[ Merge of http://go/wvgerrit/210652 ]
The CDM API RemoveOfflineLicense() is used to remove an offline
license by key set ID. From the app's perspective, removing the
offline license should not depend on an app to be provisioned, or
the license being loadable. However, internally, the CDM attempts
to restore the license to lock out its usage entry.
An issue arises when the license is not able to be restored, which
will cause errors related to the restoration to be returned to the
app. The license is still deleted in case of errors, but certain
partners have experienced GTS failures when using the MediaDRM API
removeOfflineLicense().
This change attempts to catch some of the common errors, but not all.
If certain errors are encountered during the restoration process, the
are not returned to the app.
Additional error cases may be added later, depending on vendor
feedback.
Bug: 319055420
Bug: 357863269
Bug: 370195605
Bug: 288118860
Bug: 302049654
Bug: 346845333
Bug: 312595506
Bug: 345232142
Bug: 303261245
Bug: 287735498
Bug: 372105842
Test: WVTS on Oriole
Change-Id: I020bbea30e5f6e0ae2777d8a1d4858c4f2af107b
[ Merge of http://go/wvgerrit/209611 ]
[Reset crypto session pointers on RemoveKeys](http://go/wvgerrit/189590)
changed the plugin behavior. When RemoveKeys are called the
Provider Session Token present in the license is cleared when
CdmLicense object is reset. This causes a test expectation to
fail. Since SecureStop are slated for removal, we will introduce
a workaround to avoid this expectation check. The work around is to
not expect usage information.
Bug: 339917270
Test: request_license_test (WvCdmRequestLicenseTest.SecureStop_RecoveryTest)
Flag: Test only code
Change-Id: Ib6922372faf0a38b7bf131f699c4626cb2b533d0
This allows Widevine RKP HAL to query BCC signature via DRM interface
during BCC extraction for remote provisioning phase 3. The query returns
the "additional_signature" field from
OEMCrypto_GetBootCertificateChain().
Test: Manual BCC extraction on Pixel 9
Bug: 355160637
Change-Id: I1a310a80c0cfef82ee3697f06c1293d5c1c3896a
[ Merge of http://go/wvgerrit/189590 ]
[ Cherry-pick of http://ag/26541307 ]
The CDM session shares its CryptoSession instance with a few additional
member objects (CdmLicense and PolicyEngine). When the CDM session's
crypto session is reset, it must also reset the CdmLicense and
PolicyEngine otherwise, a potential stale pointer reference may occur.
Test: request_license_test on Oriole
Test: run_x86_64_tests
Bug: 311239278
Change-Id: Ie175513ae652dcd96e12e5e1def574a8a56d5863
[ Merge of http://go/wvgerrit/194050 ]
OEMCrypto v17 introduced higher granularity in the device's HDCP V1
levels. Previously, all HDCP v1.x were group together. The change
was aimed towards server policy enforcement, not device enforcement.
Core code was updated, and could then be reflected in license
requests; however, reporting the new v1.x subversions was never
exposed to the higher app layers.
It is likely that devices which attempted to use specific 1.x versions
encountered test failures (for both CE CDM and Android CDM) as neither
implementations could handle such versions when communicating with
the app.
This change updates both CE CDM and Android CDM:
1) The CE CDM now uses the same subversion version comparisons as
performed by the core code.
2) The Android CDM will now recognize new HDCP levels, and not return
unexpected values.
Bug: 329155501
Test: run_x86_64_tests
Test: request_license_test on Oriole
Change-Id: I61fc0f11808f594456bd00210fd9b2bb5ed16c0e
GetDeviceInformation() and GetDeviceSignedCsrPayload() are added to
cdm_engine and crypto_session, so that they can be queried by DRM
plugin. This is to allow the wv drm HAL to be able to extract BCC and
CSR payload to build CSR for prov 4 device registration, such that we
don't need a separate RKP HAL to do this job.
Changes to the DRM plugin to use the exposed methods will be in the
coming CL.
Bug: 286556950
Test: request_license_test
Merged from https://widevine-internal-review.googlesource.com/178890
Merged from https://widevine-internal-review.googlesource.com/179730
Change-Id: Ibafa3a58c99fbb8f1f25f8951d3749110bd32176
Merge from Widevine repo of http://go/wvgerrit/169471
Remove the test in android tests and add it to the
core tests.
Bug: 276464340
Test: GTEST_FILTER="CorePIGTest.CastReceiverProvisioning*" jenkins/run_fake_l1_tests
Change-Id: Icd280b532ddae274f66b2fab3e65520e96adb7cb
[ Semi-revert of http://ag/20183443 ]
[ Merge of http://go/wvgerrit/168898 ]
These tests were removed from Android last quarter; however, they
now need to be restored. These tests will be removed in Android V.
To help with ambiguity around where the CDM is operating on a single
or set of usage info messages, the variables have been renamed to
propery indicate plurality.
Bug: 263319220
Test: cdm_extended_duration_test
Test: request_license_test
Test: libwvdrmdrmplugin_hal_test
Change-Id: I38b16dd5811069fafaeab5ffc19d0f8a8095f0cf
[ Merge of http://go/wvgerrit/168397 ]
When CdmResponseType (enum) was transformed to CdmResponseType
(struct), the test printers where not updated to print the result
of failed comparisons. In addition, several logs statements were
updated haphazardly, leaving inconsistencies and potential
compiler-specific behavior.
This CL replaces CdmResponseType std::string operator with a ToString()
method. This is to make it consistent with Google's C++ style guide
on conversion operators vs methods. The string conversion function is
now defined in wv_cdm_types.cpp instead of inline in the header file.
The PrintTo function has been implemented along with the other CDM
test printers in test_printers.cpp.
Bug: 273989359
Test: run_x86_64_tests
Test: MediaDrmParameterizedTests on redfin
Test: Forrest drm_compliance
Change-Id: Ibfaa17029046b75b1c8c278f7bd7e04a24379848
Merge from Widevine repo of http://go/wvgerrit/168657
Some people who have left were still in OWNERS files and TODOs.
Bug: 274772704
Test: comments only
Change-Id: I583da815586e5ca52316b2e238d1c1bb3a5e919a
[ Merge of go/wvgerrit/c/cdm/+/165138 ]
Enabled the Widevine DRM service on Android to return the raw boot
certificate chain via the CDM status query capabilities. This
property key is not available for app-level queries.
The BCC is dumped by the WVDrmFactory when requested to print all
CDM properties via dumpsys.
Bug: 234095402
Test: request_license_test
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine -p
Change-Id: I34695b0655b4c609979577e9986974bc0fbda898
1. "Change CdmResponseType from enum into a struct"
Merged from http://go/wvgerrit/163199
Bug: 253271674
2. "Log request information when server returns 401"
Bug: 260760387
Bug: 186031735
Merged from http://go/wvgerrit/162798
3. "Specify server version on the command line"
Bug: 251599048
Merged from http://go/wvgerrit/158897
Test: build android.hardware.drm-service.widevine
Test: Netflix and Play Movies & TV
Test: build_and_run_all_unit_tests.sh
Bug: 253271674
Change-Id: I70c950acce070609ee0343920ec68e66b058bc23
[ Merge of http://go/wvgerrit/158720 ]
Support for secure stop licenses have been dropped. The MediaDRM
APIs have already documented their deprecation. Before support can
be removed from the plugin and CDM core implementation, the tests
associated with them must be removed.
This CL removes secure stop tests from the Android CDM integration
test `request_license_test` and from the MediaDRM plugin test
`libwvdrmdrmplugin_hal_test` and `libwvdrmdrmplugin_hidl_test`.
Bug: 242289743
Test: libwvdrmdrmplugin_hal_test request_license_test
Change-Id: Idb7ee53ab8115ce9b9a173eaf0a00f54325863a2
[ Cherry-pick of http://ag/19893913 ]
[ Merge of http://go/wvgerrit/157098 ]
Several of the Android integration tests perform direct URL comparisons
between fixed URLs and the server URL returned by the CDM. With
provisioning 4.0, the CDM will append additional query parameters to
the server URL. This updated URL still contains all of the original
expected information, but with additional parameters. So long as the
URL contains the required fields, any additional parameter should be
considered valid.
The gtest framework used by the integration tests allow for the
creation of custom "matchers", rules that can be used to validate data
and create informative failure logs. The CL creates a new matcher for
checking that a tested URL is a superset of content of the expected
URL.
Bug: 244319313
Test: request_license_test on prov 4 device
Change-Id: Ie721058fa628b3a4a74dc56f4172a3dfcb1f1ef3
(cherry picked from commit fa8c0a9a62)
[ Merge of http://go/wvgerrit/151518 ]
Extended the CDM layer to report OEMCrypto's production readiness
via string property query.
If OEMCrypto implementents OEMCrypto_ProductionReady(), then the
reported readiness by the CDM will report "True" or "False".
If OEMCrypto does not implement OEMCrypto_ProductionReady() then no
level of readiness is assumed, and the CDM will report "Unknown".
Bug: 231655151
Test: run_prov30_tests and request_license_test
Change-Id: I6afe481ef00ac129d02b004eca89a65810bfbff8
[ Merge of http://go/wvgerrit/151571 ]
The android OS version has been updated to 13. Updating WV tests as well.
CDM version has been updated previously, so no additional changes are needed.
Bug: 231646284
Test: WV unit/integration tests
Change-Id: Ifaf2fe1f04627654725b1b221d8c3dc30029ac6c
[ Merge of http://go/wvgerrit/150350 ]
Certain integration tests were depending on the provisioning server
only sending short duration (~2 minute) certificates when testing
the CDM's ability to enforce expiration periods. This behavior of
the server was not reliable, resulting in device test failures from
server behavior changes.
The DRM certificate provisioning server allows the requester to
optionally provide a desired certificate duration in the request
URL. The tests which test the CDM's ability to enforce certificate
durations will now explicitly specify the certificate duration
required by the test.
Bug: 228547158
Test: request_license_test
Change-Id: Ib9ebfdba1451104be0e59baca0b2f23a94cd51e6
[ Merge of http://go/wvgerrit/148552 ]
Extended the CDM layer to report OEMCrypto's watermarking support.
The reporting of watermarking comes in three (3) mechanisms:
1) ClientCapabilities in license requests
2) CryptoSession metrics when queried to OEMCrypto
3) String property query by apps
If OEMCrypto implementents OEMCrypto_GetWatermarkingSupport(), then
the reported watermarking support by the CDM will match that of
OEMCrypto.
If OEMCrypto does not implement OEMCrypto_GetWatermarkingSupport()
or an error occurs, it is assumed that OEMCrypto does not support
watermarking, and the CDM will report "Not Supported".
Bug: 226443788
Test: run_x86_64_tests request_license_test and license_unittest
Change-Id: Id929a356c395e6bcf45d371ee6887eec40d35329
The interface is defined in
hardware/interfaces/drm/aidl(http://go/ag/15329852).
Test: build
m android.hardware.drm-service.widevine -j128
Test: build_and_run_all_unit_tests.sh
for hidl tests
Test: atest VtsAidlHalDrmTargetTest
Bug: 200055138
Bug: 170964303
Change-Id: If2f2a129914436ba5cef1c46f6cb9415e12c3d1c
(This is a merge of http://go/wvgerrit/139989.)
Googletest added a new, more powerful MOCK_METHOD() macro in 1.10. This
patch updates all our usage of the old MOCK_METHOD family to the new
macro. Full details can be found at
https://github.com/google/googletest/blob/release-1.10.0/googlemock/docs/cook_book.md#creating-mock-classes
but in brief, the new MOCK_METHOD() replaces the entire old MOCK_METHOD
family and has the following advantages:
1) No need to count parameters or update the macro name when changing
parameters.
2) No need for a different macro for const methods.
3) The ability to specify override, noexcept, and other function
qualifiers.
4) The macro order is now the same as C++ method definition order:
Return Type -> Name -> Arguments -> Qualifiers
In addition to upgrading all our usage sites to the new macro, the
addition of the override qualifier to our MOCK_METHODs helped uncover
several cases where we were using MOCK_METHOD to override methods that
didn't exist. This is a great example of why the override qualifier is
so useful. These places have been updated, by removing the invalid and
unused mock method.
Bug: 207693687
Test: build_and_run_all_unit_tests
Change-Id: Iaad4a22c7f72bb48b1356fe01a41eb0a2f555244
[ Merge of http://go/wvgerrit/138289 and http://go/ag/16210935 ]
Update the android version number test to accept "12" or "12L"
Bug: 205491167
Test: wv unit/integration tests
Change-Id: If11e7c6f3a89263ab78d274aa8d776991d3942e9
[ Merge of http://go/wvgerrit/133744 ]
This changes adds several small classes which contain and manage
system and engine information related to OTA keybox provisioning.
These classes closely map to the OKP device file messages.
Bug: 189232882
Test: Linux unit tests
Change-Id: Ia9334c38f9d7ea89b30d9ad05f0595570bb38658
Storing and loading OKP info.
[ Merge of http://go/wvgerrit/133763 and http://go/ag/15645333 ]
This change extends the DeviceFiles module to be able to store and
load OKP info. Mild data validation is performed when storing and
loading the information.
Bug: 189232882
Test: Android unit tests
Change-Id: I077de3234157252f2255a4389bf82a8d5344a355
System OKP fallback policy.
[ Merge of http://go/wvgerrit/133783 and http://go/ag/15645334 ]
SystemFallbackPolicy provides a thread-safe interface for accessing
and modifying OKP info.
Bug: 189232882
Test: Android unit tests
Change-Id: I4e43e3bc047ed5fb6cb517b53e4094e812b70e1e
Engine OKP provisioner.
[ Merge of http://go/wvgerrit/133803 and http://go/ag/15645335 ]
The OtaKeyboxProvisioner provides a CdmEngine-specific context for
performing OTA keybox provisioning. Utilizes the system-wide
SystemFallbackPolicy to relay provisioning status between engines.
The provisioner will handle message wrapping and unwrapping of the
raw OTA keybox request / response into the SignedProvisioningMessage
which is sent to/received from the provisioning server.
[ Partial merge of http://go/wvgerrit/125844 ]
Note: Includes partial CryptoSession changes from various CLs.
CryptoSession functionality has been stripped to reduce impact of
this CL.
Bug: 189232882
Test: Android unit tests
Change-Id: I282bf7d1887daefb2250af1bd595c4dc3dfcfb29
Integrated OKP into CDM Engine
[ Merge of http://go/wvgerrit/133804 and http://go/ag/15646376 ]
Extended the functionality of the CdmEngine to check if the device
requires OKP and to initialize OKP resources if required. The
functionality of OpenSession() and GetProvisioningRequest() have been
the most affected. If OKP is required, these methods will signal to
the app that provisioning is required and will return an OKP request.
Once a device is provisioned, the OKP data is cleared away and the
CdmEngine will resume normal operation. Engines created after a
device is provisioned will immediately enter normal operations.
The exception is for CdmEngines which failed to perform OKP for some
reason and are still running. Those apps will need to restart before
gaining access to L1 operations.
Bug: 187646550
Test: Android integration tests
Merged-In: Ia572a66a7b73479355758aa3d0c682691eaca0fc
Change-Id: Ia572a66a7b73479355758aa3d0c682691eaca0fc
[ Merge of http://go/wvgerrit/126463 ]
The Version Number in the test is being updated to 12 to reflect
android OS version (Test only change)
Bug: 190467766
Test: WV request_license_test:
requestVersionNumberTest.VersionNumberChangeCanary
Change-Id: Iad4bb3f178fb2dcb454027c1323e51fe34dfdfff
[ Merge of http://go/wvgerrit/124063 ]
LicenseDurationRemaining used to indicate the minimum of rental or
license duration till OEMCrypto v16. OEMCrypto v16 onwards it began
reporting rental duration alone.
This is confusing for app developers and content partners. Keeping
LicenseDurationRemaining as apps may depend on it but adding
RentalDurationRemaining for clarity.
Bug: 186838303
Test: WV unit/integration tests, WvCdmRequestLicenseTest.QueryKeyStatus
Change-Id: I6c507150a0945ee36716b4da189f5741b092c0ec
[ Merge of http://go/wvgerrit/123263 ]
In b/65839890 we discovered that an android app loaded an offline
license more than once in a session. We did not intend to allow
this behavior but did not prohibit it. OEMCrypto v16 disallowed
this behavior at the OEMCrypto level but we worked around it
within the CDM to maintain the bad behavior. Now that we have confirmed
that the app no longer relies on that behavior, we are reverting
the CDM workaround.
Bug: 161865160
Test: WV unit/integration test, GtsMediaTestCases
Amazon, Netflix, Google TV streaming and offline playback.
Change-Id: I31254e4c13b81587f88c6c684d08d5aa5c18e39d
[ Merge of http://go/wvgerrit/123103 ]
This corrects setting of first and last playback times stored by the
CDM on rollback. Earlier usage information from the usage entry in
OEMCrypto would be ignored on rollback even when available.
Information stored along with the license in persistent storage would
be used instead.
A new test with longer duration expiry has been added as well as some
additional verification.
Bug: 186199213
Test: WV unit/integration test
Change-Id: I601f9584a8a0c5137ce68546f8ec833bf2e70cc5
[ Merge of http://go/wvgerrit/122885 ]
A recent change to the license service resulted in PSTs being inserted
into persistent renewable licenses even when not specified by the
content provider. This caused ReleaseOfflineKeySessionUsageDisabledTest
to fail. The asset was changed to use a policy for a persistent
license without renewal.
Offline_RollbackBeforeRestoreKey failed because the duration of the
license is short. It has expired when the clock is restored after a
rollback.
Bug: 181693982
Test: request_license_test
Change-Id: I0a2c2a09e563c81c134fba1f310deb1eb4de26a3
[ Merge of http://go/wvgerrit/122183 ]
Support for CBC1 and CENS encryption modes is no longer required with
OEMCrypto v16. Removing tests to enforce them. The tests will validate
CENC and CBCS mode.
Bug: 181693982
Test: request_license_test
Change-Id: I350d315528c753b70dbf1b1cc46f2897002333fb
[ Merge of http://go/wvgerrit/122103 ]
When in CTR mode an encryption pattern should no longer be specified.
This will address failures in Cdm/WvCenc30Test.DecryptionTest/* and
Cdm/WvCenc30SwitchCipherModeTest.DecryptionTest/*
Bug: 181693982
Test: WV unit/integration tests
Change-Id: Iecbf28b51115501439aebf057056657c796896ae
The android CL ag/13947818 was submitted before some CE CDM test
failures were noticed and code review comments were received.
Bug: 184813991
Test: WV unit/integration test
Change-Id: Ic31ca5bc5e46994e01eca56248e6bdffedd779f3
[ Merge of http://go/wvgerrit/119806 ]
This change replaces all calls for base64 encoding which first converts
a string to a vector. The new base64 encoding function allow for
encoding binary data contained within strings.
Bug: 181732604
Test: Android unittests
Change-Id: Ibfe79dba99e6a2ee2f2a96e85b62fbd22519aea7
[ Merge of http://go/wvgerrit/120512 ]
Wrapped DRM private keys are loaded when a key request is made or when
offline/usage sessions are restored. They were earlier loaded when a
session was opened.
For streaming sessions, key material will be fetched from the default
or legacy certificates and loaded when a key request is made.
For offline and usage sessions, key material may be retrieved from
license or usage records if available. If not available, information
associated with the legacy certificate will be loaded.
Certificate and wrapped keys are also written out when an offline
license or usage record is saved.
Bug: 169740403
Test: WV unit/integration tests
WvCdmRequestLicenseTest.ProvisioningWithExpiringCertTest
WvCdmRequestLicenseTest.StreamingWithExpiringCertTest
WvCdmRequestLicenseTest.RestoreOfflineKeysWithExpiringCertTest
Change-Id: Ice0154c632170c46da171cbbb23a97380c610a98
[ Merge of http://go/wvgerrit/120123 ]
DRM certificate creation and expiration times are now validated.
* New DRM (default) certificates will have an expiration time specified
by the provisioning service.
When stored, the client will include the time the certificate was
received. This allows for expiration calculation to occur when client
and provisioning service clocks are out of sync.
When read out, creation, expiration and acquisition times are
validated. The certificate is checked for expiry by making sure
that the time at the client since the license was acquired is not
greater than the expiration period. The time information stored at the
client may be tampered with. The license service will perform an
expiration check and reject the license request if tampered with.
The expiration time may be set to never expires/unlimited. This is not
a valid value for creation or acquisition time.
* Pre-existing (legacy) certificates from upgrading devices will not
have an expiration time set by the provisioning service. Instead
the client will calculate an expiration time 6 months with + or -
a random two month period in the future. This is stored along with the
certificate.
When read out, if no expiration time has been set by the client, one
will be calculated and written out. The certificate will be declared as
valid. If a client calculated expiration time is present, the
certificate will be validated. In case of tampering, the license service
can reject license requests and force reprovisioning when appropriate.
* ATSC certificates will continue to not have an expiration time.
No additional validation is required.
Other changes for non-ATSC licenses involve managing both default and
legacy certificate co-existance. When checking for DRM certificates,
the default certificate is attempted first. This is followed by a check
for the legacy certificate, if the default certificate is not present.
Bug: 169740403
Test: WV unit/integration tests
DeviceFilesTest.StoreCertificateInvalidParams
DeviceFilesTest.RetrieveAtscCertificate
DeviceFilesTest.RetrieveAtscCertificateNotFound
DeviceFilesTest.RetrieveCertificateInvalidParams
DeviceFilesTest.RetrieveLegacyCertificateWithoutExpirationTime
DeviceFilesTest.RetrieveLegacyCertificateWithClientExpirationTime
DeviceFilesTest.RetrieveLegacyExpiredCertificateByClientExpirationTime
DeviceFilesTest.RetrieveLegacyCertificateInvalidClientExpirationTime
DeviceFilesTest.RetrieveCertificateWithoutKeyType
DeviceFilesTest.RetrieveDefaultCertificate
DeviceFilesTest.RetrieveDefaultCertificateNeverExpires
DeviceFilesTest.HasCertificateAtsc
DeviceFilesTest.HasCertificateDefault
DeviceFilesTest.HasCertificateLegacy
DeviceFilesTest.HasCertificateNone
CertificateTest.StoreCertificateTest.DefaultAndLegacy/*
CertificateTest.RetrieveLegacyCertificateTest.ErrorScenarios/*
CertificateTest.RetrieveDefaultCertificateTest.ErrorScenarios/*
Change-Id: I7dbec7555fbd493c1ec61c6bb5d9428a2405b1fd
[ Merge of http://go/wvgerrit/119843 ]
Creation and expiration times are extracted from the device DRM
certificate. They are reported as
* -1 if not set in the proto
* 0 if unlimited
* positive number otherwise
Bug: 169740403
Test: WV unit, integraiton tests
Change-Id: I9463954dfeb82b6a88ff5d608ed74d20f2424e83
[ Merge of http://go/wvgerrit/117267 ]
The client will now advertise the ability to handle provisioning errors
by a minor version updated to the provisioning protocol version.
The provisioning service may indicate that the individual device
is revoked or all devices with the same make/model have been revoked.
If the provisoning service has not been upgraded, the protocol version
field in the request will be ignored. The provisioning service/SDK
will respond with an HTTP 400 error to a provisioning request from
a revoked device.
Bug: 174174765
Test: WvCdmRequestLicenseTest.ProvisioningRevocationTest,
WV unit/integration tests
Change-Id: I5ff61496685f310de6704a90452b8b76b3505cbb
