[ Merge of http://go/wvgerrit/151571 ]
The android OS version has been updated to 13. Updating WV tests as well.
CDM version has been updated previously, so no additional changes are needed.
Bug: 231646284
Test: WV unit/integration tests
Change-Id: Ifaf2fe1f04627654725b1b221d8c3dc30029ac6c
[ Merge of http://go/wvgerrit/151191 ]
Within the CDM and OEMCrypto tests, there were a few OEMCrypto function
calls where the final size of the output buffers were not being
resized. For several of these functions, an initial call is made with
zero-length output buffers, expecting OEMCrypto to return
ERROR_SHORT_BUFFER; followed by a call with buffers at least as large
as specified by OEMCrypto. However, for some operations, OEMCrypto
makes an estimate on the final size on the first call, specifying the
exact size only after performing the operations.
This is the case for the wrapped key returned by
OEMCrypto_LoadProvisioning(). The provisioning response contains a
padded + encrypted DRM key. OEMCrypto does not know the actual size
of the key until decrypted, and the actual DRM key might be smaller.
There was a OEMCrypto test for OEMCrypto_BuildInformation() which
was enforcing the wrong behaviour. This has been updated.
Bug: 230661565
Test: oemcrypto_test
Change-Id: Iad297d56ffbb085894641fdf8698ce5fd18edbf2
In TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(),
LoadResponse() should be called after EncryptAndSignResponse() so this
is moved in this CL.
Bug: 231368221
Test: OEMCryptoMemoryLoadLicense tests
Change-Id: I7a0224afb21c3ab1d896ce3cfb64e1ad544a581a
Merged from https://widevine-internal-review.googlesource.com/148554
This change was merged to master but missed in tm-dev when we stopped
the auto merging to tm-dev. Manually cherry picked it.
Test: ran OPK unit tests
Bug: 230820162
Bug: 180530495
Change-Id: Ib23f07f84096650beb4dd1950105db01e004d484
(This is a merge of http://go/wvgerrit/150131 to the Android repo.)
This patch changes the code path in the CDM so that the first-stage
provisioning request for Provisioning 4.0 is always encrypted with the
Widevine service certificate instead of the client-set service
certificate, reflecting that the first-stage provisioning is always
handled by Widevine.
This patch also makes several methods on the ServiceCertificate class
const. This has no impact on their behavior.
Bug: 221443151
Test: prov40 tests
Change-Id: Ide4c3927afadcd45ae7fb629b99e2f55cc29d56e
[ Merge of http://go/wvgerrit/150630 ]
DeviceFiles uses a static variable for tracking license IDs which
have been reserved by a CDM session before officially storing the
license on the device. This variable was not protected by a mutex,
and a rare race condition would arise, either crashing the service
or getting it stuck in a loop.
This CL adds a mutex for protecting the set of reserved IDs.
Bug: 226555704
Test: device_files_unittest
Change-Id: Icdea88673c76c267b4b7db79697ec52ae8e2581e
[ Merge of http://go/wvgerrit/150350 ]
Certain integration tests were depending on the provisioning server
only sending short duration (~2 minute) certificates when testing
the CDM's ability to enforce expiration periods. This behavior of
the server was not reliable, resulting in device test failures from
server behavior changes.
The DRM certificate provisioning server allows the requester to
optionally provide a desired certificate duration in the request
URL. The tests which test the CDM's ability to enforce certificate
durations will now explicitly specify the certificate duration
required by the test.
Bug: 228547158
Test: request_license_test
Change-Id: Ib9ebfdba1451104be0e59baca0b2f23a94cd51e6
[ Merge of http://go/wvgerrit/149469 ]
Created a new test for stressing OEMCrypto's ability to generate
OTA Keybox provisioning requests. This forces the TA to retrieve
keys from KM, generate certificate and sign the request. This is
intended to find any unexpected system degradation within the
device's TA(s).
Bug: 227542259
Test: oemcrypto_test
Change-Id: Ib34f2f801a7fe74ca67aa0a16f68f9ae326de24e
[ Merge of http://go/wvgerrit/148552 ]
Extended the CDM layer to report OEMCrypto's watermarking support.
The reporting of watermarking comes in three (3) mechanisms:
1) ClientCapabilities in license requests
2) CryptoSession metrics when queried to OEMCrypto
3) String property query by apps
If OEMCrypto implementents OEMCrypto_GetWatermarkingSupport(), then
the reported watermarking support by the CDM will match that of
OEMCrypto.
If OEMCrypto does not implement OEMCrypto_GetWatermarkingSupport()
or an error occurs, it is assumed that OEMCrypto does not support
watermarking, and the CDM will report "Not Supported".
Bug: 226443788
Test: run_x86_64_tests request_license_test and license_unittest
Change-Id: Id929a356c395e6bcf45d371ee6887eec40d35329
[ Merge of http://go/wvgerrit/149130 ]
When re-initializing OEMCrypto for testing purposes, the
UsageTableHeader must be reset as well. This is to inform future
sessions to load or create a new header before creating new entries.
Bug: 219075437
Test: request_license_test and MediaDrmTests GTS
Change-Id: Ie8bc72bc7ea079d21587e114223fcb67547c756a
[ Merge of http://go/wvgerrit/148469 ]
OEMCrypto_GetOEMPublicCertificate needed to be called
before the OEM private key was loaded due to a bug in OEMCrypto.
The bug has been addressed and the call can now be removed.
OEMCrypto_GetOEMPublicCertificate is only applicable to
devices with OEM certs as their root of trust. Devices with
keyboxes (or BCC) as their RoT would return a spurious
error OEMCrypto_ERROR_NOT_IMPLEMENTED. Removing the call
addresses this as well.
Bug: 190231658
Test: WV unit/integration test
Change-Id: I8216ca5a78b8c2acb5681c7f599cdc41efdf9fc7
[ Merge of http://go/wvgerrit/148450 ]
This CL adds threading requirements to the method doc-comments of
UsageTableHeader.
Bug: 189366337
Test: usage_table_header_unittest
Change-Id: I671f702d3e8ec219cc8daaa220133cb8cec183c8
[ Merged from http://go/wvgerrit/148451 ]
This step is a prelude in adding Widevine unit tests that
use AIDL interface.
Test: ./build_and_run_all_unit_tests.sh
Bug: 217247987
Change-Id: I449050819e6c9b0261066997dd45a6103b3a9a7a
Merged from http://go/wvgerrit/146409
The original http://go/ag/16984707 was reverted due a
merge conflict from tm-dev to master, which
is now fixed by http://go/ag/17035190.
Bug: 219538389
Test: atest GtsMediaTestCases
Test: ./build_and_run_all_unit_tests
Change-Id: I95b639cf7ec138e809540db7a3fc0a234c7f4b2a
The OEMCrypto utils have been copied over from the CDM repo.
Tests have been excluded for this CL.
Files represent a snapshot taken from http://go/wvgerrit/148270
and http://go/wvgerrit/148372.
Bug: 205902021
Change-Id: I1a58952cd1436a48974367c5436bf7296163e6f1
[ Merge of http://go/wvgerrit/148157 ]
Fail the test if the returned type is other values.
Bug: 224375138
Test: GtsMediaDrmTests
Change-Id: I4abad9d69865cac99654d3dedd443463dd728a58
* changes:
Change the signature format requirement of OEMCrypto_GenerateCertificateKeyPair
Fix EnsureProvisioned for double provisioning
Update fuzz tests to match output desriptor struct
Use default url to inform app of prov40 stages
Fix key_control_iv in OEMCrypto tests
Fix jenkins/opk_optee after v17 merge
Remove old test license holder
Generic crypto tests: use license holder
Reboot tests: verify offline license is valid after reboot
Policy integration tests: use license holder
Integration tests: add license holder
Reboot test: Initialize fake clock
Reboot test: save large files
Test max number of DRM private keys
Merge oemcrypto-v17 to master
Update cipher mode elsewhere
Fix 1 ClangTidyBuild finding:
Add out of bounds testing for LoadKeys()
Separate invalid session test for ReuseUsageEntry
[ Merge of http://go/wvgerrit/147593 ]
As we have decided to use hw_bcc service in Trusty to generate BCC and
sign the generated certificate public key, we need to change the
signature format to cose-sign1, which is defined by hw_bcc API.
Bug: 221496117
Test: GtsMediaTestCase on sunfish
Change-Id: I30739a0f0ae49291d343db46ad9e898663985cc8
[ Merge of http://go/wvgerrit/147110 ]
The OEMCrypto_DestBufferDesc had fields address/address_length renamed
to clear_buffer/clear_buffer_length in v17. However this was not updated
for the fuzz tests thus causing some code coverage errors. This should
fix those errors.
Merged from https://widevine-internal-review.googlesource.com/146889
Bug: 220946359, 220946990
Test: GtsMediaTestCases on sunfish
Change-Id: I2837de2f79c0e731d072e3712d6b769df17a1c7e
