Some changes were made to align the source code with the new devsite,
https://developers.devsite.corp.google.com/widevine.
Updates to documentation:
6cd6438a5 Update doc string for return values
8705af128 Move documentation of Resource Rating to devsite
f0394da46 Documentation: specify usage entry may not be reloaded
f7e1dd729 Documentation: clarify buffers sizes for DeriveKeys
305d98f4a Documentation: Entitled content keys are not wrapped
11174fd01 Documentation: Add figures to OEMCrypto API
e1fdbbfc2 Document buffer size for OEMCrypto_CopyBuffer
06dd39c46 Update return code docs for OEMCrypto_ReportUsage
b67a0c688 Documentation: Add parentheses so Doxygen creates links
369fcde53 Documentation: Add links from OEMCrypto API
a7489aa25 Remove extra blank line
Some unit tests were not compiling on some platforms. Some platforms
were not passing usage table duration tests even though they correctly
implemented the spec.
Update to tests:
0268104c1 Add curly braces in oemcrypto_test.cpp
8dce14f2d Update usage entry before sleeping
0c164a2c4 Use size_t for length in wvcrc32
The v16 state diagram says that a nonce should be included in all
license requests. The unit tests were not honoring this
requirement. This CL updates the unit tests to match the spec.
Bug: 186565384
Because the fake clock is getting out of sync with the real clock for
the nonce flood tests, add a call to TestSleep::SyncFakeClock() in
Clock::GetCurrentTime() to force a sync.
Bug: 198329759
There have been some failures with various RSA private keys. We add
them to the unit tests to make sure that OEMCrypto is able to load
these types of keys:
* Shorter than normal private exponents. This seems to occur
occasionally even with Euler totients. But it occurs more with
Carmichael totients.
* 0-leading-byte private exponents. This also occurs naturally for both
Euler and Carmichael totients.
* Carmichael vs Euler totients. I think we may already have tests for
this. But just in case.
Bug: 190450051
This CL merges some changes from branch rvc-dev to sc-dev that
prepared it for merge.
One change is that the unit tests now say they are part of Android S
instead of R.
Bug: 180546871
The OEMCrypto tests have tests that verify that entitled keys can be
loaded but not that they can be successfully used for decrypt. This
patch adds a decrypt portion to the existing tests.
As part of this, the existing Session::EncryptCTR() method and
portions of Session::TestDecryptCTR() are lifted to be static
functions so they can be shared across unrelated classes in
oec_session_util.cpp. EncryptCTR() had no dependence on its enclosing
class and is unchanged other than being moved outside the class.
To reduce ambiguity with the new decrypt verification, this patch also
renames EntitledMessage::VerifyEntitlementTestKeys() to the
more-specific EntitledMessage::VerifyKCBs(). Its behavior is
unchanged.
Bug: 186782279
GenerateSimpleSampleDescription() only had asserts to check parameters
that only came from other test code, so they weren't testing anything
of use. With the asserts removed, it's no longer necessary to wrap
calls to GenerateSimpleSampleDescription() with
ASSERT_NO_FATAL_FAILURE(), which a lot of callers were already
forgetting to do anyway. This also simplifies a future patch that will
generalize the decryption test code to work with entitlement licenses.
Bug: 186782279
This CL updates the fuzz tests as well as some changes to
documentation. A few OEMCrypto enumerations were updated to include
"test only" values to help the automated fuzz tools.
This should make it easier for partners to run fuzz testing on their
own implementations.
Bug: 186785830
Older versions of OEMCrypto spec did not require
OEMCrypto_ERROR_SHORT_BUFFER, and it is difficult for an OEMCrypto to
pass both this test and the unit tests shipped with CE CDM.
Bug: 166529517
This patch adds a suite of tests for OEMCrypto that verifying buffer
overflow and off-by-one errors. The reference code has also been
updated to pass these tests.
The ODK library and the OEMCrypto API have not changed since the
release of version 16.4.
The test OEMCryptoMemoryInstallKeyboxForHugeKeyboxBuffer is dangerous
because it attempts to pass garbage data to InstallKeybox. On a
production device this might erase the keybox.
- This updates the version compatibility document to clarify how the
Android hidl interface works.
- Testing of analog output was removed because the unit tests cannot
verify correct behaviour.
- Some buffer overflow tests have been added.
This update is not required for all devices. It is necessary for
supporting some use cases for offline licenses on devices that do not
support usage tables. Most devices are expected to support usage
tables.
There were no new changes to the OEMCrypto code. However, the ODK
library has been updated so the minior version has been updated to 4.
There were also some changes to the unit tests.
1. We added more tests for pattern decryption.
2. We added more tests for buffer overflow handling.
4. We added some support for fuzz testing. These tests are not quite
ready for wide use.
There were no new changes to the OEMCrypto code. However, the ODK
library changed, so we rolled the minor version number to 3. The ODK
library was updated to support a nonce-free offline license. An
offline license would not require a nonce if, for example, it is
preloaded onto the device and does not have an entry in the usage
table.
Also, the following unit tests have been updated:
1. Various tests: Keys are not derived if they are not used. This is more
in line with the “OEMCrypto state” diagram below.
2. The decrypt hash is not verified when there are multiple samples or no
key is selected.
3. LoadKeyWithNoRequest. A nonce-free license is loaded in a session that
did not sign the request. (Requires 16.3 ODK library)
4. RefreshLargeBuffer. The renewal message was set to the large
size. Previously, only the license request was set to the larger size.
5. OEMCryptoGenericCryptoTest.*LargeBuffer. The correct buffer size is
now being used.
6. ShrinkOverOpenSessions: The correct error code
OEMCrypto_ERROR_ENTRY_IN_USE is now verified.
7. TimeRollbackPrevention: The test was refactored and fixed. Comments
were added.
There were no function signature changes, so the API version number
did not change from 16.2. There were several grammar and spelling
errors. There were also the following corrections:
1. The description of OEMCrypto_LoadProvisioning now says that devices
with a keybox use keys derived from the keybox device key, and devices
using Provisioning 3.0 use keys derived from the session key. The
description was previously reversed.
2. The function OEMCrypto_SupportedPatterns is no longer
discussed. This function was never fully defined.
3. The function OEMCrypto_LoadRenewal no longer says that keys and key
control blocks should be verified. This is because the function
OEMCrypto_LoadRenewal processes a message with no key control
block. It should update timers for the entire license.
This CL updates the following:
- Some robustness improvements to the ODK library.
- Unit tests assume that license release does not have a core message.
- Added version string to unit tests.
The version string of the unit tests is now:
OEMCrypto unit tests for API 16.2. Tests last updated 2020-03-27
This commit contains the updated v16.1 documentation dated Nov 12th,
as well has the headers and update ODK library.
Unit tests and reference code is partially implemented, but not yet
complete.
This commit has the initial ODK library. Partners may use this code
to begin integrating the ODK library into their platform. The
functionality is not complete, but this should help partners get an
early start playing with build files.
This change updates the unit tests to have more comments so that it is
more clear what went wrong if a test fails.
Also, some utility code has been changed to make it easier to support
new platforms and read/write locks.
Also, the reference code has had some refactoring added to make it
easier for Widevine to test CDM code. There should be no
functionality differences in the reference code.
Also, in the main API doc, there was an obsolete paragraph in the
description of the threading model. This paragraph has been removed.
This CL updates documentation, reference code, and unit tests to match
the OEMCrypto v15.1 API.
1. The design for the Full Decrypt Path Testing application has
changed. Instead of reading hashes from an external file, it will use
a single key frame and modify it to match the desired size. The test
application will then compute the hash and encrypt the frame. For
OEMCrypto, this means that there will not be a call to
OEMCrypto_InitializeDecryptHash before the frame and
OEMCrypto_SetDecryptHash after the frame. Instead, there will be a
single call to OEMCrypto_SetDecryptHash before the frame. The function
OEMCrypto_InitializeDecryptHash will not be used.
2. The "Shared License" feature is not used by any production
server. This functionality is no longer required and OEMCrypto may
reject licenses with a nonzero bit 23 in the key control block.
This CL updates has several changes.
The document WidevineModularDRMSecurityIntegrationGuideforCENC_v14.pdf
had an incorrect definition of the PST_Report structure. The header
file had the correct definition. This has been updated and the version
number of the document was rolled to 14.1
The unit tests TwoHundredEntries has been modifed to make sure that if
the usage table is full, then OEMCrypto will return the error
OEMCrypto_ERROR_INSUFFICIENT_RESOURCES. This is important for the CDM
layer to correctly delete old licenses and secure stops when this
happens.
Several other unit tests covering corner cases have been added.
The reference code has been cleaned up a bit. Some logging that might
be dangerous has been removed.
This renames the "mock" code to "reference" because that's really what
it is. Also, some code has been moved from the CDM repo to a common
utility directory so that it can be included here, and the oemcrypto
unit tests can now be built without having access to a current CDM
repo.
There are no functionality changes in this CL.
This change updates the copyright notice to make it more clear that
the code is distribued under the Widevine Master License Agreement.
It also updates the unit tests and sample code to correct the useage
of AES 256. AES 256 is used to decrypt entitled content keys, but it
is not used to decrypt key control blocks.
