[ Merge of http://go/wvgerrit/46760 ]
This enables encryption of client ID for provisioning requests for
devices with keyboxes as root of trust. Client ID will not be
provided for those devices with OEM device certificates as root of
trust. That will be addressed in b/78303730.
Bug: 77607585
Test: WV unit/integration tests. Tests with L3 using OEM certs
Change-Id: Id9bd697aa049bd5659ab80714e141dbc50408f6a
Merge from Widevine repo of http://go/wvgerrit/47860
This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.
bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
[ Merge of http://go/wvgerrit/47065 ]
RemoveKeys now resets associated crypto and policy resources,
rather than just closing the crypto session. This results in a
MediaCodec.CryptoException with error code ERROR_NO_KEY
rather than ERROR_SESSION_NOT_OPENED, if decrypt is called
afterwards.
Error SESSION_NOT_FOUND_FOR_DECRYPT is made unique. Error codes
were also synchonized between various branches in the widevine repo.
Bug: 77304819
Test: WV unit/integration tests, VtsHalDrmV1_0Target tests
Change-Id: I6cba2a3e1ce466d58c7727cde2d8f81d9503d655
[ Merge of http://go/wvgerrit/46907 ]
The WV client supports root of trusts as keyboxes or OEM certificates.
Devices with keyboxes use provisioning 2.0 protocol to provision
while those with OEM certificates use 3.0. L3 provisioning failures
occur if the L1 and L3 root of trusts differ.
The provisioning method is now retrieved and cached when the
security level is known, when the session is opened.
Earlier it was retrieved and cached at initialization time and
always set to the value of L1 OEMCrypto (if present). This led
to provisioning failures.
A case of acquiring a lock while one was held in GetProvisioningId()
has also fixed.
Bug: 77606913
Test: WV unit/integration tests
Change-Id: I2d66ee2cf64f846cec4a37fbccb554447c8a0e1d
(This is a merge from http://go/wvgerrit/46447)
The Production Provisioning Service is moving to the "widevine.com"
certificate from the "license.widevine.com" certificate it was using.
This replaces the two places this certificate appears in the source
code. This is expected to be the last such update.
Also, the Staging Provisioning Service was already using this
certificate, but our code had it listed as using the old certificate. It
has also been updated.
Bug: 77244492
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I2ce14ea8e672c453ce0f74fbd3345f7e40f2f297
[ Merge of http://go/wvgerrit/46623 ]
If corruption of the usage information file is detected while saving a
streaming license with a PST, usage information file is deleted, so that
a subsequent load keys may succeed.
Also when calling the MediaDrm API releaseAllSecureStops(), an error would
be returned if usage info file was corrupted. Since this file is
deleted successfully, errors have been replaced with warnings.
Bug: 73447733
Test: wv unit/integration tests
Change-Id: Ie4a63ac202fd6009609105f38ffa8a3b23ed334e
[ Merge of http://go/wvgerrit/46622 ]
Secure stop API related changes introduced in b/69674645 caused
segfaults on taimen/walleye but not other devices due to a difference
in OEMCrypto version.
Bug: 77294890
Test: WV unit/integration tests on sailfish and walleye
Change-Id: I8523ef283334d7d32d180e902072fe1dd6e665c1
Previously, we did not have a license request latency metric. This is a
notable limitation in our metrics. This adds a metric that captures the
timing between a GenerateKeyRequest and an AddKey operation.
Bug: 72994956
Test: New unit tests. Google Play
Change-Id: If99c187399c02f9b5d4c355732af7588bbbefb11
A few metrics were missing or not properly collected in the CDM metrics.
This CL addresses them.
Bug: 64570194
Bug: 72866232
Test: Unit tests and Google Play manual test.
Change-Id: I3a3aa4fb3eb8422c9c8c398016f02409307beb33
Merge of http://go/wvgerrit/45520/
Bug: b/70650789
Test: request_license_tests and GTS tests on sailfish and taimen
This is related to b/70650789. An extra call to DeriveKeysFromSessionKey
in the case where there is a provider session token results in the
OEMCrypto mock incorrectly using the derived mac keys to sign the release
message, since a future call to LoadKeys is never called.
(This is a merge of http://go/wvgerrit/46203)
Previously, IsProvisioned() only confirmed the existence of a
certificate file, not whether the contents of that file were actually
valid. This patch changes its behavior so that it actually validates the
loadability of the file before returning.
This is sufficient to resolve Netflix's use case in b/65835227, but it
is only part of the solution for Android's use case in b/72353451. A
second patch will be required to cover cases where the certificate can
be loaded but cannot be used with the current OEMCrypto or with the
server.
Bug: 65835227
Bug: 72353451
Test: Android and CE CDM unit tests
Change-Id: Id3987a6f3c4097d7d356dfa631b023287354439a
Changes to a much more efficient and more reusable protobuf format for
metrics.
Test: Widevine tests, Google Play and MediaDrm CTS test.
Bug: 73724218
Change-Id: I3299051d7a16bcd7758c8f272415ca40e10c1313
[ Merge of http://go/wvgerrit/44921 ]
* Added the ability to remove a single usage information record.
* Added a method to retrieve all secure stop Ids.
Bug: 69674645
Test: WV unit, integration tests
Change-Id: I04ac8224b4bdda69541e61ff1103af3836138228
CdmEngine::QueryStatus was mapping all error codes
returned from crypto_session.Open to INVALID_QUERY_STATUS
which caused important failure information to be lost.
The GTS DrmSessionManagerTest test was failing as a
result, because session reclaiming no longer worked.
merge of http://go/wvgerrit/44800
bug:72705384
test:gts DrmSessionManagerTest
Change-Id: Id404a18b8f66cf6137b69f6b4e1bdd7004706a0c
(cherry picked from commit 6aad0f77cb)
Merge from Widevine repo of http://go/wvgerrit/44505
This CL changes the certificate provisioning code to verify the
provisioning message using a cert from license.widevine.com instead of
the staging certificate.
It also adjusts the certificates in config_test_env.cpp because the
license and provisioning servers are different and may probably have
different certs.
bug: 73031756
test: unit tests with mock oemcrypto, and read oemcrypto on sailfish
Change-Id: I4b457a369a49ef07bda9e5632ab59e5f621ec966
Merge from Widevine repo of http://go/wvgerrit/43720
This CL changes the cdm engine test's Provision method so that it
keeps OEMCrypto alive during the provisioning. This is only needed
when testing with the oemcrypto mock and the nonce flood rate has been
throttled to 1. In that case, if OEMCrypto is allowed to terminate
between each request, all nonce requests will be an error.
Keeping OEMCrypto alive does not modify the desired test results when
oemcrypto is not throttled.
This CL changes test code only.
bug: 73607610
test: unit tests
Change-Id: I71b27b1bb8200188a0a821afc977d7a9cc7fd968
Merge from Widevine repo of http://go/wvgerrit/43420
Remove or mark unused variables. Fix unsigned/signed comparisons.
bug: 73390805
test: unit tests
Change-Id: Ic523400a5decf82fae733042b260e0c39a087cd3
[ Merge of http://go/wvgerrit/43281 ]
Bug: 73164325
Test: WV unit/integration test, playback tests using Netflix and
Play Movies.
Change-Id: Ifc3dd8863da1616eb4a7df35ad010f53b6d5e3d2
[ Merge of http://go/wvgerrit/43240 ]
HDCP related changes were made in http://go/wvgerrit/42602. This
also changed the string values returned in the HDCP query command.
This CL reverts changes to the string values as were specified in
the Widevine Modular DRM Plugin vendor extensions document. Changing
them at this point will impact applications.
Bug: 70278160
Test: WV unit/integration tests, GtsMediaTestCases, playback using
Play Movies and Netflix.
Change-Id: I20171a8272aeeff5007cf90c9939b2ce1ce0fb13
[ Merged of http://go/wvgerrit/39766 ]
The security level (software/hardware, decryption/decode)
in the policy that specified how the key was to be used was
not being respected for L3. Playback would either continue or
a vendor specific error would be thrown.
If the device cannot use the key as permitted by the policy
CryptoException#ERROR_INSUFFICIENT_OUTPUT_PROTECTION will be thrown.
Bug: 31913737
Bug: 31913439
Test: WV unit/integration tests
Test: Playback using playmovies and netflix. Cast playback using
playmovies.
Change-Id: If25735ab0f789108431115623cb236687c5ef818
[ Merge of http://go/wvgerrit/42103 ]
* While deprecating keyboxes as identification, some code to
restore a license was mistakenly removed in http:://go/wvgerrit/36740,
http://ag/3442777
* Corrections to keep track of cipher mode, call SelectKeys when cipher
mode changes and to use the backward compatible LoadKeys call in case
OEMCrypto is v13.
Bug: 70160032
Test: Ran WV unit/integration tests. Request license test failures
have been addressed.
Change-Id: Id03c50874085af6d9985d10c19a74a02efb7a1f5
Merge from Widevine repo of http://go/wvgerrit/42102
The unit test should use the real system id if it is using a real
oemcrypto.
test: ran unit tests on sailfish.
bug: 72718962
Change-Id: Ib58a47976f85b840c6f34d379b1c020e7e85d59a
* changes:
Fix some unit tests
Add basic handling for entitlement keys in a license.
Refactor key sessions to move them out of crypto session.
Fix entitlement keys encryption and content key loading.
Merge from Widevine repo of http://go/wvgerrit/42020
This CL fixes the OEMCrypto unit tests for refresh license.
Test: ran unit tests
bug: 64851667
bug: 72497813
Change-Id: Ice1661fd832793358b725be9016d85465f6b8d14
Merge from Widevine repo of http://go/wvgerrit/41834
Key rotation is not yet supported.
The key statuses are updated from a license. The
mechanism expects content keys tro come in a license.
For entitlement licenses, the content keys come in the
init_data.
This code does not yet support the key rotation event.
(A new pssh with wrapped keys is a passed to the cdm)
The policy engine/key status mechanism needs to be
updated to handle updated from the init_data.
For now, the cdm builds a license with a key container
with the content keys and used that to call
PolicyEngine::SetLicense to setup the policy engine
and key statuses.
Bug: 64003606
Bug: 70334840
Test: In child CL
Change-Id: Ibf46a18f5321cab4ff6f1778ba30527942c8021f
[ Merge of http://go/wvgerrit/41840 ]
Bug: 69867619
Test: WV unit/integration tests
Playback using netflix and play movies on Taimen
Change-Id: I49d0dd9ae12322eecc80efb8cb744419c85e8ae5
This is a merge of Widevine cl 39040.
A few of the metrics were not implemented, or implemented incorrectly in
O MR1. This cleans them up
Bug: 64001676
Test: Re-ran unit tests and added some additional tests. GPlay Movies check.
Change-Id: I1e8bcc36fecd76e72d853306075bc46d82f45161
Merge from Widevine repo of http://go/wvgerrit/41680
These changes change the signature of LoadKeys to LoadKeys_V13 for the
Level 3. This change will be reverted once we update Level 3 to v14.
level3/x86/libl3oemcrypto.cpp Level3 Library 4464 Jan 23 2018 13:22:20
level3/arm/libl3oemcrypto.cpp Level3 Library 4445 Jan 23 2018 12:12:32
level3/mips64/libl3oemcrypto.cpp Level3 Library 7285 Jan 23 2018 15:48:51
level3/arm64/libl3oemcrypto.cpp Level3 Library 7283 Jan 23 2018 12:47:26
level3/mips/libl3oemcrypto.cpp Level3 Library 4465 Jan 23 2018 15:13:13
level3/x86_64/libl3oemcrypto.cpp Level3 Library 7284 Jan 23 2018 13:50:10
test: Play Movies plays on sailfish.
Change-Id: Ia492463cd15178b12908faa24af7fbbcfef22e77
Merge from Widevine repo of http://go/wvgerrit/41661
bug: 64001862 OEMCrypto V14 for Android P
test: Unit tests pass
Change-Id: I3314a881357c12ef63d7b257d83f6f0d07e4725a
This CL adds entitlement license features and moves cipher mode from
LoadKeys to SelectKeys.
Merge from Widevine repo of http://go/wvgerrit/41660
bug: 70334840 Entitlement License - cdm layer
bug: 70334345 Entitlement License - reference code and unit tests
test: Entitlement license unit tests pass.
Change-Id: Ic7d7f42c15e6d83ef7fcfd8a866c778adc4c8095
Merge from Widevine repo of http://go/wvgerrit/41621
This updates the dynamic adapter and some plugins to work with the new
OEMCrypto v14 API.
bug: 70334345 Entitlement License - reference code and unit tests
bug: 34103646 Encryption Scheme Propagation
bug: 69552641 Update OEMCrypto_LoadTestKeybox
bug: 69867568 OEMCrypto - Report Analog
test: In child CL.
Change-Id: I51349d15b779d52d245bd234867bbd2bbe7b9ae7
[ Merge of http://go/wvgerrit/41340 ]
An initial license request may actually result in a service certificate
request. Once the service certificate has been successfully handled,
an app may make a license request without needing to provide
the initialization data again. This behavior was broken in a recent
merge. Correcting the test as well.
b/72182032
Test: Ran wv unit/integration tests
Change-Id: I82401b9a3bf38140706dad859b4ae241b7ddac12
Merge from Widevine repo of http://go/wvgerrit/40883
The oemcrypto dynamic adapter will try to load a keybox from the
filesystem if oemcrypto reports it doesn't have one. Previously, it
would check the size of the file, and then open the file before
responding to errors. Opening a non-existant file would result in a
segfault.
With this CL, we do not try to open the file if the size is not
positive.
Test: unit tests
Bug: 72129404
Change-Id: I243b5d49837455c0ce07802e32e4d7e809286cfd
These are a set of CLs merged from the wv cdm repo to the android repo.
* Correct error logging
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/40000 ]
In tests, we set the cipher list to avoid using insecure
ciphers when connecting to the provisioning/license service.
The result of setting the cipher list was being incorrectly
validated.
Bug: 64847919
* Move mips cache headers to clear_cache_function.h
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39700 ]
Since the clear_cache function has been moved away from the dynamic
adapter, we need these conditional includes to be migrated as well for
MIPS.
* Comment out Level 3 debug call until merge
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39761 ]
This call was introduced in go/wvgerrit/34260/. Since the haystack tool
in google3 still needs this merge, this should be commented out so the
tool can still build until the merge has finished.
* Add logging for MAC keys to mock
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39740 ]
Bug: 70637842
* Move external interfaces into level3.h + refactor
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39673 ]
As part of b/70523618, this CL moves interfaces that partners are
responsible for in Level 3 to level3.h so they can be visible as
part of the CDM release process. It also cleans up some of the
names of the files and adds documentation.
* Corrected close session logging level
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39676 ]
Bug: 69460963
* Remove Security Level Path Backward Compatibility Support
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39505 ]
From the android K release onwards certificates were stored in
security level specific directories. If upgrading from
previous releases persistent information needed to be moved
to those directories.
Since no device is likely to upgrade from J to Pi, comptibility
support can be removed.
Bug: 70160032
* Rename privacy_crypto_openssl To privacy_crypto_boringssl
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37122 ]
Now that we no longer support OpenSSL in the Shared Source CDM, the name
of this file can be updated.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Remove Conditional Compilation from OpenSSL/BoringSSL
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/39460 ]
This change removes the usages of conditional compilation to support
both BoringSSL and OpenSSL, as well as to support multiple versions of
the OpenSSL API. All code is now compiled against one of the two
versions of BoringSSL in third_party/.
Note that in some cases, the kit/ and legacy_kit/ versions of BoringSSL
had different APIs, so when removing the OpenSSL version compatibility
conditional compilation, sometimes the older branch was kept and
sometimes the newer branch was kept.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Build CE & Jenkins CDMs With BoringSSL from third_party/
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37120 ]
Up until now, integrators have been responsible for providing a
compatible crypto library for use by the CE CDM. (either OpenSSL or
BoringSSL) After this change, this decision will no longer be in their
hands. The CE CDM build will always use the copy of BoringSSL in
third_party/, which will be statically linked with our library with
hidden visibility. This allows us to better control what crypto library
we use and will prevent continuing problems with trying to support both
OpenSSL and BoringSSL.
Unfortunately, BoringSSL began using C++11 in mid-2017, and we can't
support C++11 right now. Until we can, we need to use a C++11-free
version of BoringSSL for libssl. The CDM itself will continue to use a
recent BoringSSL, as it only needs libcrypto. But the unit tests that
need libssl have to use the legacy version.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Modified RNG for Level3 to use more entropy
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39220 ]
Bug: 65165076
Modified seed generation to use an xor of clock_gettime and
client-implemented code to supply random seeds to the RNG. Modified the RNG
as well to use xoroshiro128+ instead of xorshift, since it uses more
than one seed/state (which are 64-bit) and has higher "statistical quality".
The default implementations for the seed generation use /dev/urandom.
* Configure base path for Level3FileSystem
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39506 ]
This is in response to b/70354006. This change makes the
Android Level3FileSystem use the existing properties method
GetDevicesFilesBasePath for binderization. The same is done for the
Linux implementation.
* Add legacy_kit/ to BoringSSL Directory
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38861 ]
This adds a second copy of BoringSSL to the third_party/boringssl/
directory. This second copy is pinned to the last revision of BoringSSL
not to require C++11 and is not updated by the UPDATE_BORINGSSL.sh
script. This second copy will be used to provide libssl to the tests on
devices that do not support C++11.
Once we support C++11 in the CDM again, this weight should be removed
and all targets should use the copy of BoringSSL in the kit/ directory.
Bug: 67907873
* Use Shared Libraries for Unit Tests
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38860 ]
Some unit tests were using a statically-linked CDM instead of a
dynamically-linked one. (Or, in one case, trying to link both ways into
the same binary.) For now, we need to only link dynamically, so that the
unit tests and the CDM can use different versions of BoringSSL.
Long-term, we would like to test both kinds of linkage. (See b/69548115
for that.)
Some unit tests were also using a dynamicaly-linked CDM that was named
such that it appeared to be statically-linked. This patch renames some
targets to make the linkage clearer.
Bug: 67907873
* Change CDM_Backwards_Compatiblity_Tests to dedicated brances
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/39003 ]
The build scripts used by CDM_Backwards_Compatiblity_Tests now pull
old versions of oemcrypto from the dedicated branches oemcrypto-v*,
which [will eventually] contain old oemcrypto versions, that build
with the current build system with a current boringssl version.
bug: 67907873
* Fix spacing on level3 header
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/38760 ]
* Correct Query status calls
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38640 ]
Bug: 70160032
* Refactoring to allow encryption of client ID
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37460 ]
The code has been restructured to allow encryption of client
identification in provisioning requests. This will be enabled
when server side changes have been made (b/69427217).
* Additional information is included in the Client Identification
portion of the provisioning request.
* Client identification will be encrypted with a service
certificate provided by the app/client. Platform changes
to enable passing this to core are needed. If a service certificate
is not provided, a default one associated with the production Keysmith
will be used.
* Switched APIs in CdmEngine to take a service certificate for
provisioning rather than licensing. Service certificates for
licensing are session based and passed as properties from platform
code.
Bug: 30737060
* Allow some CDM errors to be reported from multiple locations
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38360 ]
This creates some CdmResponseType errors which may be reused
PARAMETER_NULL, NOT_INITIALIZED_ERROR, REINIT_ERROR.
I have made changes to a few classes to report these errors.
Will work on additional classes in a separate CL.
Bug: 69864404
BUG: 71650075
Test: WV Unit/integration tests
Change-Id: Icc048770d424ac537d11ff327cda2cb142da802d
