a866c778adc4c8095
These are a set of CLs merged from the wv cdm repo to the android repo.
* Get System ID From OEM Cert
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37940 ]
(This is a merge of http://go/wvgerrit/30220 . However, it has been
significantly modified in the merge due to needing to support both
OpenSSL and BoringSSL.)
Previously, extracting the system ID was only supported on Keybox-based
systems. This patch adds support for extracting the system ID from the
OEM Certificate chain on Provisioning 3.0 devices. This is done by
getting the Widevine intermediate cert from the chain, finding the
Widevine System ID extension in that cert, and extracting the value.
The code that does the extraction is separate from any code that calls
OEMCrypto so that it can be unit-tested in isolation. This patch adds a
crypto_session_unittest test to do this unit-testing.
Bug: 34776194
Test: crypto_session_unittest
Test: widevine_ce_cdm_unittest
* Remove unique_ptr from oemcrypto mod mock
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/38500 ]
Because we can't have C++11.
Bug: 69935608
* Update CHANGELOG.md
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38460 ]
- Add items about adapter support.
- Add mention of SRM support.
Merged from cdm_partner_3.5
(Change-Id: I6d891e157edc3afb2797bf281ef3f06bdb8fe474)
* Add Adapter for OEMCrypto v13 to v12.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38440 ]
Also fix OEMCrypto_LoadKeys() definition broken by wvcl/38160
(srm_requirement param).
* Allow certain warnings in protobuf build.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38424 ]
maybe-uninitialized is triggered in release build. Allow it.
* Enable -fPIC for jsmc.c build.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38423 ]
-fPIC was removed for common c/c++ build rules. Add it back.
* Missing OEMCrypto_LoadKeys param in static adapter.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38422 ]
srm_requirement param was omitted in v11 static adapter.
* Remove OEMCrypto v12 specification.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38421 ]
* Update documentation for v3.5.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38420 ]
* Added padded preprov key for 7880
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/36924 ]
Bug: 68765915
* Change overrides in CE L3FileSystem
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/38380 ]
The 'override's are changed to the macro defined in override.h to
be gnu++98 compliant.
* Use source android level3 + add cache_flush call
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37900 ]
I put both changes in this CL since I have to generate Level3 libraries
for both anyways. The first change involves shifting from using a
prebuilt static library to using an obfuscated source library output
from the Haystack tool on google3. The second change is from here:
https://critique.corp.google.com/#review/176536782, and addresses
b/69387416. Since the cache_flush function wasn't being used, the
execution on Angler gave inconsistent segfaults, which this CL fixes.
Verified on Angler, Sailfish, and Linux.
11/27/17: Added mips and mips64 libraries.
* Make CDM result codes constexprs
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38280 ]
The values in the enumeration list of CdmResponseType error codes
were earlier implicit. Comments were added to denote the actual
values. This changes to make it fixed values, which makes it slightly
more error prone, but cleaner when errors are retired.
* Change watchdog timer to 2 minutes
[ Merge of http://go/wvgerrit/36340 ]
This relaxes the watchdog timer around the level 3 oemcrypto
initialization to 120 seconds. There are also a couple of new log
messages at the end of initialization and at termination.
Library for arm updated:
level3/arm/libwvlevel3.a Level3 Library 4445 Oct 4 2017 17:06:25
Bug: 65379279
Merged from https://widevine-internal-review.googlesource.com/35480
* Add test to get service certificate from server.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37780 ]
This was extracted from Ic38dd27d06dc7528ae4cd995da4261fe6c34ad55
* Add watch dog timer to OEMCrypto L3
commit ec624ea483cbf8fb3d4e8f393bc25c90a0e29d4b
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/34260 ]
This code adds a watchdog timer to the level 3 initialization. If
initialization does not finish within 5 seconds, the process
will abort, printing a small amount of debugging information.
arm/libwvlevel3.a Level3 Library 4445 Sep 11 2017 14:05:15
Test: unit tests on bullhead. Video on Play Movies.
GTS tests run on loop overnight.
Bug: 65379279
Merged from https://widevine-internal-review.googlesource.com/33540
* Remove libwidevinehidl_utils dependency
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37822 ]
libwvdrmcryptoplugin_hidl has a dependency on libwidevinehidl_utils
which was introduced due to an out of order merge from oc-mr1-dev
to master.
Bug: 69573113
* Automatically generate log location information
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36563 ]
Currently class and method names are manually added to each log message
in the CDM on android and some other platforms. This change prepends
log messages with file name, line number and function name automatically.
The code is platform specific so it can be enabled and the precise
format configured on a per-platform basis.
As an example, here is a log on android before the change,
11-01 02:48:48.658 D/WVCdm (32198): CryptoSession::Open:
Lock: requested_security_level: Default
and after,
11-01 02:48:48.658 D/WVCdm (32198): [crypto_session.cpp(1108):Open]
Lock: requested_security_level: Default
A follow on CL will remove the manually added class/method information.
Bug: 9261010
* Fix BoringSSL Compatibility of oec_session_util.cpp
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37121 ]
A previous change inadvertantly used APIs from OpenSSL that do not exist
in BoringSSL in oec_session_util.cpp. As a temporary fix until we can
move all targets to BoringSSL, this patch switches that file to use
conditional compilation to choose the correct API depending on the
library in use. It does not otherwise change the behavior of the file.
Bug: 67908123
Test: wv_ce_cdm_unittest on x86-64
Test: linux_unit_tests
* Create local shared_ptr implementation
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37600 ]
Derived from protobuf version, which came from google3.
Removed locking (not thread-safe) and removed weak pointers (not
needed for usages in CDM).
Locking can easily be added if needed.
* Revert C++11 usage - back to gnu++98
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37440 ]
These changes roll back C++11-specific constructs:
std::unique_ptr -> std::auto_ptr
container initializers
nullptr -> NULL
std::shared_ptr to local shared_ptr
compiler flags (-std=c++11 -> -sdt=gnu++98)
NOTE: the "local" shared_ptr implementation is temporarily
a direct reference to the shared_ptr implementation in
third_party/protobuf. This has been fixed (implementation
extracted and moved to core/include) in CL 37600.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: Ie09ecb970aa06fe9301ac255375ca7d8e7ead8bc
These are a set of CLs merged from the wv cdm repo to the android repo.
* Make Android NDK Builds Work With Latest BoringSSL
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37000 ]
The latest updates to BoringSSL require C99 or later. Our NDK-based
builds (OEMCrypto Variants & Fastball) were not specifying a C standard.
This patch adds compiler flags so that C files are compiled as C11 now.
Note that this is about the *C* standard in use, not the *C++* standard,
which this patch leaves untouched.
BUG: 67907873
Test: build_android_mock.sh
* Update BoringSSL to f7412cb072cc6b1847140e0c4f8b3ceeccd0e708
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36761 ]
This is the result of running UPDATE_BORINGSSL.sh. Future runs of this
script should produce much smaller sets of changed files, but because
the BoringSSL revision already in this directory was so old and
contained many extraneous files from the Android operating system, the
set of changed files is extensive this time.
BUG: 67907873
* Refactoring the build files.
Author: Vasantha Rao Polipelli <vasanthap@google.com>
[ Merge of http://go/wvgerrit/37041 ]
Move all common build dependencies to .gypi so that all fuzz test
binary targets can be added to .gyp file without repeating code.
* Introduce service certificate request property
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36941 ]
Platforms differ on whether they allows service certificates to be
requested if privacy mode is enabled and a certificate is not present.
This property allows behavior to be configurable.
Generating the service certificate request will be introduced
in a follow on CL.
BUG: 68328352
* Deprecate using keyboxes as identification
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36740 ]
Previously some platforms supported using keyboxes rather than
certificates as the identification tokens in the license request
message. All platforms that share core CDM code of the master branch now
either provision using a keybox and use a DRM certificate or an
OEM certificate as identification. No future usage of keyboxes
as identifying tokens is planned.
Since the platform property use_certificates_as_identification
is always set to true, the negative code paths are never taken and
can be removed.
* OEMCrypto_GenerateSignature API Fuzz Test.
Author: Vasantha Rao Polipelli <vasanthap@google.com>
[ Merge of http://go/wvgerrit/36863 ]
- The first automated API fuzz test.
- Also sumitting the corpus for the API fuzzed.
* Add Script to Update BoringSSL from Source
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36760 ]
Adds a script to third_party/boringssl/ that, when run, deletes all the
auto-generated files in the generated/ directory and regenerates them
from scratch, starting from the latest public HEAD of BoringSSL.
Bug: 67907873
* Fix Fastball / OEMCrypto Variant BoringSSL Makefiles
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36926 ]
Previously, when moving the BoringSSL source within the tree, I was not
able to verify that I had not broken the NDK-compatible makefiles used
by Fastball because that build is broken on master. I had to make a
best-guess as to how they should be updated and hope.
Now, however, I have been informed that the OEMCrypto Variants also use
these makefiles, and I have been able to use that build to find where I
broke them and get them fully working.
Bug: 67386164
Test: build_android_mock.sh
* Add kit/ to BoringSSL Include Path for Fastball & OEMCrypto Variants
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36925 ]
When I moved the BoringSSL source in the tree, I updated the Android.mk
files that pointed to it in order to build it. I did not realize that
some makefiles outside that directory also contained hardcoded pointers
into that directory. These references broke after the move. This patch
fixes those paths to point to the new BoringSSL location.
Bug: 67386164
Test: build_android_mock.sh
* OEMCrypto Unit Test Refactor.
Author: Vasantha Rao Polipelli <vasanthap@google.com>
[ Merge of http://go/wvgerrit/36562 ]
Refactoring OEMCrypto Tests so the Session Utility test code can be reused in fuzz tests.
* Reorder license server config table to match ids
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36743 ]
* Separate Hand-Written BoringSSL Files from Downloaded/Generated Ones
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36561 ]
I want to make updating BoringSSL as simple as possible for us going
forward. A future commit will add a script that automatically downloads
and sets up the latest version of BoringSSL. To facilitate this script,
a clear distinction needs to be made between the files that can be
downloaded with / regenerated from the BoringSSL source and the files
that are maintained by us by hand.
The version of BoringSSL in this change is exactly the same as the one
already in this directory. It has just been moved one folder deeper.
Bug: 67907873
* Remove BoringSSL Symlinks, They Are Confusing Gerrit
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36560 ]
There are some symlinks in the current copy of BoringSSL that are
causing headaches when I try to upload future changes to Gerrit. These
were inherited from the Android OS and are not used by our build
anywhere. They would be wiped out when I update BoringSSL anyway, but
wiping them out in a separate change before I upload any other changes
avoids confusing Gerrit.
Bug: 67907873
* Add group master key id to support sublicense master
key rotation, and content identification.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36180 ]
* OEMCrypto Fuzzer test framework
Author: Vasantha Rao Polipelli <vasanthap@google.com>
[ Merge of http://go/wvgerrit/36280 ]
- Adding a sample fuzz test.
- Adding build scripts for building the new Fuzz Tests to come.
Design doc: go/oemcrypt_ref_impl_fuzz
* Build Mod Mock with C++ 11
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/36328 ]
This should fix the android oemcrypto mock build:
http://go/wvbuild/job/Android_OEMCrypto_Variants
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: Ic4d5be3118ef97e3f7d386149a2b5d9be8f0a87e
These are a set of CLs merged from the wv cdm repo to the android
repo.
* Android build fixes
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36322 ]
* Address android compilation errors and warnings
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36300 ]
* Gyp cleanup and OpenSSL v10.1 support.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/36001 ]
OpenSSL 10.1 has a small number of incompatible changes.
A desktop system upgrade exposed some issue in the build scripts.
Specifically, the linux build was using both third_party/protobufs (2.6.1)
and the version installed on the system (3.0 in this case). The linux
cdm.gyp depended on cdm/cdm.gyp which caused that plus some
additional issues.
These changes are necessary to support g++ version:
g++ (Debian 6.3.0-18) 6.3.0 20170516
Also did some cosmetic rework on run_current_tests to make it easier
to figure out what is going on when something fails.
Also tweaked some of the compiler settings for g++ support (revisit
this later).
* Refactored Service Certificate encryption to allow encryption of arbitrary data.
Author: Thomas Inskip <tinskip@google.com>
[ Merge of http://go/wvgerrit/36141 ]
* Send cdm test requests to UAT.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36221 ]
This change resolves the all of the
CdmDecryptTest/CdmTestWithDecryptParam.DecryptToClearBuffer
tests.
The license servers will return different keys and keyids.
Sending the request to staging returned key ids and keys that were
not matching what was expected in the unit tests.
* Fix for building L3 OEMCrypto with clang and libc++
Author: yucliu <yucliu@google.com>
[ Merge of http://go/wvgerrit/35740 ]
1. Include <time.h> for time(time_t*).
2. Create endian check union on stack. Clang may create const union
somewhere else, which may cause crash.
* Remove error result when a sublicense session does
not exist. This is not considered an error.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36080 ]
* Set default mock handler for GetSupportedCertificateTypes
for all unit tests and removed the use of StrictMock from
MockCryptoSession.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/35922 ]
The handler for this was only set for one test and resulted
in a number of failures.
* Set default handler for GetHdcpCapabilities. For
now the default action is to call the real
GetHdcpCapabilities of crypto_session.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36140 ]
I also changed the mock to a NiceMock to silence
responses to unexpected calls to GetHdcpCapabilities.
The default handler can be overridden as needed in
the individual tests.
This resolves the policy engine test failures.
* Finalize merge of cdm_partner_3.4 to master.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/35360 ]
This is the final set of updates to merge all v3.4.1
changes into master.
* Embedded license: Sublicense rotation.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/35360 ]
Handle sublicense rotation event.
* Embedded license: Initial license phase.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/34280 ]
Initial license phase - key loading subsession.
* Embedded license: generate session data.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/33722 ]
Generate session data and add it to the license request for
any embedded license material.
* Resolve missing symbol when building cd-cdm
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/35840 ]
* C++11: Replace OVERRIDE def with override keyword
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/35400 ]
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I37d0cb17f255ac6389030047d616ad69f895748c
These are a set of CLs merged from the wv cdm repo to the android repo.
* Resolve intermittent decrypt error.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/35720 ]
The CdmSession's closed state was not properly
initialized resulting in intermittent
SESSION_NOT_FOUND_FOR_DECRYPT errors.
In CdmEngine::Decrypt the session is looked up by
the key id. A list of open sessions is acquired
by calling CdmSessionMap::GetSessionList and each
session in the list is queried to see if it has
the key.
In building the list in CdmSessionMap::GetSessionList,
sessions are only added to the query list *if* the session
is not closed.
The closed status was not initialized and during testing
the query list would not contain the session causing
CdmEngine::Decrypt to return SESSION_NOT_FOUND_FOR_DECRYPT
resulting in the ce cdm api returning widevine::Cdm::kNoKey.
* No support for pre- C++11 compilation.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/35381 ]
* Handle unaligned nonce pointer in RewrapDeviceRSAKey calls.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/35340 ]
The pointer points into a message and it may not be aligned.
Always copy the nonce into aligned memory before checking it.
BUG: 38140370
Add note to CHANGELOG for this.
* Compiler strictness: more checks and code cleanup.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/35300 ]
Use the switches proposed in b/38033653 (as much as possible - some
conflicts with protobufs and gtest prevent fully accepting them).
Switch to clang for x32 build; ensure that both x86-64 and x86-32 builds
compile and link cleanly.
BUG: 38032429
BUG: 38033653
This partially resolves b/38458986
* Android build fixes
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/35102 ]
These corrections address compile warnings and errors for android
and unit tests.
* Embedded License: Add sub license key sessions.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/33680 ]
NOTE: this adds the AddSubSession() method, but it is not yet being
used. Use and proper cleanup is in an upcoming CL.
* Embedded license: Add track label field.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/33660 ]
A new track label field (a string) is added to the key container and the
sub session data objects.
This field will be used in handling sub license requests.
* Embedded license: extract keys from init_data.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/33621 ]
* Embedded license: add protobuf messages.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/33620 ]
also sync the widevine header definition with recent naming changes.
* Improve handling of provisioning response errors.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/33600 ]
Separate out the case of no response and the case
where the message is believed to be a JSON+base64
message but it doesn't parse properly.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I3c86f1c54980b071aec7461ac58541836551f896
These are a set of CLs merged from the wv cdm repo to the android repo.
* Enable Cast for Android Things build.
Author: Thoren Paulson <thoren@google.com>
[ Merge of http://go/wvgerrit/29941 ]
Added a path to make_cast_libwvlevel3 for Android Things. Added the new
system id to the preprocessor guards in android_keybox.cpp. Guarded the
references to stderr in page_allocator.cpp because for some reason they
don't get resolved when we link against the resulting library.
BUG: 63443584
* Resolve memory leaks in use of OpenSSL.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32700 ]
Use of EVP_CIPHER_CTX requires a call to EVP_CIPHER_CTX_cleanup().
* Memory leak in OpenSSL RSA key handling.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32621 ]
This fixes a range of tests. --gtest_filter="CdmDecrypt*" runs
five tests and still loses 5 objects totalling 1320 bytes (down
from 6200 bytes).
* Unit test and mock OEMCrypto memory leaks.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32640 ]
More memory leak cleanup. All remaining leaks are due
to calls to CRYPTO_malloc() without the matching free
(i.e., calls into openssl).
* Clean up memory leaks in tests.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32600 ]
This is the first pass at cleaning up memory leaks. These leaks
were affecting a lot of tests, making it hard to identify more
serious leaks.
Switch to unique_ptr<> pointers for CdmEngine in
generic_crypto_unittest tests for FileSystem object in
mock OEMCrypto's CryptoEngine object.
* Fix broken tests - linux-only & address sanitizer failures.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32460 ]
Fix broken test:
WvCdmEnginePreProvTestStaging.ServiceCertificateInitialNoneTest
Fix failures found by address sanitizer:
DeviceFilesUsageInfoTest.RetrieveByProviderSessionToken
DeviceFilesUsageInfoTest.UpdateUsageInfo
NOTE: address sanitizer cannot handle EXPECT_CALL macros containing
a call with a Contains matcher as an argument, e.g.:
EXPECT_CALL(file,
Write(Contains(certificate, wrapped_private_key, 0),
Gt(certificate.size() + wrapped_private_key.size())))
The address sanitizer reports a crash, issues a report, and stops. A
temporary fix is to replace the "Contains()" argument with "_".
* Usage license handling corrections
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/28540 ]
Validate that offline licenses that do not contain a provider session
token are not handled by the TEE.
BUG: 38490468
Test: WV Unit/integration tests, GtsMediaTestCases,
WvCdmRequestLicenseTest.ReleaseRetryL3OfflineKeySessionUsageDisabledTest
* UsageTableEntry::CopyOldUsageEntry memcpy read out of range.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32220 ]
The function copies the pst from a variable length input vector
into a 256 byte character array. But the length argument was a
fixed value - MAC_KEY_SIZE. Depending on the actual PST length this
can lead to memcpy reading out of bounds or the PST getting truncated.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I81a4593d7d04d0ef6069ce48d0601b6fbdd85de9
These are a set of CLs merged from the wv cdm repo to the android repo.
* Change build options for make protobuf host tools
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/30381 ]
Also revert local change to protobuf/extension_set.cc
This builds after adding -Wno-return-type and -Wno-unused flags.
* OEMCrypto v13 stub
Author: Rintaro Kuroiwa <rkuroiwa@google.com>
[ Merge of http://go/wvgerrit/30004 ]
* Remove merge conflict tags
Author: Edwin Wong <edwinwong@google.com>
[ Merge of http://go/wvgerrit/30120 ]
Remove merge conflict tags for http://go/wvgerrit/29880
* Added Android Things ARM provisioning key to L3
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/29701 ]
BUG: 63443584
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: Ifd867b491dfda5d67d2e225695535b5af9e18260
These are a set of CLs merged from the wv cdm repo to the android repo.
* Correct RELEASE_ALL_USAGE_INFO_ERRORs
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/28742 ]
RELEASE_ALL_USAGE_INFO_ERROR_4 and 5 were introduced and made use of in
http://go/wvgerrit/24022 (branch: oc-dev). The error code definitions
were merged over in http://go/wvgerrit/24602.
When http://go/wvgerrit/24622 from cdm_partners_3.2 was merged to master
(http://go/wvgerrit/27723) there was conflict in error codes. The error
codes were adjusted to RELEASE_ALL_USAGE_INFO_ERROR_3 and 4
and were made use of.
To avoid renaming the errors between oc-dev and master, new errors
RELEASE_ALL_USAGE_INFO_ERROR_6 and 7 have been added to handle the
scenarios noted in the merge from cdm_partner_3.2. The other
errors have been reverted back to RELEASE_ALL_USAGE_INFO_ERROR_4 and 5.
They will be used when http://go/wvgerrit/24602 is merged.
* Address compilation issues
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/28740 ]
These changes enable compilation of most of the cdm code on android
expect for OEMCrypto unit tests (b/62739406) on wv master.
* Add property for binary/base64 provisioning msgs.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28074 ]
Property is "provisioning_messages_are_binary". Its default setting is
false in the CE CDM, but it can be overridden by integrators.
Added section to integration guide that discusses Provisioning Server
message formats and the new property.
Link: https://docs.google.com/document/d/1cBVbhgrajLpDe2W3_vzLzUqzpdDt73chvm4_sZlZlS8/edit#heading=h.hgxw53ddw7jo
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I9168193819974d1ff65d9a94dbd762e45ecc43ca
Below are a set of CLs being merged from the wv cdm repo to the android repo.
* Fix handling of OEM Cert public key.
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/27921 ]
This is a potential fix for b/36656190. Set aside public
key on first call to get the public key, and use it afterwards.
This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(),
which has side-effect of staging the OEM private key.
This also fixes a problem where the public cert string was
not being trimmed to match the size returned by
OEMCrypto_GetOEMPublicCertificate().
* Complete provisioning request/response for Provisioning 3.0
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Fix bug on provisioning request path where GenerateDerivedKeys()
was being called when preparing to generate the signature.
Add message signature verification, and call correct OEMCrypto
routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30).
* Implement Cdm::deleteAllUsageRecords()
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Delete all usage records for current origin. Removes usage
records from file system and retains the PSTs. The deletes
any usage entries matching those PSTs held by OEMCrypto.
BUG: 35319024
* Remove stringencoders library from third_party.
Author: Jacob Trimble <modmaker@google.com>
[ Merge of http://go/wvgerrit/27585 ]
We have a fork of the stringencoders library that we use for base64
encoding. This reimplements base64 encoding to remove the extra
dependency and to reduce the amount of code.
* Add Cdm::deleteUsageRecord() based on key_set_id.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27605 ]
Delete specified usage record from file system usage info and
from OEMCrypto.
BUG: 35319024
* Modifiable OEMCrypto
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/24729 ]
This CL adds a new variant of the OEMCrypto mock code that adjusts its
behavior based on a configuration file. This is intended for
testing.
For example, a tester can set current_hdcp to 2 in the options.txt
file, push it to the device, and verify that a license is granted for
HDCP 2.0. Then the tester can edit the value of current_hdcp to 1 and
push the file to the device. Playback should stop because the license
is no longer valid.
This variant uses a real level 1 liboemcrypto.so to push data to a
secure buffer. That means we can test playback for a license that
requires secure buffers on an Android device with real secure buffers.
BUG: 35141278
BUG: 37353534
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I58443c510919e992bb455192e70373490a00e2b6
