Merge from widevine of http://go/wvgerrit/15778
This CL rebuilds the level 3 libraries with the android emulator
sdk_phone_*. This seems to avoid problems with the x86 build using
incorrect compiler flags.
Versions:
level3/mips/libwvlevel3.a Level3 Library Sep 28 2015 13:25:25
level3/arm/libwvlevel3.a Level3 Library Sep 28 2015 13:18:25
level3/x86/libwvlevel3.a Level3 Library Sep 28 2015 13:08:28
bug: 21766765
Change-Id: I0470d3ea55bf9fc18ff7c69f6f39d532c9865404
Merge from Widevine repo of http://go/wvgerrit/14973 and
http://go/wvgerrit/14573.
Some devices were failing the variable length key id tests, so they
were removed from Android while we decided whether the tests are too
strict for future releases.
This CL re-instates the tests with the understanding that the maximum
key id length is 16 bytes, as discussed in b/24469550. If we decide
that it is OK to have longer key ids, then another CL will be needed
to test with those lengths.
bug: 21935358
Change-Id: Ic6b776a8b119daac961c71280994fcc944984d8a
* Make CdmProvisioningResponse const.
[ Merge of http://go/wvgerrit/14618 ]
The lack of const on this reference seems to be a mistake, since the
responses is never modified. This also allows the new CE CDM to pass
responses directly through from the caller.
* Let Properties determine DeviceFiles level support
[ Merge of http://go/wvgerrit/14620 ]
Non-Android platforms do not have multiple security levels, and so do
not use the security level to construct a base path.
Instead of requiring a known "security level" to construct a file,
accept anything that platform Properties will accept as a base path.
* Drop Properties::GetSecurityLevel().
[ Merge of http://go/wvgerrit/14617 ]
This seems to be dead code.
Change-Id: I94a970279213100730d6e6c763558dbe386f936a
Previously, libwvdrmengine was linking in the static version of
libcrypto, but libwvdrmengine itself is a shared library. This change
makes it depend on the shared-library version of libcrypto instead,
which gets PIC correct and other things.
Change-Id: I28aa71e2fcbb388f8514b1088110466edbc041a5
* Expose release and offline statuses in CdmEngine.
[ Merge of http://go/wvgerrit/14616 ]
This will allow me to make some intelligent decisions in the new CE
CDM implementation without having to duplicate all the information
known in the lower levels.
* Account for backward compat support in tests
[ Merge of http://go/wvgerrit/14621 ]
One test ensures that device path backward compatibility is working,
while another assumes it is used.
This fixes test results when
Properties::security_level_path_backward_compatibility_support()
is false.
Previously, the CE CDM did not run these tests, and so this went
unnoticed.
* Remove Lock::Try, which is not used.
[ Merge of http://go/wvgerrit/14624 ]
Change-Id: Id18cf1f5b18c7322b8b636819276361af225734f
* Move Properties::Init into platform-specific code
This enables a refactor where property initialization for CE CDM will
use values provided by the application during library initialization.
[ Merge of http://go/wvgerrit/14510/ ]
* Add Properties::AlwaysUseKeySetIds().
When true, all sessions will have key set IDs and all session IDs
will be the same as the corresponding key set ID.
This will help the new CDM interface stick more closely to the EME
APIs, in which there are no such things as key set IDs and sessions
only have a single, random ID used for both streaming and offline.
[ Merge of http://go/wvgerrit/14521/ ]
* Reserve key set IDs in memory, rather than on the file system.
This makes it more efficient to use key set IDs for non-offline
sessions.
[ Merge of http://go/wvgerrit/14535/ ]
Change-Id: I765c3519619b17cc3c4ef95b1a6b125f479ee1d0
Merge from widevine repo of http://go/wvgerrit/15659
The clang compiler is more strict about C++11. This is needed for
future Android work.
In particular, iostream no longer converts to bool automtically, so
those instances were replaced with ss.fail().
Arrays or structures that appear to be variable length need to be
placed last in a structure. In oemcrypto_test a variable size
structure was replaced with an explicit buffer size, and a check was
added to make sure the buffer is not exceeded.
bug: 20893039
Change-Id: I5e25fc618dcf68262079c15554ee4ceae1858b8b
Port from the widevine repo of http://go/wvgerrit/15628
This change enables easy support for baked-in certificates. Platforms
using this feature need only change the supports_keybox property to
false, replace keys.cpp with the file provided by Google, and make
sure the cert.bin provided by Google is preinstalled in the storage.
To enable this, new files defining storage for the embedded private
key were added to MockOEMCrypto. When supports_keybox is false, these
are referenced to get the embedded private key. As this code is mostly
shared with the existing test utility function that loads the test
certificate, the shared code was moved to a helper. Also, the behavior
of the MockOEMCrypto implementation OEMCrypto_LoadDeviceRSAKey when
supports_keybox is false was changed from erroring to validating that
the "wrapped private key" is actually the magic value 0xDEADBEEF.
Bug: 23554998
Change-Id: I8b5d7b4d37b8ec80bb4342e441625cbc5046df89
[ Merge of https://go/wvgerrit/15534 ]
Added command line support and configuration information.
Removed secure transfer, full path and port options from the usage
message as they are not supported.
b/23593222
Change-Id: I7d4cdb4b4db543a6302c742bfc2d2572d75957bd
Merge from Widevine of http://go/wvgerrit/15507
This change recompiles the oemcrypto libraries on the emulators
because those should have the "least common denomintor" of compiler
options.
New Versions:
android/level3/mips/libwvlevel3.a Level3 Library Aug 27 2015 11:53:29
android/level3/arm/libwvlevel3.a Level3 Library Aug 27 2015 11:43:45
android/level3/x86/libwvlevel3.a Level3 Library Aug 27 2015 11:48:16
bug: 21766765
Change-Id: Ic69bacd71af835df940af1c21166b0ade57abf04
[ Merge of http://go/wvgerrit/15474 ]
Changes to releaseAllSecureStops made use of a session that was
initialized only if getSecureStops had been previously called. If it was not,
accessing the session resulted in a segfault. This was uncovered by a change
in how the Netflix app invoked mediaDrm.
b/23498809
Change-Id: Ib426ae1830c3a42c5e0849f1b6e8bbfe0d2c74ff
(This is a merge of http://go/wvgerrit/15430)
Previously, after provisioning, any existing offline licenses would be
deleted, as they were inevitably tied to the certificate that was just
replaced. However, due to the way per-origin provisioning works on
Android, this is no longer a safe assumption. Licenses from different
origins are all stored together, so this behavior would delete all
offline licenses across all origins every time any origin is
provisioned. And it is not possible to delete only the licenses for
specific origins without changing how licenses are stored. It is too
late to change how licenses are stored in Android M, so we need to
stop proactively cleaning up licenses in this edge case for now. Once
b/23354606 is resolved, we can reinstate this clean-up and properly
only clean up the licenses associated with the origin that was just
provisioned.
Bug: 23324167
Change-Id: Ic21db8c21bdb4243266cd49020ed52287eb21d9a
Prevent usage of client provided address on
non-secure devices spoofed as being secure.
b/23223325
merge of go/wvgerrit/15420 from widevine repo
Change-Id: I1d4f3a652b3d5e78fca508f92005cfa8df5ec6db
Copy from widevine repo of http://go/wvgerrit/15390
Because some devices are failing oemcrypto unit tests related to
signing schemes that they do not support, we are relaxing the
requirement that they return the correct error code.
We are still requiring that the device does NOT sign with a forbidden
scheme. However, it is OK if they do not return an error code from
OEMCrypto_GenerateRSASignature. They will be required to return the
correct error code in the next release.
bug: 21668896
bug: 21708882
Change-Id: I1b8a410909b364d0086cba38eadca11aceaac5f6
Merge from widevine of http://go/wvgerrit/15371
incorrectly have leading 0x00 bytes added to all integers. This
leading 0 should only be added to integers that had a leading byte
larger than 0x80 because those would be parsed as negative numbers.
bug: 23105200
Change-Id: I1dd01cc2b83a807bbdb78c079c6ce4e01d41f616
