Bug: 36220619
BUG: 64071905
Test: Re-ran existing unit tests. Ran GTS tests. Tested with Google Play.
Change-Id: I79ddc8ed3290e6d74364cf96305054e55243c5ff
(This is a merge of http://go/wvgerrit/31040)
Because the Policy Engine was only consulting the result of the Max-Res
Decode check when it was in kLicenseStateCanPlay and not in other states
that imply kKeyStatusUsable, like kLicenseStateWaitingLicenseUpdate, the
Max-Res Decode results would not be honored during the interval between
requesting a renewal and receiving the result. (Or until the key
expired.) This was particularly problematic for keys with renewal delays
less than ten seconds long, which would freeze the Max-Res state before
it had a chance to update for the first time, effectively disabling
Max-Res Decode until renewal was received.
Fixing this required changing how the Policy Engine and the
LicenseKeyStatus objects communicate about the changing usability state
of the LicenseKeyStatus objects. Before, a call to ApplyConstraints()
might calculate a Max-Res failure, but this failure would be pending
until the Policy Engine deigned to call ApplyStatusChange() again.
Without a call to ApplyStatusChange(), it could pend forever. This put a
burden on the PolicyEngine to poll the LicenseKeys with redundant
ApplyStatusChange() calls using the same CdmKeyStatus that the keys were
already in, just in case Max-Res had changed since the last necessary
call to ApplyStatusChange().
If the Policy Engine got the timing of these calls wrong, it would
result in Max-Res results being ignored. (as in the linked bug) If it
ever polled with the wrong CdmKeyStatus, it would update the
LicenseKeys' status when it did not mean to. It would be preferable if
this polling were not needed, so that the Policy Engine couldn't get it
wrong.
This patch changes the API between these classes so that when Max-Res
fails, the state change can be reported immediately instead of pending
until ApplyStatusChange() is called, eliminating the need for polling.
All state changes to the LicenseKeyStatus objects go through a unified
ApplyStatusChange() method that can update the CdmKeyStatus, resolution,
and/or HDCP level and report any resulting usability changes
immediately. This patch updates the unit tests to exercise this new API
instead of the old API.
Previously, the linked bug slipped past our unit tests because we only
test unrenewable, streaming licenses against Max-Res. This patch adds
several more variants to
policy_engine_constraints_unittest so that it tests six kinds of
license to provide better coverage.
Bug: 62393949
Test: build_and_run_all_unit_tests
Change-Id: I0dfdbf6b8ea39abb446089aef5f6ea0502e9b4c6
Merge of http://go/wvgerrit/31561
If the usage table header is corrupted, or if it is stale, then the
CDM should create a new one.
bug: 64572642
Testing: pushed stale usage table to Fugu, and netflix recovered
gracefully. New unit test UsageTableHeaderTest.StaleHeader.
Change-Id: Ic66854ff6b0b252a0f4ca20e09f27852a50d6fcc
(This is a merge from http://go/wvgerrit/30220)
Previously, extracting the system ID was only supported on Keybox-based
systems. This patch adds support for extracting the system ID from the
OEM Certificate chain on Provisioning 3.0 devices. This is done by
getting the Widevine intermediate cert from the chain, finding the
Widevine System ID extension in that cert, and extracting the value.
The code that does the extraction is separate from any code that calls
OEMCrypto so that it can be unit-tested in isolation. This patch adds a
crypto_session_unittest test to do this unit-testing.
Bug: 34776194
Test: crypto_session_unittest
Change-Id: I3e273968208fb31ae6019ccc383b419625d1ae22
[ Merge of http://go/wvgerrit/29004 ]
Enable support for provisioning with OEM certificates as root of
trust.
b/62972441
Test: WV unit/intgration test, cdm_feature_test and GTSMediaTestCases
Change-Id: I30576fc0bb68a873eeaaca03f6b9c89fa6a14327
[ Merge from http://go/wvgerrit/29041 ]
This brings error codes up to date with wv master
b/62972441
Test: WV Unit/Integration tests on android
Change-Id: If676b35275bb992018b2b8bfcb76079a2fc2d1f9
MetricsGroup split into 3 groups, session, engine, and crypto.
MetricsFrontEnd and Report removed.
This is a merge from wvgerrit/28420
Bug: 36217927
Test: Added unit tests to cover modified code.
Change-Id: I2f39f99ce88cc2229d6d1aa9459c67c5b86ccef4
[ Merge of http://go/wvgerrit/28261 ]
Licenses (offline, secure stops) that contain provider session tokens
are handled securely using usage tables. A recent fix did not correctly
handle offline licenses that do not contain a provider session token and
are not handled by the TEE.
b/62340248
Test: WV Unit/integration tests, GtsMediaTestCases
Change-Id: Ia1331fea9deff44dd1d93219b37f5bea4b8ee168
[ Merge of http://go/wvgerrit/26421 ]
* Corrects usage_table_header lifetime management. Earlier the
UsageTableHeader class was a singleton tied to the CdmEngine lifetime.
With SPOIDs there might be multiple concurrent CdmEngine objects.
The UsageTableHeader class is now associated with OEMCrypto
lifetime. There are two UsageTableHeader objects one for each L1 and L3.
These get allocated/deallocated on OEMCrypto Initialization/Termination
respectively.
* UsageTableHeader requires OEMCrypto, file read/writes and
metric gathering to perform its required functionality. Because of the
lifetime changes, CryptoSession, DeviceFiles and MetricsGroup objects
need to passed to the methods rather than at Creation time.
* Miscellaneous fixes, when moving or deleteing entries.
* Adds usage_table_header_unittests.
* Addresses failures with request_license_test with secure stop in L3.
b/36858906
b/36855557
b/36048120
b/38341136
b/37100505
b/35946047
Test: Verified by unit and integration tests. Added new
usage_table_header_unittests
Change-Id: I20e396ab2c0afbd14372dd93b969e5b0f1ccd291
[ Merge of http://go/wvgerrit/25983 ]
Earlier versions of android returned CryptoException with
error code ERROR_NO_KEY, when a decrypt call was received before keys were
loaded. Changes to O resulted in ERROR_SESSION_NOT_OPENED being returned
instead. This CL reverts the behaviour.
Also a change to correct CDM error code numbering in comments.
Test: Verified by unit and integration tests
b/37219830
Change-Id: I43758cd29cf9d1945f878ac352a5f26538b48cdb
[ Merge of http://go/wvgerrit/25781 ]
The security level (software/hardware, decryption/decode)
in the policy that specified how the key was to be used was
not being respected for L3. Playback would either continue or
a vendor specific error would be thrown.
If the device cannot use the key as permitted by the policy
CryptoException#ERROR_INSUFFICIENT_OUTPUT_PROTECTION will be thrown.
Test: Verified by WV unit+integration tests.
Verified by WidevineDashPolicyTests
Verified by WidevineDashPolicyTests#testL3SoftwareSecureDecoderRequired,
testL3HardwareSecureCryptoRequired, testL3HardwareSecureDecodeRequired,
testL3SecureVideoPathRequired.
b/31913737
b/31913439
Change-Id: Ibfc7f3dd6fc7264e8cf9b0d33f6f8d619eed6c00
[ Merge of http://go/wvgerrit/24600 ]
Test: Unit test only change. Verified by rerunning unittests.
b/36221430
Change-Id: I36a8a0a5df400673689280cbf53ba9394f827c90
Some tests code was not correctly merged from the widevine side.
An initializer in generic_crypto_unittest.cpp was missed in
http://go/wvgerrit/23767
bug: 35951647
Change-Id: I2f7052b621989a032179346edf43dcaf6cb7d921
Merge from widevine repo of http://go/wvgerrit/24421
A nonce generation error for a certificate provisioning request had a
generic name Error2. However, this is an actionable error by the
application: the application should wait 1 second and try again.
Therefore it deserves a more descriptive name.
bug: 35926133
bug: 35879493
Change-Id: I6c87a5a762cb970c9530a55c993d7acbed773a00
(This is a merge of go/wvgerrit/23686)
This patch removes the makefile lines that previously prevented the
Widevine DRM Plugin from being built as 64-bit on Android. 64-bit
builds are now fully supported.
Only one piece of CDM code has had to change. Due to a bug in
libprotobuf before v3.0, int64 values from protobufs are technically a
different type from int64_t values in code on some 64-bit
architectures. Both have the same in-memory representation at runtime
but are seen as distinct types by the compiler. The compiler will
automatically convert in most places, but template instantiation is
not one of them, so a few places that passed a Protobuf int64 directly
into a template had to be modified.
Please note that tweaks to the mediadrmserver (not covered by this
patch) are needed in order for it to run as 64-bit and load 64-bit DRM
Plugins. Please also note that, as we have no 64-bit L1 OEMCrypto on
any devices, using the 64-bit mediadrmserver and Widevine library will
make your device fall back to L3 for the time being.
Bug: 18949752
Test: OEMCrypto unit tests
Test: Widevine unit tests
Test: Google Play (on Marlin)
Test: Widevine GTS Tests (on Marlin)
Change-Id: Ib6cdf2dd1ff75a1c473cacdc5e22397caa0a656c
Merge from Widevine repo of http://go/wvgerrit/24205
This adds a single retry to each call into cdm_engine that uses a
nonce. This should prevent spurious tests failing because they
accidentally generated a nonce flood.
bug: 35879493
Change-Id: I99a5f2063f04befb74361ff44c4ce8e34f41e89d
[ Merge of http://go/wvgerrit/24022 ]
b/34327459
Test: Verified by unit, integration tests on angler
Change-Id: Idb17dc472dddbdad217c35bdaa3fb20ae8152371
[ Merge of http://go/wvgerrit/23820 ]
The UsageTableHeader class is a singleton that CDM sessions will share.
A separate object will be created for each security level. The class
synchronizes access to usage table header and associated data-structures
and controls when they are read in or written out to non-secure persistent
storage. Upgrades from a fixed size usage table (supported by previous
versions of the OEMCrypto API v9-12) are handled by this class.
b/34327459
Test: Verified by unit/integration tests on angler
Change-Id: Ifc5996985e76bc260c01e55bc12aab1248389a80
[ Merge of http://go/wvgerrit/23742 ]
In OEMCrypto V13, usage table header and usage entries are stored in
persistent non-secure storage and loaded and unloaded from the TEE.
Information needs to be maintained to assist finding the associated license
or usage information. This information has been revised for usage information
to use key set id and usage info file name rather than provider session
token and app id.
The app id is stored in a hashed form (usage info file name) and was not
extractable during the upgrade process to OEMCrypto V13. Due to this
DeviceFiles UsageInfo routines have switched to use usage info file name
rather than app id as a key.
b/34327459
Test: Verified by unit/integration tests on angler
Change-Id: I95aa0435d0955c61fc45b951f5b5d44de2ba5cfc
[ Merge of http://go/wvgerrit/23741 ]
Usage entries and usage entry numbers need to be stored with license
and usage information, to facilitate loading usage entries when offline
licenses/usage information are restored or prepared for release.
b/34327459
Test: Validated by running unit/integration tests on angler.
Change-Id: I0949fc4cec8a50be0a7700b659dc12bb82ac6f73
[ Merge of http://go/wvgerrit/23522 ]
A helper method has been added to CryptoSession to determine whether the
TEE supports usage tables, usage table headers+entries or does not
provide any support for persistent licenses.
In addition
* CryptoSession now supports deletion of multiple
usage entries rather than a single one.
* Typedefs have been added for usage table headers and entries
b/34327459
Test: Verified by unit/integration tests on angler.
Change-Id: I634d3b7b81ce94d1deccd2a7aaf26b9efde414a8
[ Merge of http://go/wvgerrit/23600 ]
This adds a new entry to IStorage:: -
bool list(std::vector<std::string> file_names)
It returns the name of each file in the (origin-specific) file system.
b/34628115
Uses the current file system (origin-specific) bound to the CDM. Returns
the list of stored licenses (key_set_ids) in vector output parameter.
Test: verified by unittests on angler.
Change-Id: I988556b27c2a4b75f52b59bcd78cfeaddd649acd
This change is the complete Widevine metrics system. It will
measure and record runtime information about what is happening
in the CDM - such as errors and throughput.
Bug: 33745339
Bug: 26027857
Change-Id: Ic9a82074f1e2b72c72d751b235f8ae361232787d
[ Merge of http://go/wvgerrit/23380 ]
The service certificate was setup correctly if specified in mediadrm
properties. If instead the service certificate was later fetched from
the license service, it would not be marked as valid. This led to an
infinite loop of service certificate fetches and processing. This
prevented the license from being fetched and playback failures.
b/34638410
Test: Verified by new service certificate unittests + Hulu playback
using fugu.
Change-Id: I2a4f8754614fccdad3c80d3e13fba0b44d177d61
[ Merge of http://go/wvgerrit/23167 ]
This allows CryptoSession to support the new functionality added to
OEMCrypto to support big usage tables. No changes in behavior yet.
Code that calls these methods will be in a subsequent CL.
b/34327459
* Minor changes to cdm/Android.mk and cdm/test/unit-test.mk to remove
profiler changes that were missed in previous releases.
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: I9becd97c5a8ddf74d30fabd1251e796b534c010f
(This is a merge of go/wvgerrit/23154)
This patch updates the ClientCapabilities protobuf to match the latest
on the server side and adds plumbing to the provisioning request
process so that devices can report whether they like big certs.
Their capacity to lie remains untested.
Bug: 34076937
Test: license_unittest
Change-Id: I3bcc9f1741146953d8bc0ff3d7d2305e7ac2c118
[ Merge of http://go/wvgerrit/23161 ]
The usage table redesign will require storing usage table headers
and usage entries in non-secure persistent store. This information
will be signed by the TEE to prevent against modification. New
Storage and retrieval methods have been added for usage table headers,
while usage entries will be stored alongside (offline) licenses and
(secure stops/)usage info.
b/34327459
Test: All unittests, including newly introduced ones other than some
oemcrypto, request_license_test passed. Those tests failed with or without
this CL.
Change-Id: I9b8d6210e33774b0803f8af1711b2d593d467aec
[ Merge of http://go/wvgerrit/23061 ]
b/34131127
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: I27a3cde8e5c86dc8f9b26f9d4e7793f86c016743
* changes:
Remove missing tests from build_all_test script
Replace PST Report with buffer
Add InactiveUnused to Usage Report status
OEMCrypto v13 Header and Stubs
Log HTTP errors in unit tests
Rename oemcrypto's CryptoEngine configuration functions.
Move keybox and root certificate handling into new class.
Test OEMCrypto with backwards compatible verification
Merge from Widevine repo of http://go/wvgerrit/23028
This logs the full response when the status code causes a gtest to
fail. I hope we can figure out why the buildbot has flakey tests.
Change-Id: I498e633ad65fde4473e01ea227ffe75755fb4fd9
[ Merge of http://go/wvgerrit/22900 ]
Add GetClientToken(), GetProvisioningToken(), GetPreProvisionTokenType()
to CryptoSession. They return the correct token bytes and token type
for preparing the ClientIdentification message for provisioning and
license server transactions.
Also refactor service certificate handling.
OEM certs are introduced in Provisioning 3.0
b/30811184
* Address build breaks
[ Merge of http://go/wvgerrit/23162 ]
This addresses issues introduced by http://go/wvgerrit/22900
b/30811184
* When http://go/wvgerrit/18012 was merged (ag/1446934) some changes
were not merged for mapErrors-inl.h. These changes are included in this CL.
* When ag/1678104 was reverse merged to http//go/wvgerrit/21981/ a variable
was renamed and some comments were added to add clarity in cdm_engine.cpp.
These changes are included in this CL.
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: Ie0215509f2f985f2a610f5a4c865db47edec8662
[ Merge of http://go/wvgerrit/22565 ]
When using the grace period, the CDM will need to override the values
given to use by the TEE (through OEMCrypto). Normally the first (and
last) decrypt times are stored securely by the TEE. To avoid extra
complexity in OEMCrypto, we will simply ignore the values given to us
by the TEE when using this feature.
However, the TEE will still enforce the (hard) license duration. So
only the rental/playback durations will be affected by malicious
editing of files.
b/34211676
Test: Reran unittests including newly added tests. All tests other than
some oemcrypto, request_license_test passed. Those tests failed with
or without this CL.
Change-Id: I6d7b5bfb669fd8603b474b68c2f7175b0c30901d
* CDM license protocol updates
[ Merge of http://go/wvgerrit/22789 ]
No functional changes (yet) - all tests in widevine_ce_cdm_unittest
run successfully.
* Address android test build failures
[ Merge of http://go/wvgerrit/22983 ]
Updates to the license_protocol.proto in go/wvgerrit/22789
did not include the integration tests for android.
b/34202048
Test: Reran unittests. All tests other than some oemcrypto,
request_license_test passed. Those tests failed with or without this CL.
Change-Id: Ib9041d397187859b8fcbc1b1f7d275f8c4ef6aba
[ Merge of http://go/wvgerrit/22564 ]
b/34211676
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: I20474339aa1777da2db3677c10f186726505ecc8
[ Merge of http://go/wvgerrit/17958 ]
This CL might help diagnose the build bot problem.
b/34261498
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: I71e48284b52a1177c6e3b4c9a8bdd12b77cc9f2d
[ Merge of http://go/wvgerrit/22517 ]
b/34211676
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: I86a2ff041aae57ac46e9f9f7bac38ec4599a0fa7
[ Merge of http://go/wvgerrit/22237 ]
This only changes the existing fields of the policy.
License::Policy::license_duration_seconds represents the end time
(relative to the license start time) that the license can be used.
This overriding other times if this is earlier.
License::Policy::rental_duration_seconds represents the end time
(relative to the license start time) that the license can be used
before playback starts. Once playback starts, this no longer applies.
License::Policy::playback_duration_seconds represents the end time
(relative to the playback start time) that the license can be used after
playback has started.
b/34211676
Test: Ran new unittests and reran old tests. All tests other than some
oemcrypto, request_license_test passed. Those tests failed with or
without this CL.
Change-Id: I34e7e39a7ab864300806c557b480f093aec8e545
[ Merge of http://go/wvgerrit/18560 ]
This adds support for offline playback. If the content contains
mutiple playlists which contain differing EXT-X-KEY attribute lists,
each of those keys will need to be saved and restored into separate
sessions.
b/30041089
Test: Added unit tests to cover new functionality. Some oem_crypto,
request_license_test failures but the same as without this CL.
Change-Id: Ia1b877e12a67e8a720d29897ac7e2da236090123
Merge from widevine repo of http://go/wvgerrit/21681
This CL refactors some oemcrypto unit tests in preparation for adding
Provisioning 3.0 tests.
- The signature GenerateNonce has changed. Instead of the caller
passing in a pointer for the nonce, we store the nonce in a member
variable of Session.
- GenerateDerivedKeys is being replaced by InstallTestSessionKeys.
This sets up and calls the appropriate derive keys method. This
function is in the test class, instead of the session class so that
multiple sessions in a class can share the same wrapped rsa key.
This will be modified for provisioning 3.0 in a future CL.
- Rename tests that require a keybox. Some tests are specific for
using a keybox to request a DRM cert. These tests are renamed so we
can filter them out on devices that use an OEM Cert. Corresponding
tests for devices using provisioning 3.0 will be in a future CL.
- Some member variables and methods in the class Session were not
used. They are removed.
- Added openssl smart pointer.
- Comments. I added comments.
- clang format.
Change-Id: Ib579a322858e0ef92652a42167241b35cf85a041
[ Merge of http://go/wvgerrit/22140 ]
There are occasional issues when trying to connect to
http://widevine-proxy.appspot.com/proxy . This changes introduces upto
3 retry attempts. The UAT server on appspot is being replaced by UAT on borg
and so it is not worth our while to debug these issues furthur.
b/30022298
Change-Id: I76c1421e93c7c14b5d2bcd7ad07119a705245922
