Support builds for multiple architectures the same time:
Use LOCAL_MODULE_TARGET_ARCH to restrict building to specific arches
Use LOCAL_C_INCLUDES_x86 to set the include path for only x86 builds
Change-Id: I7c33c27f1c9bfb6e3318a07514698992482f6cd7
bug: 12228689
If the device ID returned from OEMCrypto_GetDeviceUniqueId is
not NULL terminated in the OEM code, trailing garbage characters
may be included in the license request's client_identification
field, which could be rejected by the server's utf8 parser if
they are invalid characters, causing a license request failure.
The code for CryptoSession::GetDeviceUniqueId should use the
updated id_length from OEMCrypto_GetDeviceUniqueId to adjust
the length of the *device_id string before returning the result
to the caller.
Change-Id: I659866d4234d4f21ec051590fc7bc6367904a48a
During session sharing, when a sample contains both clear and encrypted
subsamples, subsample flags would on occasion be set incorrectly. Clear
subsamples would be sent to the current session, while encrypted ones
would incur a key id to session lookup and be sent to the appropriate session.
The sessions would then receive decrypt calls with subsample flags
incorrectly set.
In order for this to work correctly all subsamples within a sample need to be
sent to the same session. This requires that key ids be specified and
checked if at least one of the subsamples is encrypted. If however none of
the subsamples are encrypted then a valid key id may not have been provided
to MediaCrypto, and the subsamples may be sent to any session.
In order to support this, the CDM decrypt will now allow the caller to
specify whether to validate the key Id.
Then a check is added to wvcrypto determine whether to ask the CDM to
validate the key ID based on the clear/encrypted states of the subsamples.
The list of subsamples is already being preprocessed, so this
additional check just determines if any subsamples are encrypted, and sets
the validation flag appropriately.
b/11967440
Merge of https://widevine-internal-review.googlesource.com/#/c/8510/3 and
https://widevine-internal-review.googlesource.com/#/c/8520/2 from the
widevine cdm repo.
Change-Id: If65c36a31e56b69f514f0cc547a0becf0c54c40a
Make the build_and_run_all_unit_tests script push individual tests
instead of doing a full sync, makes it easier to run unit tests
against release builds.
Merge of https://widevine-internal-review.googlesource.com/#/c/8405/
from the widevine cdm repo.
Change-Id: I8efda77be9ab863f616fab88c4782b7c9edb8858
A number of failures were observed,
* GPlay dev license server is being worked on. This causes random
failures when running unit tests. Switching to the staging
server for now.
* Occasionally, the license server times out. Introducing a retry
mechanism do deal with HTTP responses (merge from master #45e8ddd5f)
* Release license tests are now disabled. Tests were previously passing,
even though they were not in fact supported by the GPlay license server.
The response included just enough information to be a valid license and
passed minimal verification that was taking place. Additional verification
was not necessary because session is torndown and resources released as
soon as the response has been received.
A change at the GPlay server now causes the release license request to be
flagged as an error and the tests to fail. Work is in progress to
support release of licenses at the GPlay server.
* The wrong message test (from request license tests) fails. This is
because GPlay behaviour changed from returning a HTTP 500, when
processing an invalid PSSH, to returning a HTTP 200 without any included
license.
* Security level path backward compatibility tests on L3 which failed and
caused the succeeding license request tests to fail.
b/12000457
Change-Id: I8e6adc490504475d1039793ea555a17799cb78c4
The request ID was set to a fixed value, which caused license requests
to be rejected by the YT server with TOO_MANY_STREAMS_PER_VIDEO
The request ID is now a combination of a randomly generated value and
a rolling index. This is based off a fix by gmorgan@ on the eureka
branch #98fa6e5e.
Merge of https://widevine-internal-review.googlesource.com/#/c/8496/
from the widevine cdm repo.
b/12018697
Change-Id: I6c05fea885d46aea53a07235c3e5ac65a6971eaf
Previously, Level 3 SelectKey returned no error when called before
any keys were loaded. After this CL, it will return
OEMCrypto_ERROR_NO_CONTENT_KEY.
Library version:
arm - Level3 Library Nov 20 2013 18:09:31
mips - Level3 Library Nov 20 2013 17:58:56
x86 - Level3 Library Nov 20 2013 18:13:01
bug: 11769839
Change-Id: I1b3f057e3ae9f2f174cae91f6849080345f02003
Merge of https://widevine-internal-review.googlesource.com/#/c/8263
from the Widevine repo.
Changes the behavior of requiresSecureDecoderComponent() to query the
session for whether a lowered security level has been requested
before querying the system to see what its default security level is.
As part of this, we added a new QuerySessionStatus() method to the
CDM that gets status info on a session-specific level, such as the
effective security level of a session.
Bug: 11428937
Change-Id: I5549a2fdd400cc87f567d27fcf74c473451093d6
Licenses could be renewed uptil the point of expiry. After that point
we expected that the session would have to be closed and a new one
opened with a new license loaded. Clank requested that we support
renewal of sessions past expiry.
In addition, the error returned on decryption, if OEMCrypto
determines that the KCB duration has expired, is NEED_KEY rather than
KEY_ERROR.
Merge of https://widevine-internal-review.googlesource.com/#/c/8240
from the widevine cdm repo.
b/11390539
Change-Id: I023320f3f25514cd07b368701a92100429ce1c04
This CL contains working versions of the haystack tools and the
OEMCrypto Level 3 library for android ARM, MIPS and x86.
The version number of the level 3 library is:
android/level3/arm/libwvlevel3.a Level3 Library Nov 4 2013 18:39:06
android/level3/mips/libwvlevel3.a Level3 Library Nov 4 2013 18:42:29
android/level3/x86/libwvlevel3.a Level3 Library Nov 4 2013 18:41:07
bug: 9374954 MediaDrm haystack based L3 code hardening implementation.
Change-Id: Ifef13900a11e83e4257723d3c6fc7107550882a8
After a change to the GPlay license server, it no longer accepts heartbeats
at the license server URL ( https://jmt17.google.com/video-dev/license/ ).
The CDM correctly reports https://jmt17.google.com/video-dev/heartbeat/
as the renewal URL but the current test code ignores the reported URL.
The license server then rejects the request and send back an empty
license response.
This causes WvCdmRequestLicenseTest.StreamingLicenseRenewal
and WvCdmRequestLicenseTest.StreamingLicenseRenewal to fail. Request
license tests have been modified to respect the renewal URL.
Merge of https://widevine-internal-review.googlesource.com/#/c/8188
from the widevine cdm repo
b/11290339
Change-Id: I1dcf8277edce99633086fb3db8ffeb7a32a5500d
The CDM session was being destroyed before the policy timer was stopped
and before the session was removed from a list of active sessions. This
allowed race conditions, where the policy timer would try to evaluate
policy for a closed session. This led to segfaults.
b/11338324
Merge of https://widevine-internal-review.googlesource.com/#/c/8240/1
from the widevine cdm repo.
Change-Id: Ib159ccfdb763a47da573f5c06c0793c2c63886c4
A change was introduced between jb-mr2 and klp-dev that closed
the CDM session when the removeKeys mediaDrm APIs was called.
This was introduced because there is no way of unloading keys from
an OEMCrypto session.
This caused problems for Netflix, as an exception occurred when they
tried to close a session after calling removeKeys.
Reverting to jb-mr2 behaviour for now. b/11188818 has been opened to
track a longer term resolution.
b/11185042
Change-Id: I03bc736d2bc5bdabc86cfb7b75ae8bcbc03ffc7c
Decryption calls though multiple threads may result in race conditions
between the setting of the key and the actual call to decryption.
This results in OEMCrypto errors when the buffer type used in
decryption did not match the key selected. This is addressed by
having the the two calls be in the same critical section.
b/11009857
Change-Id: I74f1a0689ca17114f3cdd029022013b05c415acd
Merge of change https://widevine-internal-review.googlesource.com/7950.
In the OEMCrypto library, it is valid to call LoadKeys with an empty
mac key. The library should not update the mac and enc keys and
should not throw an error.
Since we have seen this behavior in several implementations, a unit
test should be added that verifies the correct behavior.
bug: 11032674
Change-Id: I011ba39c8abc47547226a722143e92dac3f63dc5
Molly reports OEMCrypto errors when Device RSA private key is
loaded a second time in the same session. This occurs in privacy
mode when a service certificate is request and later a key request is
generated.
bug: 10815492
Merge of https://widevine-internal-review.googlesource.com/#/c/7823/
from Widevine cdm repo
Change-Id: I98999fb0e77597109b68c379eaaa4838d3f6dde4
Swallows the error NEED_KEY if it comes back from AddKey(), as this
is expected behavior. (It means privacy mode is on and the key that
was just added was the privacy certificate, ergo the real decryption
key is still absent.) Note that this carefully does not squelch the
notification that comes from NEED_KEY, which is still necessary in
order for the app to make a second key request.
Also streamlines a test case that I noticed was overcomplicated for
what it did while poaching code from it for new test cases.
Also removes a .gyp file that was erroneously being copied to the
Android tree. Android does not use GYP.
Bug: 10495563
Change-Id: Ife3ff0270a0d09dac1b0eb0d84bddffd811e1eef
A staging Root CA public key was used in earlier releases to verify
service certificates. These were in turn used to encrypt the
client identification. This met our needs for an end-to-end verification.
Now that the production Root CA and service certs are available
this change replaces staging certs with production ones.
Merge of https://widevine-internal-review.googlesource.com/#/c/7560/ from
the widevine CDM repo
b/10329328
Change-Id: Id02649201d9a8ba4d08acc4166503341a5bbdd23
In order to run all disabled OEMCrypto unit tests with one gtest
filter, one of them needs to be renamed so it matches the others.
These tests are disabled by default because they install a test
keybox, which would be dangerous on a production device.
Merged from CDM change
https://widevine-internal-review.googlesource.com/7440
bug: 10508973
Change-Id: I9508b133c6500ec28ce8890a4af89f016344b842
1. add missing checks to set the overall result when some tests fail
(to verify b/10528466)
2. Fix test result on L1 devices where we can't hash the decrypt result
due to inaccessible memory buffers.
3. Configure the codec with a surface to avoid codec errors on L1 devices
b/10528466
Merge of https://widevine-internal-review.googlesource.com/#/c/7510/
from the widevine CDM repo
Change-Id: I5c7ef5ce802cc4ff63f62524ef2120fb671920f4
This CL turns off the verbose logging if LOG_NDEBUG is 1, or if NDEBUG
is defined. You can set the environment variable LOG_NDEBUG to 0 to
turn on verbose debugging for the CDM library on android.
Also, as in b/9672657, some applications call SelectKey when switching
between video and audio, which is much too verbose and affects
playback. I have removed the log statements for SelectKey.
bug: 9672657
Change-Id: I635b997118996871356f7126852b4744fb05e810
Certificates and offline licenses are stored in security level
specific directories in klp. When devices transition from jb-mr2,
their persistent information has to be ported to these directories.
bug:10366036
Merge of https://widevine-internal-review.googlesource.com/#/c/7310/
from the widevine CDM repo
Change-Id: I70b4a79dc5b69bda7fc3a4b92fdcde7ef8b41836
Adds support and tests for the new isContentTypeSupported API to the
Widevine DrmEngine.
Bug: 10244066
Merge of https://widevine-internal-review.googlesource.com/#/c/7321/
from the Widevine CDM repo.
Change-Id: I4f606de7897a49da745ff76faceeb358f8ac9073
This merges the following changes from the Widevine CDM repository:
da001b6 Add Privacy mode and service certificate
This adds support to the CDM for privacy mode and service certificates.
92bf200 Add support for using Youtube Content Protection server for testing
Enables testing with Youtube Content Protection server. Google Play license
server is still the default. Select YTCP server by using the flag -icp
e.g. adb shell '/system/bin/request_license_test -icp'
85dcd60 Fixes to enable privacy mode
These includes changes to use PKCS7 padding, corrected root CA formatting
and changes to integration test. Also refactored service certificate
handling.
989971c Correction to request license test
Corrected PropertySetTest to provision when needed. Also added disabled
privacy tests to run against YTCP staging server until GooglePlay
integration is complete.
Bug: 10109249
Change-Id: If81d68c65d743d77a485406f48d1be41a74de0af
This merges the following changes from the Widevine CDM repository:
564f4cc Add CdmClientPropertySet to CDM
Adds an interface to the CDM that allows it to query its client for
certain properties. In this case, this includes the ability to
specify what security level is desired, as well as support for
service ceritifcate privacy mode.
9cfbd3e Force Level 3 fallback
Adds support for voluntarily invoking L3 crypto to the OEMCrypto
wrapper.
95d12c1 Add pointer to CdmClientPropertySet class to OpenSession.
Adds support for storing the property set on a session-by-session
basis and choosing the appropriate crypto level.
17de442 Add Settable Properties for Clank to Android
Adds support for setting the aforementioned properties to the
DrmEngine
bbe704d Fixes to force fallback to level three security
Corrections to invoke provisioning, OEMCrypto API with configured
security level rather than the default. Unit tests were also revised.
Note that some parts of this are also support for the ability to use
a service certificate-based privacy mode. The remaining code for
supporting this mode is still forthcoming.
Bug: 10109249
Change-Id: I2755e4dea1de3e8a56cff237360298f7b7f1bddc
Merges change 267713c (Remove stale licenses on reprovisioning) from
the Widevine CDM repository. This change removes licenses belonging
to the previous provisioning when provisioning changes.
Bug: 9761923
Change-Id: I473816dd11dd950f4fb009b5b004630bd2d2b579
This merges change 43c7fda (Do Not Obscure wvcdm::NEED_KEY) from the
Widevine repository. After this change, decrypt calls will return
ERROR_DRM_NO_LICENSE if the CDM returns NEED_KEY.
Bug: 10157154
Change-Id: I97b3a3990abeebb620ee4925fabf5c4261d968c4
