Merge from Widevine repo of http://go/wvgerrit/139498
If L1 OEMCrypto fails to initialize, we won't try again.
Bug: 206670307
Change-Id: I89084476ae01d9c98291392c2ce703ebc6326322
Merge from Widevine repo of http://go/wvgerrit/139333
This is a workaround for devices that don't have a
keybox installed.
Bug: 206570220
Bug: 205896558
Bug: 205041153
Test: verified device falls back to L3 using TestOKP app
Change-Id: Id929b48ddaa7114a81765095aac536705f69e68c
[ Merge of http://go/wvgerrit/138289 and http://go/ag/16210935 ]
Update the android version number test to accept "12" or "12L"
Bug: 205491167
Test: wv unit/integration tests
Change-Id: If11e7c6f3a89263ab78d274aa8d776991d3942e9
[ Cherry-pick of http://ag/16087795 ]
[ Merge of http://go/wvgerrit/136432 ]
Once OTA keybox succeeds, the |needs_keybox_provisioning_| flag is
cleared. Access to the system fallback policy is allowed after
provisioning to check status.
Bug: 203177668
Test: ExoPlayer test
Change-Id: I2d28c896c554cfbc9b008340bb415d4c7fac62f2
(cherry picked from commit cac2dcaa6c)
[ Cherry-pick of http://ag/16064434 ]
[ Merge of http://go/wvgerrit/136330 ]
This changes adds a custom debug property for changing the fallback
policy used for the system. Depending on the value set, the device
will either use a "fast" fallback (30 seconds) or "default" fallback
(~1 day with exponential backoff). Setting this property to either
"fast" or "default" will end the current fallback if it has been
triggered.
Bug: 187646550
Test: Android unit tests
Change-Id: I5271f96139c1e468242f7fa742668cc791ffcf91
[ Cherry-pick of http://ag/16064433 ]
[ Merge of http://go/wvgerrit/136329 ]
CDM core has been updated to support very short fallback durations in
the case of failures during OTA keybox provisioning. This is intended
to be used during testing via specialized developer apps or GTS tests.
Bug: 187646550
Test: Android unit tests
Change-Id: I8a75d2e1c404d6caed535b087e8dd29da5c21b83
Merge from Widevine repo of http://go/wvgerrit/135982
The basic test was failing when using the testbed oemcrypto
because the testbed deletes its keybox on each
initialization. The test would terminate and re-initialize
oemcrypto whenever all the crypto sessions are deleted. This
has been fixed by holding a crypto session alive until the
end of the test.
bug: 187646550
Test: test only code
Merged-In: I48a3771bf5fd4aae8d262b8c7bf42f004d9b9f4c
Change-Id: I48a3771bf5fd4aae8d262b8c7bf42f004d9b9f4c
This fix was missing in the last merge of http://go/wvgerrit/135063
Bug: 187646550
Merged-In: I2b2252f8335c36325fd76d92ac26b9fbfcff5362
Change-Id: I2b2252f8335c36325fd76d92ac26b9fbfcff5362
Merge from Widevine repo of http://go/wvgerrit/135984
If the MediaDrm property string debugIgnoreKeyboxCount is set to 1,
then the keybox will be ignored on the next initialization. This will
force an OTA keybox reprovisioning.
Equivalently, a 1 may be written to the file
L1/debug_ignore_keybox_count.txt.
In order to test a failed reprovisioning step, a value of 2 may be
used.
Bug: 187646550
Merged-In: Ie7d34a8b355398855f4ec43dd95dd73c5907bdeb
Change-Id: Ie7d34a8b355398855f4ec43dd95dd73c5907bdeb
The API comments for the two new OTA keybox OEMCrypto functions
required formatting to be compatible with the doxygen comment
strings.
Bug: 190505461
Test: Android unit tests and GTS
Merged-In: Ia45dc9d727a2a904170912193709cd9416b8fe27
Change-Id: Ia45dc9d727a2a904170912193709cd9416b8fe27
(cherry picked from commit 9f2364cefd)
[ Merge of http://go/wvgerrit/133943 and http://go/wvgerrit/134043 ]
Certain OEMCrypto implementations will not report their provisioning
method if the keybox is invalid. If the OEMCrypto implementation
supports OTA keybox provisioning and does not report its provisioning
method, then keybox provisioning is assumed.
Bug: 187646550
Test: unit/integration/GtsMediaTestCases
Merged-In: Ie7753546e53fc73fd59803958e88edf416ee5336
Change-Id: Ie7753546e53fc73fd59803958e88edf416ee5336
Adjust OTA code to account for some design changes and
add integration tests.
Merge from Widevine repo of http://go/wvgerrit/133775
Change use_test_key to uint32_t type
Merge from Widevine repo of http://go/wvgerrit/133774
Cleanup CDM OKP info before tests.
Merge from Widevine repo of http://go/wvgerrit/133773
Change context for derivation in OTA keybox solution
Merge from Widevine repo of http://go/wvgerrit/133772
Updated OTA keybox key derivation.
Merge from Widevine repo of http://go/wvgerrit/133771
Use double provisioning step in integration tests
Merge from Widevine repo of http://go/wvgerrit/133770
Erase keybox on initialization for OEMCrypto testbed
Merge from Widevine repo of http://go/wvgerrit/133769
Add session id to OEMCrypto OTA functions
Merge from Widevine repo of http://go/wvgerrit/133768
Integration test for OTA Keybox reprovisioning
Merge from Widevine repo of http://go/wvgerrit/133767
Add test x509 cert for testing
Merge from Widevine repo of http://go/wvgerrit/133766
OTA Keybox basic functionality in testbed
Merge from Widevine repo of http://go/wvgerrit/133765
Update OTA test script to use newer build scripts
Merge from Widevine repo of http://go/wvgerrit/133764
Adjust comment stype for doxygen
Test: Test: unit/integration/GtsMediaTestCases
Bug: 190505461
Bug: 190505461
Bug: 190505461
bug: 187646550
Bug: 187646550
Bug: 187646550
Bug: 187646550
Bug: 190505461
Bug: 187646550
Bug: 188228998
Bug: 190505461
Bug: 187646550
Merged-In: I41ff819a1fd8aca2e20adb25127fa0d9c4879b01
Change-Id: I41ff819a1fd8aca2e20adb25127fa0d9c4879b01
[ Merge of http://go/wvgerrit/133744 ]
This changes adds several small classes which contain and manage
system and engine information related to OTA keybox provisioning.
These classes closely map to the OKP device file messages.
Bug: 189232882
Test: Linux unit tests
Change-Id: Ia9334c38f9d7ea89b30d9ad05f0595570bb38658
Storing and loading OKP info.
[ Merge of http://go/wvgerrit/133763 and http://go/ag/15645333 ]
This change extends the DeviceFiles module to be able to store and
load OKP info. Mild data validation is performed when storing and
loading the information.
Bug: 189232882
Test: Android unit tests
Change-Id: I077de3234157252f2255a4389bf82a8d5344a355
System OKP fallback policy.
[ Merge of http://go/wvgerrit/133783 and http://go/ag/15645334 ]
SystemFallbackPolicy provides a thread-safe interface for accessing
and modifying OKP info.
Bug: 189232882
Test: Android unit tests
Change-Id: I4e43e3bc047ed5fb6cb517b53e4094e812b70e1e
Engine OKP provisioner.
[ Merge of http://go/wvgerrit/133803 and http://go/ag/15645335 ]
The OtaKeyboxProvisioner provides a CdmEngine-specific context for
performing OTA keybox provisioning. Utilizes the system-wide
SystemFallbackPolicy to relay provisioning status between engines.
The provisioner will handle message wrapping and unwrapping of the
raw OTA keybox request / response into the SignedProvisioningMessage
which is sent to/received from the provisioning server.
[ Partial merge of http://go/wvgerrit/125844 ]
Note: Includes partial CryptoSession changes from various CLs.
CryptoSession functionality has been stripped to reduce impact of
this CL.
Bug: 189232882
Test: Android unit tests
Change-Id: I282bf7d1887daefb2250af1bd595c4dc3dfcfb29
Integrated OKP into CDM Engine
[ Merge of http://go/wvgerrit/133804 and http://go/ag/15646376 ]
Extended the functionality of the CdmEngine to check if the device
requires OKP and to initialize OKP resources if required. The
functionality of OpenSession() and GetProvisioningRequest() have been
the most affected. If OKP is required, these methods will signal to
the app that provisioning is required and will return an OKP request.
Once a device is provisioned, the OKP data is cleared away and the
CdmEngine will resume normal operation. Engines created after a
device is provisioned will immediately enter normal operations.
The exception is for CdmEngines which failed to perform OKP for some
reason and are still running. Those apps will need to restart before
gaining access to L1 operations.
Bug: 187646550
Test: Android integration tests
Merged-In: Ia572a66a7b73479355758aa3d0c682691eaca0fc
Change-Id: Ia572a66a7b73479355758aa3d0c682691eaca0fc
[ Merge of http://go/wvgerrit/133729 ]
The OtaKeyboxProvisioner is a system-wide provisioner for sharing the
provisioning workflow between CDM engines.
Bug: 189232882
Test: GtsMediaTestCases
Change-Id: I873af3087cc05e1831bdd1d2c14fb002b73e6902
Added keybox provisioning proto fields.
[ Merge of http://go/wvgerrit/133730 and http://go/ag/15113032 ]
This CL copies over the required license_protocol.proto changes that
are required for OTA keybox provisioning. These fields are defined in
the server-side certificate_provisioning.proto, defined in
http://cl/377533774.
Note, changes are slightly different from server proto due to the RVC
version of license_protocol.proto being out of date with SC and newer
changes.
Bug: 189232882
Test: run_x86_64_tests
Change-Id: I55fcf6a7ac2ba4b6026b9acc63e822ff33c431d9
Added OTA keybox provisioning device files.
[ Merge of http://go/wvgerrit/133743 and http://go/ag/15421141 ]
This change adds a new set of proto messages/fields the CDM's device
files for recording device and engine information around OTA keybox
provisioning (OKP).
To make cleanup and thread protection possible, there is a single file
which will contain all the information for the device as a whole and
each CDM engine tied to an app/origin.
Bug: 189232882
Test: Linux unit tests
Change-Id: Iaf80cd6342f32657e04416750d9b278d935821a5
Client ID for OKP requests.
[ Merge of http://go/wvgerrit/133744 and http://go/ag/15645331 ]
Extended the CDM ClientIdentification class to support a subset of
client info used for OKP requests.
Bug: 189232882
Test: Android unit tests
Merged-In: I6aafb4f2164efe69bc733ece0a912f0e91893b91
Change-Id: I6aafb4f2164efe69bc733ece0a912f0e91893b91
Merge from Widevine repo of http://go/wvgerrit/133703 and
http://ag/14707867
In order to use a local provisioning server, we need to use a
different test keybox system id that is in the dev device database
instead of the production database. We also need to use a local
license server that uses the dev license server.
Bug: 187646550
Test: GtsMediaTestCases
Change-Id: Ice89143dd26de22757375a770c6bac716fcbc057
Add Keybox OTA Provisioning functions to OEMCrypto header
Merge from Widevine repo of http://go/wvgerrit/133704 and
http://go/ag/14707868
Bug: 188228998
Change-Id: Iff54bc2870e87bf7239e179e1d02fbcc8df6198f
Stub build changes to support OTA Keybox
Merge from Widevine repo of http://go/wvgerrit/133725 and
http://go/ag/14781459
This CL adds a new unit test file for testing OTA keybox
reprovisioning functionality. This new test is built when running the
dynamic adapter in the linux build, and in the Android build.
Bug: 187646550
Change-Id: I625513840188f95e74831ef2ea399e827e837439
Add OTA Keybox functions to dynamic adapter
Merge from Widevine repo of http://go/wvgerrit/125843
and http://go/ag/14781460
Bug: 187646550
Change-Id: Ief78ed10599c091690e0d7dc488ea71674c763b5
Refactor dynamic adapter keybox verification
Merge from Widevine repo of http://go/wvgerrit/133727http://go/ag/14812524
The keybox validation needs to be done separately from initializing
the library so that we can support Keybox OTA Reprovisioning.
If L1 loads, but the keybox is missing, the initialization should
succeed. When the keybox is validated, the adapter should try to look
for a keybox on the filesystem. if none is found, it should either
return NEEDS PROVISIONING or an error.
Bug: 187646550
Change-Id: I34a8c365a5a5ca35c379bea827c85c749964744c
Update crypto session to use new OTA keybox functionality
Merge from Widevine repo of http://go/wvgerrit/133728 and
http://go/ag/14812525
This CL stubs out two new CryptoSession functions that call the new
OEMCrypto functions for OTA Keybox Provisioning. It builds! Yay!
It also adds a boolean needs_keybox_provisioning that is set to true
when OEMCrypto reports that it needs a keybox. This should only happen
if there is no keybox installed and oemcrypto supports provisioning.
Bug: 187646550
Merged-In: Ide9533943125aa13b8899b652b118a0b410c882c
Change-Id: Ide9533943125aa13b8899b652b118a0b410c882c
test: adb reboot while playing netflix and check logcat
to make sure session are closed.
[ Merge of http://go/wvgerrit/133063 ]
bug: 193099676
Change-Id: I375695673b0c366e09fb857f5ae7a9cb6b946779
[ Merge of http://go/wvgerrit/128325 ]
There were a few cases where |cdm_by_session_id_| was being iterated
over and the CDM did not acquire any write-protection locks to prevent
other threads from changing the map simultaneously.
In particular, it was possible that while cleaning up a CDM, and
removing all the associated session in |cdm_by_session_id_| another
CDM could have been opening a session and creating a new association
in |cdm_by_session_id_| at the same time.
Cases where |cdms_| and/or |cdm_by_session_id_| is being written to or
iteratively read from should require a lock. The iterator of
std::map maintains a "view" into the map's tree structure. Modifying
the map (inserting or deleting elements) can potentially change the
structure of the map and the underlying assumptions built into an
iterator's view (ex, the iterator thinking there is an element to the
left or right).
Modifying the value within the map can potentially cause problems, but
is not applicable in our case (we modify the object pointed to by the
map element, but not the pointer itself).
Bug: 190405462
Test: build_and_run_all_unit_tests.sh and MediaDrmTest
Change-Id: I043e238570dac9a0db990f8fe66be271062b965c
[ Merge of http://go/wvgerrit/128163 ]
In android S, we added a feature b/169740403 [Limited lifespan DRM
certificates with license preservation]
Due to uncertainties of when the provisioning service will
launch, we are disabling expiration for legacy DRM certificates.
If the feature does not launch in time, existing DRM certificates
will expire and be replaced. Offline licenses associated with these
expired DRM certificates will fail to load.
Expiration of legacy certificates will be reenabled at a later time.
The main portion of feature, the issuing of new DRM certificates with
expiration time will still be supported.
Bug: 192428783
Bug: 169740403
Test: WV unit/integration tests
Change-Id: I1d1184249848f215953a837f369528d3b74c9618
Merge from Widevine repo of http://go/wvgerrit/127524
Some unit tests used the response buffer size before the size had been
computed. This CL updates the tests.
Bug: 183440999
Bug: 184866351
Test: Ran unit tests on Prov 3.0 device.
Change-Id: I0b23dc7b0dafa9b9eab3cdbd7f29074898e4709b
[ Merge of http://go/wvgerrit/128183 ]
As was the case with WvCdmStreamingUsageReportTest.ReportTest, the
following tests were also updated to handle the case where "license
duration" is unlimited:
- WvCdmStreamingNoPstTest.UsageTest
- WvCdmStreamingPstTest.UsageTest
- WvCdmOfflineUsageReportTest.UsageTest
This is due to the new license duration model used for V16 licenses.
Bug: 163542905
Test: cdm_extended_duration_test
Change-Id: I24d3fc17fcf19129a19ed39a5c6c1ddd59ed073d
[ Merge of http://go/wvgerrit/128143 ]
Now reports LICENSE_STATE_ERROR rather than ERROR_DRM_GENERIC_PLUGIN
to make the cause of failure and suggested action more clear for app
developers. Also added an additional error log.
Bug: 190645000
Test: WV unit/integration tests
Change-Id: Ib23ca628c590316f90f497d8fdfbab24fd644d6f
Merge from Widevine repo of http://go/wvgerrit/128047
There have been some failures with various RSA private keys. We add
them to the unit tests to make sure that OEMCrypto is able to load
these types of keys:
* Shorter: than normal private exponents. This seems to occur
occasionally even with Euler totients. But it occurs more with
Carmichael totients.
* 0-leading-byte: private exponents. This also occurs naturally for
both Euler and Carmichael totients.
* Carmichael: vs Euler totients. I think we may already have tests for
this. But just in case.
Bug: 190450051
Test: ran unit tests on bonito (and they passed!)
Change-Id: Id64ec738479eb8a0f77e253bace319cebe918d3f
Merge from Widevine repo of http://go/wvgerrit/127743
There was some confusion about who owned the OEMCrypto security level
string in a multithreaded environment. This is solved by caching the
security level at initialization time.
Bug: 188706160
Test: ran unit tests on bonito
Change-Id: I93af3bb2e5a8bf190627ee568f752b5ea9543306
[ Merge of http://go/wvgerrit/128046 ]
Test case WvCdmStreamingUsageReportTest.WvCdmStreamingUsageReportTest
was failing comparing "license duration" values returned when querying
for key information for licenses with unlimited "rental duration".
This is due to the new license duration model used for V16 licenses.
From the Widevine MediaDrm doc for "LicenseDurationRemaining":
For OEMCrypto v16+ (Android 11 and later), license duration is no
longer being enforced. If rental duration is set to never expire,
”9223372036854775807” (LLONG_MAX) will be returned.
Similarly, the test has been updated for "playback duration" queries
of the same case.
Bug: 163542905
Test: cdm_extended_duration_test
Change-Id: I57e0e435631a151fac45c963d865de256a773644
