[ Merge of http://go/wvgerrit/119684 ]
This allows for a default DRM certificate that includes an expiration
time and a legacy one without for each app+origin specific identifier.
Existing offline licenses/secure stops are not associated with a
certificate, and so we cannot delete legacy certificates even after
fetching a new one. New offline licenses/secure stops will be associated
with certificate information, so we will not have this problem going
forward.
Bug: 169740403
Test: WV unit/integration tests
Change-Id: I0f08f6bf98775fd43927243dc4a9f75f21bfbbcc
[ Merge of http://go/wvgerrit/119644 ]
This change includes additional fields in DeviceCertificate, License and
UsageInfo.
New DRM certificate will include a creation and expiration time.
In addition acquisition_time_seconds will allow the client to calulate
expiration time even when client and provisioning service clocks
are not in sync.
expiration_time_seconds will allow clients to expire DRM certificates
that do include an expiration time. A random value within a window
(4-8 months after update) will be calculated to avoid
a provisioning storm.
Drm certificate will be added to offline licenses. In a future release,
licenses will be removed on expiry and the certification information
that needs to be sent to the license service will be reduced.
This should reduce space overhead.
UsageInfo will use a certificate cache in case multiple usage info
entries use the same DRM certificate.
Bug: 169740403
Test: WV unit/integration tests
Change-Id: I2f34a1df526fa8168162a1b1ea930a2f257b87cd
[ Merge of http://go/wvgerrit/119804 ]
The coverage framework used by Android requires the process to call
exit() for coverage information to be dumped after the tests.
Android unit tests have been adapted to use the a new main module.
The core test_main.cpp used by integration tests has been updated to
call exit().
Bug: 138941105
Test: Linux and Android unittests
Change-Id: Ifffc7b8290c50dffe527738a36547c1d2fb90bd3
[ Merge of http://go/wvgerrit/119564 ]
This closes a crypto session when the provisioning request fails. We
cannot be as eager when handling the response as the app may have
multiple simultaneous provisioning attempts in flight. In this case
all provisioning responses except the one associated with the last
request will fail. If we close the session on error, even the one
associated with the last request may fail.
Bug: 180986725
Test: WV unit/integration tests
Change-Id: Ic3d33a374e442b5bf040e345bed829d91c4ef1dc
[ Merge of http://go/wvgerrit/119563 ]
This also increases the max log size from 1024 to 5120
Bug: 181642154
Test: WV unit/integration tests
Change-Id: Ifae90354dad1165f4d9fa3c9fe33a4dc14df1270
[ Merge of http://go/wvgerrit/118563 ]
Sync with the latest version of drm_certificate.proto to add in
certificate expiry time. Add in signed_drm_certificate.proto and remove
messages from device_certificate.proto.
SignedDrmDeviceCertificate and DrmDeviceCertificate are now named
SignedDrmCertificate and DrmCertificate. This necessitated non-proto
changes.
Bug: 169740403
Test: WV unit/integration tests
Change-Id: Ie5969ac7217a25eb075a41df59b77da2becd4545
This is a squash of several different CLs with chnages only affecting
duration_use_case_test.cpp
* Integration test for license duration with renewal
[ Merge of http://go/wvgerrit/117263 ]
Bug: 180067457
* Add test for infinite renewal
[ Merge of http://go/wvgerrit/107743 ]
This adds a test that verifies an infinite renewal is processed
correctly.
Bug: 162516965
Bug: 170355696
Bug: 169213621
Bug: 166728158
* Add more time to CdmUseCase_Streaming test
[ Merge of http://go/wvgerrit/114146 and http://go/wvgerrit/114147 ]
The duration tests CdmUseCase_Streaming.Case3 was flaky on the
buildbot for platforms with a real clock because there was only room
for 1 second of fudge at the end of playback -- i.e. the rental window
ended at 35s, but the last playback was 34s.
Bug: 175741647
* Set renewal server on command line for tests
[ Merge of http://go/wvgerrit/110903 ]
This CL adds the ability to set the renewal server on the command
line, and adds some comments to the build scripts' README file to
explain how to test a server rollout.
Bug: 173031207
* Change duration test fudge from 1 to 2
[ Merge of http://go/wvgerrit/112143 ]
Some duration tests are flakey. Let's see if this cleans them up
enough.
Bug: 175741647
* Correct some grammar
[ Merged from http://go/wvgerrit/111824 and http://go/wvgerrit/112063 ]
* Add license duration test
[ Merge of http://go/wvgerrit/109143 ]
This adds a license duration test that behaves the same as a rental
duration test. We do not encourage content providers to do this, but
it is reasonable that legacy licenses should work.
Bug: 172099147
* Shorten duration tests
[ Merge of http://go/wvgerrit/108664 ]
This CL tweaks some of the times in the duration use case tests so
that they take less time to run.
These changes the CdmUseCase test time from six and half hours to 3
and a quarter. A 50% savings!
Bug: 170746277
* Improve logging and edge cases in duration tests
[ Merge of http://go/wvgerrit/108663 ]
This cleans up some logging, and handles some edge cases on renewals
when the renewal request round trip overlaps the cutoff time.
Bug: 170746277
* Remove extra cutoff computations
[ Merge of http://go/wvgerrit/106783 ]
The duration tests originally tried to keep track of when the timer
would have gone off if the test was allowed to continue. This proved
impracticle, so the extra parameter has been removed. The tests still
closely match the documented use cases.
Bug: 169453960
* But not too lenient
[ Merge of http://go/wvgerrit/107943 ]
Previously, the duration tests were modified to allow playback to
continue in some cases. See the documentation or code for a list of
these cases. However, the tests had been modified to force playback to
continue in these cases.
This is not desired: in some cases, v15 devices can restrict playback
as requested. This CL changes the tests so that playback restriction
is allowed. In other words, we no longer force older devices to fail
the test.
Bug: 169255315
* Make some integration tests lenient
[ Merge of http://go/wvgerrit/106843 ]
This allows devices that have OEMCrypto version < v16 or do not
support usage tables to continue playback for an offline license after
the playback window has expired.
Bug: 169582310
Test: duration_use_case_test.cpp
* Add Renewal Use Case tests
[ Merge of http://go/wvgerrit/105826 and http://go/wvgerrit/103784 ]
This CL adds several integration tests that match the duration use
cases with renewals. The test classes are designed for the core cdm,
but the test cases match those found in
oemcrypto/odk/test/odk_timer_test.cpp.
Test: tests pass except for documented bugs.
Bug: 161463952
Change-Id: Ib4775d48490cf150b89aeb2cc64e01a1428f0ab5
This is a squash of several different CLs with changes only affecting
policy_integration_test.cpp
* An integration test for secure buffers
[ Merge of http://go/wvgerrit/113905 ]
This extends the previous CL that loads a license that has a key that
requires a secure buffer. It now creates a secure buffer and tries to
decrypt to it.
Bug: 38004627
* Test loading license requiring secure buffer
[ Merge of http://go/wvgerrit/113903 ]
This adds a policy test to verify we can load a license that requires
hardware secure buffers.
Bug: 38004627
Test: WV unit/integration tests
Change-Id: I1cc0b607ddf5b43fc6b7ba648f3c78d6163e14e9
[ Merge of http://go/wvgerrit/116243 ]
Currently if a command line argument is not understood, all tests are
skipped and the test suite passes.
Bug: 182058081
Test: WV unit/integration tests
Change-Id: I9725a9ed9446f15f08372e68c7a25dffd99c7cef
[ Merge of http://go/wvgerrit/110903 ]
This CL adds the ability to set the renewal server on the command
line, and adds some comments to the build scripts' README file to
explain how to test a server rollout.
Bug: 173031207
Test: WV unit/integration tests
Change-Id: Ibe71e77469c94601627fb85a1ad4654553d3eb1a
Change-Id: I7e9bfc873c78e26c0cece113dc8a3d08cd9163db
[ Merge of http://go/wvgerrit/117267 ]
This includes some clang-format corrections that were missed in the
original merge from wvgerrit.
Bug: 174174765
Test: WvCdmRequestLicenseTest.ProvisioningRevocationTest,
WV unit/integration tests
Change-Id: Ifd16ab51eb89530fa5e0b91acc42f30864246d38
[ Merge of http://go/wvgerrit/111903 ]
CDM metrics has been updated to include the DRM key type. The CDM
session records the key type when the wrapped DRM key is successfully
loaded into an OEMCrypto session.
Now that the API refers to a general DRM key rather than an RSA key,
the timer metric for loading the DRM key has been renamed on the client
to reflect this.
Test: Metric unit tests
Bug: 140813486
Change-Id: I9069f13ac7c979cc8556e08591e1cf8f623d0a84
(cherry picked from commit 47fc031576)
Merged-In: I9069f13ac7c979cc8556e08591e1cf8f623d0a84
This commit is a combination of the following:
* http://go/wvgerrit/117003
* http://go/wvgerrit/118303
Bug: 162255728
Test: MediaDrmTest#testGetLogMessages
Change-Id: I5699b64d5c4bab463e5b587595fa7d324dc1d93f
[ Merge of http://go/wvgerrit/117267 ]
The client will now advertise the ability to handle provisioning errors
by a minor version updated to the provisioning protocol version.
The provisioning service may indicate that the individual device
is revoked or all devices with the same make/model have been revoked.
If the provisoning service has not been upgraded, the protocol version
field in the request will be ignored. The provisioning service/SDK
will respond with an HTTP 400 error to a provisioning request from
a revoked device.
Bug: 174174765
Test: WvCdmRequestLicenseTest.ProvisioningRevocationTest,
WV unit/integration tests
Change-Id: I5ff61496685f310de6704a90452b8b76b3505cbb
[ Merge of http://go/wvgerrit/117266 ]
These changes facilitate communication of provisioning errors from
provisioning service/SDK to the client.
Clients will indicate in the SignedProvisioningMessage whether they
support handling of error information in the ProvisioningResponse.
The provisioning service/SDK can then indicate why the provisioning
request is being rejected.
The protocol_version field from SignedProvisioningMessage has also been
broken into separate protocol version and provisioning type fields.
This will support changes planned for future releases.
Bug: 174174765
Test: WV unit/integration tests
Change-Id: Ic1a41ed8f83b69697300c586a78266fac20298fb
[ Merge of http://go/wvgerrit/110923 ]
The CDM is responsible for telling OEMCrypto the underlying DRM
private key type when loading it into a session. To do this, the
CDM must determine and store the key type of a successfully loaded
provisioning response. The type of key is available from the
DRM certificate proto that is provided in the reponse.
This change introduces a class to contain the wrapped key and
type together. To store the type, the CDM device files have been
updated to include a key type with the DRM certificate and to
store from and load to the new class.
Unittests have been updated for using the new class where the
wrapped key was used before.
Test: Linux unit tests
Bug: 140813486
Change-Id: I09249afe9c291632fb651ecd00eac697d6939ec7
(cherry picked from commit 6c457402e944079271cef488aa4699f986da6a2e)
Merged-In: I09249afe9c291632fb651ecd00eac697d6939ec7
[ Merge of http://go/wvgerrit/110824 ]
When generating a provisioning request, the CDM includes the different
certificate key types that are supported.
This change will enable the reporting of ECC certificate types if
OEMCrypto supports them.
Test: Linux unit tests and Android integration test
Bug: 140813486
Change-Id: I713ff1c469dff5c8a41461727ce63486d962575e
(cherry picked from commit 547d2f8775)
Merged-In: I713ff1c469dff5c8a41461727ce63486d962575e
[ Merge of http://go/wvgerrit/110823 ]
DrmDeviceCertificate is the CDM's reduced version of DrmCertificate
used in the backend. With the introduction of ECC, the CDM needs to
extract the signature algorithm to determine how to handle the wrapped
private key used by OEMCrypto post-provisioning.
This change brings the DrmDeviceCertificate in line with the
provisioning service's DrmCertificate message as the new source of
truth.
Bug: 140813486
Test: Compiled proto
Change-Id: I164a1c9266fb74b6cdd0ff35f1986ca032033bba
(cherry picked from commit 667c672c80)
Merged-In: I164a1c9266fb74b6cdd0ff35f1986ca032033bba
[ Merge of http://go/wvgerrit/108904 ]
Client ID name-value fields in the license request share the same
namespace with app parameters and WV standard device information. As
a result, it was possible for applications to provide parameters that
could potentially fool the license server with spoof values.
This CL restricts the use of the fields that are common across both the
Android CDM and CE CDM. Currently, Android specific fields are
restricted by the MediaDrmPlugin layer, and there are no CE CDM
specific fields currently defined.
The non-HIDL DRM plugin does not restrict these fields; however, it
will be removed in S.
Bug: 171723566
Test: Android integration test
Change-Id: I5ad9ead73c5aff712dff8133953de5ddc3296452
[ Merge of http://go/wvgerrit/110603 ]
Qualcomm SoC may report 10085 (RSASSA-PSS signature error) when
OEMCrypto_PrepareAndSignLicenseRequest is called. The app needs to
reprovision (or the user needs to factory reset their device) in order
to recover.
If the 10085 error is returned, the app currently will get a
MediaDrmStateException. The app has no way to be able to tell
whether this is due to the 10085 error or some other error.
This change returns a NEED_PROVISIONING error at the CDM level, which
will result in the app receiving a NotProvisionedException when
MediaDrm.getKeyRequest is called.
Bug: 174375589
Test: WV unit/integration tests
Change-Id: I4f2884c8a5fd88ab2e9bfbc0731a20e58cec0f36
[ Merge of http://go/wvgerrit/110165 ]
The conditional compilation for flagging the CDM and ODKiTEE logging
functions as printf-like was guarded by a check on "__gnuc__" or
"__clang__". However, GCC doesn't actually define "__gnuc__", it
defines "__GNUC__", all caps. Fixing this causes GCC to find a slew
of format-string errors that Clang was accepting. This patch fixes the
capitalization and the uncovered errors, most of which fall into one of
a few categories:
1) The format string and variable had different signedness. For these,
the format strings are updated to match the variables.
2) The variable was an array index that was not of size_t. For these,
the variables have been updated to be size_t and the format strings
have been updated to use %zu. A few index variables that weren't
actually used in format strings are also fixed to be size_t.
3) The code assumed the signedness of the internal representation of an
integer literal, enum constant, or enum variable. For these, I either
cast the input to a known type so that the format string is valid
regardless of internal representation or I switched to a hexadecimal
format string. The latter case is more useful on ODKiTEE enums where
the literal value is in the code as a 32-bit hexadecimal value
anyway.
This patch also adds missing integer casts to the enum literals in the
ODKiTEE logging header. (These are required for pedantic C99
compatibility when using literal values that do not fit into a 16-bit
integer.)
Bug: 173460694
Test: jenkins/odkitee_ta
Test: build.py x86-64
Change-Id: I244972639a5a6ea0de157eb67e1e0dfa9787ec32
Merging CL:
* http://go/wvgerrit/108203
* http://go/wvgerrit/103904 (changes to L3 source files excluded)
Also added ODK dependency which is required by L3 v16.
Do not replace constant sizeof() with a hard-coded value in L3 library because it is target-specific.
Test: Unit tests on gLinux
jenkins/linux_unit_tests
jenkins/ce_cdm_tests
Test: Unit tests on Pixel 4(flame-userdebug, rvc-qpr-dev)
vendor/widevine/libwvdrmengine/build_and_run_all_unit_tests.sh
Test: Manual ExoPlayer L1/L3 playback tests (flame-userdebug)
WV: Secure HD/SD (cenc,MP4,H264)
WV: Secure HD/SD (cbc1,MP4,H264)
WV: Secure HD/SD (cbcs,MP4,H264)
Test: Widevine GTS tests(bramble-userdebug, master)
http://ab/I23800006571451275
Bug: 136317881
Bug: 139814713
Bug: 173331251
Change-Id: I1656e83a74a0eaf650f55f5e2388819bf5020c0d
[ Merge of http://go/wvgerrit/108143 ]
The CDM property string and MediaDrm property string for the usage
table capacity did not follow the same pattern used for matching all
other property strings. This changes the CDM's version of the string
to match the MediaDRM version. The property string mapper will
automatically be updated when the CDM is updated on Android.
The change in property string was tested on Android R using the
license request integration test.
Bug: 164493147
Test: Android integration test
Change-Id: I84d2e55a192b79738559cc6f71e54f3b1cd964fd
Merge of http://go/wvgerrit/106823
Previously, we worked around a problem by signing a fake license
request when a license did not have a usage entry. However, this was
inside a conditional that the device did support usage tables. This CL
moves that code outside the conditional so that a fake license is
signed whenever the license does not have an entry.
Bug: 169591716
Test: unit and integration tests
Change-Id: Ic4d1a91af63503722b088a136c0a8dca9746a962
Merge of http://go/wvgerrit/105063
When running the local license server, the license does not contain a
URL for the renewal, or it is mangled. We only need to run this test
if we are running against UAT or UAT Nightly.
Bug: only found when debugging
Test: Ran tests with local license server
Change-Id: Ic84fcf9033b945a176119639a21104e4d42258a9
Cherry pick from http://go/wvgerrit/102986, rvc-dev branch of
http://go/wvgerrit/105825, rvc-widevine-release of http://go/ag/12561661
This CL adds several integration tests that match the duration use
cases. The test classes are designed for the core cdm, but the test
cases match those found in oemcrypto/odk/test/odk_timer_test.cpp.
See this document for a list of use cases:
libwvdrmengine/docs/License_Duration_and_Renewal.pdf
Test: Ran the tests against v16 OEMCrypto. Some fail against v15.
Bug: 161463952
Change-Id: I7cd424ae241d3897fbd06956e87dd9da0752cb6d
Cherry-pick from branch rvc-dev of http://go/wvgerrit/105824 and
rvc-widevine-release http://go/ag/12561660
This adds two policy integration tests to verify that we are handling offline
licenses correctly.
Bug: 161023174
Bug: 129301787
Test: WV unit/integration tests
Change-Id: I20f5d6a9fbfd2ff8cff361e1005e45b46c700704
[ Merge of http://go/wvgerrit/104584 ]
This corrects failures in
* WVDrmPluginTest.ReturnsL3SpoidsWhenL3ProvisionedUsingL3Spoid
* WVDrmPluginTest.ReturnsL3SpoidsWhenL3Unprovisioned
* WVDrmPluginTest.ReturnsL1SpoidsWhenL3ProvisionedUsingL1Spoid
and a warning in
* PolicyEngineTest.PlaybackOk_RentalAndLicense0_WithPlaybackBeforeLicense_V15
Bug: 163542905
Test: WVDrmPluginTest and PolicyEngineTest
Change-Id: I3e7799175b7b289fafd2caf88bd5df4123b88973
(This is a merge of the parts of http://go/wvgerrit/105985 that affect
Android.)
This patch fixes some files that, after recent changes, were no longer
building when using OpenSSL instead of BoringSSL. <memory> was missing
in a header, and a function whose return type is different on OpenSSL
was tripping up the format-string warnings.
Bug: 168553979
Test: jenkins/ce_cdm_tests
Test: Android CDM Build
Change-Id: Id6a33d0ce0d3cbe5fe33b3f22aa3ee6b03ac76dd
[ Merge of http://go/wvgerrit/106203 ]
CdmSigningAlgorithm are converted into OEMCrypto_Algorithm enums
before being passed as parameters to OEMCrypto generic crypto functions.
The OEMCrypto_Algorithm variables should never be set to values not
specified in the enum declaration.
These private methods have also been moved to the anonymous namespace.
Bug: 168774486
Test: WV unit/integration tests
Change-Id: Ie570a3cf4447b6c133076baa0909d562824c8e4a
[ Merge of http://go/wvgerrit/108064 ]
The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the core directory.
Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I8ae5a10cbfdf7faae6a2735e57b33729763f10b8
[ Merge of http://go/wvgerrit/107763 ]
This CL enables the ability to query the CDM for the analog output
capabilites of the device. Due to the number of possibilities that
OEMCrypto can report, two queries are exposed:
- Output capabilities: None, Supported, CGMS-C, Unknown
- Can disable: True, False, Unknown
Bug: 168322023
Test: Android integration test
Change-Id: I8036a89237d698f170d2c1901c41d1d6b708c917
(This is a merge of http://go/wvgerrit/107263.)
The CryptoSessionMetricsTest suite assumed that GetOEMPublicCertificate
would only be called once, but in practice, it may be called twice,
since the first call can return OEMCrypto_ERROR_SHORT_BUFFER. This patch
updates the tests to accept 1 or 2 calls.
This patch also updates a few EXPECTs on vector lengths that should have
been ASSERTs, to avoid problems when later accessing the vector.
Bug: 169111969
Test: jenkins/ce_cdm_tests
Test: build_and_run_all_unit_tests.sh
Change-Id: I9432dd2694c7181ab57ed55f66ff6c8be0c867f9
