Merge from Widevine repo of http://go/wvgerrit/96783
This CL updates the reference code, unit tests, and adapter to use the
new v16 function OEMCrypto_LoadDRMPrivateKey. This is just an API
change to allow ECC support in the future. The reference code does not
yet support ECC certificates, and the CDM code assumes that all
certificates have an RSA key.
Bug: 152558018
Test: unit tests on taimen and w/v16 mod mock.
Change-Id: I0793b416513b81b3d74849f0b58dbdc91f075ac6
[ Merge of http://go/wvgerrit/95405 ]
There are several OEMCrypto functions that do not require an open
session to be called. This change updates the OEMCrypto functions
related to the Usage Table Header.
Bug: 150888316
Test: Linux unit tests and Android build
Change-Id: Ic879876dd190fb3e058bbe8e0cce37273030b105
[ Merge of http://go/wvgerrit/95404 ]
There are three situtations where error codes from a usage table
operations were not being mapped to unique CDM response types. These
particular errors provide useful information for the CDM during table
defragging.
Also fixed misspelled error code.
Bug: 150890014
Bug: 150891685
Test: Linux unit tests and Android build
Change-Id: I683abdd5fc0871317eede960ea36cfafac7e7f49
Merge from Widevine repo of http://go/wvgerrit/95087
The ODK library is used in OEMCrypto, and in test code, but it is not
needed in the CDM layer. As such, it can be removed from the
Android.mk for cdm libraries.
Bug: 150809634
Test: unit tests
Change-Id: If29458e7d3d940f9a383d77e5082e7388e19c32f
(This is a merge of http://go/wvgerrit/95003.)
To reduce the number of OEMCrypto calls on the decrypt path, the maximum
subsample size will now be cached after the first call to retrieve it.
Bug: 150018606
Test: Android Unit Tests
Test: CE CDM Unit Tests
Test: ExoPlayer high-bitrate playback on OEC v15
Change-Id: I0b5d38d8a082c0a127d2a47f112b76c64085bddb
(This is a merge of http://go/wvgerrit/94928.)
In OEMCrypto v16, we dropped support for 'cens' and 'cbc1'. However, we
did not redefine the pattern (0,0) to be a valid pattern for 'cbcs', even
though it was no longer being used to signal 'cbc1'. Instead, we made
the CDM reject CTR with a pattern ('cens') and CBC with a (0,0) pattern
('cbc1') to mirror the behavior of OEMCrypto v16.
However, some apps have been using 'cbc1' mode to decrypt audio in
'cbcs' content. This is normally not possible but is possible for a
subset of content. Furthermore, it is easy to do by accident because of
the way most packagers package 'cbcs' audio and the special significance
Widevine has historically given the (0,0) pattern.
This patch updates the CDM to not reject CBC with a (0,0) pattern but
instead treat it as 'cbcs' content. To decrypt it correctly, the pattern
is treated specially inside the CDM core and converted to the
recommended equivalent pattern — (10,0) — before passing the content to
OEMCrypto.
For more specifics, please see the design doc: http://go/vclfg
Bug: 150219982
Test: ExoPlayer Demo App 'cbcs' Content
Test: GTS 'cbcs' Content
Change-Id: I334ff15db5f7b7d62040a036ba6d17515c3caee4
[ Merge of http://go/wvgerrit/94483 ]
With OEMCrypto V16 comes a new potential error code from calls to
DecryptCENC(). WARNING_MIXED_OUTPUT_PROTECTION may be returned by
supporting devices if one of the output devices does not meet the
required HDCP level for the decryption key/license; however the output
is instead restricted (by OEMCrypto) to devices that are secure. This
warning is informative to the CDM; but no action can/should be taken
by the CDM.
In addition, if DecryptCENC() returns an error/warning, it is likely
that the same status code will be returned on subsequent calls to
decrypt within the same crypto session. To reduce the number of logs
the CDM produces within the same crypto session only changes in error
codes are logged.
Bug: 140825538
Change-Id: Iaf9da3f0c88889525f73f3153a5977c8416286bb
(cherry picked from commit d9c703ef9e)
Merged-In: Iaf9da3f0c88889525f73f3153a5977c8416286bb
Merge from Widevine repo of http://go/wvgerrit/94523
For OEMCrypto v16, a renewal does not get a new nonce.
Bug: 149856581
Test: WvCdmRequestLicenseTest.StreamingLicenseRenewal
Change-Id: I258f0bcb9c9a417310785f130d32d66fa7430185
Merge from Widevine repo of http://go/wvgerrit/94243
When generating a second provisioning request, a new session should be
opened because a session can only have one nonce for v16.
For Provisioning 3.0 devices, the OEM Cert's private key must be
loaded in the new session.
Test: WvCdmRequestLicenseTest.ProvisioningInterposedRetryTest
Bug: 135288420 Nonce reuse
Bug: 141655126 Cert reload
Change-Id: I8a96566142c4d4380e2bdd571e8d363a7a1f74d4
(This is a merge of http://go/wvgerrit/93829,
http://go/wvgerrit/93830, http://go/wvgerrit/93832,
http://go/wvgerrit/93833, and http://go/wvgerrit/93834 from the
Widevine repo.)
This implements the CDM code changes necessary to take advantage of
Combined Decrypt Calls on OEMCrypto v16. The result of this is that
WVCryptoPlugin is much lighter now because it can pass the full sample
down to the core in one call, but CryptoSession is heavier, as it now
has to handle more complex fallback logic when devices can't handle
multiple subsamples at once.
This patch also removes support for the 'cens' and 'cbc1' schema, which
are being dropped in OEMCrypto v16. This fixes an overflow in the code
for handling those schemas by removing it entirely.
This patch also fixes the "in chunks" legacy decrypt path to use larger
chunk sizes on devices with higher resource rating tiers.
Bug: 135285640
Bug: 123435824
Bug: 138584971
Bug: 139257871
Bug: 78289910
Bug: 149361893
Test: no new CE CDM Unit Test failures
Test: Google Play plays
Test: Netflix plays
Test: no new GTS failures
Change-Id: Ic4952c9fa3bc7fd5ed08698e88254380a7a18514
[ Merge of http://go/wvgerrit/93865 ]
This allows for handling of timer and clock values as supported when both
the license service and the OEMCrypto on the device support v16.
A flag based on a value in the SignedResponse license indicates
whether this support should be enabled. A new class PolicyTimerV16
performs the duration value evaluation.
Bug: 139372190
Test: Android WV unit/integration tests
Change-Id: Iacbbd51ad26c9f29cb5418ff832f8822982644b7
[ Merge of http://go/wvgerrit/93838 ]
Some more rework of policy engine/policy timers code to support
timer and clock value handling introduced by OEMCrypto v16.
Changes are
* renamed methods to include rental duration since policies for v16 use
rental and playback duration for all licenses. Previously rental and
playback durations enforced timing for persistent licenses and license
duration was used for streaming licenses.
* Moved some common code to the base PolicyTimer class from
PolicyTimerV15.
* Corrected data member naming (policy_timers -> policy_timers_)
* Updated comments
Bug: 139372190
Test: Android WV unit/integration tests
Change-Id: Id925ddcc14608a8500f30c2c68486d91608a9abe
[ Merge of http://go/wvgerrit/93564 ]
OEMCrypto v16 introduced the ability to report the maximum possible
size of the usage table to the CDM. The LRU algorithm will take the
table capacity into account when deciding which entry is removed.
Bug: 148795097
Bug: 135298906
Test: CDM unit tests
Change-Id: Ibba88813618c13a9bf1121e560b8cc02b1c7e7a6
[ Merge of http://go/wvgerrit/89848 ]
Apps query a number of properties at initialization. The mediaDrm
API getProperty allows the query of a single property at a time.
This causes a series of requests. If no crypto
sessions are concurrently open, a series of expensive OEMCrypto
Initialization and Termination calls will occur.
In this change OEMCrypto termination is delayed. If an OEMCrypto
Terminate is followed in close succession by an Initialize, neither
will occur avoiding the overhead. A timer enables a countdown process.
If no session activity occurs, the timer will eventually terminate
OEMCrypto and exit.
Bug: 136282358
Test: Android unit/integration tests
Change-Id: I442b7919b4e7835c52583516c8bc64d0c150241d
[ Merge of http://go/wvgerrit/89847 ]
This adds a platform specific property that allows OEMCrypto Termination
calls to be delayed. On android this allows a way to avoid
expensive back to back OEMCrypto_Terminate followed by Initialize
calls.
Bug: 136282358
Test: wv unit/integration tests
Change-Id: Ie5b4ff7503dafe77d974caac9c52fc1f169dec89
Merge from Widevine repo of http://go/wvgerrit/93824
This treats an empty core message as not having a core message.
Bug: 149110740
Change-Id: Icacfc5d9a5bdce9b136c25c59205eee575cfba72
Tests: Ran ExoPlayer on taimen
[ Merge of http://go/wvgerrit/93743 ]
Reworks policy engine in preparation for changes to support timer and
clock value handling by OEMCrypto core messages in OEMCrypto v16.
No major functional changes have yet been introduced. Time and duration
evaluation has been devolved to a new policy timer class. Policy
specific to licenses that do not support OEMCrypto core messages
is handled by a Policy Timer V15 class. This ensures backward compatibility.
Backward compatibility may be needed if
* OEMCrypto has not been upgraded to v16
* Licenses were persisted before the device was upgraded to v16
* License service does not yet support core messages
Some minor changes to when the current time was retrieved required
minor modification to test expectations.
Bug: 139372190
Test: Android unit/integration tests
Change-Id: I420fb181f656ed9a6bfe54f09e8b398c130d23da
[ Merge of http://go/wvgerrit/93506 ]
This updates the license_protocol.proto to match the one used by
the license service. It introduces new fields such as
|soft_enforce_rental_duration|. Additional changes address proto field
naming changes.
Bug: 139372190
Test: WV android unit/integration tests
Change-Id: Id0c38b457e9079c0afc6848c355c07f96a19e073
This CL merges some missed pieces of the merge from Widevine repo of
http://go/wvgerrit/93405
Test: unit tests
Bug: 147879734, 147396294, 141247171
Change-Id: I3b92b983f68f6a529f109bc5dec91b313e3fd7fb
[ Merge of http://go/wvgerrit/93505 ]
During the merge process there were a few CL comments (ag/10122083)
that were not able to be addressed. Most changes in the CL are
spelling / grammar corrections.
Bug: 148907684
Bug: 141247171
Test: CDM unit tests
Change-Id: I9a8648525bbe5ed319521ebf01741a958ab69ae2
Merge from Widevine repo of http://go/wvgerrit/93404
This is the unit tests, reference code, and documentation for
OEMCrypto v16.2. Backwards compatibility should work for a v15
OEMCrypto.
Some review comments will be addressed in future CLs.
Bug: 141247171
Test: Unit tests
Test: Media GTS tests on bonito
Change-Id: I9d427c07580e180c0a4cfdc4a68f538d351c0ddd
Merge of http://go/wvgerrit/93404
This CL updates the Widevine CDM to support OEMCrypto v16.1
Test: Tested in 16.2 CL
Bug: 141247171
Change-Id: I69bd993500f6fb63bf6010c8b0250dc7acc3d71b
[ Merge of http://go/wvgerrit/88016 ]
In the event of an LRU replacement event on AddKey, we gather some
metrics on what the state of the usage table is and some info on the
the entry that was removed.
Metrics collected:
- How many usage info (streaming license) in the table
- How many offline licenses in the table
- What type of entry was evicted from the table
- How stale (time since last use) was the evicted entry
This also enables unit tests for marshalling the metrics into proto
message on Android unit test.
Bug: 135046978
Test: Android and Linux unit tests
Change-Id: If8e562ae6f98270a0e6c5aa4251127ce9b79a8b0
[ Merge of http://go/wvgerrit/89906 ]
The change allows the GetDecryptHashSupport method to return
an error.
Bug: 144851430
Test: WV android unit/integration tests
Change-Id: Ib3b95788adb21b5ed0daee51ad338f9674b04c3c
[ Merge of http://go/wvgerrit/89888 ]
A macro validates parameters in CryptoSession and return a
specified error code. Some error codes have been retired and replaced with
the error code PARAMETER_NULL.
Bug: 136123217
Test: Android unit/integration tests
Change-Id: I6ecbad53e87cce04dfd9ea27861400e83044cf5e
[ Merge of http://go/wvgerrit/87283 ]
SPOIDs (Stable Per-Origin IDentifiers) were not correctly being
set during CdmEngine construction. This resulted in SPOID values not
being sent in provisioning requests. This caused the serial number in
the drm certificate to not be stable after a reprovision.
This behaviour appears to be true going back to O.
CdmEngine no longer takes a SPOID in the constructor since not all
callers use SPOIDs. A setter has been added in its place. Previously
spoid had a default argument to the constructor.
Bug: 142368328
Test: android unit/integration tests
Change-Id: I711346df609636ecf1475dc37873454a7ef000c0
[ Merge of http://go/wvgerrit/87905 ]
Protobuf parsing of the provisioning message has been centralized in
certificate_provisioning.cpp since it will be invoked from
multiple locations. This will also ease maintainability of the code.
Bug: 142731300
Test: android unit/integration tests
Change-Id: Idebf6b0145b317698559cac1cf18a3a0b98315ad
[ Merge of http://go/wvgerrit/86444 ]
When the CDM engine attemped to remove all usage information across
both L1 and L3, a failure in L1 was being ignored if L3 removal
succeeded.
For this fix, L1 failure codes are prioritized over L3 failure codes
(should both L1 and L3 fail).
Bug: 141272019
Test: Linux unit test and Android unit tests
Change-Id: I2df6d47a2a57c373c6c76903ab33ebbf649005b3
(This is a merge of http://go/wvgerrit/86383)
When Key Sessions were added to CryptoSession, the initialization of the
initial Key Session was placed at the end of the initialization of the
owning CryptoSession. That's all well and good except the block right
before that assumed that it was safe to abort initialization early in
order to swallow errors when setting up usage tables. As a result, if
anything caused usage table initialization to fail, it would leave the
CryptoSession without a Key Session, resulting in an inevitable segfault
further down the line.
There's no reason the Key Session can't be initialized first. This
change moves initialziation order around to avoid the bug.
Bug: 141021960
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: Ic78005c831d2a24d7d6de22df54462b2bd7085f0
[ Merge of http://go/wvgerrit/85743 ]
There were a few methods that did not check that the output parameter was not
set to null befor assigning to. The new checks follow a similar pattern that
is used for DeviceFiles.
Bug: 135207278
Test: Linux unittest and Android tests
Change-Id: Idff25a71dd7a6db99f7f9c2dcf4949ac683208cc
(This is a merge of http://go/wvgerrit/84510)
When the CE CDM 3.5 behavior around service certificates was originally
implemented, it allowed sessions to be created if a service certificate
had not yet been installed, in keeping with the EME spec. However, the
service certificate in use at session creation time was cached, and so
there was a bug where any sessions open before a service certificate was
installed would never be updated with any future service certificates.
The code also caused problems for Android. When it was merged to master,
it was fixed to simply not allow session creation on CE CDM without a
service certificate. However, this created an impedance mismatch between
the CE CDM and EME that has caused pain for Shaka Player Embedded,
Chrome, Chromecast, Fuchsia, and likely every partner that is trying to
implement a fully-compliant EME stack on top of CE CDM.
Removing the code that blocks session creation without a service
certificate is easy. Fixing the bug that motivated it is not. Removing
the caching is not possible because Android needs it for certain
behavior on its end. So instead, the CE CDM will have to iterate over
all open sessions and update their service certificates if the installed
service certificate changes.
Test: CE CDM Unit Tests
Test: Android Unit Tests
Bug: 111766009
Change-Id: I1bd70553e2209b823a6acdc221c0497a5f3181b2
[ Merge of http://go/wvgerrit/84990 ]
Storing and retrieving licenses from device files had required 15
parameters to the DeviceFiles methods. Now, licenses information is
bundled together in a single struct `CdmLicenseData`, similar to
`CdmUsageData`.
Bug: 137882164
Test: Linux and Android unittest
Change-Id: I149b39573800e7c66681343b252b41341a8902f7
[ Merge of http://go/wvgerrit/84607 ]
[ Merge of http://go/wvgerrit/84608 ]
The primary goal is to replace the use of `rand()` with the random
number generators provided with the C++11 standard.
This simplified generator wraps some of the technical aspects of the
<random> library and provides an interface for uniformly distributed
integers.
As part of the `rand()` purge in the CDM, all uses of the C random int
function in `core()` have been removed. Places that previously used
`rand()` now use `CdmRandom` facilities.
Test: Linux unittest and Android unittest
Bug: 130680365
Change-Id: Ica383870536ed462dbb80e630c2d66845e38b937
[ Merge of http://go/wvgerrit/84647 ]
[ Merge of http://go/wvgerrit/84648 ]
Replacing most instances of C's NULL with C++'s nullptr. Also changed
how a NULL check is performed on smart pointers. They provided an
implicit boolean operator for null checks, meaning the underlying
pointer does not need to be compared directly (as it was in some places
before).
Note that clang-format has performed additional changes to some of the
test files that have not yet been formatted.
Bug: 120602075
Test: Linux and Android unittests
Change-Id: I06ddebe34b0ea6dfecedb5527e7e808e32f5269a
[ Merge of http://go/wvgerrit/83423 ]
[ Merge of http://go/wvgerrit/83424 ]
[ Merge of http://go/wvgerrit/83425 ]
[ Merge of http://go/wvgerrit/83426 ]
[ Merge of http://go/wvgerrit/83427 ]
Types of cleanup:
- Removed function / class prefixes from the logs.
- Fixed log string format options to match the types passed
- Corrected small spelling mistakes / typos
- _Tried_ to make the log format more consistent
- Added static_cast<int> conversion on enumerations when logged
- Changed several LOGE to LOGW and vice versa
- Used LOGE if the triggering condition stops the method/function
from completing its task
- Used LOGW if the triggering condition changes the expected
outcome but does not stop the rest of the method/function's
task
- Changed several instances of `NULL` to `nullptr`
- Ran clang-format on files after cleanup
This is part of a larger code quality effort in Widevine DRM.
Test: WV linux unittests and WV Android unit tests
Bug: 134460638
Bug: 134365840
Bug: 136123217
Change-Id: I958ec70ef99eef95c38dbebd7a1acd62ef304145
