Make change and version bump to AV1A.240912.001

Snap for 12347051 from 51944dc331 to vic-widevine-partner-release Change-Id: I076c755795b2245ef9754d50e885dcef5858354f
2024-09-12 08:12:18 +00:00
parent e8051d21be 51944dc331
commit 6a88607673
8 changed files with 91 additions and 8 deletions
--- a/libwvdrmengine/cdm/core/src/initialization_data.cpp
+++ b/libwvdrmengine/cdm/core/src/initialization_data.cpp
@@ -680,7 +680,7 @@ void InitializationData::DumpToLogs() const {
  if (!is_supported()) {
    LOGD("InitData: Not supported");
  }
-  if (!IsEmpty()) {
+  if (IsEmpty()) {
    LOGD("InitData: Empty");
  }
  std::string type_info = type();
@@ -736,6 +736,9 @@ void InitializationData::DumpToLogs() const {
    LOGD("InitData: entitlement_key_id %d: %s -> %s", i,
         wvutil::b2a_hex(key.entitlement_key_id()).c_str(),
         wvutil::b2a_hex(key.key_id()).c_str());
+    LOGD("InitData:    entitled_key %d: %s", i,
+         wvutil::b2a_hex(key.key()).c_str());
+    LOGD("InitData:    iv %d: %s", i, wvutil::b2a_hex(key.iv()).c_str());
  }
 }

--- a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
+++ b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
@@ -1285,6 +1285,10 @@ class Adapter {
    OEMCryptoResult result =
        pair.fcn->CreateEntitledKeySession(pair.session, key_session);
    if (result == OEMCrypto_SUCCESS) {
+      if (pair.session == *key_session) {
+        *key_session = oec_session;
+        return result;
+      }
      // Copy everything from |pair| except session field.
      LevelSession new_session;
      new_session.fcn = pair.fcn;
--- a/libwvdrmengine/cdm/core/test/license_holder.cpp
+++ b/libwvdrmengine/cdm/core/test/license_holder.cpp
@@ -7,6 +7,7 @@
 #include "license_request.h"
 #include "message_dumper.h"
 #include "oec_device_features.h"
+#include "properties.h"
 #include "test_base.h"

 namespace wvcdm {
@@ -126,10 +127,27 @@ void LicenseHolder::GenerateAndPostReleaseRequest(
  const std::string init_data_string = MakePSSH(pssh);
  const InitializationData init_data(kCencMimeType, init_data_string);
  init_data.DumpToLogs();
-  const CdmResponseType result = cdm_engine_->GenerateKeyRequest(
-      session_id_, key_set_id_, init_data, kLicenseTypeRelease,
-      empty_app_parameters, &request);
+
+  CdmSessionId session_id;
+  CdmKeySetId key_set_id;
+  CdmResponseType result;
+  // For Android when key set IDs are used, the key set ID passed in should have
+  // a value and the session ID should be empty.
+  if (!Properties::AlwaysUseKeySetIds()) {
+    key_set_id = key_set_id_;
+    result = cdm_engine_->OpenKeySetSession(key_set_id_, nullptr, nullptr);
+    ASSERT_EQ(NO_ERROR, result) << "Failed for " << content_id();
+    // For CE CDM, we only need the session ID to be valid.
+  } else {
+    session_id = session_id_;
+  }
+  result = cdm_engine_->GenerateKeyRequest(session_id, key_set_id, init_data,
+                                           kLicenseTypeRelease,
+                                           empty_app_parameters, &request);
  ASSERT_EQ(KEY_MESSAGE, result) << "Failed for " << content_id();
+  if (!Properties::AlwaysUseKeySetIds()) {
+    cdm_engine_->CloseKeySetSession(key_set_id_);
+  }
  if (config_.dump_golden_data()) {
    // TODO (b/295956275) vickymin: write DumpReleaseRequest function
    // MessageDumper::DumpReleaseRequest(request);
--- a/libwvdrmengine/cdm/core/test/policy_integration_test.cpp
+++ b/libwvdrmengine/cdm/core/test/policy_integration_test.cpp
@@ -19,6 +19,7 @@
 #include "license_holder.h"
 #include "log.h"
 #include "oec_device_features.h"
+#include "properties.h"
 #include "provisioning_holder.h"
 #include "test_base.h"
 #include "test_printers.h"
@@ -193,13 +194,24 @@ TEST_F(CorePIGTest, LicenseRelease1) {
  ASSERT_NO_FATAL_FAILURE(holder.FetchLicense());
  ASSERT_NO_FATAL_FAILURE(holder.LoadLicense());
  EXPECT_EQ(NO_ERROR, holder.Decrypt(key_id));
+  // For Android where AlwaysUseKeySetIds() is false, the CDM engine generates
+  // a session separately. Thus, we close the session and only for CE CDM reopen
+  // it for the license release.
+  ASSERT_NO_FATAL_FAILURE(holder.CloseSession());
+  if (Properties::AlwaysUseKeySetIds()) {
+    ASSERT_NO_FATAL_FAILURE(holder.OpenSession());
+    ASSERT_NO_FATAL_FAILURE(holder.ReloadLicense());
+  }
  ASSERT_NO_FATAL_FAILURE(holder.GenerateAndPostReleaseRequest(
      "CDM_UnlimitedStreaming_can_persist"));
  EXPECT_NE(NO_ERROR, holder.Decrypt(key_id));
  ASSERT_NO_FATAL_FAILURE(holder.FetchRelease());
  ASSERT_NO_FATAL_FAILURE(holder.LoadRelease());
  EXPECT_NE(NO_ERROR, holder.Decrypt(key_id));
-  ASSERT_NO_FATAL_FAILURE(holder.CloseSession());
+  // For CE CDM, we can close the session after we have gotten the release.
+  if (Properties::AlwaysUseKeySetIds()) {
+    ASSERT_NO_FATAL_FAILURE(holder.CloseSession());
+  }
 }

 /**
@@ -219,11 +231,22 @@ TEST_F(CorePIGTest, LicenseRelease2) {
  ASSERT_NO_FATAL_FAILURE(holder.FetchLicense());
  ASSERT_NO_FATAL_FAILURE(holder.LoadLicense());
  wvutil::TestSleep::Sleep(10);
+  // For Android where AlwaysUseKeySetIds() is false, the CDM engine generates
+  // a session separately. Thus, we close the session and only for CE CDM reopen
+  // it for the license release.
+  ASSERT_NO_FATAL_FAILURE(holder.CloseSession());
+  if (Properties::AlwaysUseKeySetIds()) {
+    ASSERT_NO_FATAL_FAILURE(holder.OpenSession());
+    ASSERT_NO_FATAL_FAILURE(holder.ReloadLicense());
+  }
  ASSERT_NO_FATAL_FAILURE(holder.GenerateAndPostReleaseRequest(
      "CDM_UnlimitedStreaming_can_persist"));
  ASSERT_NO_FATAL_FAILURE(holder.FetchRelease());
  ASSERT_NO_FATAL_FAILURE(holder.LoadRelease());
-  ASSERT_NO_FATAL_FAILURE(holder.CloseSession());
+  // For CE CDM, we can close the session after we have gotten the release.
+  if (Properties::AlwaysUseKeySetIds()) {
+    ASSERT_NO_FATAL_FAILURE(holder.CloseSession());
+  }
 }

 TEST_F(CorePIGTest, CastReceiverProvisioningUsingCdm) {
--- a/libwvdrmengine/cdm/core/test/test_base.cpp
+++ b/libwvdrmengine/cdm/core/test/test_base.cpp
@@ -189,6 +189,16 @@ enum OptionalBool {
 bool UnwrapOptionalBool(OptionalBool value, bool default_value) {
  return (value == kBoolUnset) ? default_value : (value == kBoolTrue);
 }
+
+// Increment counter for AES-CTR.  The CENC spec specifies we increment only
+// the low 64 bits of the IV counter, and leave the high 64 bits alone.  This
+// is different from the BoringSSL implementation, so we implement the CTR loop
+// ourselves.
+void ctr128_inc64(int64_t increaseBy, std::vector<uint8_t>& iv) {
+  uint64_t* counterBuffer = reinterpret_cast<uint64_t*>(&(iv[8]));
+  (*counterBuffer) =
+      wvutil::htonll64(wvutil::ntohll64(*counterBuffer) + increaseBy);
+}
 }  // namespace

 // Static WvCdmTestBase variables.
@@ -208,6 +218,26 @@ void WvCdmTestBase::StripeBuffer(std::vector<uint8_t>* buffer, size_t size,
  }
 }

+// Encrypt a block of data using CTR mode.
+std::vector<uint8_t> WvCdmTestBase::Aes128CtrEncrypt(
+    const std::vector<uint8_t>& key, const std::vector<uint8_t>& starting_iv,
+    const std::vector<uint8_t>& in_buffer) {
+  AES_KEY aes_key;
+  AES_set_encrypt_key(key.data(), AES_BLOCK_SIZE * 8, &aes_key);
+  std::vector<uint8_t> out_buffer(in_buffer.size());
+  std::vector<uint8_t> iv = starting_iv;
+  size_t l = 0;  // byte index into encrypted subsample.
+  while (l < in_buffer.size()) {
+    uint8_t aes_output[AES_BLOCK_SIZE];
+    AES_encrypt(iv.data(), aes_output, &aes_key);
+    for (size_t n = 0; n < AES_BLOCK_SIZE && l < in_buffer.size(); n++, l++) {
+      out_buffer[l] = aes_output[n] ^ in_buffer[l];
+    }
+    ctr128_inc64(1, iv);
+  }
+  return out_buffer;
+}
+
 std::string WvCdmTestBase::Aes128CbcEncrypt(std::vector<uint8_t> key,
                                            const std::vector<uint8_t>& clear,
                                            std::vector<uint8_t> iv) {
--- a/libwvdrmengine/cdm/core/test/test_base.h
+++ b/libwvdrmengine/cdm/core/test/test_base.h
@@ -76,6 +76,10 @@ class WvCdmTestBase : public ::testing::Test {
                                      const std::vector<uint8_t>& clear,
                                      std::vector<uint8_t> iv);
  // Helper method for doing cryptography.
+  static std::vector<uint8_t> Aes128CtrEncrypt(
+      const std::vector<uint8_t>& key, const std::vector<uint8_t>& starting_iv,
+      const std::vector<uint8_t>& in_buffer);
+  // Helper method for doing cryptography.
  static std::string SignHMAC(const std::string& message,
                              const std::vector<uint8_t>& key);

--- a/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp
+++ b/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp
@@ -1510,7 +1510,8 @@ static WvStatus getDeviceSignedCsrPayload(
    } else {
      return toNdkScopedAStatus(Status::BAD_VALUE);
    }
-  } else if (name == "certificateSigningRequestChallenge" && isCsrAccessAllowed()) {
+  } else if (name == "certificateSigningRequestChallenge" &&
+             isCsrAccessAllowed()) {
    mCertificateSigningRequestChallenge =
        std::string(_value.begin(), _value.end());
  } else if (name == "deviceInfo" && isCsrAccessAllowed()) {
--- a/libwvdrmengine/version.txt
+++ b/libwvdrmengine/version.txt
@@ -1 +1 @@
-AV1A.240907.001
+AV1A.240912.001