[ Merged of http://go/wvgerrit/16576 ]
The WV EXT-X-KEY attribute list earlier expected a cenc PSSH box in the
URI field, in a hexadecimal sequence format. To ease the burden on
content providers, the URI field will now contain init data in a json
format and base64 encoded. The platform will assume responsibility
to parse this data and create a widevine init data protobuf that
can be included in the license request.
b/20630275
Change-Id: I49e270bedbe96791fc9b282214a9a358d95d163e
[ Merge of http://go/wvgerrit/16550 ]
This is in addition to Web safe Base64 encode/decode support by core.
Change-Id: I9ed51721b138a7f15fb4d216796deadd5d5b31a2
This CL is a merge from the widevine repo of
http://go/wvgerrit/16553 Prebuilt Level 3 OEMCrypto for Android
http://go/wvgerrit/16238 Require OEMCrypto v11 for Android N Unit Tests
http://go/wvgerrit/16484 Shared License Tests (OEMCrypto v11)
http://go/wvgerrit/16448 Pattern Decrypt Unit Tests and Reference Implementation
http://go/wvgerrit/16489 Enforce UNUSED Variables
http://go/wvgerrit/16479 Pattern Decrypt for Level 3 OEMCrypto
http://go/wvgerrit/16280 Correctly handle bad RSA key
http://go/wvgerrit/16315 Security Patch Level - haystack version
http://go/wvgerrit/16282 Correctly handle null pointer in GetKeyData
http://go/wvgerrit/16294 Initialize data for generation number
It contains the Level 3 implementation, as well.
mips/libwvlevel3.a Level3 Library Jan 22 2016 14:30:27
arm/libwvlevel3.a Level3 Library Jan 22 2016 15:03:55
x86/libwvlevel3.a Level3 Library Jan 22 2016 13:52:29
b/26692954 [DRM] OEMCrypto v11 needed for Nexus devices
Change-Id: Ibb1384959620f63a1be1e82ce2952ec9f48f0d3e
Merge from Widevine repo of http://go/wvgerrit/16499
With the increasing number of devices that support multiple screens or
windows, it is desireable to verify that OEMCrypto can have several
sessions open and actively decrypting at the same time.
Calls to OEMCrypto are still serialized -- this is not a threading
test -- but we still have multiple sessions open and decrypt from each
of them.
Change-Id: I5b24f4a464ed05a5b21625c66fe7989644b67a5a
[This is a merge of http://go/wvgerrit/16522 ]
This commit adds support for CBC and Pattern Mode to the MediaCrypto
implementation. These are the only changes needed to support HLS. (No
change is needed for MediaDrm, as it already passes HLS initialization
data along to the core without closely inspecting it, as it should.)
Following this change, the glue layer also supports the CENC, CBC1,
CENS, and CBCS modes from the forthcoming update to the ISO-CENC spec.
Note that, in order to differentiate CBC1 and CBCS, we have to cue on
the presence or absence of a pattern, which may not continue to be
sufficient in the future if a third CBC mode using patterns is ever
added.
Note that the unit tests for this code remain disabled for now. New
unit tests are forthcoming in a separate commit.
Bug: 25666017
Change-Id: I5942a8b70393e63b4de9d7dab985c4c2a98a20b3
[ Merge from http://go/wvgerrit/16498 ]
The CDM now supports AES CTR and CBC block cipher modes. The license
specifies the mode to be used in the key container. The mode is
also specified in mediaCrypto when calling decrypt. This adds
verification for the cipher block mode.
Change-Id: I2587fc1e4b6d77161f2f8653f8516024c73dd8ac
[ Merge from http://go/wvgerrit/16499 ]
Passing clear subsamples to OEMCrypto_CopyBuffer and encrypted subsamples
to OEMCrypto_DecryptCTR was causing performance issues as a lack of crypto
session information made it hard to associate clear and encrypted
subsamples with each other.
[ Based on a patch from Kelly Ren/Qualcomm ]
b/26538744
Change-Id: I4644f197b2ec481f6aa89d3fce29b22ebb7b0c06
This is a merge of squashed CLs.
* Cdm Session and Engine interface clean up
[ Merge of http://go/wvgerrit/16387 ]
Key Set Ids have been removed from the CdmSession interface
(GenerateKeyRequest, Addkey) as they can be queried by an accessor.
The CdmEngine interface now allows one to specify or retrieve a session ID,
since both were not being used in a single call. Key set IDs are no longer
returned though GenerateKeyRequest as they was not being used.
* Generate key set ID when session is initialized
[ Merge of http://go/wvgerrit/16370 ]
Key set IDs are currently generated at different times in the
CdmSession lifecycle. Android generates key set IDs when the license
is received, while the CE CDM generates (or overrides them)
when the session is constructed.
The key set IDs are now generated when the session is initialized.
Key set generation cannot occur earlier as it has a dependency on
security level and in turn on crypto session initialization which
occurs when the session is initialized.
Depenencies on Session ID has caused other activities, construction of
PolicyEngine, CdmLicense, setting property CDM client sets to be
deferred from CdmSession constructor to Init().
Android will still retrieve the key set IDs after the offline license is
processed. For streaming requests, the key set will be
unreserved and discarded when the session is terminated.
Change-Id: Ib802d1c043742d62efa9a2c901fcd113e836c33d
(This is a merge of http://go/wvgerrit/16496 )
run_all_unit_tests.sh now aborts and alerts the user if they have
Verity on, as opposed to its current behavior of failing later when
the tests don't copy over successfully.
Bug: 23420350
Change-Id: Ib01d32caaac462974b051f5d019888f7c47bc745
[ Merge of http://go/wvgerrit/16241 and http://go/wvgerrit/16364 ]
This will allow a usage session to be loaded later by key set ID.
This is needed for EME-style secure stop in the new CE CDM API.
b/25816911
Change-Id: I916340047492fbc0556d0e90bd2eac0f3eafe597
Merge of http://go/wvgerrit/16300
This CL removes gtest and boringssl from
build_and_run_all_unit_tests.sh. Instead, we change each "mm"
to "mm || mma". Thus, if mm fails, we assume it is because of a
missing dependency and try mma which builds all dependencies.
bug: 25297287
Change-Id: Ief76fa4077e4cd8653da9306cc92ed14cf080564
[ Merge of http://go/wvgerrit/16364 ]
http://go/wvgerrit/16249 changed the name of the encryption pattern
structure from OEMCrypto_PatternDesc to OEMCrypto_CENCEncryptPatternDesc
to remove ambiguity. These are matching changes to CDM core.
[ Merge of http://go/wvgerrit/16340 ]
This CL passes the cipher mode in the license to OEMCrypto when
keys are loaded and specifies the pattern encryption scheme to
OEMCrypto_DecryptCENC.
b/20630275
Change-Id: I86b82bbdc891fd0100beb9fad385ca2082176271
[ Merge of http://go/wvgerrit/16290 ]
HLS uses an EXT-X-KEY tag and attribute list in the media playlist to
identify the key and method used to encrypt media segments. This allows
for the attributes to be parsed and extracted.
b/20630275
Change-Id: I2c4a419022f933b7b34b64dc48930f167abe65c6
[ Merge from http://go/wvgerrit/16406 ]
This was detected by static analysis tool cppcheck.
b/26348775
Change-Id: Icc6a55b9b4a1ffe882488ac069e3c3df2e796e91
[ Merge of http://go/wvgerrit/16405/ ]
Methods in string conversion and license request tests were not being used.
This was detected by static analysis cppcheck reports.
b/26349052
Change-Id: I44779abf6b6fdc01b5391bff7d47be1d20ef84d2
This CL contains the level 3 oemcrypto library built for android. I
used the toolchain from the mnc-emu-release branch because I'm having
problems with the toolchain on master.
This includes the security patch API, and several bug fixes to the library.
Current versions:
mips/libwvlevel3.a Level3 Library Dec 17 2015 21:26:57
arm/libwvlevel3.a Level3 Library Dec 17 2015 21:09:47
x86/libwvlevel3.a Level3 Library Dec 17 2015 21:19:15
http://go/wvgerrit/16371 Level 3 OEMCrypto library
http://go/wvgerrit/16315 Security Patch Level - haystack version
http://go/wvgerrit/16282 Correctly handle null pointer in GetKeyData
http://go/wvgerrit/16294 Initialize data for generation number
http://go/wvgerrit/16280 Correctly handle bad RSA key
bug: 26089773
bug: 26092100
bug: 26086944
Change-Id: I3ea1b5d219dae0c88deafa742f61d67e97297902
Merge from widevine of http://go/wvgerrit/16363
Add temporary OEMCrypto API to the stub file used by android mips 64
devices.
bug: 26213020
Change-Id: I4b71fd21c5cf5dbb14645f606586af54d03ccaea
Merge from the widevine repo of http://go/wvgerrit/16362
A test class holds a default session that it expects to be able to
close in the tear down. This was not true in the TimingTest because
it calls OEMCrypto_Terminate which closes all open sessions.
This CL closes the default session, and then reopens it again after
OEMCrypto_Initialize.
Change-Id: Ib4128ec3c0a33794c03aa934174cb6fff448483e
Merge of widevine change http://go/wvgerrit/16249
This CL adds unit tests and reference code for the security patch
level, which is a new feature in OEMCrypto v11. This CL also adjusts
the dynamic and static adapters to still run with devices that have a
v10 OEMCrypto.
The level 3 haystack code will be updated in a future CL.
bug: 26188985
Change-Id: I518ef46b4098cf3718fe0c0390bfb6825db4fb6b
Merge from widevine of http://go/wvgerrit/16293
This CL adds ASSERT_NO_FATAL_FAILURE around many subroutines in the
oemcrypto unit tests. This should help debug tradefed tests because
it will cause a test to stop after the first error. This is important
for tests that are failing on OpenSession and then spewing garbage
into the log as every other ASSERT fails after that.
I also replaced the home-grown EXPECT_ALMOST with the standard
EXPECT_NEAR. I also passed the file through clang-format to corect
whitespace problems.
Change-Id: I2c2c1c1dbeac234291dafc9fa8c23da8d270eb4e
Merge from widevine repo of http://go/wvgerrit/16186
These are the OEMCrypto v11 documents and header files. I have updated
just enough code so that existing unit tests pass. New unit tests,
the reference implementation, and the level 3 implementation are in
future CLs.
Change-Id: I9bbf1909e047f63a5877320a2d06740a3c4a3e32
Merge from widevine repo of http://go/wvgerrit/16250
The verification string in the key control block has an obvious
pattern that is incremented every time we update the API. This CL
adds a unit test to make sure an implementation of OEMCrypto is not
casually accepting a future version of the key control block before
the API has even been defined.
Change-Id: I3f837f7346ef7de399441f5fcda9b13b65fa51f4
(This is a merge of http://go/wvgerrit/16162)
Usage tables on L3 devices are stored under IDM*. They will be removed
upon factory reset. However, we need to call OEMCrypto_DeleteUsageTable
for L1 devices because the usage tables are stored in secure storage.
bug: 25597957
Change-Id: I8533dfac60fad6ce7ddfd026a283633d6875dcf3
(This is a merge of http://go/wvgerrit/15992)
This also updates the canary so that it will be silent on master.
Bug: 25153516
Change-Id: I11163c98230c5a521609b5556b139f4508996858
* Fix strict aliasing error in gcc
[ Merge of http://go/wvgerrit/15856 ]
This also ensures the alignment of 64-bit memory access in a portable
way, without using compiler-specific mechanisms like attributes or
platform-specific mechanisms like memalign.
(The aliasing error does not show up in clang.)
* Return kNotSupported for non-Widevine init data
[ Merge of http://go/wvgerrit/15853 ]
This also improves logging for the init data parser by including a
verbose message for non-Widevine PSSHs and by using a new IsEOF()
method to avoid misleading "Unable to read atom size" logs.
* Cast RSA_size() to int
[ Merge of http://go/wvgerrit/15880 ]
It has been suggested that this may be unsigned on some versions of
OpenSSL or BoringSSL.
* Be strict about warnings for CE CDM
[ Merge of http://go/wvgerrit/15831 ]
* Enable all warnings and treat warnings as errors in the CE build.
* Fix all existing warnings (mostly unused variables, consts, and
functions, and one signed/unsigned comparison).
* Exclude protobuf warnings rather than maintain a divergent copy.
* Fix release build errors
[ Merge of http://go/wvgerrit/15855 ]
* Level 3 Build With Android Emulator
[ Merge of http://go/wvgerrit/15778 ]
This CL rebuilds the level 3 libraries with the android emulator
sdk_phone_*. This seems to avoid problems with the x86 build using
incorrect compiler flags.
These libraries work for arm, x86, mips, arm64, and x86_64. The level
3 library is disabled for mips64.
Versions:
level3/mips/libwvlevel3.a Level3 Library Sep 30 2015 18:29:50
level3/arm/libwvlevel3.a Level3 Library Sep 28 2015 13:18:25
level3/x86/libwvlevel3.a Level3 Library Sep 28 2015 13:08:28
Change-Id: I1e50aa78bdc84ecb905f2e55297d4f48b140341c
[ Merge of http://go/wvgerrit/15780 ]
Android mediaDrm allows callers to serially query status information through a
property API. CDM however retrieves all status information in a map and
filters out all but the relevent one. This leads to delays in Netflix app
startup. Rewriting the CDM interface to return only the queried value.
b/24181894
Change-Id: Ie9ed6288524e3a7e03b83aa55ef3531dd52a0dfb
