(This is a merge of http://go/wvgerrit/72867)
This patch replaces the previous static std::mutexes in CryptoSession
with shared_mutexes, allowing multiple readers to access the resources
they protect. For the shared fields, this means only Initialize(),
Terminate(), and the code that sets up the usage table headers needs
exclusive access. All other CryptoSession code is able to read these
fields in parallel.
For OEMCrypto, the static OEMCrypto lock is joined by a per-session
std::mutex, which are used in concert to enforce the OEMCrypto v15
threading guarantees.
On my machine this results in a noticeable increase in performance for
the parallel unit tests.
Bug: 70889998
Bug: 118584039
Test: CE CDM Unit Tests
Test: Android Unit Tests
Test: Jenkins Tests
Change-Id: Ie6332ae4926ed4f14af897685d37bfe63831b14f
Test: CE CDM tests, Android unit/integration tests
Bug: b/124773017
Merge of http://go/wvgerrit/73144
Since OEMCrypto supports one content key per entitlement key,
LoadEntitledContentKeys must be called every time we want to select a
key. EntitlementKeySession::SelectKey calls ContentKeySession::SelectKey
after loading the keys, which caches the key id from the previous call,
and if the key id hasn't changed, doesn't call SelectKey. This caching
is fine for content keys since we don't call LoadKeys every time, but
not fine for entitled keys since we do call LoadEntitledContentKeys
every time. So, we instead cache the current content key id per
entitlement key and only call LoadEntitledContentKeys and SelectKey if
the entitled content key id changes. Furthermore, the test
HandlesKeyRotationWithOnlyOneLicenseRequest is modified to complete
multiple decrypts per key to test this behavior.
Change-Id: I9d0d94e49da0fe1965beadbddec99d8dff744d73
[ Merge from http://go/wvgerrit/72724 ]
This adds a message that contains SDK and service version information
useful for debugging problems that occur because of different services.
BUG: 80536436
Test: Unit tests and manual GPlay testing.
Change-Id: I095f893b907ea7c2cd149155fb2cd4c7181e7bb2
(This is a merge of http://go/wvgerrit/72764)
Netflix has identified a calling pattern that causes this mutex to be
taken recursively. This is not guaranteed to be safe for Widevine's
old custom Lock implementation nor std::mutex. However, it is guaranteed
to be safe for std::recursive_mutex. This patch updates the mutex in use
accordingly.
In the long-term, this lock needs to be reconsidered, as already noted
by comments in the code. It would be great if the reconsidered locking
did not require a recursive-safe lock. The TODO for this has been spun
off into its own bug and the comment has been updated to point to this.
Bug: 120471929
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I34df64456de4b469b75caf25a33f0bc53a5da330
[ Merge of http://go/wvgerrit/72703 ]
SRM is an optional feature and whether it is implemented is upto the
discretion of OEMs. If it is not, avoid logging this information.
Bug: 124391178
Test: WV unit/integration tests
Change-Id: If8d2b1e0b59fb11825f832a5d4259b03c482fd6b
(This is a merge of http://go/wvgerrit/71324)
This patch increases the granularity of the locking in CryptoSession
without substantially changing its locking semantics. Where before
there was a single |crypto_lock_| performing multiple duties, now
there are three locks:
1) |static_field_lock_|, which is used when needing to access the
non-atomic static member fields of CryptoSession.
2) |oem_crypto_lock_|, which is used when needing to call into
OEMCrypto.
3) |factory_lock_|, used only by the functions that interact with the
CryptoSession factory.
All the code in CryptoSession has been updated to use these locks. It
has also been updated to only hold them for the minimal amount of time
necessary, as opposed to holding them for a whole function. This should
help some with the ability of CryptoSession calls to happen
concurrently. To assist in taking locks in a consistent manner, two
helper functions, |WithStaticFieldLock()| and |WithOecLock()| have been
added. Also, for the very common case of reading |initialized_|, the
accessor |IsInitialized()| will read the value safely.
While changing all the code to lock differently, I found that some
places in CryptoSession were *not* locking before accessing static state
or calling into OEMCrypto. I have made these callsites consistent with
the rest of CryptoSession.
As a result of taking locks for only the minimum time necessary, it is
no longer necessary for functions to make assumptions about whether the
lock will already be held before they are called. Locks should not be
held while calling helper functions, and code should always take a lock
for the brief time it is necessary to do so.
In tests, including the concurrent unit tests coming in the following
patch, this code did not perform substantially better or worse than the
code that preceded it, but the hope is that it will experience less
contention on devices that are more resource-constrained than my
desktop, such as older game consoles.
This patch appears to address some real threading issues. Hopefully, it
will also make it easier to maintain soundness in the future and to
reason about when code in CryptoSession needs to take a lock.
This is the first step to implementing the "Finer-Grained Locking in
CryptoSession" specification. A future patch will make some of these
locks reader-writer locks, to allow even greater parallelism.
Bug: 70889998
Bug: 118584039
Bug: 123319961
Test: CE CDM Unit Tests
Test: Android Unit Tests
Test: GTS
Test: Play Movies
Test: Netflix
Change-Id: I346c04a5d9875723db54af33ee91772bf49ca12f
[ Merge from http://go/wvgerrit/71923 ]
Plumb through the device files error detail and add the detail to
metrics.
Bug: http://b/115382201
Test: Unit tests, manual GPlay.
Change-Id: I18139f6712b6670be5fed863a97f9f03440745c7
[ Merge from http://go/wvgerrit/71726 ]
Adds an error detail metric attribute to RestoreUsageSession and
RestoreOfflineSession. These metrics will now report an additional
attribute providing additional error detail for debugging.
BUG: http://b/115517916
Test: CDM Unit Tests. Manually tried GPlay.
Change-Id: Ib48361ef29d33a16150473d8967e4850bc0c623d
[ Merge from http://go/wvgerrit/71443 ]
The assumption that the metrics will always outlive the CdmSession
instance appears not to always hold (at least in a non-android
multi-threaded solution). The shared_ptr ensures that the metrics
are available even in these rare race conditions.
BUG: http://b/123321465
Test: CDM unit tests. Also http://go/wvgerrit/71264 parallel tests.
Change-Id: Iaa6a8f6c0fdc46a911789759d6e1228d849aa237
[ Merge of http://go/wvgerrit/71907 ]
The client token needed to be enabled in the license request.
Bug: 123369846
Bug: 123370099
Test: WV unit/integration tests
Change-Id: I4d3e944b1d79010977c119291594878c406b00c5
[ Merge from http://go/wvgerrit/69105 ]
This adds a metric collecting decorator class around cdm engine. This
implementation uses a templated decorator. The decorator enables:
1) Wrapping the CDM Engine methods to capture timing and error
information.
2) Allows use of a mock CDM Engine for testing.
Test: Unit tests. GPlay manual testing and GTS tests.
BUG: http://b/64724336
Change-Id: I5e4a0f552974fab1939bc7ab02719a1f5849cf3f
[ Merge of http://go/wvgerrit/71326 ]
Nonce flood, frame size, session and system invalidation errors
will now bubble up to the app. OEMCrypto v15 returns
OEMCrypto_ERROR_BUFFER_TOO_LARGE, OEMCrypto_ERROR_SESSION_LOST_STATE,
OEMCrypto_ERROR_SYSTEM_INVALIDATED and a variety of nonce errors.
These will be reported to HIDL as OUTPUT_TOO_LARGE_ERROR,
ERROR_DRM_SESSION_LOST_STATE, ERROR_DRM_INVALID_STATE and
ERROR_DRM_RESOURCE_CONTENTION.
Bug: 120572706
Test: Unit/Integration tests
Change-Id: Ida177300046327ce81592a273028ef6c3a0d9fd9
Support overloaded isCryptoSchemeSupported method that
accepts a security level parameter
bug:110701831
test: cts media test cases, widevine integration tests, gts media tests
Change-Id: Ia84e40ff8d4f13fc06478e338e3238061e283dac
Merged from http://go/wvgerrit/69723.
The new APIs are getOfflineLicenseIds, getOfflineLicenseState and
removeOfflineLicense. These methods are currently stubbed out in
Widevine hidl service. This CL completes the implementation.
Test: unit tests - libwvdrmdrmplugin_hidl_test
Test: GTS
--test com.google.android.media.gts.MediaDrmTest#testWidevineApi29
bug: 117570686
Change-Id: I96ffb75f453e36e931effefd3664b5faa8d69d30
[ Merge of http://go/wvgerrit/71103 ]
A content provider may specify a provider client token in a license.
This is a client token generated by a provider. If present in a license,
they will now be included in a license renewal request.
Bug: 34386290
Test: WV unit/integration tests
Change-Id: I3db303ea4d8b4ff4495393be4015b49e13db2ffc
[ Merge of http://go/wvgerrit/70386 ]
This allows error codes from device files to be added as sub-errors when
errors such as GET_LICENSE_ERROR are encountered.
Bug: 112357085
Bug: 115382201
Test: WV unit/integration tests
Change-Id: I505a87086ce584efc7e482984c0f132ac5329e16
(This is a merge of http://go/wvgerrit/70667)
Request ID Index generation has historically worked by incrementing a
shared variable in one place and reading it in another place and
trusting the fact that CdmLicense calls these operations in a certain
order and only once per session to give each session a unique value.
This patch cleans this up a bit, having each session store the current
Request ID Index at the same time as it stores its Request ID Base. This
guarantees that each CryptoSession will receive a unique but stable
combination of Base and ID rather than relying on the calling pattern.
Since all this generation happens during the same function, the full
Request ID can be generated up-front and stored, making
GenerateRequestId() no longer necessary.
This patch also simplifies the threading story around this shared state
by using a std::atomic<uint64_t>. Bringing the code that interacts with
the shared state together into one place and replacing it with atomic
operations will simplify locking around this code when CryptoSession
locking is revamped in a future patch.
Bug: 70889998
Bug: 118584039
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I12d2f6501f872f1973e5a9af5125ca03f23e5a56
[ Merge of http://go/wvgerrit/70665 ]
This allows one to be able to query for security level, from
Crypto factory methods before the plugins and CdmEngine objects
have been created.
Bug: 117104043
Test: WV Unit/integration tests
Change-Id: Id07f420c3cfb92166cd3bb3cf82148d52e10eb03
[ Merge of http://go/wvgerrit/65983 ]
Add support to drop closed metrics in order to save space for
long-running applications (and CdmEngine instances). The code now keeps
only a limited number of metrics collections after the session is closed.
As a session (and its metrics session) is closed, the oldest, closed metrics
session is dropped. This means those metrics will not be reported nor
accessible in the client.
Bug: http://b/118664842
Test: CDM Unit tests. Android Unit Test. Ran GPLay Manually.
Change-Id: I27d6e61a8fe4148ad1ef2a433c8e5f4cdd84cc72
[ Merge of http://go/wvgerrit/70543 ]
RestoreOfflineLicense and RestoreLicenseForRelease now return
CdmResponseType errors rather than a boolean. These error codes
can now be used when gathering metrics.
Bug: 115517916
Test: WV unit/integration tests
Change-Id: If4784d2cdd9825948c5dec31d3e60058ea06b61d
(This is a merge of http://go/wvgerrit/70303)
This adds a platform.h file to abstract some of the differences
between Windows and POSIX platforms. This includes ntohl, setenv,
and ssize_t.
Bug: 122953649
Test: Android Unit Tests
Change-Id: I3235f3f284b53d24d7365ff3f4a06dcd9b403697
(This is a merge of http://go/wvgerrit/70383)
Up until now, implementations of Properties::Init() have had to handle
potentially being called multiple times, at any point during runtime. In
practice, this has meant little for the actual implementations, and all
of them have committed the error of blowing away mutated property state
if the method is re-run at the wrong time.
This patch makes the platform implementations a private function,
Properties::InitOnce(), which Properties::Init() ensures will never be
called more than once per run.
Bug: 112046733
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: If33f5e37abfad5d26da8380b4bc25fc018450970
Bug: b/121214641
Merge of http://go/wvgerrit/69703
Test: Android + Linux unit tests
LoadEntry attempts to handle INSUFFICIENT_RESOURCES by deleting an entry
and retrying, but it's possible that the randomly-generated number of
the entry to be deleted might match the entry we want to load. In this
case, we have wasted a retry, since the code just continues on to the
next iteration. This is changed to generate a number different from the
entry to load. Furthermore, if the number of usage entries is 1, we
break since there are no more entries to delete besides the one we want
to load. The code is also changed to call srand in the creation of the
usage_table_header, since without it, rand() would produce the same
values, and similarly, our random generation is changed to use a simple
mod. Tests are modified to reflect these changes.
Change-Id: I95e125b8adbd85d0189f9d40ca15f3fe69e6d6b9
[ Merge of http://go/wvgerrit/69724 ]
Some queries no longer require a session to be opened before they
can be answered - security level, current HDCP level, max HDCP level,
usage support, number of open sessions, max sessions,
OEMCrypto API version, current SRM version, SRM update support,
resource rating tier and OEMCrypto build information.
b/117104043
Test: WV unit/integration tests
Change-Id: I92f8249e5599860da8cbf42d3b16f25515a46c55
[ Merge of http://go/wvgerrit/68083 ]
Add ability to query decrypt hash support, set a hash computed over a frame
and retrieve the last error at a later point.
Bug: 34080802
Test: WV unit/integration tests. New tests added to cdm_engine_test,
libwvdrmdrmplugin_hidl_test and request_license_test.
Change-Id: I7548c8798c873a6af3e1cfc0df57c117e1e474a6
Merge of http://go/wvgerrit/68986
Bug: b/120797208
Test: Android + Linux unit tests
OEMCrypto v15.1 introduced changes to full decrypt path testing.
This CL reflects those changes for the Level 3 code, including
removing InitializeDecryptHash and changes to error reporting.
Change-Id: I09cec6743524d326cb1a6c3ba4dd1764dbefff5f
Merge from Widevine repo of http://go/wvgerrit/68464
The Full Decrypt Path Testing design has changed to remove
OEMCrypto_InitializeDecryptHash. This CL updates the unit tests and
reference code.
Bug: 120795057
Test: unit tests
Change-Id: Iee28fa9034dc21cee81c5b894c192e260375eeee
Import from http://go/wvgerrit/68385
Adds the build information returned from OEMCrypto_BuildInformation()
to the CDM session metrics.
Bug: 117117555
Test: Unit tests. GPlay manual. GTS Tests.
Change-Id: I505c46fec61a7c62538f843185ec0358f860da79
Import of http://go/wvgerrit/68188
This adds an attribute to metrics indicating if the license was online
or offline.
Also, added a unit test for CdmEngineMetricsImpl.
Test: Unit tests. GPlay manual. GTS tests.
Bug: 115523917
Change-Id: Id315c643048914a2c51904451f9665987bc87eb7
Bug: b/70299597
Merge of http://go/wvgerrit/67304
Test: Android, CE CDM, and Linux tests
There's a few different things that can go wrong in the L3
initialization, with seeding and device key failures among others. They
should be recorded in metrics to track. Along the same lines, since
multiple errors can happen in conjunction, metrics needs to change to
add more fields for errors. This CL also adds the
hidl_metrics_adapter_unittest to the Android test scripts.
Change-Id: Ie5bcf81bbe294a1136c58410f90087a13b3d911d
[ Merge of http://go/wvgerrit/67884 ]
Now that we can use C++11, we should use the cross-platform std::mutex
type, not the custom pthread version.
Bug: 111850982
Test: WV unit/integration tests
Change-Id: If2fde2836826c5184609e6b1f3a6511206bd4594
* changes:
Changes to adapter + gyp to support v15
Add full decrypt path testing functionality to Level 3
Update pointers to substrings in Level 3
Update level 3 reference API for v15
[ Merge of http://go/wvgerrit/67324 ]
This introduces the ability to query resource rating tier information
through the plugin and CDM. Resource rating tiers are also
sent in the client identification portion of the license request.
Bug: 117112392
Test: WV unit/integration tests
Change-Id: I68ac6dfc4362f61150af822bd526e346b5cc4bf7
[ Merge of http://go/wvgerrit/67323 ]
This allows the client to report resource rating tier in
ClientIdentification.
Bug: 117112392
Test: WV unit/integration test
Change-Id: I5bcbd5217c376cb52be2548ee63e0b0232b411d3
