widevine-partner/oemcrypto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OEMCrypto v17.2

Browse Source 
Version 17.2 includes udpates to support MediaCAS. See the
CHANGELOG for full details.
This commit is contained in:
Fred Gylys-Colwell
2023-09-07 13:32:55 -07:00
parent f998d6c4ae
commit 31f24774e8
189 changed files with 6390 additions and 3411 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
CHANGELOG.md
View File

@@ -2,6 +2,46 @@
[TOC]
## [Version 17.2][v17.2]
This release contains the first version of OPK to support MediaCAS, an
end-to-end demo of OEMCrypto CAS functionality, several bug fixes in OPK and a
few updates to the OEMCrypto unit tests and fuzz tests.
MediaCAS support has been added to OPK. `OPK_Pack_LoadCasECMKeys_Request()`,
`OPK_Unpack_LoadCasECMKeys_Request()`, `OPK_Pack_LoadCasECMKeys_Response()`,
`OPK_Unpack_LoadCasECMKeys_Response()` are moved out of the auto-generated
serialization code and are added to the special cases, to allow implementor to
pack customized data. CAS-specific WTPI functions along with a reference
implementation have been added.
A new `cas` directory is added to the `ports/linux` project. This contains
an end-to-end demo of OEMCrypto CAS functionality. The OEMCrypto CAS test client
communicates with the Linux `tee_simulator_cas` via `liboemcrypto.so` and
`libtuner.so`. `tee_simulator_cas` loads CAS keys and performs descrambling.
All CAS specific code in OPK is guarded by the compiler flag `SUPPORT_CAS`.
Several other updates and fixes to OPK in this release include:
- `strnlen()` is removed from OPK to avoid issue caused by the terminating '\0'.
- Explicit call to `builtin_add_overflow()` is removed and `oemcrypto_overflow`
wrappers are used instead.
- Added non-NULL checks in `WTPI_UnwrapValidateAndInstallKeybox()`,
`OEMCrypto_OPK_SerializationVersion()`, and `OPKI_GetFromObjectTable()`.
- Validated the wrapped key size to be non-zero.
- Set OP-TEE serialized request size to the maximum size expected.
- HMACs are compared in constant time.
- Fixed pointer arithmetic with size_t to avoid unexpected truncation of the
calculated address.
- No-op for zero-sized subsample instead of aborting OPK.
This release also contains a few updates to the OEMCrypto unit tests and fuzz
tests:
- Reduced clock skew in flaky duration tests.
- Removed device ID check since it is not required for v17.
- Added a test for zero subsample size.
- Cleaned up fuzz helper classes and added more fuzz test coverage.
## [OPK Version 17.1.1][v17.1+opk-v17.1.1]
This release fixes a flaw in the OPK code that could allow content that requires
@@ -179,3 +219,4 @@ Public release for OEMCrypto API and ODK library version 16.4.
[v17+test-updates+opk+mk]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v17+test-updates+opk+mk
[v17.1]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v17.1
[v17.1+opk-v17.1.1]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v17.1+opk-v17.1.1
[v17.2]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v17.2