Merge from master branch of Widevine repo of http://go/wvgerrit/66066
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63628
The error code OEMCrypto_KEY_NOT_LOADED is redundant with
OEMCrypto_ERROR_NO_CONTENT_KEY and OEMCrypto_KEY_NOT_ENTITLED. The
function LoadEntitledContentKey should return KEY_NOT_ENTITLED if it
does not find the corresponding entitlement key in its key table. All
other functions that do not find a key id in the key table should
return OEMCrypto_ERROR_NO_CONTENT_KEY. This includes QueryKeyControl,
SelectKey, and RefreshKeys.
Test: unit tests
Test: tested as part of http://go/ag/5501993
Bug: 115574797
Change-Id: Ida2111f32e331b99f3f0c77fa404a42654d0870c
Merge from master branch of Widevine repo of http://go/wvgerrit/66065
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63080
This is for the reference code, the unit tests, and the oemcrypto adapter.
Bug: 116414218
Test: unit tests
Test: tested as part of http://go/ag/5501993
Change-Id: I05a631f6cfcf1584a748b3a0c9ae48633893589f
Merge from master branch of Widevine repo of http://go/wvgerrit/66064
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63063
This is in the reference code for OEMCrypto, and in the unit tetss.
Bug: 111939411
Test: unit tests
Test: tested as part of http://go/ag/5501993
Change-Id: I2cc2e7028f62d1c375eb632452eef94566fa9ae3
Merge from Widevine repo of http://go/wvgerrit/65922
This CL puts the old 4121 test keybox back into the unit and android
integration tests so that we can run tests on a device with OEMCrypto v13.
This change should not be released, and should not be included in CE CDM. It
should be removed once we have more test devices with v14 or v15.
Bug: 119313532
Bug: 119316243
Test: unit tests
Test: tested as part of http://go/ag/5501993
Change-Id: If6a459e11176e07c66fbe6fc45c63d87595a20dc
(This is a merge of http://go/wvgerrit/65782)
We have had our own scoped_ptr implementation that is used throughout
the codebase. Now that we support C++11, we can replace these with
std::unique_ptr.
Doing this replacement exposed a few places where the two were not
interchangeable. OEMCrypto Ref was doing some unsafe things with passing
scoped_ptrs to functions and has been updated to use move semantics. And
a few constructors were explicitly constructing a scoped_ptr with NULL,
which is ambiguous with std::unique_ptr. These have been replaced with
default constructor calls.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I37d6d7aad4906709381c74f0c5439f826d2be768
(This is a merge of http://go/wvgerrit/65783)
Straightforward patch to replace our shared_ptr implementation with
std::shared_ptr, which works identically for all our use cases.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I9e8624dd3cab70a45941a45eb553c1ea0c077d2f
(This is a merge of http://go/wvgerrit/65264)
Now that we have C++11, we can remove Android's hand-rolled UniquePtr in
favor of std::unique_ptr.
Bug: 111851141
Test: Android Unit Tests
Change-Id: I96c2015aa2422da66a4bcbefb927dacc5f6e782f
(This is a merge of http://go/wvgerrit/65263)
Now that C++11 is mandatory, we can drop the OVERRIDE macro which was
inconsistently used in the codebase in favor of using the override
keyword directly.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Build
Change-Id: I0b7559624b84feb19740afd63463dadd243412b0
[ Merge of http://go/wvgerrit/66002 ]
Client authentication was needed when licenses were requested from
the Play movies license service. For UAT/staging client authentication
is set to the empty string.
The play movies license service has not been used recently for testing.
Also, client authentication has not been supported as one of the
command line arguments. This was even before the command line parameters
were consolidated in TestBase.
Since it is not possible to specify client authentication on the
command line, the configured(default) value is always used.
This CL will remove code in the test to check if it has
been specified on the command line. It can be added back later,
if we decide to support client authentication as an option.
b/119221644
Test: WV unit/integration tests
Change-Id: I4a7fab5ec27b4897c9a73bd3ff34615d8ae11c28
Bug: b/117897682
Test: unit tests
Merge of http://go/wvgerrit/65223
Gtest setup does not call the base class' setup if it's defined in the
derived class. As a result, the WvCdmEngineTests were not installing the
test root of trusts in the OEMCrypto, which leads to segfaults when
using a key derived from the root of trust when a real root of trust
doesn't exist. The test class' setup is changed to use its base class'
methods, and logging is added to handle empty derived keys.
Change-Id: Ia574c4ade48206d771d6079fb3b67ccd7653428c
[ Merge of http://go/ag/5334065 and http://go/wvgerrit/65122 ]
Sessions were not being correctly released when CloseCdm() was called.
Broadcom noticed this issue and proposed the fix.
Bug: 117876077
Test: WV unit/integration tests, GtsMediaTestCases and playback tests
Change-Id: I8800744f2396f0955c76d5f3e187a69fe04330f6
[ Merge of http://go/wvgerrit/64682 ]
Looks like we do not delete control_block_
Bug: 117126556
Test: WV unit/integration tests
Change-Id: If0b4db163276bbf016bb81ed7e8ef56fa66ea30e
(This is a merge of http://go/wvgerrit/62780)
The EME spec requires that it be possible to do the following flow:
1) Generate a release request for a persistent session.
2) Close the session.
3) Load the persistent session.
4) Update the session with the release response.
This flow is used by Netflix in their API as well. However, our code did
not support this flow, as it rejected attempts to reload
partially-released sessions.
This patch changes attempts to load sessions that have already had
release messages generated into release-retry reloads, allowing them to
be released.
Bug: 113167010
Test: CE CDM Unit Tests
Test: Android CDM Unit Tests
Change-Id: I75bb7c75911e0fad1584bd8dd27f83c17f73bf45
(This is a merge of http://go/wvgerrit/60620)
The license code handles keys larger than 16 bytes correctly, but it
does not properly reject keys smaller than 16 bytes.
This patch adds unit tests not only for the new error case but also
the existing success cases which were not previously being tested. As
part of this, license_unittest was changed to use a Test Peer instead
of making the test fixture a friend class.
Bug: 111069024
Test: CE CDM unit tests
Test: Android unit tests
Change-Id: Idb2deb6fbe0aeb19b530f9818bebff480541f5c8
This log message was printed if initialization data was
not provided, which is actually not an error condition.
bug:116045153
Change-Id: I5597286ddf33d5b6c17f69f9a6a7cdba469b46b6
[ Merge of http://go/wvgerrit/60240 ]
Since the method is not a general purpose check and only verifies that
the key can be used for a given security level the method
has been renamed PolicyEngine::CanUseKeyForSecurityLevel.
Bug: 115701771
Test: WV unit/integration tests
Change-Id: Icd6789538bb709d2a48c67bbd7bc810f4b000e14
[ Merge of http://go/wvgerrit/54880 ]
Sending clear subsamples but filtering out encrypted ones,
before the keys have been loaded, causes problems during decode.
This is because subsamples that contain the first and last
subsample flags may be filtered out.
Clear subsamples that have first and last subsample flags set
will still be allowed to be passed to the decoder.
Bug: 110251447
Bug: 73447733
Test: WV Unit/integration tests.
Change-Id: I8c91c88f6313ad7b7b21c1c95e4c5787381949c1
Merge from Widevine repo of http://go/wvgerrit/55462
Instead of calling dlclose on liboemcrypto.so after each terminate,
this CL keeps the library loaded. Although the original bug
b/72831885 has been fixed, there is still some lingering worry about
possible hard-to-find resource leaks in dlclose.
For more context, see the discussion around the original bug
b/72831885. The fix that closed this bug has more discussion:
https://boringssl-review.googlesource.com/c/boringssl/+/25784 In
particular, we only fixed a known resource leak in boringssl, not in
any other libraries, and we added a patch that the borringssl team was
not very happy to include because it was not very thread safe.
bug: http://b/72831885 d2i_PKCS8_PRIV_KEY_INFO_bio returns null
test: unit tests on taimen.
Change-Id: I73b5e69bf300e03fe567b8e7e1d8e0e08b6bca37
Merge from Widevine repo of http://go/wvgerrit/59700
This CL sets the environment variable MODEL_NAME to be the current
unit test. When running on a test platform, this environment variable
is used in the license request as model_name.
test: unit tests.
bug: 38004627
Change-Id: I347c5cec35942d68285cc01615b976097f37d214
Merge from Widevine repo of http://go/wvgerrit/55461
This CL allows provisioning 3.0 devices to install their OEM certs
from an initialization partition. This method is already used for
keyboxes on Android -- we are just adding the ability to use it for
OEM certs, also.
Also, for v15, we require OEMCrypto to report a valid certificate in
the unit tests.
bug: 111725154
test: unit tests
Change-Id: I142c84a1a67bdb4cee943cfd12a632421901eb24
Merge from Widevine repo of http://go/wvgerrit/57720
Now that we have oemcrypto mock split into reference and testbed code, it is
time to remove the part of testbed that is an exact copy of the reference code
and just use the reference code.
Test: unit tests
Bug: 76393338
Change-Id: I3831a3f0118221c21ff1c28e6b6101b27b889012
Merge from Widevine repo of http://go/wvgerrit/56523
In OEMCrypto v14, SelectKey can also return KEY_NOT_LOADED if the key
id is not found. This was added to help with entitlement licenses.
However, SelectKey in crypto session converts this to an unknown
error.
In this CL we change that to a NO_CONTENT_KEY_3 error. This is
probably only important because the generic crypto tests expect
NO_CONTENT_KEY_3 when we try to use an undefined key.
Test: existing unit tests pass, and some future unit tests pass.
Bug: 72354901 Turn on generic crypto tests
Change-Id: I3c0b7e6306cafd3feabc8aac7e47983c89194a26
Merge from Widevine repo of http://go/wvgerrit/56522
This CL moves provisioning from core/test/cdm_engine_test.cpp to
test_base.cpp because other tests should also only be run when the
device has been provisioned.
It also adds a fake license server. The license holder helps a test
create a license request and then generates a bare-bones license,
without actually sending anything to a real license server.
Test: more unit tests pass than before.
Bug: 72354901 Fix Generic Crypto tests.
Change-Id: Iec067a6a1fb91fa8fd7b904fdf36e90981e293a3
Merge from Widevine repo of http://go/wvgerrit/56521
This CL adds a common main routine for integration tests. It sets a
default test configuration for the provisioning and license server
urls and certificates, and allows the user to set them on the command
line.
Test: current unit tests still pass.
Bug: 72354901 Fix Generic Crypto tests.
Change-Id: I604a3d9e15d50da5041794624c4571c0dcb091f5
Merge from Widevine repo of http://go/wvgerrit/56520
This CL adds a test base that installs a test keybox and catches nonce
flood errors for all CDM tests.
In order to do this, a new class is added called a
CryptoSessionFactory. The default factory just creates a new
CryptoSession. All places in the code that create a new CryptoSession
now call the static method MakeCryptoSession, which uses the current
factory to create a CryptoSession. If MakeCryptoSession is called and
there is no current factory, a default factory is created.
The CryptoSession constructor is now private, so that we do not
accidentally try to create one without using the factory.
For the new test base, we first create a special test
CryptoSessionFactory that creates a TestCryptoSession. The test
factory catches the first call to MakeCryptoSession and injects an
installation of the test keybox after OEMCrypto_Initialize is called.
The TestCryptoSession injects a sleep statement and a retry whenever
it detects a nonce flood.
Test: current unit tests still pass.
bug: 72354901 Fix Generic Crypto tests.
bug: 111361440 Remove #ifdef from unit tests
Change-Id: I248e7f3c53721c04d2af412ef835e19bb4d15d9a
Merge from Widevine repo of http://go/wvgerrit/55620
There were two places that explicitly referenced BoringSSL instead of
OpenSSL. (Not counting, of course, all the BoringSSL functions and
headers that still have "OpenSSL" in their names.) This change fixes one
to mention either library and the other to specifically mention
BoringSSL.
Bug: 70636815
Test: CE CDM Unit Tests
Change-Id: I8703e1c427c66953fcc565a4f8f85093c7180f46
Merge from Widevine repo of http://go/wvgerrit/56760
This CL backs out one restriction added in http://go/wvgerrit/42941.
In that CL, a sample would not be processed if the policy engine says
the key cannot be used for a given security level. The change relaxes
the check and does not run the verification if the sample is clear.
Bug: 112113797
Bug: 115758660
Test: GTS tests. Unit tests. Verified Play movies and Netflix.
Test: version number unit tests fail as expected.
Change-Id: I5238745c3d3d7f0eb7fae203f4579e8df4d0681b
Merge from Widevine repo of http://go/wvgerrit/56540
The pssh in request_license_test had the wrong size field.
Test: tested as part of http://go/ag/4674759
Change-Id: I6fed0fc8d11aec0a360d300e500a4ef62b658dad
This CL cleans up some bad merges of client ID code, entitlement keys,
and concurrent session access. After this CL, core cdm code on
android should match that on widevine at the commit 2f916720 on branch
master.
CLs merged here are based on:
http://go/wvgerrit/50483 Protect sessions from concurrent access
http://go/wvgerrit/48860 Remove duplicate information from client identification
http://go/wvgerrit/49040 Revert revertion of Client ID Expansion
http://go/wvgerrit/46448 Test Entitlement Licenses
Test: tested as part of http://go/ag/4674759
Change-Id: I45854d6b034c247b16073a96d6ff3ea953ded3ae
There were some mistakes in previous merges from pi-dev to master in
whitespace and copyright notices. This fixes them.
Test: tested as part of http://go/ag/4674759
Change-Id: Iae46c121de59233b62925a4d8c97f2b370e3e7f1
Some of http://go/wvgerrit/46251 from Widevine repo.
The rest was merged in the oemcrypto refactor.
When we standardized on BoringSSL, these conditional compilations that
had been added as a stopgap for OpenSSL became unneeded. However, they
were not noticed and removed at the time.
Bug: 72459799
Test: CE CDM Unit Tests
Test: tested as part of http://go/ag/4674759
Change-Id: I693f691ffcb255e03660edaa6743cd0fb9ef12c6
Merge from Widevine repo of http://go/wvgerrit/45940
Since the Level 3 OEMCrypto is being updated to Provisioning 3.0, its
SPOID would be derived from its OEM Certificate, breaking backwards
compatibility. This CL changes how we determine what unique id to use
for SPOIDs by checking to see if OEMCrypto_GetDeviceID is implemented,
and if so, using the id returned from that call. If not and the root
of trust is an OEM Cert, we continue to use that OEM Cert.
This allows Level 3 devices to keep the same SPOID when they undergo a
field update to Provisioning 3.0.
Also, the Level 3 OEMCrypto will share a single OEM certificate across
all devices with the same architecture. Since the OEM Cert is not
unique, it cannot be used to derive a unique id. By using the unique
id returned by OEMCrypto_GetDeviceID, we can generate a unique SPOID.
The id from OEMCrypto_GetDeviceID has always been required to be
unique for devices with keyboxes. The functionality and use of this
function for Provisioning 3.0 devices was introduced in OEMCrypto API
version 14.1.
Test: tested as part of http://go/ag/4674759
Change-Id: I65af8246c9312c75c570a2d518caa3de633007c4
Merge from Widevine repo of http://go/wvgerrit/48841
This test is not providing value to the CDM, as it seems to exist
primarily to validate server behavior. However, it is not doing what
it says it is (the request is rejected because it is using unparseable
garbage data, not because its key ID is unknown) and according to
tinskip@, the behavior it claims to be testing is not valid. (The
licensing service will not fail just because the key ID is unknown.
Indeed, if the test data is fixed to use a valid payload with an
unknown key ID, the test fails because the server does not.)
Bug: 78640287
Test: CE CDM Unit Tests
Test: Android Unit Tests
Test: tested as part of http://go/ag/4674759
Change-Id: Idfcff15ab3d15fdfb6eb111b5dff68aa5a23fb37
Merge from Widevine repo of http://go/wvgerrit/50560
There were some compiler warnings about converting true and false to
integers in EXPECT_EQ which were solved by using EXPECT_TRUE and
EXPECT_FALSE.
Test: tested as part of http://go/ag/4674759
Change-Id: Ie55b53ce48301af64ee2dff04642cbda02c1c41e
Merge from Widevine repo of http://go/wvgerrit/43202
Sync the definition of WidevinePssh data with the latest in support of
entitlement keys.
bug: 73297961 Fix or remove sublicense support.
Test: tested as part of http://go/ag/4674759
Change-Id: Ia9faf82732854a705b4b14430169ce4c8ecbcfcd
Merge from Widevine repo of http://go/wvgerrit/53883
Note: this CL does not modify license_key_status.cpp because the
previous CL already included those changes.
OEMCrypto v14 only supports one entitled key per entitlement key at a
time. Unfortunately, some partners have use cases that require using
old entitlement keys after the new keys have been loaded. Most
notably, when a key rotation occurs, the new PSSH will often be loaded
before the playback position catches up to the PSSH in the stream,
meaning that decryption will need to continue using the old keys for a
bit.
To fix this, EntitlementKeySession now caches the entitled keys when
they are loaded and only loads them under their matching entitlement
key when SelectKey() is called. This ensures that the right entitled
key is loaded for a given entitlement key before decryption.
The entitlement key integration tests have been updated to verify that
the old entitled keys still work even after loading new entitled keys.
Also, several places in the code that assumed loading new entitled
keys would wipe out the old keys have had to be modified.
Bug: 78652567
Test: CE CDM Unit Tests
Test: tested as part of http://go/ag/4674759
Change-Id: I6fac9dfe2b170ad68fb7cdb5bc8d6a2f35a20c2c
Merge from Widevine repo of http://go/wvgerrit/49003
CopyOldUsageEntry currently needs the old usage table to be loaded via
CreateOldUsageEntry. The CDM uses a workaround by creating a dummy old
entry, but the OEMCrypto code should be responsible for this. However,
since there have been several versions released with the current
OEMCrypto spec, the CDM code would have to still exist to support
implementations of that spec. Therefore, in order to avoid having to
support both a CDM with this workaround removed (as well as updating
the spec) and a CDM with it still in place, this workaround should be
canonicalized.
b/65730828
Test: tested as part of http://go/ag/4674759
Change-Id: I4619c551b79a53746683519d284663bf513ec38d
