"client_version" is an optional, information field in the protocol for
license requests. It was requested that the CE CDM includes this
information in the license request. It does not hurt to include this
information in the Android license requests too.
If, for some reason, the client cannot provide this information, the
request is still sent out as normal. No reason to prevent an otherwise
valid license request due to a missing optional field.
Note: This field is directly in the LicenseRequest message and not the
ClientIdentification message.
Bug: 253013596
Test: license_unittest
Change-Id: I9dc342301fffdc174122088af39406150b34562e
[ Merge of http://go/wvgerrit/164077 ]
This CL makes major changes to the names of variables and types that
are related to the usage table, header, entries, entry indexes, and
other related data.
The renaming followed these rules:
1) "Usage table header" will exclusively refer to the header blob
that is OEMCrypto specific. The CDM class "UsageTableHeader"
is the CDM-layer's abstraction around the "usage table" concept.
The name has been updated to reflect that.
2) The "Cdm" prefix is only used for the CDM-specific data types for
the usage table and entry info. It has been removed from
OEMCrypto-specific types.
- UsageTableHeader -> CdmUsageTable
- CdmUsageTableHeader -> UsageTableHeader
- CdmUsageEntry -> UsageEntry
3) The "usage_" prefix has been removed from variables when the usage
table or usage entries are the subject of the function or class.
4) UsageEntryIndex is the type for entry indexes, instead of directly
using uint32_t. This matches how we wrap other types in
"wv_cdm_types.h"
5) Changed entry "number" to entry "index".
6) Vectors of elements have been renamed to be either pluralized or
have a suffix "_list".
7) "Usage info" was occasionally being used to refer to the usage
table or entries generally, rather than specifically secure-stop.
- CryptoSession::HasUsageInfoSupport() -> HasUsageTableSupport()
The most major change is that the files "usage_table_header*" have
been renamed to be "cdm_usage_table*".
Bug: 242914226
Test: run_x86_64_tests and request_license_test
Change-Id: Iee98446b71f4f2934d3c9e0fb949eb05b84d1f8c
No-Typo-Check: From a third party header file
Bug: 260918793
Test: unit tests
Test: atp v2/widevine-eng/drm_compliance
Change-Id: I36effd6a10a99bdb2399ab1f4a0fad026d607c70
1. "Change CdmResponseType from enum into a struct"
Merged from http://go/wvgerrit/163199
Bug: 253271674
2. "Log request information when server returns 401"
Bug: 260760387
Bug: 186031735
Merged from http://go/wvgerrit/162798
3. "Specify server version on the command line"
Bug: 251599048
Merged from http://go/wvgerrit/158897
Test: build android.hardware.drm-service.widevine
Test: Netflix and Play Movies & TV
Test: build_and_run_all_unit_tests.sh
Bug: 253271674
Change-Id: I70c950acce070609ee0343920ec68e66b058bc23
[ Merge of http://go/wvgerrit/148552 ]
Extended the CDM layer to report OEMCrypto's watermarking support.
The reporting of watermarking comes in three (3) mechanisms:
1) ClientCapabilities in license requests
2) CryptoSession metrics when queried to OEMCrypto
3) String property query by apps
If OEMCrypto implementents OEMCrypto_GetWatermarkingSupport(), then
the reported watermarking support by the CDM will match that of
OEMCrypto.
If OEMCrypto does not implement OEMCrypto_GetWatermarkingSupport()
or an error occurs, it is assumed that OEMCrypto does not support
watermarking, and the CDM will report "Not Supported".
Bug: 226443788
Test: run_x86_64_tests request_license_test and license_unittest
Change-Id: Id929a356c395e6bcf45d371ee6887eec40d35329
(This is a merge of http://go/wvgerrit/140850.)
This patch fixes a number of minor issues in the codebase (mostly
instances of 0-as-nullptr, but also some member shadowing and a missing
override) that were being hidden by the fact that depending on Protobuf
disables these diagnostics. And which will be unhidden when a later
patch removes that behavior from Protobuf.
Bug: 208304830
Test: x86-64
Change-Id: I4b0b1264748880b3726a6388d589868d898f949e
(This is a merge of http://go/wvgerrit/139989.)
Googletest added a new, more powerful MOCK_METHOD() macro in 1.10. This
patch updates all our usage of the old MOCK_METHOD family to the new
macro. Full details can be found at
https://github.com/google/googletest/blob/release-1.10.0/googlemock/docs/cook_book.md#creating-mock-classes
but in brief, the new MOCK_METHOD() replaces the entire old MOCK_METHOD
family and has the following advantages:
1) No need to count parameters or update the macro name when changing
parameters.
2) No need for a different macro for const methods.
3) The ability to specify override, noexcept, and other function
qualifiers.
4) The macro order is now the same as C++ method definition order:
Return Type -> Name -> Arguments -> Qualifiers
In addition to upgrading all our usage sites to the new macro, the
addition of the override qualifier to our MOCK_METHODs helped uncover
several cases where we were using MOCK_METHOD to override methods that
didn't exist. This is a great example of why the override qualifier is
so useful. These places have been updated, by removing the invalid and
unused mock method.
Bug: 207693687
Test: build_and_run_all_unit_tests
Change-Id: Iaad4a22c7f72bb48b1356fe01a41eb0a2f555244
[ Merge of http://go/wvgerrit/126744 ]
* EngineMetrics previous_oemcrypto_initialization_failure is set only
on a previous failure. Removing it from the list of expectations
as we cannot be certain that it will or will not be set unless we
know the previous state of the device.
* Corrected client_capabililties expectations in
CdmLicenseTest.PrepareKeyRequestValidation
* Correct error expected in
- WVDrmPluginTest.RejectsAtscProvisioningRequests
- WVDrmPluginTest.RejectsAtscUnprovisionDeviceRequests
* Correct expectations
- CdmSessionTest.InitWithBuiltInCertificate,
- CdmSessionTest.InitWithCertificate
- CdmSessionTest.ReInitFail,
- CdmSessionTest.InitFailCryptoError
Bug: 181693982
Test: WV unit/integration tests
Change-Id: I2f1e1c38604d768e0532b30d8551c77ea45e63f4
[ Merge of http://go/wvgerrit/121567 ]
Replaced the two usage support functions GetUsageSupportType() and
UsageInformationSupport() into a single function HasUsageInfoSupport().
Since moving to only supporting a single usage info system (usage table
header + usage entries), the different usage support functions have
lost their purpose.
One version of the method works on an open session and will use a
cached value of the property if previously set. The other can be
called without opening the session (as used for query calls).
This is part of larger fix for the usage table initialization process.
Bug: 169195093
Test: CE CDM unit tests
Change-Id: I637c24dd143e995dbb0f8848850e3c71ff1018eb
[ Merge of http://go/wvgerrit/120512 ]
Wrapped DRM private keys are loaded when a key request is made or when
offline/usage sessions are restored. They were earlier loaded when a
session was opened.
For streaming sessions, key material will be fetched from the default
or legacy certificates and loaded when a key request is made.
For offline and usage sessions, key material may be retrieved from
license or usage records if available. If not available, information
associated with the legacy certificate will be loaded.
Certificate and wrapped keys are also written out when an offline
license or usage record is saved.
Bug: 169740403
Test: WV unit/integration tests
WvCdmRequestLicenseTest.ProvisioningWithExpiringCertTest
WvCdmRequestLicenseTest.StreamingWithExpiringCertTest
WvCdmRequestLicenseTest.RestoreOfflineKeysWithExpiringCertTest
Change-Id: Ice0154c632170c46da171cbbb23a97380c610a98
[ Merge of http://go/wvgerrit/110824 ]
When generating a provisioning request, the CDM includes the different
certificate key types that are supported.
This change will enable the reporting of ECC certificate types if
OEMCrypto supports them.
Test: Linux unit tests and Android integration test
Bug: 140813486
Change-Id: I713ff1c469dff5c8a41461727ce63486d962575e
(cherry picked from commit 547d2f8775)
Merged-In: I713ff1c469dff5c8a41461727ce63486d962575e
[ Merge of http://go/wvgerrit/108064 ]
The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the core directory.
Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I8ae5a10cbfdf7faae6a2735e57b33729763f10b8
[ Merge of http://go/wvgerrit/105743 ]
Device ID is no longer reported directly in provisioning/license
request or used by ClientIdentification. It does not need to be passed
in during initialization.
Bug: 168085721
Test: WV unit/integration tests
Change-Id: I483eac963c3f40784e42e1a2b917fcc96aa76a05
[ Merge of http://go/wvgerrit/93506 ]
This updates the license_protocol.proto to match the one used by
the license service. It introduces new fields such as
|soft_enforce_rental_duration|. Additional changes address proto field
naming changes.
Bug: 139372190
Test: WV android unit/integration tests
Change-Id: Id0c38b457e9079c0afc6848c355c07f96a19e073
Merge of http://go/wvgerrit/93404
This CL updates the Widevine CDM to support OEMCrypto v16.1
Test: Tested in 16.2 CL
Bug: 141247171
Change-Id: I69bd993500f6fb63bf6010c8b0250dc7acc3d71b
[ Merge of http://go/wvgerrit/88006 ]
Certain test files have yet to be formatted since we introduced
clang-formatting.
Test: android unit/integration tests
Bug: 134365840
Change-Id: I2d30ad367d76a9dfbf389614e1b31ed39fa17c72
(This is a merge of http://go/wvgerrit/84510)
When the CE CDM 3.5 behavior around service certificates was originally
implemented, it allowed sessions to be created if a service certificate
had not yet been installed, in keeping with the EME spec. However, the
service certificate in use at session creation time was cached, and so
there was a bug where any sessions open before a service certificate was
installed would never be updated with any future service certificates.
The code also caused problems for Android. When it was merged to master,
it was fixed to simply not allow session creation on CE CDM without a
service certificate. However, this created an impedance mismatch between
the CE CDM and EME that has caused pain for Shaka Player Embedded,
Chrome, Chromecast, Fuchsia, and likely every partner that is trying to
implement a fully-compliant EME stack on top of CE CDM.
Removing the code that blocks session creation without a service
certificate is easy. Fixing the bug that motivated it is not. Removing
the caching is not possible because Android needs it for certain
behavior on its end. So instead, the CE CDM will have to iterate over
all open sessions and update their service certificates if the installed
service certificate changes.
Test: CE CDM Unit Tests
Test: Android Unit Tests
Bug: 111766009
Change-Id: I1bd70553e2209b823a6acdc221c0497a5f3181b2
[ Merge of http://go/wvgerrit/84647 ]
[ Merge of http://go/wvgerrit/84648 ]
Replacing most instances of C's NULL with C++'s nullptr. Also changed
how a NULL check is performed on smart pointers. They provided an
implicit boolean operator for null checks, meaning the underlying
pointer does not need to be compared directly (as it was in some places
before).
Note that clang-format has performed additional changes to some of the
test files that have not yet been formatted.
Bug: 120602075
Test: Linux and Android unittests
Change-Id: I06ddebe34b0ea6dfecedb5527e7e808e32f5269a
[ Merge of http://go/wvgerrit/71907 ]
The client token needed to be enabled in the license request.
Bug: 123369846
Bug: 123370099
Test: WV unit/integration tests
Change-Id: I4d3e944b1d79010977c119291594878c406b00c5
[ Merge of http://go/wvgerrit/71326 ]
Nonce flood, frame size, session and system invalidation errors
will now bubble up to the app. OEMCrypto v15 returns
OEMCrypto_ERROR_BUFFER_TOO_LARGE, OEMCrypto_ERROR_SESSION_LOST_STATE,
OEMCrypto_ERROR_SYSTEM_INVALIDATED and a variety of nonce errors.
These will be reported to HIDL as OUTPUT_TOO_LARGE_ERROR,
ERROR_DRM_SESSION_LOST_STATE, ERROR_DRM_INVALID_STATE and
ERROR_DRM_RESOURCE_CONTENTION.
Bug: 120572706
Test: Unit/Integration tests
Change-Id: Ida177300046327ce81592a273028ef6c3a0d9fd9
(This is a merge of http://go/wvgerrit/70667)
Request ID Index generation has historically worked by incrementing a
shared variable in one place and reading it in another place and
trusting the fact that CdmLicense calls these operations in a certain
order and only once per session to give each session a unique value.
This patch cleans this up a bit, having each session store the current
Request ID Index at the same time as it stores its Request ID Base. This
guarantees that each CryptoSession will receive a unique but stable
combination of Base and ID rather than relying on the calling pattern.
Since all this generation happens during the same function, the full
Request ID can be generated up-front and stored, making
GenerateRequestId() no longer necessary.
This patch also simplifies the threading story around this shared state
by using a std::atomic<uint64_t>. Bringing the code that interacts with
the shared state together into one place and replacing it with atomic
operations will simplify locking around this code when CryptoSession
locking is revamped in a future patch.
Bug: 70889998
Bug: 118584039
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I12d2f6501f872f1973e5a9af5125ca03f23e5a56
[ Merge of http://go/wvgerrit/67324 ]
This introduces the ability to query resource rating tier information
through the plugin and CDM. Resource rating tiers are also
sent in the client identification portion of the license request.
Bug: 117112392
Test: WV unit/integration tests
Change-Id: I68ac6dfc4362f61150af822bd526e346b5cc4bf7
(This is a merge of http://go/wvgerrit/66625)
Google C++ Style dictates that methods which override base class or
interface methods should be declared "override" but not "virtual". Since
our codebase has not had access to "override" until now, many of our
classes do not follow this rule. I've updated as many places as I could
find to follow Google C++ Style, which should hopefully help us catch
errors better in the future.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: Ic23e2e482e967256da306791532b5fec7b81b2f2
(This is a merge of http://go/wvgerrit/66643)
The sub-license feature has been removed from the server and packager.
So that we do not have to continue maintaining the code that supports
this feature that never shipped, I am removing it from the CDM as well.
Bug: 113165466
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I5d25844b161e74aa19adf19a29c56e4881aa7304
[ Merge of http://go/wvgerrit/65442 ]
This also requires the removal of sub session related code as references
were removed from the proto.
Bug: 119077124
Test: WV unit/integration tests
Change-Id: Ida1a591afc267ec97344e5bba00bbf401887a202
(This is a merge of http://go/wvgerrit/60620)
The license code handles keys larger than 16 bytes correctly, but it
does not properly reject keys smaller than 16 bytes.
This patch adds unit tests not only for the new error case but also
the existing success cases which were not previously being tested. As
part of this, license_unittest was changed to use a Test Peer instead
of making the test fixture a friend class.
Bug: 111069024
Test: CE CDM unit tests
Test: Android unit tests
Change-Id: Idb2deb6fbe0aeb19b530f9818bebff480541f5c8
Merge from Widevine repo of http://go/wvgerrit/56520
This CL adds a test base that installs a test keybox and catches nonce
flood errors for all CDM tests.
In order to do this, a new class is added called a
CryptoSessionFactory. The default factory just creates a new
CryptoSession. All places in the code that create a new CryptoSession
now call the static method MakeCryptoSession, which uses the current
factory to create a CryptoSession. If MakeCryptoSession is called and
there is no current factory, a default factory is created.
The CryptoSession constructor is now private, so that we do not
accidentally try to create one without using the factory.
For the new test base, we first create a special test
CryptoSessionFactory that creates a TestCryptoSession. The test
factory catches the first call to MakeCryptoSession and injects an
installation of the test keybox after OEMCrypto_Initialize is called.
The TestCryptoSession injects a sleep statement and a retry whenever
it detects a nonce flood.
Test: current unit tests still pass.
bug: 72354901 Fix Generic Crypto tests.
bug: 111361440 Remove #ifdef from unit tests
Change-Id: I248e7f3c53721c04d2af412ef835e19bb4d15d9a
Merge from Widevine repo of http://go/wvgerrit/43202
Sync the definition of WidevinePssh data with the latest in support of
entitlement keys.
bug: 73297961 Fix or remove sublicense support.
Test: tested as part of http://go/ag/4674759
Change-Id: Ia9faf82732854a705b4b14430169ce4c8ecbcfcd
Merge from Widevine repo of http://go/wvgerrit/47860
This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.
bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
These are a set of CLs merged from the wv cdm repo to the android repo.
* Level3 cleanup for SHA + field provision headers
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37581 ]
Moved some redundant macro and struct definitions out of hmac.cpp and
sha.cpp into a separate header file to make the build easier and
cleaner. Also cleaned up unnecessary includes and method signatures
in field_provision.h.
* Address CDM_All_Tests failures
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37580 ]
CDM engine tests for CE CDM occasionally fails when CDM_All_Tests
is run by the build server. The failures are due to a nonce generation
error. If provisioning fails due to a nonce generation error, a delay
followed by a retry will be attempted.
* Update OEMCrypto version to 13 in cdm.gyp
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37520 ]
* Use per-session service certificates for licensing
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37260 ]
These changes allow for service certificates to be specified on a
per-session basis rather than use one common to a CdmEngine instance.
This also allows for a service certificate request and response handling
when allowed on the platform, when privacy mode is enabled and a service
certificate is not provided.
Request license tests accept a service certificate command line
parameter in hex (ascii). Earlier it expected it in binary.
Bug: 68328352
* Refactor service certificate parsing
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37060 ]
Service certificates may still be set in CdmEngine but service
certificate requests and responses have been moved from CdmEngine
to ServiceCertificate. This allows them to be called from lower
in the heirarchy (a class that CdmEngine depends on).
Bug: 68328352
* Revert "C++11: Replace OVERRIDE def with override keyword"
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37020 ]
This reverts commit 2d3fb5c4c8f4cf5c986ee43723914a23cf76e8f0.
* Modified scripts/makefiles for L3 build
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37220 ]
Changed build-android-haystack.sh and make_fastball_libwvlevel3.sh
to build using the new liboemcrypto.cpp file. Also changed
makefiles to build using the new file. Renamed liboemcrypto.cc to
liboemcrypto.cpp to make it consistent across android and CE CDM. Added
static libraries that were rebuilt using this change.
* Added android implementations for Level3
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37181 ]
Moved getUniqueID and added Level3FileSystem implementations for
android. Also deleted redundant and unnecessary methods from
anroid_keybox.cpp.
* Refactored getUniqueID and updated libl3oemcrypto.cc
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37160 ]
Renamed getUniqueID header and added comments to make it clear what the
function is doing. Also removed obfuscation of the method name since it
is implemented by the partner. Updated the libl3oemcrypto.cc file to
reflect the change as well as be obfuscated.
* Moved clear_cache function out of entry_points
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37040 ]
clear_cache function is unobfuscated and relies on compiler flags to
work properly, and therefore should be removed from the
libl3oemcrypto.cpp file and linked during the final build.
* Minor gyp changes and added L3 build file
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/36480 ]
Gyp changes to cdm_unittests.gyp to make the test Level3FileSystem build
only on a level3 build and to oec_level3.gyp to be compatible with the
changes to the x86-64 platform settings changes (and to use -Wno-unused
to catch all unused warnings the libl3oemcrypto.cc might cause). This
change also includes an x86-64 libl3oemcrypto.cc so a Level3 OEMCrypto can build.
* Merge CE & Linux file system/factory + dynamic adapter changes
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/36220 ]
This CL merges the changes from
I27f5037e4fcea94abd84181f55053843b68f3e8d - it adds the CE
implementation for the file system, as well as the factory methods
needed to build the file system (and their implementations for both CE
and linux). As part of the merge, since the Linux build relies on the
dynamic adapter, that was fixed and gyp changes were made to reflect the
change.
* Cherry pick change to retrieve/save provisioning cert
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/30000 ]
This is cherry pick from level3-dev-3.3 of a merge of
I4f5dc5c216fa916e0bca0631c4ceda68859baf1d to save the
certificate for future tests with the current test host setup.
* Merged changes of usage/linux impl of L3FileSystem
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/35541 ]
This is a merge of change I15d38b3c36933d061d168e0ec30bcefd0182f32d. It
also adds a similar change in usage of L3FileSystem write for a line in
usage_table.cpp.
* Add cdm build changes for new Level3 build
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/34600 ]
Original CL: Ib611cf8a8589afa5cd25d6dc5b0aa43922cfda1e
Adds level3 oemcrypto library for static adapter. Includes changes to
gyp files to choose between oemcrypto libraries. Also includes changes
to the dynamic adapter, level3 headers, and entry_points to be
compatible with the function signature differences when using the
static adapter.
* Merge OEMCrypto Level3FileSystem interface
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/34541 ]
This merges in the interface for the Level3FileSystem object from
level3_dev_3.3 as well as the linux implementation. Furthermore, this
merge includes changes in properties and gyp files to allow compilation.
The associated changes are I3f1c58f0e3782de0669a96725a38673a26cc1a49,
I9fb2d10b0f966896bea685166c6b6b2e33c995dd, and
I4c87a5412a8a022fa9cfba43f33bd4d683e61536.
* Merged misc. changes to Level3 files
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/33303 ]
Continuation of I03d3aa1a308f2f010dcb6f5e15f927e81e42925b. These changes
are miscellaneous changes from level3-dev-3.3 involving include
statements, Caligo compatibility, and new Level3 signatures from changes
Ibc5befd492b295970e839f3481e2b512b52dcb08 and
If599e62c72b5eb40c53633cd72a4d20dc859ee52.
* Merged change involving getUniqueId()
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/33302 ]
This is a merge from level3-dev-3.3. This change
(Ibc5befd492b295970e839f3481e2b512b52dcb08) involves
separating out the method getUniqueId() from the linux_ and
android_keybox.cpp. This was done so that clients can
supply the necessary implementation for the method.
* Merged needle file changes from level3-dev-3.3
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/33301 ]
Continuation of I3dbf34bab526945720280f819dd3212ae982d2f7. These are
changes (Ibc5befd492b295970e839f3481e2b512b52dcb08) involving the
compiled needles for Haystack. Major changes include function signature
changes, adding non-state needles automatically, and include statements.
* Merged keybox/usage table access and function sigs
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/33300 ]
These are changes from level3-dev-3.3. They involve changing function
signatures/include files for the new Haystack runtime
(Ibc5befd492b295970e839f3481e2b512b52dcb08). They are also
related to change I0285e6d85e80b06b7df1ed298cd1145a6c9c4842. Keybox and
usage table file names are replaced with constant needles. Furthermore,
a state needle was added that removes the OldUsageTable file. In
addition, this CL includes removals of method references that are now
stale due to the introduction of change
I9fb2d10b0f966896bea685166c6b6b2e33c995dd.
* Android unit test build fixes
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37380 ]
Removed crypto_session_unittest from build script (introduced
in http://go/wvgerrit/32824), since crypto_session.cpp requires
some changes to be merged over from oc-mr1-dev (b/64456400).
Added oemcrypto_session_tests_helper.cpp to the oemcrypto test
makefile so the oemcrypto unit tests can link in the
methods from the refactor in http://go/wvgerrit/36562.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I7e45901a151e51da96d192d359edddc5fe74946e
These are a set of CLs merged from the wv cdm repo to the android repo.
* Make Android NDK Builds Work With Latest BoringSSL
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37000 ]
The latest updates to BoringSSL require C99 or later. Our NDK-based
builds (OEMCrypto Variants & Fastball) were not specifying a C standard.
This patch adds compiler flags so that C files are compiled as C11 now.
Note that this is about the *C* standard in use, not the *C++* standard,
which this patch leaves untouched.
BUG: 67907873
Test: build_android_mock.sh
* Update BoringSSL to f7412cb072cc6b1847140e0c4f8b3ceeccd0e708
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36761 ]
This is the result of running UPDATE_BORINGSSL.sh. Future runs of this
script should produce much smaller sets of changed files, but because
the BoringSSL revision already in this directory was so old and
contained many extraneous files from the Android operating system, the
set of changed files is extensive this time.
BUG: 67907873
* Refactoring the build files.
Author: Vasantha Rao Polipelli <vasanthap@google.com>
[ Merge of http://go/wvgerrit/37041 ]
Move all common build dependencies to .gypi so that all fuzz test
binary targets can be added to .gyp file without repeating code.
* Introduce service certificate request property
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36941 ]
Platforms differ on whether they allows service certificates to be
requested if privacy mode is enabled and a certificate is not present.
This property allows behavior to be configurable.
Generating the service certificate request will be introduced
in a follow on CL.
BUG: 68328352
* Deprecate using keyboxes as identification
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36740 ]
Previously some platforms supported using keyboxes rather than
certificates as the identification tokens in the license request
message. All platforms that share core CDM code of the master branch now
either provision using a keybox and use a DRM certificate or an
OEM certificate as identification. No future usage of keyboxes
as identifying tokens is planned.
Since the platform property use_certificates_as_identification
is always set to true, the negative code paths are never taken and
can be removed.
* OEMCrypto_GenerateSignature API Fuzz Test.
Author: Vasantha Rao Polipelli <vasanthap@google.com>
[ Merge of http://go/wvgerrit/36863 ]
- The first automated API fuzz test.
- Also sumitting the corpus for the API fuzzed.
* Add Script to Update BoringSSL from Source
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36760 ]
Adds a script to third_party/boringssl/ that, when run, deletes all the
auto-generated files in the generated/ directory and regenerates them
from scratch, starting from the latest public HEAD of BoringSSL.
Bug: 67907873
* Fix Fastball / OEMCrypto Variant BoringSSL Makefiles
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36926 ]
Previously, when moving the BoringSSL source within the tree, I was not
able to verify that I had not broken the NDK-compatible makefiles used
by Fastball because that build is broken on master. I had to make a
best-guess as to how they should be updated and hope.
Now, however, I have been informed that the OEMCrypto Variants also use
these makefiles, and I have been able to use that build to find where I
broke them and get them fully working.
Bug: 67386164
Test: build_android_mock.sh
* Add kit/ to BoringSSL Include Path for Fastball & OEMCrypto Variants
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36925 ]
When I moved the BoringSSL source in the tree, I updated the Android.mk
files that pointed to it in order to build it. I did not realize that
some makefiles outside that directory also contained hardcoded pointers
into that directory. These references broke after the move. This patch
fixes those paths to point to the new BoringSSL location.
Bug: 67386164
Test: build_android_mock.sh
* OEMCrypto Unit Test Refactor.
Author: Vasantha Rao Polipelli <vasanthap@google.com>
[ Merge of http://go/wvgerrit/36562 ]
Refactoring OEMCrypto Tests so the Session Utility test code can be reused in fuzz tests.
* Reorder license server config table to match ids
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36743 ]
* Separate Hand-Written BoringSSL Files from Downloaded/Generated Ones
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36561 ]
I want to make updating BoringSSL as simple as possible for us going
forward. A future commit will add a script that automatically downloads
and sets up the latest version of BoringSSL. To facilitate this script,
a clear distinction needs to be made between the files that can be
downloaded with / regenerated from the BoringSSL source and the files
that are maintained by us by hand.
The version of BoringSSL in this change is exactly the same as the one
already in this directory. It has just been moved one folder deeper.
Bug: 67907873
* Remove BoringSSL Symlinks, They Are Confusing Gerrit
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/36560 ]
There are some symlinks in the current copy of BoringSSL that are
causing headaches when I try to upload future changes to Gerrit. These
were inherited from the Android OS and are not used by our build
anywhere. They would be wiped out when I update BoringSSL anyway, but
wiping them out in a separate change before I upload any other changes
avoids confusing Gerrit.
Bug: 67907873
* Add group master key id to support sublicense master
key rotation, and content identification.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36180 ]
* OEMCrypto Fuzzer test framework
Author: Vasantha Rao Polipelli <vasanthap@google.com>
[ Merge of http://go/wvgerrit/36280 ]
- Adding a sample fuzz test.
- Adding build scripts for building the new Fuzz Tests to come.
Design doc: go/oemcrypt_ref_impl_fuzz
* Build Mod Mock with C++ 11
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/36328 ]
This should fix the android oemcrypto mock build:
http://go/wvbuild/job/Android_OEMCrypto_Variants
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: Ic4d5be3118ef97e3f7d386149a2b5d9be8f0a87e
These are a set of CLs merged from the wv cdm repo to the android
repo.
* Android build fixes
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36322 ]
* Address android compilation errors and warnings
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36300 ]
* Gyp cleanup and OpenSSL v10.1 support.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/36001 ]
OpenSSL 10.1 has a small number of incompatible changes.
A desktop system upgrade exposed some issue in the build scripts.
Specifically, the linux build was using both third_party/protobufs (2.6.1)
and the version installed on the system (3.0 in this case). The linux
cdm.gyp depended on cdm/cdm.gyp which caused that plus some
additional issues.
These changes are necessary to support g++ version:
g++ (Debian 6.3.0-18) 6.3.0 20170516
Also did some cosmetic rework on run_current_tests to make it easier
to figure out what is going on when something fails.
Also tweaked some of the compiler settings for g++ support (revisit
this later).
* Refactored Service Certificate encryption to allow encryption of arbitrary data.
Author: Thomas Inskip <tinskip@google.com>
[ Merge of http://go/wvgerrit/36141 ]
* Send cdm test requests to UAT.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36221 ]
This change resolves the all of the
CdmDecryptTest/CdmTestWithDecryptParam.DecryptToClearBuffer
tests.
The license servers will return different keys and keyids.
Sending the request to staging returned key ids and keys that were
not matching what was expected in the unit tests.
* Fix for building L3 OEMCrypto with clang and libc++
Author: yucliu <yucliu@google.com>
[ Merge of http://go/wvgerrit/35740 ]
1. Include <time.h> for time(time_t*).
2. Create endian check union on stack. Clang may create const union
somewhere else, which may cause crash.
* Remove error result when a sublicense session does
not exist. This is not considered an error.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36080 ]
* Set default mock handler for GetSupportedCertificateTypes
for all unit tests and removed the use of StrictMock from
MockCryptoSession.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/35922 ]
The handler for this was only set for one test and resulted
in a number of failures.
* Set default handler for GetHdcpCapabilities. For
now the default action is to call the real
GetHdcpCapabilities of crypto_session.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/36140 ]
I also changed the mock to a NiceMock to silence
responses to unexpected calls to GetHdcpCapabilities.
The default handler can be overridden as needed in
the individual tests.
This resolves the policy engine test failures.
* Finalize merge of cdm_partner_3.4 to master.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/35360 ]
This is the final set of updates to merge all v3.4.1
changes into master.
* Embedded license: Sublicense rotation.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/35360 ]
Handle sublicense rotation event.
* Embedded license: Initial license phase.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/34280 ]
Initial license phase - key loading subsession.
* Embedded license: generate session data.
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/33722 ]
Generate session data and add it to the license request for
any embedded license material.
* Resolve missing symbol when building cd-cdm
Author: Jeff Fore <jfore@google.com>
[ Merge of http://go/wvgerrit/35840 ]
* C++11: Replace OVERRIDE def with override keyword
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/35400 ]
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I37d0cb17f255ac6389030047d616ad69f895748c
These are a set of CLs merged from the wv cdm repo to the android repo.
* Update service certificate.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28065 ]
The updated service certificate fixes a number of failing tests.
There are still some that fail, apparently due to mismatches
with key set IDs and usage tables.
Also updated QA server URL to point to QA proxy (although neither
can be used by this client).
Also fixed segfault in CdmTest.ListUsageRecords.
* Add CDM APIs for Handling Service Certificates.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28064 ]
The responsibility for managing Service Certificates has been moved
out of the CDM. Instead, provide CDM and CdmEngine methods to generate
a service certificate request message, and handle a service certificate
response. The API client can use these calls if it needs to get the
service certificate from the License Server.
These functions assume the request and response are base64 (web-safe)
encoded (see b/37481392). Not all servers are operating this way yet.
Any adaptations for non-compliant servers is handled outside the CDM.
See test WvCdmEnginePreProvTest::ServiceCertificateRequestResponse in
cdm_engine_test.cpp for an example of this.
These changes also eliminate the stored init_data and deferred
license type which were used to perform a service certificate request
during a license request.
* Fix and rename ClosesSessionWithoutReturningError test.
Author: Edwin Wong <edwinwong@google.com>
[ Merge of http://go/wvgerrit/27880 ]
ClosesSessionWithoutReturningError should not check for
Status::OK since it is expecting an error code back.
The test is renamed to ClosesSessionWithError.
Test: libwvdrmdrmplugin_hidl_test
BUG: 62205215
* Get rid of default service certificate.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27981 ]
Instead, we need at least two service certs - one for the QA/Test
servers, and one for UAT (and prod?)
There are still some issues around the signature verififcation
of the service cert, and in license_unittest.cpp, the use
of the default service cert has been commented out. I don't know
why this test needs a service cert. If it really does, then the
same mechanism that is used elsewhere for selecting a specific
server type will be needed here.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: Ieab815fb202c809ad5714cd0364c4bdfa068f77d
Below are a set of CLs being merged from the wv cdm repo to the android repo.
* Fix handling of OEM Cert public key.
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/27921 ]
This is a potential fix for b/36656190. Set aside public
key on first call to get the public key, and use it afterwards.
This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(),
which has side-effect of staging the OEM private key.
This also fixes a problem where the public cert string was
not being trimmed to match the size returned by
OEMCrypto_GetOEMPublicCertificate().
* Complete provisioning request/response for Provisioning 3.0
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Fix bug on provisioning request path where GenerateDerivedKeys()
was being called when preparing to generate the signature.
Add message signature verification, and call correct OEMCrypto
routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30).
* Implement Cdm::deleteAllUsageRecords()
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Delete all usage records for current origin. Removes usage
records from file system and retains the PSTs. The deletes
any usage entries matching those PSTs held by OEMCrypto.
BUG: 35319024
* Remove stringencoders library from third_party.
Author: Jacob Trimble <modmaker@google.com>
[ Merge of http://go/wvgerrit/27585 ]
We have a fork of the stringencoders library that we use for base64
encoding. This reimplements base64 encoding to remove the extra
dependency and to reduce the amount of code.
* Add Cdm::deleteUsageRecord() based on key_set_id.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27605 ]
Delete specified usage record from file system usage info and
from OEMCrypto.
BUG: 35319024
* Modifiable OEMCrypto
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/24729 ]
This CL adds a new variant of the OEMCrypto mock code that adjusts its
behavior based on a configuration file. This is intended for
testing.
For example, a tester can set current_hdcp to 2 in the options.txt
file, push it to the device, and verify that a license is granted for
HDCP 2.0. Then the tester can edit the value of current_hdcp to 1 and
push the file to the device. Playback should stop because the license
is no longer valid.
This variant uses a real level 1 liboemcrypto.so to push data to a
secure buffer. That means we can test playback for a license that
requires secure buffers on an Android device with real secure buffers.
BUG: 35141278
BUG: 37353534
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I58443c510919e992bb455192e70373490a00e2b6
[ Merge of http://go/wvgerrit/23360 ]
Service Certificates are used in two places, provisioning and
licensing. The service certificate code depended on a session_id
to get and set the service certificate properties, but the session_id
was not available in the provisioning path.
This patch pulls out the property lookup by session_id dependency,
and passes the CdmImpl's property_set into the provisioning code, so
the service certificate can be read and written there.
Bug: 62972441
Test: WV unit/integration tests. This introduces three test failures
* WvCdmRequestLicenseTest.PrivacyModeWithServiceCertificateTest
* Cdm/WvCdmStreamingLicenseRenewalTest.WithClientId/4
* Cdm/WvCdmOfflineLicenseReleaseTest.WithClientId/3
Change-Id: I6e9d4e23a9e7e81a63a994db8ec0b443893449a6
Bug: 36220619
BUG: 64071905
Test: Re-ran existing unit tests. Ran GTS tests. Tested with Google Play.
Change-Id: I79ddc8ed3290e6d74364cf96305054e55243c5ff
This change is the complete Widevine metrics system. It will
measure and record runtime information about what is happening
in the CDM - such as errors and throughput.
Bug: 33745339
Bug: 26027857
Change-Id: Ic9a82074f1e2b72c72d751b235f8ae361232787d
(This is a merge of go/wvgerrit/23154)
This patch updates the ClientCapabilities protobuf to match the latest
on the server side and adds plumbing to the provisioning request
process so that devices can report whether they like big certs.
Their capacity to lie remains untested.
Bug: 34076937
Test: license_unittest
Change-Id: I3bcc9f1741146953d8bc0ff3d7d2305e7ac2c118
[ Merge of http://go/wvgerrit/22900 ]
Add GetClientToken(), GetProvisioningToken(), GetPreProvisionTokenType()
to CryptoSession. They return the correct token bytes and token type
for preparing the ClientIdentification message for provisioning and
license server transactions.
Also refactor service certificate handling.
OEM certs are introduced in Provisioning 3.0
b/30811184
* Address build breaks
[ Merge of http://go/wvgerrit/23162 ]
This addresses issues introduced by http://go/wvgerrit/22900
b/30811184
* When http://go/wvgerrit/18012 was merged (ag/1446934) some changes
were not merged for mapErrors-inl.h. These changes are included in this CL.
* When ag/1678104 was reverse merged to http//go/wvgerrit/21981/ a variable
was renamed and some comments were added to add clarity in cdm_engine.cpp.
These changes are included in this CL.
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: Ie0215509f2f985f2a610f5a4c865db47edec8662
* CDM license protocol updates
[ Merge of http://go/wvgerrit/22789 ]
No functional changes (yet) - all tests in widevine_ce_cdm_unittest
run successfully.
* Address android test build failures
[ Merge of http://go/wvgerrit/22983 ]
Updates to the license_protocol.proto in go/wvgerrit/22789
did not include the integration tests for android.
b/34202048
Test: Reran unittests. All tests other than some oemcrypto,
request_license_test passed. Those tests failed with or without this CL.
Change-Id: Ib9041d397187859b8fcbc1b1f7d275f8c4ef6aba
* Fix strict aliasing error in gcc
[ Merge of http://go/wvgerrit/15856 ]
This also ensures the alignment of 64-bit memory access in a portable
way, without using compiler-specific mechanisms like attributes or
platform-specific mechanisms like memalign.
(The aliasing error does not show up in clang.)
* Return kNotSupported for non-Widevine init data
[ Merge of http://go/wvgerrit/15853 ]
This also improves logging for the init data parser by including a
verbose message for non-Widevine PSSHs and by using a new IsEOF()
method to avoid misleading "Unable to read atom size" logs.
* Cast RSA_size() to int
[ Merge of http://go/wvgerrit/15880 ]
It has been suggested that this may be unsigned on some versions of
OpenSSL or BoringSSL.
* Be strict about warnings for CE CDM
[ Merge of http://go/wvgerrit/15831 ]
* Enable all warnings and treat warnings as errors in the CE build.
* Fix all existing warnings (mostly unused variables, consts, and
functions, and one signed/unsigned comparison).
* Exclude protobuf warnings rather than maintain a divergent copy.
* Fix release build errors
[ Merge of http://go/wvgerrit/15855 ]
* Level 3 Build With Android Emulator
[ Merge of http://go/wvgerrit/15778 ]
This CL rebuilds the level 3 libraries with the android emulator
sdk_phone_*. This seems to avoid problems with the x86 build using
incorrect compiler flags.
These libraries work for arm, x86, mips, arm64, and x86_64. The level
3 library is disabled for mips64.
Versions:
level3/mips/libwvlevel3.a Level3 Library Sep 30 2015 18:29:50
level3/arm/libwvlevel3.a Level3 Library Sep 28 2015 13:18:25
level3/x86/libwvlevel3.a Level3 Library Sep 28 2015 13:08:28
Change-Id: I1e50aa78bdc84ecb905f2e55297d4f48b140341c
* Extend CdmLicense's stored_init_data_
[ Merge of http://go/wvgerrit/14661 ]
CdmLicense will store init data when a server cert must be
provisioned. After provisioning, the original init data can be used
to generate the originally-intended license request.
To do this before, the caller had to call CdmSession's
GenerateKeyRequest with an empty InitializationData object. However,
the init data's type still had to be set, as did the license type.
This CL allows the caller to use a truly empty InitializationData
without a type. To permit this, CdmLicense now stores a full
InitializationData object, rather than just a copy of it's data field.
With this CL, the caller also avoid storing the original license type.
To accomplish this, CdmSession uses the already-set is_offline_ and
is_release_ flags from the original call to reconstruct the intended
license type. The caller uses the new type kLicenseTypeDeferred.
To facilitate storing whole InitializationData objects, they are now
copyable.
This ultimately simplifies server cert code for the new CE CDM.
* Store service certs in Properties
[ Merge of http://go/wvgerrit/14664 ]
This allows CE devices to mimic the Chrome CDM's behavior of sharing
server certs between sessions.
This also affects Android behavior. Previously, provisioned service
certificates were per-session, while explicitly-set service certs
were per-DRM-plugin. Now, both are per-DRM-plugin.
A DRM plugin is associated with a mediaDrm object. Content
providers will still be able to retrieve and use different
certificates. The change here requires an app, that wishes to use
different provisioned service certificates will have to use
multiple mediaDrm objects. This is an unlikely scenario.
Change-Id: If2586932784ed046ecab72b5720ff30547e84b97
* Reject session clobbering.
[ Merge of http://go/wvgerrit/14634 ]
This fixes a bug in I17de92b3e682c9c731f755e69466bdae7f560393 in which
sessions can be clobbered by a forced session ID. This bug manifested
in subtle test failures which involved repeatedly creating sessions.
This was traced to OEMCrypto not being terminated, then upward to a
leaked CryptoSession and CdmSession, and then finally to clobbered
session IDs.
To avoid the bug in future, first, reject duplicate session IDs.
Second, change the OpenSession API to make forced IDs explicit.
* Fix unit test namespaces.
[ Merge of http://go/wvgerrit/14622 ]
This fixes some odd errors that occur when linking multiple test
suites into one executable. When two object files both contain
a definition of wvcdm::MockCryptoSession, for example, one will win
silently and cause the other's tests to misbehave and/or crash.
The solution is to put all mocks into an anonymous namespace, since
each wvcdm::(anonymous)::MockCryptoSession is separate.
In order to avoid lots of repetitions of wvcdm:: in the anonymous
namespaces, all anonymous namespaces in unit tests now live inside
or the wvcdm namespace. This has been done even for tests which
are not currently using mocks.
* Move timer and timer_unittest to Android.
[ Merge of http://go/wvgerrit/14619 ]
These are not used anywhere else.
Change-Id: I234f31e9b5c79061205728783596ebaff65e0aff
This is a merge of http://go/wvgerrit/13751 from the widevine
repository.
The CryptoSession had an enumeration for HDCP levels that was copied
from OEMCryptoCENC.h by hand. Since that header is included, there is
no need to have two enumerations.
b/16303994
Change-Id: Ief16ba62163776f9ca80375f3638ef4c7770e742
