Merge from Widevine repo of http://go/wvgerrit/69563
This CL also disables unit tests that depend on the old test keybox when run
against OEMCrypto v13 or earlier.
Unit tests that require a particular API level have been
removed. This requirement for Android is tested in GTS tests.
Bug: 119316243
Test: unit tests
Change-Id: I9a13dbaee1693ecea906fd0184a8e2590dc5beed
[ Merge of http://go/wvgerrit/70386 ]
This allows error codes from device files to be added as sub-errors when
errors such as GET_LICENSE_ERROR are encountered.
Bug: 112357085
Bug: 115382201
Test: WV unit/integration tests
Change-Id: I505a87086ce584efc7e482984c0f132ac5329e16
(This is a merge of http://go/wvgerrit/70303)
This adds a platform.h file to abstract some of the differences
between Windows and POSIX platforms. This includes ntohl, setenv,
and ssize_t.
Bug: 122953649
Test: Android Unit Tests
Change-Id: I3235f3f284b53d24d7365ff3f4a06dcd9b403697
(This is a merge of http://go/wvgerrit/70384)
It turns out the reason the binary provisioning unit test was failing is
because the test base class was setting the property to turn on binary
provisioning before calling Init(), however all current Init()
implementations overwrite the value of that field. As such, the tests
weren't actually using binary provisioning. With that fixed, everything
passes; the binary provisioning flow doesn't appear to actually be
broken.
This is the exact same commit as was previously reverted,
cf5464d7a2fbecd1938ae0700199145b7b61c3c3. However, a pending patch fixes
the multiple runs of Properties::Init() that lead to the inconsistent
failures of the previous patch. (See http://go/wvgerrit/70383)
Bug: 112046733
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I79fc2c8d4d24505b46cab0e21eef85a37d66748d
Bug: b/121214641
Merge of http://go/wvgerrit/69703
Test: Android + Linux unit tests
LoadEntry attempts to handle INSUFFICIENT_RESOURCES by deleting an entry
and retrying, but it's possible that the randomly-generated number of
the entry to be deleted might match the entry we want to load. In this
case, we have wasted a retry, since the code just continues on to the
next iteration. This is changed to generate a number different from the
entry to load. Furthermore, if the number of usage entries is 1, we
break since there are no more entries to delete besides the one we want
to load. The code is also changed to call srand in the creation of the
usage_table_header, since without it, rand() would produce the same
values, and similarly, our random generation is changed to use a simple
mod. Tests are modified to reflect these changes.
Change-Id: I95e125b8adbd85d0189f9d40ca15f3fe69e6d6b9
(The matching reversion in the Widevine Repository is
http://go/wvgerrit/69923)
This reverts commit c207ef8ea6.
Reason for revert: Widevine Buildbot failures
Change-Id: Ied9e36f9eaa94bb7e9cd13b8dff7a2cbdca07a07
(This is a merge of http://go/wvgerrit/69843)
It turns out the reason the binary provisioning unit test was failing is
because the test base class was setting the property to turn on binary
provisioning before calling Init(), however all current Init()
implementations overwrite the value of that field. As such, the tests
weren't actually using binary provisioning. With that fixed, everything
passes; the binary provisioning flow doesn't appear to actually be
broken.
Bug: 112046733
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I7413f7fb2227e596fb610d6ddc5b95cda2f406b8
[ Merge of http://go/wvgerrit/68083 ]
Add ability to query decrypt hash support, set a hash computed over a frame
and retrieve the last error at a later point.
Bug: 34080802
Test: WV unit/integration tests. New tests added to cdm_engine_test,
libwvdrmdrmplugin_hidl_test and request_license_test.
Change-Id: I7548c8798c873a6af3e1cfc0df57c117e1e474a6
Merge from: http://go/wvgerrit/69211
Cleanup unaligned code while working on b/117570686 and remove
a duplicate break statement.
Test: unit tests
./run_all_unit_tests.sh
Bug: 121971420
Change-Id: I0ca1dc0fe54e7fe3a87aa7c8dac7ef9da04e90b2
Import of http://go/wvgerrit/68188
This adds an attribute to metrics indicating if the license was online
or offline.
Also, added a unit test for CdmEngineMetricsImpl.
Test: Unit tests. GPlay manual. GTS tests.
Bug: 115523917
Change-Id: Id315c643048914a2c51904451f9665987bc87eb7
[ Merge of http://go/wvgerrit/67324 ]
This introduces the ability to query resource rating tier information
through the plugin and CDM. Resource rating tiers are also
sent in the client identification portion of the license request.
Bug: 117112392
Test: WV unit/integration tests
Change-Id: I68ac6dfc4362f61150af822bd526e346b5cc4bf7
[ Merge of http://go/wvgerrit/63682 and http://go/wvgerrit/4977904 ]
Enforce OEMCrypto insufficient resources error reporting in CDM tests.
In addition, when CreateNew/LoadUsageEntry fails with OEMCrypto
insufficient resources error, delete a random usage entry
and retry. The current behavior evicts low index entries
from the usage table, which was a crude attempt to emulate a LRU.
This was deficient as, on occasion, it will result in the deletion
of a recently added usage entry.
Bug: 111260263
Bug: 113828866
Bug: 120433165
Test: Widevine OEMCrypto tests, integration tests. GtsMediaTestCases.
Play movies and Netflix playback tests.
GtsMediaTestCases MediaDrmTest#testUsageTableCapacity
Change-Id: I63340f76d1e2af3c6834b98ad816e11eea18fc7f
(This is a merge of http://go/wvgerrit/66625)
Google C++ Style dictates that methods which override base class or
interface methods should be declared "override" but not "virtual". Since
our codebase has not had access to "override" until now, many of our
classes do not follow this rule. I've updated as many places as I could
find to follow Google C++ Style, which should hopefully help us catch
errors better in the future.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: Ic23e2e482e967256da306791532b5fec7b81b2f2
(This is a merge of http://go/wvgerrit/66643)
The sub-license feature has been removed from the server and packager.
So that we do not have to continue maintaining the code that supports
this feature that never shipped, I am removing it from the CDM as well.
Bug: 113165466
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I5d25844b161e74aa19adf19a29c56e4881aa7304
Bug: b/119276649
Merge from: http://go/wvgerrit/66367
Test: Android, CE CDM, Linux unit tests
The FileSystem interface as it exists expects an Open for a file and
then a Close when finished. However, the Close doesn't delete the file
itself and depending on the platform, the underlying impl_ as well,
leading to a memory leak. To fix this leak as well as harden against
future memory issues, this change refactors the interface to shift away
from raw pointers and towards smart pointers.
Change-Id: I7a7132ea95cd3775796a540f510b698f4f27dd24
[ Merge of http://go/wvgerrit/65442 ]
This also requires the removal of sub session related code as references
were removed from the proto.
Bug: 119077124
Test: WV unit/integration tests
Change-Id: Ida1a591afc267ec97344e5bba00bbf401887a202
Merge from master branch of Widevine repo of http://go/wvgerrit/66073
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64083
As part of the update to v15, LoadKeys, RefreshKeys, and
LoadEntitledContentKeys should all use offsets and lengths into the
message rather than a pointer for its parameters. The CDM, tests,
adapters, and OEMCrypto implementations are changed to reflect this.
Test: tested as part of http://go/ag/5501993
Bug: 115874964
Change-Id: I981fa322dec7c565066fd163ca5775dbff71fccf
Merge from master branch of Widevine repo of http://go/wvgerrit/66066
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63628
The error code OEMCrypto_KEY_NOT_LOADED is redundant with
OEMCrypto_ERROR_NO_CONTENT_KEY and OEMCrypto_KEY_NOT_ENTITLED. The
function LoadEntitledContentKey should return KEY_NOT_ENTITLED if it
does not find the corresponding entitlement key in its key table. All
other functions that do not find a key id in the key table should
return OEMCrypto_ERROR_NO_CONTENT_KEY. This includes QueryKeyControl,
SelectKey, and RefreshKeys.
Test: unit tests
Test: tested as part of http://go/ag/5501993
Bug: 115574797
Change-Id: Ida2111f32e331b99f3f0c77fa404a42654d0870c
Merge from Widevine repo of http://go/wvgerrit/65922
This CL puts the old 4121 test keybox back into the unit and android
integration tests so that we can run tests on a device with OEMCrypto v13.
This change should not be released, and should not be included in CE CDM. It
should be removed once we have more test devices with v14 or v15.
Bug: 119313532
Bug: 119316243
Test: unit tests
Test: tested as part of http://go/ag/5501993
Change-Id: If6a459e11176e07c66fbe6fc45c63d87595a20dc
(This is a merge of http://go/wvgerrit/65782)
We have had our own scoped_ptr implementation that is used throughout
the codebase. Now that we support C++11, we can replace these with
std::unique_ptr.
Doing this replacement exposed a few places where the two were not
interchangeable. OEMCrypto Ref was doing some unsafe things with passing
scoped_ptrs to functions and has been updated to use move semantics. And
a few constructors were explicitly constructing a scoped_ptr with NULL,
which is ambiguous with std::unique_ptr. These have been replaced with
default constructor calls.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I37d6d7aad4906709381c74f0c5439f826d2be768
(This is a merge of http://go/wvgerrit/65783)
Straightforward patch to replace our shared_ptr implementation with
std::shared_ptr, which works identically for all our use cases.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I9e8624dd3cab70a45941a45eb553c1ea0c077d2f
Bug: b/117897682
Test: unit tests
Merge of http://go/wvgerrit/65223
Gtest setup does not call the base class' setup if it's defined in the
derived class. As a result, the WvCdmEngineTests were not installing the
test root of trusts in the OEMCrypto, which leads to segfaults when
using a key derived from the root of trust when a real root of trust
doesn't exist. The test class' setup is changed to use its base class'
methods, and logging is added to handle empty derived keys.
Change-Id: Ia574c4ade48206d771d6079fb3b67ccd7653428c
(This is a merge of http://go/wvgerrit/60620)
The license code handles keys larger than 16 bytes correctly, but it
does not properly reject keys smaller than 16 bytes.
This patch adds unit tests not only for the new error case but also
the existing success cases which were not previously being tested. As
part of this, license_unittest was changed to use a Test Peer instead
of making the test fixture a friend class.
Bug: 111069024
Test: CE CDM unit tests
Test: Android unit tests
Change-Id: Idb2deb6fbe0aeb19b530f9818bebff480541f5c8
[ Merge of http://go/wvgerrit/60240 ]
Since the method is not a general purpose check and only verifies that
the key can be used for a given security level the method
has been renamed PolicyEngine::CanUseKeyForSecurityLevel.
Bug: 115701771
Test: WV unit/integration tests
Change-Id: Icd6789538bb709d2a48c67bbd7bc810f4b000e14
Merge from Widevine repo of http://go/wvgerrit/59700
This CL sets the environment variable MODEL_NAME to be the current
unit test. When running on a test platform, this environment variable
is used in the license request as model_name.
test: unit tests.
bug: 38004627
Change-Id: I347c5cec35942d68285cc01615b976097f37d214
Merge from Widevine repo of http://go/wvgerrit/56523
In OEMCrypto v14, SelectKey can also return KEY_NOT_LOADED if the key
id is not found. This was added to help with entitlement licenses.
However, SelectKey in crypto session converts this to an unknown
error.
In this CL we change that to a NO_CONTENT_KEY_3 error. This is
probably only important because the generic crypto tests expect
NO_CONTENT_KEY_3 when we try to use an undefined key.
Test: existing unit tests pass, and some future unit tests pass.
Bug: 72354901 Turn on generic crypto tests
Change-Id: I3c0b7e6306cafd3feabc8aac7e47983c89194a26
Merge from Widevine repo of http://go/wvgerrit/56522
This CL moves provisioning from core/test/cdm_engine_test.cpp to
test_base.cpp because other tests should also only be run when the
device has been provisioned.
It also adds a fake license server. The license holder helps a test
create a license request and then generates a bare-bones license,
without actually sending anything to a real license server.
Test: more unit tests pass than before.
Bug: 72354901 Fix Generic Crypto tests.
Change-Id: Iec067a6a1fb91fa8fd7b904fdf36e90981e293a3
Merge from Widevine repo of http://go/wvgerrit/56521
This CL adds a common main routine for integration tests. It sets a
default test configuration for the provisioning and license server
urls and certificates, and allows the user to set them on the command
line.
Test: current unit tests still pass.
Bug: 72354901 Fix Generic Crypto tests.
Change-Id: I604a3d9e15d50da5041794624c4571c0dcb091f5
Merge from Widevine repo of http://go/wvgerrit/56520
This CL adds a test base that installs a test keybox and catches nonce
flood errors for all CDM tests.
In order to do this, a new class is added called a
CryptoSessionFactory. The default factory just creates a new
CryptoSession. All places in the code that create a new CryptoSession
now call the static method MakeCryptoSession, which uses the current
factory to create a CryptoSession. If MakeCryptoSession is called and
there is no current factory, a default factory is created.
The CryptoSession constructor is now private, so that we do not
accidentally try to create one without using the factory.
For the new test base, we first create a special test
CryptoSessionFactory that creates a TestCryptoSession. The test
factory catches the first call to MakeCryptoSession and injects an
installation of the test keybox after OEMCrypto_Initialize is called.
The TestCryptoSession injects a sleep statement and a retry whenever
it detects a nonce flood.
Test: current unit tests still pass.
bug: 72354901 Fix Generic Crypto tests.
bug: 111361440 Remove #ifdef from unit tests
Change-Id: I248e7f3c53721c04d2af412ef835e19bb4d15d9a
Merge from Widevine repo of http://go/wvgerrit/48841
This test is not providing value to the CDM, as it seems to exist
primarily to validate server behavior. However, it is not doing what
it says it is (the request is rejected because it is using unparseable
garbage data, not because its key ID is unknown) and according to
tinskip@, the behavior it claims to be testing is not valid. (The
licensing service will not fail just because the key ID is unknown.
Indeed, if the test data is fixed to use a valid payload with an
unknown key ID, the test fails because the server does not.)
Bug: 78640287
Test: CE CDM Unit Tests
Test: Android Unit Tests
Test: tested as part of http://go/ag/4674759
Change-Id: Idfcff15ab3d15fdfb6eb111b5dff68aa5a23fb37
Merge from Widevine repo of http://go/wvgerrit/43202
Sync the definition of WidevinePssh data with the latest in support of
entitlement keys.
bug: 73297961 Fix or remove sublicense support.
Test: tested as part of http://go/ag/4674759
Change-Id: Ia9faf82732854a705b4b14430169ce4c8ecbcfcd
Merge from Widevine repo of http://go/wvgerrit/53640
While HttpSocket supports both secure and insecure requests, the
error-handling code in HttpSocket::Read() was written assuming that
the insecure code path was previously taken. This resulted in spurious
and misleading error messages being printed when an SSL error
occurred, and it also meant that retryable SSL responses were not
being retried. Also, the code for detecting a closed connection was
technically incorrect, although a quirk of BoringSSL meant that it
happened to work well enough to go unnoticed.
This patch adds separate SSL error handling from the non-secure error
handling. It correctly checks for a closed connection. It will retry
retryable errors after a delay. And it prints the correct BoringSSL
error when an unrecoverable error occurs. There should be no change in
behavior for insecure connections.
Bug: 77338045
Test: CE CDM Unit Tests
Test: tested as part of http://go/ag/4674759
Change-Id: I8c45ca5771f22c11716d2e3649de91ab1acc1954
Merge from Widevine repo of http://go/wvgerrit/50481
Original CL http://go/wvgerrit/47520
The original CL was not completely merged to master on Android, so
this CL only reverts the left-over bits.
The original fix was not sufficient to address all race conditions. A
subsequent CL will address them.
Bug: 73781703
Bug: 79158083
Bug: 79262108
Test: tested as part of http://go/ag/4674759
Change-Id: Ib6c55ab5434e08fe61e0f65623ac8c7b2dc5aaa1
Merge from Widevine repo of http://go/wvgerrit/53625
Passing the third parameter to std::string::insert() as an integer
technically makes for an ambiguous method call, as there are two
overloads that could accept these arguments. While baseline GCC and
Clang discern our intent here correctly, seawardt@ discovered that
XCode is more pedantic and requires that we pass the third parameter
as a char to disambiguate.
Test: WvCdmEnginePreProvTestUat.ProvisioningServiceCertificateInvalidTest
Test: tested as part of http://go/ag/4674759
Change-Id: I65a2506209215cd081c685faac26e08bae486d5e
Merge from Widevine repo of http://go/wvgerrit/48842
In order to work around a limitation of some versions of OEMCrypto,
the packager is going to start generating files with multiple Widevine
PSSH boxes. For backwards-compatibility, the first PSSH will be a
SINGLE-type PSSH while the ENTITLED_KEYS-type PSSH (if any) will come
later. In order to use entitlement licenses, then, the CDM needs to
change how it selects PSSHs from the init data blob.
Previously, the CDM always took the first Widevine PSSH it found. Now,
it must find all the Widevine PSSHs and select the appropriate PSSH
for the OEMCrypto implementation. ENTITLTED_KEYS will be used on OEC
v14 and later, if available, while SINGLE will be preferred on earlier
OEMCrypto versions.
As a side-effect of this, the CDM is now stricter about what PSSH
payloads it will accept. Previously, it would blindly accept the
payload of any PSSH where the wrapper was not malformed. Now, it
sometimes has to actually parse the payload, and therefore PSSHs that
have corrupted payloads will be rejected. This affected a few unit
tests which used PSSHs that were malformed. These tests have been
updated to use PSSHs that do not fail to parse.
Bug: 78142219
Test: CE CDM Unit Tests
Test: Android Unit Tests
Test: Android Google Play & Netflix
Test: tested as part of http://go/ag/4674759
Change-Id: Ia70d627a914299bfbae84b4cb46f100dc5c7a501
Merge from Widevine repo of http://go/wvgerrit/52480
Partners have asked for a way to release offline licenses without
using a release message. This is typically used by cable partners who
are caching licenses ahead of time and do not care about usage
statistics.
As part of implementing this request, CdmSession::DeleteLicense() was
renamed to reflect that it only deletes the *files* associated with a
license, and a new CdmSession::DeleteLicense() has been written that
also cleans up other related data.
Bug: 77955334
Test: CE CDM Unit Tests
Test: tested as part of http://go/ag/4674759
Change-Id: I00d6e20935c5fecb3ac9be6757c0f191d85c6bd6
Merge from Widevine repo of http://go/wvgerrit/49820
Devices with baked-in DRM certs cannot be reprovisioned. As such, we
must protect them against being unprovisioned. Currently, our unit
tests break such devices by attempting to unprovision them. This patch
adds code to block the Unprovision() call on these devices.
Bug: 69264798
Test: CE CDM Unit Tests
Test: tested as part of http://go/ag/4674759
Change-Id: I49322dcb2d3d5c7953e870eb91a9e0b978d4dabe
This CL just updates some comments from the http://go/wvgerrit/51680. Changes
in that CL made to oemcrypto are in the refactor CL.
Test: tested as part of http://go/ag/4674759
Change-Id: Ia619089e146ea635c5a73a53bc81973bb42b42f7
Merge from Widevine repo of http://go/wvgerrit/46204
Refactor utility code - split the mock, step 1
Merge from Widevine repo of http://go/wvgerrit/46205
Move some OEMCrypto types to common header - split the mock, step 2
Merge from Widevine repo of http://go/wvgerrit/46206
Split mock into two -- step 3
Merge from Widevine repo of http://go/wvgerrit/47460
Split the mock into two -- step 3.5
The CL moves several files used by oemcrypto and cdm into a common
subdirectory, so that it may more easily be shared with partners.
The CORE_DISALLOW_COPY_AND_ASSIGN macro was moved to its own header in
the util/include directory.
This CL removes some references to the mock from other code, and puts
some constants and types, such as the definition of the keybox, into a
header in oemcrypto.
Test: tested as part of http://go/ag/4674759
bug: 76393338
Change-Id: I75b4bde7062ed8ee572c97ebc2f4da018f4be0c9
[ Merge of http://go/wvgerrit/58460 ]
If OEMCrypto runs out of space in the usage table header+entries adding
a new license or loading/using an existing one might fail. This CL makes
two modifications to handle this scenario.
* OEMCrypto_ERROR_INSUFFICIENT_RESOURCES will be returned from
OEMCrypto_CreateNewUsageEntry or OEMCrypto_LoadUsageEntry. An attempt
will be made to release a LRU entry from the usage table and retry
the operation. This may be retried 3 times unless success
occurs earlier.
* On initialization, the usage table header is loaded. If there are more than
the minimum number of usage entries (200), an attempt is made to
add a usage entry. If this fails, we are likely in an unrecoverable
state. We then delete all offline licenses, usage information and
recreate the usage table header. This will allow future playback
attempts to succeed and offline licenses to be able to be downloaded
but will lose all current offline licenses and secure stops.
Bug: 112486006
Test: WV unit/integration tests, GtsMediaDrmTest
Playback tests using Netflix and Play movies.
Change-Id: I41a18d69a329f8a96c7b607d299ce73af3d56177
