[ Merge of http://go/wvgerrit/34060 ]
License were not being upgraded successfully from usage
tables to usage table headers and entries (big usage tables).
Bug: 65730713
Test: WV unit/integration tests
Test: GTSMediaDrmTests
Test: Playback using netflix and play movies
Test: Manual upgrade from N (L3)
Change-Id: I7ef127204104fa36dd1ee385bc80ed6a81172b4b
(This is a merge from http://go/wvgerrit/30220)
Previously, extracting the system ID was only supported on Keybox-based
systems. This patch adds support for extracting the system ID from the
OEM Certificate chain on Provisioning 3.0 devices. This is done by
getting the Widevine intermediate cert from the chain, finding the
Widevine System ID extension in that cert, and extracting the value.
The code that does the extraction is separate from any code that calls
OEMCrypto so that it can be unit-tested in isolation. This patch adds a
crypto_session_unittest test to do this unit-testing.
Bug: 34776194
Test: crypto_session_unittest
Change-Id: I3e273968208fb31ae6019ccc383b419625d1ae22
[ Merge of http://go/wvgerrit/29004 ]
Enable support for provisioning with OEM certificates as root of
trust.
b/62972441
Test: WV unit/intgration test, cdm_feature_test and GTSMediaTestCases
Change-Id: I30576fc0bb68a873eeaaca03f6b9c89fa6a14327
MetricsGroup split into 3 groups, session, engine, and crypto.
MetricsFrontEnd and Report removed.
This is a merge from wvgerrit/28420
Bug: 36217927
Test: Added unit tests to cover modified code.
Change-Id: I2f39f99ce88cc2229d6d1aa9459c67c5b86ccef4
[ Merge of http://go/wvgerrit/26421 ]
* Corrects usage_table_header lifetime management. Earlier the
UsageTableHeader class was a singleton tied to the CdmEngine lifetime.
With SPOIDs there might be multiple concurrent CdmEngine objects.
The UsageTableHeader class is now associated with OEMCrypto
lifetime. There are two UsageTableHeader objects one for each L1 and L3.
These get allocated/deallocated on OEMCrypto Initialization/Termination
respectively.
* UsageTableHeader requires OEMCrypto, file read/writes and
metric gathering to perform its required functionality. Because of the
lifetime changes, CryptoSession, DeviceFiles and MetricsGroup objects
need to passed to the methods rather than at Creation time.
* Miscellaneous fixes, when moving or deleteing entries.
* Adds usage_table_header_unittests.
* Addresses failures with request_license_test with secure stop in L3.
b/36858906
b/36855557
b/36048120
b/38341136
b/37100505
b/35946047
Test: Verified by unit and integration tests. Added new
usage_table_header_unittests
Change-Id: I20e396ab2c0afbd14372dd93b969e5b0f1ccd291
(This is a merge of wvgerrit/25582)
Provisioning 3.0 devices that do not use SPOIDs have been returning
their full OEM Public Certificate as their device ID. While this is not
a security concern, (it is a PUBLIC cert) the cert is many times larger
than applications are likely expecting. (several kilobytes vs. just a
few bytes) This patch hashes the OEM Public Certificate to produce a
smaller value, but only when it is being provided out of the CDM to a
caller.
Bug: 34716264
Test: run_all_unit_tests.sh
Change-Id: Ib82cf7a174a8bf02ff606edd0394ada13842224c
[ Merge of http://go/wvgerrit/23522 ]
A helper method has been added to CryptoSession to determine whether the
TEE supports usage tables, usage table headers+entries or does not
provide any support for persistent licenses.
In addition
* CryptoSession now supports deletion of multiple
usage entries rather than a single one.
* Typedefs have been added for usage table headers and entries
b/34327459
Test: Verified by unit/integration tests on angler.
Change-Id: I634d3b7b81ce94d1deccd2a7aaf26b9efde414a8
There were warnings about unused parameters and unnecessary "const"
that were hiding other warnings. This change resolves those
warnings and resolves some constructor list ordering warnings
that were hidden among the other warnings.
Bug: 34784667
Change-Id: Ied78b00d3565abd66f90dbd1f4cce635dae7b957
This change is the complete Widevine metrics system. It will
measure and record runtime information about what is happening
in the CDM - such as errors and throughput.
Bug: 33745339
Bug: 26027857
Change-Id: Ic9a82074f1e2b72c72d751b235f8ae361232787d
[ Merge of http://go/wvgerrit/23167 ]
This allows CryptoSession to support the new functionality added to
OEMCrypto to support big usage tables. No changes in behavior yet.
Code that calls these methods will be in a subsequent CL.
b/34327459
* Minor changes to cdm/Android.mk and cdm/test/unit-test.mk to remove
profiler changes that were missed in previous releases.
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: I9becd97c5a8ddf74d30fabd1251e796b534c010f
(This is a merge of go/wvgerrit/23154)
This patch updates the ClientCapabilities protobuf to match the latest
on the server side and adds plumbing to the provisioning request
process so that devices can report whether they like big certs.
Their capacity to lie remains untested.
Bug: 34076937
Test: license_unittest
Change-Id: I3bcc9f1741146953d8bc0ff3d7d2305e7ac2c118
[ Merge of http://go/wvgerrit/23061 ]
b/34131127
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: I27a3cde8e5c86dc8f9b26f9d4e7793f86c016743
[ Merge of http://go/wvgerrit/22980 ]
System Renewability Messages (SRM) contains a list of Key Selection
Vectors, which are HDCP Identifiers that have been revoked.
During HDCP negotiations a transmitter may authenticate a receiver
and verify that its unique identier is not present in the SRM.
This CL enables reporting of the current SRM version and whether SRM
updates are supported. It also loads SRM updates in the license
and specifies SRM version requirements when keys are loaded.
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
b/28955520
Change-Id: Id840078ea2deb01d9619c1cd8d367b50452f76cc
[ Merge of http://go/wvgerrit/22900 ]
Add GetClientToken(), GetProvisioningToken(), GetPreProvisionTokenType()
to CryptoSession. They return the correct token bytes and token type
for preparing the ClientIdentification message for provisioning and
license server transactions.
Also refactor service certificate handling.
OEM certs are introduced in Provisioning 3.0
b/30811184
* Address build breaks
[ Merge of http://go/wvgerrit/23162 ]
This addresses issues introduced by http://go/wvgerrit/22900
b/30811184
* When http://go/wvgerrit/18012 was merged (ag/1446934) some changes
were not merged for mapErrors-inl.h. These changes are included in this CL.
* When ag/1678104 was reverse merged to http//go/wvgerrit/21981/ a variable
was renamed and some comments were added to add clarity in cdm_engine.cpp.
These changes are included in this CL.
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: Ie0215509f2f985f2a610f5a4c865db47edec8662
(This is a merge of go/wvgerrit/22949)
Starting with OEMCrypto v12, we are guaranteeing to integration partners
that the buffers passed to OEMCrypto_DecryptCENC and
OEMCrypto_CopyBuffer will not be more than 100KiB (102400 bytes) in
size. For requests larger than this, we will first try to send the
buffer to OEMCrypto anyway. (in case the integration supports buffers
larger than the minimum) In the event that the buffer is rejected, we
will break it up into 100KiB chunks and send them down individually for
decryption.
Breaking a subsample into smaller subsamples necessitates knowledge of
how to update other decryption parameters (like the offsets and the IV)
that previously the CDM Core has not needed to know about. Until now,
this knowledge lived in the glue layer on the Android CDM and nowhere
on the CE CDM. Now, the CryptoSession has a subset of this knowledge, in
order to break up buffers successfully.
For testing purposes, the Mock OEMCrypto has been modified to only
support the smallest buffer size. In order to make sure the chunking
code was being exercised by them, the CE CDM tests had to have the
amount of data they decrypt increased by several orders of magnitude. To
contain this growth, I have moved the test data to its own file.
Bug: 31381719
Test: Ran the updated CE CDM integration tests
Test: Modified the OEMCrypto dynamic adapter to pretend both L3 and L1
only support 100KiB buffers on a Marlin and a Ryu. Confirmed that the
GTS H.264 tests (which have subsamples over 100KiB) passed still. A
similar test was attempted on Fugu but Fugu cannot pass these tests even
without this change present.
Change-Id: Iabe7db3d87554cd1352f10a7524cd55352818397
This CL merges several CLs from the widevine repo:
http://go/wvgerrit/18012 Add support for querying allowed usage for key.
http://go/wvgerrit/17971 Add per-origin storage.
http://go/wvgerrit/18152 Add OEMCrypto's generic crypto operations to CDM.
http://go/wvgerrit/17911 QueryKeyControlInfo => QueryOemCryptoSessionId
Note: numbering in wv_cdm_types.h was added in this CL and will be
back ported to wvgerrit in a future CL.
Change-Id: Idb9e9a67e94f62f25dc16c5307f75a08b3430b64
[ Merge of http://go/wvgerrit/17959 ]
This will allow the license server to base licensing decisions on the
devices security module revision.
b/28882058
Change-Id: I574e7686bb305397946d2bfaff504cfae242e628
[ Merge from http://go/wvgerrit/16498 ]
The CDM now supports AES CTR and CBC block cipher modes. The license
specifies the mode to be used in the key container. The mode is
also specified in mediaCrypto when calling decrypt. This adds
verification for the cipher block mode.
Change-Id: I2587fc1e4b6d77161f2f8653f8516024c73dd8ac
This is a merge of http://go/wvgerrit/13751 from the widevine
repository.
The CryptoSession had an enumeration for HDCP levels that was copied
from OEMCryptoCENC.h by hand. Since that header is included, there is
no need to have two enumerations.
b/16303994
Change-Id: Ief16ba62163776f9ca80375f3638ef4c7770e742
(This is a merge of http://go/wvgerrit/13761 from the Widevine
repository.)
This cleans up our includes to be in Google Style Guide order and in
alphabetic order, for the parts of the code that are expected to
follow Google Style.
This also converts places in our code that were including C headers
in the C++ style (i.e. <cstring> instead of <string.h>) to use C style
instead. This is because, although it was not causing problems for us
yet, on Android these actually include different headers. (<cstring>
is provided by libcxx, while <string.h> is provided by Bionic)
Lastly, this change puts all headers that do not come from within our
project in <brackets> instead of "quotes," which was not being done
consistently.
This change is explicitly NOT trying to standardize the spacing of our
header includes. I have tried to respect, in each file, the spacing
style already present.
Change-Id: If3dc06532ab9b68010285d64518ef21dce3d6354
This is a merge of http://go/wvgerrit/13693 in the Widevine
repository.
This adds level 3 and mock implementation and unit tests for the
OEMCrypto function OEMCrypto_ForceDeleteUsageEntry. It also plumbs
this function up into CdmEngine, CdmSession, and CryptoSession so that
deleting all usage information for a given app id will now delete the
entries in OEMCrypto, too.
b/18194071
Change-Id: Iaea4034a507b323878657215784edfe95876386a
(This is a merge of http://go/wvgerrit/13400 from the Widevine CDM
repository.)
Replace "}; // namespace" with "} // namespace":
ag -l --ignore-dir third_party "}; //" | \
while read f; do sed -r -i 's/\}; \/\//} \/\//' $f ; done
Replace "// unnamed namespace" with "// namespace":
ag -l --ignore-dir third_party "unnamed namespace" | \
while read f; do sed -r -i 's/unnamed namespace/namespace/' $f ; done
Change-Id: I50ece9a127ce669f15cd532dfae1dd741338a075
* The Usage APIs return usage reports from either L1 or L3 (if available).
* Correction to when usage reports are saved. In addition to other events
they are now saved when keys are loaded, usage reports are released and soon
after first decryption and periodically (60 seconds) after that,
if decryption takes place.
* Usage reports now get deleted on an unprovision request.
* Policy timer is now started when offline licenses are restored.
* Usage session is now released, when a usage response is received.
* Usage tests ahev been enabled.
* Added CDM extended duration (integration) tests to test usage reporting
and querying. These need to be run manually as they take a while (currently
half an hour).
b/15592374
[ Merge of https://widevine-internal-review.googlesource.com/#/c/10800
from the Widevine CDM repo ]
Change-Id: Ia817e03ebbe880e08ba7b4a235ecb82b3ff35fbf
[ Merge from Widevine CDM repo of
https://widevine-internal-review.googlesource.com/#/c/10171/ and
https://widevine-internal-review.googlesource.com/#/c/10172/ ]
Updated license_protocol.proto from constituent protos in google3
These changes make use of OEMCrypto v9 changes to support usage reporting.
Usage reporting may be enabled for streaming (by means of secure stops) and
offline playback by a provider session token specified in the license.
Changes include periodically updating usage information for relevant
sessions and reporting and releasing usage information as needed.
The CDM has removed all references to Secure Stops. This change
updates the Android API implementation to comply.
b/11987015
Change-Id: Ibb6f2ced4ef20ee349ca1ae6412ce686b2b5d085
This CL removes TODOs and email addresses from comments, unifies some
namespaces and cleans a few variable names. It is a copy of multiple
CLs on the widevine side.
Change-Id: I1bb649096476a5001a56d746427399de6a88ff69
The request ID was set to a fixed value, which caused license requests
to be rejected by the YT server with TOO_MANY_STREAMS_PER_VIDEO
The request ID is now a combination of a randomly generated value and
a rolling index. This is based off a fix by gmorgan@ on the eureka
branch #98fa6e5e.
Merge of https://widevine-internal-review.googlesource.com/#/c/8496/
from the widevine cdm repo.
b/12018697
Change-Id: I6c05fea885d46aea53a07235c3e5ac65a6971eaf
Decryption calls though multiple threads may result in race conditions
between the setting of the key and the actual call to decryption.
This results in OEMCrypto errors when the buffer type used in
decryption did not match the key selected. This is addressed by
having the the two calls be in the same critical section.
b/11009857
Change-Id: I74f1a0689ca17114f3cdd029022013b05c415acd
This merges the following changes from the Widevine CDM repository:
564f4cc Add CdmClientPropertySet to CDM
Adds an interface to the CDM that allows it to query its client for
certain properties. In this case, this includes the ability to
specify what security level is desired, as well as support for
service ceritifcate privacy mode.
9cfbd3e Force Level 3 fallback
Adds support for voluntarily invoking L3 crypto to the OEMCrypto
wrapper.
95d12c1 Add pointer to CdmClientPropertySet class to OpenSession.
Adds support for storing the property set on a session-by-session
basis and choosing the appropriate crypto level.
17de442 Add Settable Properties for Clank to Android
Adds support for setting the aforementioned properties to the
DrmEngine
bbe704d Fixes to force fallback to level three security
Corrections to invoke provisioning, OEMCrypto API with configured
security level rather than the default. Unit tests were also revised.
Note that some parts of this are also support for the ability to use
a service certificate-based privacy mode. The remaining code for
supporting this mode is still forthcoming.
Bug: 10109249
Change-Id: I2755e4dea1de3e8a56cff237360298f7b7f1bddc
Merges change 267713c (Remove stale licenses on reprovisioning) from
the Widevine CDM repository. This change removes licenses belonging
to the previous provisioning when provisioning changes.
Bug: 9761923
Change-Id: I473816dd11dd950f4fb009b5b004630bd2d2b579
This merges the following changes from the Widevine CDM repository:
bef58bc Add new error codes
Adds new error codes to OEMCryptoCENC.h and rearranges it to more
closely match the documentation.
5fcfbca Handle OEMCrypto_ERROR_INSUFFICIENT_RESOURCES on Decrypt
Changes the CDM to support the new errors from the previous change.
d59c09d Report Insufficient Crypto Resources
Changes the DrmEngine to support the new errors from the previous
change.
1085a21 Respond to Too Many Keys or Sessions Errors
Allows errors around having too many keys or sessions to result in
a unique error in the CDM.
Bug: 9695816
Change-Id: I826bc655109fa57e4f75de7158d7f392053666b1
Android development of the widevine CDM has been done
on the jb-mr2 branch of the cdm code base. This CL
contains a merge of that jb-mr2 work to CDM master, and
also reflects the evolution of the common Modular DRM
code base since jb-mr2 branched.
Change-Id: I1d7e1a12d092c00044a4298261146cb97808d4ef
bug: 8621521
This fixes a problem where insecure audio buffers were being
passed incorrectly as secure buffers to the trusted
environment's OEMCrypto_DecryptCTR.
This is a merge of the following changes from the widevine
git repository to android git repository:
https://widevine-internal-review.googlesource.com/#/c/5163/2
Allow selection of secure/non-secure buffers
https://widevine-internal-review.googlesource.com/#/c/5164/
Pass Secure Buffer Request to CDM
Change-Id: Iec1192a216305c6cf92c359b15b148eccc6ce6ce
bug: 8601053
This import syncs to the widevine git repository change
commit 6a99ad1b59ad39495f62954b3065ddc22b78da49
It includes the following changes from the widevine git
repository, which complete the jb-mr2 features
Fix Unit Test Makefile
Adds support for device certificate provisioning.
Support application parameters
Certificate based licensing
Proto for client files
Implement Property Query API
Add Device Query For Unique ID
Implement Generic Crypto in DrmEngine
Do not validate Key IDs on clear playback
Allow OEMCrypto_DecryptCTR with clear content and no key
Add a case to the MediaDrm API test to repro b/8594163
Implement requiresSecureDecoderComponent
Implement Eventing API
Add end-to-end decryption test with vectors
Refactoring of properties class
Refactor OEMCrypto unittest.
Fix for b/8567853: License renewal doesn't renew license.
Add KEY_ERROR callback to WvContentDecryptionModule() ctor.
Merged certificate_provisioning.proto and
client_identification.proto to license_protocol.proto.
Fix nonce check failure after a malformed key in OEC Mock.
asynchronize decryption
Allow querying of control information
make debugging AddKey & Decrypt statuses easier
Revert "Revert "Send KEY_ERROR event to app on license
expiration or failure""
Revert "Send KEY_ERROR event to app on license expiration
or failure"
Send KEY_ERROR event to app on license expiration or failure
remove extra session id copy
use KeyError constants directly
replace variable-length arrays with std::vector and fixed-sized array
pass session ids as const references
refactor key extraction and update keys on renewal
Updates to enable renewals and signaling license expiration.
fix error constant in OEMCrypto_DecryptCTR
Change-Id: I5f7236c7bdff1d5ece6115fd2893f8a1e1e07c50
This import syncs to the widevine git repostiory change
commit ab3e1e43642cf36900f55169597a33f222709fdb
Change-Id: I3a6f1e2969e5fe7ed1ca12f90b0eb0a3b7899835
This change incorporates the following CLs from the Widevine
cdm repository:
Update the java request/response test app to match Drm API changes
Don't build the mock liboemcrypto.so by default
Do not build CDM tests by default
Fix Build Break in DrmEngine Unit Tests
Fix Build Break in WVDrmPlugin
Initial version of roadmap for CDM projects.
Implement License Query
Implement Generic DRM in OEMCrypto Reference Implementation
Add key_data_length field when calling OEMCrypto_LoadKeys
Policy engine unittests
Generalized DRM API for OEMCrypto
Fixes proto buf libraries build.
Add Version Number to OEMCrypto API
Test key control block duration field in OEMCrypto
Add fix for missing crypto offset.
Fixed android/media*/test builds and added proto files for Cert. provisioning
Refactor and clean up callback code in CDM.
Add "device_id" name-value pair to LicenseRequest::ClientIdentification
Separate unit and end-to-end tests from the top level makefie.
Includes changes for 'fall back to l3 oemcrypto lib' in top level makefile.
Fall Back to Level 3 if Level 1 Fails
Fix compilation error in wvcdm_unittest.
Fix Android build break due to Decrypt() signature change in cdm_engine.h.
Wire up callbacks and errors in the Steel proxy.
Fix lock assert if there is no keybox on the device.
RSA Certificate Unit Test
Change Generic_Verify signature to constant.
Change-Id: I2e42db9d0b4f8d4e833675ae81d0714509bbfd2c
Builds libwvmdrmengine.so, which is loaded by the new
MediaDrm APIs to support playback of Widevine/CENC
protected content.
Change-Id: I6f57dd37083dfd96c402cb9dd137c7d74edc8f1c
