[ Merge of http://go/wvgerrit/207457 ]
When parsing Widevine's HLS key data, the key details are contained
in a data URI in the HLS X-KEY URI field. The data of the URI is a
base64 encoded JSON object, containing the information required to
generate the license request. The "content_id" field of the JSON
object is expected to be a base64 encoded; however, the HLS parser
did not verify that the decoding was successful. In the event that
was not successful, the decoder would return an empty string, which
the parser would attempt to access the first element by reference
which may be a null reference.
In C++, creating a reference from a null point (without actually
accessing the value) is undefined; however most C++ implemenations
will not cause a segment fault; but it is not guarenteed by the
standard.
This change checks if the decoding was successful before attempting
to store the decoded "content_id" value.
A unit test is added to ensure that a parser fails gracefully.
Bug: 356210640
Test: HlsParseTest.BadHlsData_InvalidContentId
Change-Id: Ie2ad42d69953258659178dd1464d830b2723c6c7
Merge of https://widevine-internal-review.git.corp.google.com/c/cdm/+/206431
Message to be signed by CAST funciton is supposed to be in a certain
format: "constant prefix + SHA1(message)".
Some of our current CAST tests uses random message which break this
specification. This fixes the input message.
Test: Cast tests with run_fake_l1_tests
Bug: 359893908
Change-Id: I6b318d749971d837f13daa7b147313e8e0b1d3d0
Since the CDM engine handles license releases for CE CDM and Android
differently, this changes the license release test to accomodate for
that.
Bug: 348712053
Change-Id: Ibc768e5d5c31ef8c2226b63dc622ffabfc0591fe
A new set of license data was created on UAT so that we
could have keys that match those in the license returned by
a License SDK and by those generated by UAT.
It should be more clear now which data is just made up, and
which data has to match some golden values based on the made
up data.
Bug: 338323091
Test: WVTS
Change-Id: Ic112b4594afb99c6f43e011f59ee7592d4809189
We are receiving reports from partners in the field that they are
failing the OEMCrypto tests only because the tests assume the BCC will
fit into 5k of memory but their BCC is nearly 8k in size.
This patch increases the buffer to 10k.
Bug: 354834629
Test: x86-64
Merged from https://widevine-internal-review.googlesource.com/204773
Change-Id: I360196518b7651139c003505253d1aed6a0c3907
This is based on a patch submitted by Amlogic.
When we're doing decrypt fallback, either in the CDM or the OEMCrypto
tests, we sometimes fall back to a point where we're synthesizing new
samples and/or subsamples for the content being decrypted. When this
happens and the output buffer is clear, we should limit the size of the
output buffer to only the space needed to hold the output.
Previously, we've been passing the entire output buffer to every call.
This can create a problem if the reason for the fallback is a lack of
enough memory to communicate the buffers to the TA, since the output
buffer will remain the same size as the total output. Restricting the
buffer passed to each call to only the space needed by that call will
reduce the memory requirement.
Bug: 354834629
Test: x86-64
Merged from https://widevine-internal-review.googlesource.com/204810
Merged from https://widevine-internal-review.googlesource.com/204953
Change-Id: I412f43d8f88c72072ef1dd5293436bdb58e500b3
The docs on OEMCrypto_DecryptCENC() weren't updated correctly when we
allowed the (0,0) pattern in v17. This patch brings the header docs
in-line with the handwritten part of the devsite documentation.
Merged from http://go/wvgerrit/204630
Bug: 336330529
Change-Id: Ic6c81d8f04904b83c34fbc0235ebbae8705a4182
[ Merge of http://go/wvgerrit/201577 ]
[ Cherry-pick of http://ag/28133919 ]
VIC specific: No DRM reprovisioning support
The SystemIdExtractor did not properly define behavior when working
with opened/closed CryptoSessions. Due to the CryptoSession's class
dual role of being both a session and a general handle into the
crypto engine, small bugs relying on undefined behavior which happened
to return expected output allowed tests to pass.
This CL makes the following changes:
1) Have SystemIdExtractor verify caller expectations when session is
open.
2) Improved SystemIdExtractor to operate when CryptoSession is opened
or closed.
3) Updates several SystemIdExtractorTest cases to better test defined
behavior without relying on undefined behavior.
4) Better code comments; hopefully some which will help prevent future
misuse of the internal APIs.
Test: system_id_extractor_unittest on Oriole
Test: WVTS on oriole
Bug: 329713288
Change-Id: I65518fe62f43e8060ea752852eb08a3d7132e2a0
The prebuilt version is AV1A.240603.001.
The branch it was built on is `vic-widevine-partner-release`.
Bug: 324294223
Change-Id: If42db8dea02eb4c15b97692c275df66b30a4dd63
(cherry picked from commit 33326c9604500cb45219f05852416734cc517799)
The prebuilt version is AV1A.240428.001.
The branch it was built on is `vic-widevine-partner-release`.
Bug: 324294223
Change-Id: Ia0b63e5b667d17036f9dde6916cafa4e436278e8
(cherry picked from commit b54d86a04f00d405a054c8c88f9d42f115136467)
The prebuilt version is ZV1A.240402.001.
The branch it was built on is `trunk-widevine-release`.
Bug: 324294223
Change-Id: Idbaf0816db3487573b7b90139af865b0ed90f116
(cherry picked from commit a319d2b737f85ffb45b508537aa486bfc38a5518)
[ Merge of http://go/wvgerrit/199050 ]
Fix to L3 renewal policy bypass attack:
OEMCrypto_DeriveKeysFromSessionKey cannot be called after a license is
loaded.
Re-generated L3 from oemcrypto-v19 branch.
Also needed to update a few tests because it now returns a different
error code.
Test: tested with
https: //widevine-internal-review.git.corp.google.com/c/cdm/+/196392
Bug: 334154045
Merged from https://widevine-internal-review.googlesource.com/197957
Change-Id: Id0e81123b140085654106e99a05ae2405091f101
The original clear lead integration tests weren't following the flow of
the original bug because there was only one sample, so
DecryptMultipleSamples wasn't being called in the same way. This should
fix this.
Bug: 320785945
Merged from https://widevine-internal-review.googlesource.com/198137
(cherry picked from commit 4141e271d44c32da88dc0f02a0173fae0b45ead9)
Change-Id: Ia70e3fd78381d8d34261b95931fdb303f77f73fd
Bug: 330354107
Test: CI
Flag: NONE
Ignore-AOSP-First: It is easier to detect all the mismatch in internal
master.
Change-Id: Ib7f679e34521afcee7fae648415315f4cbab91d6
(cherry picked from commit a6f7ac137ca1ab00985c1eb8b3e96a647a5d8400)
Merge of
https://widevine-internal-review.git.corp.google.com/c/cdm/+/199044
L3 builds created for this fix:
https://widevine-internal-review.git.corp.google.com/c/cdm/+/199050
Fix to L3 renewal policy bypass attack:
OEMCrypto_DeriveKeysFromSessionKey cannot be called after a license is
loaded.
System IDs:
build_arm_v() { build_arm_with_id 33097; }
build_arm64_v() { build_arm64_with_id 33098; }
build_x86_v() { build_x86_with_id 33099; }
build_x86_64_v() { build_x86_64_with_id 33100; }
Test: tested with
https: //widevine-internal-review.git.corp.google.com/c/cdm/+/196392
Test: run_level3_static_tests
Test: run wvts on Pixel7
Bug: 334154045
Change-Id: Ib188d0a37a2193f56dfd287e2f0274ba65bd7b3e
[ Merge of http://go/wvgerrit/197972 ]
The test only needs to verify that the license has a renewal
server url. It does not need to fetch a renewal from that url.
bug: 338103523
Change-Id: I1513f8692089c3f51a53ffd6ecb62348702b8fb8
[ Merge of http://go/wvgerrit/195850 ]
Since Widevine device builds now include APEX prebuilts,
shared library dependencies for the prebuilts are in
are in /apex/com.google.android.widevine/lib[64] rather
than /system/lib[64] or /vendor/lib[64]. When tests are
run not all the dependencies are present.
These changes include
* Statically linking missing dependencies
* Adding /apex/com.google.android.widevine/lib[64] to
the shared library path
* Searching for some of the test executables in
/data/nativetest[64]/vendor/
Bug: 329888778
Bug: 329891889
Bug: 329891175
Bug: 329891049
Test: ./build_and_run_all_unit_tests.sh
Change-Id: I067685cedc7701c4e6502bdac98b53e22b61ad1e
The test server for UAT and for the SDKs now accept the same
url format for renewals.
Bug: 328763985
Change-Id: I1a58412047735efa26da7986bf19fa9a7fbaf374
widevine currenty uses `use_source_config_var` and product variables to
ensure that products gets the correct selection of source or prebuilts
of widevine apex.
`use_source_config_var` is being deprecated from Soong to unfiy the
mechanisms for source vs prebuilt selection. This CL transitions
widevine to a different mechanism `prefer` for prebuilt selection to aid
the deprecation.
Test: lunch cf_x86_64_phone-trunk_staging-userdebug; m nothing; aninja
-t path droid
vendor/widevine/libwvdrmengine/apex/prebuilt/com.google.android.widevine.nonupdatable.apks;
// no path exists, i.e. uses source
Test: lunch osprey-trunk_staging-userdebug; m nothing; aninja -t path
droid vendor/widevine/libwvdrmengine/apex/prebuilt/com.google.android.widevine.nonupdatable.apks;
// path exists; i.e. uses prebuilts
Bug: 332379718
Change-Id: I78800aee49f1de83ea2ce8160923362871806d87
This reverts commit 95b50d39ba.
Reason for revert: Rikers changes should go on main. We can decide that partner OEMs can pick up this feature for V once it has been well tested on main.
Change-Id: I129303cbc86e267aba013a7c314724e51477dc82
