0cf99f685f2011fcd456a778c34c109f75badf7b
19 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Rahul Frias
|
0cf99f685f |
Update drm_certificate.proto
[ Merge of http://go/wvgerrit/118563 ] Sync with the latest version of drm_certificate.proto to add in certificate expiry time. Add in signed_drm_certificate.proto and remove messages from device_certificate.proto. SignedDrmDeviceCertificate and DrmDeviceCertificate are now named SignedDrmCertificate and DrmCertificate. This necessitated non-proto changes. Bug: 169740403 Test: WV unit/integration tests Change-Id: Ie5969ac7217a25eb075a41df59b77da2becd4545 |
||
|
Rahul Frias
|
6a1f050ffc |
Update Widevine Copyright header for core CDM
[ Merge of http://go/wvgerrit/108064 ] The Widevine License Agreement has been renamed to use inclusive language. This covers files in the core directory. Bug: 168562298 Test: verified compilation (comment only change) Change-Id: I8ae5a10cbfdf7faae6a2735e57b33729763f10b8 |
||
|
Fred Gylys-Colwell
|
7665614b2e |
OEMCrypto v16.1
Merge of http://go/wvgerrit/93404 This CL updates the Widevine CDM to support OEMCrypto v16.1 Test: Tested in 16.2 CL Bug: 141247171 Change-Id: I69bd993500f6fb63bf6010c8b0250dc7acc3d71b |
||
|
Alex Dale
|
ee995d5fae |
Replacing NULL with nullptr in core/
[ Merge of http://go/wvgerrit/84647 ] [ Merge of http://go/wvgerrit/84648 ] Replacing most instances of C's NULL with C++'s nullptr. Also changed how a NULL check is performed on smart pointers. They provided an implicit boolean operator for null checks, meaning the underlying pointer does not need to be compared directly (as it was in some places before). Note that clang-format has performed additional changes to some of the test files that have not yet been formatted. Bug: 120602075 Test: Linux and Android unittests Change-Id: I06ddebe34b0ea6dfecedb5527e7e808e32f5269a |
||
|
Alex Dale
|
f4360552b7 |
Log cleanup and reformatting for core/ (Part 2-6)
[ Merge of http://go/wvgerrit/83423 ] [ Merge of http://go/wvgerrit/83424 ] [ Merge of http://go/wvgerrit/83425 ] [ Merge of http://go/wvgerrit/83426 ] [ Merge of http://go/wvgerrit/83427 ] Types of cleanup: - Removed function / class prefixes from the logs. - Fixed log string format options to match the types passed - Corrected small spelling mistakes / typos - _Tried_ to make the log format more consistent - Added static_cast<int> conversion on enumerations when logged - Changed several LOGE to LOGW and vice versa - Used LOGE if the triggering condition stops the method/function from completing its task - Used LOGW if the triggering condition changes the expected outcome but does not stop the rest of the method/function's task - Changed several instances of `NULL` to `nullptr` - Ran clang-format on files after cleanup This is part of a larger code quality effort in Widevine DRM. Test: WV linux unittests and WV Android unit tests Bug: 134460638 Bug: 134365840 Bug: 136123217 Change-Id: I958ec70ef99eef95c38dbebd7a1acd62ef304145 |
||
|
Rahul Frias
|
a178eed57d |
Reformat wv core/src files
[ Merge of http://go/wvgerrit/80484 ] Clang-format has been run on files in core/src. clang-format has been turned off for some blocks but otherwise no other changes have been made. Bug: 134365840 Test: WV unit/integration tests Change-Id: I6e509f25136f84d37de3d920084302f0f2c23dc4 |
||
|
Rahul Frias
|
272e60db27 |
Add recoverable errors
[ Merge of http://go/wvgerrit/71326 ] Nonce flood, frame size, session and system invalidation errors will now bubble up to the app. OEMCrypto v15 returns OEMCrypto_ERROR_BUFFER_TOO_LARGE, OEMCrypto_ERROR_SESSION_LOST_STATE, OEMCrypto_ERROR_SYSTEM_INVALIDATED and a variety of nonce errors. These will be reported to HIDL as OUTPUT_TOO_LARGE_ERROR, ERROR_DRM_SESSION_LOST_STATE, ERROR_DRM_INVALID_STATE and ERROR_DRM_RESOURCE_CONTENTION. Bug: 120572706 Test: Unit/Integration tests Change-Id: Ida177300046327ce81592a273028ef6c3a0d9fd9 |
||
|
John W. Bruce
|
3d603eb12d |
Reject Embedded Keys Under 16 Bytes
(This is a merge of http://go/wvgerrit/60620) The license code handles keys larger than 16 bytes correctly, but it does not properly reject keys smaller than 16 bytes. This patch adds unit tests not only for the new error case but also the existing success cases which were not previously being tested. As part of this, license_unittest was changed to use a Test Peer instead of making the test fixture a friend class. Bug: 111069024 Test: CE CDM unit tests Test: Android unit tests Change-Id: Idb2deb6fbe0aeb19b530f9818bebff480541f5c8 |
||
|
Fred Gylys-Colwell
|
1a25cbdad6 |
Update Copyright
Merge from Widevine repo of http://go/wvgerrit/47860 This CL updates the copyright notice to indicate that files shared with partners are shared under the Widevine Master License Agreement. bug: 77926774 test: comment change only Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3 |
||
|
Fred Gylys-Colwell
|
5bd4dbb502 |
Use license.widevine.com cert for provisioning server
Merge from Widevine repo of http://go/wvgerrit/44505 This CL changes the certificate provisioning code to verify the provisioning message using a cert from license.widevine.com instead of the staging certificate. It also adjusts the certificates in config_test_env.cpp because the license and provisioning servers are different and may probably have different certs. bug: 73031756 test: unit tests with mock oemcrypto, and read oemcrypto on sailfish Change-Id: I4b457a369a49ef07bda9e5632ab59e5f621ec966 |
||
|
Rahul Frias
|
5d690be108 |
Merges to android Pi release (part 11)
These are a set of CLs merged from the wv cdm repo to the android repo. * Get System ID From OEM Cert Author: John W. Bruce <juce@google.com> [ Merge of http://go/wvgerrit/37940 ] (This is a merge of http://go/wvgerrit/30220 . However, it has been significantly modified in the merge due to needing to support both OpenSSL and BoringSSL.) Previously, extracting the system ID was only supported on Keybox-based systems. This patch adds support for extracting the system ID from the OEM Certificate chain on Provisioning 3.0 devices. This is done by getting the Widevine intermediate cert from the chain, finding the Widevine System ID extension in that cert, and extracting the value. The code that does the extraction is separate from any code that calls OEMCrypto so that it can be unit-tested in isolation. This patch adds a crypto_session_unittest test to do this unit-testing. Bug: 34776194 Test: crypto_session_unittest Test: widevine_ce_cdm_unittest * Remove unique_ptr from oemcrypto mod mock Author: Fred Gylys-Colwell <fredgc@google.com> [ Merge of http://go/wvgerrit/38500 ] Because we can't have C++11. Bug: 69935608 * Update CHANGELOG.md Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/38460 ] - Add items about adapter support. - Add mention of SRM support. Merged from cdm_partner_3.5 (Change-Id: I6d891e157edc3afb2797bf281ef3f06bdb8fe474) * Add Adapter for OEMCrypto v13 to v12. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/38440 ] Also fix OEMCrypto_LoadKeys() definition broken by wvcl/38160 (srm_requirement param). * Allow certain warnings in protobuf build. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/38424 ] maybe-uninitialized is triggered in release build. Allow it. * Enable -fPIC for jsmc.c build. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/38423 ] -fPIC was removed for common c/c++ build rules. Add it back. * Missing OEMCrypto_LoadKeys param in static adapter. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/38422 ] srm_requirement param was omitted in v11 static adapter. * Remove OEMCrypto v12 specification. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/38421 ] * Update documentation for v3.5. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/38420 ] * Added padded preprov key for 7880 Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/36924 ] Bug: 68765915 * Change overrides in CE L3FileSystem Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/38380 ] The 'override's are changed to the macro defined in override.h to be gnu++98 compliant. * Use source android level3 + add cache_flush call Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/37900 ] I put both changes in this CL since I have to generate Level3 libraries for both anyways. The first change involves shifting from using a prebuilt static library to using an obfuscated source library output from the Haystack tool on google3. The second change is from here: https://critique.corp.google.com/#review/176536782, and addresses b/69387416. Since the cache_flush function wasn't being used, the execution on Angler gave inconsistent segfaults, which this CL fixes. Verified on Angler, Sailfish, and Linux. 11/27/17: Added mips and mips64 libraries. * Make CDM result codes constexprs Author: Rahul Frias <rfrias@google.com> [ Merge of http://go/wvgerrit/38280 ] The values in the enumeration list of CdmResponseType error codes were earlier implicit. Comments were added to denote the actual values. This changes to make it fixed values, which makes it slightly more error prone, but cleaner when errors are retired. * Change watchdog timer to 2 minutes [ Merge of http://go/wvgerrit/36340 ] This relaxes the watchdog timer around the level 3 oemcrypto initialization to 120 seconds. There are also a couple of new log messages at the end of initialization and at termination. Library for arm updated: level3/arm/libwvlevel3.a Level3 Library 4445 Oct 4 2017 17:06:25 Bug: 65379279 Merged from https://widevine-internal-review.googlesource.com/35480 * Add test to get service certificate from server. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/37780 ] This was extracted from Ic38dd27d06dc7528ae4cd995da4261fe6c34ad55 * Add watch dog timer to OEMCrypto L3 commit ec624ea483cbf8fb3d4e8f393bc25c90a0e29d4b Author: Fred Gylys-Colwell <fredgc@google.com> [ Merge of http://go/wvgerrit/34260 ] This code adds a watchdog timer to the level 3 initialization. If initialization does not finish within 5 seconds, the process will abort, printing a small amount of debugging information. arm/libwvlevel3.a Level3 Library 4445 Sep 11 2017 14:05:15 Test: unit tests on bullhead. Video on Play Movies. GTS tests run on loop overnight. Bug: 65379279 Merged from https://widevine-internal-review.googlesource.com/33540 * Remove libwidevinehidl_utils dependency Author: Rahul Frias <rfrias@google.com> [ Merge of http://go/wvgerrit/37822 ] libwvdrmcryptoplugin_hidl has a dependency on libwidevinehidl_utils which was introduced due to an out of order merge from oc-mr1-dev to master. Bug: 69573113 * Automatically generate log location information Author: Rahul Frias <rfrias@google.com> [ Merge of http://go/wvgerrit/36563 ] Currently class and method names are manually added to each log message in the CDM on android and some other platforms. This change prepends log messages with file name, line number and function name automatically. The code is platform specific so it can be enabled and the precise format configured on a per-platform basis. As an example, here is a log on android before the change, 11-01 02:48:48.658 D/WVCdm (32198): CryptoSession::Open: Lock: requested_security_level: Default and after, 11-01 02:48:48.658 D/WVCdm (32198): [crypto_session.cpp(1108):Open] Lock: requested_security_level: Default A follow on CL will remove the manually added class/method information. Bug: 9261010 * Fix BoringSSL Compatibility of oec_session_util.cpp Author: John W. Bruce <juce@google.com> [ Merge of http://go/wvgerrit/37121 ] A previous change inadvertantly used APIs from OpenSSL that do not exist in BoringSSL in oec_session_util.cpp. As a temporary fix until we can move all targets to BoringSSL, this patch switches that file to use conditional compilation to choose the correct API depending on the library in use. It does not otherwise change the behavior of the file. Bug: 67908123 Test: wv_ce_cdm_unittest on x86-64 Test: linux_unit_tests * Create local shared_ptr implementation Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/37600 ] Derived from protobuf version, which came from google3. Removed locking (not thread-safe) and removed weak pointers (not needed for usages in CDM). Locking can easily be added if needed. * Revert C++11 usage - back to gnu++98 Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/37440 ] These changes roll back C++11-specific constructs: std::unique_ptr -> std::auto_ptr container initializers nullptr -> NULL std::shared_ptr to local shared_ptr compiler flags (-std=c++11 -> -sdt=gnu++98) NOTE: the "local" shared_ptr implementation is temporarily a direct reference to the shared_ptr implementation in third_party/protobuf. This has been fixed (implementation extracted and moved to core/include) in CL 37600. BUG: 71650075 Test: Not currently passing. Will be addressed in a subsequent commit in the chain. Change-Id: Ie09ecb970aa06fe9301ac255375ca7d8e7ead8bc |
||
|
Rahul Frias
|
8b416ae165 |
Merges to android Pi release (part 10)
These are a set of CLs merged from the wv cdm repo to the android repo. * Level3 cleanup for SHA + field provision headers Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/37581 ] Moved some redundant macro and struct definitions out of hmac.cpp and sha.cpp into a separate header file to make the build easier and cleaner. Also cleaned up unnecessary includes and method signatures in field_provision.h. * Address CDM_All_Tests failures Author: Rahul Frias <rfrias@google.com> [ Merge of http://go/wvgerrit/37580 ] CDM engine tests for CE CDM occasionally fails when CDM_All_Tests is run by the build server. The failures are due to a nonce generation error. If provisioning fails due to a nonce generation error, a delay followed by a retry will be attempted. * Update OEMCrypto version to 13 in cdm.gyp Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/37520 ] * Use per-session service certificates for licensing Author: Rahul Frias <rfrias@google.com> [ Merge of http://go/wvgerrit/37260 ] These changes allow for service certificates to be specified on a per-session basis rather than use one common to a CdmEngine instance. This also allows for a service certificate request and response handling when allowed on the platform, when privacy mode is enabled and a service certificate is not provided. Request license tests accept a service certificate command line parameter in hex (ascii). Earlier it expected it in binary. Bug: 68328352 * Refactor service certificate parsing Author: Rahul Frias <rfrias@google.com> [ Merge of http://go/wvgerrit/37060 ] Service certificates may still be set in CdmEngine but service certificate requests and responses have been moved from CdmEngine to ServiceCertificate. This allows them to be called from lower in the heirarchy (a class that CdmEngine depends on). Bug: 68328352 * Revert "C++11: Replace OVERRIDE def with override keyword" Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/37020 ] This reverts commit 2d3fb5c4c8f4cf5c986ee43723914a23cf76e8f0. * Modified scripts/makefiles for L3 build Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/37220 ] Changed build-android-haystack.sh and make_fastball_libwvlevel3.sh to build using the new liboemcrypto.cpp file. Also changed makefiles to build using the new file. Renamed liboemcrypto.cc to liboemcrypto.cpp to make it consistent across android and CE CDM. Added static libraries that were rebuilt using this change. * Added android implementations for Level3 Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/37181 ] Moved getUniqueID and added Level3FileSystem implementations for android. Also deleted redundant and unnecessary methods from anroid_keybox.cpp. * Refactored getUniqueID and updated libl3oemcrypto.cc Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/37160 ] Renamed getUniqueID header and added comments to make it clear what the function is doing. Also removed obfuscation of the method name since it is implemented by the partner. Updated the libl3oemcrypto.cc file to reflect the change as well as be obfuscated. * Moved clear_cache function out of entry_points Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/37040 ] clear_cache function is unobfuscated and relies on compiler flags to work properly, and therefore should be removed from the libl3oemcrypto.cpp file and linked during the final build. * Minor gyp changes and added L3 build file Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/36480 ] Gyp changes to cdm_unittests.gyp to make the test Level3FileSystem build only on a level3 build and to oec_level3.gyp to be compatible with the changes to the x86-64 platform settings changes (and to use -Wno-unused to catch all unused warnings the libl3oemcrypto.cc might cause). This change also includes an x86-64 libl3oemcrypto.cc so a Level3 OEMCrypto can build. * Merge CE & Linux file system/factory + dynamic adapter changes Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/36220 ] This CL merges the changes from I27f5037e4fcea94abd84181f55053843b68f3e8d - it adds the CE implementation for the file system, as well as the factory methods needed to build the file system (and their implementations for both CE and linux). As part of the merge, since the Linux build relies on the dynamic adapter, that was fixed and gyp changes were made to reflect the change. * Cherry pick change to retrieve/save provisioning cert Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/30000 ] This is cherry pick from level3-dev-3.3 of a merge of I4f5dc5c216fa916e0bca0631c4ceda68859baf1d to save the certificate for future tests with the current test host setup. * Merged changes of usage/linux impl of L3FileSystem Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/35541 ] This is a merge of change I15d38b3c36933d061d168e0ec30bcefd0182f32d. It also adds a similar change in usage of L3FileSystem write for a line in usage_table.cpp. * Add cdm build changes for new Level3 build Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/34600 ] Original CL: Ib611cf8a8589afa5cd25d6dc5b0aa43922cfda1e Adds level3 oemcrypto library for static adapter. Includes changes to gyp files to choose between oemcrypto libraries. Also includes changes to the dynamic adapter, level3 headers, and entry_points to be compatible with the function signature differences when using the static adapter. * Merge OEMCrypto Level3FileSystem interface Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/34541 ] This merges in the interface for the Level3FileSystem object from level3_dev_3.3 as well as the linux implementation. Furthermore, this merge includes changes in properties and gyp files to allow compilation. The associated changes are I3f1c58f0e3782de0669a96725a38673a26cc1a49, I9fb2d10b0f966896bea685166c6b6b2e33c995dd, and I4c87a5412a8a022fa9cfba43f33bd4d683e61536. * Merged misc. changes to Level3 files Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/33303 ] Continuation of I03d3aa1a308f2f010dcb6f5e15f927e81e42925b. These changes are miscellaneous changes from level3-dev-3.3 involving include statements, Caligo compatibility, and new Level3 signatures from changes Ibc5befd492b295970e839f3481e2b512b52dcb08 and If599e62c72b5eb40c53633cd72a4d20dc859ee52. * Merged change involving getUniqueId() Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/33302 ] This is a merge from level3-dev-3.3. This change (Ibc5befd492b295970e839f3481e2b512b52dcb08) involves separating out the method getUniqueId() from the linux_ and android_keybox.cpp. This was done so that clients can supply the necessary implementation for the method. * Merged needle file changes from level3-dev-3.3 Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/33301 ] Continuation of I3dbf34bab526945720280f819dd3212ae982d2f7. These are changes (Ibc5befd492b295970e839f3481e2b512b52dcb08) involving the compiled needles for Haystack. Major changes include function signature changes, adding non-state needles automatically, and include statements. * Merged keybox/usage table access and function sigs Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/33300 ] These are changes from level3-dev-3.3. They involve changing function signatures/include files for the new Haystack runtime (Ibc5befd492b295970e839f3481e2b512b52dcb08). They are also related to change I0285e6d85e80b06b7df1ed298cd1145a6c9c4842. Keybox and usage table file names are replaced with constant needles. Furthermore, a state needle was added that removes the OldUsageTable file. In addition, this CL includes removals of method references that are now stale due to the introduction of change I9fb2d10b0f966896bea685166c6b6b2e33c995dd. * Android unit test build fixes Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/37380 ] Removed crypto_session_unittest from build script (introduced in http://go/wvgerrit/32824), since crypto_session.cpp requires some changes to be merged over from oc-mr1-dev (b/64456400). Added oemcrypto_session_tests_helper.cpp to the oemcrypto test makefile so the oemcrypto unit tests can link in the methods from the refactor in http://go/wvgerrit/36562. BUG: 71650075 Test: Not currently passing. Will be addressed in a subsequent commit in the chain. Change-Id: I7e45901a151e51da96d192d359edddc5fe74946e |
||
|
Rahul Frias
|
1884cf738e |
Merges to android Pi release (part 8)
These are a set of CLs merged from the wv cdm repo to the android repo. * Android build fixes Author: Rahul Frias <rfrias@google.com> [ Merge of http://go/wvgerrit/36322 ] * Address android compilation errors and warnings Author: Rahul Frias <rfrias@google.com> [ Merge of http://go/wvgerrit/36300 ] * Gyp cleanup and OpenSSL v10.1 support. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/36001 ] OpenSSL 10.1 has a small number of incompatible changes. A desktop system upgrade exposed some issue in the build scripts. Specifically, the linux build was using both third_party/protobufs (2.6.1) and the version installed on the system (3.0 in this case). The linux cdm.gyp depended on cdm/cdm.gyp which caused that plus some additional issues. These changes are necessary to support g++ version: g++ (Debian 6.3.0-18) 6.3.0 20170516 Also did some cosmetic rework on run_current_tests to make it easier to figure out what is going on when something fails. Also tweaked some of the compiler settings for g++ support (revisit this later). * Refactored Service Certificate encryption to allow encryption of arbitrary data. Author: Thomas Inskip <tinskip@google.com> [ Merge of http://go/wvgerrit/36141 ] * Send cdm test requests to UAT. Author: Jeff Fore <jfore@google.com> [ Merge of http://go/wvgerrit/36221 ] This change resolves the all of the CdmDecryptTest/CdmTestWithDecryptParam.DecryptToClearBuffer tests. The license servers will return different keys and keyids. Sending the request to staging returned key ids and keys that were not matching what was expected in the unit tests. * Fix for building L3 OEMCrypto with clang and libc++ Author: yucliu <yucliu@google.com> [ Merge of http://go/wvgerrit/35740 ] 1. Include <time.h> for time(time_t*). 2. Create endian check union on stack. Clang may create const union somewhere else, which may cause crash. * Remove error result when a sublicense session does not exist. This is not considered an error. Author: Jeff Fore <jfore@google.com> [ Merge of http://go/wvgerrit/36080 ] * Set default mock handler for GetSupportedCertificateTypes for all unit tests and removed the use of StrictMock from MockCryptoSession. Author: Jeff Fore <jfore@google.com> [ Merge of http://go/wvgerrit/35922 ] The handler for this was only set for one test and resulted in a number of failures. * Set default handler for GetHdcpCapabilities. For now the default action is to call the real GetHdcpCapabilities of crypto_session. Author: Jeff Fore <jfore@google.com> [ Merge of http://go/wvgerrit/36140 ] I also changed the mock to a NiceMock to silence responses to unexpected calls to GetHdcpCapabilities. The default handler can be overridden as needed in the individual tests. This resolves the policy engine test failures. * Finalize merge of cdm_partner_3.4 to master. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/35360 ] This is the final set of updates to merge all v3.4.1 changes into master. * Embedded license: Sublicense rotation. Author: Jeff Fore <jfore@google.com> [ Merge of http://go/wvgerrit/35360 ] Handle sublicense rotation event. * Embedded license: Initial license phase. Author: Jeff Fore <jfore@google.com> [ Merge of http://go/wvgerrit/34280 ] Initial license phase - key loading subsession. * Embedded license: generate session data. Author: Jeff Fore <jfore@google.com> [ Merge of http://go/wvgerrit/33722 ] Generate session data and add it to the license request for any embedded license material. * Resolve missing symbol when building cd-cdm Author: Jeff Fore <jfore@google.com> [ Merge of http://go/wvgerrit/35840 ] * C++11: Replace OVERRIDE def with override keyword Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/35400 ] BUG: 71650075 Test: Not currently passing. Will be addressed in a subsequent commit in the chain. Change-Id: I37d0cb17f255ac6389030047d616ad69f895748c |
||
|
Rahul Frias
|
11068accd2 |
Merges to android Pi release (part 3)
These are a set of CLs merged from the wv cdm repo to the android repo. * Add CDM status return for decrypt blocked by HDCP. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/28062 ] New status code is kKeyUsageBlockedByPolicy. It is returned by the decrypt() call instead of kDecryptError or kNoKey. Also shuffled the CDM status returns to define the EME-aligned codes first, and added comments to highlight the differences in handling. BUG: 37540672 * Change division and mod ops to relocatables Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/28600 ] This is similar to I2dad1028acf295288cd10817a2bcff2513c053c9. We should be using the relocatable functions instead of the native division and mod operations. * Cleanup Encrypted ClientID in provisioning request Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/28083 ] b/36897239 Staging server does not support it (or the client is not constructing it properly). Leave it disabled pending investigation. * Certificate Provisioning fixes. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/28066 ] Partial fix for BUG: 37482676 Partial fix for BUG: 37481392 Update service certificates, get rid of DEV/QA root certificate. Provisioning request and response are base64 (web-safe) encoded. Response is optionally JSON-wrapped. Change ConfigTestEnv; clearer comments and a closer match to reality. BUG: 71650075 Test: Not currently passing. Will be addressed in a subsequent commit in the chain. Change-Id: I79d3c4bf1124e5e0d3e4d40baead65a8266ea874 |
||
|
Rahul Frias
|
387147dffe |
Merges to android Pi release (part 2)
These are a set of CLs merged from the wv cdm repo to the android repo. * Update service certificate. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/28065 ] The updated service certificate fixes a number of failing tests. There are still some that fail, apparently due to mismatches with key set IDs and usage tables. Also updated QA server URL to point to QA proxy (although neither can be used by this client). Also fixed segfault in CdmTest.ListUsageRecords. * Add CDM APIs for Handling Service Certificates. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/28064 ] The responsibility for managing Service Certificates has been moved out of the CDM. Instead, provide CDM and CdmEngine methods to generate a service certificate request message, and handle a service certificate response. The API client can use these calls if it needs to get the service certificate from the License Server. These functions assume the request and response are base64 (web-safe) encoded (see b/37481392). Not all servers are operating this way yet. Any adaptations for non-compliant servers is handled outside the CDM. See test WvCdmEnginePreProvTest::ServiceCertificateRequestResponse in cdm_engine_test.cpp for an example of this. These changes also eliminate the stored init_data and deferred license type which were used to perform a service certificate request during a license request. * Fix and rename ClosesSessionWithoutReturningError test. Author: Edwin Wong <edwinwong@google.com> [ Merge of http://go/wvgerrit/27880 ] ClosesSessionWithoutReturningError should not check for Status::OK since it is expecting an error code back. The test is renamed to ClosesSessionWithError. Test: libwvdrmdrmplugin_hidl_test BUG: 62205215 * Get rid of default service certificate. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/27981 ] Instead, we need at least two service certs - one for the QA/Test servers, and one for UAT (and prod?) There are still some issues around the signature verififcation of the service cert, and in license_unittest.cpp, the use of the default service cert has been commented out. I don't know why this test needs a service cert. If it really does, then the same mechanism that is used elsewhere for selecting a specific server type will be needed here. BUG: 71650075 Test: Not currently passing. Will be addressed in a subsequent commit in the chain. Change-Id: Ieab815fb202c809ad5714cd0364c4bdfa068f77d |
||
|
Rahul Frias
|
0419b55222 |
Merges to android Pi release (part: 1)
Below are a set of CLs being merged from the wv cdm repo to the android repo. * Fix handling of OEM Cert public key. Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/27921 ] This is a potential fix for b/36656190. Set aside public key on first call to get the public key, and use it afterwards. This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(), which has side-effect of staging the OEM private key. This also fixes a problem where the public cert string was not being trimmed to match the size returned by OEMCrypto_GetOEMPublicCertificate(). * Complete provisioning request/response for Provisioning 3.0 Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/27780 ] Fix bug on provisioning request path where GenerateDerivedKeys() was being called when preparing to generate the signature. Add message signature verification, and call correct OEMCrypto routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30). * Implement Cdm::deleteAllUsageRecords() Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/27780 ] Delete all usage records for current origin. Removes usage records from file system and retains the PSTs. The deletes any usage entries matching those PSTs held by OEMCrypto. BUG: 35319024 * Remove stringencoders library from third_party. Author: Jacob Trimble <modmaker@google.com> [ Merge of http://go/wvgerrit/27585 ] We have a fork of the stringencoders library that we use for base64 encoding. This reimplements base64 encoding to remove the extra dependency and to reduce the amount of code. * Add Cdm::deleteUsageRecord() based on key_set_id. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/27605 ] Delete specified usage record from file system usage info and from OEMCrypto. BUG: 35319024 * Modifiable OEMCrypto Author: Fred Gylys-Colwell <fredgc@google.com> [ Merge of http://go/wvgerrit/24729 ] This CL adds a new variant of the OEMCrypto mock code that adjusts its behavior based on a configuration file. This is intended for testing. For example, a tester can set current_hdcp to 2 in the options.txt file, push it to the device, and verify that a license is granted for HDCP 2.0. Then the tester can edit the value of current_hdcp to 1 and push the file to the device. Playback should stop because the license is no longer valid. This variant uses a real level 1 liboemcrypto.so to push data to a secure buffer. That means we can test playback for a license that requires secure buffers on an Android device with real secure buffers. BUG: 35141278 BUG: 37353534 BUG: 71650075 Test: Not currently passing. Will be addressed in a subsequent commit in the chain. Change-Id: I58443c510919e992bb455192e70373490a00e2b6 |
||
|
Rahul Frias
|
a483c18c59 |
Provisioning 3.0: Changes to Provisioning and Service Certs.
[ Merge of http://go/wvgerrit/23360 ] Service Certificates are used in two places, provisioning and licensing. The service certificate code depended on a session_id to get and set the service certificate properties, but the session_id was not available in the provisioning path. This patch pulls out the property lookup by session_id dependency, and passes the CdmImpl's property_set into the provisioning code, so the service certificate can be read and written there. Bug: 62972441 Test: WV unit/integration tests. This introduces three test failures * WvCdmRequestLicenseTest.PrivacyModeWithServiceCertificateTest * Cdm/WvCdmStreamingLicenseRenewalTest.WithClientId/4 * Cdm/WvCdmOfflineLicenseReleaseTest.WithClientId/3 Change-Id: I6e9d4e23a9e7e81a63a994db8ec0b443893449a6 |
||
|
Rahul Frias
|
ee5aff7706 |
Correct setting of service certificate.
[ Merge of http://go/wvgerrit/23380 ] The service certificate was setup correctly if specified in mediadrm properties. If instead the service certificate was later fetched from the license service, it would not be marked as valid. This led to an infinite loop of service certificate fetches and processing. This prevented the license from being fetched and playback failures. b/34638410 Test: Verified by new service certificate unittests + Hulu playback using fugu. Change-Id: I2a4f8754614fccdad3c80d3e13fba0b44d177d61 |
||
|
Rahul Frias
|
2812c3d2ac |
Support Keybox, DRM Cert, and OEM Cert for Client ID
[ Merge of http://go/wvgerrit/22900 ] Add GetClientToken(), GetProvisioningToken(), GetPreProvisionTokenType() to CryptoSession. They return the correct token bytes and token type for preparing the ClientIdentification message for provisioning and license server transactions. Also refactor service certificate handling. OEM certs are introduced in Provisioning 3.0 b/30811184 * Address build breaks [ Merge of http://go/wvgerrit/23162 ] This addresses issues introduced by http://go/wvgerrit/22900 b/30811184 * When http://go/wvgerrit/18012 was merged (ag/1446934) some changes were not merged for mapErrors-inl.h. These changes are included in this CL. * When ag/1678104 was reverse merged to http//go/wvgerrit/21981/ a variable was renamed and some comments were added to add clarity in cdm_engine.cpp. These changes are included in this CL. Test: All unittests other than some oemcrypto, request_license_test passed. Those tests failed with or without this CL. Change-Id: Ie0215509f2f985f2a610f5a4c865db47edec8662 |