(This is a merge of go/wvgerrit/20500)
This patch removes the logic that calculates the "pattern offset" from
the Android glue layer. There is no such thing as a pattern offset, and
setting this value to anything other than zero may break cens mode on
some devices.
To reduce the risk of setting this value to anything other than zero,
the offset_blocks parameter has been removed from the pattern descriptor
in the CDM Core. It will have to remain part of OEMCrypto v11,
unfortunately, but the code to set it to zero is now centralized in
CryptoSession.
Bug: 28726863
Change-Id: I9c5bfe470fe251c7a57901dc2e998f4dab7fe7d7
(This is a merge of go/wvgerrit/20402)
This updates the version number to v4.1.0 for the NYC-MR1 release. It
also updates the canary to pass on the nyc-mr1-dev branch.
Bug: 30813903
Change-Id: I05de038ff52e9f7633efff7011052b48b59d90fa
[ Merge of http://go/wvgerrit/19960 ]
Protections schemes are specified using a 4CC code {"cbc1", "cbcs",
"cenc", "cens"}. A host to network conversion was performed when the
PSSH was created and inserted into the license request. A reverse
conversion was performed when the code was extracted from the
license response.
These conversions are problematic if the PSSH is created externally and
passed into mediaDrm. To address this, the conversions have been removed
and allow protobuf to handle byte ordering. For backward compatibility
we allow codes in either ordering.
b/30713238
Change-Id: I25f01ecc621549fd3c13b443e4c8b89168463249
This makes it easier to translate an error code
number to the corresponding enum.
Merge of https://widevine-internal-review.googlesource.com/18793/
from the widevine repo.
Change-Id: I7d07f16e5477decd27fcc5391fc62b1bd254d4a3
[ Merge of http://go/wvgerrit/18295 ]
SSL v3 is being disabled across Google infrastructure. Networking
code in integration tests used SSL v3 during HTTPS protocol negotiation.
Once this is disabled, it will cause integration test failures at
staging and UAT license servers.
With this change the client will use TLS 1.2. Insecure cipher suites
(TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_RC4_128_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA)
have been disabled as well.
b/29356581
Change-Id: I98a04d345fe83c48132b9d79986a21cc84827dc8
In the unit tests, the test case name and test name
are logged, but currently the test case and name are
reversed. This CL orders them correctly, so instead
of, e.g. CheckHDCPCapability.OEMCryptoClientTest, we
get OEMCryptoClientTest.CheckHDCPCapability as intended.
Merge of go/wvgerrit/18045 from widevine repo
Change-Id: I20bb2d47de0c84b3a1f00bb46af5ed0a45d7fc56
[ Merge of http://go/wvgerrit/17959 ]
This will allow the license server to base licensing decisions on the
devices security module revision.
b/28882058
Change-Id: I574e7686bb305397946d2bfaff504cfae242e628
Merge from widevine repo of http://go/wvgerrit/17877
The final spec for CENC says that partial encrypted blocks are only
allowed for "cenc" mode, and not for "cens" mode. Also, the
pattern_offset must be 0 for all calls to OEMCrypto_DecryptCENC.
Review doc changes http://go/wvdelta11 and http://go/oemcrypto
Notice that this CL affects documentation and test code only. No
production code is affected.
b/28718266
b/28817376
Change-Id: I1d6a38a763a2b693ea0c26bc909e1c721b8facaf
Merge of http://go/wvgerrit/17652
This CL changes the android/build_and_run_all_unit_tests.sh script to
push exectuables to /data if it can't push to /system/bin.
The script run_all_unit_tests.sh will check if test files are in /data
and run those first, if not, it runs the files in /system/bin.
This change is needed to test unit tests on devices where /system/bin
is a read only file system, even after running "adb remount".
This CL will help verify, but will not fix
b/27678092
Change-Id: Ia0fe8c2e68722f58c2626f22113abdbdc8c5e408
(This is a merge of http://go/wvgerrit/17661)
Because Widevine core always has a decrypt mode set, even on unencrypted
calls where we potentially do not know the crypto mode, it will reject
unencrypted decrypt calls for sessions that have been flagged as
AES-CBC, since the crypto mode defaults to AES-CTR.
The fix is to not validate the crypto mode on unencrypted decrypt calls,
as the data won't be getting decrypted anyway.
Bug: 28423928
Change-Id: If848834dd498ca96983a2b69d448b8d81d50e0a4
Merge from widevine repo of http://go/wvgerrit/17463
This CL updates the unit tests to verify that
OEMCrypto_Generic_Encrypt and OEMCrypto_Generic_Decrypt can handle a
buffer size of at least 100k. It also adds code to the
oemcrypto_dynamic_adapter so that buffer sizes that are larger than
100k are broken into chunks of 100k.
All Nexus devices targeted for N pass these tests.
b/27040752
Change-Id: Iaf5c65d2f0b69e60f03cc99732d1ecab60658049
[ Merge of http://go/wvgerrit/17501 ]
Widevine request_license_tests were written with the expectation that
devices would by default be enabled for security level 1 and fallback
to level 3 if needed. Some devices such as seed are L3 only and results
in failures in the QueryStatusL3 test. This CL corrects the test's
expectation.
b/26902214
Change-Id: Ie84554337cd3716d120f67e592888af0cde719c7
This adds display and logging values to help with debugging b/28024277.
Matching Widevine cl: go/wvgerrit/17446
Bug: 28024277
Change-Id: Ib25ebf37f885b60ae4ab41851df4af4e75b5aace
The AES test was useful to verify the framework API changes, but
the decrypt test was not correct. Removing it for now.
Merge of go/wvgerrit/17472
bug: 27973491
Change-Id: I942fda22072636ea7ce56b992e7d3a60077c0d27
[ merge of http://go/wvgerrit/17454 ]
When processing a license or renewal, calls to Set/UpdateLicense
update the policy information. A side effect was introduced whereby
updating the policy may cause (expiration, session key state)
notifications to be sent to the listener. Due to the ordering,
the notifications would be sent before the keys were loaded/refreshed,
which caused issues when the notifications were immediately acted upon.
This has now been corrected.
b/27842970
Change-Id: Id81a71ff48edfa9ca0baafc43267995d5a3e80a6
(This is a merge of http://go/wvgerrit/17452)
When the Crypto API was updated, several unit tests were removed, as
they did not work with the new API. This patch restores those tests.
Note that this does not add NEW tests for the new functionality
enabled by the API changes. Those will be coming in a separate patch.
This patch merely restores the previous tests and their functionality.
Bug: 26901698
Change-Id: I3315408804bdc6871b58c3620e482bf6d61fe03b
[ Merge from http://go/wvgerrit/17429 ]
This is to correct for when HDCP validation failure at the OEMCrypto level
ends up returning a CryptoException through MediaCrypto with error code
Unknown Error (-2998).
b/27849488
Change-Id: Ib3a9b1c3a17b9323f3d079a678cf88dedeec3b4b
Merge from widevine repo of http://go/wvgerrit/17393
This CL changes the installation directory for oemcrypto reference
code. In particular, it uses the new build rules to specifies the library
should go in /vendor/lib instead of /system/lib or /vendor/lib64.
This library should not be used on a production device.
b/26425759
Change-Id: I3a58d0d1ddeb5601b0f2f97cc87c2d4a2a41f0d8
(In addition to being a merge of http://go/wvgerrit/17394, this commit
updates tests/Android.mk to no longer try to build the private gMock.)
Previously, we maintained our own version of gMock (named libwvgmock
to avoid naming conflicts) and depended on it for our unit tests. Now
that Android has gMock in the externals/ directory and vaage@ has
eliminated the need for us to customize gMock's arity, we can stop
depending on or maintaining our own copy.
Bug: 26907374
Change-Id: Ia01d6c02e2f28a642480d7ef178b9bc3dde6d306
Merge from widevine side of http://go/wvgerrit/17355
The previous build of this library had some filenames and linker
symbols left in that should not be leaked. This build removes them.
Library versions:
level3/mips/libwvlevel3.a Level3 Library 4465 Mar 30 2016 13:29:24
level3/arm/libwvlevel3.a Level3 Library 4445 Mar 30 2016 13:23:54
level3/x86/libwvlevel3.a Level3 Library 4464 Mar 30 2016 13:26:29
b/27831262
Change-Id: I7801c6f953af338f5e80e95aa27098ae4c7a6c93
Merge from widevine repo of http://go/wvgerrit/17223
This CL turns off the mips64 bit build for widevine. This is because
the level 3 mips32 library does not build and run correctly for a 64
bit target.
b/27786231
Change-Id: I3388d9ebc80ae3cf477a8a54adfd1f22dfac4dda
Merge from widevine repo of http://go/wvgerrit/17202
This allows more checks in the test to run. Returning the correct
error code is less important than the next check, which verifies the
signature was not computed.
This helps diagnose b/21708882, but does not fix it.
b/27787064
Change-Id: I65306c54b77370951bc54e8ef9f6140f58bea32c
[ Merge of http://go/wvgerrit/17204 ]
Sleep was being employed, to introduce a delay so that one license expired
but the other was still active. The duration was long enough that
occasionally the second license would also expire, causing the test to fail.
Reduce the sleep duration to correct this behaviour.
b/27673513
Change-Id: Ieef9100c98783c16fc5ab8fe345fa1dd26604f18
Some decryption errors were being reported as
vendor-unique diagnostic codes that were not generally
actionable by an app. Recently a new
MediaCodec.CryptoException code was added so these types
of failures can be reported as ERROR_UNSUPPORTED_OPERATION,
in which case the app can use an alternate DRM
configuration in a way that does not require
vendor-specific handling. This change remaps this class
of decrypt errors to the new error code.
Merge of http://go/wvgerrit/17110
bug: 25929554
Change-Id: Iff44c2f04f9ee28d065fb17d59bca4032c5d55ca
Merge from widevine of http://go/wvgerrit/17178
These are the OEMCrypto Level 3 libraries, built using a stable
version of GCC and build tools on nyc-dev. Code changes are just
merged from master. Aside from build tool updates, the CL contains a
fix for b/26567162.
Current version (as printed by oemcrypto/level3/print-version-strings):
level3/arm/libwvlevel3.a Level3 Library 4445 Mar 17 2016 14:11:16
level3/x86/libwvlevel3.a Level3 Library 4464 Mar 17 2016 13:14:40
level3/mips/libwvlevel3.a Level3 Library 4465 Mar 17 2016 11:34:50
bug: 26917438
bug: 26567162
Change-Id: I07d526f28e61c5a9b66fa59b78041a93a99dc8e6
Merge from widevine of http://go/wvgerrit/17128
This CL adds a unit test for an edge case that would be handled
differently for HLS and CENC standards. We enforce the CENC standard.
b/27524491
Change-Id: Ie3cdfaac0fe37dd0eb991179fd84f4e113e07dae
