Older versions of OEMCrypto spec did not require
OEMCrypto_ERROR_SHORT_BUFFER, and it is difficult for an OEMCrypto to
pass both this test and the unit tests shipped with CE CDM.
Bug: 166529517
This patch adds a suite of tests for OEMCrypto that verifying buffer
overflow and off-by-one errors. The reference code has also been
updated to pass these tests.
The ODK library and the OEMCrypto API have not changed since the
release of version 16.4.
The test OEMCryptoMemoryInstallKeyboxForHugeKeyboxBuffer is dangerous
because it attempts to pass garbage data to InstallKeybox. On a
production device this might erase the keybox.
- This updates the version compatibility document to clarify how the
Android hidl interface works.
- Testing of analog output was removed because the unit tests cannot
verify correct behaviour.
- Some buffer overflow tests have been added.
This update is not required for all devices. It is necessary for
supporting some use cases for offline licenses on devices that do not
support usage tables. Most devices are expected to support usage
tables.
There were no new changes to the OEMCrypto code. However, the ODK
library has been updated so the minior version has been updated to 4.
There were also some changes to the unit tests.
1. We added more tests for pattern decryption.
2. We added more tests for buffer overflow handling.
4. We added some support for fuzz testing. These tests are not quite
ready for wide use.
There were no new changes to the OEMCrypto code. However, the ODK
library changed, so we rolled the minor version number to 3. The ODK
library was updated to support a nonce-free offline license. An
offline license would not require a nonce if, for example, it is
preloaded onto the device and does not have an entry in the usage
table.
Also, the following unit tests have been updated:
1. Various tests: Keys are not derived if they are not used. This is more
in line with the “OEMCrypto state” diagram below.
2. The decrypt hash is not verified when there are multiple samples or no
key is selected.
3. LoadKeyWithNoRequest. A nonce-free license is loaded in a session that
did not sign the request. (Requires 16.3 ODK library)
4. RefreshLargeBuffer. The renewal message was set to the large
size. Previously, only the license request was set to the larger size.
5. OEMCryptoGenericCryptoTest.*LargeBuffer. The correct buffer size is
now being used.
6. ShrinkOverOpenSessions: The correct error code
OEMCrypto_ERROR_ENTRY_IN_USE is now verified.
7. TimeRollbackPrevention: The test was refactored and fixed. Comments
were added.
There were no function signature changes, so the API version number
did not change from 16.2. There were several grammar and spelling
errors. There were also the following corrections:
1. The description of OEMCrypto_LoadProvisioning now says that devices
with a keybox use keys derived from the keybox device key, and devices
using Provisioning 3.0 use keys derived from the session key. The
description was previously reversed.
2. The function OEMCrypto_SupportedPatterns is no longer
discussed. This function was never fully defined.
3. The function OEMCrypto_LoadRenewal no longer says that keys and key
control blocks should be verified. This is because the function
OEMCrypto_LoadRenewal processes a message with no key control
block. It should update timers for the entire license.
This CL updates the following:
- Some robustness improvements to the ODK library.
- Unit tests assume that license release does not have a core message.
- Added version string to unit tests.
The version string of the unit tests is now:
OEMCrypto unit tests for API 16.2. Tests last updated 2020-03-27
This commit contains the updated v16.1 documentation dated Nov 12th,
as well has the headers and update ODK library.
Unit tests and reference code is partially implemented, but not yet
complete.
This commit has the initial ODK library. Partners may use this code
to begin integrating the ODK library into their platform. The
functionality is not complete, but this should help partners get an
early start playing with build files.
This change updates the unit tests to have more comments so that it is
more clear what went wrong if a test fails.
Also, some utility code has been changed to make it easier to support
new platforms and read/write locks.
Also, the reference code has had some refactoring added to make it
easier for Widevine to test CDM code. There should be no
functionality differences in the reference code.
Also, in the main API doc, there was an obsolete paragraph in the
description of the threading model. This paragraph has been removed.
This CL updates documentation, reference code, and unit tests to match
the OEMCrypto v15.1 API.
1. The design for the Full Decrypt Path Testing application has
changed. Instead of reading hashes from an external file, it will use
a single key frame and modify it to match the desired size. The test
application will then compute the hash and encrypt the frame. For
OEMCrypto, this means that there will not be a call to
OEMCrypto_InitializeDecryptHash before the frame and
OEMCrypto_SetDecryptHash after the frame. Instead, there will be a
single call to OEMCrypto_SetDecryptHash before the frame. The function
OEMCrypto_InitializeDecryptHash will not be used.
2. The "Shared License" feature is not used by any production
server. This functionality is no longer required and OEMCrypto may
reject licenses with a nonzero bit 23 in the key control block.
This CL updates has several changes.
The document WidevineModularDRMSecurityIntegrationGuideforCENC_v14.pdf
had an incorrect definition of the PST_Report structure. The header
file had the correct definition. This has been updated and the version
number of the document was rolled to 14.1
The unit tests TwoHundredEntries has been modifed to make sure that if
the usage table is full, then OEMCrypto will return the error
OEMCrypto_ERROR_INSUFFICIENT_RESOURCES. This is important for the CDM
layer to correctly delete old licenses and secure stops when this
happens.
Several other unit tests covering corner cases have been added.
The reference code has been cleaned up a bit. Some logging that might
be dangerous has been removed.
This renames the "mock" code to "reference" because that's really what
it is. Also, some code has been moved from the CDM repo to a common
utility directory so that it can be included here, and the oemcrypto
unit tests can now be built without having access to a current CDM
repo.
There are no functionality changes in this CL.
This change updates the copyright notice to make it more clear that
the code is distribued under the Widevine Master License Agreement.
It also updates the unit tests and sample code to correct the useage
of AES 256. AES 256 is used to decrypt entitled content keys, but it
is not used to decrypt key control blocks.
