(This is a merge of http://go/wvgerrit/138969.)
Provisioning 4.0 on CE CDM requires not only the make & model but the
model year in order to relate a device back to its system ID. This patch
adds model year to the list of properties that partners must provide as
client identification.
As no equivalent field exists for Android, this property is not
provided on Android platforms.
Bug: 206453352
Test: x86-64
Change-Id: I0764d67fec54fa9a0c65074e68f3ee02de1e7820
[ Merge of http://go/wvgerrit/133729 ]
[ Cherry pick of http://ag/15836224 ]
The OtaKeyboxProvisioner is a system-wide provisioner for sharing the
provisioning workflow between CDM engines.
Bug: 189232882
Test: GtsMediaTestCases
Change-Id: I873af3087cc05e1831bdd1d2c14fb002b73e6902
Added keybox provisioning proto fields.
[ Merge of http://go/wvgerrit/133730 and http://go/ag/15113032 ]
This CL copies over the required license_protocol.proto changes that
are required for OTA keybox provisioning. These fields are defined in
the server-side certificate_provisioning.proto, defined in
http://cl/377533774.
Note, changes are slightly different from server proto due to the RVC
version of license_protocol.proto being out of date with SC and newer
changes.
Bug: 189232882
Test: run_x86_64_tests
Change-Id: I55fcf6a7ac2ba4b6026b9acc63e822ff33c431d9
Added OTA keybox provisioning device files.
[ Merge of http://go/wvgerrit/133743 and http://go/ag/15421141 ]
This change adds a new set of proto messages/fields the CDM's device
files for recording device and engine information around OTA keybox
provisioning (OKP).
To make cleanup and thread protection possible, there is a single file
which will contain all the information for the device as a whole and
each CDM engine tied to an app/origin.
Bug: 189232882
Test: Linux unit tests
Change-Id: Iaf80cd6342f32657e04416750d9b278d935821a5
Client ID for OKP requests.
[ Merge of http://go/wvgerrit/133744 and http://go/ag/15645331 ]
Extended the CDM ClientIdentification class to support a subset of
client info used for OKP requests.
Bug: 189232882
Test: Android unit tests
Change-Id: I6aafb4f2164efe69bc733ece0a912f0e91893b91
[ Merge of http://go/wvgerrit/121567 ]
Replaced the two usage support functions GetUsageSupportType() and
UsageInformationSupport() into a single function HasUsageInfoSupport().
Since moving to only supporting a single usage info system (usage table
header + usage entries), the different usage support functions have
lost their purpose.
One version of the method works on an open session and will use a
cached value of the property if previously set. The other can be
called without opening the session (as used for query calls).
This is part of larger fix for the usage table initialization process.
Bug: 169195093
Test: CE CDM unit tests
Change-Id: I637c24dd143e995dbb0f8848850e3c71ff1018eb
[ Merge of http://go/wvgerrit/110824 ]
When generating a provisioning request, the CDM includes the different
certificate key types that are supported.
This change will enable the reporting of ECC certificate types if
OEMCrypto supports them.
Test: Linux unit tests and Android integration test
Bug: 140813486
Change-Id: I713ff1c469dff5c8a41461727ce63486d962575e
(cherry picked from commit 547d2f8775)
Merged-In: I713ff1c469dff5c8a41461727ce63486d962575e
[ Merge of http://go/wvgerrit/108904 ]
Client ID name-value fields in the license request share the same
namespace with app parameters and WV standard device information. As
a result, it was possible for applications to provide parameters that
could potentially fool the license server with spoof values.
This CL restricts the use of the fields that are common across both the
Android CDM and CE CDM. Currently, Android specific fields are
restricted by the MediaDrmPlugin layer, and there are no CE CDM
specific fields currently defined.
The non-HIDL DRM plugin does not restrict these fields; however, it
will be removed in S.
Bug: 171723566
Test: Android integration test
Change-Id: I5ad9ead73c5aff712dff8133953de5ddc3296452
[ Merge of http://go/wvgerrit/108064 ]
The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the core directory.
Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I8ae5a10cbfdf7faae6a2735e57b33729763f10b8
[ Merge of http://go/wvgerrit/105743 ]
Device ID is no longer reported directly in provisioning/license
request or used by ClientIdentification. It does not need to be passed
in during initialization.
Bug: 168085721
Test: WV unit/integration tests
Change-Id: I483eac963c3f40784e42e1a2b917fcc96aa76a05
[ Merge of http://go/wvgerrit/83423 ]
[ Merge of http://go/wvgerrit/83424 ]
[ Merge of http://go/wvgerrit/83425 ]
[ Merge of http://go/wvgerrit/83426 ]
[ Merge of http://go/wvgerrit/83427 ]
Types of cleanup:
- Removed function / class prefixes from the logs.
- Fixed log string format options to match the types passed
- Corrected small spelling mistakes / typos
- _Tried_ to make the log format more consistent
- Added static_cast<int> conversion on enumerations when logged
- Changed several LOGE to LOGW and vice versa
- Used LOGE if the triggering condition stops the method/function
from completing its task
- Used LOGW if the triggering condition changes the expected
outcome but does not stop the rest of the method/function's
task
- Changed several instances of `NULL` to `nullptr`
- Ran clang-format on files after cleanup
This is part of a larger code quality effort in Widevine DRM.
Test: WV linux unittests and WV Android unit tests
Bug: 134460638
Bug: 134365840
Bug: 136123217
Change-Id: I958ec70ef99eef95c38dbebd7a1acd62ef304145
[ Merge of http://go/wvgerrit/80484 ]
Clang-format has been run on files in core/src. clang-format has been turned
off for some blocks but otherwise no other changes have been made.
Bug: 134365840
Test: WV unit/integration tests
Change-Id: I6e509f25136f84d37de3d920084302f0f2c23dc4
Merge of http://go/wvgerrit/78683
There were some review comments in http://go/wvgerrit/78683 that came
in after the code was merged to the qt-dev branch. This CL addresses
them on the master branch.
Test: unit tests.
Bug: 129070445
Merge from Widevine repo of http://go/wvgerrit/78623
This updates the license request client identification to include
OEMCrypto build information.
Bug: 129070445
Test: ExoPlayer on crosshatch with mod mock
Change-Id: I0dbce0cca4e9810e14f60561e4e434f1dbcadfb6
(This is a merge of http://go/wvgerrit/76063)
Now that we have C++11, many places that do string formatting or parsing
can be replaced with std::to_string() or one of the std::sto*() family
of functions. This patch updates places that do simple stringifying or
parsing to use these functions. Some parts of the code are left
untouched because they were using StringStream to do more complex
actions, such as constructing more complex output or checking the status
of the parsing.
Bug: 120599938
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I482dc234ecd7c6014fa9b6874387ff51e04b772f
[ Merge of http://go/wvgerrit/71907 ]
The client token needed to be enabled in the license request.
Bug: 123369846
Bug: 123370099
Test: WV unit/integration tests
Change-Id: I4d3e944b1d79010977c119291594878c406b00c5
[ Merge of http://go/wvgerrit/71326 ]
Nonce flood, frame size, session and system invalidation errors
will now bubble up to the app. OEMCrypto v15 returns
OEMCrypto_ERROR_BUFFER_TOO_LARGE, OEMCrypto_ERROR_SESSION_LOST_STATE,
OEMCrypto_ERROR_SYSTEM_INVALIDATED and a variety of nonce errors.
These will be reported to HIDL as OUTPUT_TOO_LARGE_ERROR,
ERROR_DRM_SESSION_LOST_STATE, ERROR_DRM_INVALID_STATE and
ERROR_DRM_RESOURCE_CONTENTION.
Bug: 120572706
Test: Unit/Integration tests
Change-Id: Ida177300046327ce81592a273028ef6c3a0d9fd9
[ Merge of http://go/wvgerrit/71103 ]
A content provider may specify a provider client token in a license.
This is a client token generated by a provider. If present in a license,
they will now be included in a license renewal request.
Bug: 34386290
Test: WV unit/integration tests
Change-Id: I3db303ea4d8b4ff4495393be4015b49e13db2ffc
[ Merge of http://go/wvgerrit/67324 ]
This introduces the ability to query resource rating tier information
through the plugin and CDM. Resource rating tiers are also
sent in the client identification portion of the license request.
Bug: 117112392
Test: WV unit/integration tests
Change-Id: I68ac6dfc4362f61150af822bd526e346b5cc4bf7
(This is a merge of http://go/wvgerrit/66810)
Netflix discovered that several files were only compiling because of
transitive includes via the Metrics code. This patch adds the missing
headers they noted.
Bug: 118676365
Test: CE CDM Build
Change-Id: Ifbc4e5d4276d1c3fb9bbd677230cd431e34e5c76
[ Merge of http://go/wvgerrit/48720 ]
The device ID does not need to be sent in the client identification
information as it is either present in other fields or ignored
by the license service.
This also allows for build information to be reported during
provisioning for devices with OEM certificates.
Bug: 78578351
Test: WV unit/integration tests. GtsMediaTestCases.
Change-Id: I708c63d34f0e2df7e465154d12096a394a1b23d7
Merge from Widevine repo of http://go/wvgerrit/47860
This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.
bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
[ Merge of http://go/wvgerrit/41840 ]
Bug: 69867619
Test: WV unit/integration tests
Playback using netflix and play movies on Taimen
Change-Id: I49d0dd9ae12322eecc80efb8cb744419c85e8ae5
These are a set of CLs merged from the wv cdm repo to the android repo.
* Correct error logging
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/40000 ]
In tests, we set the cipher list to avoid using insecure
ciphers when connecting to the provisioning/license service.
The result of setting the cipher list was being incorrectly
validated.
Bug: 64847919
* Move mips cache headers to clear_cache_function.h
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39700 ]
Since the clear_cache function has been moved away from the dynamic
adapter, we need these conditional includes to be migrated as well for
MIPS.
* Comment out Level 3 debug call until merge
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39761 ]
This call was introduced in go/wvgerrit/34260/. Since the haystack tool
in google3 still needs this merge, this should be commented out so the
tool can still build until the merge has finished.
* Add logging for MAC keys to mock
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39740 ]
Bug: 70637842
* Move external interfaces into level3.h + refactor
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39673 ]
As part of b/70523618, this CL moves interfaces that partners are
responsible for in Level 3 to level3.h so they can be visible as
part of the CDM release process. It also cleans up some of the
names of the files and adds documentation.
* Corrected close session logging level
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39676 ]
Bug: 69460963
* Remove Security Level Path Backward Compatibility Support
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39505 ]
From the android K release onwards certificates were stored in
security level specific directories. If upgrading from
previous releases persistent information needed to be moved
to those directories.
Since no device is likely to upgrade from J to Pi, comptibility
support can be removed.
Bug: 70160032
* Rename privacy_crypto_openssl To privacy_crypto_boringssl
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37122 ]
Now that we no longer support OpenSSL in the Shared Source CDM, the name
of this file can be updated.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Remove Conditional Compilation from OpenSSL/BoringSSL
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/39460 ]
This change removes the usages of conditional compilation to support
both BoringSSL and OpenSSL, as well as to support multiple versions of
the OpenSSL API. All code is now compiled against one of the two
versions of BoringSSL in third_party/.
Note that in some cases, the kit/ and legacy_kit/ versions of BoringSSL
had different APIs, so when removing the OpenSSL version compatibility
conditional compilation, sometimes the older branch was kept and
sometimes the newer branch was kept.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Build CE & Jenkins CDMs With BoringSSL from third_party/
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37120 ]
Up until now, integrators have been responsible for providing a
compatible crypto library for use by the CE CDM. (either OpenSSL or
BoringSSL) After this change, this decision will no longer be in their
hands. The CE CDM build will always use the copy of BoringSSL in
third_party/, which will be statically linked with our library with
hidden visibility. This allows us to better control what crypto library
we use and will prevent continuing problems with trying to support both
OpenSSL and BoringSSL.
Unfortunately, BoringSSL began using C++11 in mid-2017, and we can't
support C++11 right now. Until we can, we need to use a C++11-free
version of BoringSSL for libssl. The CDM itself will continue to use a
recent BoringSSL, as it only needs libcrypto. But the unit tests that
need libssl have to use the legacy version.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Modified RNG for Level3 to use more entropy
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39220 ]
Bug: 65165076
Modified seed generation to use an xor of clock_gettime and
client-implemented code to supply random seeds to the RNG. Modified the RNG
as well to use xoroshiro128+ instead of xorshift, since it uses more
than one seed/state (which are 64-bit) and has higher "statistical quality".
The default implementations for the seed generation use /dev/urandom.
* Configure base path for Level3FileSystem
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39506 ]
This is in response to b/70354006. This change makes the
Android Level3FileSystem use the existing properties method
GetDevicesFilesBasePath for binderization. The same is done for the
Linux implementation.
* Add legacy_kit/ to BoringSSL Directory
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38861 ]
This adds a second copy of BoringSSL to the third_party/boringssl/
directory. This second copy is pinned to the last revision of BoringSSL
not to require C++11 and is not updated by the UPDATE_BORINGSSL.sh
script. This second copy will be used to provide libssl to the tests on
devices that do not support C++11.
Once we support C++11 in the CDM again, this weight should be removed
and all targets should use the copy of BoringSSL in the kit/ directory.
Bug: 67907873
* Use Shared Libraries for Unit Tests
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38860 ]
Some unit tests were using a statically-linked CDM instead of a
dynamically-linked one. (Or, in one case, trying to link both ways into
the same binary.) For now, we need to only link dynamically, so that the
unit tests and the CDM can use different versions of BoringSSL.
Long-term, we would like to test both kinds of linkage. (See b/69548115
for that.)
Some unit tests were also using a dynamicaly-linked CDM that was named
such that it appeared to be statically-linked. This patch renames some
targets to make the linkage clearer.
Bug: 67907873
* Change CDM_Backwards_Compatiblity_Tests to dedicated brances
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/39003 ]
The build scripts used by CDM_Backwards_Compatiblity_Tests now pull
old versions of oemcrypto from the dedicated branches oemcrypto-v*,
which [will eventually] contain old oemcrypto versions, that build
with the current build system with a current boringssl version.
bug: 67907873
* Fix spacing on level3 header
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/38760 ]
* Correct Query status calls
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38640 ]
Bug: 70160032
* Refactoring to allow encryption of client ID
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37460 ]
The code has been restructured to allow encryption of client
identification in provisioning requests. This will be enabled
when server side changes have been made (b/69427217).
* Additional information is included in the Client Identification
portion of the provisioning request.
* Client identification will be encrypted with a service
certificate provided by the app/client. Platform changes
to enable passing this to core are needed. If a service certificate
is not provided, a default one associated with the production Keysmith
will be used.
* Switched APIs in CdmEngine to take a service certificate for
provisioning rather than licensing. Service certificates for
licensing are session based and passed as properties from platform
code.
Bug: 30737060
* Allow some CDM errors to be reported from multiple locations
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38360 ]
This creates some CdmResponseType errors which may be reused
PARAMETER_NULL, NOT_INITIALIZED_ERROR, REINIT_ERROR.
I have made changes to a few classes to report these errors.
Will work on additional classes in a separate CL.
Bug: 69864404
BUG: 71650075
Test: WV Unit/integration tests
Change-Id: Icc048770d424ac537d11ff327cda2cb142da802d
