Our recommendation to OEMs is that they support a table of at least 50
usage entries in OEMCrypto. If more usage entries are stored, the PSTs get
added to the CDM but are LRU'ed out of the OEMCrypto usage table. When the
CDM queries those usage entries, OEMCrypto will return a
OEMCrypto_ERROR_INVALID_CONTEXT. Rather than return an error and have
MediaDrm throw an exception, CDM should delete this PST and return the
next usage entry, when queried.
[ Merge of https://widevine-internal-review.googlesource.com/#/c/11457/
from Widevine cdm repo ]
b/17994711
Change-Id: I00e3f93000096fb434d94333e22958de795a4bb5
(This is a merge of http://go/wvgerrit/11613 from the Widevine CDM
repo.)
Adds a property for the OS version, implements it on Android, and
adds it to the license request property bag so that Netflix may
use it to discern the supported capabilities of the CDM.
Bug: 18230738
Change-Id: If5174a108093855314f3e0102b83691e20bb247b
(This is a port of http://go/wvgerrit/11556 from the Widevine CDM
repo.)
This wires up the new method on the crypto interface with the core
code that handles the max-res decode.
Bug: 16034599
Change-Id: Id2ea5635bf732eabf1fd33712ff8bab6cf1a1745
When falling back to L3, release requests were failing. Information
requesting falling back to L3 is passed along when the session is opened.
Licenses however are released using the key set ID and information
requesting fallback to L3(CdmClientPropertySet) at that point is
unavailable. The release was actually attempting to release a license
at the default security level which is incorrect.
In addition, the mac keys were not being setup correctly and the release
message was signed with keys derived from the license request and not the
response. Both these issues have been addressed and unit tests added
to track release of offline licenses and usage reporting scenarios.
[ Merge of https://widevine-internal-review.googlesource.com/#/c/11062
from wv cdm repo ]
b/17073910
Change-Id: I5cd95a7dfe58ebae7ae27ece6c92e67755c1d665
* The Usage APIs return usage reports from either L1 or L3 (if available).
* Correction to when usage reports are saved. In addition to other events
they are now saved when keys are loaded, usage reports are released and soon
after first decryption and periodically (60 seconds) after that,
if decryption takes place.
* Usage reports now get deleted on an unprovision request.
* Policy timer is now started when offline licenses are restored.
* Usage session is now released, when a usage response is received.
* Usage tests ahev been enabled.
* Added CDM extended duration (integration) tests to test usage reporting
and querying. These need to be run manually as they take a while (currently
half an hour).
b/15592374
[ Merge of https://widevine-internal-review.googlesource.com/#/c/10800
from the Widevine CDM repo ]
Change-Id: Ia817e03ebbe880e08ba7b4a235ecb82b3ff35fbf
Merge of CDM change:
https://widevine-internal-review.googlesource.com/#/c/10691/
This prevents the provisioning session from being created unless the
device needs provisioning. And then, after provisioning, it closes
the session it had previously opened.
b/15782159 CertificateProvisioning object keeps unused CryptoSession
Change-Id: Ic52ed864fa47c7ba50b7ca4d9fea1e74930228e9
Merge of https://widevine-internal-review.googlesource.com/#/c/10614/
from the widevine cdm repo.
* b/15467844 - GenerateRSASignature returns OEMCrypto_ERROR_INVALID_CONTEXT
when called with a non-NULL signature pointer and signature length of
0 (rather than OEMCrypto_ERROR_SHORT_BUFFER)
* b/15989260 - OEMCrypto_DecryptCTR does not return OEMCrypto_ERROR_KEY_EXPIRED
after keys have expired
Also addresses
* integration test updated to reflect that loading certificate errors are
returned on OpenSession rather than GenerateKeyRequest
* compiler warning on type casting
b/15989261
Change-Id: Ib68b972651479e99b9d05de4493aac55a96c4f39
[ Merge from Widevine CDM repo of
https://widevine-internal-review.googlesource.com/#/c/10171/ and
https://widevine-internal-review.googlesource.com/#/c/10172/ ]
Updated license_protocol.proto from constituent protos in google3
These changes make use of OEMCrypto v9 changes to support usage reporting.
Usage reporting may be enabled for streaming (by means of secure stops) and
offline playback by a provider session token specified in the license.
Changes include periodically updating usage information for relevant
sessions and reporting and releasing usage information as needed.
The CDM has removed all references to Secure Stops. This change
updates the Android API implementation to comply.
b/11987015
Change-Id: Ibb6f2ced4ef20ee349ca1ae6412ce686b2b5d085
This CL removes TODOs and email addresses from comments, unifies some
namespaces and cleans a few variable names. It is a copy of multiple
CLs on the widevine side.
Change-Id: I1bb649096476a5001a56d746427399de6a88ff69
(This is a merge of
https://widevine-internal-review.googlesource.com/9711 from the
Widevine CDM repo.)
This change updates the CDM's handling of init data types, previously
known as MIME types, to comply with the latest version of the EME
spec.
Following this change, in addition to accepting the deprecated MIME
types "video/mp4", "audio/mp4", "video/webm", and "audio/webm", the
CDM will accept the new standard: Init data types "cenc" and "webm".
Furthermore, this removes the non-PSSH-parsing path from the CDM. All
platforms have unified on the CDM being responsible for parsing the
concatenated PSSH box list, as outlined in the latest EME spec.
As Android has shipped code that expects pre-unwrapped PSSH boxes and
must maintain backwards-compatibility, code has been inserted on that
platform to detect pre-unwrapped data and re-wrap it with a PSSH
header before sending it to the CDM.
There are some small changes to unit tests because of this change:
1) The CDM Engine unit test now no longer needs to unwrap the PSSH on
any platforms when testing ISO-BMFF. It now pre-caches the
unwrapped key ID for use when testing WebM.
2) Several substantially-similar unit tests in the Android code have
been rolled into one test.
Bug: 13564917
Bug: 13570595
Bug: 9465346
Bug: 13570288
Change-Id: I7f27b16b8503f24a26746b5dce71fb61b6fd1bb2
The EME spec technically requires CDMs to treat audio/mp4 and
video/mp4 equivalently, as well as audio/webm and video/webm. We had
only been accepting video/mp4 and video/webm up until now.
This change also centralizes handling of init data types in the shared
CDM code instead of having it spread across multiple places in the
codebase.
(This is a merge of https://widevine-internal-review.googlesource.com/9532/
from the Widevine CDM repo.)
Bug: 13564917
Change-Id: Ib8bdfb2b003ffb00e8f0559561335abb3c5778b0
Adds support for WebM to the CDM. Decryption remains untouched,
however the initialization data is passed differently for WebM.
The previous version of this change broke playback for certain
apps that were being allowed to pass invalid MIME types before
this change was made. This version maintains backwards-compatiblity
for these apps for now by rewriting their MIME types as "video/mp4".
Merge of https://widevine-internal-review.googlesource.com/9225/
and https://widevine-internal-review.googlesource.com/9611/ from
the Widevine cdm repo.
Bug: 10638562
Change-Id: Ib37e838d08363f07b34b3a2e79a3f80a1f43e9ad
Adds support for WebM to the CDM. Decryption remains untouched,
however the initialization data is passed differently for WebM.
Merge of https://widevine-internal-review.googlesource.com/#/c/9225/
from the widevine cdm repo.
Bug: 10638562
Change-Id: I7b8cf4888fa408af77cee103f768f5a7c8ffdc7e
From Widevine CL:
https://widevine-internal-review.googlesource.com/#/c/9184/
This is some shim code that will load either an OEMCrypto
version 8 or version 9 library. This should allow us
to test and run stable devices until all OEM's have
updated to version 9.
Android Level 3 library versions are:
level3/mips/libwvlevel3.a Level3 Library Feb 27 2014 18:18:34
level3/x86/libwvlevel3.a Level3 Library Feb 27 2014 18:22:14
level3/arm/libwvlevel3.a Level3 Library Feb 27 2014 12:31:29
Change-Id: I82911e3b4d9056cf3c3ab2b47194fe81ac2776d9
The request ID was set to a fixed value, which caused license requests
to be rejected by the YT server with TOO_MANY_STREAMS_PER_VIDEO
The request ID is now a combination of a randomly generated value and
a rolling index. This is based off a fix by gmorgan@ on the eureka
branch #98fa6e5e.
Merge of https://widevine-internal-review.googlesource.com/#/c/8496/
from the widevine cdm repo.
b/12018697
Change-Id: I6c05fea885d46aea53a07235c3e5ac65a6971eaf
Merge of https://widevine-internal-review.googlesource.com/#/c/8263
from the Widevine repo.
Changes the behavior of requiresSecureDecoderComponent() to query the
session for whether a lowered security level has been requested
before querying the system to see what its default security level is.
As part of this, we added a new QuerySessionStatus() method to the
CDM that gets status info on a session-specific level, such as the
effective security level of a session.
Bug: 11428937
Change-Id: I5549a2fdd400cc87f567d27fcf74c473451093d6
Licenses could be renewed uptil the point of expiry. After that point
we expected that the session would have to be closed and a new one
opened with a new license loaded. Clank requested that we support
renewal of sessions past expiry.
In addition, the error returned on decryption, if OEMCrypto
determines that the KCB duration has expired, is NEED_KEY rather than
KEY_ERROR.
Merge of https://widevine-internal-review.googlesource.com/#/c/8240
from the widevine cdm repo.
b/11390539
Change-Id: I023320f3f25514cd07b368701a92100429ce1c04
The CDM session was being destroyed before the policy timer was stopped
and before the session was removed from a list of active sessions. This
allowed race conditions, where the policy timer would try to evaluate
policy for a closed session. This led to segfaults.
b/11338324
Merge of https://widevine-internal-review.googlesource.com/#/c/8240/1
from the widevine cdm repo.
Change-Id: Ib159ccfdb763a47da573f5c06c0793c2c63886c4
Decryption calls though multiple threads may result in race conditions
between the setting of the key and the actual call to decryption.
This results in OEMCrypto errors when the buffer type used in
decryption did not match the key selected. This is addressed by
having the the two calls be in the same critical section.
b/11009857
Change-Id: I74f1a0689ca17114f3cdd029022013b05c415acd
Molly reports OEMCrypto errors when Device RSA private key is
loaded a second time in the same session. This occurs in privacy
mode when a service certificate is request and later a key request is
generated.
bug: 10815492
Merge of https://widevine-internal-review.googlesource.com/#/c/7823/
from Widevine cdm repo
Change-Id: I98999fb0e77597109b68c379eaaa4838d3f6dde4
Certificates and offline licenses are stored in security level
specific directories in klp. When devices transition from jb-mr2,
their persistent information has to be ported to these directories.
bug:10366036
Merge of https://widevine-internal-review.googlesource.com/#/c/7310/
from the widevine CDM repo
Change-Id: I70b4a79dc5b69bda7fc3a4b92fdcde7ef8b41836
This merges the following changes from the Widevine CDM repository:
da001b6 Add Privacy mode and service certificate
This adds support to the CDM for privacy mode and service certificates.
92bf200 Add support for using Youtube Content Protection server for testing
Enables testing with Youtube Content Protection server. Google Play license
server is still the default. Select YTCP server by using the flag -icp
e.g. adb shell '/system/bin/request_license_test -icp'
85dcd60 Fixes to enable privacy mode
These includes changes to use PKCS7 padding, corrected root CA formatting
and changes to integration test. Also refactored service certificate
handling.
989971c Correction to request license test
Corrected PropertySetTest to provision when needed. Also added disabled
privacy tests to run against YTCP staging server until GooglePlay
integration is complete.
Bug: 10109249
Change-Id: If81d68c65d743d77a485406f48d1be41a74de0af
This merges the following changes from the Widevine CDM repository:
564f4cc Add CdmClientPropertySet to CDM
Adds an interface to the CDM that allows it to query its client for
certain properties. In this case, this includes the ability to
specify what security level is desired, as well as support for
service ceritifcate privacy mode.
9cfbd3e Force Level 3 fallback
Adds support for voluntarily invoking L3 crypto to the OEMCrypto
wrapper.
95d12c1 Add pointer to CdmClientPropertySet class to OpenSession.
Adds support for storing the property set on a session-by-session
basis and choosing the appropriate crypto level.
17de442 Add Settable Properties for Clank to Android
Adds support for setting the aforementioned properties to the
DrmEngine
bbe704d Fixes to force fallback to level three security
Corrections to invoke provisioning, OEMCrypto API with configured
security level rather than the default. Unit tests were also revised.
Note that some parts of this are also support for the ability to use
a service certificate-based privacy mode. The remaining code for
supporting this mode is still forthcoming.
Bug: 10109249
Change-Id: I2755e4dea1de3e8a56cff237360298f7b7f1bddc
Merges change 267713c (Remove stale licenses on reprovisioning) from
the Widevine CDM repository. This change removes licenses belonging
to the previous provisioning when provisioning changes.
Bug: 9761923
Change-Id: I473816dd11dd950f4fb009b5b004630bd2d2b579
This merges the following changes from the Widevine CDM repository:
bef58bc Add new error codes
Adds new error codes to OEMCryptoCENC.h and rearranges it to more
closely match the documentation.
5fcfbca Handle OEMCrypto_ERROR_INSUFFICIENT_RESOURCES on Decrypt
Changes the CDM to support the new errors from the previous change.
d59c09d Report Insufficient Crypto Resources
Changes the DrmEngine to support the new errors from the previous
change.
1085a21 Respond to Too Many Keys or Sessions Errors
Allows errors around having too many keys or sessions to result in
a unique error in the CDM.
Bug: 9695816
Change-Id: I826bc655109fa57e4f75de7158d7f392053666b1
This merges the following changes from the Widevine CDM repository:
1a72a7e Combine utility code into single library on Android
Combines several previously-separate files into a static library,
libcdm_utils, so that it can easily be used by both CDM and
OEMCrypto.
8c4d04d Install Keybox
If the keybox has not been installed, install it from
/factory/wv.keys.
Bug: 9972451
Change-Id: I8688ecd0adcf321e0c7d0faf55dd10f3910c12ec
Android development of the widevine CDM has been done
on the jb-mr2 branch of the cdm code base. This CL
contains a merge of that jb-mr2 work to CDM master, and
also reflects the evolution of the common Modular DRM
code base since jb-mr2 branched.
Change-Id: I1d7e1a12d092c00044a4298261146cb97808d4ef
Adds a property that allows applications to get the provisioning-unique serial
number.
Bug: 9175567
Also fixes some missing mutexes that were causing intermittent failures in
calls to OEMCrypto due to concurrency issues.
Bug: 9175583
Merge of https://widevine-internal-review.googlesource.com/#/c/5831/
from the Widevine CDM repository
Change-Id: I1d7e3ca9f3b06da345022f5f0d64e0c17a5cedca
The company_name was hardcoded in the CDM as "Google" for all devices.
On Android, it needs to come from the ro.product.manufacturer system
property.
bug: 9074091
This is a merge of https://widevine-internal-review.googlesource.com/#/c/5730/
from the Widevine CDM repository.
Change-Id: Ia3ae82abf350c32ba8b4d05b59e95361927dea40
