[ Merge of http://go/wvgerrit/124004 ]
When the CDM creates a new usage entry for an offline or streaming
license, the new entry is immediately moved to the lowest available
entry index that has been marked as vacant (kStorageTypeUnknown).
When a license is released, its meta data that is managed by the CDM
is cleared; however, the usage entry's index is marked vacant, but it
is not released. This creates wasted entry space in the usage table.
Unfortunately, defragging the table is computationally expensive and
may not be able to actually free up much space depending on when it
is performed.
For a typical user, this will likely not be an issue as the table
can get quite large compared to the number of licenses an app uses
and the table is partially cleaned on each boot.
GTS tests, however, have reached a point where they fill the usage
table before all tests are complete. This is causing many unexpected
failures for devices. Most of these tests release their license, but
the CDM never reaches a state where it can clean up the table.
By moving newly created entries to the lowest available index directly
after creating the entries, the table never needs to grow unless all
entries are in use. Clean up is now almost never required.
Bug: 180639135
Bug: 180638990
Bug: 180638530
Test: MediaDrmTest#testWidevineApi28
Change-Id: I1a68d90d51384094298b27037778747ce7435374
[ Merge of http://go/wvgerrit/122984 ]
There was an issue encountered by some vendors with how the usage
table was initialized on some devices. Previously, the CDM would
open an OEMCrypto session first, then initialize the usage table
(loading existing or creating a new one). On these devices,
OEMCrypto_CreateUsageTableHeader() and OEMCrypto_LoadUsageTableHeader()
would fail if there were any open sessions.
This CL changes the initialization process to create/load the usage
table before opening an OEMCrypto session.
This change also lays the ground work for another usage table fix
to address GTS tests failure.
In the process, several of the functions for the usage table have been
split up into smaller chunks of code. This required additional changes
to the usage table unittest to keep them up to date.
Bug: 169195093
Bug: 180639135
Test: Linux unittests and MediaDrmTest
Change-Id: Ifbf35f5d8cff5b89fea9b16edb998c84803f4fbe
[ Merge of http://go/wvgerrit/123263 ]
In b/65839890 we discovered that an android app loaded an offline
license more than once in a session. We did not intend to allow
this behavior but did not prohibit it. OEMCrypto v16 disallowed
this behavior at the OEMCrypto level but we worked around it
within the CDM to maintain the bad behavior. Now that we have confirmed
that the app no longer relies on that behavior, we are reverting
the CDM workaround.
Bug: 161865160
Test: WV unit/integration test, GtsMediaTestCases
Amazon, Netflix, Google TV streaming and offline playback.
Change-Id: I31254e4c13b81587f88c6c684d08d5aa5c18e39d
* changes:
Fix CDM Builds w/ OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION
Fix unused param warnings in oemcrypto fuzz test
Add http socket tests to other tests
Turn on ODK tests in CE CDM test and fix test helper
Merge from Widevine repo of http://go/wvgerrit/108224
A recent Copybara merge to master broke CDM builds by introducing a
new OEMCrypto error code. This patch adds it to the test printers so
that the build can pass again.
Bug: 185597829
Test: CE CDM Build
Change-Id: I6dd829f4c618c9ebec937cf711ff57b7f1678994
Merge from Widevine repo of http://go/wvgerrit/122224
This CL removes the separate main() in http_socket_test that
allowed the user to set the server on the command line. I
don't think anybody was using this, and it conflicted with
our desire to include this suite of tests with the other CE
CDM tests running on Luci.
test: ran http_socket_test
bug: 118657876
Change-Id: I9228b9cc97a0af2afd1bb4a99bc40b88ce956d67
The android CL ag/13947818 was submitted before some CE CDM test
failures were noticed and code review comments were received.
Bug: 184813991
Test: WV unit/integration test
Change-Id: Ic31ca5bc5e46994e01eca56248e6bdffedd779f3
Merge from Widevine repo of http://go/wvgerrit/120903
Some comments in the duration tests had stale numbers in them. This
was fixed.
Also, the tests CdmUseCase_LicenseDuration were failing with a v16 CDM
and a v15 OEMCrypto because the exact cutoff time is different in
those two cases. That is exactly why specifying the license duration
is not recommended. The tests have been modified to handle both
acceptable behaviors.
Bug: 182237739
Change-Id: I05765beacfe69d02e7366bb3f651f0d5888ab3e5
[ Merge of http://go/wvgerrit/121567 ]
Replaced the two usage support functions GetUsageSupportType() and
UsageInformationSupport() into a single function HasUsageInfoSupport().
Since moving to only supporting a single usage info system (usage table
header + usage entries), the different usage support functions have
lost their purpose.
One version of the method works on an open session and will use a
cached value of the property if previously set. The other can be
called without opening the session (as used for query calls).
This is part of larger fix for the usage table initialization process.
Bug: 169195093
Test: CE CDM unit tests
Change-Id: I637c24dd143e995dbb0f8848850e3c71ff1018eb
[ Merge of http://go/wvgerrit/119806 ]
This change replaces all calls for base64 encoding which first converts
a string to a vector. The new base64 encoding function allow for
encoding binary data contained within strings.
Bug: 181732604
Test: Android unittests
Change-Id: Ibfe79dba99e6a2ee2f2a96e85b62fbd22519aea7
[ Merge of http://go/wvgerrit/120512 ]
Wrapped DRM private keys are loaded when a key request is made or when
offline/usage sessions are restored. They were earlier loaded when a
session was opened.
For streaming sessions, key material will be fetched from the default
or legacy certificates and loaded when a key request is made.
For offline and usage sessions, key material may be retrieved from
license or usage records if available. If not available, information
associated with the legacy certificate will be loaded.
Certificate and wrapped keys are also written out when an offline
license or usage record is saved.
Bug: 169740403
Test: WV unit/integration tests
WvCdmRequestLicenseTest.ProvisioningWithExpiringCertTest
WvCdmRequestLicenseTest.StreamingWithExpiringCertTest
WvCdmRequestLicenseTest.RestoreOfflineKeysWithExpiringCertTest
Change-Id: Ice0154c632170c46da171cbbb23a97380c610a98
[ Merge of http://go/wvgerrit/120509 ]
Certificates and wrapped key material are stored in the usage information
file but apart from usage information records. Usage info records include
an identifier which indicates the associated certificate. Routines to
help with finding, inserting or removal of associated certificates have
been included. After a usage entry is deleted, a garbage collection
routine is run to remove any certificates not used by usage infomation
records.
Bug: 169740403
Test: WV unit/integration tests
Change-Id: I49075a7704a58c2488b73eb7c38b007958af566d
[ Merge of http://go/wvgerrit/120508 ]
Offline licenses will now store the DRM certificate information. This
allows for expired certificates to be deleted and replaced without
losing the ability to use offline licenses.
Bug: 169740403
Test: WV unit/integration tests
DeviceFilesTest.RetrieveLicenses
DeviceFilesTest.StoreLicenses
Change-Id: Ic0de6328d32e0000d1b58c81019e6c2227278cc4
[ Merge of http://go/wvgerrit/120123 ]
DRM certificate creation and expiration times are now validated.
* New DRM (default) certificates will have an expiration time specified
by the provisioning service.
When stored, the client will include the time the certificate was
received. This allows for expiration calculation to occur when client
and provisioning service clocks are out of sync.
When read out, creation, expiration and acquisition times are
validated. The certificate is checked for expiry by making sure
that the time at the client since the license was acquired is not
greater than the expiration period. The time information stored at the
client may be tampered with. The license service will perform an
expiration check and reject the license request if tampered with.
The expiration time may be set to never expires/unlimited. This is not
a valid value for creation or acquisition time.
* Pre-existing (legacy) certificates from upgrading devices will not
have an expiration time set by the provisioning service. Instead
the client will calculate an expiration time 6 months with + or -
a random two month period in the future. This is stored along with the
certificate.
When read out, if no expiration time has been set by the client, one
will be calculated and written out. The certificate will be declared as
valid. If a client calculated expiration time is present, the
certificate will be validated. In case of tampering, the license service
can reject license requests and force reprovisioning when appropriate.
* ATSC certificates will continue to not have an expiration time.
No additional validation is required.
Other changes for non-ATSC licenses involve managing both default and
legacy certificate co-existance. When checking for DRM certificates,
the default certificate is attempted first. This is followed by a check
for the legacy certificate, if the default certificate is not present.
Bug: 169740403
Test: WV unit/integration tests
DeviceFilesTest.StoreCertificateInvalidParams
DeviceFilesTest.RetrieveAtscCertificate
DeviceFilesTest.RetrieveAtscCertificateNotFound
DeviceFilesTest.RetrieveCertificateInvalidParams
DeviceFilesTest.RetrieveLegacyCertificateWithoutExpirationTime
DeviceFilesTest.RetrieveLegacyCertificateWithClientExpirationTime
DeviceFilesTest.RetrieveLegacyExpiredCertificateByClientExpirationTime
DeviceFilesTest.RetrieveLegacyCertificateInvalidClientExpirationTime
DeviceFilesTest.RetrieveCertificateWithoutKeyType
DeviceFilesTest.RetrieveDefaultCertificate
DeviceFilesTest.RetrieveDefaultCertificateNeverExpires
DeviceFilesTest.HasCertificateAtsc
DeviceFilesTest.HasCertificateDefault
DeviceFilesTest.HasCertificateLegacy
DeviceFilesTest.HasCertificateNone
CertificateTest.StoreCertificateTest.DefaultAndLegacy/*
CertificateTest.RetrieveLegacyCertificateTest.ErrorScenarios/*
CertificateTest.RetrieveDefaultCertificateTest.ErrorScenarios/*
Change-Id: I7dbec7555fbd493c1ec61c6bb5d9428a2405b1fd
[ Merge of http://go/wvgerrit/119843 ]
Creation and expiration times are extracted from the device DRM
certificate. They are reported as
* -1 if not set in the proto
* 0 if unlimited
* positive number otherwise
Bug: 169740403
Test: WV unit, integraiton tests
Change-Id: I9463954dfeb82b6a88ff5d608ed74d20f2424e83
[ Merge of http://go/wvgerrit/119804 ]
The coverage framework used by Android requires the process to call
exit() for coverage information to be dumped after the tests.
Android unit tests have been adapted to use the a new main module.
The core test_main.cpp used by integration tests has been updated to
call exit().
Bug: 138941105
Test: Linux and Android unittests
Change-Id: Ifffc7b8290c50dffe527738a36547c1d2fb90bd3
[ Merge of http://go/wvgerrit/118563 ]
Sync with the latest version of drm_certificate.proto to add in
certificate expiry time. Add in signed_drm_certificate.proto and remove
messages from device_certificate.proto.
SignedDrmDeviceCertificate and DrmDeviceCertificate are now named
SignedDrmCertificate and DrmCertificate. This necessitated non-proto
changes.
Bug: 169740403
Test: WV unit/integration tests
Change-Id: Ie5969ac7217a25eb075a41df59b77da2becd4545
This is a squash of several different CLs with chnages only affecting
duration_use_case_test.cpp
* Integration test for license duration with renewal
[ Merge of http://go/wvgerrit/117263 ]
Bug: 180067457
* Add test for infinite renewal
[ Merge of http://go/wvgerrit/107743 ]
This adds a test that verifies an infinite renewal is processed
correctly.
Bug: 162516965
Bug: 170355696
Bug: 169213621
Bug: 166728158
* Add more time to CdmUseCase_Streaming test
[ Merge of http://go/wvgerrit/114146 and http://go/wvgerrit/114147 ]
The duration tests CdmUseCase_Streaming.Case3 was flaky on the
buildbot for platforms with a real clock because there was only room
for 1 second of fudge at the end of playback -- i.e. the rental window
ended at 35s, but the last playback was 34s.
Bug: 175741647
* Set renewal server on command line for tests
[ Merge of http://go/wvgerrit/110903 ]
This CL adds the ability to set the renewal server on the command
line, and adds some comments to the build scripts' README file to
explain how to test a server rollout.
Bug: 173031207
* Change duration test fudge from 1 to 2
[ Merge of http://go/wvgerrit/112143 ]
Some duration tests are flakey. Let's see if this cleans them up
enough.
Bug: 175741647
* Correct some grammar
[ Merged from http://go/wvgerrit/111824 and http://go/wvgerrit/112063 ]
* Add license duration test
[ Merge of http://go/wvgerrit/109143 ]
This adds a license duration test that behaves the same as a rental
duration test. We do not encourage content providers to do this, but
it is reasonable that legacy licenses should work.
Bug: 172099147
* Shorten duration tests
[ Merge of http://go/wvgerrit/108664 ]
This CL tweaks some of the times in the duration use case tests so
that they take less time to run.
These changes the CdmUseCase test time from six and half hours to 3
and a quarter. A 50% savings!
Bug: 170746277
* Improve logging and edge cases in duration tests
[ Merge of http://go/wvgerrit/108663 ]
This cleans up some logging, and handles some edge cases on renewals
when the renewal request round trip overlaps the cutoff time.
Bug: 170746277
* Remove extra cutoff computations
[ Merge of http://go/wvgerrit/106783 ]
The duration tests originally tried to keep track of when the timer
would have gone off if the test was allowed to continue. This proved
impracticle, so the extra parameter has been removed. The tests still
closely match the documented use cases.
Bug: 169453960
* But not too lenient
[ Merge of http://go/wvgerrit/107943 ]
Previously, the duration tests were modified to allow playback to
continue in some cases. See the documentation or code for a list of
these cases. However, the tests had been modified to force playback to
continue in these cases.
This is not desired: in some cases, v15 devices can restrict playback
as requested. This CL changes the tests so that playback restriction
is allowed. In other words, we no longer force older devices to fail
the test.
Bug: 169255315
* Make some integration tests lenient
[ Merge of http://go/wvgerrit/106843 ]
This allows devices that have OEMCrypto version < v16 or do not
support usage tables to continue playback for an offline license after
the playback window has expired.
Bug: 169582310
Test: duration_use_case_test.cpp
* Add Renewal Use Case tests
[ Merge of http://go/wvgerrit/105826 and http://go/wvgerrit/103784 ]
This CL adds several integration tests that match the duration use
cases with renewals. The test classes are designed for the core cdm,
but the test cases match those found in
oemcrypto/odk/test/odk_timer_test.cpp.
Test: tests pass except for documented bugs.
Bug: 161463952
Change-Id: Ib4775d48490cf150b89aeb2cc64e01a1428f0ab5
This is a squash of several different CLs with changes only affecting
policy_integration_test.cpp
* An integration test for secure buffers
[ Merge of http://go/wvgerrit/113905 ]
This extends the previous CL that loads a license that has a key that
requires a secure buffer. It now creates a secure buffer and tries to
decrypt to it.
Bug: 38004627
* Test loading license requiring secure buffer
[ Merge of http://go/wvgerrit/113903 ]
This adds a policy test to verify we can load a license that requires
hardware secure buffers.
Bug: 38004627
Test: WV unit/integration tests
Change-Id: I1cc0b607ddf5b43fc6b7ba648f3c78d6163e14e9
[ Merge of http://go/wvgerrit/116243 ]
Currently if a command line argument is not understood, all tests are
skipped and the test suite passes.
Bug: 182058081
Test: WV unit/integration tests
Change-Id: I9725a9ed9446f15f08372e68c7a25dffd99c7cef
[ Merge of http://go/wvgerrit/110903 ]
This CL adds the ability to set the renewal server on the command
line, and adds some comments to the build scripts' README file to
explain how to test a server rollout.
Bug: 173031207
Test: WV unit/integration tests
Change-Id: Ibe71e77469c94601627fb85a1ad4654553d3eb1a
Change-Id: I7e9bfc873c78e26c0cece113dc8a3d08cd9163db
[ Merge of http://go/wvgerrit/117267 ]
The client will now advertise the ability to handle provisioning errors
by a minor version updated to the provisioning protocol version.
The provisioning service may indicate that the individual device
is revoked or all devices with the same make/model have been revoked.
If the provisoning service has not been upgraded, the protocol version
field in the request will be ignored. The provisioning service/SDK
will respond with an HTTP 400 error to a provisioning request from
a revoked device.
Bug: 174174765
Test: WvCdmRequestLicenseTest.ProvisioningRevocationTest,
WV unit/integration tests
Change-Id: I5ff61496685f310de6704a90452b8b76b3505cbb
[ Merge of http://go/wvgerrit/117266 ]
These changes facilitate communication of provisioning errors from
provisioning service/SDK to the client.
Clients will indicate in the SignedProvisioningMessage whether they
support handling of error information in the ProvisioningResponse.
The provisioning service/SDK can then indicate why the provisioning
request is being rejected.
The protocol_version field from SignedProvisioningMessage has also been
broken into separate protocol version and provisioning type fields.
This will support changes planned for future releases.
Bug: 174174765
Test: WV unit/integration tests
Change-Id: Ic1a41ed8f83b69697300c586a78266fac20298fb
[ Merge of http://go/wvgerrit/110923 ]
The CDM is responsible for telling OEMCrypto the underlying DRM
private key type when loading it into a session. To do this, the
CDM must determine and store the key type of a successfully loaded
provisioning response. The type of key is available from the
DRM certificate proto that is provided in the reponse.
This change introduces a class to contain the wrapped key and
type together. To store the type, the CDM device files have been
updated to include a key type with the DRM certificate and to
store from and load to the new class.
Unittests have been updated for using the new class where the
wrapped key was used before.
Test: Linux unit tests
Bug: 140813486
Change-Id: I09249afe9c291632fb651ecd00eac697d6939ec7
(cherry picked from commit 6c457402e944079271cef488aa4699f986da6a2e)
Merged-In: I09249afe9c291632fb651ecd00eac697d6939ec7
[ Merge of http://go/wvgerrit/110824 ]
When generating a provisioning request, the CDM includes the different
certificate key types that are supported.
This change will enable the reporting of ECC certificate types if
OEMCrypto supports them.
Test: Linux unit tests and Android integration test
Bug: 140813486
Change-Id: I713ff1c469dff5c8a41461727ce63486d962575e
(cherry picked from commit 547d2f8775)
Merged-In: I713ff1c469dff5c8a41461727ce63486d962575e
Merge of http://go/wvgerrit/105063
When running the local license server, the license does not contain a
URL for the renewal, or it is mangled. We only need to run this test
if we are running against UAT or UAT Nightly.
Bug: only found when debugging
Test: Ran tests with local license server
Change-Id: Ic84fcf9033b945a176119639a21104e4d42258a9
Cherry pick from http://go/wvgerrit/102986, rvc-dev branch of
http://go/wvgerrit/105825, rvc-widevine-release of http://go/ag/12561661
This CL adds several integration tests that match the duration use
cases. The test classes are designed for the core cdm, but the test
cases match those found in oemcrypto/odk/test/odk_timer_test.cpp.
See this document for a list of use cases:
libwvdrmengine/docs/License_Duration_and_Renewal.pdf
Test: Ran the tests against v16 OEMCrypto. Some fail against v15.
Bug: 161463952
Change-Id: I7cd424ae241d3897fbd06956e87dd9da0752cb6d
Cherry-pick from branch rvc-dev of http://go/wvgerrit/105824 and
rvc-widevine-release http://go/ag/12561660
This adds two policy integration tests to verify that we are handling offline
licenses correctly.
Bug: 161023174
Bug: 129301787
Test: WV unit/integration tests
Change-Id: I20f5d6a9fbfd2ff8cff361e1005e45b46c700704
[ Merge of http://go/wvgerrit/104584 ]
This corrects failures in
* WVDrmPluginTest.ReturnsL3SpoidsWhenL3ProvisionedUsingL3Spoid
* WVDrmPluginTest.ReturnsL3SpoidsWhenL3Unprovisioned
* WVDrmPluginTest.ReturnsL1SpoidsWhenL3ProvisionedUsingL1Spoid
and a warning in
* PolicyEngineTest.PlaybackOk_RentalAndLicense0_WithPlaybackBeforeLicense_V15
Bug: 163542905
Test: WVDrmPluginTest and PolicyEngineTest
Change-Id: I3e7799175b7b289fafd2caf88bd5df4123b88973
[ Merge of http://go/wvgerrit/108064 ]
The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the core directory.
Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I8ae5a10cbfdf7faae6a2735e57b33729763f10b8
(This is a merge of http://go/wvgerrit/107263.)
The CryptoSessionMetricsTest suite assumed that GetOEMPublicCertificate
would only be called once, but in practice, it may be called twice,
since the first call can return OEMCrypto_ERROR_SHORT_BUFFER. This patch
updates the tests to accept 1 or 2 calls.
This patch also updates a few EXPECTs on vector lengths that should have
been ASSERTs, to avoid problems when later accessing the vector.
Bug: 169111969
Test: jenkins/ce_cdm_tests
Test: build_and_run_all_unit_tests.sh
Change-Id: I9432dd2694c7181ab57ed55f66ff6c8be0c867f9
[ Merge of http://go/wvgerrit/106325 and http://go/ag/12644840 ]
When offline licenses are restored, licenses and any renewals are processed.
License state evaluation occurs and notifications are sent to listeners.
If the license is expired, which is likely if a renewal is present,
the license state will transition to expired. Transitions out of
expired state are not allowed and the renewal has no effect.
If we work around this by allowing transitions out of expired state,
listeners will get notifications that keys have expired and then that are
usable soon after. To avoid delivering erroneous notifications we delay
evaluation of license state while the license and renewal are being processed.
Evaluation occurs at the last stage of license restoration when playback
information from the usage table is being restored.
This only need to occur for when licenses are being restored. In other
cases when a license or renewal is received, license state evaluation
and event listener notification needs to occur immediately.
Bug: 166131956
Test: WV unit/integration tests, GtsMediaTestCases tests
Change-Id: Ic8ade25316c5e20cc88de9225c43c24b28f21ac4
