(This is a merge of go/wvgerrit/23182)
This patch adds the framework for Stable Per-Origin Identifiers to the
CDM. Calculating SPOIDs will be done on the client-side, and they are
sent as part of the provisioning request. SPOIDs are also available to
the app as the Device Unique ID, replacing the previous method of
returning the actual Device Unique ID from the keybox / OEM certificate.
Different SPOIDs must use separate storage, just as different origins
already do. Support for this has been added to the Android adapter to the
CDM Core. However, the code in the Android glue layer that would drive
this behavior will be checked in in a separate change. As such, all
Android devices will continue using the legacy behavior even after this
patch goes in, until the glue layer code can be updated.
Bug: 27101531
Test: CE CDM Unit Tests
Test: Linux Jenkins Unit Tests
Test: Android Unit Tests (with and without SPOIDs forced on)
Test: Android GTS Tests
Change-Id: Ia0caf890381cbcb97504d08b19aeab8b29bd07ae
[ Merge of http://go/wvgerrit/22900 ]
Add GetClientToken(), GetProvisioningToken(), GetPreProvisionTokenType()
to CryptoSession. They return the correct token bytes and token type
for preparing the ClientIdentification message for provisioning and
license server transactions.
Also refactor service certificate handling.
OEM certs are introduced in Provisioning 3.0
b/30811184
* Address build breaks
[ Merge of http://go/wvgerrit/23162 ]
This addresses issues introduced by http://go/wvgerrit/22900
b/30811184
* When http://go/wvgerrit/18012 was merged (ag/1446934) some changes
were not merged for mapErrors-inl.h. These changes are included in this CL.
* When ag/1678104 was reverse merged to http//go/wvgerrit/21981/ a variable
was renamed and some comments were added to add clarity in cdm_engine.cpp.
These changes are included in this CL.
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: Ie0215509f2f985f2a610f5a4c865db47edec8662
[ Merge of http://go/wvgerrit/20205/ ]
This is separate from the server certificate used for license
requests.
b/34211823
Test: Reran unittests. All tests other than some oemcrypto,
request_license_test passed. Those tests failed with or without this CL.
Change-Id: I23abdf276f8d3db9222f014175d0bb5094010a04
* Extend CdmLicense's stored_init_data_
[ Merge of http://go/wvgerrit/14661 ]
CdmLicense will store init data when a server cert must be
provisioned. After provisioning, the original init data can be used
to generate the originally-intended license request.
To do this before, the caller had to call CdmSession's
GenerateKeyRequest with an empty InitializationData object. However,
the init data's type still had to be set, as did the license type.
This CL allows the caller to use a truly empty InitializationData
without a type. To permit this, CdmLicense now stores a full
InitializationData object, rather than just a copy of it's data field.
With this CL, the caller also avoid storing the original license type.
To accomplish this, CdmSession uses the already-set is_offline_ and
is_release_ flags from the original call to reconstruct the intended
license type. The caller uses the new type kLicenseTypeDeferred.
To facilitate storing whole InitializationData objects, they are now
copyable.
This ultimately simplifies server cert code for the new CE CDM.
* Store service certs in Properties
[ Merge of http://go/wvgerrit/14664 ]
This allows CE devices to mimic the Chrome CDM's behavior of sharing
server certs between sessions.
This also affects Android behavior. Previously, provisioned service
certificates were per-session, while explicitly-set service certs
were per-DRM-plugin. Now, both are per-DRM-plugin.
A DRM plugin is associated with a mediaDrm object. Content
providers will still be able to retrieve and use different
certificates. The change here requires an app, that wishes to use
different provisioned service certificates will have to use
multiple mediaDrm objects. This is an unlikely scenario.
Change-Id: If2586932784ed046ecab72b5720ff30547e84b97
* Make CdmProvisioningResponse const.
[ Merge of http://go/wvgerrit/14618 ]
The lack of const on this reference seems to be a mistake, since the
responses is never modified. This also allows the new CE CDM to pass
responses directly through from the caller.
* Let Properties determine DeviceFiles level support
[ Merge of http://go/wvgerrit/14620 ]
Non-Android platforms do not have multiple security levels, and so do
not use the security level to construct a base path.
Instead of requiring a known "security level" to construct a file,
accept anything that platform Properties will accept as a base path.
* Drop Properties::GetSecurityLevel().
[ Merge of http://go/wvgerrit/14617 ]
This seems to be dead code.
Change-Id: I94a970279213100730d6e6c763558dbe386f936a
* Move Properties::Init into platform-specific code
This enables a refactor where property initialization for CE CDM will
use values provided by the application during library initialization.
[ Merge of http://go/wvgerrit/14510/ ]
* Add Properties::AlwaysUseKeySetIds().
When true, all sessions will have key set IDs and all session IDs
will be the same as the corresponding key set ID.
This will help the new CDM interface stick more closely to the EME
APIs, in which there are no such things as key set IDs and sessions
only have a single, random ID used for both streaming and offline.
[ Merge of http://go/wvgerrit/14521/ ]
* Reserve key set IDs in memory, rather than on the file system.
This makes it more efficient to use key set IDs for non-offline
sessions.
[ Merge of http://go/wvgerrit/14535/ ]
Change-Id: I765c3519619b17cc3c4ef95b1a6b125f479ee1d0
(This is a merge of http://go/wvgerrit/13813)
Removes the OS Version property which was only ever implemented on
Android to appease Netflix and never actually used by them. Adds,
instead, a Widevine library version property. Also adds
implementations of this function for both Android and CE Devices.
For Android, the version number is starting at 3.0.0-android, to
reflect that this is the third major revision of the Widevine CDM in
Android.
For CE Devices, the version number is not changing from its current
value (2.2.0) but is gaining a "-ce" on the end in order to
differentiate it from the Android version number.
Bug: 18376638
Change-Id: Ifb3fa0d62631b45d9e91a6a53bcab3be38763d3a
This is a merge from the widevine repository of
http://go/wvgerrit/13923 Switch openssl to use the EVP interface for aes-ctr-128
http://go/wvgerrit/13979 Add Test Certificate to OEMCrypto Mock
http://go/wvgerrit/13978 Add Test Keybox to Level 3 OEMCrypto
http://go/wvgerrit/13873 Enable OEMCrypto Unit Tests
This CL adds a main program to oemcrypto_test.cpp, which filters out
tests that are not supported on the specified platform. It also adds
LoadTestKeybox to the mock. This allows oemcrypto unit tests to be run
on devices that have production keybox. It also allows the same set
of unit tests to work on Android and on non-Android platforms.
b/18962381 Use test certificate (partial fix)
b/19867990 Separate cast receiver tests
Change-Id: If89c31530103ed85aa37d7379bd5b4dc2a927f38
(This is a merge of http://go/wvgerrit/13761 from the Widevine
repository.)
This cleans up our includes to be in Google Style Guide order and in
alphabetic order, for the parts of the code that are expected to
follow Google Style.
This also converts places in our code that were including C headers
in the C++ style (i.e. <cstring> instead of <string.h>) to use C style
instead. This is because, although it was not causing problems for us
yet, on Android these actually include different headers. (<cstring>
is provided by libcxx, while <string.h> is provided by Bionic)
Lastly, this change puts all headers that do not come from within our
project in <brackets> instead of "quotes," which was not being done
consistently.
This change is explicitly NOT trying to standardize the spacing of our
header includes. I have tried to respect, in each file, the spacing
style already present.
Change-Id: If3dc06532ab9b68010285d64518ef21dce3d6354
Merges missing bits from the Widevine CDM repo for
https://widevine-internal-review.googlesource.com/#/c/10653
Most of this change was submitted into lmp-dev, but some tests
were ommitted. This CL completes the missing changes from the
original widevine repo commit.
It also fixes some missing test installation commands.
b/15388863
Change-Id: Id59d885780134c6c6863477f8c49fb9d8ffe509d
This is a combined merge of several small changes to the core in the
Widevine CDM repository:
http://go/wvgerrit/10941
Rename privacy_crypto to allow more variants.
http://go/wvgerrit/11530
Add Missing Header to properties.h
http://go/wvgerrit/11531
More Loosely Couple CdmEngine and CdmSession
Change-Id: I5b3f738ae495ab267da1440421dd7aa6f7860194
(This is a merge of http://go/wvgerrit/11613 from the Widevine CDM
repo.)
Adds a property for the OS version, implements it on Android, and
adds it to the license request property bag so that Netflix may
use it to discern the supported capabilities of the CDM.
Bug: 18230738
Change-Id: If5174a108093855314f3e0102b83691e20bb247b
This CL removes TODOs and email addresses from comments, unifies some
namespaces and cleans a few variable names. It is a copy of multiple
CLs on the widevine side.
Change-Id: I1bb649096476a5001a56d746427399de6a88ff69
(This is a merge of
https://widevine-internal-review.googlesource.com/9711 from the
Widevine CDM repo.)
This change updates the CDM's handling of init data types, previously
known as MIME types, to comply with the latest version of the EME
spec.
Following this change, in addition to accepting the deprecated MIME
types "video/mp4", "audio/mp4", "video/webm", and "audio/webm", the
CDM will accept the new standard: Init data types "cenc" and "webm".
Furthermore, this removes the non-PSSH-parsing path from the CDM. All
platforms have unified on the CDM being responsible for parsing the
concatenated PSSH box list, as outlined in the latest EME spec.
As Android has shipped code that expects pre-unwrapped PSSH boxes and
must maintain backwards-compatibility, code has been inserted on that
platform to detect pre-unwrapped data and re-wrap it with a PSSH
header before sending it to the CDM.
There are some small changes to unit tests because of this change:
1) The CDM Engine unit test now no longer needs to unwrap the PSSH on
any platforms when testing ISO-BMFF. It now pre-caches the
unwrapped key ID for use when testing WebM.
2) Several substantially-similar unit tests in the Android code have
been rolled into one test.
Bug: 13564917
Bug: 13570595
Bug: 9465346
Bug: 13570288
Change-Id: I7f27b16b8503f24a26746b5dce71fb61b6fd1bb2
Certificates and offline licenses are stored in security level
specific directories in klp. When devices transition from jb-mr2,
their persistent information has to be ported to these directories.
bug:10366036
Merge of https://widevine-internal-review.googlesource.com/#/c/7310/
from the widevine CDM repo
Change-Id: I70b4a79dc5b69bda7fc3a4b92fdcde7ef8b41836
This merges the following changes from the Widevine CDM repository:
564f4cc Add CdmClientPropertySet to CDM
Adds an interface to the CDM that allows it to query its client for
certain properties. In this case, this includes the ability to
specify what security level is desired, as well as support for
service ceritifcate privacy mode.
9cfbd3e Force Level 3 fallback
Adds support for voluntarily invoking L3 crypto to the OEMCrypto
wrapper.
95d12c1 Add pointer to CdmClientPropertySet class to OpenSession.
Adds support for storing the property set on a session-by-session
basis and choosing the appropriate crypto level.
17de442 Add Settable Properties for Clank to Android
Adds support for setting the aforementioned properties to the
DrmEngine
bbe704d Fixes to force fallback to level three security
Corrections to invoke provisioning, OEMCrypto API with configured
security level rather than the default. Unit tests were also revised.
Note that some parts of this are also support for the ability to use
a service certificate-based privacy mode. The remaining code for
supporting this mode is still forthcoming.
Bug: 10109249
Change-Id: I2755e4dea1de3e8a56cff237360298f7b7f1bddc
Merges change 267713c (Remove stale licenses on reprovisioning) from
the Widevine CDM repository. This change removes licenses belonging
to the previous provisioning when provisioning changes.
Bug: 9761923
Change-Id: I473816dd11dd950f4fb009b5b004630bd2d2b579
This merges the following changes from the Widevine CDM repository:
1a72a7e Combine utility code into single library on Android
Combines several previously-separate files into a static library,
libcdm_utils, so that it can easily be used by both CDM and
OEMCrypto.
8c4d04d Install Keybox
If the keybox has not been installed, install it from
/factory/wv.keys.
Bug: 9972451
Change-Id: I8688ecd0adcf321e0c7d0faf55dd10f3910c12ec
Android development of the widevine CDM has been done
on the jb-mr2 branch of the cdm code base. This CL
contains a merge of that jb-mr2 work to CDM master, and
also reflects the evolution of the common Modular DRM
code base since jb-mr2 branched.
Change-Id: I1d7e1a12d092c00044a4298261146cb97808d4ef
The company_name was hardcoded in the CDM as "Google" for all devices.
On Android, it needs to come from the ro.product.manufacturer system
property.
bug: 9074091
This is a merge of https://widevine-internal-review.googlesource.com/#/c/5730/
from the Widevine CDM repository.
Change-Id: Ia3ae82abf350c32ba8b4d05b59e95361927dea40
bug: 8601053
This import syncs to the widevine git repository change
commit 6a99ad1b59ad39495f62954b3065ddc22b78da49
It includes the following changes from the widevine git
repository, which complete the jb-mr2 features
Fix Unit Test Makefile
Adds support for device certificate provisioning.
Support application parameters
Certificate based licensing
Proto for client files
Implement Property Query API
Add Device Query For Unique ID
Implement Generic Crypto in DrmEngine
Do not validate Key IDs on clear playback
Allow OEMCrypto_DecryptCTR with clear content and no key
Add a case to the MediaDrm API test to repro b/8594163
Implement requiresSecureDecoderComponent
Implement Eventing API
Add end-to-end decryption test with vectors
Refactoring of properties class
Refactor OEMCrypto unittest.
Fix for b/8567853: License renewal doesn't renew license.
Add KEY_ERROR callback to WvContentDecryptionModule() ctor.
Merged certificate_provisioning.proto and
client_identification.proto to license_protocol.proto.
Fix nonce check failure after a malformed key in OEC Mock.
asynchronize decryption
Allow querying of control information
make debugging AddKey & Decrypt statuses easier
Revert "Revert "Send KEY_ERROR event to app on license
expiration or failure""
Revert "Send KEY_ERROR event to app on license expiration
or failure"
Send KEY_ERROR event to app on license expiration or failure
remove extra session id copy
use KeyError constants directly
replace variable-length arrays with std::vector and fixed-sized array
pass session ids as const references
refactor key extraction and update keys on renewal
Updates to enable renewals and signaling license expiration.
fix error constant in OEMCrypto_DecryptCTR
Change-Id: I5f7236c7bdff1d5ece6115fd2893f8a1e1e07c50
This change incorporates the following CLs from the Widevine
cdm repository:
Update the java request/response test app to match Drm API changes
Don't build the mock liboemcrypto.so by default
Do not build CDM tests by default
Fix Build Break in DrmEngine Unit Tests
Fix Build Break in WVDrmPlugin
Initial version of roadmap for CDM projects.
Implement License Query
Implement Generic DRM in OEMCrypto Reference Implementation
Add key_data_length field when calling OEMCrypto_LoadKeys
Policy engine unittests
Generalized DRM API for OEMCrypto
Fixes proto buf libraries build.
Add Version Number to OEMCrypto API
Test key control block duration field in OEMCrypto
Add fix for missing crypto offset.
Fixed android/media*/test builds and added proto files for Cert. provisioning
Refactor and clean up callback code in CDM.
Add "device_id" name-value pair to LicenseRequest::ClientIdentification
Separate unit and end-to-end tests from the top level makefie.
Includes changes for 'fall back to l3 oemcrypto lib' in top level makefile.
Fall Back to Level 3 if Level 1 Fails
Fix compilation error in wvcdm_unittest.
Fix Android build break due to Decrypt() signature change in cdm_engine.h.
Wire up callbacks and errors in the Steel proxy.
Fix lock assert if there is no keybox on the device.
RSA Certificate Unit Test
Change Generic_Verify signature to constant.
Change-Id: I2e42db9d0b4f8d4e833675ae81d0714509bbfd2c
