[ Merge of http://go/wvgerrit/171310 ]
Offline license not found errors are identified by CdmResponseEnum
347 (KEYSET_ID_NOT_FOUND_4). No addition file system information
is shared.
Checks for file existance use the stat command. The stat call can
return error codes from errno.h when the command fails.
These are now converted into sub error codes and returned along with
the offline license file not found error.
This also includes a change to log stat errors other than
ENOENT (no such file or directory) as a warning rather than verbose.
Bug: 276225520
Test: file_store_unittest, file_utils_unittest, GtsMediaTestCases
Change-Id: Ic09d036549582cd65783b49fa96ffefc4bf562c7
[ Merge of http://go/wvgerrit/170073 ]
Removed the file "error_string_util.cpp" and its header, moving the
OEMCryptoResult to string converter to "wv_cdm_types.cpp". This extra
file served little purpose, and created a dependency on the CDM utils
to the CDM itself.
This is part of the effort to fix the formatting of WV metrics; making
enum-to-string conversion uniform throughout the CDM.
Bug: 239462891
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine -m
Test: Manual testing with Google TV
Change-Id: I4bf95d26b623f5b8fa86bdb2578cbc4ee65125cb
(Merged from http://go/wvgerrit/160042.)
Since we don't have access to std::format yet, this patch adds a
function to wvutil to format text into a std::string.
Bug: 255466913
Test: x86-64
Test: raven
Change-Id: I28043da76af5b4772a29fa7e7241343caf9b54a1
Merge from http://go/wvgerrit/158917
Use go/yamllint as reference and obfuscate portion of output to
run on an online yaml validator.
Sample output: http://go/cl/481370906
Test: Netflix, Play TV and Movies, Youtube
Test: adb shell dumpsys android.hardware.drm.IDrmFactory/widevine
Test: ./build_and_run_all_unit_tests.sh
Bug: 239462891
Change-Id: I1abf1aa50aa25b97b1f6c10995c324d6de04d056
[ Merge of http://go/wvgerrit/143629 ]
The standard b2a_hex only saves about 2k, so we need a special version
that can handle larger strings. This is needed because a license file
is about 7k.
Bug: 194342751
Test: GtsMediaTestCases on sunfish
Change-Id: I6a6ac3f8f4fa6d9cd8a0119fc64fc8f3cc5f3ae8
The interface is defined in
hardware/interfaces/drm/aidl(http://go/ag/15329852).
Test: build
m android.hardware.drm-service.widevine -j128
Test: build_and_run_all_unit_tests.sh
for hidl tests
Test: atest VtsAidlHalDrmTargetTest
Bug: 200055138
Bug: 170964303
Change-Id: If2f2a129914436ba5cef1c46f6cb9415e12c3d1c
(This is a merge of http://go/wvgerrit/134313.)
This patch fixes code that would trigger -Wshorten-64-to-32 by
implicitly narrowing a variable from 64 to 32 bits. There were two cases
of this in string_conversions.cpp:
* The implicit conversions in DecodeBase64Char() were made explicit,
which required going through both a reinterpret_cast and a static_cast
to express fully.
* a2b_hex() now uses size_t for the length, as it probably always should
have.
Bug: 194971260
Test: x86-64 tests
Change-Id: Ib9715b8adecc104f1a056ab0ac5faa5be74e5e54
Undoes a change to the buffer size from http://ag/13865723
Bug: 184813991
Test: WV unit/integration tests
Change-Id: I40cf786f149626ff65a3362020b3da859bb86159
[ Merge of http://go/wvgerrit/120763 ]
This change introduces additional logging information for files and
file system operations on Android.
File reading and writing will attempt to make sense of |errno| and
log useful information. In the event that the file must be closed,
the file stat will be printed.
Failures in determining the file size will print potential reasons for
the encountered error.
This partly restructures the File interface implementation to use file
descriptors instead of the C standard libraries FILE handle. This is
done to ensure that |errno| is set to an expected value.
This change also introduces the utility functions SafeWrite() and
SafeRead() to handle common, retriable errors.
Bug: 178232354
Test: Android MediaDrm GTS and Android file-based unittests
Change-Id: I15a3c47a271098c9edb4bd9f619ed1a12dca6143
[ Merge of http://go/wvgerrit/119805 ]
This change adds 3 new functions for encoding binary data from a C++
string to a base64 encoded ASCII string.
The CDM and protobuf generated code use C++ strings to store binary
data. These binary strings are commonly converted into a base64
encoded ASCII string for logging and for returning to the app.
This change also cleans up some of the internal components of the
string_conversions library to use several standard library C++11
method.
Bug: 181732604
Test: CE CDM unittests
Change-Id: I547568c6402e011344260f2df2a06e972122ab8a
[ Merge of http://go/wvgerrit/120123 ]
DRM certificate creation and expiration times are now validated.
* New DRM (default) certificates will have an expiration time specified
by the provisioning service.
When stored, the client will include the time the certificate was
received. This allows for expiration calculation to occur when client
and provisioning service clocks are out of sync.
When read out, creation, expiration and acquisition times are
validated. The certificate is checked for expiry by making sure
that the time at the client since the license was acquired is not
greater than the expiration period. The time information stored at the
client may be tampered with. The license service will perform an
expiration check and reject the license request if tampered with.
The expiration time may be set to never expires/unlimited. This is not
a valid value for creation or acquisition time.
* Pre-existing (legacy) certificates from upgrading devices will not
have an expiration time set by the provisioning service. Instead
the client will calculate an expiration time 6 months with + or -
a random two month period in the future. This is stored along with the
certificate.
When read out, if no expiration time has been set by the client, one
will be calculated and written out. The certificate will be declared as
valid. If a client calculated expiration time is present, the
certificate will be validated. In case of tampering, the license service
can reject license requests and force reprovisioning when appropriate.
* ATSC certificates will continue to not have an expiration time.
No additional validation is required.
Other changes for non-ATSC licenses involve managing both default and
legacy certificate co-existance. When checking for DRM certificates,
the default certificate is attempted first. This is followed by a check
for the legacy certificate, if the default certificate is not present.
Bug: 169740403
Test: WV unit/integration tests
DeviceFilesTest.StoreCertificateInvalidParams
DeviceFilesTest.RetrieveAtscCertificate
DeviceFilesTest.RetrieveAtscCertificateNotFound
DeviceFilesTest.RetrieveCertificateInvalidParams
DeviceFilesTest.RetrieveLegacyCertificateWithoutExpirationTime
DeviceFilesTest.RetrieveLegacyCertificateWithClientExpirationTime
DeviceFilesTest.RetrieveLegacyExpiredCertificateByClientExpirationTime
DeviceFilesTest.RetrieveLegacyCertificateInvalidClientExpirationTime
DeviceFilesTest.RetrieveCertificateWithoutKeyType
DeviceFilesTest.RetrieveDefaultCertificate
DeviceFilesTest.RetrieveDefaultCertificateNeverExpires
DeviceFilesTest.HasCertificateAtsc
DeviceFilesTest.HasCertificateDefault
DeviceFilesTest.HasCertificateLegacy
DeviceFilesTest.HasCertificateNone
CertificateTest.StoreCertificateTest.DefaultAndLegacy/*
CertificateTest.RetrieveLegacyCertificateTest.ErrorScenarios/*
CertificateTest.RetrieveDefaultCertificateTest.ErrorScenarios/*
Change-Id: I7dbec7555fbd493c1ec61c6bb5d9428a2405b1fd
[ Merge of http://go/wvgerrit/119684 ]
This allows for a default DRM certificate that includes an expiration
time and a legacy one without for each app+origin specific identifier.
Existing offline licenses/secure stops are not associated with a
certificate, and so we cannot delete legacy certificates even after
fetching a new one. New offline licenses/secure stops will be associated
with certificate information, so we will not have this problem going
forward.
Bug: 169740403
Test: WV unit/integration tests
Change-Id: I0f08f6bf98775fd43927243dc4a9f75f21bfbbcc
[ Merge of http://go/wvgerrit/119563 ]
This also increases the max log size from 1024 to 5120
Bug: 181642154
Test: WV unit/integration tests
Change-Id: Ifae90354dad1165f4d9fa3c9fe33a4dc14df1270
[ Merge of http://go/wvgerrit/109144 ]
Because it doesn't help anybody when a buffer overflow test chokes the
logger.
Bug: 182058081
Test: Ran unit tests with verbose logging
Change-Id: Ibcb3379b9eb9bdd94a8959b977e8de32ea116859
This commit is a combination of the following:
* http://go/wvgerrit/117003
* http://go/wvgerrit/118303
Bug: 162255728
Test: MediaDrmTest#testGetLogMessages
Change-Id: I5699b64d5c4bab463e5b587595fa7d324dc1d93f
[ Merge of http://go/wvgerrit/110165 ]
The conditional compilation for flagging the CDM and ODKiTEE logging
functions as printf-like was guarded by a check on "__gnuc__" or
"__clang__". However, GCC doesn't actually define "__gnuc__", it
defines "__GNUC__", all caps. Fixing this causes GCC to find a slew
of format-string errors that Clang was accepting. This patch fixes the
capitalization and the uncovered errors, most of which fall into one of
a few categories:
1) The format string and variable had different signedness. For these,
the format strings are updated to match the variables.
2) The variable was an array index that was not of size_t. For these,
the variables have been updated to be size_t and the format strings
have been updated to use %zu. A few index variables that weren't
actually used in format strings are also fixed to be size_t.
3) The code assumed the signedness of the internal representation of an
integer literal, enum constant, or enum variable. For these, I either
cast the input to a known type so that the format string is valid
regardless of internal representation or I switched to a hexadecimal
format string. The latter case is more useful on ODKiTEE enums where
the literal value is in the code as a 32-bit hexadecimal value
anyway.
This patch also adds missing integer casts to the enum literals in the
ODKiTEE logging header. (These are required for pedantic C99
compatibility when using literal values that do not fit into a 16-bit
integer.)
Bug: 173460694
Test: jenkins/odkitee_ta
Test: build.py x86-64
Change-Id: I244972639a5a6ea0de157eb67e1e0dfa9787ec32
[ Merge of http://go/wvgerrit/108103 ]
The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the cdm, linux, platform, util directory
in addition to some other files.
Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I9a4977fd4c2ad951769b6be84263f81bd0f22678
[ Merge of http://go/wvgerrit/108084 ]
The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the android directory.
Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I0f9e6445e0168ebe85425baeb81371e182e5a39c
Merge of http://go/wvgerrit/93404
This CL updates the Widevine CDM to support OEMCrypto v16.1
Test: Tested in 16.2 CL
Bug: 141247171
Change-Id: I69bd993500f6fb63bf6010c8b0250dc7acc3d71b
[ Merge of http://go/wvgerrit/89766 ]
Certain C++11 (and newer) standard library functions and classes which
utilize random number generators require that the random number
generators meet the specifications of C++11's UniformRandomBitGenerator
name requirements. This is especially important as C++17 will remove
support non-compliant alternatives.
This change updates CdmRandomGenerator to meet these requirements.
Bug: 143494945
Test: Linux and Android unit tests
Change-Id: Ib6df44da4969ad7596b16d447c3f8bd9864698f6
[ Merge of http://go/wvgerrit/87143 ]
Certain android files have yet to be formated since we introduced
clang-formatting.
Test: Android unit tests
Bug: 134365840
Change-Id: I0e58fb7e5b5525f1e2885ce89b222561a971ab27
[ Merge of http://go/wvgerrit/84989 ]
FileUtils::Remove() when used with wildcards would ignore a prefix specified
before the asterisk and delete all files with the same extension.
Fix proposed by broadcom.
Bug: 120039689
Test: WV unit/integration tests
Change-Id: Iddc6c6b1983c41b501b21f34626f56c0b74af6c8
[ Merge of http://go/wvgerrit/85503 ]
Replacing a few instances of C's NULL with C++'s nullptr in some of the
smaller sub-directories in the CDM.
Note that clang-format has performed additional changes to some of the
test files that have not yet been formatted.
Bug: 120602075
Test: Android unittest
Change-Id: I926135ed4b85e9d2d58a014b4a62098b0cb7a373
[ Merge of http://go/wvgerrit/85408 ]
Replacing a few instances of C's NULL with C++'s nullptr in some of the
smaller sub-directories in the CDM.
Bug: 120602075
Test: Linux and Android unittests
Change-Id: I62bb548051434b4b974d89a6d57a9a17a0d66bd2
[ Merge of http://go/wvgerrit/84607 ]
[ Merge of http://go/wvgerrit/84608 ]
The primary goal is to replace the use of `rand()` with the random
number generators provided with the C++11 standard.
This simplified generator wraps some of the technical aspects of the
<random> library and provides an interface for uniformly distributed
integers.
As part of the `rand()` purge in the CDM, all uses of the C random int
function in `core()` have been removed. Places that previously used
`rand()` now use `CdmRandom` facilities.
Test: Linux unittest and Android unittest
Bug: 130680365
Change-Id: Ica383870536ed462dbb80e630c2d66845e38b937
[ Merge of http://go/wvgerrit/80944 ]
Ran `git clang-format` on files in utils/src.
Used the new .clang-format config.
Bug: 134365840
Test: WV unit tests
Change-Id: Idbba01ec65fc019327fc59dc1d95d7cefa4a5aa7
(This is a merge of http://go/wvgerrit/73743 and
http://go/wvgerrit/73903)
The CE CDM implements the ability to silence all logging with a "silent"
log level. However, under the covers, this assigned a value to g_cutoff
that was not a member of LogPriority, which fails some extremely strict
checks. This patch just adds a matching entry to LogPriority so that
"silent" is now a valid level in that enum.
A previous merge of this change broke builds on Elfin because it uses
stricter compiler settings that rejected the lack of LOG_SILENT in
certain switch statements. I've gone through the codebase and found
every switch on a LogLevel variable and updated it, of which only one
affects the Android build.
Bug: 118622359
Test: CE CDM Build
Test: Android Build
Test: Android Elfin Build Specifically
Change-Id: I6ba3556e0e70f5e7e1692754a8a2f54adae59a6b
(This is a merge of http://go/wvgerrit/70666)
We need a reader-writer lock implementation in order to make use of the
new threading guarantees in OEMCrypto v15. However, we do not have
access to an STL reader-writer lock due to only being on C++11. This
patch adds a home-grown reader-writer lock, as well as tests to verify
that its behavior is sound.
Bug: 70889998
Bug: 118584039
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: Iaddcefb50e72452fbd27d04879eacf775484e675
(This is a merge of http://go/wvgerrit/70303)
This adds a platform.h file to abstract some of the differences
between Windows and POSIX platforms. This includes ntohl, setenv,
and ssize_t.
Bug: 122953649
Test: Android Unit Tests
Change-Id: I3235f3f284b53d24d7365ff3f4a06dcd9b403697
Rest of merge of http://go/wvgerrit/67884
Some files were deleted on original CL that were not deleted here.
Now that we can use C++11, we should use the cross-platform std::mutex
type, not the custom pthread version.
Bug: 111850982
Test: WV unit/integration tests
Change-Id: I48a1e47aa79e5e66b5869c0f766c18d561d26784
Bug: b/119276649
Merge from: http://go/wvgerrit/66367
Test: Android, CE CDM, Linux unit tests
The FileSystem interface as it exists expects an Open for a file and
then a Close when finished. However, the Close doesn't delete the file
itself and depending on the platform, the underlying impl_ as well,
leading to a memory leak. To fix this leak as well as harden against
future memory issues, this change refactors the interface to shift away
from raw pointers and towards smart pointers.
Change-Id: I7a7132ea95cd3775796a540f510b698f4f27dd24
Merge from master branch of Widevine repo of http://go/wvgerrit/66073
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64083
As part of the update to v15, LoadKeys, RefreshKeys, and
LoadEntitledContentKeys should all use offsets and lengths into the
message rather than a pointer for its parameters. The CDM, tests,
adapters, and OEMCrypto implementations are changed to reflect this.
Test: tested as part of http://go/ag/5501993
Bug: 115874964
Change-Id: I981fa322dec7c565066fd163ca5775dbff71fccf
Merge from Widevine repo of http://go/wvgerrit/46204
Refactor utility code - split the mock, step 1
Merge from Widevine repo of http://go/wvgerrit/46205
Move some OEMCrypto types to common header - split the mock, step 2
Merge from Widevine repo of http://go/wvgerrit/46206
Split mock into two -- step 3
Merge from Widevine repo of http://go/wvgerrit/47460
Split the mock into two -- step 3.5
The CL moves several files used by oemcrypto and cdm into a common
subdirectory, so that it may more easily be shared with partners.
The CORE_DISALLOW_COPY_AND_ASSIGN macro was moved to its own header in
the util/include directory.
This CL removes some references to the mock from other code, and puts
some constants and types, such as the definition of the keybox, into a
header in oemcrypto.
Test: tested as part of http://go/ag/4674759
bug: 76393338
Change-Id: I75b4bde7062ed8ee572c97ebc2f4da018f4be0c9
