[ Merge of http://go/wvgerrit/209671 ]
The CDM API RemoveOfflineLicense() is used to remove an offline
license by key set ID. From the app's perspective, removing the
offline license should not depend on an app to be provisioned, or
the license being loadable. However, internally, the CDM attempts
to restore the license to lock out its usage entry.
An issue arises when the license is not able to be restored, which
will cause errors related to the restoration to be returned to the
app. The license is still deleted in case of errors, but certain
partners have experienced GTS failures when using the MediaDRM API
removeOfflineLicense().
This change attempts to catch some of the common errors, but not all.
If certain errors are encountered during the restoration process, the
are not returned to the app.
Additional error cases may be added later, depending on vendor
feedback.
Bug: 319055420
Bug: 357863269
Bug: 370195605
Bug: 288118860
Bug: 302049654
Bug: 346845333
Bug: 312595506
Bug: 345232142
Bug: 303261245
Bug: 287735498
Bug: 372105842
Test: WVTS on Oriole
Change-Id: I020bbea30e5f6e0ae2777d8a1d4858c4f2af107b
[ Merge of http://go/wvgerrit/209670 ]
The Android FileSystem implementation for List() would return an error
if the directory does not exist. This creates an issue for the case
where the CDM attempts to list offline licenses after clearing all
data. This typically won't effect a regular user, it causes
integration tests which re-provision to fail.
Bug: 372105842
Test: file_store_unittest on Oriole
Change-Id: I121b52ab95e36249ae5b196e987bc950a278131f
[ Merge of http://go/wvgerrit/209590 ]
The filestore unit tests have not been updated in a while, and
contained several test statements which could crash the test
when failed (accessing elements in a vector or characters in a
string without proper size checks). Other parts of the tests
had non-obvious purposes without detailed knowledge of how the
file system works on the different platforms.
Significant parts of the tests have been refactored to include
better checking and to add error messages to explain the
expectations. Several of the tests have been documented, and the
FileSystem header has been updated to explain what the API does.
Bug: 376533901
Test: file_store_unittest on Oriole
Change-Id: I5af9fd2a2ed01aa6186026761c9e0814604ec610
[ Merge of http://go/wvgerrit/208116 ]
The MediaDrm plugin API removeOfflineLicense() would check both
L1 and L3 for the offline license. While this is generally acceptable,
apps might force set L3 via the setStringProperty(), which should
cause the DRM plugin to behave as if it is L3 only.
This change will cause the WVDrmPlugin only remove L3 key set IDs while
in L3 mode. L1 key set IDs in this case will be treated as non-existing.
Bug: 357863269
Bug: 372105842
Test: DRM Compliance ATP via ABTD
Test: libwvdrmdrmplugin_hal_test on Oriole
Change-Id: I81dddbacaee28da6c0a94527b0e390e86f55f81f
[ Merge of http://go/wvgerrit/208155 ]
The MediaDrm plugin API getOfflineLicenseKeySetIds() was listing
both L1 and L3 offline licenses. While this is generally acceptable,
apps might force set L3 via the setStringProperty(), which should
cause the DRM plugin to behave as if it is L3 only.
This change will cause the WVDrmPlugin list L3 only if the app had
set the security level to L3.
Bug: 357863269
Bug: 372105842
Test: DRM Compliance ATP via ABTD
Test: libwvdrmdrmplugin_hal_test on Oriole
Change-Id: I1a6e10b7eb880eef4ba36ed31b12ebfe8617f002
[ Merge of http://go/wvgerrit/199355 ]
A new set of license data was created on UAT so that we
could have keys that match those in the license returned by
a License SDK and by those generated by UAT.
It should be more clear now which data is just made up, and
which data has to match some golden values based on the made
up data.
Bug: 338323091
Test: WVTS
Change-Id: Ic112b4594afb99c6f43e011f59ee7592d4809189
[ Merge of http://go/wvgerrit/207456 ]
When parsing Widevine's HLS key data, the key details are contained
in a data URI in the HLS X-KEY URI field. The data of the URI is a
base64 encoded JSON object, containing the information required to
generate the license request. The "content_id" field of the JSON
object is expected to be a base64 encoded; however, the HLS parser
did not verify that the decoding was successful. In the event that
was not successful, the decoder would return an empty string, which
the parser would attempt to access the first element by reference
which may be a null reference.
In C++, creating a reference from a null point (without actually
accessing the value) is undefined; however most C++ implemenations
will not cause a segment fault; but it is not guarenteed by the
standard.
This change checks if the decoding was successful before attempting
to store the decoded "content_id" value.
A unit test is added to ensure that a parser fails gracefully.
Bug: 356210640
Test: HlsParseTest.BadHlsData_InvalidContentId
Change-Id: Ie2ad42d69953258659178dd1464d830b2723c6c7
Merge of https://widevine-internal-review.git.corp.google.com/c/cdm/+/206071
Message to be signed by CAST funciton is supposed to be in a certain
format: "constant prefix + SHA1(message)".
Some of our current CAST tests uses random message which break this
specification. This fixes the input message.
Test: Cast tests with run_fake_l1_tests
Bug: 359893908
Change-Id: I6b318d749971d837f13daa7b147313e8e0b1d3d0
This is based on a patch submitted by Amlogic.
When we're doing decrypt fallback, either in the CDM or the OEMCrypto
tests, we sometimes fall back to a point where we're synthesizing new
samples and/or subsamples for the content being decrypted. When this
happens and the output buffer is clear, we should limit the size of the
output buffer to only the space needed to hold the output.
Previously, we've been passing the entire output buffer to every call.
This can create a problem if the reason for the fallback is a lack of
enough memory to communicate the buffers to the TA, since the output
buffer will remain the same size as the total output. Restricting the
buffer passed to each call to only the space needed by that call will
reduce the memory requirement.
Cherry-picked from http://go/wvgerrit/205311
Bug: 354834629
Test: x86-64
Merged from https://widevine-internal-review.googlesource.com/204810
Change-Id: I412f43d8f88c72072ef1dd5293436bdb58e500b3
We are receiving reports from partners in the field that they are
failing the OEMCrypto tests only because the tests assume the BCC will
fit into 5k of memory but their BCC is nearly 8k in size.
This patch increases the buffer to 10k.
Cherry-picked from http://go/wvgerrit/205312
Bug: 354834629
Test: x86-64
Merged from https://widevine-internal-review.googlesource.com/204773
Change-Id: I360196518b7651139c003505253d1aed6a0c3907
This test should have been removed in v17, when we allowed this pattern
to be used with cbcs. Although we can't start enforcing the correct
behavior until v20 now, we can remove enforcement of the incorrect
behavior.
Cherry-picked from http://go/wvgerrit/205310
Bug: 356173926
Merged from https://widevine-internal-review.googlesource.com/204832
Change-Id: Idc6e3109286daabb83874d52ad3abaff5e14badb
The docs on OEMCrypto_DecryptCENC() weren't updated correctly when we
allowed the (0,0) pattern in v17. This patch brings the header docs
in-line with the handwritten part of the devsite documentation.
Merged from http://go/wvgerrit/204611
Bug: 336330529
Change-Id: Ic6c81d8f04904b83c34fbc0235ebbae8705a4182
[ Merge of http://go/wvgerrit/200415 ]
UDC specific: No DRM reprovisioning support
The SystemIdExtractor did not properly define behavior when working
with opened/closed CryptoSessions. Due to the CryptoSession's class
dual role of being both a session and a general handle into the
crypto engine, small bugs relying on undefined behavior which happened
to return expected output allowed tests to pass.
This CL makes the following changes:
1) Have SystemIdExtractor verify caller expectations when session is
open.
2) Improved SystemIdExtractor to operate when CryptoSession is opened
or closed.
3) Updates several SystemIdExtractorTest cases to better test defined
behavior without relying on undefined behavior.
4) Better code comments; hopefully some which will help prevent future
misuse of the internal APIs.
Test: system_id_extractor_unittest on Oriole
Test: WVTS on oriole
Bug: 329713288
Change-Id: I65518fe62f43e8060ea752852eb08a3d7132e2a0
The original clear lead integration tests weren't following the flow of
the original bug because there was only one sample, so
DecryptMultipleSamples wasn't being called in the same way. This should
fix this.
Bug: 320785945
Change-Id: Ia70e3fd78381d8d34261b95931fdb303f77f73fd
(cherry picked from commit 4141e271d44c32da88dc0f02a0173fae0b45ead9)
The feature RenewOnLicenseLoad is not expected to work for an offline
license when the device has no usage table.
Bug: 310498829
Change-Id: I601c332ed6cd17f9682082ea6acda7e67492b381
The test only needs to verify that the license has a renewal
server url. It does not need to fetch a renewal from that url.
bug: 338103523
Merged from https://widevine-internal-review.googlesource.com/197955
Change-Id: I1513f8692089c3f51a53ffd6ecb62348702b8fb8
Also added a unit test to verify that decryption without a license fails
with the correct error code. Also changed comment types for policy
integration tests and core integration tests to be picked up by Doxygen.
Bug: 320785945
Merged from https://widevine-internal-review.googlesource.com/194910
Change-Id: Ibdb70683003bb430dde9b4a1bd9fc9839bace342
(cherry picked from commit d05d3738b4)
There are three changes here that should help reduce the
amount of duration test failures caused by clock skew.
First, we reported some skew when the test expected playback
to start immediately after loading the license. However,
with round-off, this could easily be more than 1 second. So
this does not warrent even a warning.
Second, the fake and real clocks were only synced after
computing how long to sleep. This is fixed by moving
SleepUntil to the TestSleep class and having it sync before
computing the delta and after doing the sleep.
Third, I am guessing that some failures due to unexpected
lenience were caused by the rental or playback clock being
started at the end of signing the license or the end of the
first decrypt instead of the beginning. We work around this
by recording how long these operations take, and then adding
this extra time at the end of the check for FailDecrypt.
Bug: 275003529
Bug: 279249646
Bug: 207500749
Test: Luci tests
Change-Id: I6a973565edfbebca53ee7f239b4b93f8f73d1e0a
[ Merge of http://go/wvgerrit/194930 ]
[ Cherry-pick of http://ag/26577931 ]
OEMCrypto v17 introduced higher granularity in the device's HDCP V1
levels. Previously, all HDCP v1.x were group together. The change
was aimed towards server policy enforcement, not device enforcement.
Core code was updated, and could then be reflected in license
requests; however, reporting the new v1.x subversions was never
exposed to the higher app layers.
It is likely that devices which attempted to use specific 1.x versions
encountered test failures (for both CE CDM and Android CDM) as neither
implementations could handle such versions when communicating with
the app.
This change updates both CE CDM and Android CDM:
1) The CE CDM now uses the same subversion version comparisons as
performed by the core code.
2) The Android CDM will now recognize new HDCP levels, and not return
unexpected values.
Bug: 329155501
Test: run_x86_64_tests
Test: request_license_test on Oriole
Change-Id: I61fc0f11808f594456bd00210fd9b2bb5ed16c0e
[ Merge of http://go/wvgerrit/189650 ]
The CDM session shares its CryptoSession instance with a few additional
member objects (CdmLicense and PolicyEngine). When the CDM session's
crypto session is reset, it must also reset the CdmLicense and
PolicyEngine otherwise, a potential stale pointer reference may occur.
Test: request_license_test on Oriole
Test: WVTS on Oriole
Bug: 311239278
Change-Id: Ie175513ae652dcd96e12e5e1def574a8a56d5863
ag/26105061 accidentally reverted some of these changes so I am pushing
up another patch to add them back in.
[ Merged of go/wvgerrit/186370 ]
CDM by default allows test keybox from device side.
Bug: 299987160
Bug: 301669353
Change-Id: I6acf93c78f76a13f2c4539aabfd0262670b54c48
Merge of
https://widevine-internal-review.git.corp.google.com/c/cdm/+/193670
Default to OEMCrypto_CipherMode_CBC instead of OEMCrypto_CipherMode_CENC
which is not used by CAS.
Test: CAS unit tests
Bug: 325639114
Bug: 322928572
Change-Id: I8876d5262643015fb6a322eae6444ef4001d146d
[ Merge of TBD ]
The merge of oemcrypto-v18 cdm branch to udc-widevine-dev
caused a number of CDM/plugin fixes to be lost.
This undoes the non-oemcrypto changes in http://go/ag/26105061
Bug: 290252845
Test: WVTS, unittests on panther
Change-Id: I2bb99f423bda351eee30276cb0e26e3d9e27fa7d
