Merge of
https://widevine-internal-review.git.corp.google.com/c/cdm/+/199044
L3 builds created for this fix:
https://widevine-internal-review.git.corp.google.com/c/cdm/+/199050
Fix to L3 renewal policy bypass attack:
OEMCrypto_DeriveKeysFromSessionKey cannot be called after a license is
loaded.
System IDs:
build_arm_v() { build_arm_with_id 33097; }
build_arm64_v() { build_arm64_with_id 33098; }
build_x86_v() { build_x86_with_id 33099; }
build_x86_64_v() { build_x86_64_with_id 33100; }
Test: tested with
https: //widevine-internal-review.git.corp.google.com/c/cdm/+/196392
Test: run_level3_static_tests
Test: run wvts on Pixel7
Bug: 334154045
Change-Id: Ib188d0a37a2193f56dfd287e2f0274ba65bd7b3e
This reverts commit 95b50d39ba.
Reason for revert: Rikers changes should go on main. We can decide that partner OEMs can pick up this feature for V once it has been well tested on main.
Change-Id: I129303cbc86e267aba013a7c314724e51477dc82
SCP uses the JNI headers in generated code, so several targets need
the include path; this will have no effect on non-SCP builds. Also,
in "protected" builds, there is a generated library that needs to be
linked in the final binary, but this doesn't exist in the "analysis"
step; we create an empty static library if it doesn't exist so it works
on all cases.
Merged from https://widevine-internal-review.googlesource.com/169850
Merged from https://widevine-internal-review.googlesource.com/176177
Bug: 262635528
Change-Id: Ib676d55efbcbec81de9c3123bc70afb570d6caa5
(cherry picked from commit b9482eb23c261788a4432de7566f1b1de1cf9379)
[ Merge of http://go/wvgerrit/192010 ]
Updates the CDM to add support for DRM reprovisioning request creation.
- Load the baked-in certificate for use as the client token.
- Add functions to build and sign a drm reprovisioning request.
- Update the Rikers L3 OEMCrypto implementation to support signing
provisioning requests and getting embedded certificate.
- Update client id token to handle DRM reprovisioning.
- Add OEMCrypto function to load the baked-in device certificate in
Rikers CDMs and stubs for non-Rikers CDMs.
- Add dynamic adapter support for getting embedded device certificate
only on L3.
Bug: 305093063
Test: WVTS
Change-Id: I9a0ecf95e27213b046f03baa0781fb164179323b
[ Merge of http://go/wvgerrit/192271 ]
Test: L3 unit tests and GTS on pixel 7
Bug: 324147162
Test: WVTS
Change-Id: I5d94b0c9b3f681774e32623463b0d689f5bacc8c
It is used by prov4 only. So L3 will just return
OEMCrypto_ERROR_NOT_IMPLEMENTED.
Test: build L3
Bug: 307969500
Change-Id: Iff6c79a3fb0220a6c995186f5923ce5ad6bc256f
Regenerate L3 after fixes and add new source to .bp files.
Test: Build Widevine apex in Android main
Change-Id: I93fd5cf22437a2c8e6d2b60d9994dbf97f4ba213
OEMCrypto_PrepAndSignReleaseRequest() and OEMCrypto_LoadRelease()
declarations are needed for L3 static adapter to build.
Test: run_level3_static_tests
Bug: 323957284
Change-Id: I9ccb4e51fd404b6a49e865545e9a5b4f22169cf7
OEMCrypto_SetDecryptHash() is refactored in v19 to take less parameters.
The implemention of this function has been done here:
https://widevine-internal-review.git.corp.google.com/c/cdm/+/180670
Function signature in the leve3_adapter needs to be updated.
Test: run_dynamic_level3
Bug: 320525541
Change-Id: Ieb3f3868f1753c246d1d5c36d069f8ef59fafdea
functions
In CL https://widevine-internal-review.git.corp.google.com/c/cdm/+/183531
KDF was merged into new OEMCrypto_LoadLicense() and
OEMCrypto_LoadProvisioning().
This change renames L3 existing old functions with suffix _V18, and adds
the two new functions.
Note: jenkins/run_dynamic_level3 and jenkis/run_level3_static_tests
can't be enabled util https://b.corp.google.com/issues/320525541 is
resolved.
Test: the generated L3 from this CL can pass static and dynamic adapter
tests with commit ID 567069f2fb800c4ec4e844e03273d1924ae6673b. More
updates may be need to L3 source for it to work with the latest
oemcrypto-v19 branch.
Bug: 299333403
Change-Id: If6dec630c00b65468d4194196f3ff6f308c6dbe8
Since the L3 functions are meant to alias the OEMCrypto functions,
they shouldn't appear in a namespace.
Change-Id: I8d11279ff86c5b5c9eab0598d134f6904f0021ad
As part of the new L3, we need to select between the new Zimperium-based
CDM and Haystack. This will happen with an adapter; this adds a
basic adapter that only calls to haystack directly.
Bug: 315358872
Change-Id: I970646d687dadbe4ae04bdf0da00730fd882cd65
This CL is created as a best effort to migrate test targets
to the new android ownership model. If you find incorrect or unnecessary
attribution in this CL, please create a separate CL to fix that.
For more details please refer to the link below,
<add g3 doc link>
Bug: 304529413
Test: N/A
Change-Id: I204c137da43a021bcebe316759d1aadaec99fe2a
membarrier_function() for clearing cache in L3 is optional and good to
have. Currently we log it as error if it is not available, which caused
some confusion for CE CDM L3 partners building their own L3.
Also corrected a typo in the function name.
Test: build L3 and run dynamic level3 tests
Change-Id: If20bcb1fe2bace33c43aa178af699f3b190a1fd2
Merge of https://widevine-internal-review.googlesource.com/c/cdm/+/173330
Skipping files that are not in android from the CL above.
Original commit message:
Pass the real oemcrypto session id from `pair.session` instead of
`session`, since `session` can be changed when L1 and L3 are running in parallel and `session` in that case may not be the correct oemcrypto session id any more.
Also adding a few missing v18 L3 functions pointers to the dynamic
adapter.
Need to re-generate L3 since the L3 sources changed.
Test: L3 unit tests
Test: GTS dash policy tests and Dexter tests
Bug: 271290471
Bug: 279967915
Change-Id: Idc44d57ca38eb1de24c0038917800e37c25b9afc
In order to build RISCV targets in internal master, a value must be
supplied to libwvdrmengine to satisfy the build for riscv64. For now,
point the build to the x86_64 file as a workaround.
Change-Id: I632198279586f2ab974aed9daadd72f378e13094
Merge of https://widevine-internal-review.googlesource.com/c/cdm/+/170631
Original fix:
Array intializer "= {0}" may involve compiler specific behaviors which
can cause haystack hang on arm32 target. Fix is to use memset() instead.
Test: debug build verified on arm32 device
Test: Ran GTS media tests on Pixel 7
Bug: 274637461
Change-Id: I02f5df232934e0c78e259c85e4faf313c01c0b6b
Merge of https://widevine-internal-review.googlesource.com/c/cdm/+/169301/
Orignial commit message:
Fix session open flag when closing entitled key session
When a session is closed, it also closes all its entitled key sessions.
A bug in L3 accidentally resets session_open flags in other active
sessions.
Re-generated Android L3.
Test: L3 key rotation tests in Pixel 7
Test: Run GTS media test on Pixel 7
Bug: 264688931
Change-Id: Ia02aeb2b0914a1634874871f1b82ed82f8069dbb
also remove `use_vndk_as_stable: true` to remove dependency to VNDK
libs.
Bug: 251299786
Test: build WV APEX with V and install it on U device
Change-Id: Ie7f7f9b699119478d4b33f95ab9e6ba7f459346c
This is a merge of
https://widevine-internal-review.googlesource.com/c/cdm/+/168143
Original commit message:
Level3_RemoveEntitledKeySession(key_session) can be called when the
entitled key_session is already released by its entitlement session.
Do not return an error if the key_session to be removed is no longer
valid.
Test: run_dynamic_level3, oemcrypto unit tests on Pixel
Test: GTS media tests
Bug: 264688931
Change-Id: If0e0d0db2137c29e1dab4df321cf11ebcad2451f
No-Typo-Check: From a third party header file
Bug: 260918793
Test: unit tests
Test: atp v2/widevine-eng/drm_compliance
Change-Id: I36effd6a10a99bdb2399ab1f4a0fad026d607c70
This is a merge from:
https://widevine-internal-review.googlesource.com/c/cdm/+/152372
The L3 source change which produced these libraries is:
https://widevine-internal-review.googlesource.com/c/cdm/+/152371/
Original commit message:
To address the bug with certain 16.4.x SDK versions returning a
clear key control block (KCB) for clients newer than 16.5, the
exact version check to determine whether key control blocks are
clear or not has been loosened.
Original behavior:
- ODK version >= 16.5.x --> Assume clear
- ODK version <= 16.4.x --> Assume encrypted
New behavior:
- No KCB IV --> Assume clear
- Otherwise --> Assume encrypted
This CL also includes a change to oemcrypto/include/OEMCryptoCENC.h
The changes to OEMCryptoCENC.h in the CL are comments or variable name
change. So it should be safe.
This change was merged to wv tm-dev here:
https://widevine-internal-review.googlesource.com/c/cdm/+/148411
So, adding it to Android tm-dev.
Test: run_level3_static_tests, CdmDecryptTest/CdmTestWithDecryptParam.* against LS SDK 16.4.2 & 17.0
Bug: 232557453
Change-Id: I2bbb5ab3ea33a16bd6c198077e5aefe960737ea0
The interface is defined in
hardware/interfaces/drm/aidl(http://go/ag/15329852).
Test: build
m android.hardware.drm-service.widevine -j128
Test: build_and_run_all_unit_tests.sh
for hidl tests
Test: atest VtsAidlHalDrmTargetTest
Bug: 200055138
Bug: 170964303
Change-Id: If2f2a129914436ba5cef1c46f6cb9415e12c3d1c
(This is a merge of http://go/wvgerrit/134424.)
This patch fixes code that would trigger -Wshorten-64-to-32 by
implicitly narrowing a variable from 64 to 32 bits. The membarrier
functions have their return type expanded so they can report the full
return value of the syscall.
Bug: 194971260
Test: x86-64
Change-Id: I5d948162b1f3f1540288df9494cabda39ecf8905
Merge from http://go/wvgerrit/133446
Commit message from Widevine repo:
"This change is to protect L3 RSA key from leaking in memory. After
this change, the RSA key, when loaded in memory, is XOR masked with
a key_mask."
The source CL that generates the new L3 libraries is here:
http://go/wvgerrit/130949
Test: L3 unit tests
Test: GTS test result https://android-build.googleplex.com/builds/abtd/run/L24400000950905884
Test: RSA performance test OEMCryptoLoadsCertificate.RSAPerformance
Test: Manual reboot tests on Pixel4
Bug: 183417993
Change-Id: I190e585ad03b8749e3487f9d3f0109be61a3c815
This is a merge of http://go/wvgerrit/126703
Only obfuscated libraries for Android are included in this CL.
L3 loads clock info from an encrypted file during initialization. There
is a bug which calls the clock loading function before the decryption
key gets intialized in InitializeEngine(). Clock will be loaded with bad
decrypted data, which caused playback failure after system reboot.
The fix is to move clock loading after InitializeEngine() to ensure
decryption key is ready.
Bug: 188873354
Bug: 188892717
Test: L3 unit tests;
Test: Manual playback tests on Netflix
Download, play, reboot device, play again
Test: GTS tests https://android-build.googleplex.com/builds/tests/view?invocationId=I02800009363823424&testResultId=TR23225132004211909&redirect=http://sponge2/73efa8e8-951a-48bb-b2a9-0b09d5038ed3
Change-Id: Icf34aa3135fdcb77dea8104a90ce90f14e79e61c
Merge of these CLs from Widevine sc-dev:
modified: libwvdrmengine/level3/include/clear_cache_function.h
Add cache flush assembly for arm64 L3 to Android header | http://go/wvgerrit/124828
Address compilation errors | http://go/wvgerrit/113083
modified: libwvdrmengine/level3/include/level3_file_system_android.h
Update Widevine Copyright header for android | http://go/wvgerrit/108084
Bug: 184866351
Test: Header changes for clearing cache is verified by one of the partners on their arm64 target;
https: //b.corp.google.com/issues/175432203#comment13
Change-Id: I0ac8f339f65d02abb3080020fbc715b9c0db85b2
build
This is a merge of CL from widevine repo (obfuscated code only):
https://widevine-internal-review.googlesource.com/c/cdm/+/124965
The source code change that produced the obfucated code is here:
https://widevine-internal-review.googlesource.com/c/cdm/+/121763
Original commit message from the fix above:
"This is a security improvement against an L3 exploit b/182584472.
The change is to store RSA private key in two parts instead of one,
and load it separately when the key is needed. This will make it
more difficult to find the entire RSA key.
This CL does the key loading part only. Key splitting is done
in Haystack in CL: cl/367515385"
New L3 system IDs included in the obfuscated code:
ID Description
22593 Android S ARM L3 Field Provisioning 3.0
22594 Android S ARM 64 L3 Field Provisioning 3.0
22595 Android S x86 L3 Field Provisioning 3.0
22596 Android S x86 64 L3 Field Provisioning 3.0
Bug: 182584472
Test: L3 unit tests
Test: GTS tests
https://android-build.googleplex.com/builds/forrest/run/L16300000887061939
The only failed case is a test issue due to the new IDs not being added
to the allow list of the test yet. This test passed on local run with
the updated allow list.
Change-Id: If8b8b2cb9291ede0cb2dcc892f5557c3a68c4b96
