[ Merge of http://go/wvgerrit/192010 ]
Updates the CDM to add support for DRM reprovisioning request creation.
- Load the baked-in certificate for use as the client token.
- Add functions to build and sign a drm reprovisioning request.
- Update the Rikers L3 OEMCrypto implementation to support signing
provisioning requests and getting embedded certificate.
- Update client id token to handle DRM reprovisioning.
- Add OEMCrypto function to load the baked-in device certificate in
Rikers CDMs and stubs for non-Rikers CDMs.
- Add dynamic adapter support for getting embedded device certificate
only on L3.
Bug: 305093063
Test: WVTS
Change-Id: I9a0ecf95e27213b046f03baa0781fb164179323b
It is used by prov4 only. So L3 will just return
OEMCrypto_ERROR_NOT_IMPLEMENTED.
Test: build L3
Bug: 307969500
Change-Id: Iff6c79a3fb0220a6c995186f5923ce5ad6bc256f
functions
In CL https://widevine-internal-review.git.corp.google.com/c/cdm/+/183531
KDF was merged into new OEMCrypto_LoadLicense() and
OEMCrypto_LoadProvisioning().
This change renames L3 existing old functions with suffix _V18, and adds
the two new functions.
Note: jenkins/run_dynamic_level3 and jenkis/run_level3_static_tests
can't be enabled util https://b.corp.google.com/issues/320525541 is
resolved.
Test: the generated L3 from this CL can pass static and dynamic adapter
tests with commit ID 567069f2fb800c4ec4e844e03273d1924ae6673b. More
updates may be need to L3 source for it to work with the latest
oemcrypto-v19 branch.
Bug: 299333403
Change-Id: If6dec630c00b65468d4194196f3ff6f308c6dbe8
Since the L3 functions are meant to alias the OEMCrypto functions,
they shouldn't appear in a namespace.
Change-Id: I8d11279ff86c5b5c9eab0598d134f6904f0021ad
The current implementation of OEMCrypto_SetDecryptHash gives developers
flexibility to use different types of hashes. However, all the
implementations we have seen thus far use crc32. Because of this, crc32
should be sufficient and we can refactor OEMCrypto_SetDecryptHash to
only use the crc32 hash.
Bug: 287706586
Change-Id: I4aaa253b2656dfd9c984f77dfb08fe160b23b47c
No-Typo-Check: From a third party header file
Bug: 260918793
Test: unit tests
Test: atp v2/widevine-eng/drm_compliance
Change-Id: I36effd6a10a99bdb2399ab1f4a0fad026d607c70
Merge from Widevine repo of http://go/wvgerrit/121950
Remove term "Master" from "Widevine Master License Agreement".
Bug: 168562298
Change-Id: I655babf1bc447f4872f6a0f849107262be42df7a
This CL adds AllocateSecureBuffer and FreeSecureBuffer to the list of
function names that are obfuscated. It also corrects some spelling and
formatting in OEMCrypto headers. This is still version 16.4.
Merge from Widevine repo of
http://go/wvgerrit/115803http://go/wvgerrit/111104http://go/wvgerrit/108703http://go/wvgerrit/108703
Bug: 139814713
Bug: 141202789
bug: 168634557
bug: 168635928
bug: 168637230
bug: 168639188
Change-Id: I6f06549b2cf104c6751b2947964569e974fcdcd2
Merging CL:
* http://go/wvgerrit/108203
* http://go/wvgerrit/103904 (changes to L3 source files excluded)
Also added ODK dependency which is required by L3 v16.
Do not replace constant sizeof() with a hard-coded value in L3 library because it is target-specific.
Test: Unit tests on gLinux
jenkins/linux_unit_tests
jenkins/ce_cdm_tests
Test: Unit tests on Pixel 4(flame-userdebug, rvc-qpr-dev)
vendor/widevine/libwvdrmengine/build_and_run_all_unit_tests.sh
Test: Manual ExoPlayer L1/L3 playback tests (flame-userdebug)
WV: Secure HD/SD (cenc,MP4,H264)
WV: Secure HD/SD (cbc1,MP4,H264)
WV: Secure HD/SD (cbcs,MP4,H264)
Test: Widevine GTS tests(bramble-userdebug, master)
http://ab/I23800006571451275
Bug: 136317881
Bug: 139814713
Bug: 173331251
Change-Id: I1656e83a74a0eaf650f55f5e2388819bf5020c0d
This is a cherry pick of recent changes to OEMCrypto and ODK. Most of
these are part of the document migration to doxygen.
See http://go/wvgerrit/106005 and its parents for code reviews.
Bug: 144715340
Bug: 148232693
Bug: 167580674
Change-Id: I658f99c8117b974faed97322d61fac0f382283af
Merge of http://go/wvgerrit/93404
This CL updates the Widevine CDM to support OEMCrypto v16.1
Test: Tested in 16.2 CL
Bug: 141247171
Change-Id: I69bd993500f6fb63bf6010c8b0250dc7acc3d71b
Merge of http://go/wvgerrit/68986
Bug: b/120797208
Test: Android + Linux unit tests
OEMCrypto v15.1 introduced changes to full decrypt path testing.
This CL reflects those changes for the Level 3 code, including
removing InitializeDecryptHash and changes to error reporting.
Change-Id: I09cec6743524d326cb1a6c3ba4dd1764dbefff5f
Bug: b/70299597
Merge of http://go/wvgerrit/67304
Test: Android, CE CDM, and Linux tests
There's a few different things that can go wrong in the L3
initialization, with seeding and device key failures among others. They
should be recorded in metrics to track. Along the same lines, since
multiple errors can happen in conjunction, metrics needs to change to
add more fields for errors. This CL also adds the
hidl_metrics_adapter_unittest to the Android test scripts.
Change-Id: Ie5bcf81bbe294a1136c58410f90087a13b3d911d
Bug: b/117558570
Merge of http://go/wvgerrit/67565
This CL adds the methods and functionalities needed to compute and
verify hashes as part of decrypt as part of v15.
Change-Id: Ic0626b204571b5f748a6c913ab378fa353ab45d0
Bug: b/117558570
Merge of http://go/wvgerrit/67564
This CL updates LoadKeys, LoadEntitlementKeys, and RefreshKeys to use
OEMCrypto_Substrings of the provided message.
Change-Id: I47f7ef958adfb0a78c54db2e27b5c0a636ddad49
Bug: b/117558570
Merge of http://go/wvgerrit/67563
This CL adds certificate validation, a resource rating, sandbox
functions, build info, modifications to CopyBuffer, and an API
version update.
Change-Id: Id84a33f3553220a659ff628ceb99ab0dbb0ae7b4
Merge from master branch of Widevine repo of http://go/wvgerrit/66073
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64083
As part of the update to v15, LoadKeys, RefreshKeys, and
LoadEntitledContentKeys should all use offsets and lengths into the
message rather than a pointer for its parameters. The CDM, tests,
adapters, and OEMCrypto implementations are changed to reflect this.
Test: tested as part of http://go/ag/5501993
Bug: 115874964
Change-Id: I981fa322dec7c565066fd163ca5775dbff71fccf
Merge from Widevine repo of http://go/wvgerrit/47860
This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.
bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
Merge from Widevine repo of http://go/wvgerrit/41680
These changes change the signature of LoadKeys to LoadKeys_V13 for the
Level 3. This change will be reverted once we update Level 3 to v14.
level3/x86/libl3oemcrypto.cpp Level3 Library 4464 Jan 23 2018 13:22:20
level3/arm/libl3oemcrypto.cpp Level3 Library 4445 Jan 23 2018 12:12:32
level3/mips64/libl3oemcrypto.cpp Level3 Library 7285 Jan 23 2018 15:48:51
level3/arm64/libl3oemcrypto.cpp Level3 Library 7283 Jan 23 2018 12:47:26
level3/mips/libl3oemcrypto.cpp Level3 Library 4465 Jan 23 2018 15:13:13
level3/x86_64/libl3oemcrypto.cpp Level3 Library 7284 Jan 23 2018 13:50:10
test: Play Movies plays on sailfish.
Change-Id: Ia492463cd15178b12908faa24af7fbbcfef22e77
Merge from Widevine repo of http://go/wvgerrit/41641
test: In child CL.
bug: 64001862 OEMCrypto V14 for Android P
Change-Id: I707c4dc24aa534c92b099cd310b9afd09168d456
These are a set of CLs merged from the wv cdm repo to the android repo.
* Correct error logging
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/40000 ]
In tests, we set the cipher list to avoid using insecure
ciphers when connecting to the provisioning/license service.
The result of setting the cipher list was being incorrectly
validated.
Bug: 64847919
* Move mips cache headers to clear_cache_function.h
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39700 ]
Since the clear_cache function has been moved away from the dynamic
adapter, we need these conditional includes to be migrated as well for
MIPS.
* Comment out Level 3 debug call until merge
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39761 ]
This call was introduced in go/wvgerrit/34260/. Since the haystack tool
in google3 still needs this merge, this should be commented out so the
tool can still build until the merge has finished.
* Add logging for MAC keys to mock
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39740 ]
Bug: 70637842
* Move external interfaces into level3.h + refactor
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39673 ]
As part of b/70523618, this CL moves interfaces that partners are
responsible for in Level 3 to level3.h so they can be visible as
part of the CDM release process. It also cleans up some of the
names of the files and adds documentation.
* Corrected close session logging level
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39676 ]
Bug: 69460963
* Remove Security Level Path Backward Compatibility Support
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39505 ]
From the android K release onwards certificates were stored in
security level specific directories. If upgrading from
previous releases persistent information needed to be moved
to those directories.
Since no device is likely to upgrade from J to Pi, comptibility
support can be removed.
Bug: 70160032
* Rename privacy_crypto_openssl To privacy_crypto_boringssl
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37122 ]
Now that we no longer support OpenSSL in the Shared Source CDM, the name
of this file can be updated.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Remove Conditional Compilation from OpenSSL/BoringSSL
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/39460 ]
This change removes the usages of conditional compilation to support
both BoringSSL and OpenSSL, as well as to support multiple versions of
the OpenSSL API. All code is now compiled against one of the two
versions of BoringSSL in third_party/.
Note that in some cases, the kit/ and legacy_kit/ versions of BoringSSL
had different APIs, so when removing the OpenSSL version compatibility
conditional compilation, sometimes the older branch was kept and
sometimes the newer branch was kept.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Build CE & Jenkins CDMs With BoringSSL from third_party/
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37120 ]
Up until now, integrators have been responsible for providing a
compatible crypto library for use by the CE CDM. (either OpenSSL or
BoringSSL) After this change, this decision will no longer be in their
hands. The CE CDM build will always use the copy of BoringSSL in
third_party/, which will be statically linked with our library with
hidden visibility. This allows us to better control what crypto library
we use and will prevent continuing problems with trying to support both
OpenSSL and BoringSSL.
Unfortunately, BoringSSL began using C++11 in mid-2017, and we can't
support C++11 right now. Until we can, we need to use a C++11-free
version of BoringSSL for libssl. The CDM itself will continue to use a
recent BoringSSL, as it only needs libcrypto. But the unit tests that
need libssl have to use the legacy version.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Modified RNG for Level3 to use more entropy
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39220 ]
Bug: 65165076
Modified seed generation to use an xor of clock_gettime and
client-implemented code to supply random seeds to the RNG. Modified the RNG
as well to use xoroshiro128+ instead of xorshift, since it uses more
than one seed/state (which are 64-bit) and has higher "statistical quality".
The default implementations for the seed generation use /dev/urandom.
* Configure base path for Level3FileSystem
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39506 ]
This is in response to b/70354006. This change makes the
Android Level3FileSystem use the existing properties method
GetDevicesFilesBasePath for binderization. The same is done for the
Linux implementation.
* Add legacy_kit/ to BoringSSL Directory
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38861 ]
This adds a second copy of BoringSSL to the third_party/boringssl/
directory. This second copy is pinned to the last revision of BoringSSL
not to require C++11 and is not updated by the UPDATE_BORINGSSL.sh
script. This second copy will be used to provide libssl to the tests on
devices that do not support C++11.
Once we support C++11 in the CDM again, this weight should be removed
and all targets should use the copy of BoringSSL in the kit/ directory.
Bug: 67907873
* Use Shared Libraries for Unit Tests
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38860 ]
Some unit tests were using a statically-linked CDM instead of a
dynamically-linked one. (Or, in one case, trying to link both ways into
the same binary.) For now, we need to only link dynamically, so that the
unit tests and the CDM can use different versions of BoringSSL.
Long-term, we would like to test both kinds of linkage. (See b/69548115
for that.)
Some unit tests were also using a dynamicaly-linked CDM that was named
such that it appeared to be statically-linked. This patch renames some
targets to make the linkage clearer.
Bug: 67907873
* Change CDM_Backwards_Compatiblity_Tests to dedicated brances
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/39003 ]
The build scripts used by CDM_Backwards_Compatiblity_Tests now pull
old versions of oemcrypto from the dedicated branches oemcrypto-v*,
which [will eventually] contain old oemcrypto versions, that build
with the current build system with a current boringssl version.
bug: 67907873
* Fix spacing on level3 header
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/38760 ]
* Correct Query status calls
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38640 ]
Bug: 70160032
* Refactoring to allow encryption of client ID
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37460 ]
The code has been restructured to allow encryption of client
identification in provisioning requests. This will be enabled
when server side changes have been made (b/69427217).
* Additional information is included in the Client Identification
portion of the provisioning request.
* Client identification will be encrypted with a service
certificate provided by the app/client. Platform changes
to enable passing this to core are needed. If a service certificate
is not provided, a default one associated with the production Keysmith
will be used.
* Switched APIs in CdmEngine to take a service certificate for
provisioning rather than licensing. Service certificates for
licensing are session based and passed as properties from platform
code.
Bug: 30737060
* Allow some CDM errors to be reported from multiple locations
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38360 ]
This creates some CdmResponseType errors which may be reused
PARAMETER_NULL, NOT_INITIALIZED_ERROR, REINIT_ERROR.
I have made changes to a few classes to report these errors.
Will work on additional classes in a separate CL.
Bug: 69864404
BUG: 71650075
Test: WV Unit/integration tests
Change-Id: Icc048770d424ac537d11ff327cda2cb142da802d
These are a set of CLs merged from the wv cdm repo to the android repo.
* Level3 cleanup for SHA + field provision headers
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37581 ]
Moved some redundant macro and struct definitions out of hmac.cpp and
sha.cpp into a separate header file to make the build easier and
cleaner. Also cleaned up unnecessary includes and method signatures
in field_provision.h.
* Address CDM_All_Tests failures
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37580 ]
CDM engine tests for CE CDM occasionally fails when CDM_All_Tests
is run by the build server. The failures are due to a nonce generation
error. If provisioning fails due to a nonce generation error, a delay
followed by a retry will be attempted.
* Update OEMCrypto version to 13 in cdm.gyp
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37520 ]
* Use per-session service certificates for licensing
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37260 ]
These changes allow for service certificates to be specified on a
per-session basis rather than use one common to a CdmEngine instance.
This also allows for a service certificate request and response handling
when allowed on the platform, when privacy mode is enabled and a service
certificate is not provided.
Request license tests accept a service certificate command line
parameter in hex (ascii). Earlier it expected it in binary.
Bug: 68328352
* Refactor service certificate parsing
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37060 ]
Service certificates may still be set in CdmEngine but service
certificate requests and responses have been moved from CdmEngine
to ServiceCertificate. This allows them to be called from lower
in the heirarchy (a class that CdmEngine depends on).
Bug: 68328352
* Revert "C++11: Replace OVERRIDE def with override keyword"
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37020 ]
This reverts commit 2d3fb5c4c8f4cf5c986ee43723914a23cf76e8f0.
* Modified scripts/makefiles for L3 build
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37220 ]
Changed build-android-haystack.sh and make_fastball_libwvlevel3.sh
to build using the new liboemcrypto.cpp file. Also changed
makefiles to build using the new file. Renamed liboemcrypto.cc to
liboemcrypto.cpp to make it consistent across android and CE CDM. Added
static libraries that were rebuilt using this change.
* Added android implementations for Level3
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37181 ]
Moved getUniqueID and added Level3FileSystem implementations for
android. Also deleted redundant and unnecessary methods from
anroid_keybox.cpp.
* Refactored getUniqueID and updated libl3oemcrypto.cc
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37160 ]
Renamed getUniqueID header and added comments to make it clear what the
function is doing. Also removed obfuscation of the method name since it
is implemented by the partner. Updated the libl3oemcrypto.cc file to
reflect the change as well as be obfuscated.
* Moved clear_cache function out of entry_points
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37040 ]
clear_cache function is unobfuscated and relies on compiler flags to
work properly, and therefore should be removed from the
libl3oemcrypto.cpp file and linked during the final build.
* Minor gyp changes and added L3 build file
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/36480 ]
Gyp changes to cdm_unittests.gyp to make the test Level3FileSystem build
only on a level3 build and to oec_level3.gyp to be compatible with the
changes to the x86-64 platform settings changes (and to use -Wno-unused
to catch all unused warnings the libl3oemcrypto.cc might cause). This
change also includes an x86-64 libl3oemcrypto.cc so a Level3 OEMCrypto can build.
* Merge CE & Linux file system/factory + dynamic adapter changes
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/36220 ]
This CL merges the changes from
I27f5037e4fcea94abd84181f55053843b68f3e8d - it adds the CE
implementation for the file system, as well as the factory methods
needed to build the file system (and their implementations for both CE
and linux). As part of the merge, since the Linux build relies on the
dynamic adapter, that was fixed and gyp changes were made to reflect the
change.
* Cherry pick change to retrieve/save provisioning cert
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/30000 ]
This is cherry pick from level3-dev-3.3 of a merge of
I4f5dc5c216fa916e0bca0631c4ceda68859baf1d to save the
certificate for future tests with the current test host setup.
* Merged changes of usage/linux impl of L3FileSystem
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/35541 ]
This is a merge of change I15d38b3c36933d061d168e0ec30bcefd0182f32d. It
also adds a similar change in usage of L3FileSystem write for a line in
usage_table.cpp.
* Add cdm build changes for new Level3 build
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/34600 ]
Original CL: Ib611cf8a8589afa5cd25d6dc5b0aa43922cfda1e
Adds level3 oemcrypto library for static adapter. Includes changes to
gyp files to choose between oemcrypto libraries. Also includes changes
to the dynamic adapter, level3 headers, and entry_points to be
compatible with the function signature differences when using the
static adapter.
* Merge OEMCrypto Level3FileSystem interface
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/34541 ]
This merges in the interface for the Level3FileSystem object from
level3_dev_3.3 as well as the linux implementation. Furthermore, this
merge includes changes in properties and gyp files to allow compilation.
The associated changes are I3f1c58f0e3782de0669a96725a38673a26cc1a49,
I9fb2d10b0f966896bea685166c6b6b2e33c995dd, and
I4c87a5412a8a022fa9cfba43f33bd4d683e61536.
* Merged misc. changes to Level3 files
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/33303 ]
Continuation of I03d3aa1a308f2f010dcb6f5e15f927e81e42925b. These changes
are miscellaneous changes from level3-dev-3.3 involving include
statements, Caligo compatibility, and new Level3 signatures from changes
Ibc5befd492b295970e839f3481e2b512b52dcb08 and
If599e62c72b5eb40c53633cd72a4d20dc859ee52.
* Merged change involving getUniqueId()
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/33302 ]
This is a merge from level3-dev-3.3. This change
(Ibc5befd492b295970e839f3481e2b512b52dcb08) involves
separating out the method getUniqueId() from the linux_ and
android_keybox.cpp. This was done so that clients can
supply the necessary implementation for the method.
* Merged needle file changes from level3-dev-3.3
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/33301 ]
Continuation of I3dbf34bab526945720280f819dd3212ae982d2f7. These are
changes (Ibc5befd492b295970e839f3481e2b512b52dcb08) involving the
compiled needles for Haystack. Major changes include function signature
changes, adding non-state needles automatically, and include statements.
* Merged keybox/usage table access and function sigs
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/33300 ]
These are changes from level3-dev-3.3. They involve changing function
signatures/include files for the new Haystack runtime
(Ibc5befd492b295970e839f3481e2b512b52dcb08). They are also
related to change I0285e6d85e80b06b7df1ed298cd1145a6c9c4842. Keybox and
usage table file names are replaced with constant needles. Furthermore,
a state needle was added that removes the OldUsageTable file. In
addition, this CL includes removals of method references that are now
stale due to the introduction of change
I9fb2d10b0f966896bea685166c6b6b2e33c995dd.
* Android unit test build fixes
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37380 ]
Removed crypto_session_unittest from build script (introduced
in http://go/wvgerrit/32824), since crypto_session.cpp requires
some changes to be merged over from oc-mr1-dev (b/64456400).
Added oemcrypto_session_tests_helper.cpp to the oemcrypto test
makefile so the oemcrypto unit tests can link in the
methods from the refactor in http://go/wvgerrit/36562.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I7e45901a151e51da96d192d359edddc5fe74946e
(This is a merge of http://go/wvgerrit/25900 and http://go/wvgerrit/25920)
This commit contains the latest Haystack prebuilt binaries based on
the latest OEMCrypto code in the Widevine tree. This is to pick up the
change "Report error OEMCrypto_ERROR_ENTRY_IN_USE", which fixes
several failing unit tests. This CL also adjusts the L3 library so
that it stores its data in the directory specified by the layer above.
level3/x86_64/libwvlevel3.a Level3 Library 7284 Apr 13 2017 16:58:07
level3/arm/libwvlevel3.a Level3 Library 4445 Apr 13 2017 16:48:19
level3/mips64/libwvlevel3.a Level3 Library 7285 Apr 13 2017 23:52:51
level3/mips/libwvlevel3.a Level3 Library 4465 Apr 13 2017 23:16:02
level3/arm64/libwvlevel3.a Level3 Library 7283 Apr 13 2017 17:05:12
level3/x86/libwvlevel3.a Level3 Library 4464 Apr 13 2017 16:36:25
Bug: 36656178
Bug: 37210088
Test: build_and_run_all_unit_tests.sh and GTS tests
Change-Id: Ia5b272cd945f0c9f2fe37ecd0f3ccd2f2ff398bc
Merge from widevine of http://go/wvgerrit/23283
This CL adds the backwards compatiblity functions to the new usage
tables in the oemcrypto mock reference code.
b/31458046
b/32554171
Change-Id: I04901d95aceb8910406f7c514c26c29c2c575322
Merge from Widevine repo of http://go/wvgerrit/23166
This changes OEMCrypto_CreateUsageTableHeader so that the new header
is passed back in a buffer to the cdm layer.
I hacked out the haystack call and just stubbed out the mock call.
This should still build and run with previous liblevel3.a builds.
I also removed from the header some function names that are no longer
part of OEMCrypto v13.
bug:31458046
Change-Id: Ie490c482fe2457076f9026369f4b4b9491a4eb81
Merge from Widevine repo of http://go/wvgerrit/23044
On some platforms, the compiler will not pack structures. This CL
replaces the OECrypto_PST_Report packed structure with a simple buffer
of uint8_t. This changes the signature of OEMCrypto_ReportUsage as
part of OEMCrypto v13.
There is also a new wrapper class that test code, the mock, and debug
code can use to access data in the report.
The old packed structure definition is moved to the level 3, where we
use a compiler that packs sructs when asked nicely.
arm/libwvlevel3.a Level3 Library 4445 Jan 20 2017 11:29:15
x86/libwvlevel3.a Level3 Library 4464 Jan 20 2017 11:10:49
mips/libwvlevel3.a Level3 Library 4465 Jan 20 2017 10:56:08
b/32180083
Change-Id: Ie138f034cb12780a2f8636888cebf022c52169e5
Merge from Widevine repo of http://go/wvgerrit/22899
This is most of the header changes for OEMCrypto v13. This updates
just enough of the code that existing unit tests build and pass.
The documentation will be reviewed in http://go/wvgerrit/22887. When
that CL has been approved, comments in the code will be updated to
match.
Real code will be broken into several other CLs.
bug:31458046
arm/libwvlevel3.a Level3 Library 4445 Jan 17 2017 20:01:26
x86/libwvlevel3.a Level3 Library 4464 Jan 17 2017 19:00:37
mips/libwvlevel3.a Level3 Library 4465 Jan 17 2017 19:24:35
Change-Id: I0318c53235c0b33afb623cba933365e09dec4e61
Merge of several CLs from the widevine repo.
Merge from widevine repo of http://go/wvgerrit/22440
Build OEMCrypto v12 Haystacks with cache flush
level3/mips/libwvlevel3.a Level3 Library 4465 Nov 29 2016 13:34:45
level3/arm/libwvlevel3.a Level3 Library 4445 Nov 29 2016 14:02:08
level3/x86/libwvlevel3.a Level3 Library 4464 Nov 29 2016 14:22:21
Merge from widevine repo of http://go/wvgerrit/22403
Pull cache flush out of Haystack
Merge from widevine repo of http://go/wvgerrit/21145
OEMCrypto v12 stubs -- just the header file changes.
Merge from widevine repo of http://go/wvgerrit/21146
Add OEMCrypto v12 functions to profiler
This CL adds the new oemcrypto v12 functions for provision 3.0 to the
list of profiler functions.
Merge from widevine repo of http://go/wvgerrit/21143
OEMCrypto v12 adapter
This CL updates the oemcrypto dynamic and static adpaters to include
oemcrypto v12 funtionality. It adds the three new Provisioning 3.0
functions.
It also adds code in the initialization routine to null out all of
the function pointers if any of them fail to load. It is better to
fall back to level 3 than to use an inconsistent level 1.
b/31528025
Change-Id: I3579dc93e00ad7e7c743beecdd8291eac557d4e4
Merge of http://go/wvgerrit/20924
This CL pulls the cache flush code out of the haystack code and into
the adapter level. This is so it will be built with processor
specific compiler flags instead of as part of the precompiled binary.
level3/mips/libwvlevel3.a Level3 Library 4465 Sep 10 2016 21:44:37
level3/arm/libwvlevel3.a Level3 Library 4445 Sep 10 2016 21:30:01
level3/x86/libwvlevel3.a Level3 Library 4464 Sep 10 2016 21:49:53
b/30550782 Battery Problems
Change-Id: I8967da498a43cabe82e78345162705dc2fcdb859
Merge from widevine of http://go/wvgerrit/17178
These are the OEMCrypto Level 3 libraries, built using a stable
version of GCC and build tools on nyc-dev. Code changes are just
merged from master. Aside from build tool updates, the CL contains a
fix for b/26567162.
Current version (as printed by oemcrypto/level3/print-version-strings):
level3/arm/libwvlevel3.a Level3 Library 4445 Mar 17 2016 14:11:16
level3/x86/libwvlevel3.a Level3 Library 4464 Mar 17 2016 13:14:40
level3/mips/libwvlevel3.a Level3 Library 4465 Mar 17 2016 11:34:50
bug: 26917438
bug: 26567162
Change-Id: I07d526f28e61c5a9b66fa59b78041a93a99dc8e6
This CL is a merge from the widevine repo of
http://go/wvgerrit/16553 Prebuilt Level 3 OEMCrypto for Android
http://go/wvgerrit/16238 Require OEMCrypto v11 for Android N Unit Tests
http://go/wvgerrit/16484 Shared License Tests (OEMCrypto v11)
http://go/wvgerrit/16448 Pattern Decrypt Unit Tests and Reference Implementation
http://go/wvgerrit/16489 Enforce UNUSED Variables
http://go/wvgerrit/16479 Pattern Decrypt for Level 3 OEMCrypto
http://go/wvgerrit/16280 Correctly handle bad RSA key
http://go/wvgerrit/16315 Security Patch Level - haystack version
http://go/wvgerrit/16282 Correctly handle null pointer in GetKeyData
http://go/wvgerrit/16294 Initialize data for generation number
It contains the Level 3 implementation, as well.
mips/libwvlevel3.a Level3 Library Jan 22 2016 14:30:27
arm/libwvlevel3.a Level3 Library Jan 22 2016 15:03:55
x86/libwvlevel3.a Level3 Library Jan 22 2016 13:52:29
b/26692954 [DRM] OEMCrypto v11 needed for Nexus devices
Change-Id: Ibb1384959620f63a1be1e82ce2952ec9f48f0d3e
This CL contains the level 3 oemcrypto library built for android. I
used the toolchain from the mnc-emu-release branch because I'm having
problems with the toolchain on master.
This includes the security patch API, and several bug fixes to the library.
Current versions:
mips/libwvlevel3.a Level3 Library Dec 17 2015 21:26:57
arm/libwvlevel3.a Level3 Library Dec 17 2015 21:09:47
x86/libwvlevel3.a Level3 Library Dec 17 2015 21:19:15
http://go/wvgerrit/16371 Level 3 OEMCrypto library
http://go/wvgerrit/16315 Security Patch Level - haystack version
http://go/wvgerrit/16282 Correctly handle null pointer in GetKeyData
http://go/wvgerrit/16294 Initialize data for generation number
http://go/wvgerrit/16280 Correctly handle bad RSA key
bug: 26089773
bug: 26092100
bug: 26086944
Change-Id: I3ea1b5d219dae0c88deafa742f61d67e97297902
Merge from widevine repo of http://go/wvgerrit/16186
These are the OEMCrypto v11 documents and header files. I have updated
just enough code so that existing unit tests pass. New unit tests,
the reference implementation, and the level 3 implementation are in
future CLs.
Change-Id: I9bbf1909e047f63a5877320a2d06740a3c4a3e32
This is a merge from the widevine repository of
http://go/wvgerrit/13923 Switch openssl to use the EVP interface for aes-ctr-128
http://go/wvgerrit/13979 Add Test Certificate to OEMCrypto Mock
http://go/wvgerrit/13978 Add Test Keybox to Level 3 OEMCrypto
http://go/wvgerrit/13873 Enable OEMCrypto Unit Tests
This CL adds a main program to oemcrypto_test.cpp, which filters out
tests that are not supported on the specified platform. It also adds
LoadTestKeybox to the mock. This allows oemcrypto unit tests to be run
on devices that have production keybox. It also allows the same set
of unit tests to work on Android and on non-Android platforms.
b/18962381 Use test certificate (partial fix)
b/19867990 Separate cast receiver tests
Change-Id: If89c31530103ed85aa37d7379bd5b4dc2a927f38
(This is a merge of http://go/wvgerrit/13761 from the Widevine
repository.)
This cleans up our includes to be in Google Style Guide order and in
alphabetic order, for the parts of the code that are expected to
follow Google Style.
This also converts places in our code that were including C headers
in the C++ style (i.e. <cstring> instead of <string.h>) to use C style
instead. This is because, although it was not causing problems for us
yet, on Android these actually include different headers. (<cstring>
is provided by libcxx, while <string.h> is provided by Bionic)
Lastly, this change puts all headers that do not come from within our
project in <brackets> instead of "quotes," which was not being done
consistently.
This change is explicitly NOT trying to standardize the spacing of our
header includes. I have tried to respect, in each file, the spacing
style already present.
Change-Id: If3dc06532ab9b68010285d64518ef21dce3d6354
This is a merge of http://go/wvgerrit/13710
The oemcrypto adapter loads a version 8, 9 or 10 library and adds
backwards compatibility for version 8 or 9.
The only function whose signature has changed from v9 to v10 is
OEMCrypto_GetHDCPCability. This CL adds backwards compatibility for
that function.
Level 3 libraries are now:
level3/arm/libwvlevel3.a Level3 Library Mar 17 2015 14:33:34
level3/x86/libwvlevel3.a Level3 Library Mar 17 2015 14:30:23
b/19785099 L1 Widevine missing/broken on master (Fugu)
b/19789909 L1 Widevine missing on master (AAY75B)
Change-Id: I9bd716f5cdffaf1bfbdfcd8ed067af3f5d0ac9ba
This is a merge of http://go/wvgerrit/13391 from the Widevine repository.
This CL adds the OEMCrypto version 10 API to the header, and changes
just enough code so that code still compiles. There are no unit tests
or implementation.
The level 3 libraries are just stubs so that tests will compile.
level3/arm/libwvlevel3.a Level3 Library Mar 11 2015 13:33:21
level3/x86/libwvlevel3.a Level3 Library Mar 11 2015 15:20:27
Change-Id: I41de753a2a60da29b756c3327341ece72069d8bb
From Widevine CL:
https://widevine-internal-review.googlesource.com/#/c/9184/
This is some shim code that will load either an OEMCrypto
version 8 or version 9 library. This should allow us
to test and run stable devices until all OEM's have
updated to version 9.
Android Level 3 library versions are:
level3/mips/libwvlevel3.a Level3 Library Feb 27 2014 18:18:34
level3/x86/libwvlevel3.a Level3 Library Feb 27 2014 18:22:14
level3/arm/libwvlevel3.a Level3 Library Feb 27 2014 12:31:29
Change-Id: I82911e3b4d9056cf3c3ab2b47194fe81ac2776d9
This CL contains working versions of the haystack tools and the
OEMCrypto Level 3 library for android ARM, MIPS and x86.
The version number of the level 3 library is:
android/level3/arm/libwvlevel3.a Level3 Library Nov 4 2013 18:39:06
android/level3/mips/libwvlevel3.a Level3 Library Nov 4 2013 18:42:29
android/level3/x86/libwvlevel3.a Level3 Library Nov 4 2013 18:41:07
bug: 9374954 MediaDrm haystack based L3 code hardening implementation.
Change-Id: Ifef13900a11e83e4257723d3c6fc7107550882a8
This merges the following changes from the Widevine CDM repository:
564f4cc Add CdmClientPropertySet to CDM
Adds an interface to the CDM that allows it to query its client for
certain properties. In this case, this includes the ability to
specify what security level is desired, as well as support for
service ceritifcate privacy mode.
9cfbd3e Force Level 3 fallback
Adds support for voluntarily invoking L3 crypto to the OEMCrypto
wrapper.
95d12c1 Add pointer to CdmClientPropertySet class to OpenSession.
Adds support for storing the property set on a session-by-session
basis and choosing the appropriate crypto level.
17de442 Add Settable Properties for Clank to Android
Adds support for setting the aforementioned properties to the
DrmEngine
bbe704d Fixes to force fallback to level three security
Corrections to invoke provisioning, OEMCrypto API with configured
security level rather than the default. Unit tests were also revised.
Note that some parts of this are also support for the ability to use
a service certificate-based privacy mode. The remaining code for
supporting this mode is still forthcoming.
Bug: 10109249
Change-Id: I2755e4dea1de3e8a56cff237360298f7b7f1bddc
