[ Merge of http://go/wvgerrit/133729 ]
[ Cherry pick of http://ag/15836224 ]
The OtaKeyboxProvisioner is a system-wide provisioner for sharing the
provisioning workflow between CDM engines.
Bug: 189232882
Test: GtsMediaTestCases
Change-Id: I873af3087cc05e1831bdd1d2c14fb002b73e6902
Added keybox provisioning proto fields.
[ Merge of http://go/wvgerrit/133730 and http://go/ag/15113032 ]
This CL copies over the required license_protocol.proto changes that
are required for OTA keybox provisioning. These fields are defined in
the server-side certificate_provisioning.proto, defined in
http://cl/377533774.
Note, changes are slightly different from server proto due to the RVC
version of license_protocol.proto being out of date with SC and newer
changes.
Bug: 189232882
Test: run_x86_64_tests
Change-Id: I55fcf6a7ac2ba4b6026b9acc63e822ff33c431d9
Added OTA keybox provisioning device files.
[ Merge of http://go/wvgerrit/133743 and http://go/ag/15421141 ]
This change adds a new set of proto messages/fields the CDM's device
files for recording device and engine information around OTA keybox
provisioning (OKP).
To make cleanup and thread protection possible, there is a single file
which will contain all the information for the device as a whole and
each CDM engine tied to an app/origin.
Bug: 189232882
Test: Linux unit tests
Change-Id: Iaf80cd6342f32657e04416750d9b278d935821a5
Client ID for OKP requests.
[ Merge of http://go/wvgerrit/133744 and http://go/ag/15645331 ]
Extended the CDM ClientIdentification class to support a subset of
client info used for OKP requests.
Bug: 189232882
Test: Android unit tests
Change-Id: I6aafb4f2164efe69bc733ece0a912f0e91893b91
Merge from Widevine repo of http://go/wvgerrit/133703 and
http://ag/14707867
[ Cherry-pick of http://ag/15835345 ]
In order to use a local provisioning server, we need to use a
different test keybox system id that is in the dev device database
instead of the production database. We also need to use a local
license server that uses the dev license server.
Bug: 187646550
Test: GtsMediaTestCases
Change-Id: Ice89143dd26de22757375a770c6bac716fcbc057
Add Keybox OTA Provisioning functions to OEMCrypto header
Merge from Widevine repo of http://go/wvgerrit/133704 and
http://go/ag/14707868
Bug: 188228998
Change-Id: Iff54bc2870e87bf7239e179e1d02fbcc8df6198f
Stub build changes to support OTA Keybox
Merge from Widevine repo of http://go/wvgerrit/133725 and
http://go/ag/14781459
This CL adds a new unit test file for testing OTA keybox
reprovisioning functionality. This new test is built when running the
dynamic adapter in the linux build, and in the Android build.
Bug: 187646550
Change-Id: I625513840188f95e74831ef2ea399e827e837439
Add OTA Keybox functions to dynamic adapter
Merge from Widevine repo of http://go/wvgerrit/125843
and http://go/ag/14781460
Bug: 187646550
Change-Id: Ief78ed10599c091690e0d7dc488ea71674c763b5
Refactor dynamic adapter keybox verification
Merge from Widevine repo of http://go/wvgerrit/133727http://go/ag/14812524
The keybox validation needs to be done separately from initializing
the library so that we can support Keybox OTA Reprovisioning.
If L1 loads, but the keybox is missing, the initialization should
succeed. When the keybox is validated, the adapter should try to look
for a keybox on the filesystem. if none is found, it should either
return NEEDS PROVISIONING or an error.
Bug: 187646550
Change-Id: I34a8c365a5a5ca35c379bea827c85c749964744c
Update crypto session to use new OTA keybox functionality
Merge from Widevine repo of http://go/wvgerrit/133728 and
http://go/ag/14812525
This CL stubs out two new CryptoSession functions that call the new
OEMCrypto functions for OTA Keybox Provisioning. It builds! Yay!
It also adds a boolean needs_keybox_provisioning that is set to true
when OEMCrypto reports that it needs a keybox. This should only happen
if there is no keybox installed and oemcrypto supports provisioning.
Bug: 187646550
Change-Id: Ide9533943125aa13b8899b652b118a0b410c882c
Because the fake clock is getting out of sync with the real clock
for the nonce flood tests, add a call to TestSleep::SyncFakeClock()
in Clock::GetCurrentTime() to force a sync.
Merged from http://go/wvgerrit/133223
Test: duration_use_case_test and nonce flood tests on bonito
Bug: 198329759
Change-Id: Idfd92c6cc57750a52477189461220c682b302082
[ Merge of http://go/wvgerrit/128683 ]
The CDM session was incorrectly recording the "license SDK version" as
the "license service version" in the session metrics. This
discrepancy reduces the quality of devices' metrics and limits
debugging capabilities for the Widevine metric monitoring services.
Bug: 193177333
Test: Linux unit tests
Change-Id: Ic58cf7bc4fde777bb590c05777b76f5ff5c2f1ea
[ Merge of http://go/wvgerrit/128325 ]
There were a few cases where |cdm_by_session_id_| was being iterated
over and the CDM did not acquire any write-protection locks to prevent
other threads from changing the map simultaneously.
In particular, it was possible that while cleaning up a CDM, and
removing all the associated session in |cdm_by_session_id_| another
CDM could have been opening a session and creating a new association
in |cdm_by_session_id_| at the same time.
Cases where |cdms_| and/or |cdm_by_session_id_| is being written to or
iteratively read from should require a lock. The iterator of
std::map maintains a "view" into the map's tree structure. Modifying
the map (inserting or deleting elements) can potentially change the
structure of the map and the underlying assumptions built into an
iterator's view (ex, the iterator thinking there is an element to the
left or right).
Modifying the value within the map can potentially cause problems, but
is not applicable in our case (we modify the object pointed to by the
map element, but not the pointer itself).
Bug: 190405462
Test: build_and_run_all_unit_tests.sh and MediaDrmTest
Change-Id: I043e238570dac9a0db990f8fe66be271062b965c
[ Merge of http://go/wvgerrit/128163 ]
In android S, we added a feature b/169740403 [Limited lifespan DRM
certificates with license preservation]
Due to uncertainties of when the provisioning service will
launch, we are disabling expiration for legacy DRM certificates.
If the feature does not launch in time, existing DRM certificates
will expire and be replaced. Offline licenses associated with these
expired DRM certificates will fail to load.
Expiration of legacy certificates will be reenabled at a later time.
The main portion of feature, the issuing of new DRM certificates with
expiration time will still be supported.
Bug: 192428783
Bug: 169740403
Test: WV unit/integration tests
Change-Id: I1d1184249848f215953a837f369528d3b74c9618
[ Merge of http://go/wvgerrit/128183 ]
As was the case with WvCdmStreamingUsageReportTest.ReportTest, the
following tests were also updated to handle the case where "license
duration" is unlimited:
- WvCdmStreamingNoPstTest.UsageTest
- WvCdmStreamingPstTest.UsageTest
- WvCdmOfflineUsageReportTest.UsageTest
This is due to the new license duration model used for V16 licenses.
Bug: 163542905
Test: cdm_extended_duration_test
Change-Id: I24d3fc17fcf19129a19ed39a5c6c1ddd59ed073d
[ Merge of http://go/wvgerrit/128143 ]
Now reports LICENSE_STATE_ERROR rather than ERROR_DRM_GENERIC_PLUGIN
to make the cause of failure and suggested action more clear for app
developers. Also added an additional error log.
Bug: 190645000
Test: WV unit/integration tests
Change-Id: Ib23ca628c590316f90f497d8fdfbab24fd644d6f
Merge from Widevine repo of http://go/wvgerrit/127743
There was some confusion about who owned the OEMCrypto security level
string in a multithreaded environment. This is solved by caching the
security level at initialization time.
Bug: 188706160
Test: ran unit tests on bonito
Change-Id: I93af3bb2e5a8bf190627ee568f752b5ea9543306
[ Merge of http://go/wvgerrit/128046 ]
Test case WvCdmStreamingUsageReportTest.WvCdmStreamingUsageReportTest
was failing comparing "license duration" values returned when querying
for key information for licenses with unlimited "rental duration".
This is due to the new license duration model used for V16 licenses.
From the Widevine MediaDrm doc for "LicenseDurationRemaining":
For OEMCrypto v16+ (Android 11 and later), license duration is no
longer being enforced. If rental duration is set to never expire,
”9223372036854775807” (LLONG_MAX) will be returned.
Similarly, the test has been updated for "playback duration" queries
of the same case.
Bug: 163542905
Test: cdm_extended_duration_test
Change-Id: I57e0e435631a151fac45c963d865de256a773644
Merge from Widevine repo of http://go/wvgerrit/127246
The unit tests WvGenericCryptoTest expected an error code to be
returned from SelectKey. But we allow an invalid key to be signaled
either at SelectKey or later when the decrypt operation occurs.
This CL just updates the tests.
Bug: 190745519
Test: ran tests on bonito
Change-Id: Ibacc92d6a6e708f2f104cb549b5845335f6c8cf5
[ Merge of http://go/wvgerrit/126463 ]
The Version Number in the test is being updated to 12 to reflect
android OS version (Test only change)
Bug: 190467766
Test: WV request_license_test:
requestVersionNumberTest.VersionNumberChangeCanary
Change-Id: Iad4bb3f178fb2dcb454027c1323e51fe34dfdfff
[ Merge of http://go/wvgerrit/126744 ]
* EngineMetrics previous_oemcrypto_initialization_failure is set only
on a previous failure. Removing it from the list of expectations
as we cannot be certain that it will or will not be set unless we
know the previous state of the device.
* Corrected client_capabililties expectations in
CdmLicenseTest.PrepareKeyRequestValidation
* Correct error expected in
- WVDrmPluginTest.RejectsAtscProvisioningRequests
- WVDrmPluginTest.RejectsAtscUnprovisionDeviceRequests
* Correct expectations
- CdmSessionTest.InitWithBuiltInCertificate,
- CdmSessionTest.InitWithCertificate
- CdmSessionTest.ReInitFail,
- CdmSessionTest.InitFailCryptoError
Bug: 181693982
Test: WV unit/integration tests
Change-Id: I2f1e1c38604d768e0532b30d8551c77ea45e63f4
[ Merge of http://go/wvgerrit/126063 ]
As a side-effect of fixing b/161865160 CDM checks to flag reloading
of an offline license were removed. This left it to the OEMCrypto
which varied by device implementation. Checks are being reintroduced
to the CDM and will help MediaDrm return the expected error
ERROR_LICENSE_STATE.
In addition restoring an offline liense to a session where a license
is already loaded will be rejected.
Bug: 184608310
Bug: 182208685
Test: WV unit/integration tests
MediaDrmTest.testMultipleLoadKeys
Change-Id: Id8ee069d22819f7823aa6af11a41f35f0a04ce0a
Merge from Widevine repo of http://go/wvgerrit/125046
Add some extra fudge to the termination time. This assumes that flaky
tests were caused by roundoff error.
Bug: 175741647
Change-Id: I9bcc86f9b9540e5985df647dd1b5c5d439556e2b
[ Merge of http://go/wvgerrit/124004 ]
When the CDM creates a new usage entry for an offline or streaming
license, the new entry is immediately moved to the lowest available
entry index that has been marked as vacant (kStorageTypeUnknown).
When a license is released, its meta data that is managed by the CDM
is cleared; however, the usage entry's index is marked vacant, but it
is not released. This creates wasted entry space in the usage table.
Unfortunately, defragging the table is computationally expensive and
may not be able to actually free up much space depending on when it
is performed.
For a typical user, this will likely not be an issue as the table
can get quite large compared to the number of licenses an app uses
and the table is partially cleaned on each boot.
GTS tests, however, have reached a point where they fill the usage
table before all tests are complete. This is causing many unexpected
failures for devices. Most of these tests release their license, but
the CDM never reaches a state where it can clean up the table.
By moving newly created entries to the lowest available index directly
after creating the entries, the table never needs to grow unless all
entries are in use. Clean up is now almost never required.
Bug: 180639135
Bug: 180638990
Bug: 180638530
Test: MediaDrmTest#testWidevineApi28
Change-Id: I1a68d90d51384094298b27037778747ce7435374
[ Merge of http://go/wvgerrit/122984 ]
There was an issue encountered by some vendors with how the usage
table was initialized on some devices. Previously, the CDM would
open an OEMCrypto session first, then initialize the usage table
(loading existing or creating a new one). On these devices,
OEMCrypto_CreateUsageTableHeader() and OEMCrypto_LoadUsageTableHeader()
would fail if there were any open sessions.
This CL changes the initialization process to create/load the usage
table before opening an OEMCrypto session.
This change also lays the ground work for another usage table fix
to address GTS tests failure.
In the process, several of the functions for the usage table have been
split up into smaller chunks of code. This required additional changes
to the usage table unittest to keep them up to date.
Bug: 169195093
Bug: 180639135
Test: Linux unittests and MediaDrmTest
Change-Id: Ifbf35f5d8cff5b89fea9b16edb998c84803f4fbe
[ Merge of http://go/wvgerrit/124063 ]
LicenseDurationRemaining used to indicate the minimum of rental or
license duration till OEMCrypto v16. OEMCrypto v16 onwards it began
reporting rental duration alone.
This is confusing for app developers and content partners. Keeping
LicenseDurationRemaining as apps may depend on it but adding
RentalDurationRemaining for clarity.
Bug: 186838303
Test: WV unit/integration tests, WvCdmRequestLicenseTest.QueryKeyStatus
Change-Id: I6c507150a0945ee36716b4da189f5741b092c0ec
[ Merge of http://go/wvgerrit/123263 ]
In b/65839890 we discovered that an android app loaded an offline
license more than once in a session. We did not intend to allow
this behavior but did not prohibit it. OEMCrypto v16 disallowed
this behavior at the OEMCrypto level but we worked around it
within the CDM to maintain the bad behavior. Now that we have confirmed
that the app no longer relies on that behavior, we are reverting
the CDM workaround.
Bug: 161865160
Test: WV unit/integration test, GtsMediaTestCases
Amazon, Netflix, Google TV streaming and offline playback.
Change-Id: I31254e4c13b81587f88c6c684d08d5aa5c18e39d
[ Merge of http://go/wvgerrit/122613 ]
Further log clean up in the core CDM code.
- Changed several INFO logs to DEBUG and VERBOSE
- Added more identifiers to the DEBUG logs to help match resource
associations
- Added more enum-to-string functions
- Unknown enum values will be formatted to contain their numeric
value
Key areas improved are the UsageTableHeader and CdmSession.
Bug: 183576879
Test: CE CDM unittests
Change-Id: I2d11e714d419e0736d3e2f7a7668e8d36d7ef449
* changes:
Fix CDM Builds w/ OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION
Fix unused param warnings in oemcrypto fuzz test
Add http socket tests to other tests
Turn on ODK tests in CE CDM test and fix test helper
Undoes a change to the buffer size from http://ag/13865723
Bug: 184813991
Test: WV unit/integration tests
Change-Id: I40cf786f149626ff65a3362020b3da859bb86159
Merge from Widevine repo of http://go/wvgerrit/108224
A recent Copybara merge to master broke CDM builds by introducing a
new OEMCrypto error code. This patch adds it to the test printers so
that the build can pass again.
Bug: 185597829
Test: CE CDM Build
Change-Id: I6dd829f4c618c9ebec937cf711ff57b7f1678994
Merge from Widevine repo of http://go/wvgerrit/122224
This CL removes the separate main() in http_socket_test that
allowed the user to set the server on the command line. I
don't think anybody was using this, and it conflicted with
our desire to include this suite of tests with the other CE
CDM tests running on Luci.
test: ran http_socket_test
bug: 118657876
Change-Id: I9228b9cc97a0af2afd1bb4a99bc40b88ce956d67
[ Merge of http://go/wvgerrit/123103 ]
This corrects setting of first and last playback times stored by the
CDM on rollback. Earlier usage information from the usage entry in
OEMCrypto would be ignored on rollback even when available.
Information stored along with the license in persistent storage would
be used instead.
A new test with longer duration expiry has been added as well as some
additional verification.
Bug: 186199213
Test: WV unit/integration test
Change-Id: I601f9584a8a0c5137ce68546f8ec833bf2e70cc5
[ Merge of http://go/wvgerrit/122885 ]
A recent change to the license service resulted in PSTs being inserted
into persistent renewable licenses even when not specified by the
content provider. This caused ReleaseOfflineKeySessionUsageDisabledTest
to fail. The asset was changed to use a policy for a persistent
license without renewal.
Offline_RollbackBeforeRestoreKey failed because the duration of the
license is short. It has expired when the clock is restored after a
rollback.
Bug: 181693982
Test: request_license_test
Change-Id: I0a2c2a09e563c81c134fba1f310deb1eb4de26a3
[ Merge of http://go/wvgerrit/121568 ]
The CdmEngine logs had both too much and too little information.
Since our logging has been enabled to print function names natively,
many of the log information has become superfluous. Needless
information has been removed, and many of the important INFO logs have
been reduced to only the information not present in the function name.
Some of the INFO and ERROR logs were missing identifiers to match
failures with the same session request should the failures take more
than a few milliseconds to occur. CDM session IDs and key set IDs
have been included in all the logs that _appeared_ to have a slow
operation between the top of the method and log.
To help make enum values more readable, several enums-to-string
functions have been implemented. These converters are intended for
INFO logging and as such, do not log any addition information should
the enum be out of range.
To help make empty and null identifiers more readable in the logs,
empty strings will be logged as <empty> and null strings will be
logged as <null>.
While working through the "cdm_engine.cpp" file, a few minor changes
have been made:
- Adjust if statements to match with Google C++ style guidelines
- Skipped anything that was not obvious
- Added a const qualifier to variables where appropriate
- Moved some null checks to the top of the method
- Only where sequence is non-critical to normal operation
- Removed unnecessary string to vector to string conversions
- Reject empty |force_session_id|
- Already enforced on CE CDM code and not uesd on Android
Bug: 183576879
Test: CE CDM unittests
Change-Id: Id165373055f7ce6097c93c48f84af74bd353c8cb
