(This is a merge of http://go/wvgerrit/74844)
__attribute__ is not supported on all compilers, notably it's not
supported on MSVC. Commenting out the variable should suppress the
warning this is trying to fix.
Test: Android CDM Build
Bug: 122953649
Change-Id: I0101df1cca271415a6444e5455eb0085676bcabf
[ Merge of http://go/wvgerrit/74343 ]
This replicates a Netflix test that adds secure stops and removes them
one at a time, while some of the sessions are still open. Usage
enties will be deleted at the time, but the usage header table
will not be shrunk if the last entry is in use. This happens later when
sessions are closed and the last usage entry is no longer in use.
Bug: 120894148
Test: WV unit/integration tests, CE CDM tests
Change-Id: Ib572950afc61754fe5f3c417e650d5d08503425a
(This is a merge of http://go/wvgerrit/74628)
There is some old legacy behavior in CryptoSession for supporting
Chromecast. When a platform tries to use a combination of L3 and opaque
handles, it silently substitutes the type "clear buffers" instead.
No platform uses this behavior anymore. In fact, the CE CDM contains
code that explicitly prevents this case from being triggered. That code
has broken in every one of the last 3 releases. To allow the CE CDM to
end that bug farm, this patch removes the behavior that no one wants.
Bug: 112703532
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I7f70483fac46c75637da5378c5a8b1bf7a2c2860
[ Merge of http://go/wvgerrit/74443 ]
When deleting a usage entry, a crypto session may need to be closed
and reopened if a usage entry has previously been loaded. Before closing
this session, the usage entry/usage table header information should be
saved.
This is for completeness rather than correctness. Looking at code,
usage header and entry information are saved after the license
release has been generated. This change might be helpful in case
that changes in the future.
Bug: 115920873
Test: CE CDM unit tests, WV unit/integration tests
Change-Id: Ifc8f761497198247db31dab2f47e8323af783681
[ Merge from http://go/wvgerrit/72183 ]
Adds basic metrics for the usage table header. This adds the last rev of
cdm_session.cpp that was merged to the wv repo.
Bug: http://b/112919252
Test: Unit tests. Manual GPlay
Change-Id: I9494caf6fcdfb3d335ea10fe8b712585e95c79e5
(This is a merge of http://go/wvgerrit/73803)
While playing around with compiler settings, I found that
EntitlementKeySession::Type() is missing the `override` keyword.
Bug: 127498046
Test: CE CDM Build
Test: Android Build
Change-Id: I5a18dbbd425b0a493575a34b9f5f77b2d7c8f10d
(This is a merge of the parts of http://go/wvgerrit/73763 that affect
the Widevine Android CDM.)
Netflix found some cases of benign shadowing & unused parameters through
having different warning settings than we do. No harm in fixing these.
Bug: 126864496
Bug: 126864495
Test: CE CDM Build
Test: Android Build
Change-Id: Ifb2a705a64071900b69aea17d6add46a36068ebb
(This is a merge of http://go/wvgerrit/71883)
This moves all the SSL code to privacy_crypto so we can use the
iOS-specific versions and not use any BoringSSL. The iOS version
doesn't support OEM certificates.
Note that the tests still use BoringSSL.
Bug: 126559819
Test: build_and_run_all_unit_tests.sh
Change-Id: Ib0fad5d95b283b6cd6e02d8a08bcf248c5900bc4
Test: CE CDM tests, Android unit/integration tests
Merge of http://go/wvgerrit/73464
LoadEntitledContentKeys result is logged in SelectKey when it fails.
Requested as part of http://go/wvgerrit/73144.
Change-Id: I063497144ff3370b817e12c0535580e54cfec1d8
(This is a merge of http://go/wvgerrit/72867)
This patch replaces the previous static std::mutexes in CryptoSession
with shared_mutexes, allowing multiple readers to access the resources
they protect. For the shared fields, this means only Initialize(),
Terminate(), and the code that sets up the usage table headers needs
exclusive access. All other CryptoSession code is able to read these
fields in parallel.
For OEMCrypto, the static OEMCrypto lock is joined by a per-session
std::mutex, which are used in concert to enforce the OEMCrypto v15
threading guarantees.
On my machine this results in a noticeable increase in performance for
the parallel unit tests.
Bug: 70889998
Bug: 118584039
Test: CE CDM Unit Tests
Test: Android Unit Tests
Test: Jenkins Tests
Change-Id: Ie6332ae4926ed4f14af897685d37bfe63831b14f
Test: CE CDM tests, Android unit/integration tests
Bug: b/124773017
Merge of http://go/wvgerrit/73144
Since OEMCrypto supports one content key per entitlement key,
LoadEntitledContentKeys must be called every time we want to select a
key. EntitlementKeySession::SelectKey calls ContentKeySession::SelectKey
after loading the keys, which caches the key id from the previous call,
and if the key id hasn't changed, doesn't call SelectKey. This caching
is fine for content keys since we don't call LoadKeys every time, but
not fine for entitled keys since we do call LoadEntitledContentKeys
every time. So, we instead cache the current content key id per
entitlement key and only call LoadEntitledContentKeys and SelectKey if
the entitled content key id changes. Furthermore, the test
HandlesKeyRotationWithOnlyOneLicenseRequest is modified to complete
multiple decrypts per key to test this behavior.
Change-Id: I9d0d94e49da0fe1965beadbddec99d8dff744d73
[ Merge from http://go/wvgerrit/72724 ]
This adds a message that contains SDK and service version information
useful for debugging problems that occur because of different services.
BUG: 80536436
Test: Unit tests and manual GPlay testing.
Change-Id: I095f893b907ea7c2cd149155fb2cd4c7181e7bb2
(This is a merge of http://go/wvgerrit/72764)
Netflix has identified a calling pattern that causes this mutex to be
taken recursively. This is not guaranteed to be safe for Widevine's
old custom Lock implementation nor std::mutex. However, it is guaranteed
to be safe for std::recursive_mutex. This patch updates the mutex in use
accordingly.
In the long-term, this lock needs to be reconsidered, as already noted
by comments in the code. It would be great if the reconsidered locking
did not require a recursive-safe lock. The TODO for this has been spun
off into its own bug and the comment has been updated to point to this.
Bug: 120471929
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I34df64456de4b469b75caf25a33f0bc53a5da330
[ Merge of http://go/wvgerrit/72703 ]
SRM is an optional feature and whether it is implemented is upto the
discretion of OEMs. If it is not, avoid logging this information.
Bug: 124391178
Test: WV unit/integration tests
Change-Id: If8d2b1e0b59fb11825f832a5d4259b03c482fd6b
(This is a merge of http://go/wvgerrit/71325)
Widevine CE CDM and the buildbot now have parallel operations unit
tests. These tests are not relevant on Android since it is not possible
to call into the Android CDM from multiple threads. However, there is
one change in CdmEngine that needs to be copied over to Android for
consistency's sake.
Bug: 70889998
Bug: 118584039
Test: Android Build
Change-Id: Iea5df62be256383e832b4fcfbd5ff5090e3f3b03
(This is a merge of http://go/wvgerrit/71324)
This patch increases the granularity of the locking in CryptoSession
without substantially changing its locking semantics. Where before
there was a single |crypto_lock_| performing multiple duties, now
there are three locks:
1) |static_field_lock_|, which is used when needing to access the
non-atomic static member fields of CryptoSession.
2) |oem_crypto_lock_|, which is used when needing to call into
OEMCrypto.
3) |factory_lock_|, used only by the functions that interact with the
CryptoSession factory.
All the code in CryptoSession has been updated to use these locks. It
has also been updated to only hold them for the minimal amount of time
necessary, as opposed to holding them for a whole function. This should
help some with the ability of CryptoSession calls to happen
concurrently. To assist in taking locks in a consistent manner, two
helper functions, |WithStaticFieldLock()| and |WithOecLock()| have been
added. Also, for the very common case of reading |initialized_|, the
accessor |IsInitialized()| will read the value safely.
While changing all the code to lock differently, I found that some
places in CryptoSession were *not* locking before accessing static state
or calling into OEMCrypto. I have made these callsites consistent with
the rest of CryptoSession.
As a result of taking locks for only the minimum time necessary, it is
no longer necessary for functions to make assumptions about whether the
lock will already be held before they are called. Locks should not be
held while calling helper functions, and code should always take a lock
for the brief time it is necessary to do so.
In tests, including the concurrent unit tests coming in the following
patch, this code did not perform substantially better or worse than the
code that preceded it, but the hope is that it will experience less
contention on devices that are more resource-constrained than my
desktop, such as older game consoles.
This patch appears to address some real threading issues. Hopefully, it
will also make it easier to maintain soundness in the future and to
reason about when code in CryptoSession needs to take a lock.
This is the first step to implementing the "Finer-Grained Locking in
CryptoSession" specification. A future patch will make some of these
locks reader-writer locks, to allow even greater parallelism.
Bug: 70889998
Bug: 118584039
Bug: 123319961
Test: CE CDM Unit Tests
Test: Android Unit Tests
Test: GTS
Test: Play Movies
Test: Netflix
Change-Id: I346c04a5d9875723db54af33ee91772bf49ca12f
[ Merge from http://go/wvgerrit/71923 ]
Plumb through the device files error detail and add the detail to
metrics.
Bug: http://b/115382201
Test: Unit tests, manual GPlay.
Change-Id: I18139f6712b6670be5fed863a97f9f03440745c7
[ Merge from http://go/wvgerrit/71726 ]
Adds an error detail metric attribute to RestoreUsageSession and
RestoreOfflineSession. These metrics will now report an additional
attribute providing additional error detail for debugging.
BUG: http://b/115517916
Test: CDM Unit Tests. Manually tried GPlay.
Change-Id: Ib48361ef29d33a16150473d8967e4850bc0c623d
[ Merge from http://go/wvgerrit/71443 ]
The assumption that the metrics will always outlive the CdmSession
instance appears not to always hold (at least in a non-android
multi-threaded solution). The shared_ptr ensures that the metrics
are available even in these rare race conditions.
BUG: http://b/123321465
Test: CDM unit tests. Also http://go/wvgerrit/71264 parallel tests.
Change-Id: Iaa6a8f6c0fdc46a911789759d6e1228d849aa237
[ Merge of http://go/wvgerrit/71907 ]
The client token needed to be enabled in the license request.
Bug: 123369846
Bug: 123370099
Test: WV unit/integration tests
Change-Id: I4d3e944b1d79010977c119291594878c406b00c5
[ Merge from http://go/wvgerrit/69105 ]
This adds a metric collecting decorator class around cdm engine. This
implementation uses a templated decorator. The decorator enables:
1) Wrapping the CDM Engine methods to capture timing and error
information.
2) Allows use of a mock CDM Engine for testing.
Test: Unit tests. GPlay manual testing and GTS tests.
BUG: http://b/64724336
Change-Id: I5e4a0f552974fab1939bc7ab02719a1f5849cf3f
[ Merge of http://go/wvgerrit/71326 ]
Nonce flood, frame size, session and system invalidation errors
will now bubble up to the app. OEMCrypto v15 returns
OEMCrypto_ERROR_BUFFER_TOO_LARGE, OEMCrypto_ERROR_SESSION_LOST_STATE,
OEMCrypto_ERROR_SYSTEM_INVALIDATED and a variety of nonce errors.
These will be reported to HIDL as OUTPUT_TOO_LARGE_ERROR,
ERROR_DRM_SESSION_LOST_STATE, ERROR_DRM_INVALID_STATE and
ERROR_DRM_RESOURCE_CONTENTION.
Bug: 120572706
Test: Unit/Integration tests
Change-Id: Ida177300046327ce81592a273028ef6c3a0d9fd9
This reverts commit 408509efdc.
Reason for revert: just kidding. We want to run the tests on
old devices, too.
Change-Id: I920fa825380638122f638e057bcfbe98b5f7b301
Support overloaded isCryptoSchemeSupported method that
accepts a security level parameter
bug:110701831
test: cts media test cases, widevine integration tests, gts media tests
Change-Id: Ia84e40ff8d4f13fc06478e338e3238061e283dac
(This is a merge of http://go/wvgerrit/70666)
We need a reader-writer lock implementation in order to make use of the
new threading guarantees in OEMCrypto v15. However, we do not have
access to an STL reader-writer lock due to only being on C++11. This
patch adds a home-grown reader-writer lock, as well as tests to verify
that its behavior is sound.
Bug: 70889998
Bug: 118584039
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: Iaddcefb50e72452fbd27d04879eacf775484e675
Merged from http://go/wvgerrit/69723.
The new APIs are getOfflineLicenseIds, getOfflineLicenseState and
removeOfflineLicense. These methods are currently stubbed out in
Widevine hidl service. This CL completes the implementation.
Test: unit tests - libwvdrmdrmplugin_hidl_test
Test: GTS
--test com.google.android.media.gts.MediaDrmTest#testWidevineApi29
bug: 117570686
Change-Id: I96ffb75f453e36e931effefd3664b5faa8d69d30
