[ Merge of http://go/wvgerrit/71326 ]
Nonce flood, frame size, session and system invalidation errors
will now bubble up to the app. OEMCrypto v15 returns
OEMCrypto_ERROR_BUFFER_TOO_LARGE, OEMCrypto_ERROR_SESSION_LOST_STATE,
OEMCrypto_ERROR_SYSTEM_INVALIDATED and a variety of nonce errors.
These will be reported to HIDL as OUTPUT_TOO_LARGE_ERROR,
ERROR_DRM_SESSION_LOST_STATE, ERROR_DRM_INVALID_STATE and
ERROR_DRM_RESOURCE_CONTENTION.
Bug: 120572706
Test: Unit/Integration tests
Change-Id: Ida177300046327ce81592a273028ef6c3a0d9fd9
Merged from http://go/wvgerrit/69723.
The new APIs are getOfflineLicenseIds, getOfflineLicenseState and
removeOfflineLicense. These methods are currently stubbed out in
Widevine hidl service. This CL completes the implementation.
Test: unit tests - libwvdrmdrmplugin_hidl_test
Test: GTS
--test com.google.android.media.gts.MediaDrmTest#testWidevineApi29
bug: 117570686
Change-Id: I96ffb75f453e36e931effefd3664b5faa8d69d30
(This is a merge of http://go/wvgerrit/71330)
The Service Certificate unit tests actually relied on the ability to
call Properties::Init() multiple times to clear previous mutable state.
Unfortunately, they didn't check the return code that could have told
them their mutable state wasn't being cleared and instead proceeded to
use a pointer which — depending on compiler — could be totally valid and
allow the test to pass or could be invalid and cause a segfault. You can
read the bug for a fuller explanation of the mechanics.
The fix is twofold. First, the tests will now assert out if insertion
into the property set map fails, preventing segfaults. Second, a helper
has been added to Properties that allows tests interested in
re-initializing Properties to do so. The default behavior for most tests
remains the same: Properties can only be initialized once and subsequent
calls to Properties::Init() are ignored.
This patch also fixed a few formatting issues I noticed.
Bug: 123099779
Test: Jenkins Unit Tests w/ GCC
Test: CE CDM Unit Tests w/ GCC & Clang
Change-Id: Ifd29f3ddf5cff934933cf47b92ecd12ab0a4a938
[ Merge of http://go/wvgerrit/71103 ]
A content provider may specify a provider client token in a license.
This is a client token generated by a provider. If present in a license,
they will now be included in a license renewal request.
Bug: 34386290
Test: WV unit/integration tests
Change-Id: I3db303ea4d8b4ff4495393be4015b49e13db2ffc
[ Merge of http://go/wvgerrit/70386 ]
This allows error codes from device files to be added as sub-errors when
errors such as GET_LICENSE_ERROR are encountered.
Bug: 112357085
Bug: 115382201
Test: WV unit/integration tests
Change-Id: I505a87086ce584efc7e482984c0f132ac5329e16
(This is a merge of http://go/wvgerrit/70667)
Request ID Index generation has historically worked by incrementing a
shared variable in one place and reading it in another place and
trusting the fact that CdmLicense calls these operations in a certain
order and only once per session to give each session a unique value.
This patch cleans this up a bit, having each session store the current
Request ID Index at the same time as it stores its Request ID Base. This
guarantees that each CryptoSession will receive a unique but stable
combination of Base and ID rather than relying on the calling pattern.
Since all this generation happens during the same function, the full
Request ID can be generated up-front and stored, making
GenerateRequestId() no longer necessary.
This patch also simplifies the threading story around this shared state
by using a std::atomic<uint64_t>. Bringing the code that interacts with
the shared state together into one place and replacing it with atomic
operations will simplify locking around this code when CryptoSession
locking is revamped in a future patch.
Bug: 70889998
Bug: 118584039
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I12d2f6501f872f1973e5a9af5125ca03f23e5a56
[ Merge of http://go/wvgerrit/70665 ]
This allows one to be able to query for security level, from
Crypto factory methods before the plugins and CdmEngine objects
have been created.
Bug: 117104043
Test: WV Unit/integration tests
Change-Id: Id07f420c3cfb92166cd3bb3cf82148d52e10eb03
[ Merge of http://go/wvgerrit/70543 ]
RestoreOfflineLicense and RestoreLicenseForRelease now return
CdmResponseType errors rather than a boolean. These error codes
can now be used when gathering metrics.
Bug: 115517916
Test: WV unit/integration tests
Change-Id: If4784d2cdd9825948c5dec31d3e60058ea06b61d
(This is a merge of http://go/wvgerrit/70303)
This adds a platform.h file to abstract some of the differences
between Windows and POSIX platforms. This includes ntohl, setenv,
and ssize_t.
Bug: 122953649
Test: Android Unit Tests
Change-Id: I3235f3f284b53d24d7365ff3f4a06dcd9b403697
(This is a merge of http://go/wvgerrit/70383)
Up until now, implementations of Properties::Init() have had to handle
potentially being called multiple times, at any point during runtime. In
practice, this has meant little for the actual implementations, and all
of them have committed the error of blowing away mutated property state
if the method is re-run at the wrong time.
This patch makes the platform implementations a private function,
Properties::InitOnce(), which Properties::Init() ensures will never be
called more than once per run.
Bug: 112046733
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: If33f5e37abfad5d26da8380b4bc25fc018450970
Bug: b/121214641
Merge of http://go/wvgerrit/69703
Test: Android + Linux unit tests
LoadEntry attempts to handle INSUFFICIENT_RESOURCES by deleting an entry
and retrying, but it's possible that the randomly-generated number of
the entry to be deleted might match the entry we want to load. In this
case, we have wasted a retry, since the code just continues on to the
next iteration. This is changed to generate a number different from the
entry to load. Furthermore, if the number of usage entries is 1, we
break since there are no more entries to delete besides the one we want
to load. The code is also changed to call srand in the creation of the
usage_table_header, since without it, rand() would produce the same
values, and similarly, our random generation is changed to use a simple
mod. Tests are modified to reflect these changes.
Change-Id: I95e125b8adbd85d0189f9d40ca15f3fe69e6d6b9
[ Merge of http://go/wvgerrit/69724 ]
Some queries no longer require a session to be opened before they
can be answered - security level, current HDCP level, max HDCP level,
usage support, number of open sessions, max sessions,
OEMCrypto API version, current SRM version, SRM update support,
resource rating tier and OEMCrypto build information.
b/117104043
Test: WV unit/integration tests
Change-Id: I92f8249e5599860da8cbf42d3b16f25515a46c55
[ Merge of http://go/wvgerrit/68083 ]
Add ability to query decrypt hash support, set a hash computed over a frame
and retrieve the last error at a later point.
Bug: 34080802
Test: WV unit/integration tests. New tests added to cdm_engine_test,
libwvdrmdrmplugin_hidl_test and request_license_test.
Change-Id: I7548c8798c873a6af3e1cfc0df57c117e1e474a6
Import of http://go/wvgerrit/68188
This adds an attribute to metrics indicating if the license was online
or offline.
Also, added a unit test for CdmEngineMetricsImpl.
Test: Unit tests. GPlay manual. GTS tests.
Bug: 115523917
Change-Id: Id315c643048914a2c51904451f9665987bc87eb7
[ Merge of http://go/wvgerrit/67884 ]
Now that we can use C++11, we should use the cross-platform std::mutex
type, not the custom pthread version.
Bug: 111850982
Test: WV unit/integration tests
Change-Id: If2fde2836826c5184609e6b1f3a6511206bd4594
[ Merge of http://go/wvgerrit/67324 ]
This introduces the ability to query resource rating tier information
through the plugin and CDM. Resource rating tiers are also
sent in the client identification portion of the license request.
Bug: 117112392
Test: WV unit/integration tests
Change-Id: I68ac6dfc4362f61150af822bd526e346b5cc4bf7
[ Merge of http://go/wvgerrit/63682 and http://go/wvgerrit/4977904 ]
Enforce OEMCrypto insufficient resources error reporting in CDM tests.
In addition, when CreateNew/LoadUsageEntry fails with OEMCrypto
insufficient resources error, delete a random usage entry
and retry. The current behavior evicts low index entries
from the usage table, which was a crude attempt to emulate a LRU.
This was deficient as, on occasion, it will result in the deletion
of a recently added usage entry.
Bug: 111260263
Bug: 113828866
Bug: 120433165
Test: Widevine OEMCrypto tests, integration tests. GtsMediaTestCases.
Play movies and Netflix playback tests.
GtsMediaTestCases MediaDrmTest#testUsageTableCapacity
Change-Id: I63340f76d1e2af3c6834b98ad816e11eea18fc7f
(This is a merge of http://go/wvgerrit/66810)
Netflix discovered that several files were only compiling because of
transitive includes via the Metrics code. This patch adds the missing
headers they noted.
Bug: 118676365
Test: CE CDM Build
Change-Id: Ifbc4e5d4276d1c3fb9bbd677230cd431e34e5c76
(This is a merge of http://go/wvgerrit/66625)
Google C++ Style dictates that methods which override base class or
interface methods should be declared "override" but not "virtual". Since
our codebase has not had access to "override" until now, many of our
classes do not follow this rule. I've updated as many places as I could
find to follow Google C++ Style, which should hopefully help us catch
errors better in the future.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: Ic23e2e482e967256da306791532b5fec7b81b2f2
(This is a merge of http://go/wvgerrit/66643)
The sub-license feature has been removed from the server and packager.
So that we do not have to continue maintaining the code that supports
this feature that never shipped, I am removing it from the CDM as well.
Bug: 113165466
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I5d25844b161e74aa19adf19a29c56e4881aa7304
Merge from master branch of Widevine repo of http://go/wvgerrit/66080
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64002
This CL updates OEMCrypto reference code and unit tests to support full decrypt
path testing.
Test: unit tests
Test: tested as part of http://go/ag/5501993
Bug: 34078913
Change-Id: Ia67374599d6619698a336f41513068ad04294e7f
Merge from master branch of Widevine repo of http://go/wvgerrit/66078
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64022
This CL updates OEMCrypto ref code, unit tests, and core code for
setting the sandbox id before initializing OEMCrypto.
Test: unit tests only
Test: tested as part of http://go/ag/5501993
Bug: 115834255
Change-Id: Id9831680fe4db1c69413815931cae4bc80df0c01
Merge from master branch of Widevine repo of http://go/wvgerrit/66073
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64083
As part of the update to v15, LoadKeys, RefreshKeys, and
LoadEntitledContentKeys should all use offsets and lengths into the
message rather than a pointer for its parameters. The CDM, tests,
adapters, and OEMCrypto implementations are changed to reflect this.
Test: tested as part of http://go/ag/5501993
Bug: 115874964
Change-Id: I981fa322dec7c565066fd163ca5775dbff71fccf
Merge from master branch of Widevine repo of http://go/wvgerrit/66072
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63764
This adds the function OEMCrypto_ResourceRatingTier to the oemcrypto referenece
code, dynamic adapter, and unit tests.
Bug: 117110800
Test: tested as part of http://go/ag/5501993
Change-Id: Idf47af405f0c69601108b75c788a97b30abdb39d
Merge from master branch of Widevine repo of http://go/wvgerrit/66070
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63662
To make the threading model more clear, CopyBuffer is now a session function.
This means we need to pass in which session the current thread locks.
Test: unit tests.
Test: tested as part of http://go/ag/5501993
Bug: 113680369
Change-Id: I2fdd2cfcaab99f3793950b3845941463675f5e4c
Merge from master branch of Widevine repo of http://go/wvgerrit/66065
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63080
This is for the reference code, the unit tests, and the oemcrypto adapter.
Bug: 116414218
Test: unit tests
Test: tested as part of http://go/ag/5501993
Change-Id: I05a631f6cfcf1584a748b3a0c9ae48633893589f
(This is a merge of http://go/wvgerrit/65782)
We have had our own scoped_ptr implementation that is used throughout
the codebase. Now that we support C++11, we can replace these with
std::unique_ptr.
Doing this replacement exposed a few places where the two were not
interchangeable. OEMCrypto Ref was doing some unsafe things with passing
scoped_ptrs to functions and has been updated to use move semantics. And
a few constructors were explicitly constructing a scoped_ptr with NULL,
which is ambiguous with std::unique_ptr. These have been replaced with
default constructor calls.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I37d6d7aad4906709381c74f0c5439f826d2be768
(This is a merge of http://go/wvgerrit/65783)
Straightforward patch to replace our shared_ptr implementation with
std::shared_ptr, which works identically for all our use cases.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I9e8624dd3cab70a45941a45eb553c1ea0c077d2f
(This is a merge of http://go/wvgerrit/65263)
Now that C++11 is mandatory, we can drop the OVERRIDE macro which was
inconsistently used in the codebase in favor of using the override
keyword directly.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Build
Change-Id: I0b7559624b84feb19740afd63463dadd243412b0
[ Merge of http://go/wvgerrit/64682 ]
Looks like we do not delete control_block_
Bug: 117126556
Test: WV unit/integration tests
Change-Id: If0b4db163276bbf016bb81ed7e8ef56fa66ea30e
(This is a merge of http://go/wvgerrit/62780)
The EME spec requires that it be possible to do the following flow:
1) Generate a release request for a persistent session.
2) Close the session.
3) Load the persistent session.
4) Update the session with the release response.
This flow is used by Netflix in their API as well. However, our code did
not support this flow, as it rejected attempts to reload
partially-released sessions.
This patch changes attempts to load sessions that have already had
release messages generated into release-retry reloads, allowing them to
be released.
Bug: 113167010
Test: CE CDM Unit Tests
Test: Android CDM Unit Tests
Change-Id: I75bb7c75911e0fad1584bd8dd27f83c17f73bf45
(This is a merge of http://go/wvgerrit/60620)
The license code handles keys larger than 16 bytes correctly, but it
does not properly reject keys smaller than 16 bytes.
This patch adds unit tests not only for the new error case but also
the existing success cases which were not previously being tested. As
part of this, license_unittest was changed to use a Test Peer instead
of making the test fixture a friend class.
Bug: 111069024
Test: CE CDM unit tests
Test: Android unit tests
Change-Id: Idb2deb6fbe0aeb19b530f9818bebff480541f5c8
[ Merge of http://go/wvgerrit/60240 ]
Since the method is not a general purpose check and only verifies that
the key can be used for a given security level the method
has been renamed PolicyEngine::CanUseKeyForSecurityLevel.
Bug: 115701771
Test: WV unit/integration tests
Change-Id: Icd6789538bb709d2a48c67bbd7bc810f4b000e14
Merge from Widevine repo of http://go/wvgerrit/55461
This CL allows provisioning 3.0 devices to install their OEM certs
from an initialization partition. This method is already used for
keyboxes on Android -- we are just adding the ability to use it for
OEM certs, also.
Also, for v15, we require OEMCrypto to report a valid certificate in
the unit tests.
bug: 111725154
test: unit tests
Change-Id: I142c84a1a67bdb4cee943cfd12a632421901eb24
Merge from Widevine repo of http://go/wvgerrit/56523
In OEMCrypto v14, SelectKey can also return KEY_NOT_LOADED if the key
id is not found. This was added to help with entitlement licenses.
However, SelectKey in crypto session converts this to an unknown
error.
In this CL we change that to a NO_CONTENT_KEY_3 error. This is
probably only important because the generic crypto tests expect
NO_CONTENT_KEY_3 when we try to use an undefined key.
Test: existing unit tests pass, and some future unit tests pass.
Bug: 72354901 Turn on generic crypto tests
Change-Id: I3c0b7e6306cafd3feabc8aac7e47983c89194a26
Merge from Widevine repo of http://go/wvgerrit/56520
This CL adds a test base that installs a test keybox and catches nonce
flood errors for all CDM tests.
In order to do this, a new class is added called a
CryptoSessionFactory. The default factory just creates a new
CryptoSession. All places in the code that create a new CryptoSession
now call the static method MakeCryptoSession, which uses the current
factory to create a CryptoSession. If MakeCryptoSession is called and
there is no current factory, a default factory is created.
The CryptoSession constructor is now private, so that we do not
accidentally try to create one without using the factory.
For the new test base, we first create a special test
CryptoSessionFactory that creates a TestCryptoSession. The test
factory catches the first call to MakeCryptoSession and injects an
installation of the test keybox after OEMCrypto_Initialize is called.
The TestCryptoSession injects a sleep statement and a retry whenever
it detects a nonce flood.
Test: current unit tests still pass.
bug: 72354901 Fix Generic Crypto tests.
bug: 111361440 Remove #ifdef from unit tests
Change-Id: I248e7f3c53721c04d2af412ef835e19bb4d15d9a
This CL cleans up some bad merges of client ID code, entitlement keys,
and concurrent session access. After this CL, core cdm code on
android should match that on widevine at the commit 2f916720 on branch
master.
CLs merged here are based on:
http://go/wvgerrit/50483 Protect sessions from concurrent access
http://go/wvgerrit/48860 Remove duplicate information from client identification
http://go/wvgerrit/49040 Revert revertion of Client ID Expansion
http://go/wvgerrit/46448 Test Entitlement Licenses
Test: tested as part of http://go/ag/4674759
Change-Id: I45854d6b034c247b16073a96d6ff3ea953ded3ae
Merge from Widevine repo of http://go/wvgerrit/43202
Sync the definition of WidevinePssh data with the latest in support of
entitlement keys.
bug: 73297961 Fix or remove sublicense support.
Test: tested as part of http://go/ag/4674759
Change-Id: Ia9faf82732854a705b4b14430169ce4c8ecbcfcd
