These are a set of CLs merged from the wv cdm repo to the android repo.
* Update service certificate.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28065 ]
The updated service certificate fixes a number of failing tests.
There are still some that fail, apparently due to mismatches
with key set IDs and usage tables.
Also updated QA server URL to point to QA proxy (although neither
can be used by this client).
Also fixed segfault in CdmTest.ListUsageRecords.
* Add CDM APIs for Handling Service Certificates.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28064 ]
The responsibility for managing Service Certificates has been moved
out of the CDM. Instead, provide CDM and CdmEngine methods to generate
a service certificate request message, and handle a service certificate
response. The API client can use these calls if it needs to get the
service certificate from the License Server.
These functions assume the request and response are base64 (web-safe)
encoded (see b/37481392). Not all servers are operating this way yet.
Any adaptations for non-compliant servers is handled outside the CDM.
See test WvCdmEnginePreProvTest::ServiceCertificateRequestResponse in
cdm_engine_test.cpp for an example of this.
These changes also eliminate the stored init_data and deferred
license type which were used to perform a service certificate request
during a license request.
* Fix and rename ClosesSessionWithoutReturningError test.
Author: Edwin Wong <edwinwong@google.com>
[ Merge of http://go/wvgerrit/27880 ]
ClosesSessionWithoutReturningError should not check for
Status::OK since it is expecting an error code back.
The test is renamed to ClosesSessionWithError.
Test: libwvdrmdrmplugin_hidl_test
BUG: 62205215
* Get rid of default service certificate.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27981 ]
Instead, we need at least two service certs - one for the QA/Test
servers, and one for UAT (and prod?)
There are still some issues around the signature verififcation
of the service cert, and in license_unittest.cpp, the use
of the default service cert has been commented out. I don't know
why this test needs a service cert. If it really does, then the
same mechanism that is used elsewhere for selecting a specific
server type will be needed here.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: Ieab815fb202c809ad5714cd0364c4bdfa068f77d
Below are a set of CLs being merged from the wv cdm repo to the android repo.
* Fix handling of OEM Cert public key.
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/27921 ]
This is a potential fix for b/36656190. Set aside public
key on first call to get the public key, and use it afterwards.
This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(),
which has side-effect of staging the OEM private key.
This also fixes a problem where the public cert string was
not being trimmed to match the size returned by
OEMCrypto_GetOEMPublicCertificate().
* Complete provisioning request/response for Provisioning 3.0
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Fix bug on provisioning request path where GenerateDerivedKeys()
was being called when preparing to generate the signature.
Add message signature verification, and call correct OEMCrypto
routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30).
* Implement Cdm::deleteAllUsageRecords()
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Delete all usage records for current origin. Removes usage
records from file system and retains the PSTs. The deletes
any usage entries matching those PSTs held by OEMCrypto.
BUG: 35319024
* Remove stringencoders library from third_party.
Author: Jacob Trimble <modmaker@google.com>
[ Merge of http://go/wvgerrit/27585 ]
We have a fork of the stringencoders library that we use for base64
encoding. This reimplements base64 encoding to remove the extra
dependency and to reduce the amount of code.
* Add Cdm::deleteUsageRecord() based on key_set_id.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27605 ]
Delete specified usage record from file system usage info and
from OEMCrypto.
BUG: 35319024
* Modifiable OEMCrypto
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/24729 ]
This CL adds a new variant of the OEMCrypto mock code that adjusts its
behavior based on a configuration file. This is intended for
testing.
For example, a tester can set current_hdcp to 2 in the options.txt
file, push it to the device, and verify that a license is granted for
HDCP 2.0. Then the tester can edit the value of current_hdcp to 1 and
push the file to the device. Playback should stop because the license
is no longer valid.
This variant uses a real level 1 liboemcrypto.so to push data to a
secure buffer. That means we can test playback for a license that
requires secure buffers on an Android device with real secure buffers.
BUG: 35141278
BUG: 37353534
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I58443c510919e992bb455192e70373490a00e2b6
[ Merge of http://go/wvgerrit/24147 ]
In OEMCrypto version 13, usage information is updated by calls to
OEMCrypto_UpdateUsageEntry. In previous versions calls were made to
OEMCrypto_UpdateUsageTable instead. Both need to be supported as the
OEMCrypto version may vary by device.
This consolidates calls to OEMCrypto_UpdateUsageTable so that they
can be disabled if OEMCrypto version >= 13. No functional changes other
than disabling by OEMCrypto version were introduced in this section.
Helper routines have been added to device files as well.
Bug: 34327459
Test: WV unit/integration tests
Change-Id: I223b0a947c21b8b7ba3c8f345b0206747eb50984
[ Merge of http://go/wvgerrit/23822 ]
This merges back to master, code review related changes when
"Implement Cdm::listStoredLicenses()" was merged from master
(http://go/wvgerrit/23189) to oc-dev (http://go/wvgerrit/23600)
Bug: 34628115
Test: WV unit/integration tests
Change-Id: Idf3acb0ff668d1cc3fe2e6fd400daa183bdb340b
[ Merge of http://go/wvgerrit/23360 ]
Service Certificates are used in two places, provisioning and
licensing. The service certificate code depended on a session_id
to get and set the service certificate properties, but the session_id
was not available in the provisioning path.
This patch pulls out the property lookup by session_id dependency,
and passes the CdmImpl's property_set into the provisioning code, so
the service certificate can be read and written there.
Bug: 62972441
Test: WV unit/integration tests. This introduces three test failures
* WvCdmRequestLicenseTest.PrivacyModeWithServiceCertificateTest
* Cdm/WvCdmStreamingLicenseRenewalTest.WithClientId/4
* Cdm/WvCdmOfflineLicenseReleaseTest.WithClientId/3
Change-Id: I6e9d4e23a9e7e81a63a994db8ec0b443893449a6
Merge from Widevine repo of http://go/wvgerrit/35480
This relaxes the watchdog timer around the level 3 oemcrypto
initialization to 120 seconds. There are also a couple of new log
messages at the end of initialization and at termination.
Library for arm updated:
level3/arm/libwvlevel3.a Level3 Library 4445 Oct 4 2017 17:06:25
bug: 65379279
Test: unit tests on n5. View netflix on Nexus 5. GTS tests on N5.
Change-Id: Id474d6728da557051801d2ca92987496672b896a
[ Merge of http://go/wvgerrit/35405 ]
Devices that launch with android O as their first release have
SPOIDs (Stable Per-Origin IDentifier) enabled. This results
in multiple CdmEngine instances, one for each CDM identifier
(that differ by app package name possibly origin).
Each time a CDMEngine object is created, the CDM properties are
reinitialized. This causes certain property information stored on
a session basis (privacy mode, service certificate, session sharing)
to be lost. Since Query calls are not app specific, they can often
result in CdmEngine object creation, causing existing sessions to
lose associated property information. This can be avoided by
initializing CDM proerpties only once.
Bug: 65732345
Test: WV unit/integration tests
Test: GTS tests
Test: Playback using Google Play, Netflix and YT Live
Change-Id: Ic121f322ed6e45e2033964e6439c026de2401b4c
[ Merge of http://go/wvgerrit/34900 ]
Querying information about licenses with uncommon duration values
did not, under all conditions, return expected values. This corrects
for licenses where
* playback and license durations were set to unlimited
* rental and license durations were set to unlimited
Bug: 65669869
Test: 9 new policy_engine_unittests
Test: WV unit/integration tests
Test: GTSMediaTestCases
Test: Playback using netflix and play movies
Change-Id: I6e48f82f1f194fb7e04491d33054dfe74d9465eb
[ Merge of http://go/wvgerrit/34060 ]
License were not being upgraded successfully from usage
tables to usage table headers and entries (big usage tables).
Bug: 65730713
Test: WV unit/integration tests
Test: GTSMediaDrmTests
Test: Playback using netflix and play movies
Test: Manual upgrade from N (L3)
Change-Id: I7ef127204104fa36dd1ee385bc80ed6a81172b4b
Merge from Widevine repo of http://go/wvgerrit/33540
This code adds a watchdog timer to the level 3 initialization. If
initialization does not finish within 5 seconds, the process will
abort, printing a small amount of debugging information.
arm/libwvlevel3.a Level3 Library 4445 Sep 11 2017 14:05:15
Test: unit tests on bullhead. Video on Play Movies.
Kyle ran the GTS tests on loop overnight.
bug: 65379279
Change-Id: I0e0e4b158dbce193abbd8ee2cf6b366060c768b8
[ Merge from http://go/wvgerrit/33440 ]
Introduce checks to guard against clock tampering.
Bug: 62037413
Test: WV unit, integration tests on angler
Test: Manual clock rollback test
Test: Playback testing (Netflix, Play movies) on sailfish
Test: GTS test on angler
Change-Id: I47938109adb5c0f5e9aefc58eb5dac156b9f16ef
[ Merge of http://go/wvgerrit/33340 ]
Update usage entry information only when usage entries are
supported.
Bug: 65483034
Test: wv unit/integration tests on angler
Test: GTS tests
Test: playback using play movies and netflix
Change-Id: If5a33900a30ce88f97ef46a800817cd4c71d195e
The app package name was not being reported to the media stats. This
change adds the package name as part of the report to media stats.
This is one of two parts to this change. The other part is in
frameworks/av.
Bug: 64584568
Test: Unit tests, GTS tests, tried with Google Play Movies.
Change-Id: I1ca09db3a59d9a0950f424d977f8774dffd09c2b
The test verifies that a downloaded license receives an expiry event
in a session if it is released from another session. With
the introduction of the big usage table feature loading a
license/usage entry into multiple sessions is not permitted and
so this test is no longer needed.
Some OEMCrypto implementations might require OEMCrypto_UpdateUsageEntry
to be called between calls to OEMCrypto_LoadKeys and
OEMCrypto_ReportUsage. This CL adds the call to
OEMCrypto_UpdateUsageEntry.
Test: WV unit/integration test
Test: Playback using play movies and netflix
Test: GTS tests
Bug: 64988654
Change-Id: Ic737c3200ea1858736a168be835507378eaf7b3e
[ Merge of http://go/wvgerrit/32940 ]
Releasing usage entries may cause other entries to be moved or
information updated. Instead of retrieving all entries once and trying
to release them, refetch them after each release.
Test: WV Unit/Integration tests
Test: GTS tests (failures seen, but no additional failures due to this CL)
Test: Playback testing using play movies and netflix.
Bug: 65372189
Change-Id: I700e60834c7f711c9146dfd720f9cac014981311
Merge from Widevine repo of http://go/wvgerrit/32880
This CL calls pthread_join on the watchdog thread to clean up its
stack and other memory usage.
Test: unit tests on bullhead, GTS tests run in loop,
Play Movies on bullhead.
bug: 65302198
Change-Id: I90f993333dfd019c1ffb96647a6472e4828d50aa
The metrics from the dynamic adapter were not previously being reported.
This change allows them to be reported when all other DRM metrics are
reported.
Bug: 64566432
Test: Unit tests, GTS tests, and Play movies.
Change-Id: I916fb028146fdd04b4cf5bbb5c10ecdaffae6c95
Bug: 36220619
BUG: 64071905
Test: Re-ran existing unit tests. Ran GTS tests. Tested with Google Play.
Change-Id: I79ddc8ed3290e6d74364cf96305054e55243c5ff
(This is a merge of http://go/wvgerrit/31040)
Because the Policy Engine was only consulting the result of the Max-Res
Decode check when it was in kLicenseStateCanPlay and not in other states
that imply kKeyStatusUsable, like kLicenseStateWaitingLicenseUpdate, the
Max-Res Decode results would not be honored during the interval between
requesting a renewal and receiving the result. (Or until the key
expired.) This was particularly problematic for keys with renewal delays
less than ten seconds long, which would freeze the Max-Res state before
it had a chance to update for the first time, effectively disabling
Max-Res Decode until renewal was received.
Fixing this required changing how the Policy Engine and the
LicenseKeyStatus objects communicate about the changing usability state
of the LicenseKeyStatus objects. Before, a call to ApplyConstraints()
might calculate a Max-Res failure, but this failure would be pending
until the Policy Engine deigned to call ApplyStatusChange() again.
Without a call to ApplyStatusChange(), it could pend forever. This put a
burden on the PolicyEngine to poll the LicenseKeys with redundant
ApplyStatusChange() calls using the same CdmKeyStatus that the keys were
already in, just in case Max-Res had changed since the last necessary
call to ApplyStatusChange().
If the Policy Engine got the timing of these calls wrong, it would
result in Max-Res results being ignored. (as in the linked bug) If it
ever polled with the wrong CdmKeyStatus, it would update the
LicenseKeys' status when it did not mean to. It would be preferable if
this polling were not needed, so that the Policy Engine couldn't get it
wrong.
This patch changes the API between these classes so that when Max-Res
fails, the state change can be reported immediately instead of pending
until ApplyStatusChange() is called, eliminating the need for polling.
All state changes to the LicenseKeyStatus objects go through a unified
ApplyStatusChange() method that can update the CdmKeyStatus, resolution,
and/or HDCP level and report any resulting usability changes
immediately. This patch updates the unit tests to exercise this new API
instead of the old API.
Previously, the linked bug slipped past our unit tests because we only
test unrenewable, streaming licenses against Max-Res. This patch adds
several more variants to
policy_engine_constraints_unittest so that it tests six kinds of
license to provide better coverage.
Bug: 62393949
Test: build_and_run_all_unit_tests
Change-Id: I0dfdbf6b8ea39abb446089aef5f6ea0502e9b4c6
Merge of http://go/wvgerrit/31561
If the usage table header is corrupted, or if it is stale, then the
CDM should create a new one.
bug: 64572642
Testing: pushed stale usage table to Fugu, and netflix recovered
gracefully. New unit test UsageTableHeaderTest.StaleHeader.
Change-Id: Ic66854ff6b0b252a0f4ca20e09f27852a50d6fcc
Merge from Widevine repo of http://go/wvgerrit/31340
This CL moves the oemcrypto watchdog timer so that it only watches the
L3 initialization. This will allow L1 initialization to take more
than 5 seconds if it needs to.
TEST: oemcrypto unit tests, Media GTS tests, Play Movies
b/64069544
Change-Id: I7826e4d72eda52ae8b2c9f8b3ac360fb42cbb115
(This is a merge from http://go/wvgerrit/30220)
Previously, extracting the system ID was only supported on Keybox-based
systems. This patch adds support for extracting the system ID from the
OEM Certificate chain on Provisioning 3.0 devices. This is done by
getting the Widevine intermediate cert from the chain, finding the
Widevine System ID extension in that cert, and extracting the value.
The code that does the extraction is separate from any code that calls
OEMCrypto so that it can be unit-tested in isolation. This patch adds a
crypto_session_unittest test to do this unit-testing.
Bug: 34776194
Test: crypto_session_unittest
Change-Id: I3e273968208fb31ae6019ccc383b419625d1ae22
[ Merge of http://go/wvgerrit/29004 ]
Enable support for provisioning with OEM certificates as root of
trust.
b/62972441
Test: WV unit/intgration test, cdm_feature_test and GTSMediaTestCases
Change-Id: I30576fc0bb68a873eeaaca03f6b9c89fa6a14327
The L3 initialization watchdog was previously configured
for 2 seconds vs 5 seconds as originally intended.
Change-Id: Ie31251ac7a58c11262963ef9cb56d0dc08f5dc5b
related-to-bug:62106796
Merge from Widevine repo of http://go/wvgerrit/29861
This code adds a watchdog timer to the oemcrypto initialization. If
initialization does not finish within 5 seconds, the process will
abort.
For branch oc-dr1-dev, unlike nyc-mr2-dev, we save a metric indicating
there was a failure.
Testing: see code in patch 1. Watch dog was forced while using Play
Movies. The busy spinner spun for at least 5 seconds, but Play Movies
was able to restart itself.
b/62106796
Change-Id: Ib59f5bc4a484eff1dc386e07a4b198ecb713c69b
Merge from Widevine repo of http://go/wvgerrit/29861
This code adds a watchdog timer to the oemcrypto initialization. If
initialization does not finish within 5 seconds, the process will
abort.
Testing: see code in patch 1. Watch dog was forced while using Play
Movies. The busy spinner spun for at least 5 seconds, but Play Movies
was able to restart itself.
b/62106796
Change-Id: Ib59f5bc4a484eff1dc386e07a4b198ecb713c69b
(This is a merge of http://go/wvgerrit/29282)
The Android API has long mandated that plugins respond to queries for a
version number, but we'd never hooked it up to the CDM's actual version
number until now.
Bug: 36867286
Test: libwvdrmdrmplugin_test
Test: libwvdrmdrmplugin_hidl_test
Change-Id: I952de4943f8e78b44d526bee66c54d31e9fe5ff1
Merge from http://go/wvgerrit/29800
Add QUERY_KEY_CURRENT_SRM_VERSION and
QUERY_KEY_SRM_UPDATE_SUPPORT.
Test: run unit test
adb push $OUT/marlin/data/bin/libwvdrmdrmplugin_hidl_test
/vendor/bin/.
adb shell LD_LIBRARY_PATH="/vendor/lib/mediadrm" \
/vendor/bin/libwvdrmdrmplugin_hidl_test
bug: 63390310
Change-Id: Ie51056d22178565bd7b987aa901f7b7616d29328
[ Merge from http://go/wvgerrit/29041 ]
This brings error codes up to date with wv master
b/62972441
Test: WV Unit/Integration tests on android
Change-Id: If676b35275bb992018b2b8bfcb76079a2fc2d1f9
This fixes a problem where a CdmEngine instance (and its sessions) could
be closed before its metrics could be collected. The change allows the
wv_content_decryption_module to extract metrics from instances about to
be closed. These are held until reported to the caller.
Test: Manually verified that collection is now occurring correctly. Also
added unit test: wv_cdm_metric_test.
This is a merge from wvgerrit/29069
Change-Id: If82bfd5cae3b72b9d14ab4741424a7ae7cc0a3a6
Renames a few metrics for consistency with the logs processing module.
This CL changes the names of several metrics to be consistent with what
we use for the logs parsing module. E.g. for metrics consistency,
CdmSecurityLevel is referred to as "security_level" and SecurityLevel
is referred to as "requested_security_level".
The GetSecurityLevel method was modified to use CdmSecurityLevel instead
of the previous string type.
This CL is a merge from wvgerrit/28423
BUG: 37627621
BUG: 37627483
Test: Updated and ran unit tests to verify no regressions.
Change-Id: Ia4a8b202325386f2e02dcda4f58010dd7957a048
[ Merge of http://go/wvgerrit/29041/ ]
Releasing allocated BIO buffers before logging failure causes the
openssl error to be erased.
b/62486203
Test: Ran WV unit, integration tests on angler
Change-Id: I3315edae2d3bd34887569ab88817f9591c12f409
MetricsGroup split into 3 groups, session, engine, and crypto.
MetricsFrontEnd and Report removed.
This is a merge from wvgerrit/28420
Bug: 36217927
Test: Added unit tests to cover modified code.
Change-Id: I2f39f99ce88cc2229d6d1aa9459c67c5b86ccef4
