This CL is a merge from the widevine repo of
http://go/wvgerrit/16553 Prebuilt Level 3 OEMCrypto for Android
http://go/wvgerrit/16238 Require OEMCrypto v11 for Android N Unit Tests
http://go/wvgerrit/16484 Shared License Tests (OEMCrypto v11)
http://go/wvgerrit/16448 Pattern Decrypt Unit Tests and Reference Implementation
http://go/wvgerrit/16489 Enforce UNUSED Variables
http://go/wvgerrit/16479 Pattern Decrypt for Level 3 OEMCrypto
http://go/wvgerrit/16280 Correctly handle bad RSA key
http://go/wvgerrit/16315 Security Patch Level - haystack version
http://go/wvgerrit/16282 Correctly handle null pointer in GetKeyData
http://go/wvgerrit/16294 Initialize data for generation number
It contains the Level 3 implementation, as well.
mips/libwvlevel3.a Level3 Library Jan 22 2016 14:30:27
arm/libwvlevel3.a Level3 Library Jan 22 2016 15:03:55
x86/libwvlevel3.a Level3 Library Jan 22 2016 13:52:29
b/26692954 [DRM] OEMCrypto v11 needed for Nexus devices
Change-Id: Ibb1384959620f63a1be1e82ce2952ec9f48f0d3e
Merge from Widevine repo of http://go/wvgerrit/16499
With the increasing number of devices that support multiple screens or
windows, it is desireable to verify that OEMCrypto can have several
sessions open and actively decrypting at the same time.
Calls to OEMCrypto are still serialized -- this is not a threading
test -- but we still have multiple sessions open and decrypt from each
of them.
Change-Id: I5b24f4a464ed05a5b21625c66fe7989644b67a5a
This CL contains the level 3 oemcrypto library built for android. I
used the toolchain from the mnc-emu-release branch because I'm having
problems with the toolchain on master.
This includes the security patch API, and several bug fixes to the library.
Current versions:
mips/libwvlevel3.a Level3 Library Dec 17 2015 21:26:57
arm/libwvlevel3.a Level3 Library Dec 17 2015 21:09:47
x86/libwvlevel3.a Level3 Library Dec 17 2015 21:19:15
http://go/wvgerrit/16371 Level 3 OEMCrypto library
http://go/wvgerrit/16315 Security Patch Level - haystack version
http://go/wvgerrit/16282 Correctly handle null pointer in GetKeyData
http://go/wvgerrit/16294 Initialize data for generation number
http://go/wvgerrit/16280 Correctly handle bad RSA key
bug: 26089773
bug: 26092100
bug: 26086944
Change-Id: I3ea1b5d219dae0c88deafa742f61d67e97297902
Merge from the widevine repo of http://go/wvgerrit/16362
A test class holds a default session that it expects to be able to
close in the tear down. This was not true in the TimingTest because
it calls OEMCrypto_Terminate which closes all open sessions.
This CL closes the default session, and then reopens it again after
OEMCrypto_Initialize.
Change-Id: Ib4128ec3c0a33794c03aa934174cb6fff448483e
Merge of widevine change http://go/wvgerrit/16249
This CL adds unit tests and reference code for the security patch
level, which is a new feature in OEMCrypto v11. This CL also adjusts
the dynamic and static adapters to still run with devices that have a
v10 OEMCrypto.
The level 3 haystack code will be updated in a future CL.
bug: 26188985
Change-Id: I518ef46b4098cf3718fe0c0390bfb6825db4fb6b
Merge from widevine of http://go/wvgerrit/16293
This CL adds ASSERT_NO_FATAL_FAILURE around many subroutines in the
oemcrypto unit tests. This should help debug tradefed tests because
it will cause a test to stop after the first error. This is important
for tests that are failing on OpenSession and then spewing garbage
into the log as every other ASSERT fails after that.
I also replaced the home-grown EXPECT_ALMOST with the standard
EXPECT_NEAR. I also passed the file through clang-format to corect
whitespace problems.
Change-Id: I2c2c1c1dbeac234291dafc9fa8c23da8d270eb4e
Merge from widevine repo of http://go/wvgerrit/16186
These are the OEMCrypto v11 documents and header files. I have updated
just enough code so that existing unit tests pass. New unit tests,
the reference implementation, and the level 3 implementation are in
future CLs.
Change-Id: I9bbf1909e047f63a5877320a2d06740a3c4a3e32
Merge from widevine repo of http://go/wvgerrit/16250
The verification string in the key control block has an obvious
pattern that is incremented every time we update the API. This CL
adds a unit test to make sure an implementation of OEMCrypto is not
casually accepting a future version of the key control block before
the API has even been defined.
Change-Id: I3f837f7346ef7de399441f5fcda9b13b65fa51f4
* Fix strict aliasing error in gcc
[ Merge of http://go/wvgerrit/15856 ]
This also ensures the alignment of 64-bit memory access in a portable
way, without using compiler-specific mechanisms like attributes or
platform-specific mechanisms like memalign.
(The aliasing error does not show up in clang.)
* Return kNotSupported for non-Widevine init data
[ Merge of http://go/wvgerrit/15853 ]
This also improves logging for the init data parser by including a
verbose message for non-Widevine PSSHs and by using a new IsEOF()
method to avoid misleading "Unable to read atom size" logs.
* Cast RSA_size() to int
[ Merge of http://go/wvgerrit/15880 ]
It has been suggested that this may be unsigned on some versions of
OpenSSL or BoringSSL.
* Be strict about warnings for CE CDM
[ Merge of http://go/wvgerrit/15831 ]
* Enable all warnings and treat warnings as errors in the CE build.
* Fix all existing warnings (mostly unused variables, consts, and
functions, and one signed/unsigned comparison).
* Exclude protobuf warnings rather than maintain a divergent copy.
* Fix release build errors
[ Merge of http://go/wvgerrit/15855 ]
* Level 3 Build With Android Emulator
[ Merge of http://go/wvgerrit/15778 ]
This CL rebuilds the level 3 libraries with the android emulator
sdk_phone_*. This seems to avoid problems with the x86 build using
incorrect compiler flags.
These libraries work for arm, x86, mips, arm64, and x86_64. The level
3 library is disabled for mips64.
Versions:
level3/mips/libwvlevel3.a Level3 Library Sep 30 2015 18:29:50
level3/arm/libwvlevel3.a Level3 Library Sep 28 2015 13:18:25
level3/x86/libwvlevel3.a Level3 Library Sep 28 2015 13:08:28
Change-Id: I1e50aa78bdc84ecb905f2e55297d4f48b140341c
Merge from Widevine repo of http://go/wvgerrit/14973 and
http://go/wvgerrit/14573.
Some devices were failing the variable length key id tests, so they
were removed from Android while we decided whether the tests are too
strict for future releases.
This CL re-instates the tests with the understanding that the maximum
key id length is 16 bytes, as discussed in b/24469550. If we decide
that it is OK to have longer key ids, then another CL will be needed
to test with those lengths.
bug: 21935358
Change-Id: Ic6b776a8b119daac961c71280994fcc944984d8a
Merge from widevine repo of http://go/wvgerrit/15659
The clang compiler is more strict about C++11. This is needed for
future Android work.
In particular, iostream no longer converts to bool automtically, so
those instances were replaced with ss.fail().
Arrays or structures that appear to be variable length need to be
placed last in a structure. In oemcrypto_test a variable size
structure was replaced with an explicit buffer size, and a check was
added to make sure the buffer is not exceeded.
bug: 20893039
Change-Id: I5e25fc618dcf68262079c15554ee4ceae1858b8b
Copy from widevine repo of http://go/wvgerrit/15390
Because some devices are failing oemcrypto unit tests related to
signing schemes that they do not support, we are relaxing the
requirement that they return the correct error code.
We are still requiring that the device does NOT sign with a forbidden
scheme. However, it is OK if they do not return an error code from
OEMCrypto_GenerateRSASignature. They will be required to return the
correct error code in the next release.
bug: 21668896
bug: 21708882
Change-Id: I1b8a410909b364d0086cba38eadca11aceaac5f6
Merge from widevine of http://go/wvgerrit/15371
incorrectly have leading 0x00 bytes added to all integers. This
leading 0 should only be added to integers that had a leading byte
larger than 0x80 because those would be parsed as negative numbers.
bug: 23105200
Change-Id: I1dd01cc2b83a807bbdb78c079c6ce4e01d41f616
Merge from widevine repo of http://go/wvgerrit/14970
Even if devices cannot handle key ids with different lengths in the
same license, they should still handle keys with a shorter key id.
This is a partial fix for:
bug: 21935358
Change-Id: Ibc84f0b5d7d9bc5d24a2081f0581a2b256e51f44
Merge from widevine repo of http://go/wvgerrit/14933
There was some confusion what the test DecryptWithNearWrap is
testing. This CL adds some expanatory comments.
Change-Id: I9228830d81c089f80e0878f647e7e94c3e49896a
Merge from widevine repo of http://go/wvgerrit/14870
OEMCrypto_GetMaxNumberOfSessions is not required to return a hard
limit for the number of sessions. This CL adjusts the test to verify
we can open within 5% of the maximum number of sessions.
bug: 22029687
Change-Id: I6e72e39338cead8d547cdb194a32fb7e7dc53037
(This is a merge of http://go/wvgerrit/14810)
By making this constant unsigned, all calculations in EXPECT_ALMOST
were cast to unsigned, leading to underflow problems when it was
subtracted from zero.
Change-Id: Iefc4e30604c45fec8b203375074b26fb12ec385f
Merge from widevine directory of http://go/wvgerrit/14784
These tests are not passing on multiple devices so I will disable them
until I am sure they are giving a clear signal.
bug: 21935358
Change-Id: I1e0cf01e64ea50b02d61d4b8334c0efb55e47d35
(This is a merge of http://go/wvgerrit/14776)
This change widens the range in EXPECT_ALMOST slightly, to allow for
slight timing errors in the tests.
Bug: 21489628
Change-Id: Ibb074c2d037566c307c0438efdda3841bc48f7ed
(This is a merge of http://go/wvgerrit/14775)
This change causes tests that call LoadOfflineLicense() to fail if
the session is still open after that call. Due to the way that gTest
handles ASSERT_*() macros, failures in LoadOfflineLicense() will leave
the session open, causing unexpected state and cascading failures
throughout the rest of the test. With this change, we will abort
sooner, reducing log noise.
Bug: 21489628
Change-Id: Ic35bc77bbc5f676f23deeefaacd1986e383538c8
Merge from widevine of http://go/wvgerrit/14744
The OEMCrypto unit test TestSignatureBoth verifies that a cast
certificate cannot be used to derive session keys. This CL relaxes
the requirement that DeriveKeysFromSessionKey returns a specific error
code instead of just failing.
bug: 21708882
Change-Id: I4163a9616122ad709bab76f488d030239029861c
Merge from widevine repo of http://go/wvgerrit/14720
The QueryKeyControl test expects an error message that the output
buffer is too small. However, it also gives a bad key id. Some
devices were correctly returning key not found. This corrects the key
id length so that the only error is that the buffer is too small.
bug: 21881768
Change-Id: I96f59ede42eeddc9849fbac1e52acecdb562df08
Merge from widevine repo of http://go/wvgerrit/14668
This CL modifies the multiplication routine to avoid memory cache
misses. This shows a 10-20% speed improvment in license requests on
an x86.
Level 3 library version:
level3/arm/libwvlevel3.a Level3 Library Jun 15 2015 14:09:24
level3/x86/libwvlevel3.a Level3 Library Jun 15 2015 14:09:10
bug: 18252910
Change-Id: I4429324374de46d1d710d5fcac80f7ed363c696c
Merge from widevine repo of http:/go/wvgerrit/14707
This CL adds a check to oemcrypto_test to verify that when a
certificate is rewrapped, it does not show up in the clear. We can't
really verify that it is encrypted well, but we can check this.
bug: 21871738
Change-Id: I07c87c38a1e2a099a90a5be4e3350e91e09f6722
Merge from widevine of http://go/wvgerrit/14667
This CL updates oemcrypto_test.cpp so that devices that are not cast
recievers do not attempt to run those tests that are only needed by
cast recievers.
bug: 21708882
bug: 18948285
Change-Id: I75f9170cee13e66667db54c5f298ed5c6cf14a48
Merge from widevine repo of http://go/wvgerrit/14550
This CL adds several tests with different sized key ids to
oemcrypto_test.
bug: 21643096
Change-Id: I62a89c557f3f746f09ee5a2fe5bdd3ca821448e4
Merge from widevine side of http://go/wvgerrit/14462
This cleans up some tests in oemcrypto_test.cpp so that they use
vectors instead of arrays. The two reasons this is needed are that
arrays are more likely to use up stack space, and that arrays on the
stack are not initialized.
The lack of initialization caused some negative tests to fail because
buffers that were reused from unencrypted data still contained values
that the test expected not to be there.
Change-Id: Ic1705b6bc581084a9fe3cd573adf34d8219a1a45
Merge from widevine repo of http://go/wvgerrit/14321
It is expected that OEMCrypto will only be given subsamples with a
block offset when there are multiple subsamples, so that the entire
sample may be decrypted after all calls are made. This CL modifies
the existing tests so that the result of DecryptCTR is only checked
after all subsamples have been decrypted.
Also, the QueryKeyControl test has been modified so that failure does
not require a specific error code.
bug: 20757848
bug: 21063276
Change-Id: Ie2b12b287b0c9c661cd14111b2ae9eab004cd8b8
Merge from widevine of http://go/wvgerrit/14361
In oemcrypto_test, we look at some control duration and control
bits. These are stored in network byte order. However, it is easier
to read error messages if they are converted to host byte order before
printing them.
Change-Id: I116b5f43957351b0e40e05331c282c248128903c
Merge from widevine of http://go/wvgerrit/14263
The unit test PreventNonceFlood3 opens 8 sessions and floods the nonce
table. It then opens one more session after a pause to verify that it
can still request nonces. However, there is no requirement that we
can open more than 8 sessions. This CL reuses one of the already open
sessions to verify that we can continue generating nonces.
Change-Id: If35f146477bd21e381ec5375dde7ec7fdbe8f366
Merge from widevine of go://wvgerrit/14173
This CL updates the android makefiles to use the libcrypto_static.
Change-Id: I74567ff880ebdce366766a9ab44c92cc9540b8db
Merge from widevine of http://go/wvgerrit/14134
This CL adjusts the nonce flood test so that the timing is more
explicit. Also, if the test fails, the error message should tell us
exactly how many nonces were generated and the duration of the test.
Thus we'll be able to tell if the test almost passed.
b/19081206
Change-Id: I2c59755466b017910b86f6b02f2883a771d0ccb7
Merge from widevine repo of http://go/wvgerrit/14125
This copies code from http://go/wvgerrit/13847 to the oemcrypto unit
tests. It puts the test name in the log file.
I also commented out some unused function parameters to avoid compiler
warnings.
Change-Id: I3ba259de2f408ec60e90db7f0ea1524d5aa8f8a4
This is a merge from the Widevine repository of
http://go/wvgerrit/14024
Add Level 3 Oemcrypto Unit Tests To Run All Tests Script
This CL adds the ability to restrict the oemcrypto unit tests to only
use the fall back level 3. This restriction is per-process, and is
only used while running the unit tests. This allows us to automate
running the unit tests on an android device as both level 1 and level
3 without modifying files in /system/lib. To turn on the restriction,
set the environment variable: FORCE_LEVEL3_OEMCRYPTO=yes.
New level 3 library versions are:
level3/arm/libwvlevel3.a Level3 Library Apr 8 2015 13:09:05
level3/x86/libwvlevel3.a Level3 Library Apr 8 2015 13:15:42
http://go/wvgerrit/14055
Remove Redundant Tests
This CL modifies the UsageTableTests in oemcrypto_test.cpp so that
they are not all parameterized by new_mac_keys_. This parameter is
used when testing signatures. In particular, we do not need to verify
timing twice.
Also, I modified the run_all_unit_tests.sh script so that the
environment variable GTEST_FILTER is passed down to the android
process. This allows us to use the script to run a limited list of
tests while debugging.
http://go/wvgerrit/14054
Filter Out API Version 10 Tests
This CL updates the OEMCrypto tests so that all but one test will pass
for a device that implements the version 9 API.
Android LMP devices should pass tests with
GTEST_FILTER="*-*MNC*:*CanLoadTestKeys*"
http://go/wvgerrit/13886
Update Documentation about Optional Features
The intergration guide has been updated to include reference to
OEMCrypto_LoadTestRSAKey. It also now discusses optional features.
The Delta 10 document now mentions OEMCrypto_LoadTestRSAKey.
The android supplement warns that most optional features are required.
This also adds clarification about which functions should save the
usage table, in answer to:
b/16799904 OEMCrypto v9 ambiguous about saving usage table information
Change-Id: Ifb517d58952c9b332b2958ca99af64bc293b985f
This is a merge from the widevine repository of
http://go/wvgerrit/13923 Switch openssl to use the EVP interface for aes-ctr-128
http://go/wvgerrit/13979 Add Test Certificate to OEMCrypto Mock
http://go/wvgerrit/13978 Add Test Keybox to Level 3 OEMCrypto
http://go/wvgerrit/13873 Enable OEMCrypto Unit Tests
This CL adds a main program to oemcrypto_test.cpp, which filters out
tests that are not supported on the specified platform. It also adds
LoadTestKeybox to the mock. This allows oemcrypto unit tests to be run
on devices that have production keybox. It also allows the same set
of unit tests to work on Android and on non-Android platforms.
b/18962381 Use test certificate (partial fix)
b/19867990 Separate cast receiver tests
Change-Id: If89c31530103ed85aa37d7379bd5b4dc2a927f38
Merge from Widevine: http://go/wvgerrit/14022
This test will be called by GTS test to verify secure stops
are reporting the correct time during online playback.
bug: 18625670
Change-Id: Ieb2b9ad860d796eea3c63c4fb349f4e3c6ac8f34
This change:
1) Switches the Makefiles over to using LOCAL_STATIC_LIBRARIES, which I
understand is the new hotness, rather than setting a -I flag directly.
2) Switches to the non-deprecated _ex versions for EVP_EncryptFinal.
3) Uses the EVP_PKEY interface for checking PSS signatures. This is the
only supported interface in OpenSSL: the PSS padding check functions are
only exported in upstream OpenSSL because it's a library from the 90s
and they don't have a concept of "unexported". Also, by using the EVP
functions, OpenSSL/BoringSSL can do a better job of being constant-time.
Since there aren't any obvious tests for checking that the signtaure
verification still works, I tested with the code in the referenced
paste, which includes both the old and new verification functions and
checks that they both work on a sample signature. (And I also checked
that they both fail when a bit in the signature is changed.)
https://paste.googleplex.com/5747976139964416
Change-Id: Iae7409c53eeea9c3892a32c180d7181d72467dcb
Merge from Widevine repo of http://go/wvgerrit/10308
There was a memory leak in the oemcrypto RSA code.
Also, when saving the usage table, some session variables were
allocated twice. This results in session data being lost.
There were also some leaks and uninitialized values in oemcrypto_test.
I added some checks and profiling to the debug runtime for the
haystack. It will warn if a variable is left unencrypted or is
unencrypted twice. I also added the profile code.
Versions of L3 library:
android/level3/arm/libwvlevel3.a Level3 Library Apr 1 2015 11:40:06
android/level3/x86/libwvlevel3.a Level3 Library Apr 1 2015 12:44:32
b/19950814
Change-Id: Ic752e36c09fce121dcaf92f9209591e74f3eb070
Copy from Widevine repository of http://go/wvgerrit/13841
This CL adds a nonblocking CopyBuffer to OEMCrypto, its unit tests,
and plumbs it up to the cdm CryptoSession and CdmEngine.
b/19543782
Change-Id: I4c88bd2f8d7f67ecccb549c1934b7c0da15a8429
Merge from Widevine repo http://go/wvgerrit/13818
This CL adds the ability to query OEMCrypto about the key control
block and duration of a key that has been loaded. There are unit
tests and implementation in the level 3 and reference implementation.
b/18503541
Change-Id: I8e40d90a3c64c1ce030af6fef9e98c8eac0df1a5
