(This is a merge of http://go/wvgerrit/153552.)
The correct way to create a FileSystem object for testing CdmEngine
depends on the platform. However, our code has historically just
instantiated a new FileSystem object using the default constructor. This
works fine for Android and has historically worked fine for the CE CDM
tests because they did not implement storage correctly. However, an
upcoming commit will fix the implementation of storage in the CE CDM
TestHost, causing tests that use a default FileSystem constructor to
fail. This patch adds a new platform-defined function that instantiates
per-origin test storage in a platform-correct way. For Android, it
continues to use the default constructor, while for CE CDM, it uses the
TestHost.
Bug: 193060708
Test: x86-64 w/ storage separated
Test: build_and_run_all_unit_tests.sh
Change-Id: I0a9b6a4d3943e053d51d6018e392b7f215f50642
Merged from http://go/wvgerrit/147689
The default is to build for AIDL Widevine service.
Use "-t hidl" in build_and_run_all_unit_tests.sh or
build_all_unit_tests.sh to build for HIDL service.
Test: ./build_all_unit_tests -t hidl
Test: ./build_and_run_all_unit_tests -t hidl
Test: ./build_all_unit_tests
Test: ./build_and_run_all_unit_tests
Bug: 217247987
Change-Id: Ie7c51033f4aba341c829ccc8f846a6cfeab76df3
The interface is defined in
hardware/interfaces/drm/aidl(http://go/ag/15329852).
Test: build
m android.hardware.drm-service.widevine -j128
Test: build_and_run_all_unit_tests.sh
for hidl tests
Test: atest VtsAidlHalDrmTargetTest
Bug: 200055138
Bug: 170964303
Change-Id: If2f2a129914436ba5cef1c46f6cb9415e12c3d1c
[ Merge of http://go/wvgerrit/143889 ]
New test binary for generating code coverage information. Run several
reliable, short runnning unit tests. Actual test failures do not
affect the result of this test.
Bug: 138941105
Bug: 191681397
Test: Android cdm_coverage_test
Change-Id: I6b74d361a8a0e2896e0489acaa64d264158ecaa4
[ Merge of http://go/wvgerrit/119804 ]
The coverage framework used by Android requires the process to call
exit() for coverage information to be dumped after the tests.
Android unit tests have been adapted to use the a new main module.
The core test_main.cpp used by integration tests has been updated to
call exit().
Bug: 138941105
Test: Linux and Android unittests
Change-Id: Ifffc7b8290c50dffe527738a36547c1d2fb90bd3
This commit is a combination of the following:
* http://go/wvgerrit/117003
* http://go/wvgerrit/118303
Bug: 162255728
Test: MediaDrmTest#testGetLogMessages
Change-Id: I5699b64d5c4bab463e5b587595fa7d324dc1d93f
This is a cherry pick of recent changes to OEMCrypto and ODK. Most of
these are part of the document migration to doxygen.
See http://go/wvgerrit/106005 and its parents for code reviews.
Bug: 144715340
Bug: 148232693
Bug: 167580674
Change-Id: I658f99c8117b974faed97322d61fac0f382283af
Merge of http://go/wvgerrit/93404
This CL updates the Widevine CDM to support OEMCrypto v16.1
Test: Tested in 16.2 CL
Bug: 141247171
Change-Id: I69bd993500f6fb63bf6010c8b0250dc7acc3d71b
The use of static libcrypto.so breaks FIPS cert.
Switch to use dynamic libcrypto.so.
Also merge in http://go/ag/9416801 changes. Static
libcrypto can be used for modules that do not affect
FIPS cert.
Merged from http://go/wvgerrit/86345
Test: Widevine unit tests, Play Movies & TV, Netflix
Test: quick GTS playback tests
ANDROID_BUILD_TOP= ./android-gts/tools/gts-tradefed run gts -m GtsMediaTestCases --test com.google.android.media.gts.MediaDrmTest#testWidevineApi29
ANDROID_BUILD_TOP= ./android-gts/tools/gts-tradefed run gts -m GtsExoPlayerTestCases --test com.google.android.exoplayer.gts.DashTest#testWidevine23FpsH264Fixed
bug: 141150503
Change-Id: I6427c5a86e52e9cfb800d35ac0a3a67011039d10
[ Merge of http://go/wvgerrit/73044 ]
The tests currently get copied to /data/bin. Changes in location
of system libraries causes test failures when tests are unable to
find dependent dynamic libraries.
Bug: 123879070
Test: WV unit/integration tests
Change-Id: I86edbe33b4753238fcf8b84243ac6e6c058ea145
[ Merge of http://go/wvgerrit/70203 ]
The earlier property_get() method had a limitation on property length.
Properties of some new devices exceed that length. An error message
is returned rather than a truncated string. Replace its use with
android::base::GetProperty() which does not have a length limitation.
Bug: 115358798
Test: WV unit/integration tests
Change-Id: I46ce9a7e77bcd031225d0082f83c57d484fe5405
Merge from Widevine repo of http://go/wvgerrit/56520
This CL adds a test base that installs a test keybox and catches nonce
flood errors for all CDM tests.
In order to do this, a new class is added called a
CryptoSessionFactory. The default factory just creates a new
CryptoSession. All places in the code that create a new CryptoSession
now call the static method MakeCryptoSession, which uses the current
factory to create a CryptoSession. If MakeCryptoSession is called and
there is no current factory, a default factory is created.
The CryptoSession constructor is now private, so that we do not
accidentally try to create one without using the factory.
For the new test base, we first create a special test
CryptoSessionFactory that creates a TestCryptoSession. The test
factory catches the first call to MakeCryptoSession and injects an
installation of the test keybox after OEMCrypto_Initialize is called.
The TestCryptoSession injects a sleep statement and a retry whenever
it detects a nonce flood.
Test: current unit tests still pass.
bug: 72354901 Fix Generic Crypto tests.
bug: 111361440 Remove #ifdef from unit tests
Change-Id: I248e7f3c53721c04d2af412ef835e19bb4d15d9a
Merge from Widevine repo of http://go/wvgerrit/46204
Refactor utility code - split the mock, step 1
Merge from Widevine repo of http://go/wvgerrit/46205
Move some OEMCrypto types to common header - split the mock, step 2
Merge from Widevine repo of http://go/wvgerrit/46206
Split mock into two -- step 3
Merge from Widevine repo of http://go/wvgerrit/47460
Split the mock into two -- step 3.5
The CL moves several files used by oemcrypto and cdm into a common
subdirectory, so that it may more easily be shared with partners.
The CORE_DISALLOW_COPY_AND_ASSIGN macro was moved to its own header in
the util/include directory.
This CL removes some references to the mock from other code, and puts
some constants and types, such as the definition of the keybox, into a
header in oemcrypto.
Test: tested as part of http://go/ag/4674759
bug: 76393338
Change-Id: I75b4bde7062ed8ee572c97ebc2f4da018f4be0c9
Merge from Widevine repo of http://go/wvgerrit/42020
This CL fixes the OEMCrypto unit tests for refresh license.
Test: ran unit tests
bug: 64851667
bug: 72497813
Change-Id: Ice1661fd832793358b725be9016d85465f6b8d14
These are a set of CLs merged from the wv cdm repo to the android repo.
* Enable Cast for Android Things build.
Author: Thoren Paulson <thoren@google.com>
[ Merge of http://go/wvgerrit/29941 ]
Added a path to make_cast_libwvlevel3 for Android Things. Added the new
system id to the preprocessor guards in android_keybox.cpp. Guarded the
references to stderr in page_allocator.cpp because for some reason they
don't get resolved when we link against the resulting library.
BUG: 63443584
* Resolve memory leaks in use of OpenSSL.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32700 ]
Use of EVP_CIPHER_CTX requires a call to EVP_CIPHER_CTX_cleanup().
* Memory leak in OpenSSL RSA key handling.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32621 ]
This fixes a range of tests. --gtest_filter="CdmDecrypt*" runs
five tests and still loses 5 objects totalling 1320 bytes (down
from 6200 bytes).
* Unit test and mock OEMCrypto memory leaks.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32640 ]
More memory leak cleanup. All remaining leaks are due
to calls to CRYPTO_malloc() without the matching free
(i.e., calls into openssl).
* Clean up memory leaks in tests.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32600 ]
This is the first pass at cleaning up memory leaks. These leaks
were affecting a lot of tests, making it hard to identify more
serious leaks.
Switch to unique_ptr<> pointers for CdmEngine in
generic_crypto_unittest tests for FileSystem object in
mock OEMCrypto's CryptoEngine object.
* Fix broken tests - linux-only & address sanitizer failures.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32460 ]
Fix broken test:
WvCdmEnginePreProvTestStaging.ServiceCertificateInitialNoneTest
Fix failures found by address sanitizer:
DeviceFilesUsageInfoTest.RetrieveByProviderSessionToken
DeviceFilesUsageInfoTest.UpdateUsageInfo
NOTE: address sanitizer cannot handle EXPECT_CALL macros containing
a call with a Contains matcher as an argument, e.g.:
EXPECT_CALL(file,
Write(Contains(certificate, wrapped_private_key, 0),
Gt(certificate.size() + wrapped_private_key.size())))
The address sanitizer reports a crash, issues a report, and stops. A
temporary fix is to replace the "Contains()" argument with "_".
* Usage license handling corrections
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/28540 ]
Validate that offline licenses that do not contain a provider session
token are not handled by the TEE.
BUG: 38490468
Test: WV Unit/integration tests, GtsMediaTestCases,
WvCdmRequestLicenseTest.ReleaseRetryL3OfflineKeySessionUsageDisabledTest
* UsageTableEntry::CopyOldUsageEntry memcpy read out of range.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/32220 ]
The function copies the pst from a variable length input vector
into a 256 byte character array. But the length argument was a
fixed value - MAC_KEY_SIZE. Depending on the actual PST length this
can lead to memcpy reading out of bounds or the PST getting truncated.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I81a4593d7d04d0ef6069ce48d0601b6fbdd85de9
These are a set of CLs merged from the wv cdm repo to the android repo.
* Correct RELEASE_ALL_USAGE_INFO_ERRORs
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/28742 ]
RELEASE_ALL_USAGE_INFO_ERROR_4 and 5 were introduced and made use of in
http://go/wvgerrit/24022 (branch: oc-dev). The error code definitions
were merged over in http://go/wvgerrit/24602.
When http://go/wvgerrit/24622 from cdm_partners_3.2 was merged to master
(http://go/wvgerrit/27723) there was conflict in error codes. The error
codes were adjusted to RELEASE_ALL_USAGE_INFO_ERROR_3 and 4
and were made use of.
To avoid renaming the errors between oc-dev and master, new errors
RELEASE_ALL_USAGE_INFO_ERROR_6 and 7 have been added to handle the
scenarios noted in the merge from cdm_partner_3.2. The other
errors have been reverted back to RELEASE_ALL_USAGE_INFO_ERROR_4 and 5.
They will be used when http://go/wvgerrit/24602 is merged.
* Address compilation issues
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/28740 ]
These changes enable compilation of most of the cdm code on android
expect for OEMCrypto unit tests (b/62739406) on wv master.
* Add property for binary/base64 provisioning msgs.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28074 ]
Property is "provisioning_messages_are_binary". Its default setting is
false in the CE CDM, but it can be overridden by integrators.
Added section to integration guide that discusses Provisioning Server
message formats and the new property.
Link: https://docs.google.com/document/d/1cBVbhgrajLpDe2W3_vzLzUqzpdDt73chvm4_sZlZlS8/edit#heading=h.hgxw53ddw7jo
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I9168193819974d1ff65d9a94dbd762e45ecc43ca
Below are a set of CLs being merged from the wv cdm repo to the android repo.
* Fix handling of OEM Cert public key.
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/27921 ]
This is a potential fix for b/36656190. Set aside public
key on first call to get the public key, and use it afterwards.
This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(),
which has side-effect of staging the OEM private key.
This also fixes a problem where the public cert string was
not being trimmed to match the size returned by
OEMCrypto_GetOEMPublicCertificate().
* Complete provisioning request/response for Provisioning 3.0
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Fix bug on provisioning request path where GenerateDerivedKeys()
was being called when preparing to generate the signature.
Add message signature verification, and call correct OEMCrypto
routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30).
* Implement Cdm::deleteAllUsageRecords()
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Delete all usage records for current origin. Removes usage
records from file system and retains the PSTs. The deletes
any usage entries matching those PSTs held by OEMCrypto.
BUG: 35319024
* Remove stringencoders library from third_party.
Author: Jacob Trimble <modmaker@google.com>
[ Merge of http://go/wvgerrit/27585 ]
We have a fork of the stringencoders library that we use for base64
encoding. This reimplements base64 encoding to remove the extra
dependency and to reduce the amount of code.
* Add Cdm::deleteUsageRecord() based on key_set_id.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27605 ]
Delete specified usage record from file system usage info and
from OEMCrypto.
BUG: 35319024
* Modifiable OEMCrypto
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/24729 ]
This CL adds a new variant of the OEMCrypto mock code that adjusts its
behavior based on a configuration file. This is intended for
testing.
For example, a tester can set current_hdcp to 2 in the options.txt
file, push it to the device, and verify that a license is granted for
HDCP 2.0. Then the tester can edit the value of current_hdcp to 1 and
push the file to the device. Playback should stop because the license
is no longer valid.
This variant uses a real level 1 liboemcrypto.so to push data to a
secure buffer. That means we can test playback for a license that
requires secure buffers on an Android device with real secure buffers.
BUG: 35141278
BUG: 37353534
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I58443c510919e992bb455192e70373490a00e2b6
The tests are using vendor only libs such as libcdm and libwvlevel3,
thus marked as LOCAL_PROPRIETARY_MODULE to use the libs. In addition,
the dependency to libmedia is changed to libmedia_omx since libmedia is
not available to vendor modules. UniquePtr is replaced with
std::unique_ptr since UniquePtr.h in /libnativehelper is not available
to vendors (and will not be completely removed in a near future).
Bug: 37342627
Test: BOARD_VNDK_VERSION=current m -j tests
Change-Id: I4e9d3267b20c1d52f57664b89f15330e2ebd953d
Tradefed needs these tests to be in the /DATA directory.
Test: cd vendor/widevine && ./build_and_run_all_unit_tests
All tests should build and pass.
make tests
unzip android-tests.zip and verify all tests located in DATA/bin
Bug: 62055647
Change-Id: I35925e29558561c4726bb2249499bfee4e54cf45
This commit changes the unit tests and HAL Service to run as 64-bit on
devices that have enabled 64-bit DRM Plugins.
Bug: 36076017
Test: Turned on the flag for a device and used the file command to
verify that all binaries were built as 64-bit.
Test: Turned the flag back off and verified that all binaries were built
as 32-bit. This should affect no current devices.
Change-Id: Ieb7218f15b9359f2038a6f60b8c994b16d2b5b53
(This is a merge of wvgerrit/24922)
This contains several fixes and improvements to the
build_and_run_all_unit_tests.sh and run_all_unit_tests.sh scripts:
* All tests are now identified as vendor binaries and thus are stored in
the /vendor/bin/ directory instead of /system/bin/. Previously, some
tests had moved to /vendor/bin/ but the scripts had not been updated,
causing these tests to fail to run.
* The -j parameter can now be passed to build_and_run_all_unit_tests.sh,
for those who want to speed up their build by using multiple cores.
* The 64-bit library directories are now added to the library search
path, in anticipation of devices with 64-bit DRM Plugins.
* Checking for Verity protection is now done in
build_and_run_all_unit_tests.sh (which is the script that actually
modifies the file system) instead of just in run_all_unit_tests.sh.
* The library search path is no longer set unnecessarily for
libwvdrmengine_hidl_test.
* The Treble-only tests and non-Treble-only tests now only run on
devices that meet their respective criteria.
Bug: 36071236
Test: Ran build_and_run_all_unit_tests.sh
Change-Id: Iea236880c4445858111c801dfa278a528bca0f6c
(This is a merge of http://go/wvgerrit/24738)
The change to enable 64-bit as a possible target for Widevine Android
made all the unit tests build as 64-bit on compatible platforms. Since
none of these devices support 64-bit properly yet, this is a mistake.
This patch restores unit test builds to being 32-bit only for now.
In the future, when the switch for 64-bit-supporting devices is added,
it will also switch the unit tests to 64-bit mode.
Bug: 36071236
Test: Verified unit test format with "file" command.
Change-Id: Ib4d3678181f3221b85fe6409f1d842dd15af3daa
(This is a merge of go/wvgerrit/23686)
This patch removes the makefile lines that previously prevented the
Widevine DRM Plugin from being built as 64-bit on Android. 64-bit
builds are now fully supported.
Only one piece of CDM code has had to change. Due to a bug in
libprotobuf before v3.0, int64 values from protobufs are technically a
different type from int64_t values in code on some 64-bit
architectures. Both have the same in-memory representation at runtime
but are seen as distinct types by the compiler. The compiler will
automatically convert in most places, but template instantiation is
not one of them, so a few places that passed a Protobuf int64 directly
into a template had to be modified.
Please note that tweaks to the mediadrmserver (not covered by this
patch) are needed in order for it to run as 64-bit and load 64-bit DRM
Plugins. Please also note that, as we have no 64-bit L1 OEMCrypto on
any devices, using the 64-bit mediadrmserver and Widevine library will
make your device fall back to L3 for the time being.
Bug: 18949752
Test: OEMCrypto unit tests
Test: Widevine unit tests
Test: Google Play (on Marlin)
Test: Widevine GTS Tests (on Marlin)
Change-Id: Ib6cdf2dd1ff75a1c473cacdc5e22397caa0a656c
This change is the complete Widevine metrics system. It will
measure and record runtime information about what is happening
in the CDM - such as errors and throughput.
Bug: 33745339
Bug: 26027857
Change-Id: Ic9a82074f1e2b72c72d751b235f8ae361232787d
[ Merge of http://go/wvgerrit/23167 ]
This allows CryptoSession to support the new functionality added to
OEMCrypto to support big usage tables. No changes in behavior yet.
Code that calls these methods will be in a subsequent CL.
b/34327459
* Minor changes to cdm/Android.mk and cdm/test/unit-test.mk to remove
profiler changes that were missed in previous releases.
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: I9becd97c5a8ddf74d30fabd1251e796b534c010f
This CL merges several CLs from the widevine repo:
http://go/wvgerrit/18012 Add support for querying allowed usage for key.
http://go/wvgerrit/17971 Add per-origin storage.
http://go/wvgerrit/18152 Add OEMCrypto's generic crypto operations to CDM.
http://go/wvgerrit/17911 QueryKeyControlInfo => QueryOemCryptoSessionId
Note: numbering in wv_cdm_types.h was added in this CL and will be
back ported to wvgerrit in a future CL.
Change-Id: Idb9e9a67e94f62f25dc16c5307f75a08b3430b64
(In addition to being a merge of http://go/wvgerrit/17394, this commit
updates tests/Android.mk to no longer try to build the private gMock.)
Previously, we maintained our own version of gMock (named libwvgmock
to avoid naming conflicts) and depended on it for our unit tests. Now
that Android has gMock in the externals/ directory and vaage@ has
eliminated the need for us to customize gMock's arity, we can stop
depending on or maintaining our own copy.
Bug: 26907374
Change-Id: Ia01d6c02e2f28a642480d7ef178b9bc3dde6d306
[ Merge of http://go/wvgerrit/16628 ]
Jsmn will replace a local method that parsed json init data.
Added a fix to include all key Ids in the WidevineCencHeader rather than
just the first. Also modified the content_id to reflect that it is a
base64 encoded value.
b/20630275
Change-Id: I7080c8cea21be4dea09a4905a96b4cc03e584c1d
Merge from widevine repo of http://go/wvgerrit/15659
The clang compiler is more strict about C++11. This is needed for
future Android work.
In particular, iostream no longer converts to bool automtically, so
those instances were replaced with ss.fail().
Arrays or structures that appear to be variable length need to be
placed last in a structure. In oemcrypto_test a variable size
structure was replaced with an explicit buffer size, and a check was
added to make sure the buffer is not exceeded.
bug: 20893039
Change-Id: I5e25fc618dcf68262079c15554ee4ceae1858b8b
(This is a merge of http://go/wvgerrit/14795)
This change restores the ability to build the Widevine CDM for Android
for MIPS devices. It restores the precompiled binaries for MIPS and
re-adds MIPS to all makefiles.
This change includes a new build of the obfuscated binaries for
MIPS32r1 that were built using a MIPS device on the emulator.
level3/mips/libwvlevel3.a Level3 Library Jun 19 2015 12:32:49
Bug: 19482469
Change-Id: Ifa1c299a5751f3772c42289d8333a2b8cec51f69
The external/gmock project does not include the patches needed for
widevine, so renaming the internal copy allows both to coexist in the
build system.
Change-Id: I77c956db30921afffe31d11e1cd2d99541925f35
Merge from widevine of go://wvgerrit/14173
This CL updates the android makefiles to use the libcrypto_static.
Change-Id: I74567ff880ebdce366766a9ab44c92cc9540b8db
* Replace an stlport static assert with a C++11 static_assert.
* Move some libraries that were being built with the NDK but
statically included into platform code off the NDK.
* Rebuild the obfuscated binaries to use the new STL.
* Remove MIPS support temporarily due to an inability to generate
obfuscated binaries for it. (To be fixed in b/19482469.)
Bug: 15193147
Change-Id: Icc166583b0c6af68550baf17ab8c33076a1179d3
This project is still using stlport (without telling the build system
about it), which was causing (broken) stlport headers to override
libc++ headers, leading to a broken copy of std::enable_if, which in
turn caused <atomic> to fail to compile. Since this project has
prebuilts that will need to be updated before this project can
actually move away from stlport, tell the build system that it is
still using stlport for now.
Bug: 18433002
Change-Id: I38b356428977ed2184eb28a07bd5e7424a4ace8d
