[ Merge of http://go/wvgerrit/183472 ]
For provisioning 4.0 devices, the DRM certificate serial number
was changing on a reprovisioning attempt or factory reset. The
app parameters sent up in the client identification name-value
pair field were being filtered out in provisioning requests.
This has been corrected for provisioning 4.0 stage 2
(DRM certificate request). There is no need to include them for
stage 1 (OEM certificate request).
The test case WvCdmRequestLicenseTest.ProvisioningSpoidTest
was created earlier to ensure that SPOIDs and DRM certificates are
stable. Unfortunately due to another bug b/250099615, the RKP service
was holding a connection to the Widevine TA for provisioning 4.0
devices. When native tests ran as their own process, L1 would fail
to load due to a connection failure and the test would run as L3.
The tests passed for provisioning 4.0 devices Pixel 7 and 8 when
they should have failed. This gave us a false sense of confidence
that the SPOIDs were stable.
For now a workaround is to run a shell command to kill the widevine
TA before running native tests.
$ adb shell pkill -f -9 widevine
New tests have been introduced to provide integration coverage
WVPluginTest at the WV plugin level and CoreIntegrationTest
for core. GTS tests are also being written in b/295538002.
Bug: 294451432
Bug: 293950895
Test: WVPluginTest.ProvisioningStableSpoidTestL1, WVTS tests
Change-Id: Ib9ace4387866ea38bb1840feb69cea78d2d2c09c
[ Merge of http://go/wvgerrit/181151 ]
[ Cherry-pick of http://ag/24103737 ]
For devices with a large number of usage entries, when restoring the
usage table a capacity check is performed. This checks that a new
entry can be created. This test was originally added as some devices
might enter a "stuck" state the table cannot be initialized.
To perform this test, a temporary crypto session is created and an
entry is created for that session. After successfully creating that
entry, the entry is deleted. However, because the session was left
open, the entry could not be deleted.
This change closes the capacity-check-session before deleting the
entry, as well as includes additional logs for helping future debugs.
Bug: 286176947
Bug: 291351287
Test: usage_table_header_unittest
Test: Android GTS R11 on oriole
Change-Id: I6923de00175f70b2392bfe581ca5f9ae60c4af25
(cherry picked from commit 8b4bbeeb6f440c48a3250b961f7a7dab2472d7e9)
(cherry picked from commit bb925c46e5)
[ Merge of http://go/wvgerrit/181152 ]
[ Cherry-pick of http://ag/24137228 ]
Partners have requested that we log HDCP information during certain
operation:
1) Current and max HDCP capability when calls to decrypt or select
key failure due to insufficient or mixed HDCP levels.
2) Current, desired and default HDCP level when video contraints
are not met.
To avoid spamming the logs, decrypt failures are only logged on their
first occurrence, and unmet video constrains when one of the
requirements change.
Bug: 276686656
Bug: 292005982
Test: license_keys_unittest
Test: Android WVTS on oriole
Change-Id: I98b18e66d7ce1c474a018ae83af4f1c0b03308df
(cherry picked from commit c84b9afd38)
[ Merge of http://go/wvgerrit/175310 ]
Pass the real oemcrypto session id from `pair.session` instead of
`session` for LoadEntitledContentKeys, since `session` can be
changed when L1 and L3 are running in parallel and `session` in
that case may not be the correct oemcrypto session id any more.
Bug: 279967915, 282180589
Test: wvts
Change-Id: I127ff37abf8b618dfbcb623f59bc999e58e7a028
[ Merge of http://go/wvgerrit/174555 ]
This is only announced if OEMCrypto is v18+
Bug: 278751387
Test: Duration use case tests, wvts tests
Change-Id: I5cbfcc733ed2af2c940fde381b40a5be850e7e88
[ Merge of http://go/wvgerrit/173290 ]
* Renew timer offset from when license is loaded verifies that the
rental duration has not expired and begins decryption.
* Renew timer offset from first decrypt bugfix
* Feature is enabled based on oemcrypto v18 presence
* Renewal logic verifies that |can_renew| is enabled
* Unit tests were added to reflect use cases from duration
and renewal documentation
Bug: 278751387
Test: policy unittests, CdmUseCase tests, wvts tests
Change-Id: I3070b3f31b316e150c28ebe38d0440ab1eeb89b9
[ Merge of http://go/wvgerrit/175058 ]
Pass the real oemcrypto session id from `pair.session` instead of
`session` for LoadEntitledContentKeys, since `session` can be
changed when L1 and L3 are running in parallel and `session` in
that case may not be the correct oemcrypto session id any more.
Bug: 279967915, 282180589
Test: wvts
Change-Id: Iad0ac5e505d3b38d220f1484d4cf5f8bc3b5337f
[ Merge of http://go/wvgerrit/174470 ]
There are two sets of changes
* Mocking CryptoSession so that OEMCrypto API version can be queried
* Creating a PolicyEngineTestV16 so that API version expectations
can be set and V18 can be accommodated.
Bug: 278751387
Test: policy_engine_unittest
Change-Id: Ied664ce87e22f697b6a45d3c573e22273e65e37f
Merge from Widevine repo of http://go/wvgerrit/169471
Remove the test in android tests and add it to the
core tests.
Bug: 276464340
Test: GTEST_FILTER="CorePIGTest.CastReceiverProvisioning*" jenkins/run_fake_l1_tests
Change-Id: Icd280b532ddae274f66b2fab3e65520e96adb7cb
Merge from Widevine repo of http://go/wvgerrit/169018
This CL adds a provisioning holder that attempts to
provision and logs the request and response for
failures. The server team can replay the request to debug
problems on their end.
Bug: 276464340
Test: ran cast and ota tests
Change-Id: I6eed117e504ae3287f2ba16c3c507cfdc7456f8d
[ Merge of http://go/wvgerrit/174572 ]
Pass the real oemcrypto session id from `pair.session` instead of
`session` for CopyBuffer, since `session` can be changed when L1
and L3 are running in parallel and `session` in that case may not
be the correct oemcrypto session id any more.
Bug: 279967915
Test: wvts
Change-Id: Ic5e21ccb227d4c4992ef500435fa3b68812c4d9b
Merge from Widevine repo of http://go/wvgerrit/170970
RenewOnLicenseLoad.Case2 tests are failing because they
are expecting to load an expired license. However, the spec
says that the license should return KEY_EXPIRED. The test is
being updated.
Some other RenewOnLicenseLoad tests were failing because
they forgot to request the renewal.
Bug: 278750980
Test: Run tests on Luci
Change-Id: I7196db11fcf43859ba9310b87fd8ccb609e47039
[ Merge of http://go/wvgerrit/172010 ]
The CdmEngine provides an API for generic crypto operations that are
already used for the CE CDM. This API is being exposed in the Android
CDM. The parameter order of the Android CDM is modified to match the
existing generic crypto parameters used in the media DRM plugin.
Bug: 274984456
Bug: 29400687
Test: build x86-64 and Android
Change-Id: I3b286ebb011bd58754b7b8ea814ed46daf1f62f9
Merge of https://widevine-internal-review.googlesource.com/c/cdm/+/173330
Skipping files that are not in android from the CL above.
Original commit message:
Pass the real oemcrypto session id from `pair.session` instead of
`session`, since `session` can be changed when L1 and L3 are running in parallel and `session` in that case may not be the correct oemcrypto session id any more.
Also adding a few missing v18 L3 functions pointers to the dynamic
adapter.
Need to re-generate L3 since the L3 sources changed.
Test: L3 unit tests
Test: GTS dash policy tests and Dexter tests
Bug: 271290471
Bug: 279967915
Change-Id: Idc44d57ca38eb1de24c0038917800e37c25b9afc
[ Merge of http://go/wvgerrit/171310 ]
Offline license not found errors are identified by CdmResponseEnum
347 (KEYSET_ID_NOT_FOUND_4). No addition file system information
is shared.
Checks for file existance use the stat command. The stat call can
return error codes from errno.h when the command fails.
These are now converted into sub error codes and returned along with
the offline license file not found error.
This also includes a change to log stat errors other than
ENOENT (no such file or directory) as a warning rather than verbose.
Bug: 276225520
Test: file_store_unittest, file_utils_unittest, GtsMediaTestCases
Change-Id: Ic09d036549582cd65783b49fa96ffefc4bf562c7
The predicate version of wait_for() to avoid spurious wake up by
checking running_ status.
This is a fix to ag/21439870
Test: build widevine
Bug: 272424659
Bug: 271811708
Change-Id: I446fef8f4c8c58bcd47b885dba50643b3e5e1185
[ Merge of http://go/wvgerrit/170073 ]
Removed the file "error_string_util.cpp" and its header, moving the
OEMCryptoResult to string converter to "wv_cdm_types.cpp". This extra
file served little purpose, and created a dependency on the CDM utils
to the CDM itself.
This is part of the effort to fix the formatting of WV metrics; making
enum-to-string conversion uniform throughout the CDM.
Bug: 239462891
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine -m
Test: Manual testing with Google TV
Change-Id: I4bf95d26b623f5b8fa86bdb2578cbc4ee65125cb
[ Merge of http://go/wvgerrit/169374 ]
Device renewals used to require that OEMs remove provisioning
certificates as part of the OTA update process. Instead, a change
in system ID is relied upon to indicate a change in root of trust.
If a change in System ID is detected, reprovisioning will be forced.
This is not enabled for ATSC devices or L3 devices. For the latter a
change in system ID may occurs without a change in RoT.
Bug: 258361396
Test: GtsMediaTestCases
Change-Id: I6e8b0b2149fc2ed5362a32bb6e869826f5fa8ef7
Merge of https://widevine-internal-review.googlesource.com/c/cdm/+/169871
The default invalid entitled key session id was 0, which in fact could
be a valid value depending on how the key session id is allocated by the
implementation. This can be a possible cause of L3 entitled key session
failure since L3 can recycle a regular oemcrypto session id 0 and
re-assign it to an entitled key session later.
Bug: 264688931
Test: Run GTS media tests
Change-Id: Iae79d08378d61be8a3402f606992765f24298508
[ Merge of http://go/wvgerrit/169450 ]
OEMCrypto v17 introduced several new HDCP levels that OEMCrypto may
report; however, the CDM never updated to support them. The enum
values of the additional levels are no longer sequential with their
level of support (v1.1 is 7, and v2.1 is 3), this requires more
considerations when comparing the required HDCP levels (as specified
by the license) and current HDCP level supported by OEMCrypto.
The following rules were used:
1) HDCP_NONE is the absolute lowest level
2) HDCP_NO_DIGITAL_OUTPUT is the absolute highest level
3) HDCP_V1 is treated as equal to all V1.x levels
4) All other versions are based on their major-minor pairs
Bug: 269671291
Test: license_unittest
Test: policy_engine_constraints_unittest
Test: policy_engine_unittest
Test: GtsMediaTestCases
Change-Id: Ibecfcb981d7e019c68cb8e0c7286222253d18369
* changes:
Filter RSA 3072 tests
Add MemorySanitizer support for opk_ta tests
Filter CAS tests
Refactor missed provisioning and renewal tests
Use GTEST_SKIP to skip prov40 tests
Update test updates and known issues to ChangeLog
Update oemcrypto unit tests version number
Update CHANGELOG for late-breaking OPK v17.1.1 changes
Filter Cast Reciver tests
Document RSA keypair issue on OP-TEE 64-bit
Use GTEST_SKIP to skip prov 3.0 tests
Remove V17 backwards-compatibility decrypt functions
Small changes to refactored unit tests
Add CHANGELOG entry for OPK v17.1.1
Refactor usage table tests
Refactor decrypt unit tests
Update OPK v18 documentation
Fix null passed to memcpy in generic verify fuzz
Update documentation for Cast
Document lacking signature of Prov 3.0 message
[ Semi-revert of http://ag/20183443 ]
[ Merge of http://go/wvgerrit/168898 ]
These tests were removed from Android last quarter; however, they
now need to be restored. These tests will be removed in Android V.
To help with ambiguity around where the CDM is operating on a single
or set of usage info messages, the variables have been renamed to
propery indicate plurality.
Bug: 263319220
Test: cdm_extended_duration_test
Test: request_license_test
Test: libwvdrmdrmplugin_hal_test
Change-Id: I38b16dd5811069fafaeab5ffc19d0f8a8095f0cf
Merge from Widevine repo of http://go/wvgerrit/169070
This turns on the cast receiver tests for any device that
claims to support this feature. Previously, we had to
explicitly request these tests on the command line.
But since they do not pass for Prov 4.0, we fitler them out
in this case and reference a bug tracking that work.
We also switch to using GTEST_SKIP to skip the tests instead
of modifying the GTEST_FILTER.
Bug: 251240681
Bug: 269310676
Bug: 259455058
Bug: 259454969
Merged from https://widevine-internal-review.googlesource.com/166497
Change-Id: I1bcd749243a474b3f638547aa43c2805e86731af
[ Merge of http://go/wvgerrit/168357 and http://go/wvgerrit/168177 ]
When we get an error from the provisioning server while
running a test, we should log extra provisioning
information.
Bug: 273990016
Test: GtsMediaTestCases
Change-Id: I44095261e07ae079c632873f254d8e6879bab8c3
also remove `use_vndk_as_stable: true` to remove dependency to VNDK
libs.
Bug: 251299786
Test: build WV APEX with V and install it on U device
Change-Id: Ie7f7f9b699119478d4b33f95ab9e6ba7f459346c
[ Merge of http://go/wvgerrit/168397 ]
When CdmResponseType (enum) was transformed to CdmResponseType
(struct), the test printers where not updated to print the result
of failed comparisons. In addition, several logs statements were
updated haphazardly, leaving inconsistencies and potential
compiler-specific behavior.
This CL replaces CdmResponseType std::string operator with a ToString()
method. This is to make it consistent with Google's C++ style guide
on conversion operators vs methods. The string conversion function is
now defined in wv_cdm_types.cpp instead of inline in the header file.
The PrintTo function has been implemented along with the other CDM
test printers in test_printers.cpp.
Bug: 273989359
Test: run_x86_64_tests
Test: MediaDrmParameterizedTests on redfin
Test: Forrest drm_compliance
Change-Id: Ibfaa17029046b75b1c8c278f7bd7e04a24379848
Merge from Widevine repo of http://go/wvgerrit/168657
Some people who have left were still in OWNERS files and TODOs.
Bug: 274772704
Test: comments only
Change-Id: I583da815586e5ca52316b2e238d1c1bb3a5e919a
[ Merge of http://go/wvgerrit/168482 ]
The function OEMCrypto_GetBootCertificateChain() does not always
provide an additional signature depending on the device. However, the
CDM would still attempt to dereference the first character in the
additional signature buffer when empty. This CL changes how the data
pointer to an output string is acquired. Empty string will instead
pass in a null pointer.
Bug: 272643393
Test: run_prov40_tests
Test: atest GtsMediaTestCases
Change-Id: I10b0a3c7df4fc73272aa701bb01c60672645d4fc
(cherry picked from commit a878e7b98d)
Cherry-pick note: Compile fix only, needed for latest AOSP BoringSSL in tm-qpr-dev-plus-aosp and downstream branches, e.g. udc-*-dev.
Original change description:
Include what you use - this is no longer pulled in
by the other headers used in this file.
Bug: 272749540
Test: m
Change-Id: I0d4b480e47f84f367d1a9547b89811c52073a2fc
Merged-In: I0d4b480e47f84f367d1a9547b89811c52073a2fc
(cherry picked from commit c785e91ec3)
