Included changes:
- 92a0538dc60ad0c48866b5736fcec125f6493d8d Remove unused function by John "Juce" Bruce <juce@google.com>
- 7235e2c89a94d6b6ed086aa83cd4b22b56bd8d65 Various static function fixes by John "Juce" Bruce <juce@google.com>
- 908055030aa283ce74915fb68571b0ce3854e12e Fix duplicate & missing headers identified by clang-tidy by John "Juce" Bruce <juce@google.com>
- 502b8b8caeb4654f294398039fff98ec641bda24 Updated `core_message_features.cpp` to use `odk_versions.h` by Alex Dale <sigquit@google.com>
- 3163312183f5e0b8a08b97cfe171221861743cc5 Bump ODK max supported minor versions by Matt Feddersen <mattfedd@google.com>
- c461df67a9003e738042716ae644dd96a66d2446 Updated ODK minor versions for 2025Q2 release. by Alex Dale <sigquit@google.com>
- 56a43e881c31e4e2d3a2a7732bef00705a252a65 Added ODK_InitializeSessionValuesEx by Alex Dale <sigquit@google.com>
GitOrigin-RevId: 92a0538dc60ad0c48866b5736fcec125f6493d8d
Included changes:
- 676ac7be8548d80c420591fc0b4fb9a11723ef34 Backwards compatibility script for CDM v18 and OPK v19 by Vicky Min <vickymin@google.com>
- 3cd4f71fda91245ac0b61c4c847950952f3021c0 Change BuildInformation ree fields to optional by Matt Feddersen <mattfedd@google.com>
- a2259e95dea40c27a4be02ad479aec8f1fc84737 Created a DICE CBOR Cert parser/serializer. by Alex Dale <sigquit@google.com>
- b8f2c364afeb6279e5aee6488d4527e189ac42ff Don't create invalid enum value by John "Juce" Bruce <juce@google.com>
- b0aed212a3b2dd8f752d8fc43982848c1aa6c152 Created an HLS Key type. by Alex Dale <sigquit@google.com>
- f8cfc54b41f124ba849596dbe6438b7f271a72b7 Specify C/C++ standard when running clang-tidy on OPK by John "Juce" Bruce <juce@google.com>
GitOrigin-RevId: 676ac7be8548d80c420591fc0b4fb9a11723ef34
Fixes two bugs in the OP-TEE port
1. WTPI_GetBootCertificateChain() did not correctly zero pad ECC keys
that are smaller than 32 bytes.
2. wtpi_persistent_storage_layer2.c:write_raw_object() would overwrite
objects if an initial read failed.
Some changes were made to align the source code with the new devsite,
https://developers.devsite.corp.google.com/widevine.
Updates to documentation:
6cd6438a5 Update doc string for return values
8705af128 Move documentation of Resource Rating to devsite
f0394da46 Documentation: specify usage entry may not be reloaded
f7e1dd729 Documentation: clarify buffers sizes for DeriveKeys
305d98f4a Documentation: Entitled content keys are not wrapped
11174fd01 Documentation: Add figures to OEMCrypto API
e1fdbbfc2 Document buffer size for OEMCrypto_CopyBuffer
06dd39c46 Update return code docs for OEMCrypto_ReportUsage
b67a0c688 Documentation: Add parentheses so Doxygen creates links
369fcde53 Documentation: Add links from OEMCrypto API
a7489aa25 Remove extra blank line
Some unit tests were not compiling on some platforms. Some platforms
were not passing usage table duration tests even though they correctly
implemented the spec.
Update to tests:
0268104c1 Add curly braces in oemcrypto_test.cpp
8dce14f2d Update usage entry before sleeping
0c164a2c4 Use size_t for length in wvcrc32
The v16 state diagram says that a nonce should be included in all
license requests. The unit tests were not honoring this
requirement. This CL updates the unit tests to match the spec.
Bug: 186565384
Because the fake clock is getting out of sync with the real clock for
the nonce flood tests, add a call to TestSleep::SyncFakeClock() in
Clock::GetCurrentTime() to force a sync.
Bug: 198329759
There have been some failures with various RSA private keys. We add
them to the unit tests to make sure that OEMCrypto is able to load
these types of keys:
* Shorter than normal private exponents. This seems to occur
occasionally even with Euler totients. But it occurs more with
Carmichael totients.
* 0-leading-byte private exponents. This also occurs naturally for both
Euler and Carmichael totients.
* Carmichael vs Euler totients. I think we may already have tests for
this. But just in case.
Bug: 190450051
This CL merges some changes from branch rvc-dev to sc-dev that
prepared it for merge.
One change is that the unit tests now say they are part of Android S
instead of R.
Bug: 180546871
The OEMCrypto tests have tests that verify that entitled keys can be
loaded but not that they can be successfully used for decrypt. This
patch adds a decrypt portion to the existing tests.
As part of this, the existing Session::EncryptCTR() method and
portions of Session::TestDecryptCTR() are lifted to be static
functions so they can be shared across unrelated classes in
oec_session_util.cpp. EncryptCTR() had no dependence on its enclosing
class and is unchanged other than being moved outside the class.
To reduce ambiguity with the new decrypt verification, this patch also
renames EntitledMessage::VerifyEntitlementTestKeys() to the
more-specific EntitledMessage::VerifyKCBs(). Its behavior is
unchanged.
Bug: 186782279
GenerateSimpleSampleDescription() only had asserts to check parameters
that only came from other test code, so they weren't testing anything
of use. With the asserts removed, it's no longer necessary to wrap
calls to GenerateSimpleSampleDescription() with
ASSERT_NO_FATAL_FAILURE(), which a lot of callers were already
forgetting to do anyway. This also simplifies a future patch that will
generalize the decryption test code to work with entitlement licenses.
Bug: 186782279
This CL updates the fuzz tests as well as some changes to
documentation. A few OEMCrypto enumerations were updated to include
"test only" values to help the automated fuzz tools.
This should make it easier for partners to run fuzz testing on their
own implementations.
Bug: 186785830
Older versions of OEMCrypto spec did not require
OEMCrypto_ERROR_SHORT_BUFFER, and it is difficult for an OEMCrypto to
pass both this test and the unit tests shipped with CE CDM.
Bug: 166529517
This patch adds a suite of tests for OEMCrypto that verifying buffer
overflow and off-by-one errors. The reference code has also been
updated to pass these tests.
The ODK library and the OEMCrypto API have not changed since the
release of version 16.4.
The test OEMCryptoMemoryInstallKeyboxForHugeKeyboxBuffer is dangerous
because it attempts to pass garbage data to InstallKeybox. On a
production device this might erase the keybox.
- This updates the version compatibility document to clarify how the
Android hidl interface works.
- Testing of analog output was removed because the unit tests cannot
verify correct behaviour.
- Some buffer overflow tests have been added.
This update is not required for all devices. It is necessary for
supporting some use cases for offline licenses on devices that do not
support usage tables. Most devices are expected to support usage
tables.
There were no new changes to the OEMCrypto code. However, the ODK
library has been updated so the minior version has been updated to 4.
There were also some changes to the unit tests.
1. We added more tests for pattern decryption.
2. We added more tests for buffer overflow handling.
4. We added some support for fuzz testing. These tests are not quite
ready for wide use.
There were no new changes to the OEMCrypto code. However, the ODK
library changed, so we rolled the minor version number to 3. The ODK
library was updated to support a nonce-free offline license. An
offline license would not require a nonce if, for example, it is
preloaded onto the device and does not have an entry in the usage
table.
Also, the following unit tests have been updated:
1. Various tests: Keys are not derived if they are not used. This is more
in line with the “OEMCrypto state” diagram below.
2. The decrypt hash is not verified when there are multiple samples or no
key is selected.
3. LoadKeyWithNoRequest. A nonce-free license is loaded in a session that
did not sign the request. (Requires 16.3 ODK library)
4. RefreshLargeBuffer. The renewal message was set to the large
size. Previously, only the license request was set to the larger size.
5. OEMCryptoGenericCryptoTest.*LargeBuffer. The correct buffer size is
now being used.
6. ShrinkOverOpenSessions: The correct error code
OEMCrypto_ERROR_ENTRY_IN_USE is now verified.
7. TimeRollbackPrevention: The test was refactored and fixed. Comments
were added.
There were no function signature changes, so the API version number
did not change from 16.2. There were several grammar and spelling
errors. There were also the following corrections:
1. The description of OEMCrypto_LoadProvisioning now says that devices
with a keybox use keys derived from the keybox device key, and devices
using Provisioning 3.0 use keys derived from the session key. The
description was previously reversed.
2. The function OEMCrypto_SupportedPatterns is no longer
discussed. This function was never fully defined.
3. The function OEMCrypto_LoadRenewal no longer says that keys and key
control blocks should be verified. This is because the function
OEMCrypto_LoadRenewal processes a message with no key control
block. It should update timers for the entire license.
This CL updates the following:
- Some robustness improvements to the ODK library.
- Unit tests assume that license release does not have a core message.
- Added version string to unit tests.
The version string of the unit tests is now:
OEMCrypto unit tests for API 16.2. Tests last updated 2020-03-27
