[ Merge of http://go/wvgerrit/133744 ]
This changes adds several small classes which contain and manage
system and engine information related to OTA keybox provisioning.
These classes closely map to the OKP device file messages.
Bug: 189232882
Test: Linux unit tests
Change-Id: Ia9334c38f9d7ea89b30d9ad05f0595570bb38658
Storing and loading OKP info.
[ Merge of http://go/wvgerrit/133763 and http://go/ag/15645333 ]
This change extends the DeviceFiles module to be able to store and
load OKP info. Mild data validation is performed when storing and
loading the information.
Bug: 189232882
Test: Android unit tests
Change-Id: I077de3234157252f2255a4389bf82a8d5344a355
System OKP fallback policy.
[ Merge of http://go/wvgerrit/133783 and http://go/ag/15645334 ]
SystemFallbackPolicy provides a thread-safe interface for accessing
and modifying OKP info.
Bug: 189232882
Test: Android unit tests
Change-Id: I4e43e3bc047ed5fb6cb517b53e4094e812b70e1e
Engine OKP provisioner.
[ Merge of http://go/wvgerrit/133803 and http://go/ag/15645335 ]
The OtaKeyboxProvisioner provides a CdmEngine-specific context for
performing OTA keybox provisioning. Utilizes the system-wide
SystemFallbackPolicy to relay provisioning status between engines.
The provisioner will handle message wrapping and unwrapping of the
raw OTA keybox request / response into the SignedProvisioningMessage
which is sent to/received from the provisioning server.
[ Partial merge of http://go/wvgerrit/125844 ]
Note: Includes partial CryptoSession changes from various CLs.
CryptoSession functionality has been stripped to reduce impact of
this CL.
Bug: 189232882
Test: Android unit tests
Change-Id: I282bf7d1887daefb2250af1bd595c4dc3dfcfb29
Integrated OKP into CDM Engine
[ Merge of http://go/wvgerrit/133804 and http://go/ag/15646376 ]
Extended the functionality of the CdmEngine to check if the device
requires OKP and to initialize OKP resources if required. The
functionality of OpenSession() and GetProvisioningRequest() have been
the most affected. If OKP is required, these methods will signal to
the app that provisioning is required and will return an OKP request.
Once a device is provisioned, the OKP data is cleared away and the
CdmEngine will resume normal operation. Engines created after a
device is provisioned will immediately enter normal operations.
The exception is for CdmEngines which failed to perform OKP for some
reason and are still running. Those apps will need to restart before
gaining access to L1 operations.
Bug: 187646550
Test: Android integration tests
Merged-In: Ia572a66a7b73479355758aa3d0c682691eaca0fc
Change-Id: Ia572a66a7b73479355758aa3d0c682691eaca0fc
[ Merge of http://go/wvgerrit/133729 ]
The OtaKeyboxProvisioner is a system-wide provisioner for sharing the
provisioning workflow between CDM engines.
Bug: 189232882
Test: GtsMediaTestCases
Change-Id: I873af3087cc05e1831bdd1d2c14fb002b73e6902
Added keybox provisioning proto fields.
[ Merge of http://go/wvgerrit/133730 and http://go/ag/15113032 ]
This CL copies over the required license_protocol.proto changes that
are required for OTA keybox provisioning. These fields are defined in
the server-side certificate_provisioning.proto, defined in
http://cl/377533774.
Note, changes are slightly different from server proto due to the RVC
version of license_protocol.proto being out of date with SC and newer
changes.
Bug: 189232882
Test: run_x86_64_tests
Change-Id: I55fcf6a7ac2ba4b6026b9acc63e822ff33c431d9
Added OTA keybox provisioning device files.
[ Merge of http://go/wvgerrit/133743 and http://go/ag/15421141 ]
This change adds a new set of proto messages/fields the CDM's device
files for recording device and engine information around OTA keybox
provisioning (OKP).
To make cleanup and thread protection possible, there is a single file
which will contain all the information for the device as a whole and
each CDM engine tied to an app/origin.
Bug: 189232882
Test: Linux unit tests
Change-Id: Iaf80cd6342f32657e04416750d9b278d935821a5
Client ID for OKP requests.
[ Merge of http://go/wvgerrit/133744 and http://go/ag/15645331 ]
Extended the CDM ClientIdentification class to support a subset of
client info used for OKP requests.
Bug: 189232882
Test: Android unit tests
Merged-In: I6aafb4f2164efe69bc733ece0a912f0e91893b91
Change-Id: I6aafb4f2164efe69bc733ece0a912f0e91893b91
Merge from Widevine repo of http://go/wvgerrit/133703 and
http://ag/14707867
In order to use a local provisioning server, we need to use a
different test keybox system id that is in the dev device database
instead of the production database. We also need to use a local
license server that uses the dev license server.
Bug: 187646550
Test: GtsMediaTestCases
Change-Id: Ice89143dd26de22757375a770c6bac716fcbc057
Add Keybox OTA Provisioning functions to OEMCrypto header
Merge from Widevine repo of http://go/wvgerrit/133704 and
http://go/ag/14707868
Bug: 188228998
Change-Id: Iff54bc2870e87bf7239e179e1d02fbcc8df6198f
Stub build changes to support OTA Keybox
Merge from Widevine repo of http://go/wvgerrit/133725 and
http://go/ag/14781459
This CL adds a new unit test file for testing OTA keybox
reprovisioning functionality. This new test is built when running the
dynamic adapter in the linux build, and in the Android build.
Bug: 187646550
Change-Id: I625513840188f95e74831ef2ea399e827e837439
Add OTA Keybox functions to dynamic adapter
Merge from Widevine repo of http://go/wvgerrit/125843
and http://go/ag/14781460
Bug: 187646550
Change-Id: Ief78ed10599c091690e0d7dc488ea71674c763b5
Refactor dynamic adapter keybox verification
Merge from Widevine repo of http://go/wvgerrit/133727http://go/ag/14812524
The keybox validation needs to be done separately from initializing
the library so that we can support Keybox OTA Reprovisioning.
If L1 loads, but the keybox is missing, the initialization should
succeed. When the keybox is validated, the adapter should try to look
for a keybox on the filesystem. if none is found, it should either
return NEEDS PROVISIONING or an error.
Bug: 187646550
Change-Id: I34a8c365a5a5ca35c379bea827c85c749964744c
Update crypto session to use new OTA keybox functionality
Merge from Widevine repo of http://go/wvgerrit/133728 and
http://go/ag/14812525
This CL stubs out two new CryptoSession functions that call the new
OEMCrypto functions for OTA Keybox Provisioning. It builds! Yay!
It also adds a boolean needs_keybox_provisioning that is set to true
when OEMCrypto reports that it needs a keybox. This should only happen
if there is no keybox installed and oemcrypto supports provisioning.
Bug: 187646550
Merged-In: Ide9533943125aa13b8899b652b118a0b410c882c
Change-Id: Ide9533943125aa13b8899b652b118a0b410c882c
[ Merge of http://go/wvgerrit/122984 ]
There was an issue encountered by some vendors with how the usage
table was initialized on some devices. Previously, the CDM would
open an OEMCrypto session first, then initialize the usage table
(loading existing or creating a new one). On these devices,
OEMCrypto_CreateUsageTableHeader() and OEMCrypto_LoadUsageTableHeader()
would fail if there were any open sessions.
This CL changes the initialization process to create/load the usage
table before opening an OEMCrypto session.
This change also lays the ground work for another usage table fix
to address GTS tests failure.
In the process, several of the functions for the usage table have been
split up into smaller chunks of code. This required additional changes
to the usage table unittest to keep them up to date.
Bug: 169195093
Bug: 180639135
Test: Linux unittests and MediaDrmTest
Change-Id: Ifbf35f5d8cff5b89fea9b16edb998c84803f4fbe
[ Merge of http://go/wvgerrit/121568 ]
The CdmEngine logs had both too much and too little information.
Since our logging has been enabled to print function names natively,
many of the log information has become superfluous. Needless
information has been removed, and many of the important INFO logs have
been reduced to only the information not present in the function name.
Some of the INFO and ERROR logs were missing identifiers to match
failures with the same session request should the failures take more
than a few milliseconds to occur. CDM session IDs and key set IDs
have been included in all the logs that _appeared_ to have a slow
operation between the top of the method and log.
To help make enum values more readable, several enums-to-string
functions have been implemented. These converters are intended for
INFO logging and as such, do not log any addition information should
the enum be out of range.
To help make empty and null identifiers more readable in the logs,
empty strings will be logged as <empty> and null strings will be
logged as <null>.
While working through the "cdm_engine.cpp" file, a few minor changes
have been made:
- Adjust if statements to match with Google C++ style guidelines
- Skipped anything that was not obvious
- Added a const qualifier to variables where appropriate
- Moved some null checks to the top of the method
- Only where sequence is non-critical to normal operation
- Removed unnecessary string to vector to string conversions
- Reject empty |force_session_id|
- Already enforced on CE CDM code and not uesd on Android
Bug: 183576879
Test: CE CDM unittests
Change-Id: Id165373055f7ce6097c93c48f84af74bd353c8cb
[ Merge of http://go/wvgerrit/121567 ]
Replaced the two usage support functions GetUsageSupportType() and
UsageInformationSupport() into a single function HasUsageInfoSupport().
Since moving to only supporting a single usage info system (usage table
header + usage entries), the different usage support functions have
lost their purpose.
One version of the method works on an open session and will use a
cached value of the property if previously set. The other can be
called without opening the session (as used for query calls).
This is part of larger fix for the usage table initialization process.
Bug: 169195093
Test: CE CDM unit tests
Change-Id: I637c24dd143e995dbb0f8848850e3c71ff1018eb
[ Merge of http://go/wvgerrit/110923 ]
The CDM is responsible for telling OEMCrypto the underlying DRM
private key type when loading it into a session. To do this, the
CDM must determine and store the key type of a successfully loaded
provisioning response. The type of key is available from the
DRM certificate proto that is provided in the reponse.
This change introduces a class to contain the wrapped key and
type together. To store the type, the CDM device files have been
updated to include a key type with the DRM certificate and to
store from and load to the new class.
Unittests have been updated for using the new class where the
wrapped key was used before.
Test: Linux unit tests
Bug: 140813486
Change-Id: I09249afe9c291632fb651ecd00eac697d6939ec7
(cherry picked from commit 6c457402e944079271cef488aa4699f986da6a2e)
Merged-In: I09249afe9c291632fb651ecd00eac697d6939ec7
[ Merge of http://go/wvgerrit/110824 ]
When generating a provisioning request, the CDM includes the different
certificate key types that are supported.
This change will enable the reporting of ECC certificate types if
OEMCrypto supports them.
Test: Linux unit tests and Android integration test
Bug: 140813486
Change-Id: I713ff1c469dff5c8a41461727ce63486d962575e
(cherry picked from commit 547d2f8775)
Merged-In: I713ff1c469dff5c8a41461727ce63486d962575e
[ Merge of http://go/wvgerrit/106203 ]
CdmSigningAlgorithm are converted into OEMCrypto_Algorithm enums
before being passed as parameters to OEMCrypto generic crypto functions.
The OEMCrypto_Algorithm variables should never be set to values not
specified in the enum declaration.
These private methods have also been moved to the anonymous namespace.
Bug: 168774486
Test: WV unit/integration tests
Change-Id: Ie570a3cf4447b6c133076baa0909d562824c8e4a
[ Merge of http://go/wvgerrit/108064 ]
The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the core directory.
Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I8ae5a10cbfdf7faae6a2735e57b33729763f10b8
(This is a merge of http://go/wvgerrit/97083.)
The switch from LoadKeys to LoadLicense broke entitlement licenses
entirely because the LoadLicense path in CryptoSession didn't include
any affordances for updating the KeySession, unlike the LoadKeys path.
This patch adds code to handle this.
Bug: 152814106
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: Id0c33a566e17e6be8da04e12be4b0fc87559aa8f
[ Merge of http://go/wvgerrit/95405 ]
There are several OEMCrypto functions that do not require an open
session to be called. This change updates the OEMCrypto functions
related to the Usage Table Header.
Bug: 150888316
Test: Linux unit tests and Android build
Change-Id: Ic879876dd190fb3e058bbe8e0cce37273030b105
[ Merge of http://go/wvgerrit/95508 ]
The provisioning ID length will be 32 bytes when the device supports a
keybox or OEM certificates and does not implement |OEMCrypto_GetDeviceId|.
If a device supports OEM Certificates and implements |OEMCrypto_GetDeviceId|
it may be an arbitrary length upto 64 bytes.
Bug: 150393659
Test: WV unit/integration tests
Change-Id: I5e4dbc8f2f9ca326425d0313f4823b72bd6ac7c0
(This is a merge of http://go/wvgerrit/95003.)
To reduce the number of OEMCrypto calls on the decrypt path, the maximum
subsample size will now be cached after the first call to retrieve it.
Bug: 150018606
Test: Android Unit Tests
Test: CE CDM Unit Tests
Test: ExoPlayer high-bitrate playback on OEC v15
Change-Id: I0b5d38d8a082c0a127d2a47f112b76c64085bddb
[ Merge of http://go/wvgerrit/94483 ]
With OEMCrypto V16 comes a new potential error code from calls to
DecryptCENC(). WARNING_MIXED_OUTPUT_PROTECTION may be returned by
supporting devices if one of the output devices does not meet the
required HDCP level for the decryption key/license; however the output
is instead restricted (by OEMCrypto) to devices that are secure. This
warning is informative to the CDM; but no action can/should be taken
by the CDM.
In addition, if DecryptCENC() returns an error/warning, it is likely
that the same status code will be returned on subsequent calls to
decrypt within the same crypto session. To reduce the number of logs
the CDM produces within the same crypto session only changes in error
codes are logged.
Bug: 140825538
Change-Id: Iaf9da3f0c88889525f73f3153a5977c8416286bb
(cherry picked from commit d9c703ef9e)
Merged-In: Iaf9da3f0c88889525f73f3153a5977c8416286bb
(This is a merge of http://go/wvgerrit/93829,
http://go/wvgerrit/93830, http://go/wvgerrit/93832,
http://go/wvgerrit/93833, and http://go/wvgerrit/93834 from the
Widevine repo.)
This implements the CDM code changes necessary to take advantage of
Combined Decrypt Calls on OEMCrypto v16. The result of this is that
WVCryptoPlugin is much lighter now because it can pass the full sample
down to the core in one call, but CryptoSession is heavier, as it now
has to handle more complex fallback logic when devices can't handle
multiple subsamples at once.
This patch also removes support for the 'cens' and 'cbc1' schema, which
are being dropped in OEMCrypto v16. This fixes an overflow in the code
for handling those schemas by removing it entirely.
This patch also fixes the "in chunks" legacy decrypt path to use larger
chunk sizes on devices with higher resource rating tiers.
Bug: 135285640
Bug: 123435824
Bug: 138584971
Bug: 139257871
Bug: 78289910
Bug: 149361893
Test: no new CE CDM Unit Test failures
Test: Google Play plays
Test: Netflix plays
Test: no new GTS failures
Change-Id: Ic4952c9fa3bc7fd5ed08698e88254380a7a18514
[ Merge of http://go/wvgerrit/89848 ]
Apps query a number of properties at initialization. The mediaDrm
API getProperty allows the query of a single property at a time.
This causes a series of requests. If no crypto
sessions are concurrently open, a series of expensive OEMCrypto
Initialization and Termination calls will occur.
In this change OEMCrypto termination is delayed. If an OEMCrypto
Terminate is followed in close succession by an Initialize, neither
will occur avoiding the overhead. A timer enables a countdown process.
If no session activity occurs, the timer will eventually terminate
OEMCrypto and exit.
Bug: 136282358
Test: Android unit/integration tests
Change-Id: I442b7919b4e7835c52583516c8bc64d0c150241d
Merge of http://go/wvgerrit/93404
This CL updates the Widevine CDM to support OEMCrypto v16.1
Test: Tested in 16.2 CL
Bug: 141247171
Change-Id: I69bd993500f6fb63bf6010c8b0250dc7acc3d71b
[ Merge of http://go/wvgerrit/89906 ]
The change allows the GetDecryptHashSupport method to return
an error.
Bug: 144851430
Test: WV android unit/integration tests
Change-Id: Ib3b95788adb21b5ed0daee51ad338f9674b04c3c
[ Merge of http://go/wvgerrit/87964 ]
A preliminary test has been added, more to follow.
Bug: 142747616
Test: android unit tests
Change-Id: Ida8eb853c14f73f60f7bc354f14a02224c2ce66c
[ Merge of http://go/wvgerrit/80805 ]
This change was used only where `typedef` was used for type aliasing,
and not for defining a new type (such as enums, structs, or function
pointer types).
Clang-format was used on the changed files.
Test: WV unit tests
Bug: 134437705
Change-Id: I730b9709a5ac773b3036daa79024caab665b3daa
[ Merge of http://go/wvgerrit/80483 ]
Clang-format has been run on files in core/include
Bug: 134365840
Test: WV unit/integration tests
Change-Id: I890127f23f30f0e63f826d3638521b4cc12fb995
Merge from Widevine repo of http://go/wvgerrit/78623
This updates the license request client identification to include
OEMCrypto build information.
Bug: 129070445
Test: ExoPlayer on crosshatch with mod mock
Change-Id: I0dbce0cca4e9810e14f60561e4e434f1dbcadfb6
(This is a merge of http://go/wvgerrit/72867)
This patch replaces the previous static std::mutexes in CryptoSession
with shared_mutexes, allowing multiple readers to access the resources
they protect. For the shared fields, this means only Initialize(),
Terminate(), and the code that sets up the usage table headers needs
exclusive access. All other CryptoSession code is able to read these
fields in parallel.
For OEMCrypto, the static OEMCrypto lock is joined by a per-session
std::mutex, which are used in concert to enforce the OEMCrypto v15
threading guarantees.
On my machine this results in a noticeable increase in performance for
the parallel unit tests.
Bug: 70889998
Bug: 118584039
Test: CE CDM Unit Tests
Test: Android Unit Tests
Test: Jenkins Tests
Change-Id: Ie6332ae4926ed4f14af897685d37bfe63831b14f
(This is a merge of http://go/wvgerrit/71324)
This patch increases the granularity of the locking in CryptoSession
without substantially changing its locking semantics. Where before
there was a single |crypto_lock_| performing multiple duties, now
there are three locks:
1) |static_field_lock_|, which is used when needing to access the
non-atomic static member fields of CryptoSession.
2) |oem_crypto_lock_|, which is used when needing to call into
OEMCrypto.
3) |factory_lock_|, used only by the functions that interact with the
CryptoSession factory.
All the code in CryptoSession has been updated to use these locks. It
has also been updated to only hold them for the minimal amount of time
necessary, as opposed to holding them for a whole function. This should
help some with the ability of CryptoSession calls to happen
concurrently. To assist in taking locks in a consistent manner, two
helper functions, |WithStaticFieldLock()| and |WithOecLock()| have been
added. Also, for the very common case of reading |initialized_|, the
accessor |IsInitialized()| will read the value safely.
While changing all the code to lock differently, I found that some
places in CryptoSession were *not* locking before accessing static state
or calling into OEMCrypto. I have made these callsites consistent with
the rest of CryptoSession.
As a result of taking locks for only the minimum time necessary, it is
no longer necessary for functions to make assumptions about whether the
lock will already be held before they are called. Locks should not be
held while calling helper functions, and code should always take a lock
for the brief time it is necessary to do so.
In tests, including the concurrent unit tests coming in the following
patch, this code did not perform substantially better or worse than the
code that preceded it, but the hope is that it will experience less
contention on devices that are more resource-constrained than my
desktop, such as older game consoles.
This patch appears to address some real threading issues. Hopefully, it
will also make it easier to maintain soundness in the future and to
reason about when code in CryptoSession needs to take a lock.
This is the first step to implementing the "Finer-Grained Locking in
CryptoSession" specification. A future patch will make some of these
locks reader-writer locks, to allow even greater parallelism.
Bug: 70889998
Bug: 118584039
Bug: 123319961
Test: CE CDM Unit Tests
Test: Android Unit Tests
Test: GTS
Test: Play Movies
Test: Netflix
Change-Id: I346c04a5d9875723db54af33ee91772bf49ca12f
[ Merge of http://go/wvgerrit/71326 ]
Nonce flood, frame size, session and system invalidation errors
will now bubble up to the app. OEMCrypto v15 returns
OEMCrypto_ERROR_BUFFER_TOO_LARGE, OEMCrypto_ERROR_SESSION_LOST_STATE,
OEMCrypto_ERROR_SYSTEM_INVALIDATED and a variety of nonce errors.
These will be reported to HIDL as OUTPUT_TOO_LARGE_ERROR,
ERROR_DRM_SESSION_LOST_STATE, ERROR_DRM_INVALID_STATE and
ERROR_DRM_RESOURCE_CONTENTION.
Bug: 120572706
Test: Unit/Integration tests
Change-Id: Ida177300046327ce81592a273028ef6c3a0d9fd9
(This is a merge of http://go/wvgerrit/70667)
Request ID Index generation has historically worked by incrementing a
shared variable in one place and reading it in another place and
trusting the fact that CdmLicense calls these operations in a certain
order and only once per session to give each session a unique value.
This patch cleans this up a bit, having each session store the current
Request ID Index at the same time as it stores its Request ID Base. This
guarantees that each CryptoSession will receive a unique but stable
combination of Base and ID rather than relying on the calling pattern.
Since all this generation happens during the same function, the full
Request ID can be generated up-front and stored, making
GenerateRequestId() no longer necessary.
This patch also simplifies the threading story around this shared state
by using a std::atomic<uint64_t>. Bringing the code that interacts with
the shared state together into one place and replacing it with atomic
operations will simplify locking around this code when CryptoSession
locking is revamped in a future patch.
Bug: 70889998
Bug: 118584039
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I12d2f6501f872f1973e5a9af5125ca03f23e5a56
[ Merge of http://go/wvgerrit/69724 ]
Some queries no longer require a session to be opened before they
can be answered - security level, current HDCP level, max HDCP level,
usage support, number of open sessions, max sessions,
OEMCrypto API version, current SRM version, SRM update support,
resource rating tier and OEMCrypto build information.
b/117104043
Test: WV unit/integration tests
Change-Id: I92f8249e5599860da8cbf42d3b16f25515a46c55
[ Merge of http://go/wvgerrit/68083 ]
Add ability to query decrypt hash support, set a hash computed over a frame
and retrieve the last error at a later point.
Bug: 34080802
Test: WV unit/integration tests. New tests added to cdm_engine_test,
libwvdrmdrmplugin_hidl_test and request_license_test.
Change-Id: I7548c8798c873a6af3e1cfc0df57c117e1e474a6
[ Merge of http://go/wvgerrit/67884 ]
Now that we can use C++11, we should use the cross-platform std::mutex
type, not the custom pthread version.
Bug: 111850982
Test: WV unit/integration tests
Change-Id: If2fde2836826c5184609e6b1f3a6511206bd4594
[ Merge of http://go/wvgerrit/67324 ]
This introduces the ability to query resource rating tier information
through the plugin and CDM. Resource rating tiers are also
sent in the client identification portion of the license request.
Bug: 117112392
Test: WV unit/integration tests
Change-Id: I68ac6dfc4362f61150af822bd526e346b5cc4bf7
(This is a merge of http://go/wvgerrit/66643)
The sub-license feature has been removed from the server and packager.
So that we do not have to continue maintaining the code that supports
this feature that never shipped, I am removing it from the CDM as well.
Bug: 113165466
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I5d25844b161e74aa19adf19a29c56e4881aa7304
Merge from master branch of Widevine repo of http://go/wvgerrit/66073
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64083
As part of the update to v15, LoadKeys, RefreshKeys, and
LoadEntitledContentKeys should all use offsets and lengths into the
message rather than a pointer for its parameters. The CDM, tests,
adapters, and OEMCrypto implementations are changed to reflect this.
Test: tested as part of http://go/ag/5501993
Bug: 115874964
Change-Id: I981fa322dec7c565066fd163ca5775dbff71fccf
(This is a merge of http://go/wvgerrit/65782)
We have had our own scoped_ptr implementation that is used throughout
the codebase. Now that we support C++11, we can replace these with
std::unique_ptr.
Doing this replacement exposed a few places where the two were not
interchangeable. OEMCrypto Ref was doing some unsafe things with passing
scoped_ptrs to functions and has been updated to use move semantics. And
a few constructors were explicitly constructing a scoped_ptr with NULL,
which is ambiguous with std::unique_ptr. These have been replaced with
default constructor calls.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I37d6d7aad4906709381c74f0c5439f826d2be768
Merge from Widevine repo of http://go/wvgerrit/56520
This CL adds a test base that installs a test keybox and catches nonce
flood errors for all CDM tests.
In order to do this, a new class is added called a
CryptoSessionFactory. The default factory just creates a new
CryptoSession. All places in the code that create a new CryptoSession
now call the static method MakeCryptoSession, which uses the current
factory to create a CryptoSession. If MakeCryptoSession is called and
there is no current factory, a default factory is created.
The CryptoSession constructor is now private, so that we do not
accidentally try to create one without using the factory.
For the new test base, we first create a special test
CryptoSessionFactory that creates a TestCryptoSession. The test
factory catches the first call to MakeCryptoSession and injects an
installation of the test keybox after OEMCrypto_Initialize is called.
The TestCryptoSession injects a sleep statement and a retry whenever
it detects a nonce flood.
Test: current unit tests still pass.
bug: 72354901 Fix Generic Crypto tests.
bug: 111361440 Remove #ifdef from unit tests
Change-Id: I248e7f3c53721c04d2af412ef835e19bb4d15d9a
Merge from Widevine repo of http://go/wvgerrit/49820
Devices with baked-in DRM certs cannot be reprovisioned. As such, we
must protect them against being unprovisioned. Currently, our unit
tests break such devices by attempting to unprovision them. This patch
adds code to block the Unprovision() call on these devices.
Bug: 69264798
Test: CE CDM Unit Tests
Test: tested as part of http://go/ag/4674759
Change-Id: I49322dcb2d3d5c7953e870eb91a9e0b978d4dabe
Merge from Widevine repo of http://go/wvgerrit/46204
Refactor utility code - split the mock, step 1
Merge from Widevine repo of http://go/wvgerrit/46205
Move some OEMCrypto types to common header - split the mock, step 2
Merge from Widevine repo of http://go/wvgerrit/46206
Split mock into two -- step 3
Merge from Widevine repo of http://go/wvgerrit/47460
Split the mock into two -- step 3.5
The CL moves several files used by oemcrypto and cdm into a common
subdirectory, so that it may more easily be shared with partners.
The CORE_DISALLOW_COPY_AND_ASSIGN macro was moved to its own header in
the util/include directory.
This CL removes some references to the mock from other code, and puts
some constants and types, such as the definition of the keybox, into a
header in oemcrypto.
Test: tested as part of http://go/ag/4674759
bug: 76393338
Change-Id: I75b4bde7062ed8ee572c97ebc2f4da018f4be0c9
Merge from Widevine repo of http://go/wvgerrit/47860
This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.
bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
[ Merge of http://go/wvgerrit/46907 ]
The WV client supports root of trusts as keyboxes or OEM certificates.
Devices with keyboxes use provisioning 2.0 protocol to provision
while those with OEM certificates use 3.0. L3 provisioning failures
occur if the L1 and L3 root of trusts differ.
The provisioning method is now retrieved and cached when the
security level is known, when the session is opened.
Earlier it was retrieved and cached at initialization time and
always set to the value of L1 OEMCrypto (if present). This led
to provisioning failures.
A case of acquiring a lock while one was held in GetProvisioningId()
has also fixed.
Bug: 77606913
Test: WV unit/integration tests
Change-Id: I2d66ee2cf64f846cec4a37fbccb554447c8a0e1d
[ Merge of http://go/wvgerrit/42103 ]
* While deprecating keyboxes as identification, some code to
restore a license was mistakenly removed in http:://go/wvgerrit/36740,
http://ag/3442777
* Corrections to keep track of cipher mode, call SelectKeys when cipher
mode changes and to use the backward compatible LoadKeys call in case
OEMCrypto is v13.
Bug: 70160032
Test: Ran WV unit/integration tests. Request license test failures
have been addressed.
Change-Id: Id03c50874085af6d9985d10c19a74a02efb7a1f5
* changes:
Fix some unit tests
Add basic handling for entitlement keys in a license.
Refactor key sessions to move them out of crypto session.
Fix entitlement keys encryption and content key loading.
Merge from Widevine repo of http://go/wvgerrit/41834
Key rotation is not yet supported.
The key statuses are updated from a license. The
mechanism expects content keys tro come in a license.
For entitlement licenses, the content keys come in the
init_data.
This code does not yet support the key rotation event.
(A new pssh with wrapped keys is a passed to the cdm)
The policy engine/key status mechanism needs to be
updated to handle updated from the init_data.
For now, the cdm builds a license with a key container
with the content keys and used that to call
PolicyEngine::SetLicense to setup the policy engine
and key statuses.
Bug: 64003606
Bug: 70334840
Test: In child CL
Change-Id: Ibf46a18f5321cab4ff6f1778ba30527942c8021f
[ Merge of http://go/wvgerrit/41840 ]
Bug: 69867619
Test: WV unit/integration tests
Playback using netflix and play movies on Taimen
Change-Id: I49d0dd9ae12322eecc80efb8cb744419c85e8ae5
This is a merge of Widevine cl 39040.
A few of the metrics were not implemented, or implemented incorrectly in
O MR1. This cleans them up
Bug: 64001676
Test: Re-ran unit tests and added some additional tests. GPlay Movies check.
Change-Id: I1e8bcc36fecd76e72d853306075bc46d82f45161
This CL adds entitlement license features and moves cipher mode from
LoadKeys to SelectKeys.
Merge from Widevine repo of http://go/wvgerrit/41660
bug: 70334840 Entitlement License - cdm layer
bug: 70334345 Entitlement License - reference code and unit tests
test: Entitlement license unit tests pass.
Change-Id: Ic7d7f42c15e6d83ef7fcfd8a866c778adc4c8095
These are a set of CLs merged from the wv cdm repo to the android repo.
* Get System ID From OEM Cert
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37940 ]
(This is a merge of http://go/wvgerrit/30220 . However, it has been
significantly modified in the merge due to needing to support both
OpenSSL and BoringSSL.)
Previously, extracting the system ID was only supported on Keybox-based
systems. This patch adds support for extracting the system ID from the
OEM Certificate chain on Provisioning 3.0 devices. This is done by
getting the Widevine intermediate cert from the chain, finding the
Widevine System ID extension in that cert, and extracting the value.
The code that does the extraction is separate from any code that calls
OEMCrypto so that it can be unit-tested in isolation. This patch adds a
crypto_session_unittest test to do this unit-testing.
Bug: 34776194
Test: crypto_session_unittest
Test: widevine_ce_cdm_unittest
* Remove unique_ptr from oemcrypto mod mock
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/38500 ]
Because we can't have C++11.
Bug: 69935608
* Update CHANGELOG.md
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38460 ]
- Add items about adapter support.
- Add mention of SRM support.
Merged from cdm_partner_3.5
(Change-Id: I6d891e157edc3afb2797bf281ef3f06bdb8fe474)
* Add Adapter for OEMCrypto v13 to v12.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38440 ]
Also fix OEMCrypto_LoadKeys() definition broken by wvcl/38160
(srm_requirement param).
* Allow certain warnings in protobuf build.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38424 ]
maybe-uninitialized is triggered in release build. Allow it.
* Enable -fPIC for jsmc.c build.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38423 ]
-fPIC was removed for common c/c++ build rules. Add it back.
* Missing OEMCrypto_LoadKeys param in static adapter.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38422 ]
srm_requirement param was omitted in v11 static adapter.
* Remove OEMCrypto v12 specification.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38421 ]
* Update documentation for v3.5.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38420 ]
* Added padded preprov key for 7880
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/36924 ]
Bug: 68765915
* Change overrides in CE L3FileSystem
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/38380 ]
The 'override's are changed to the macro defined in override.h to
be gnu++98 compliant.
* Use source android level3 + add cache_flush call
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37900 ]
I put both changes in this CL since I have to generate Level3 libraries
for both anyways. The first change involves shifting from using a
prebuilt static library to using an obfuscated source library output
from the Haystack tool on google3. The second change is from here:
https://critique.corp.google.com/#review/176536782, and addresses
b/69387416. Since the cache_flush function wasn't being used, the
execution on Angler gave inconsistent segfaults, which this CL fixes.
Verified on Angler, Sailfish, and Linux.
11/27/17: Added mips and mips64 libraries.
* Make CDM result codes constexprs
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38280 ]
The values in the enumeration list of CdmResponseType error codes
were earlier implicit. Comments were added to denote the actual
values. This changes to make it fixed values, which makes it slightly
more error prone, but cleaner when errors are retired.
* Change watchdog timer to 2 minutes
[ Merge of http://go/wvgerrit/36340 ]
This relaxes the watchdog timer around the level 3 oemcrypto
initialization to 120 seconds. There are also a couple of new log
messages at the end of initialization and at termination.
Library for arm updated:
level3/arm/libwvlevel3.a Level3 Library 4445 Oct 4 2017 17:06:25
Bug: 65379279
Merged from https://widevine-internal-review.googlesource.com/35480
* Add test to get service certificate from server.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37780 ]
This was extracted from Ic38dd27d06dc7528ae4cd995da4261fe6c34ad55
* Add watch dog timer to OEMCrypto L3
commit ec624ea483cbf8fb3d4e8f393bc25c90a0e29d4b
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/34260 ]
This code adds a watchdog timer to the level 3 initialization. If
initialization does not finish within 5 seconds, the process
will abort, printing a small amount of debugging information.
arm/libwvlevel3.a Level3 Library 4445 Sep 11 2017 14:05:15
Test: unit tests on bullhead. Video on Play Movies.
GTS tests run on loop overnight.
Bug: 65379279
Merged from https://widevine-internal-review.googlesource.com/33540
* Remove libwidevinehidl_utils dependency
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37822 ]
libwvdrmcryptoplugin_hidl has a dependency on libwidevinehidl_utils
which was introduced due to an out of order merge from oc-mr1-dev
to master.
Bug: 69573113
* Automatically generate log location information
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36563 ]
Currently class and method names are manually added to each log message
in the CDM on android and some other platforms. This change prepends
log messages with file name, line number and function name automatically.
The code is platform specific so it can be enabled and the precise
format configured on a per-platform basis.
As an example, here is a log on android before the change,
11-01 02:48:48.658 D/WVCdm (32198): CryptoSession::Open:
Lock: requested_security_level: Default
and after,
11-01 02:48:48.658 D/WVCdm (32198): [crypto_session.cpp(1108):Open]
Lock: requested_security_level: Default
A follow on CL will remove the manually added class/method information.
Bug: 9261010
* Fix BoringSSL Compatibility of oec_session_util.cpp
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37121 ]
A previous change inadvertantly used APIs from OpenSSL that do not exist
in BoringSSL in oec_session_util.cpp. As a temporary fix until we can
move all targets to BoringSSL, this patch switches that file to use
conditional compilation to choose the correct API depending on the
library in use. It does not otherwise change the behavior of the file.
Bug: 67908123
Test: wv_ce_cdm_unittest on x86-64
Test: linux_unit_tests
* Create local shared_ptr implementation
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37600 ]
Derived from protobuf version, which came from google3.
Removed locking (not thread-safe) and removed weak pointers (not
needed for usages in CDM).
Locking can easily be added if needed.
* Revert C++11 usage - back to gnu++98
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37440 ]
These changes roll back C++11-specific constructs:
std::unique_ptr -> std::auto_ptr
container initializers
nullptr -> NULL
std::shared_ptr to local shared_ptr
compiler flags (-std=c++11 -> -sdt=gnu++98)
NOTE: the "local" shared_ptr implementation is temporarily
a direct reference to the shared_ptr implementation in
third_party/protobuf. This has been fixed (implementation
extracted and moved to core/include) in CL 37600.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: Ie09ecb970aa06fe9301ac255375ca7d8e7ead8bc
These are a set of CLs merged from the wv cdm repo to the android repo.
* Make Android NDK Builds Work With Latest BoringSSL
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37000 ]
The latest updates to BoringSSL require C99 or later. Our NDK-based
builds (OEMCrypto Variants & Fastball) were not specifying a C standard.
This patch adds compiler flags so that C files are compiled as C11 now.
Note that this is about the *C* standard in use, not the *C++* standard,
which this patch leaves untouched.
BUG: 67907873
Test: build_android_mock.sh
* Update BoringSSL to f7412cb072cc6b1847140e0c4f8b3ceeccd0e708
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36761 ]
This is the result of running UPDATE_BORINGSSL.sh. Future runs of this
script should produce much smaller sets of changed files, but because
the BoringSSL revision already in this directory was so old and
contained many extraneous files from the Android operating system, the
set of changed files is extensive this time.
BUG: 67907873
* Refactoring the build files.
Author: Vasantha Rao Polipelli <vasanthap@google.com>
[ Merge of http://go/wvgerrit/37041 ]
Move all common build dependencies to .gypi so that all fuzz test
binary targets can be added to .gyp file without repeating code.
* Introduce service certificate request property
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36941 ]
Platforms differ on whether they allows service certificates to be
requested if privacy mode is enabled and a certificate is not present.
This property allows behavior to be configurable.
Generating the service certificate request will be introduced
in a follow on CL.
BUG: 68328352
* Deprecate using keyboxes as identification
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36740 ]
Previously some platforms supported using keyboxes rather than
certificates as the identification tokens in the license request
message. All platforms that share core CDM code of the master branch now
either provision using a keybox and use a DRM certificate or an
OEM certificate as identification. No future usage of keyboxes
as identifying tokens is planned.
Since the platform property use_certificates_as_identification
is always set to true, the negative code paths are never taken and
can be removed.
* OEMCrypto_GenerateSignature API Fuzz Test.
Author: Vasantha Rao Polipelli <vasanthap@google.com>
[ Merge of http://go/wvgerrit/36863 ]
- The first automated API fuzz test.
- Also sumitting the corpus for the API fuzzed.
* Add Script to Update BoringSSL from Source
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36760 ]
Adds a script to third_party/boringssl/ that, when run, deletes all the
auto-generated files in the generated/ directory and regenerates them
from scratch, starting from the latest public HEAD of BoringSSL.
Bug: 67907873
* Fix Fastball / OEMCrypto Variant BoringSSL Makefiles
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36926 ]
Previously, when moving the BoringSSL source within the tree, I was not
able to verify that I had not broken the NDK-compatible makefiles used
by Fastball because that build is broken on master. I had to make a
best-guess as to how they should be updated and hope.
Now, however, I have been informed that the OEMCrypto Variants also use
these makefiles, and I have been able to use that build to find where I
broke them and get them fully working.
Bug: 67386164
Test: build_android_mock.sh
* Add kit/ to BoringSSL Include Path for Fastball & OEMCrypto Variants
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36925 ]
When I moved the BoringSSL source in the tree, I updated the Android.mk
files that pointed to it in order to build it. I did not realize that
some makefiles outside that directory also contained hardcoded pointers
into that directory. These references broke after the move. This patch
fixes those paths to point to the new BoringSSL location.
Bug: 67386164
Test: build_android_mock.sh
* OEMCrypto Unit Test Refactor.
Author: Vasantha Rao Polipelli <vasanthap@google.com>
[ Merge of http://go/wvgerrit/36562 ]
Refactoring OEMCrypto Tests so the Session Utility test code can be reused in fuzz tests.
* Reorder license server config table to match ids
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36743 ]
* Separate Hand-Written BoringSSL Files from Downloaded/Generated Ones
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36561 ]
I want to make updating BoringSSL as simple as possible for us going
forward. A future commit will add a script that automatically downloads
and sets up the latest version of BoringSSL. To facilitate this script,
a clear distinction needs to be made between the files that can be
downloaded with / regenerated from the BoringSSL source and the files
that are maintained by us by hand.
The version of BoringSSL in this change is exactly the same as the one
already in this directory. It has just been moved one folder deeper.
Bug: 67907873
* Remove BoringSSL Symlinks, They Are Confusing Gerrit
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36560 ]
There are some symlinks in the current copy of BoringSSL that are
causing headaches when I try to upload future changes to Gerrit. These
were inherited from the Android OS and are not used by our build
anywhere. They would be wiped out when I update BoringSSL anyway, but
wiping them out in a separate change before I upload any other changes
avoids confusing Gerrit.
Bug: 67907873
* Add group master key id to support sublicense master
key rotation, and content identification.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36180 ]
* OEMCrypto Fuzzer test framework
Author: Vasantha Rao Polipelli <vasanthap@google.com>
[ Merge of http://go/wvgerrit/36280 ]
- Adding a sample fuzz test.
- Adding build scripts for building the new Fuzz Tests to come.
Design doc: go/oemcrypt_ref_impl_fuzz
* Build Mod Mock with C++ 11
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/36328 ]
This should fix the android oemcrypto mock build:
http://go/wvbuild/job/Android_OEMCrypto_Variants
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: Ic4d5be3118ef97e3f7d386149a2b5d9be8f0a87e
