* The Usage APIs return usage reports from either L1 or L3 (if available).
* Correction to when usage reports are saved. In addition to other events
they are now saved when keys are loaded, usage reports are released and soon
after first decryption and periodically (60 seconds) after that,
if decryption takes place.
* Usage reports now get deleted on an unprovision request.
* Policy timer is now started when offline licenses are restored.
* Usage session is now released, when a usage response is received.
* Usage tests ahev been enabled.
* Added CDM extended duration (integration) tests to test usage reporting
and querying. These need to be run manually as they take a while (currently
half an hour).
b/15592374
[ Merge of https://widevine-internal-review.googlesource.com/#/c/10800
from the Widevine CDM repo ]
Change-Id: Ia817e03ebbe880e08ba7b4a235ecb82b3ff35fbf
A bug prevented regenerating license release requests. This has
been corrected. A crash due to a formatting error has been addressed.
Clean up of logging and additional logging for open session failures
have been included.
b/16197822
Merge of https://widevine-internal-review.googlesource.com/#/c/10806
from the widevine cdm repo.
Change-Id: I854ead388f311d00b1cd700dfa1b2f58322c2dd4
[ Merge of https://widevine-internal-review.googlesource.com/#/c/10659/
from the widevine cdm repo. ]
CdmEngine::CancelKeyRequest would earlier release keys by closing and
reopening a crypto session. Behavior has been changed to just close
the session.
b/15984869
Change-Id: I92a1f82fd4a97b5510596d4bc69bf07406cee606
Merge of CDM change:
https://widevine-internal-review.googlesource.com/#/c/10691/
This prevents the provisioning session from being created unless the
device needs provisioning. And then, after provisioning, it closes
the session it had previously opened.
b/15782159 CertificateProvisioning object keeps unused CryptoSession
Change-Id: Ic52ed864fa47c7ba50b7ca4d9fea1e74930228e9
(This is a merge of
https://widevine-internal-review.googlesource.com/#/c/10630/
from the Widevine CDM Repo.)
We get a fair bit of noise from bug-filers who are concerned about
several non-critical errors that show up when using our CDM without
property sets. This CL removes these logs since it falls within the range
of expected behavior.
Bug: 15136575
Change-Id: Iad4eb638b03db0104b202b59b367d344c05ead5a
We are getting a lot of noise from Android bug-filers who are
concerned about several non-critical errors that show up when using
Widevine CDM on some devices or in some use cases. To mitigate this,
we are downgrading these errors to warnings.
Some of these errors pertained to our legacy support. To make sure
an error IS logged if problems with legacy support become critical,
a new error has been added to that code path.
Bug: 15136575
Change-Id: Id28bcf507f277a5d2f35a14da71bba2b118a54fe
Merge of https://widevine-internal-review.googlesource.com/#/c/10614/
from the widevine cdm repo.
* b/15467844 - GenerateRSASignature returns OEMCrypto_ERROR_INVALID_CONTEXT
when called with a non-NULL signature pointer and signature length of
0 (rather than OEMCrypto_ERROR_SHORT_BUFFER)
* b/15989260 - OEMCrypto_DecryptCTR does not return OEMCrypto_ERROR_KEY_EXPIRED
after keys have expired
Also addresses
* integration test updated to reflect that loading certificate errors are
returned on OpenSession rather than GenerateKeyRequest
* compiler warning on type casting
b/15989261
Change-Id: Ib68b972651479e99b9d05de4493aac55a96c4f39
[ Merge from Widevine CDM repo of
https://widevine-internal-review.googlesource.com/#/c/10171/ and
https://widevine-internal-review.googlesource.com/#/c/10172/ ]
Updated license_protocol.proto from constituent protos in google3
These changes make use of OEMCrypto v9 changes to support usage reporting.
Usage reporting may be enabled for streaming (by means of secure stops) and
offline playback by a provider session token specified in the license.
Changes include periodically updating usage information for relevant
sessions and reporting and releasing usage information as needed.
The CDM has removed all references to Secure Stops. This change
updates the Android API implementation to comply.
b/11987015
Change-Id: Ibb6f2ced4ef20ee349ca1ae6412ce686b2b5d085
This is a copy of the widevine CL.
https://widevine-internal-review.googlesource.com/#/c/10174/
This CL adds the OEMCrypto v9 functionality to the level 3 haystack
version of OEMCrypto. Mostly, this is to support usage tables.
The code is feature complete, but the timing tests are a little flakey
-- I'm not sure if the problem is in the code or if the test has too
tight a tolerance.
Also, the storage of the generation number needs to be made more
secure.
Change-Id: I73fecf8934b6a46785f1f8b6f40b40ffe39b88de
This CL removes TODOs and email addresses from comments, unifies some
namespaces and cleans a few variable names. It is a copy of multiple
CLs on the widevine side.
Change-Id: I1bb649096476a5001a56d746427399de6a88ff69
(This is a merge of
https://widevine-internal-review.googlesource.com/9711 from the
Widevine CDM repo.)
This change updates the CDM's handling of init data types, previously
known as MIME types, to comply with the latest version of the EME
spec.
Following this change, in addition to accepting the deprecated MIME
types "video/mp4", "audio/mp4", "video/webm", and "audio/webm", the
CDM will accept the new standard: Init data types "cenc" and "webm".
Furthermore, this removes the non-PSSH-parsing path from the CDM. All
platforms have unified on the CDM being responsible for parsing the
concatenated PSSH box list, as outlined in the latest EME spec.
As Android has shipped code that expects pre-unwrapped PSSH boxes and
must maintain backwards-compatibility, code has been inserted on that
platform to detect pre-unwrapped data and re-wrap it with a PSSH
header before sending it to the CDM.
There are some small changes to unit tests because of this change:
1) The CDM Engine unit test now no longer needs to unwrap the PSSH on
any platforms when testing ISO-BMFF. It now pre-caches the
unwrapped key ID for use when testing WebM.
2) Several substantially-similar unit tests in the Android code have
been rolled into one test.
Bug: 13564917
Bug: 13570595
Bug: 9465346
Bug: 13570288
Change-Id: I7f27b16b8503f24a26746b5dce71fb61b6fd1bb2
The EME spec technically requires CDMs to treat audio/mp4 and
video/mp4 equivalently, as well as audio/webm and video/webm. We had
only been accepting video/mp4 and video/webm up until now.
This change also centralizes handling of init data types in the shared
CDM code instead of having it spread across multiple places in the
codebase.
(This is a merge of https://widevine-internal-review.googlesource.com/9532/
from the Widevine CDM repo.)
Bug: 13564917
Change-Id: Ib8bdfb2b003ffb00e8f0559561335abb3c5778b0
Adds support for WebM to the CDM. Decryption remains untouched,
however the initialization data is passed differently for WebM.
The previous version of this change broke playback for certain
apps that were being allowed to pass invalid MIME types before
this change was made. This version maintains backwards-compatiblity
for these apps for now by rewriting their MIME types as "video/mp4".
Merge of https://widevine-internal-review.googlesource.com/9225/
and https://widevine-internal-review.googlesource.com/9611/ from
the Widevine cdm repo.
Bug: 10638562
Change-Id: Ib37e838d08363f07b34b3a2e79a3f80a1f43e9ad
Adds support for WebM to the CDM. Decryption remains untouched,
however the initialization data is passed differently for WebM.
Merge of https://widevine-internal-review.googlesource.com/#/c/9225/
from the widevine cdm repo.
Bug: 10638562
Change-Id: I7b8cf4888fa408af77cee103f768f5a7c8ffdc7e
This is a copy of the Widevine CDM change:
https://widevine-internal-review.googlesource.com/#/c/9337/
This CL provides some shim code that allows the Eureka
version 8 oemcrypto library to be linked and run with CDM.
As part of this change, obfuscated names in OEMCryptoCENC.h have been
changed.
Change-Id: I18a1f91f0dfde0006591f800f8f8a034f32d9004
From Widevine CL:
https://widevine-internal-review.googlesource.com/#/c/9184/
This is some shim code that will load either an OEMCrypto
version 8 or version 9 library. This should allow us
to test and run stable devices until all OEM's have
updated to version 9.
Android Level 3 library versions are:
level3/mips/libwvlevel3.a Level3 Library Feb 27 2014 18:18:34
level3/x86/libwvlevel3.a Level3 Library Feb 27 2014 18:22:14
level3/arm/libwvlevel3.a Level3 Library Feb 27 2014 12:31:29
Change-Id: I82911e3b4d9056cf3c3ab2b47194fe81ac2776d9
bug: 12228689
If the device ID returned from OEMCrypto_GetDeviceUniqueId is
not NULL terminated in the OEM code, trailing garbage characters
may be included in the license request's client_identification
field, which could be rejected by the server's utf8 parser if
they are invalid characters, causing a license request failure.
The code for CryptoSession::GetDeviceUniqueId should use the
updated id_length from OEMCrypto_GetDeviceUniqueId to adjust
the length of the *device_id string before returning the result
to the caller.
Change-Id: I659866d4234d4f21ec051590fc7bc6367904a48a
The request ID was set to a fixed value, which caused license requests
to be rejected by the YT server with TOO_MANY_STREAMS_PER_VIDEO
The request ID is now a combination of a randomly generated value and
a rolling index. This is based off a fix by gmorgan@ on the eureka
branch #98fa6e5e.
Merge of https://widevine-internal-review.googlesource.com/#/c/8496/
from the widevine cdm repo.
b/12018697
Change-Id: I6c05fea885d46aea53a07235c3e5ac65a6971eaf
Merge of https://widevine-internal-review.googlesource.com/#/c/8263
from the Widevine repo.
Changes the behavior of requiresSecureDecoderComponent() to query the
session for whether a lowered security level has been requested
before querying the system to see what its default security level is.
As part of this, we added a new QuerySessionStatus() method to the
CDM that gets status info on a session-specific level, such as the
effective security level of a session.
Bug: 11428937
Change-Id: I5549a2fdd400cc87f567d27fcf74c473451093d6
Licenses could be renewed uptil the point of expiry. After that point
we expected that the session would have to be closed and a new one
opened with a new license loaded. Clank requested that we support
renewal of sessions past expiry.
In addition, the error returned on decryption, if OEMCrypto
determines that the KCB duration has expired, is NEED_KEY rather than
KEY_ERROR.
Merge of https://widevine-internal-review.googlesource.com/#/c/8240
from the widevine cdm repo.
b/11390539
Change-Id: I023320f3f25514cd07b368701a92100429ce1c04
This CL contains working versions of the haystack tools and the
OEMCrypto Level 3 library for android ARM, MIPS and x86.
The version number of the level 3 library is:
android/level3/arm/libwvlevel3.a Level3 Library Nov 4 2013 18:39:06
android/level3/mips/libwvlevel3.a Level3 Library Nov 4 2013 18:42:29
android/level3/x86/libwvlevel3.a Level3 Library Nov 4 2013 18:41:07
bug: 9374954 MediaDrm haystack based L3 code hardening implementation.
Change-Id: Ifef13900a11e83e4257723d3c6fc7107550882a8
The CDM session was being destroyed before the policy timer was stopped
and before the session was removed from a list of active sessions. This
allowed race conditions, where the policy timer would try to evaluate
policy for a closed session. This led to segfaults.
b/11338324
Merge of https://widevine-internal-review.googlesource.com/#/c/8240/1
from the widevine cdm repo.
Change-Id: Ib159ccfdb763a47da573f5c06c0793c2c63886c4
A change was introduced between jb-mr2 and klp-dev that closed
the CDM session when the removeKeys mediaDrm APIs was called.
This was introduced because there is no way of unloading keys from
an OEMCrypto session.
This caused problems for Netflix, as an exception occurred when they
tried to close a session after calling removeKeys.
Reverting to jb-mr2 behaviour for now. b/11188818 has been opened to
track a longer term resolution.
b/11185042
Change-Id: I03bc736d2bc5bdabc86cfb7b75ae8bcbc03ffc7c
Decryption calls though multiple threads may result in race conditions
between the setting of the key and the actual call to decryption.
This results in OEMCrypto errors when the buffer type used in
decryption did not match the key selected. This is addressed by
having the the two calls be in the same critical section.
b/11009857
Change-Id: I74f1a0689ca17114f3cdd029022013b05c415acd
Molly reports OEMCrypto errors when Device RSA private key is
loaded a second time in the same session. This occurs in privacy
mode when a service certificate is request and later a key request is
generated.
bug: 10815492
Merge of https://widevine-internal-review.googlesource.com/#/c/7823/
from Widevine cdm repo
Change-Id: I98999fb0e77597109b68c379eaaa4838d3f6dde4
A staging Root CA public key was used in earlier releases to verify
service certificates. These were in turn used to encrypt the
client identification. This met our needs for an end-to-end verification.
Now that the production Root CA and service certs are available
this change replaces staging certs with production ones.
Merge of https://widevine-internal-review.googlesource.com/#/c/7560/ from
the widevine CDM repo
b/10329328
Change-Id: Id02649201d9a8ba4d08acc4166503341a5bbdd23
This CL turns off the verbose logging if LOG_NDEBUG is 1, or if NDEBUG
is defined. You can set the environment variable LOG_NDEBUG to 0 to
turn on verbose debugging for the CDM library on android.
Also, as in b/9672657, some applications call SelectKey when switching
between video and audio, which is much too verbose and affects
playback. I have removed the log statements for SelectKey.
bug: 9672657
Change-Id: I635b997118996871356f7126852b4744fb05e810
Certificates and offline licenses are stored in security level
specific directories in klp. When devices transition from jb-mr2,
their persistent information has to be ported to these directories.
bug:10366036
Merge of https://widevine-internal-review.googlesource.com/#/c/7310/
from the widevine CDM repo
Change-Id: I70b4a79dc5b69bda7fc3a4b92fdcde7ef8b41836
This merges the following changes from the Widevine CDM repository:
da001b6 Add Privacy mode and service certificate
This adds support to the CDM for privacy mode and service certificates.
92bf200 Add support for using Youtube Content Protection server for testing
Enables testing with Youtube Content Protection server. Google Play license
server is still the default. Select YTCP server by using the flag -icp
e.g. adb shell '/system/bin/request_license_test -icp'
85dcd60 Fixes to enable privacy mode
These includes changes to use PKCS7 padding, corrected root CA formatting
and changes to integration test. Also refactored service certificate
handling.
989971c Correction to request license test
Corrected PropertySetTest to provision when needed. Also added disabled
privacy tests to run against YTCP staging server until GooglePlay
integration is complete.
Bug: 10109249
Change-Id: If81d68c65d743d77a485406f48d1be41a74de0af
This merges the following changes from the Widevine CDM repository:
564f4cc Add CdmClientPropertySet to CDM
Adds an interface to the CDM that allows it to query its client for
certain properties. In this case, this includes the ability to
specify what security level is desired, as well as support for
service ceritifcate privacy mode.
9cfbd3e Force Level 3 fallback
Adds support for voluntarily invoking L3 crypto to the OEMCrypto
wrapper.
95d12c1 Add pointer to CdmClientPropertySet class to OpenSession.
Adds support for storing the property set on a session-by-session
basis and choosing the appropriate crypto level.
17de442 Add Settable Properties for Clank to Android
Adds support for setting the aforementioned properties to the
DrmEngine
bbe704d Fixes to force fallback to level three security
Corrections to invoke provisioning, OEMCrypto API with configured
security level rather than the default. Unit tests were also revised.
Note that some parts of this are also support for the ability to use
a service certificate-based privacy mode. The remaining code for
supporting this mode is still forthcoming.
Bug: 10109249
Change-Id: I2755e4dea1de3e8a56cff237360298f7b7f1bddc
Merges change 267713c (Remove stale licenses on reprovisioning) from
the Widevine CDM repository. This change removes licenses belonging
to the previous provisioning when provisioning changes.
Bug: 9761923
Change-Id: I473816dd11dd950f4fb009b5b004630bd2d2b579
