[ Merge of http://go/wvgerrit/100403 ]
VersionNumberTest.VersionNumberChangeCanary was expecting a version
string of "R". However, Android rvc branch is now far enough into
development to use a numbered version: version "11".
Bug: 156853733
Test: Android license request test
Change-Id: I63d33f742c849b672b2d2402ab8423fdf2450f6f
Merge from Widevine repo of http://go/wvgerrit/100110
The unit test TimeRollbackPrevention was broken for several
reasons. This CL reduces the test to its most basic functionality and
updates it to be compatible with a v16 oemcrypto.
This CL also adjusts the fake clock used by the buildbot to fake
sleeping backwards, so that the TimeRollbackPrevention test can also
be run on the buildbot.
Bug: 155773482
Bug: 79422351
Test: unit tests on buildbot, and on flame w/v16 modmock
Change-Id: I3027018b17b738281989e63ae6b0729757217d05
Merge from Widevine repo of http://go/wvgerrit/100328
Several integration tests in WvCdmRequestLicenseRollbackTest had been
testing the duration of a license. However, the license they request
sets the playback duration and not the rental duration. That means the
timer we are checking does not start until the first playback. To fix
the tests, we simply add a decrypt operation right after the license
is received.
Test: integration tests w/v16 mod mock.
Bug: 156854660
Change-Id: Ie4f017c82db8aaf084ad050de3fcb7f51987c97e
(This is a merge of http://go/wvgerrit/100051. However, only one part of
that change affects the Android code, so I have filtered this
description.)
By default, the CDM builds with Clang on Android and on developers' dev
boxes. The buildbot builds most of the code with an old version of GCC.
However, recent versions of GCC were refusing to build our code for a
variety of reasons. This patch fixes the codebase up so that the
version of GCC 9 included on gLinux workstations can compile the CDM.
The only change that affects Android is that a variable was being set
but never read in one place.
Test: Android Unit Tests
Bug: 145245240
Bug: 152449437
Change-Id: Iaeb0531652bb8e7bd69f850fc6b4bba1efa3271b
Merge from Widevine repo of http://go/wvgerrit/99843
When processing a license release, the license is not loaded, so
OEMCrypto does not know nonce version information for the core
message. It assumes that all license releases are v15, so it is not an
error for a license release to not have a core message.
This CL also adds some extra logging to tests so that we can track
content id and the pssh. This CL also updates some of the test content
policies when running the local license server. The local license
server is only used for debugging problems.
Bug: 152648172 Integration test WvCdmEngineTest.LicenseRenewal failing
Bug: 156259697 License release does not need core message
Test: Unit tests with v16 mod mock
Change-Id: I04c896adadfb17877ce1115345d2419e0d2489f0
[ Merge of http://go/wvgerrit/96071 ]
Changes to how the usage table method InvalidateEntry() behaves
required additional changes to CDM code that uses this method.
This involved some refactoring to AddEntry(), moving the LRU
related code to its own function.
A few unittests had to be changed / removed as the moving
multiple entries changes expectations of several existing tests.
Several additional helper methods have been created to improve
readability. These include getters for information about the
usage table, a method for releasing stale entries, and a method of
recording LRU metrics.
Bug: 150890014
Bug: 150887808
Bug: 154269671
Test: Linux unit tests and Android unit tests
Change-Id: I11a98f9a2dea9b2ae57b37d7d4483a37be721763
[ Merge of http://go/wvgerrit/95365 ]
The changes made to how DeleteEntry (now InvalidateEntry) works
introduced a few additional edge cases which were not covered from the
previous set of unit tests.
Bug: 150887808
Bug: 149100568
Test: Linux unit tests and Android unit tests
Change-Id: I263b72fb708c6546294af23ae5ddbd2e82da34df
[ Merge of http://go/wvgerrit/95406 ]
There was an issue with DeleteEntry() where it would result in an
invalid table state if shrinking the usage table when the number of
sessions is at its max.
This required changing how the usage table invalidates entries. Now,
after invalidating an entry (marking an entry as kStorageTypeUnknown)
the table is defragmented if specified to.
Defragmentation involves:
1) Move valid entries near the end of the table to the position of
invalid entries near the front of the table.
2) Shrinking the table to cut off trailing invalid entries.
This change updates the existing tests to pass, but still needs new
tests for some of the edge cases.
Bug: 150887808
Bug: 149100568
Test: Linux unit tests and Android unit tests
Change-Id: I70c7b296e5e4b367746fcdaabbf0f12dcfb39230
[ Merge of http://go/wvgerrit/97963 ]
There are situations where an offline license file will remain on the
system after it's usage entry has been deleted. This would result in
its key set ID being reported as present by the CDM, but any
operations acting upon it will result in an error.
The app should be able to remove the license without error, so long
as the license file exists and no other OEMCrypto operations fail.
This change introduces a new error code LICENSE_USAGE_ENTRY_MISSING,
which indicates that a license's usage entry cannot be found.
A new integration test checks that the CDM can handle the calls to
removeOfflineLicense().
Bug: 137034719
Test: Android unit and integration tests
Change-Id: Ibdbe963b7f7e3ac97b446300d8e3896cdee7abc5
[ Merge of http://go/wvgerrit/97267 ]
In earlier releases, provisioning would occur based on a cached
security level. If an open session call returned a NotProvisionedException
the security level would be cached for use with any future provisioning
call.
An app would have to set the security level, then call openSession,
have it fail and then request provisioning. This fits the normal flow of
most apps. Still on occasion, an app might change requested security level
after an openSession call failed. Using the cached security level
would result in unexpected behavior.
This change allows provisioning to occur at the last security level that
was set.
Bug: 129356527
Test: wv unit/integration tests, GTS tests (GtsMediaTestCases)
Merged-In: I8d9234eec2b23a9c913e77a709943b431e25e43e
Change-Id: I8d9234eec2b23a9c913e77a709943b431e25e43e
[ Merge of http://go/wvgerrit/98694 and http://go/ag/11052323 ]
In earlier releases, provisioning would occur based on a cached
security level. If an open session call returned a NotProvisionedException
the security level would be cached for use with any future provisioning
call.
An app would have to set the security level, then call openSession,
have it fail and then request provisioning. This fits the normal flow of
most apps. Still on occasion, an app might change requested security level
after an openSession call failed. Using the cached security level
would result in unexpected behavior.
This change allows provisioning to occur at the last security level that
was set.
Bug: 129356527
Test: wv unit/integration tests, GTS tests (GtsMediaTestCases)
Change-Id: I8d9234eec2b23a9c913e77a709943b431e25e43e
[ Merge of http://go/wvgerrit/98467 ]
The issue with intermediate provisioning request failures with the
development provisioning server has been resolved in b/139206968.
This change removes the provisioning retry loop which was a workaround
for the CDM unit tests. Should the issue re-arise, it would be useful
to detect it in our unit tests.
Bug: 139361531
Test: Linux unit tests
Change-Id: Ib44c56c740efea562803d3f8f93ffd62bd95e485
(This is a merge of http://go/wvgerrit/97083.)
The switch from LoadKeys to LoadLicense broke entitlement licenses
entirely because the LoadLicense path in CryptoSession didn't include
any affordances for updating the KeySession, unlike the LoadKeys path.
This patch adds code to handle this.
Bug: 152814106
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: Id0c33a566e17e6be8da04e12be4b0fc87559aa8f
In `Combine Decrypt Calls to OEMCrypto`,
OEMCrypto_ERROR_BUFFER_TOO_LARGE is used as the default error code to
signal fallback to legacy decrypt (sending subsamples separately).
The error code would not be updated if no calls to OEMCrypto were
made (e.g. 0-length buffers).
This change resets error code to OEMCrypto_SUCCESS after fall back to
legacy decrypt. Consequently, buffers that do no require OEMCrypto
calls would return OEMCrypto_SUCCESS.
Merge of http://go/wvgerrit/96743
Bug: 150188155
Test: GtsMediaTestCases
Test: DashTest#testWidevineH264AdaptiveWithRendererDisabling
Change-Id: Ib23803c51f16bc809bda5c2720e628e81f1df1dc
Merge from Widevine repo of http://go/wvgerrit/96783
This CL updates the reference code, unit tests, and adapter to use the
new v16 function OEMCrypto_LoadDRMPrivateKey. This is just an API
change to allow ECC support in the future. The reference code does not
yet support ECC certificates, and the CDM code assumes that all
certificates have an RSA key.
Bug: 152558018
Test: unit tests on taimen and w/v16 mod mock.
Change-Id: I0793b416513b81b3d74849f0b58dbdc91f075ac6
[ Merge of http://go/wvgerrit/96514 ]
The combined decryption call feature was introduced in android R.
In earlier releases, subsamples were passed one at a time for
decryption within the plugin. A decryption request that consists
entirely of clear data should be passed on to OEMCrypto even if
no keys are loaded.
A sample might consist of subsamples of clear and protected data.
In legacy mode, this proved to be an issue for OEMCrypto if the clear
subsamples were passed on but the protected ones were rejected (b/110251447).
For legacy mode and in the absence of keys being loaded, the subsample will
be passed to OEMCrypto only if the clear lead/frame is in a single subsample
and not broken up across multiple subsamples.
Bug: 150316417
Test: WV android unit/integration tests
Change-Id: Iff8ae8f58530cb9c5d31ce388742443ae807c16f
(This is a merge of http://go/wvgerrit/96226.)
This patch does a number of different things in order to re-enable the
CDM to use OpenSSL 1.1.0+ out of the box, instead of just BoringSSL:
* To support https://cryptography.io/, BoringSSL has reimplemented just
enough of the OpenSSL PKCS7 API that we can fulfill our purposes with
code that works on either library. This patch replaces code in
privacy_crypto_boringssl.cpp and oec_session_util.cpp that was only
compatible with BoringSSL with code that also works in OpenSSL.
* Replaces code in oec_session_util.cpp that used the deprecated OpenSSL
1.0.0 API with OpenSSL 1.1.0-compatible code. This code previously
worked on BoringSSL because they have not yet removed the OpenSSL
1.0.0 functions, even though they also implemented the 1.1.0 API.
* Replaces openssl/mem.h (which does not work in OpenSSL 1.1.0 and
higher) with openssl/crypto.h. (which works in all OpenSSL and
BoringSSL releases) This does not require any function code changes.
* The OID-comparison code in privacy_crypto_boringssl.cpp was using
BoringSSL-exclusive functions to convert OBJ-format OIDs to text.
Conversion functions that work on either library exist. However, the
new code uses a different technique instead, pre-converting the
passed-in OID to OBJ format. This allows it to be compared to the
certificate directly, avoiding converting every certificate extension
OID to text.
* Allows the selection of "openssl" as the privacy_crypto_impl and adds
a variable to configure OpenSSL. More will follow in future patches
as more configurations of OpenSSL are supported.
Bug: 140053043
Test: CE CDM Unit Tests
Test: CE CDM Unit Tests w/ the x86-64 Platform Reconfigured to OpenSSL
Test: Android Unit Tests
Change-Id: I57cebbbfb59e0bcab85b589b98fb9ffd18885415
[ Merge of http://go/wvgerrit/95405 ]
There are several OEMCrypto functions that do not require an open
session to be called. This change updates the OEMCrypto functions
related to the Usage Table Header.
Bug: 150888316
Test: Linux unit tests and Android build
Change-Id: Ic879876dd190fb3e058bbe8e0cce37273030b105
[ Merge of http://go/wvgerrit/95404 ]
There are three situtations where error codes from a usage table
operations were not being mapped to unique CDM response types. These
particular errors provide useful information for the CDM during table
defragging.
Also fixed misspelled error code.
Bug: 150890014
Bug: 150891685
Test: Linux unit tests and Android build
Change-Id: I683abdd5fc0871317eede960ea36cfafac7e7f49
[ Merge of http://go/wvgerrit/95943 ]
The CDM version for android is now defined in a platform specific
header file. A check for version number match has been removed
from integration tests as it will always be true. We will still
get a notification to change the CDM version when the Android OS
version gets updated.
Bug: 151663718
Test: WV unit/integration tests
Change-Id: I96bac87186e30a709585514be7f338ad2209cdf6
[ Merge of http://go/wvgerrit/95784 ]
On unprovisioning, all persistent state/files are deleted. If a
provisioning session is opened soon after, |OEMCrypto_Terminate|
and |OEMCrypto_Initialize| will not be called. The (deleted) device
key will remain resident in memory and will not be regenerated until
|OEMCrypto_Initialize| is called. Any L3 licenses created will be
associated with a device key that does not exist, at least after
OEMCrypto is terminated.
By disabling delayed termination of OEMCrypto, OEMCrypto will be
terminated and initialized immediately on unprovisioning.
Bug: 149808504
Test: WV unit/integration tests on L3
Change-Id: Id3fbce621b47a723ff624cf45f1ac203421a8dba
[ Merge of http://go/wvgerrit/95508 ]
The provisioning ID length will be 32 bytes when the device supports a
keybox or OEM certificates and does not implement |OEMCrypto_GetDeviceId|.
If a device supports OEM Certificates and implements |OEMCrypto_GetDeviceId|
it may be an arbitrary length upto 64 bytes.
Bug: 150393659
Test: WV unit/integration tests
Change-Id: I5e4dbc8f2f9ca326425d0313f4823b72bd6ac7c0
