[ Merge of http://go/wvgerrit/192010 ]
Updates the CDM to add support for DRM reprovisioning request creation.
- Load the baked-in certificate for use as the client token.
- Add functions to build and sign a drm reprovisioning request.
- Update the Rikers L3 OEMCrypto implementation to support signing
provisioning requests and getting embedded certificate.
- Update client id token to handle DRM reprovisioning.
- Add OEMCrypto function to load the baked-in device certificate in
Rikers CDMs and stubs for non-Rikers CDMs.
- Add dynamic adapter support for getting embedded device certificate
only on L3.
Bug: 305093063
Test: WVTS
Change-Id: I9a0ecf95e27213b046f03baa0781fb164179323b
[ Merge of http://go/wvgerrit/189590 ]
[ Cherry-pick of http://ag/26541307 ]
The CDM session shares its CryptoSession instance with a few additional
member objects (CdmLicense and PolicyEngine). When the CDM session's
crypto session is reset, it must also reset the CdmLicense and
PolicyEngine otherwise, a potential stale pointer reference may occur.
Test: request_license_test on Oriole
Test: run_x86_64_tests
Bug: 311239278
Change-Id: Ie175513ae652dcd96e12e5e1def574a8a56d5863
[ Merge of http://go/wvgerrit/194050 ]
OEMCrypto v17 introduced higher granularity in the device's HDCP V1
levels. Previously, all HDCP v1.x were group together. The change
was aimed towards server policy enforcement, not device enforcement.
Core code was updated, and could then be reflected in license
requests; however, reporting the new v1.x subversions was never
exposed to the higher app layers.
It is likely that devices which attempted to use specific 1.x versions
encountered test failures (for both CE CDM and Android CDM) as neither
implementations could handle such versions when communicating with
the app.
This change updates both CE CDM and Android CDM:
1) The CE CDM now uses the same subversion version comparisons as
performed by the core code.
2) The Android CDM will now recognize new HDCP levels, and not return
unexpected values.
Bug: 329155501
Test: run_x86_64_tests
Test: request_license_test on Oriole
Change-Id: I61fc0f11808f594456bd00210fd9b2bb5ed16c0e
BCC supports two types of format: CBOR and X509. The latter will be
used by Chrome OS. In case of Prov4, BCC type will be queried by
OEMCrypto_GetBCCType() and the returned value is populated in the
provisioning request.
This CL adds X509 type to protobuf, a call from CDM to query BCC type
and OEMCrypto adapter changes for this call.
Test: run_fake_l1_tests, opk_ta_p40
Bug: 307969500
Change-Id: I88acc36da6cb413d537a9ea9dfd2a150d4557595
This updates the code and tests to allow for using license protocol 2.2
when using OEMCrypto v19.
Issue: 80428549
Issue: 121031064
Issue: 232464183
Change-Id: Ib6bb61f86dd310b566227462658530bca5940b88
Since KDF functions are only used right before specific functions, this
merges them to simplify internal state within OEMCrypto.
Fixes: 299527712
Change-Id: I426cfcdc102bd73cf65cd809b213da2474f44b34
Creates parameterized certificate provisioning tests to prepare for DRM
reprovisioning implementation.
- Create parameterized certificate provisioning test suite.
- Change RETURN_IF_NOT_OPEN macro to call IsOpen instead of checking
the |open_| variable to make mocking of CryptoSession methods easier.
Bug: b/305093063
Merged from https://widevine-internal-review.googlesource.com/188051
Change-Id: Ic1c344af64073a8ff5626530a0864bfeea90fc6e
Creates new token types for the DRM reprovisioning scheme that will be
used by L3 CDMs with baked-in certificates to allow for use of unique
serial numbers.
- Create new `CdmClientTokenType` for DRM reprovisioning in the CDM
core.
- Create a new `ProvisioningType` for DRM reprovisioning in the
provisioning message proto.
- Create new enum value for `DEVICE_EMBEDDED` in DrmCertificate type.
- Update uses of the above to include the new token types.
Bug: b/305093063
Merged from https://widevine-internal-review.googlesource.com/186934
Change-Id: I7e6cc8744b80cbbb624d31e5be1eab1be8a9680f
GetDeviceInformation() and GetDeviceSignedCsrPayload() are added to
cdm_engine and crypto_session, so that they can be queried by DRM
plugin. This is to allow the wv drm HAL to be able to extract BCC and
CSR payload to build CSR for prov 4 device registration, such that we
don't need a separate RKP HAL to do this job.
Changes to the DRM plugin to use the exposed methods will be in the
coming CL.
Bug: 286556950
Test: request_license_test
Merged from https://widevine-internal-review.googlesource.com/178890
Merged from https://widevine-internal-review.googlesource.com/179730
Change-Id: Ibafa3a58c99fbb8f1f25f8951d3749110bd32176
[ Merge of go/wvgerrit/186611 ]
Android user can set the property using the developer option.
Bug: 301669353
Change-Id: I730b635f6cc28dfb0471c1d679627c94b9e16af1
[ Merged of go/wvgerrit/186370 ]
CDM by default allows test keybox from device side.
Bug: 299987160
Bug: 301669353
Change-Id: I06f1936ccd068eb71364a5a8931970954233b686
[ Merge of http://go/wvgerrit/181152 ]
[ Cherry-pick of http://ag/24137228 ]
Partners have requested that we log HDCP information during certain
operation:
1) Current and max HDCP capability when calls to decrypt or select
key failure due to insufficient or mixed HDCP levels.
2) Current, desired and default HDCP level when video contraints
are not met.
To avoid spamming the logs, decrypt failures are only logged on their
first occurrence, and unmet video constrains when one of the
requirements change.
Bug: 276686656
Bug: 292005982
Test: license_keys_unittest
Test: Android WVTS on oriole
Change-Id: I98b18e66d7ce1c474a018ae83af4f1c0b03308df
(cherry picked from commit c84b9afd38)
[ Merge of http://go/wvgerrit/174555 ]
This is only announced if OEMCrypto is v18+
Bug: 278751387
Test: Duration use case tests, wvts tests
Change-Id: I5cbfcc733ed2af2c940fde381b40a5be850e7e88
[ Merge of http://go/wvgerrit/173290 ]
* Renew timer offset from when license is loaded verifies that the
rental duration has not expired and begins decryption.
* Renew timer offset from first decrypt bugfix
* Feature is enabled based on oemcrypto v18 presence
* Renewal logic verifies that |can_renew| is enabled
* Unit tests were added to reflect use cases from duration
and renewal documentation
Bug: 278751387
Test: policy unittests, CdmUseCase tests, wvts tests
Change-Id: I3070b3f31b316e150c28ebe38d0440ab1eeb89b9
[ Merge of http://go/wvgerrit/172010 ]
The CdmEngine provides an API for generic crypto operations that are
already used for the CE CDM. This API is being exposed in the Android
CDM. The parameter order of the Android CDM is modified to match the
existing generic crypto parameters used in the media DRM plugin.
Bug: 274984456
Bug: 29400687
Test: build x86-64 and Android
Change-Id: I3b286ebb011bd58754b7b8ea814ed46daf1f62f9
[ Merge of http://go/wvgerrit/171310 ]
Offline license not found errors are identified by CdmResponseEnum
347 (KEYSET_ID_NOT_FOUND_4). No addition file system information
is shared.
Checks for file existance use the stat command. The stat call can
return error codes from errno.h when the command fails.
These are now converted into sub error codes and returned along with
the offline license file not found error.
This also includes a change to log stat errors other than
ENOENT (no such file or directory) as a warning rather than verbose.
Bug: 276225520
Test: file_store_unittest, file_utils_unittest, GtsMediaTestCases
Change-Id: Ic09d036549582cd65783b49fa96ffefc4bf562c7
[ Merge of http://go/wvgerrit/170073 ]
Removed the file "error_string_util.cpp" and its header, moving the
OEMCryptoResult to string converter to "wv_cdm_types.cpp". This extra
file served little purpose, and created a dependency on the CDM utils
to the CDM itself.
This is part of the effort to fix the formatting of WV metrics; making
enum-to-string conversion uniform throughout the CDM.
Bug: 239462891
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine -m
Test: Manual testing with Google TV
Change-Id: I4bf95d26b623f5b8fa86bdb2578cbc4ee65125cb
[ Merge of http://go/wvgerrit/169374 ]
Device renewals used to require that OEMs remove provisioning
certificates as part of the OTA update process. Instead, a change
in system ID is relied upon to indicate a change in root of trust.
If a change in System ID is detected, reprovisioning will be forced.
This is not enabled for ATSC devices or L3 devices. For the latter a
change in system ID may occurs without a change in RoT.
Bug: 258361396
Test: GtsMediaTestCases
Change-Id: I6e8b0b2149fc2ed5362a32bb6e869826f5fa8ef7
[ Merge of http://go/wvgerrit/169450 ]
OEMCrypto v17 introduced several new HDCP levels that OEMCrypto may
report; however, the CDM never updated to support them. The enum
values of the additional levels are no longer sequential with their
level of support (v1.1 is 7, and v2.1 is 3), this requires more
considerations when comparing the required HDCP levels (as specified
by the license) and current HDCP level supported by OEMCrypto.
The following rules were used:
1) HDCP_NONE is the absolute lowest level
2) HDCP_NO_DIGITAL_OUTPUT is the absolute highest level
3) HDCP_V1 is treated as equal to all V1.x levels
4) All other versions are based on their major-minor pairs
Bug: 269671291
Test: license_unittest
Test: policy_engine_constraints_unittest
Test: policy_engine_unittest
Test: GtsMediaTestCases
Change-Id: Ibecfcb981d7e019c68cb8e0c7286222253d18369
* changes:
Filter RSA 3072 tests
Add MemorySanitizer support for opk_ta tests
Filter CAS tests
Refactor missed provisioning and renewal tests
Use GTEST_SKIP to skip prov40 tests
Update test updates and known issues to ChangeLog
Update oemcrypto unit tests version number
Update CHANGELOG for late-breaking OPK v17.1.1 changes
Filter Cast Reciver tests
Document RSA keypair issue on OP-TEE 64-bit
Use GTEST_SKIP to skip prov 3.0 tests
Remove V17 backwards-compatibility decrypt functions
Small changes to refactored unit tests
Add CHANGELOG entry for OPK v17.1.1
Refactor usage table tests
Refactor decrypt unit tests
Update OPK v18 documentation
Fix null passed to memcpy in generic verify fuzz
Update documentation for Cast
Document lacking signature of Prov 3.0 message
[ Semi-revert of http://ag/20183443 ]
[ Merge of http://go/wvgerrit/168898 ]
These tests were removed from Android last quarter; however, they
now need to be restored. These tests will be removed in Android V.
To help with ambiguity around where the CDM is operating on a single
or set of usage info messages, the variables have been renamed to
propery indicate plurality.
Bug: 263319220
Test: cdm_extended_duration_test
Test: request_license_test
Test: libwvdrmdrmplugin_hal_test
Change-Id: I38b16dd5811069fafaeab5ffc19d0f8a8095f0cf
[ Merge of http://go/wvgerrit/168397 ]
When CdmResponseType (enum) was transformed to CdmResponseType
(struct), the test printers where not updated to print the result
of failed comparisons. In addition, several logs statements were
updated haphazardly, leaving inconsistencies and potential
compiler-specific behavior.
This CL replaces CdmResponseType std::string operator with a ToString()
method. This is to make it consistent with Google's C++ style guide
on conversion operators vs methods. The string conversion function is
now defined in wv_cdm_types.cpp instead of inline in the header file.
The PrintTo function has been implemented along with the other CDM
test printers in test_printers.cpp.
Bug: 273989359
Test: run_x86_64_tests
Test: MediaDrmParameterizedTests on redfin
Test: Forrest drm_compliance
Change-Id: Ibfaa17029046b75b1c8c278f7bd7e04a24379848
(Merged from http://go/wvgerrit/165859.)
Since renewal requests are signed with the MAC keys and not an
asymmetric key, it does not make sense to query OEMCrypto for the
asymmetric key hash algorithm nor to include the result in the renewal
request.
Bug: 262427121
Test: opk_ta
Change-Id: Ib309b63b79e553f4754c013718df242247ab9488
[ Merge of go/wvgerrit/c/cdm/+/165138 ]
Enabled the Widevine DRM service on Android to return the raw boot
certificate chain via the CDM status query capabilities. This
property key is not available for app-level queries.
The BCC is dumped by the WVDrmFactory when requested to print all
CDM properties via dumpsys.
Bug: 234095402
Test: request_license_test
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine -p
Change-Id: I34695b0655b4c609979577e9986974bc0fbda898
[ Merge of http://go/wvgerrit/165617 ]
Similar to the issue with updating secure stops by PST (see
http://go/wvgerrit/165597), when deleting different secure stops with
the same PST results in unintended behavior. This CL changes how the
CDM identifies which secure stop to delete from storaged based on the
key set ID rather than the PST.
Bug: 263316107
Test: device_files_unittest
Test: GTS MediaDrmParameterizedTests and MediaDrmStressTest
Change-Id: Ic3843a1435f252f052c7189423c211c28ed74eaa
[ Merge of http://go/wvgerrit/165191 ]
Previously, when updating a secure stop / usage info record, the
existing record was identified by PST. It was assumed that apps would
never use the same PST for different licenses; however, this was never
enforced. Certain GTS tests use the same PST across multiple tests to
identify different licenses. Depending on the order of operations,
the periodic updating of the usage entry might overwrite the wrong
entry.
Key set IDs are generated by the CDM, and are guaranteed to be unique
within the scope of the same file system. Given that key set IDs are
not expected to be transfered to different licenses, using the key
set ID to identify secure stop / usage info records eliminates the
possibility of overwriting the wrong entry.
Bug: 263316107
Test: device_files_unittest
Test: GTS MediaDrmParameterizedTests and MediaDrmStressTest
Change-Id: I2e2d50d188e05c8ca6b8095549796b913ea72d7a
[ Merge of http://go/wvgerrit/164477 ]
Renew on load is supported when OEMCrypto is >= v18.
A new class, policy_timer_v18 has been added to support this
functionality. In addtition,offsets of renewal from first decrypt
and license start are also included.
Bug: 256038127
Test: GtsMediaTestCases
Change-Id: Ib18af3096d1d8807af6a03fd2f84783123ab6b6d
[ Merge of http://go/wvgerrit/164277 ]
No functional changes are made in this CL. policy_timer_v16 and
policy_timer_v15 derive from policy_timer. We have removed
support for OEMCrypto v15. policy_timer_v15 has also been removed.
This allows us to move functionality from policy_timer_v16
to policy_timer class. This will ease subsequent renew on
license load functionality.
Bug: 256038127
Test: Luci tests
Change-Id: Iebd588237edd02b30a820c4d9d57ce041c26964e
[ Merge of http://go/wvgerrit/164077 ]
This CL makes major changes to the names of variables and types that
are related to the usage table, header, entries, entry indexes, and
other related data.
The renaming followed these rules:
1) "Usage table header" will exclusively refer to the header blob
that is OEMCrypto specific. The CDM class "UsageTableHeader"
is the CDM-layer's abstraction around the "usage table" concept.
The name has been updated to reflect that.
2) The "Cdm" prefix is only used for the CDM-specific data types for
the usage table and entry info. It has been removed from
OEMCrypto-specific types.
- UsageTableHeader -> CdmUsageTable
- CdmUsageTableHeader -> UsageTableHeader
- CdmUsageEntry -> UsageEntry
3) The "usage_" prefix has been removed from variables when the usage
table or usage entries are the subject of the function or class.
4) UsageEntryIndex is the type for entry indexes, instead of directly
using uint32_t. This matches how we wrap other types in
"wv_cdm_types.h"
5) Changed entry "number" to entry "index".
6) Vectors of elements have been renamed to be either pluralized or
have a suffix "_list".
7) "Usage info" was occasionally being used to refer to the usage
table or entries generally, rather than specifically secure-stop.
- CryptoSession::HasUsageInfoSupport() -> HasUsageTableSupport()
The most major change is that the files "usage_table_header*" have
been renamed to be "cdm_usage_table*".
Bug: 242914226
Test: run_x86_64_tests and request_license_test
Change-Id: Iee98446b71f4f2934d3c9e0fb949eb05b84d1f8c
[ Merge of http://go/wvgerrit/163900/ ]
ATSC licenses can be saved by calling
MediaDrm#setPropertyString("storeAtscLicense",<value>)
where <value> is
"<atsc-key-set-ID>:<license-file-data in Base64 format>"
Before storing an ATSC license a session must be opened and the
ATSC mode must be enabled.
Use MediaDrm#setPropertyString("atscMode","enable");
Bug: 176871821
Test: WV Unit/integration/Luci tests
Test: libwvdrmdrmplugin_hal_test
Test: GtsMediaTestCases
Change-Id: Iec2a8b7f87b1122395d06856202278b92316fdfe
[ Merge of http://go/wvgerrit/164257 ]
Support for OEMCrypto v15 is being removed from the CDM. The
policy_timers_v15 will no longer be invoked and can be removed.
Bug: 256038127
Test: WV unit/integration tests
Change-Id: Ic3a503ef2a17223dd0bc13696960dcd6822cc343
