[ Merge of http://go/wvgerrit/28261 ]
Licenses (offline, secure stops) that contain provider session tokens
are handled securely using usage tables. A recent fix did not correctly
handle offline licenses that do not contain a provider session token and
are not handled by the TEE.
b/62340248
Test: WV Unit/integration tests, GtsMediaTestCases
Change-Id: Ia1331fea9deff44dd1d93219b37f5bea4b8ee168
[ Merge of http://go/wvgerrit/26421 ]
* Corrects usage_table_header lifetime management. Earlier the
UsageTableHeader class was a singleton tied to the CdmEngine lifetime.
With SPOIDs there might be multiple concurrent CdmEngine objects.
The UsageTableHeader class is now associated with OEMCrypto
lifetime. There are two UsageTableHeader objects one for each L1 and L3.
These get allocated/deallocated on OEMCrypto Initialization/Termination
respectively.
* UsageTableHeader requires OEMCrypto, file read/writes and
metric gathering to perform its required functionality. Because of the
lifetime changes, CryptoSession, DeviceFiles and MetricsGroup objects
need to passed to the methods rather than at Creation time.
* Miscellaneous fixes, when moving or deleteing entries.
* Adds usage_table_header_unittests.
* Addresses failures with request_license_test with secure stop in L3.
b/36858906
b/36855557
b/36048120
b/38341136
b/37100505
b/35946047
Test: Verified by unit and integration tests. Added new
usage_table_header_unittests
Change-Id: I20e396ab2c0afbd14372dd93b969e5b0f1ccd291
Merge from Widevine repo of http://go/wvgerrit/27182
This function is not defined for v13, and should not be called by the
adapter.
b/38203780
Test: Ran unit tests specified in bug, on sailfish.
Change-Id: I38b1cc8493dd22da724f415f28d94f47d6d9c942
These tests verify whether a L3 device respects the HDCP policy set in the
license request. L3 device should only play the clear lead, and stop at
encrypted content. MeidaDrm should throw an ERROR_INSUFFICIENT_OUTPUT_PROTECTION
exception. This is because L3 device always returns current HDCP connection
status as HDCP_NONE.
This CL modifies the policy engine CanDecryptContent method to return
CdmResponseType instead of a boolean, so the app can generate the correct
error response if HDCP constriants are not met.
Test: GTS tests
ANDROID_BUILD_TOP= ./android-gts/tooadefed run gts -m GtsMediaTestCases --test
com.google.android.media.gts.WidevineDashPolicyTests#testL3PlayHDCPV*Required
Test: unit tests
adb shell /data/app/policy_engine_unittest
adb shell /data/app/policy_engine_constraints_unittest
Test: Play Movies
bug: 34258607
Change-Id: I11fc9da1e077e18e38f34159daae9d8ebcd948b6
[ Merge from http://go/wvgerrit/27261/ ]
Sessions created to release keys are periodically cleaned up if the
key release operation does not complete within a specific
amount of time. If other sessions are open, they will be released
through the timer thread. This would result in deadlock as a mutex
was taken twice.
Test: Verified by cdm_extended_duration_test
(AutomatedOfflineSessionReleaseOnOpenSession and
AutomatedOfflineSessionReleaseOnTimerEvent tests)
b/37546078
Change-Id: I7d45f939bdce77e5db461a401364da4f42c1c034
Merge from Widevine repo of http://go/wvgerrit/26943
b/37987506
Test: built and run unit tests on sailfish -- no new failures. Ran
Netflix on sailfish.
Change-Id: I96f8bb7a5c060fefd116b165406ce6bfad29f59d
[ Merge of http://go/wvgerrit/26201 ]
Race conditions arose when a session was closed while data was
still queued for decryption in MediaCodec buffers. If a session
is closed while data is still queued for decryption, subsequent
decryption requests will be rejected with a CryptoException
ERROR_SESSION_NOT_OPENED.
Test: Verified by wv unit/integration test and
WvCdmExtendedDurationTest.DecryptionCloseSessionConcurrencyTest
b/36747801
Change-Id: I044d1d6b9fc886a1c353d20b9c6365319aa71e80
(This is a merge of wvgerrit/25583)
Devices that use Provisioning 3.0 did not have a Provisioning-Unique ID
defined. Attempting to retrieve it would result in an error.
Devices that use SPOIDs with keyboxes would expose the keybox's real
Provisioning-Unique ID when asked. This is a security flaw.
To solve both cases, an alternative Provisioning-Unique ID is used,
consisting of the Device-Unique ID bitwise-inverted.
Bug: 36065223
Test: run_all_unit_tests.sh
Change-Id: I32512a3e11403e679939187e156904a57a9e24ef
(This is a merge of wvgerrit/25582)
Provisioning 3.0 devices that do not use SPOIDs have been returning
their full OEM Public Certificate as their device ID. While this is not
a security concern, (it is a PUBLIC cert) the cert is many times larger
than applications are likely expecting. (several kilobytes vs. just a
few bytes) This patch hashes the OEM Public Certificate to produce a
smaller value, but only when it is being provided out of the CDM to a
caller.
Bug: 34716264
Test: run_all_unit_tests.sh
Change-Id: Ib82cf7a174a8bf02ff606edd0394ada13842224c
(This is a merge of http://go/wvgerrit/25900 and http://go/wvgerrit/25920)
This commit contains the latest Haystack prebuilt binaries based on
the latest OEMCrypto code in the Widevine tree. This is to pick up the
change "Report error OEMCrypto_ERROR_ENTRY_IN_USE", which fixes
several failing unit tests. This CL also adjusts the L3 library so
that it stores its data in the directory specified by the layer above.
level3/x86_64/libwvlevel3.a Level3 Library 7284 Apr 13 2017 16:58:07
level3/arm/libwvlevel3.a Level3 Library 4445 Apr 13 2017 16:48:19
level3/mips64/libwvlevel3.a Level3 Library 7285 Apr 13 2017 23:52:51
level3/mips/libwvlevel3.a Level3 Library 4465 Apr 13 2017 23:16:02
level3/arm64/libwvlevel3.a Level3 Library 7283 Apr 13 2017 17:05:12
level3/x86/libwvlevel3.a Level3 Library 4464 Apr 13 2017 16:36:25
Bug: 36656178
Bug: 37210088
Test: build_and_run_all_unit_tests.sh and GTS tests
Change-Id: Ia5b272cd945f0c9f2fe37ecd0f3ccd2f2ff398bc
[ Merge of http://go/wvgerrit/25983 ]
Earlier versions of android returned CryptoException with
error code ERROR_NO_KEY, when a decrypt call was received before keys were
loaded. Changes to O resulted in ERROR_SESSION_NOT_OPENED being returned
instead. This CL reverts the behaviour.
Also a change to correct CDM error code numbering in comments.
Test: Verified by unit and integration tests
b/37219830
Change-Id: I43758cd29cf9d1945f878ac352a5f26538b48cdb
[ Merge of http://go/wvgerrit/25643 ]
The MediaDrm#provideKeyResponse API states that an empty byte array is
returned when the license type is streaming or release but a non-empty
value was being returned in some cases.
The KeySetId is now returned when the license type is offline or when
the license is streaming and has a secure stop associated with it.
Test: Verified by request_license_test integration tests. Tests have been
modified to validate the returned Key Set Id values.
b/36093612
Change-Id: I82dba537c77ddd1d1876cbce58729f3db901ee51
[ Merge of http://go/wvgerrit/25781 ]
The security level (software/hardware, decryption/decode)
in the policy that specified how the key was to be used was
not being respected for L3. Playback would either continue or
a vendor specific error would be thrown.
If the device cannot use the key as permitted by the policy
CryptoException#ERROR_INSUFFICIENT_OUTPUT_PROTECTION will be thrown.
Test: Verified by WV unit+integration tests.
Verified by WidevineDashPolicyTests
Verified by WidevineDashPolicyTests#testL3SoftwareSecureDecoderRequired,
testL3HardwareSecureCryptoRequired, testL3HardwareSecureDecodeRequired,
testL3SecureVideoPathRequired.
b/31913737
b/31913439
Change-Id: Ibfc7f3dd6fc7264e8cf9b0d33f6f8d619eed6c00
Add a check for invalid session size in restoreKeys
and correct the return code when attempting to create a
plugin with an invalid uuid. Also correct the return code
when attempting to decrypt after keys have been removed.
bug:37172151
Change-Id: I7e832ffe04081471a0cdb3a9329808f47f12cfc3
(This is a merge of wvgerrit/25422)
OEMCrypto_ERROR_KEY_EXPIRED was not always being reported to the higher
layers as a NEED_KEY error, which could cause inconsistent error
handling.
Bug: 28294273
Test: Unit tests
Change-Id: Idf5642ea0f0ba915bc1f53025a1f14691d142aed
Merge from go/wvgerrit/24882:
The result of crypto_session.GetApiVersion is misinterpreted.
Test: ANDROID_BUILD_TOP= -gts/tools/gts-tradefed run gts
-m GtsMediaTestCases --test com.google.android.media.gts.
MediaDrmTest#testOemCryptoVersion
Test: ANDROID_BUILD_TOP= -gts/tools/gts-tradefed run gts
-m GtsMediaTestCases --test com.google.android.media.gts.
MediaDrmTest
bug: 36728950
Change-Id: I72a05608f778fa81689013d3b231010b71329ea1
[ Merge of http://go/wvgerrit/24600 ]
Test: Unit test only change. Verified by rerunning unittests.
b/36221430
Change-Id: I36a8a0a5df400673689280cbf53ba9394f827c90
Some tests code was not correctly merged from the widevine side.
An initializer in generic_crypto_unittest.cpp was missed in
http://go/wvgerrit/23767
bug: 35951647
Change-Id: I2f7052b621989a032179346edf43dcaf6cb7d921
Merge from widevine repo of http://go/wvgerrit/24421
A nonce generation error for a certificate provisioning request had a
generic name Error2. However, this is an actionable error by the
application: the application should wait 1 second and try again.
Therefore it deserves a more descriptive name.
bug: 35926133
bug: 35879493
Change-Id: I6c87a5a762cb970c9530a55c993d7acbed773a00
(This is a merge of go/wvgerrit/23686)
This patch removes the makefile lines that previously prevented the
Widevine DRM Plugin from being built as 64-bit on Android. 64-bit
builds are now fully supported.
Only one piece of CDM code has had to change. Due to a bug in
libprotobuf before v3.0, int64 values from protobufs are technically a
different type from int64_t values in code on some 64-bit
architectures. Both have the same in-memory representation at runtime
but are seen as distinct types by the compiler. The compiler will
automatically convert in most places, but template instantiation is
not one of them, so a few places that passed a Protobuf int64 directly
into a template had to be modified.
Please note that tweaks to the mediadrmserver (not covered by this
patch) are needed in order for it to run as 64-bit and load 64-bit DRM
Plugins. Please also note that, as we have no 64-bit L1 OEMCrypto on
any devices, using the 64-bit mediadrmserver and Widevine library will
make your device fall back to L3 for the time being.
Bug: 18949752
Test: OEMCrypto unit tests
Test: Widevine unit tests
Test: Google Play (on Marlin)
Test: Widevine GTS Tests (on Marlin)
Change-Id: Ib6cdf2dd1ff75a1c473cacdc5e22397caa0a656c
Merge from Widevine repo of http://go/wvgerrit/24043
This CL simplifies the way the oemcrypto dynamic adapter handles
backwards compatibility while looking up old function pointers.
It also puts in guards for functions that do not have pointers.
Current Level 3 libraries merged from http://go/wvgerrit/23686/
level3/arm64/libwvlevel3.a Level3 Library 7283 Feb 15 2017 13:39:10
level3/mips64/libwvlevel3.a Level3 Library 7285 Feb 15 2017 13:51:12
level3/arm/libwvlevel3.a Level3 Library 4445 Feb 15 2017 14:20:04
level3/x86_64/libwvlevel3.a Level3 Library 7284 Feb 15 2017 13:43:04
level3/x86/libwvlevel3.a Level3 Library 4464 Feb 15 2017 14:14:55
level3/mips/libwvlevel3.a Level3 Library 4465 Feb 15 2017 14:10:04
Test: OEMCrypto Unit tests pass on bullhead, fugu, and all
six emulators. A bullhead was crippled to use L3 only, and
Play Movies worked OK. ExoPlayer tests were also run on the
bullhead. L1 was re-installed on the bullhead, and Play Movies and
ExoPlayer tests were repeated with no problems.
Bug: 18949752
Bug: 31458046
Change-Id: I8668fde1ce8a045c71bf33c566f3ff86e11821c5
Merge from Widevine repo of http://go/wvgerrit/24205
This adds a single retry to each call into cdm_engine that uses a
nonce. This should prevent spurious tests failing because they
accidentally generated a nonce flood.
bug: 35879493
Change-Id: I99a5f2063f04befb74361ff44c4ce8e34f41e89d
Merge from Widevine repo of http://go/wvgerrit/23482
Now that the documentation has been approved, it's time to
copy text from http://go/oemcrypto to OEMCryptoCENC.h
This also has all the little tweaks to the documents that have been
requested over the past couple of weeks.
b/31458046
Change-Id: I5b865031eb7945005c06bf1b00ecfaaedcad15f4
This CL removes some unused variables, and changes some integers to
unsigned integers. On some platforms, we were getting compiler errors
and unit test failures.
Merge from Widevine repo of http://go/wvgerrit/23840
Use unsigned integer literals
Merge from Widevine repo of http://go/wvgerrit/23767
Fix Gyp Files
Merge from Widevine repo of http://go/wvgerrit/23500
Remove unused variables
bug: 31458046
Change-Id: I4dfec95ae49187262552fbbf322f3310ab777826
[ Merge of http://go/wvgerrit/24022 ]
b/34327459
Test: Verified by unit, integration tests on angler
Change-Id: Idb17dc472dddbdad217c35bdaa3fb20ae8152371
[ Merge of http://go/wvgerrit/23980 ]
In OEMCrypto version 13, usage information is updated by calls to
OEMCrypto_UpdateUsageEntry. In previous versions calls were made to
OEMCrypto_UpdateUsageTable instead. Both need to be supported as the
OEMCrypto version may vary by device.
This consolidates calls to OEMCrypto_UpdateUsageTable so that they
can be disabled if OEMCrypto version >= 13. No functional changes other
than disabling by OEMCrypto version were introduced in this section.
Helper routines have been added to device files as well.
b/34327459
Test: Verified by unit, integration tests on angler
Change-Id: If5d4bbbe7589e7cc1094999ba21f727eb6c92c3b
[ Merge of http://go/wvgerrit/23820 ]
The UsageTableHeader class is a singleton that CDM sessions will share.
A separate object will be created for each security level. The class
synchronizes access to usage table header and associated data-structures
and controls when they are read in or written out to non-secure persistent
storage. Upgrades from a fixed size usage table (supported by previous
versions of the OEMCrypto API v9-12) are handled by this class.
b/34327459
Test: Verified by unit/integration tests on angler
Change-Id: Ifc5996985e76bc260c01e55bc12aab1248389a80
[ Merge of http://go/wvgerrit/23742 ]
In OEMCrypto V13, usage table header and usage entries are stored in
persistent non-secure storage and loaded and unloaded from the TEE.
Information needs to be maintained to assist finding the associated license
or usage information. This information has been revised for usage information
to use key set id and usage info file name rather than provider session
token and app id.
The app id is stored in a hashed form (usage info file name) and was not
extractable during the upgrade process to OEMCrypto V13. Due to this
DeviceFiles UsageInfo routines have switched to use usage info file name
rather than app id as a key.
b/34327459
Test: Verified by unit/integration tests on angler
Change-Id: I95aa0435d0955c61fc45b951f5b5d44de2ba5cfc
[ Merge of http://go/wvgerrit/23741 ]
Usage entries and usage entry numbers need to be stored with license
and usage information, to facilitate loading usage entries when offline
licenses/usage information are restored or prepared for release.
b/34327459
Test: Validated by running unit/integration tests on angler.
Change-Id: I0949fc4cec8a50be0a7700b659dc12bb82ac6f73
[ Merge of http://go/wvgerrit/23522 ]
A helper method has been added to CryptoSession to determine whether the
TEE supports usage tables, usage table headers+entries or does not
provide any support for persistent licenses.
In addition
* CryptoSession now supports deletion of multiple
usage entries rather than a single one.
* Typedefs have been added for usage table headers and entries
b/34327459
Test: Verified by unit/integration tests on angler.
Change-Id: I634d3b7b81ce94d1deccd2a7aaf26b9efde414a8
[ Merge of http://go/wvgerrit/23600 ]
This adds a new entry to IStorage:: -
bool list(std::vector<std::string> file_names)
It returns the name of each file in the (origin-specific) file system.
b/34628115
Uses the current file system (origin-specific) bound to the CDM. Returns
the list of stored licenses (key_set_ids) in vector output parameter.
Test: verified by unittests on angler.
Change-Id: I988556b27c2a4b75f52b59bcd78cfeaddd649acd
