[ Merge of http://go/wvgerrit/23820 ]
The UsageTableHeader class is a singleton that CDM sessions will share.
A separate object will be created for each security level. The class
synchronizes access to usage table header and associated data-structures
and controls when they are read in or written out to non-secure persistent
storage. Upgrades from a fixed size usage table (supported by previous
versions of the OEMCrypto API v9-12) are handled by this class.
b/34327459
Test: Verified by unit/integration tests on angler
Change-Id: Ifc5996985e76bc260c01e55bc12aab1248389a80
[ Merge of http://go/wvgerrit/23742 ]
In OEMCrypto V13, usage table header and usage entries are stored in
persistent non-secure storage and loaded and unloaded from the TEE.
Information needs to be maintained to assist finding the associated license
or usage information. This information has been revised for usage information
to use key set id and usage info file name rather than provider session
token and app id.
The app id is stored in a hashed form (usage info file name) and was not
extractable during the upgrade process to OEMCrypto V13. Due to this
DeviceFiles UsageInfo routines have switched to use usage info file name
rather than app id as a key.
b/34327459
Test: Verified by unit/integration tests on angler
Change-Id: I95aa0435d0955c61fc45b951f5b5d44de2ba5cfc
[ Merge of http://go/wvgerrit/23741 ]
Usage entries and usage entry numbers need to be stored with license
and usage information, to facilitate loading usage entries when offline
licenses/usage information are restored or prepared for release.
b/34327459
Test: Validated by running unit/integration tests on angler.
Change-Id: I0949fc4cec8a50be0a7700b659dc12bb82ac6f73
[ Merge of http://go/wvgerrit/23522 ]
A helper method has been added to CryptoSession to determine whether the
TEE supports usage tables, usage table headers+entries or does not
provide any support for persistent licenses.
In addition
* CryptoSession now supports deletion of multiple
usage entries rather than a single one.
* Typedefs have been added for usage table headers and entries
b/34327459
Test: Verified by unit/integration tests on angler.
Change-Id: I634d3b7b81ce94d1deccd2a7aaf26b9efde414a8
[ Merge of http://go/wvgerrit/23600 ]
This adds a new entry to IStorage:: -
bool list(std::vector<std::string> file_names)
It returns the name of each file in the (origin-specific) file system.
b/34628115
Uses the current file system (origin-specific) bound to the CDM. Returns
the list of stored licenses (key_set_ids) in vector output parameter.
Test: verified by unittests on angler.
Change-Id: I988556b27c2a4b75f52b59bcd78cfeaddd649acd
This change is the complete Widevine metrics system. It will
measure and record runtime information about what is happening
in the CDM - such as errors and throughput.
Bug: 33745339
Bug: 26027857
Change-Id: Ic9a82074f1e2b72c72d751b235f8ae361232787d
[ Merge of http://go/wvgerrit/23380 ]
The service certificate was setup correctly if specified in mediadrm
properties. If instead the service certificate was later fetched from
the license service, it would not be marked as valid. This led to an
infinite loop of service certificate fetches and processing. This
prevented the license from being fetched and playback failures.
b/34638410
Test: Verified by new service certificate unittests + Hulu playback
using fugu.
Change-Id: I2a4f8754614fccdad3c80d3e13fba0b44d177d61
[ Merge of http://go/wvgerrit/23167 ]
This allows CryptoSession to support the new functionality added to
OEMCrypto to support big usage tables. No changes in behavior yet.
Code that calls these methods will be in a subsequent CL.
b/34327459
* Minor changes to cdm/Android.mk and cdm/test/unit-test.mk to remove
profiler changes that were missed in previous releases.
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: I9becd97c5a8ddf74d30fabd1251e796b534c010f
(This is a merge of go/wvgerrit/23154)
This patch updates the ClientCapabilities protobuf to match the latest
on the server side and adds plumbing to the provisioning request
process so that devices can report whether they like big certs.
Their capacity to lie remains untested.
Bug: 34076937
Test: license_unittest
Change-Id: I3bcc9f1741146953d8bc0ff3d7d2305e7ac2c118
[ Merge of http://go/wvgerrit/23161 ]
The usage table redesign will require storing usage table headers
and usage entries in non-secure persistent store. This information
will be signed by the TEE to prevent against modification. New
Storage and retrieval methods have been added for usage table headers,
while usage entries will be stored alongside (offline) licenses and
(secure stops/)usage info.
b/34327459
Test: All unittests, including newly introduced ones other than some
oemcrypto, request_license_test passed. Those tests failed with or without
this CL.
Change-Id: I9b8d6210e33774b0803f8af1711b2d593d467aec
[ Merge of http://go/wvgerrit/23061 ]
b/34131127
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: I27a3cde8e5c86dc8f9b26f9d4e7793f86c016743
* changes:
Remove missing tests from build_all_test script
Replace PST Report with buffer
Add InactiveUnused to Usage Report status
OEMCrypto v13 Header and Stubs
Log HTTP errors in unit tests
Rename oemcrypto's CryptoEngine configuration functions.
Move keybox and root certificate handling into new class.
Test OEMCrypto with backwards compatible verification
Merge from Widevine repo of http://go/wvgerrit/23028
This logs the full response when the status code causes a gtest to
fail. I hope we can figure out why the buildbot has flakey tests.
Change-Id: I498e633ad65fde4473e01ea227ffe75755fb4fd9
[ Merge of http://go/wvgerrit/22900 ]
Add GetClientToken(), GetProvisioningToken(), GetPreProvisionTokenType()
to CryptoSession. They return the correct token bytes and token type
for preparing the ClientIdentification message for provisioning and
license server transactions.
Also refactor service certificate handling.
OEM certs are introduced in Provisioning 3.0
b/30811184
* Address build breaks
[ Merge of http://go/wvgerrit/23162 ]
This addresses issues introduced by http://go/wvgerrit/22900
b/30811184
* When http://go/wvgerrit/18012 was merged (ag/1446934) some changes
were not merged for mapErrors-inl.h. These changes are included in this CL.
* When ag/1678104 was reverse merged to http//go/wvgerrit/21981/ a variable
was renamed and some comments were added to add clarity in cdm_engine.cpp.
These changes are included in this CL.
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: Ie0215509f2f985f2a610f5a4c865db47edec8662
[ Merge of http://go/wvgerrit/22565 ]
When using the grace period, the CDM will need to override the values
given to use by the TEE (through OEMCrypto). Normally the first (and
last) decrypt times are stored securely by the TEE. To avoid extra
complexity in OEMCrypto, we will simply ignore the values given to us
by the TEE when using this feature.
However, the TEE will still enforce the (hard) license duration. So
only the rental/playback durations will be affected by malicious
editing of files.
b/34211676
Test: Reran unittests including newly added tests. All tests other than
some oemcrypto, request_license_test passed. Those tests failed with
or without this CL.
Change-Id: I6d7b5bfb669fd8603b474b68c2f7175b0c30901d
* CDM license protocol updates
[ Merge of http://go/wvgerrit/22789 ]
No functional changes (yet) - all tests in widevine_ce_cdm_unittest
run successfully.
* Address android test build failures
[ Merge of http://go/wvgerrit/22983 ]
Updates to the license_protocol.proto in go/wvgerrit/22789
did not include the integration tests for android.
b/34202048
Test: Reran unittests. All tests other than some oemcrypto,
request_license_test passed. Those tests failed with or without this CL.
Change-Id: Ib9041d397187859b8fcbc1b1f7d275f8c4ef6aba
[ Merge of http://go/wvgerrit/22564 ]
b/34211676
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: I20474339aa1777da2db3677c10f186726505ecc8
[ Merge of http://go/wvgerrit/17958 ]
This CL might help diagnose the build bot problem.
b/34261498
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: I71e48284b52a1177c6e3b4c9a8bdd12b77cc9f2d
[ Merge of http://go/wvgerrit/22517 ]
b/34211676
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: I86a2ff041aae57ac46e9f9f7bac38ec4599a0fa7
[ Merge of http://go/wvgerrit/22237 ]
This only changes the existing fields of the policy.
License::Policy::license_duration_seconds represents the end time
(relative to the license start time) that the license can be used.
This overriding other times if this is earlier.
License::Policy::rental_duration_seconds represents the end time
(relative to the license start time) that the license can be used
before playback starts. Once playback starts, this no longer applies.
License::Policy::playback_duration_seconds represents the end time
(relative to the playback start time) that the license can be used after
playback has started.
b/34211676
Test: Ran new unittests and reran old tests. All tests other than some
oemcrypto, request_license_test passed. Those tests failed with or
without this CL.
Change-Id: I34e7e39a7ab864300806c557b480f093aec8e545
[ Merge of http://go/wvgerrit/18560 ]
This adds support for offline playback. If the content contains
mutiple playlists which contain differing EXT-X-KEY attribute lists,
each of those keys will need to be saved and restored into separate
sessions.
b/30041089
Test: Added unit tests to cover new functionality. Some oem_crypto,
request_license_test failures but the same as without this CL.
Change-Id: Ia1b877e12a67e8a720d29897ac7e2da236090123
Merge from widevine repo of http://go/wvgerrit/21681
This CL refactors some oemcrypto unit tests in preparation for adding
Provisioning 3.0 tests.
- The signature GenerateNonce has changed. Instead of the caller
passing in a pointer for the nonce, we store the nonce in a member
variable of Session.
- GenerateDerivedKeys is being replaced by InstallTestSessionKeys.
This sets up and calls the appropriate derive keys method. This
function is in the test class, instead of the session class so that
multiple sessions in a class can share the same wrapped rsa key.
This will be modified for provisioning 3.0 in a future CL.
- Rename tests that require a keybox. Some tests are specific for
using a keybox to request a DRM cert. These tests are renamed so we
can filter them out on devices that use an OEM Cert. Corresponding
tests for devices using provisioning 3.0 will be in a future CL.
- Some member variables and methods in the class Session were not
used. They are removed.
- Added openssl smart pointer.
- Comments. I added comments.
- clang format.
Change-Id: Ib579a322858e0ef92652a42167241b35cf85a041
[ Merge of http://go/wvgerrit/22140 ]
There are occasional issues when trying to connect to
http://widevine-proxy.appspot.com/proxy . This changes introduces upto
3 retry attempts. The UAT server on appspot is being replaced by UAT on borg
and so it is not worth our while to debug these issues furthur.
b/30022298
Change-Id: I76c1421e93c7c14b5d2bcd7ad07119a705245922
This CL merges several CLs from the widevine repo:
http://go/wvgerrit/18012 Add support for querying allowed usage for key.
http://go/wvgerrit/17971 Add per-origin storage.
http://go/wvgerrit/18152 Add OEMCrypto's generic crypto operations to CDM.
http://go/wvgerrit/17911 QueryKeyControlInfo => QueryOemCryptoSessionId
Note: numbering in wv_cdm_types.h was added in this CL and will be
back ported to wvgerrit in a future CL.
Change-Id: Idb9e9a67e94f62f25dc16c5307f75a08b3430b64
[ Merge of http://go/wvgerrit/19960 ]
Protections schemes are specified using a 4CC code {"cbc1", "cbcs",
"cenc", "cens"}. A host to network conversion was performed when the
PSSH was created and inserted into the license request. A reverse
conversion was performed when the code was extracted from the
license response.
These conversions are problematic if the PSSH is created externally and
passed into mediaDrm. To address this, the conversions have been removed
and allow protobuf to handle byte ordering. For backward compatibility
we allow codes in either ordering.
b/30713238
Change-Id: I25f01ecc621549fd3c13b443e4c8b89168463249
[ Merge of http://go/wvgerrit/18295 ]
SSL v3 is being disabled across Google infrastructure. Networking
code in integration tests used SSL v3 during HTTPS protocol negotiation.
Once this is disabled, it will cause integration test failures at
staging and UAT license servers.
With this change the client will use TLS 1.2. Insecure cipher suites
(TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_RC4_128_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA)
have been disabled as well.
b/29356581
Change-Id: I98a04d345fe83c48132b9d79986a21cc84827dc8
[ Merge from http://go/wvgerrit/17429 ]
This is to correct for when HDCP validation failure at the OEMCrypto level
ends up returning a CryptoException through MediaCrypto with error code
Unknown Error (-2998).
b/27849488
Change-Id: Ib3a9b1c3a17b9323f3d079a678cf88dedeec3b4b
Some decryption errors were being reported as
vendor-unique diagnostic codes that were not generally
actionable by an app. Recently a new
MediaCodec.CryptoException code was added so these types
of failures can be reported as ERROR_UNSUPPORTED_OPERATION,
in which case the app can use an alternate DRM
configuration in a way that does not require
vendor-specific handling. This change remaps this class
of decrypt errors to the new error code.
Merge of http://go/wvgerrit/17110
bug: 25929554
Change-Id: Iff44c2f04f9ee28d065fb17d59bca4032c5d55ca
[ Merge of https://go/wvgerrit/17055 ]
There are a few bugs that need to be addressed to get HLS to work.
* Content ID in json init data is base64 encoded and needs to be decoded
before being added to the WidevineCencHeader proto.
* Protection scheme was not set in the WidevineCencHeader proto.
* HLS initialization data should be sent as a CENC content identification
in a license request.
b/20630275
Change-Id: Ie0ac33ac061931df6f26c0afbf3e62e5d01e5041
[ Merge of http://go/wvgerrit/16625 and http://go/wvgerrit/16633 ]
Reduce the number of parameters needed by GenerateKeyRequest.
Combining all output values into a single struct.
BUG: 26162546
Change-Id: Ibeb3f4df4a8e877511f8ab2e6c543001a921f285
[ Merge of http://go/wvgerrit/16628 ]
Jsmn will replace a local method that parsed json init data.
Added a fix to include all key Ids in the WidevineCencHeader rather than
just the first. Also modified the content_id to reflect that it is a
base64 encoded value.
b/20630275
Change-Id: I7080c8cea21be4dea09a4905a96b4cc03e584c1d
[ Merge for http://go/wvgerrit/16617 ]
This adds additional test coverage to verify HLS EXT-X-KEY attribute
lists.
b/20630275
Change-Id: I72d7aa13b9b190728a56668ab79fa5e93bfa0d8b
[ Merged of http://go/wvgerrit/16576 ]
The WV EXT-X-KEY attribute list earlier expected a cenc PSSH box in the
URI field, in a hexadecimal sequence format. To ease the burden on
content providers, the URI field will now contain init data in a json
format and base64 encoded. The platform will assume responsibility
to parse this data and create a widevine init data protobuf that
can be included in the license request.
b/20630275
Change-Id: I49e270bedbe96791fc9b282214a9a358d95d163e
[ Merge of http://go/wvgerrit/16550 ]
This is in addition to Web safe Base64 encode/decode support by core.
Change-Id: I9ed51721b138a7f15fb4d216796deadd5d5b31a2
This is a merge of squashed CLs.
* Cdm Session and Engine interface clean up
[ Merge of http://go/wvgerrit/16387 ]
Key Set Ids have been removed from the CdmSession interface
(GenerateKeyRequest, Addkey) as they can be queried by an accessor.
The CdmEngine interface now allows one to specify or retrieve a session ID,
since both were not being used in a single call. Key set IDs are no longer
returned though GenerateKeyRequest as they was not being used.
* Generate key set ID when session is initialized
[ Merge of http://go/wvgerrit/16370 ]
Key set IDs are currently generated at different times in the
CdmSession lifecycle. Android generates key set IDs when the license
is received, while the CE CDM generates (or overrides them)
when the session is constructed.
The key set IDs are now generated when the session is initialized.
Key set generation cannot occur earlier as it has a dependency on
security level and in turn on crypto session initialization which
occurs when the session is initialized.
Depenencies on Session ID has caused other activities, construction of
PolicyEngine, CdmLicense, setting property CDM client sets to be
deferred from CdmSession constructor to Init().
Android will still retrieve the key set IDs after the offline license is
processed. For streaming requests, the key set will be
unreserved and discarded when the session is terminated.
Change-Id: Ib802d1c043742d62efa9a2c901fcd113e836c33d
[ Merge of http://go/wvgerrit/16241 and http://go/wvgerrit/16364 ]
This will allow a usage session to be loaded later by key set ID.
This is needed for EME-style secure stop in the new CE CDM API.
b/25816911
Change-Id: I916340047492fbc0556d0e90bd2eac0f3eafe597
[ Merge of http://go/wvgerrit/16290 ]
HLS uses an EXT-X-KEY tag and attribute list in the media playlist to
identify the key and method used to encrypt media segments. This allows
for the attributes to be parsed and extracted.
b/20630275
Change-Id: I2c4a419022f933b7b34b64dc48930f167abe65c6
[ Merge of http://go/wvgerrit/16405/ ]
Methods in string conversion and license request tests were not being used.
This was detected by static analysis cppcheck reports.
b/26349052
Change-Id: I44779abf6b6fdc01b5391bff7d47be1d20ef84d2
* Fix strict aliasing error in gcc
[ Merge of http://go/wvgerrit/15856 ]
This also ensures the alignment of 64-bit memory access in a portable
way, without using compiler-specific mechanisms like attributes or
platform-specific mechanisms like memalign.
(The aliasing error does not show up in clang.)
* Return kNotSupported for non-Widevine init data
[ Merge of http://go/wvgerrit/15853 ]
This also improves logging for the init data parser by including a
verbose message for non-Widevine PSSHs and by using a new IsEOF()
method to avoid misleading "Unable to read atom size" logs.
* Cast RSA_size() to int
[ Merge of http://go/wvgerrit/15880 ]
It has been suggested that this may be unsigned on some versions of
OpenSSL or BoringSSL.
* Be strict about warnings for CE CDM
[ Merge of http://go/wvgerrit/15831 ]
* Enable all warnings and treat warnings as errors in the CE build.
* Fix all existing warnings (mostly unused variables, consts, and
functions, and one signed/unsigned comparison).
* Exclude protobuf warnings rather than maintain a divergent copy.
* Fix release build errors
[ Merge of http://go/wvgerrit/15855 ]
* Level 3 Build With Android Emulator
[ Merge of http://go/wvgerrit/15778 ]
This CL rebuilds the level 3 libraries with the android emulator
sdk_phone_*. This seems to avoid problems with the x86 build using
incorrect compiler flags.
These libraries work for arm, x86, mips, arm64, and x86_64. The level
3 library is disabled for mips64.
Versions:
level3/mips/libwvlevel3.a Level3 Library Sep 30 2015 18:29:50
level3/arm/libwvlevel3.a Level3 Library Sep 28 2015 13:18:25
level3/x86/libwvlevel3.a Level3 Library Sep 28 2015 13:08:28
Change-Id: I1e50aa78bdc84ecb905f2e55297d4f48b140341c
* Update unit test make files to use BoringSSL
[ Merge of http://go/wvgerrit/14173 ]
This CL updates the android makefiles to use the libcrypto_static.
* Do Not Run Provisioning Tests On Devices Without Keyboxes
[ Merge of http://go/wvgerrit/15633 ]
The provisioning tests outside OEMCrypto were failing on devices that
use baked-in certificates because only OEMCrypto knows that the cert
is baked in and the device cannot be reprovisioned. This change
skips those two tests if the device says it does not implement
rewrapping the cert. (i.e. it does not implement provisioning)
Bug: 23554998
* Add new third-party libs (protobuf & gyp)
[ Merge of http://go/wvgerrit/14717 ]
The CE CDM used to expect these to be installed system-wide, which
creates challenges for integrators who must cross-compile the CDM.
These are now used in source form from third_party.
Change-Id: I29cca2f9415fe2fafdf948273e5a0f5d7de50285
* Add Apple MD5 support in DeviceFiles
[ Merge of http://go/wvgerrit/15544 ]
Patch courtesy of Spotify.
* Changing vague BufferReader log message
[ Merge of http://go/wvgerrit/15515 ]
Amending the buffer reader log message for null parameters in the
read function to say the type of parameter to help tell the
difference between Read2, Read2s, Read4, Read4s, Read8, and
Read8s.
Bug: 23619044
* Fix HTTP socket tests
[ Merge of http://go/wvgerrit/15521 ]
This fixes the build on Jenkins. I missed these when I updated HTTP
socket because they are not part of the CE CDM test suite.
* Update HttpSocket for IPv6
[ Merge of http://go/wvgerrit/15517 ]
Previously, HttpSocket made assumptions about IPv4.
This CL updates this utility to be agnostic to IPv4 vs IPv6.
If our servers start resolving to IPv6 addresses in future,
our tests can now handle this transparently.
* Removed low level warnings from PSSH
[ Merge of http://go/wvgerrit/15489 ]
Unneeded warnings in parsing PSSH and in buffer reader
were appearing in the logs. LOGW commands were replaced
with LOGV.
Bug: 23419359
* BufferReader unit tests and hardening.
[ Merge of http://go/wvgerrit/15449 ]
Added unit tests for public-facing functions.
Added protection against null or negative parameters.
Bug: 23419008
Change-Id: Ia44100a2d1bafe68986ae9a0793214885b21e61e
* Extend CdmLicense's stored_init_data_
[ Merge of http://go/wvgerrit/14661 ]
CdmLicense will store init data when a server cert must be
provisioned. After provisioning, the original init data can be used
to generate the originally-intended license request.
To do this before, the caller had to call CdmSession's
GenerateKeyRequest with an empty InitializationData object. However,
the init data's type still had to be set, as did the license type.
This CL allows the caller to use a truly empty InitializationData
without a type. To permit this, CdmLicense now stores a full
InitializationData object, rather than just a copy of it's data field.
With this CL, the caller also avoid storing the original license type.
To accomplish this, CdmSession uses the already-set is_offline_ and
is_release_ flags from the original call to reconstruct the intended
license type. The caller uses the new type kLicenseTypeDeferred.
To facilitate storing whole InitializationData objects, they are now
copyable.
This ultimately simplifies server cert code for the new CE CDM.
* Store service certs in Properties
[ Merge of http://go/wvgerrit/14664 ]
This allows CE devices to mimic the Chrome CDM's behavior of sharing
server certs between sessions.
This also affects Android behavior. Previously, provisioned service
certificates were per-session, while explicitly-set service certs
were per-DRM-plugin. Now, both are per-DRM-plugin.
A DRM plugin is associated with a mediaDrm object. Content
providers will still be able to retrieve and use different
certificates. The change here requires an app, that wishes to use
different provisioned service certificates will have to use
multiple mediaDrm objects. This is an unlikely scenario.
Change-Id: If2586932784ed046ecab72b5720ff30547e84b97
