(This is a merge of http://go/wvgerrit/55265)
Compiling with GCC 7 revealed that a function call in this test was
missing an argument. It meant to be passing the output protection level
to the function, but because of optional arguments, it was instead
passing it as the fourth argument.
Fixing this revealed that the test cases for the test were incorrect in
one case, which has been fixed to expect the correct results.
Thankfully, this part of the code does not appear to have been broken
while the tests had this hole.
Bug: 111648438
Test: build_and_run_all_unit_tests.sh
Change-Id: I6c13d5fecdccc4185ca5e8698fc845929ff16cb1
[ Merge of http://go/wvgerrit/52040 ]
Information stored in files are serialized and protected by an MD5 hash.
When files cannot be read because the MD5 hash computed over it
fails verification, the file is deleted. This allows for recovery.
However if the protobuf deserialization fails we return an error
but do not delete the file. When errors of this sort occur
with usage information files, the CDM cannot recover.
removeAllSecureStops() will fail as well and new licenses
with PSTs cannot be processed. In order to recover the file will
be deleted when a protobuf deserialization error occurs.
Bug: 109765590
Test: WV unit, integration tests. GTS tests. Netflix and Play Movies playback
Change-Id: I408914924e644d5c22b2ba7865d3a7d598788ee6
[ Merge of http://go/wvgerrit/51322 ]
This avoids taking the session_map_lock_ twice.
Bug: 80248149
Test: WV unit/integration tests, GtsMediaTestCases,
2 days of netflix playback.
Change-Id: Iea1c7b7ba08d7d40c227d21c5abfce13c0a8b395
(This is a merge of http://go/wvgerrit/51084)
Nominally, OEMCrypto probably shouldn't modify the buffer descriptor we
pass into OEMCrypto_DecryptCENC(), but in practice, we know some
platforms do this, so we make defensive copies in
CryptoSession::DecryptInChunks() just in case. Turns out, some devices
also behave like this in OEMCrypto_CopyBuffer(), so we should also be
doing defensive copies in CryptoSession::CopyBufferInChunks().
Bug: 79779554
Test: ExoPlayer Demo App, played "Secure Subsample UHD (WebM, VP9)"
Test: build_and_run_all_unit_tests.sh
Change-Id: Ib46043a6cc0aa42d1d1cc85f5adb477c566363e9
Locks in earlier releases controlled access to sessions and the list
of sessions for each CdmEngine instance. This guarded against
concurrent access between session management (OpenSession,
CloseSession, etc), periodic timer calls and calls to Decrypt.
The list of sessions and locking was moved to a separate class
CdmSessionMap. This left open the possibility that a session
might be destructed, while being called to decrypt or invoked through the
timer. An attempt was made to add per-session locks in b/73781703
but this was found insufficient.
Per-session locks will be introduced in a future changelist, but for
now the coarser locks will be reintroduced.
Bug: 73781703
Bug: 79158083
Bug: 79262108
Bug: 79436509
Test: WV unit/integration tests, GTS GtsMediaTestCases tests and
24 hours of continuous Netflix playback.
Change-Id: I30a3ede340192370dfe5c92c01b1c76df16b7123
[ http://go/wvgerrit/50341 ]
The shared_ptr implementation was taken from a google3 implementation.
Updates to the reference counter needed to be atomic and were
platform dependent in the original code. These were not carried
over to this codebase. Race conditions between calls to decrypt and
the periodic timer, led to incorrect reference count values.
CdmSession objects were then destructed while references to
them still existed. Segfaults occurred when they were referenced.
Bug: 79431096
Test: WV unit/integration tests, GTS GtsMediaTestCases tests and
24 hours of continuous Netflix playback.
Change-Id: I6008ddba869efcc58972e5ea8644a204f91410ab
[ Original CL http://ag/3890635,
Merge of http://go/wvgerrit/50340 ]
The original fix was not sufficient to address all race conditions.
A subsequent CL will address them.
Bug: 73781703
Bug: 79158083
Bug: 79262108
Test: WV unit/integration tests, GTS GtsMediaTestCases tests and
24 hours of continuous Netflix playback.
Change-Id: I869c22a250e2467b3d49935815e4157dc012fff5
[ Merge of http://go/wvgerrit/49980 ]
This CL
* corrects some of the test expectations
* switches test content used to test streaming with provider session tokens.
The policy of the earlier test content had changed.
* adds some more information to log messages
Bug: 63819720
Test: WV unit, integration tests, WvCdmExtendedDuraionTest,
GtsMediaDrmTest
Change-Id: I8fdbc9c38d6018cc6e884e1b95b2e9d26e7aa536
[ Merge of http://go/wvgerrit/48640 ]
Usage information is saved periodically, in order to avoid excessive
flash writes. This limits our session usage accuracy to
within a usage save period. Saving usage information when
closing a session is an improvement and addresses some failures
seen with Netflix compliance tests.
Bug: 74015553
Test: WV unit/integration tests
Change-Id: I680aad05922f334df0611ff3933082a512f7c002
[ Merge of http://go/wvgerrit/48720 ]
The device ID does not need to be sent in the client identification
information as it is either present in other fields or ignored
by the license service.
This also allows for build information to be reported during
provisioning for devices with OEM certificates.
Bug: 78578351
Test: WV unit/integration tests. GtsMediaTestCases.
Change-Id: I708c63d34f0e2df7e465154d12096a394a1b23d7
[ Merge of http://go/wvgerrit/48400 ]
Client identification information has recently been enabled in
provisioning messages. For privacy concerns this information
is being encrypted with a default service certificate.
Apps need to be able to override the default one to allow
for provisioning with third party provisioning services.
Bug: 78420508
Test: WV unit, integration tests
New WvCdmRequestLicenseTest.ProvisioningTestWithServiceCertificate test
GTS MediaDrmTestCases
Change-Id: Iee61ad47d33ce011efbea4eb90f7e4b1f032d15f
[ Merge of http://go/wvgerrit/46760 ]
This enables encryption of client ID for provisioning requests for
devices with keyboxes as root of trust. Client ID will not be
provided for those devices with OEM device certificates as root of
trust. That will be addressed in b/78303730.
Bug: 77607585
Test: WV unit/integration tests. Tests with L3 using OEM certs
Change-Id: Id9bd697aa049bd5659ab80714e141dbc50408f6a
Merge from Widevine repo of http://go/wvgerrit/47860
This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.
bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
[ Merge of http://go/wvgerrit/47065 ]
RemoveKeys now resets associated crypto and policy resources,
rather than just closing the crypto session. This results in a
MediaCodec.CryptoException with error code ERROR_NO_KEY
rather than ERROR_SESSION_NOT_OPENED, if decrypt is called
afterwards.
Error SESSION_NOT_FOUND_FOR_DECRYPT is made unique. Error codes
were also synchonized between various branches in the widevine repo.
Bug: 77304819
Test: WV unit/integration tests, VtsHalDrmV1_0Target tests
Change-Id: I6cba2a3e1ce466d58c7727cde2d8f81d9503d655
[ Merge of http://go/wvgerrit/46907 ]
The WV client supports root of trusts as keyboxes or OEM certificates.
Devices with keyboxes use provisioning 2.0 protocol to provision
while those with OEM certificates use 3.0. L3 provisioning failures
occur if the L1 and L3 root of trusts differ.
The provisioning method is now retrieved and cached when the
security level is known, when the session is opened.
Earlier it was retrieved and cached at initialization time and
always set to the value of L1 OEMCrypto (if present). This led
to provisioning failures.
A case of acquiring a lock while one was held in GetProvisioningId()
has also fixed.
Bug: 77606913
Test: WV unit/integration tests
Change-Id: I2d66ee2cf64f846cec4a37fbccb554447c8a0e1d
(This is a merge from http://go/wvgerrit/46447)
The Production Provisioning Service is moving to the "widevine.com"
certificate from the "license.widevine.com" certificate it was using.
This replaces the two places this certificate appears in the source
code. This is expected to be the last such update.
Also, the Staging Provisioning Service was already using this
certificate, but our code had it listed as using the old certificate. It
has also been updated.
Bug: 77244492
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I2ce14ea8e672c453ce0f74fbd3345f7e40f2f297
[ Merge of http://go/wvgerrit/46623 ]
If corruption of the usage information file is detected while saving a
streaming license with a PST, usage information file is deleted, so that
a subsequent load keys may succeed.
Also when calling the MediaDrm API releaseAllSecureStops(), an error would
be returned if usage info file was corrupted. Since this file is
deleted successfully, errors have been replaced with warnings.
Bug: 73447733
Test: wv unit/integration tests
Change-Id: Ie4a63ac202fd6009609105f38ffa8a3b23ed334e
[ Merge of http://go/wvgerrit/46622 ]
Secure stop API related changes introduced in b/69674645 caused
segfaults on taimen/walleye but not other devices due to a difference
in OEMCrypto version.
Bug: 77294890
Test: WV unit/integration tests on sailfish and walleye
Change-Id: I8523ef283334d7d32d180e902072fe1dd6e665c1
Previously, we did not have a license request latency metric. This is a
notable limitation in our metrics. This adds a metric that captures the
timing between a GenerateKeyRequest and an AddKey operation.
Bug: 72994956
Test: New unit tests. Google Play
Change-Id: If99c187399c02f9b5d4c355732af7588bbbefb11
A few metrics were missing or not properly collected in the CDM metrics.
This CL addresses them.
Bug: 64570194
Bug: 72866232
Test: Unit tests and Google Play manual test.
Change-Id: I3a3aa4fb3eb8422c9c8c398016f02409307beb33
Merge of http://go/wvgerrit/45520/
Bug: b/70650789
Test: request_license_tests and GTS tests on sailfish and taimen
This is related to b/70650789. An extra call to DeriveKeysFromSessionKey
in the case where there is a provider session token results in the
OEMCrypto mock incorrectly using the derived mac keys to sign the release
message, since a future call to LoadKeys is never called.
(This is a merge of http://go/wvgerrit/46203)
Previously, IsProvisioned() only confirmed the existence of a
certificate file, not whether the contents of that file were actually
valid. This patch changes its behavior so that it actually validates the
loadability of the file before returning.
This is sufficient to resolve Netflix's use case in b/65835227, but it
is only part of the solution for Android's use case in b/72353451. A
second patch will be required to cover cases where the certificate can
be loaded but cannot be used with the current OEMCrypto or with the
server.
Bug: 65835227
Bug: 72353451
Test: Android and CE CDM unit tests
Change-Id: Id3987a6f3c4097d7d356dfa631b023287354439a
Changes to a much more efficient and more reusable protobuf format for
metrics.
Test: Widevine tests, Google Play and MediaDrm CTS test.
Bug: 73724218
Change-Id: I3299051d7a16bcd7758c8f272415ca40e10c1313
[ Merge of http://go/wvgerrit/44921 ]
* Added the ability to remove a single usage information record.
* Added a method to retrieve all secure stop Ids.
Bug: 69674645
Test: WV unit, integration tests
Change-Id: I04ac8224b4bdda69541e61ff1103af3836138228
CdmEngine::QueryStatus was mapping all error codes
returned from crypto_session.Open to INVALID_QUERY_STATUS
which caused important failure information to be lost.
The GTS DrmSessionManagerTest test was failing as a
result, because session reclaiming no longer worked.
merge of http://go/wvgerrit/44800
bug:72705384
test:gts DrmSessionManagerTest
Change-Id: Id404a18b8f66cf6137b69f6b4e1bdd7004706a0c
(cherry picked from commit 6aad0f77cb)
Merge from Widevine repo of http://go/wvgerrit/44505
This CL changes the certificate provisioning code to verify the
provisioning message using a cert from license.widevine.com instead of
the staging certificate.
It also adjusts the certificates in config_test_env.cpp because the
license and provisioning servers are different and may probably have
different certs.
bug: 73031756
test: unit tests with mock oemcrypto, and read oemcrypto on sailfish
Change-Id: I4b457a369a49ef07bda9e5632ab59e5f621ec966
Merge from Widevine repo of http://go/wvgerrit/43720
This CL changes the cdm engine test's Provision method so that it
keeps OEMCrypto alive during the provisioning. This is only needed
when testing with the oemcrypto mock and the nonce flood rate has been
throttled to 1. In that case, if OEMCrypto is allowed to terminate
between each request, all nonce requests will be an error.
Keeping OEMCrypto alive does not modify the desired test results when
oemcrypto is not throttled.
This CL changes test code only.
bug: 73607610
test: unit tests
Change-Id: I71b27b1bb8200188a0a821afc977d7a9cc7fd968
Merge from Widevine repo of http://go/wvgerrit/43420
Remove or mark unused variables. Fix unsigned/signed comparisons.
bug: 73390805
test: unit tests
Change-Id: Ic523400a5decf82fae733042b260e0c39a087cd3
[ Merge of http://go/wvgerrit/43281 ]
Bug: 73164325
Test: WV unit/integration test, playback tests using Netflix and
Play Movies.
Change-Id: Ifc3dd8863da1616eb4a7df35ad010f53b6d5e3d2
[ Merge of http://go/wvgerrit/43240 ]
HDCP related changes were made in http://go/wvgerrit/42602. This
also changed the string values returned in the HDCP query command.
This CL reverts changes to the string values as were specified in
the Widevine Modular DRM Plugin vendor extensions document. Changing
them at this point will impact applications.
Bug: 70278160
Test: WV unit/integration tests, GtsMediaTestCases, playback using
Play Movies and Netflix.
Change-Id: I20171a8272aeeff5007cf90c9939b2ce1ce0fb13
[ Merged of http://go/wvgerrit/39766 ]
The security level (software/hardware, decryption/decode)
in the policy that specified how the key was to be used was
not being respected for L3. Playback would either continue or
a vendor specific error would be thrown.
If the device cannot use the key as permitted by the policy
CryptoException#ERROR_INSUFFICIENT_OUTPUT_PROTECTION will be thrown.
Bug: 31913737
Bug: 31913439
Test: WV unit/integration tests
Test: Playback using playmovies and netflix. Cast playback using
playmovies.
Change-Id: If25735ab0f789108431115623cb236687c5ef818
[ Merge of http://go/wvgerrit/42103 ]
* While deprecating keyboxes as identification, some code to
restore a license was mistakenly removed in http:://go/wvgerrit/36740,
http://ag/3442777
* Corrections to keep track of cipher mode, call SelectKeys when cipher
mode changes and to use the backward compatible LoadKeys call in case
OEMCrypto is v13.
Bug: 70160032
Test: Ran WV unit/integration tests. Request license test failures
have been addressed.
Change-Id: Id03c50874085af6d9985d10c19a74a02efb7a1f5
