Because we do not want to accidentally install a test keybox on a
production device, most of the oemcrypto unit tests are being disabled
by default.
If you wish to run these tests, you can override this choice, by
running:
adb shell /system/bin/oemcrypto_test --gtest_also_run_disabled_tests
This change prompts for and requires positive confirmation before
running the disabled tests on a device that has a non-test keybox
already installed.
Bug: 8907626
Merge of https://widevine-internal-review.googlesource.com/#/c/5531/
from the Widevine CDM repository
Change-Id: Ib8e3605129ebf0861b4af15d04676f7a06cc5b78
There is an ambiguity in the use of the signature length in
OEMCrypto_GenerateRSASignature. If the pointer to the vector is null,
the function should set the length parameter to be the size of the
buffer needed.
This ambiguity has been clarified in the documentation: the
length returned should be the exact length of the buffer. It
will be corrected in a future release of Qualcomm's L1. However,
we are putting this change in both as a stop-gap and as a
belt-and-suspenders fix.
Bug: 8878371
Merge of https://widevine-internal-review.googlesource.com/#/c/5494/
from the Widevine CDM repository
Change-Id: I7574874884ca10da68d15674c971a565d015767d
In the android media DRM api test, provisioning is indicated, when a
generate license request command is issued after a switch between L1 and
L3. This is as expected as oemcrypto is unable to decrypt
the key wrapped earlier (bad padding). Subsequent provisioning request
and storage of wrapped keys complete successfully. If the same session
is used to reissue a generate license request command, the wrapped keys
and cert used are those present in memory from the initial retrival,
rather than rereading the new ones from persistent storage.
This results in a cycle of successful provisioning attempts followed
by generation of license requests commands which return a provisioning needed
error.
A change has been added to reinitialize the session and reload the
wrapped keys.
b/8878324
Merge of https://widevine-internal-review.googlesource.com/#/c/5600/
from the Widevine CDM repository.
Change-Id: Iaf47d15d104fd681706df5f64be583af24186abe
In a renewal message, in order to extend the duration, the server sdk
sends back a single key in the key container. Earlier the key was of type
CONTENT and only contained a key control block. No id, key data or
iv information were supplied. After a recent server sdk update
the key type in the renewal message has been changed to KEY_CONTROL.
This change enables the client to process the updated renewal message.
bug: 8736545
Merge of https://widevine-internal-review.googlesource.com/#/c/5434/
from Widevine CDM repository
Change-Id: Ia9f3620b86460278285fddee57ee923e269de7c1
Bug: 8770327
1. Allow provisioning retries
Allow multiple provisioning request messages to be generated without
requiring an equal number of HandleProvisioningResponse's. This is to
allow for lost messages.
2. Properly deletes cdm and crypto sessions created for cert provisioning.
The CleanupProvisioningSession() has not been deleting the cdm and crypto sessions
created for certificate provisioning properly. The lives of these sessions are
short and therefore, not added to the CdmSessionMap. We need to explicitly delete
these objects when error occurs or when we are done with provisioning.
3. Fixes provisioning responses that contain multiple chunks.
When we make multiple provisioning requests during testing, Apiary
sends response that contains more than one chunk. The test app.
needs to parse the response and concatenates the chunk data.
Otherwise, the size for each chunk is treated as base64 encoded data,
which will generate error when we try to deserialize the response
message.
Merge of https://widevine-internal-review.googlesource.com/#/c/5451/
from the Widevine CDM repository
Change-Id: I5b0ed982849c12628a3949f8d51515fcf6ce5a5f
The android timer class was not generating timer events correctly. This caused
renewal and expiration events not to be sent. A strong pointer to the
timer thread was not held and this caused the android util timer
thread to exit after firing once. This is now addressed.
Bug: 8736545
Merge of https://widevine-internal-review.googlesource.com/#/c/5353/
from the Widevine CDM repository.
Change-Id: I2d904e55d4d10eacc1a51f1c6b5c1a267c92c8d8
Currently the CDM requires the caller to specify init data both on key
generation and renewal requests. With this change the CDM relaxes
this requirement for renewals.
Bug: 8732893
Merge of https://widevine-internal-review.googlesource.com/#/c/5322/
from Widevine CDM repo
Change-Id: Idf4ad2bdb20023da4f30bc369ed87eb811c1c4d9
There is an OEMCrypto wrapper that loads the OEM provided library.
For debugging and initial implementation, this only verified that some
of the API existed before continuing.
With this CL, the level 1 library is not used if any of the API
functions are missing, or if the version number is not correct. There
is no plan to make this library backwards compatible.
bug: 8621521
Merge of https://widevine-internal-review.googlesource.com/#/c/5264/
from the Widevine CDM repo.
Change-Id: Ie82907925450b9fe93d0d857c1133f5382f55d21
Having the integration docs in the tree helps with version
management and distribution to partners.
bug: 8698129
Change-Id: I4c1e4f5902457815eaf58e6bd5313951d2b773ca
The CDM may use the eventing mechanism or the error return-value mechanism to
notify callers of errors that the Java APIs expect to be passed via the
eventing mechanism. We need to detect when an error has been synchronously
returned via the error return value of a method and fire an appropriate event.
bug: 8620943
Merge of https://widevine-internal-review.googlesource.com/#/c/5261/
from the Widevine CDM repo.
Change-Id: I2055854dc960845dc775b1fceab9d0850b63fbb5
The test for refresh keys with a stale nonce was not performed
correctly. It was supposed to test that RefreshKeys fails when the
nonce is stale. However, the nonce in the test was not stale. The reference
implementation did fail, but it failed because the control bits were
in network byte order instead of host byte order. Both of these
problems are fixed in this CL.
This CL changes test code only. The change has already been
communicated with Qualcomm.
bug: 8621521
Merge of https://widevine-internal-review.googlesource.com/#/c/5263/
from Widevine CDM repo.
Change-Id: I0821eff914d1680481006b9b68d49e8f2c5b9cd8
This new format uses the SignedProvisioningMessage proto buffer definition so
the client does not have to parse the message and signature from the JSON
response separately. This change makes it more flexible to extend the fields
in the SignedProvisioningMessage.
Adds Apiary API key to the default provisioning server url.
Fixes a bug in GetCertRequestResponse() where a LOGD() can generate a
fault if there is no response data.
Bug: 8620943
Merge of https://widevine-internal-review.googlesource.com/#/c/5230/
from Widevine CDM repository
Change-Id: I4945ee2d16f88666e41edf990dd07102a9271105
The Java APIs only easily expose getting the PSSH data blob, not the full PSSH
box. So that apps do not have to do extra work, wrapping the PSSH data blob in a
PSSH box again, we do it for them in the DrmPlugin.
Includes requisite changes to the Unit tests
Bug: 8584241
Merge of https://widevine-internal-review.googlesource.com/#/c/5142/
from the Widevine CDM repository.
Change-Id: Ifb5910dd52380e1b591ecdf1e4273c8d9f3294cc
bug: 8621521
This fixes a problem where insecure audio buffers were being
passed incorrectly as secure buffers to the trusted
environment's OEMCrypto_DecryptCTR.
This is a merge of the following changes from the widevine
git repository to android git repository:
https://widevine-internal-review.googlesource.com/#/c/5163/2
Allow selection of secure/non-secure buffers
https://widevine-internal-review.googlesource.com/#/c/5164/
Pass Secure Buffer Request to CDM
Change-Id: Iec1192a216305c6cf92c359b15b148eccc6ce6ce
Upgrade to version 2.1 of license protocol in OEMCrypto.
related-to-bug: 8621521
Merge of https://widevine-internal-review.googlesource.com/#/c/4952/
from Widevine CDM repository to android repository.
Change-Id: I0d85dae1981b7525ab17aec5f21cf668d078bf47
WVCryptoPlugin was not properly implementing part of its responsibilities to
AES-CTR in ISO-CENC. Specifically, it was not incrementing the IV after each
block.
Also, I have greatly expanded the unit tests for decrypt() to catch more edge
cases.
This change fixes the two failing test vectors in the Java integration tests.
Copied from https://widevine-internal-review.googlesource.com/#/c/5123/2
Bug: 8656421
Change-Id: If935edbf01068f5b0d5254b4e657057ef57d8fcf
OEMCrypto was being initialized on session creation. Calls to
get property information may occur before any sessions are
created. This resulted in calls to OEMCrypto before a call to
OEMCrypto_Initialize which caused a segfault.
OEMCrypto initialization is now verified before any other calls are made.
Unit tests have been modified to verify that this indeed works.
bug: 8660973
Change-Id: I1b14fa8ad2e88750776b28715a48d8a1d1c57089
Removes the status query from WVCryptoPlugin's decrypt method. It was not
providing any additional security since it was not cryptographically secure,
and querying status is an expensive operation on some devices. It should not
be done on a frequent basis, such as in every decrypt call.
Bug: 8667365
Merge of https://widevine-internal-review.googlesource.com/#/c/5121/
from widevine CDM repository to android repository.
Change-Id: Id9a877c5655cb8dbee7e97f983d43ec2ab6acc6e
When non-encrypted buffers are sent to OEMCrypto_DecryptCTR,
the cdm is overriding the buffer type to be non-secure. This
is incorrect, the encrypted state is not the same as the buffer
protection level.
This change removes the special case override that should not
be there.
bug: 8621521
Change-Id: I705b1dc82b393305b9e6bdcb524d6b8126f58d3d
Does not affect any production code, only unit tests
Makes the end-to-end license/decrypt test compatible with the
fix for b/8604068 (merged).
related-to-bug: 8604068
Merge of https://widevine-internal-review.googlesource.com/#/c/4982/
from widevine cdm repository to android repository.
Change-Id: Ic5739c9de0cd385a672311ec87b9a475e367121a
Now that MediaErrors.h has errors for some of the conditions we were using
custom error codes for previously, we should switch to using the standard
error codes in order to get better error reporting to the app.
Bug: 8621516
This is a merge of https://widevine-internal-review.googlesource.com/#/c/5040/
from widevine cdm repo to android repo.
Change-Id: I111a8825fa8fd8186a0d535cf19a7b08d9f35aee
Adds a new property to the CDM's QueryStatus called QUERY_KEY_SYSTEM_ID that
contains the System ID. (as read from OEMCrypto_GetKeyData) Adds a new
property to the DrmPlugin (cleverly named "systemId") that allows the app to
query for this. Also adds unit tests.
Also changes the Device ID getter in crypto_engine.cpp to return a failure
instead of an empty ID.
Bug: 8621632
Merge of https://widevine-internal-review.googlesource.com/#/c/5010/ from
widevine cdm repository to android repository.
Change-Id: I8f309af18487c499e8ce25e829059e45623ea4dc
Reworks the error message reporting that was just added to WVCryptoPlugin so
that it reports detailed error messages to the app (because the error codes
cannot be relied upon to reach the app intact) and so that it always reports
custom errors so that the detailed error message is passed to the app.
Bug: 8621516
Merge of https://widevine-internal-review.googlesource.com/#/c/5031/ from
widevine git to android git.
Change-Id: Id7a517fb6e4e772ffea4c779a8ee52b357345a08
Adds more meaningful error reporting where possible to the DrmEngine. Adds
translation of CDM and OEMCrypto errors to Android errors.
Bug: 8621516
Change-Id: Ibab8a8711c3929ed72870ec7e138cd42358d9fb3
