These are a set of CLs merged from the wv cdm repo to the android repo.
* Change build options for make protobuf host tools
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/30381 ]
Also revert local change to protobuf/extension_set.cc
This builds after adding -Wno-return-type and -Wno-unused flags.
* OEMCrypto v13 stub
Author: Rintaro Kuroiwa <rkuroiwa@google.com>
[ Merge of http://go/wvgerrit/30004 ]
* Remove merge conflict tags
Author: Edwin Wong <edwinwong@google.com>
[ Merge of http://go/wvgerrit/30120 ]
Remove merge conflict tags for http://go/wvgerrit/29880
* Added Android Things ARM provisioning key to L3
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/29701 ]
BUG: 63443584
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: Ifd867b491dfda5d67d2e225695535b5af9e18260
These are a set of CLs merged from the wv cdm repo to the android repo.
* Correct RELEASE_ALL_USAGE_INFO_ERRORs
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/28742 ]
RELEASE_ALL_USAGE_INFO_ERROR_4 and 5 were introduced and made use of in
http://go/wvgerrit/24022 (branch: oc-dev). The error code definitions
were merged over in http://go/wvgerrit/24602.
When http://go/wvgerrit/24622 from cdm_partners_3.2 was merged to master
(http://go/wvgerrit/27723) there was conflict in error codes. The error
codes were adjusted to RELEASE_ALL_USAGE_INFO_ERROR_3 and 4
and were made use of.
To avoid renaming the errors between oc-dev and master, new errors
RELEASE_ALL_USAGE_INFO_ERROR_6 and 7 have been added to handle the
scenarios noted in the merge from cdm_partner_3.2. The other
errors have been reverted back to RELEASE_ALL_USAGE_INFO_ERROR_4 and 5.
They will be used when http://go/wvgerrit/24602 is merged.
* Address compilation issues
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/28740 ]
These changes enable compilation of most of the cdm code on android
expect for OEMCrypto unit tests (b/62739406) on wv master.
* Add property for binary/base64 provisioning msgs.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28074 ]
Property is "provisioning_messages_are_binary". Its default setting is
false in the CE CDM, but it can be overridden by integrators.
Added section to integration guide that discusses Provisioning Server
message formats and the new property.
Link: https://docs.google.com/document/d/1cBVbhgrajLpDe2W3_vzLzUqzpdDt73chvm4_sZlZlS8/edit#heading=h.hgxw53ddw7jo
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I9168193819974d1ff65d9a94dbd762e45ecc43ca
These are a set of CLs merged from the wv cdm repo to the android repo.
* Add CDM status return for decrypt blocked by HDCP.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28062 ]
New status code is kKeyUsageBlockedByPolicy. It is returned by the decrypt()
call instead of kDecryptError or kNoKey.
Also shuffled the CDM status returns to define the EME-aligned codes
first, and added comments to highlight the differences in handling.
BUG: 37540672
* Change division and mod ops to relocatables
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/28600 ]
This is similar to I2dad1028acf295288cd10817a2bcff2513c053c9.
We should be using the relocatable functions instead of the
native division and mod operations.
* Cleanup Encrypted ClientID in provisioning request
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28083 ]
b/36897239
Staging server does not support it (or the client is not constructing
it properly). Leave it disabled pending investigation.
* Certificate Provisioning fixes.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28066 ]
Partial fix for BUG: 37482676
Partial fix for BUG: 37481392
Update service certificates, get rid of DEV/QA root certificate.
Provisioning request and response are base64 (web-safe) encoded.
Response is optionally JSON-wrapped.
Change ConfigTestEnv; clearer comments and a closer match to reality.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I79d3c4bf1124e5e0d3e4d40baead65a8266ea874
These are a set of CLs merged from the wv cdm repo to the android repo.
* Update service certificate.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28065 ]
The updated service certificate fixes a number of failing tests.
There are still some that fail, apparently due to mismatches
with key set IDs and usage tables.
Also updated QA server URL to point to QA proxy (although neither
can be used by this client).
Also fixed segfault in CdmTest.ListUsageRecords.
* Add CDM APIs for Handling Service Certificates.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/28064 ]
The responsibility for managing Service Certificates has been moved
out of the CDM. Instead, provide CDM and CdmEngine methods to generate
a service certificate request message, and handle a service certificate
response. The API client can use these calls if it needs to get the
service certificate from the License Server.
These functions assume the request and response are base64 (web-safe)
encoded (see b/37481392). Not all servers are operating this way yet.
Any adaptations for non-compliant servers is handled outside the CDM.
See test WvCdmEnginePreProvTest::ServiceCertificateRequestResponse in
cdm_engine_test.cpp for an example of this.
These changes also eliminate the stored init_data and deferred
license type which were used to perform a service certificate request
during a license request.
* Fix and rename ClosesSessionWithoutReturningError test.
Author: Edwin Wong <edwinwong@google.com>
[ Merge of http://go/wvgerrit/27880 ]
ClosesSessionWithoutReturningError should not check for
Status::OK since it is expecting an error code back.
The test is renamed to ClosesSessionWithError.
Test: libwvdrmdrmplugin_hidl_test
BUG: 62205215
* Get rid of default service certificate.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27981 ]
Instead, we need at least two service certs - one for the QA/Test
servers, and one for UAT (and prod?)
There are still some issues around the signature verififcation
of the service cert, and in license_unittest.cpp, the use
of the default service cert has been commented out. I don't know
why this test needs a service cert. If it really does, then the
same mechanism that is used elsewhere for selecting a specific
server type will be needed here.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: Ieab815fb202c809ad5714cd0364c4bdfa068f77d
Below are a set of CLs being merged from the wv cdm repo to the android repo.
* Fix handling of OEM Cert public key.
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/27921 ]
This is a potential fix for b/36656190. Set aside public
key on first call to get the public key, and use it afterwards.
This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(),
which has side-effect of staging the OEM private key.
This also fixes a problem where the public cert string was
not being trimmed to match the size returned by
OEMCrypto_GetOEMPublicCertificate().
* Complete provisioning request/response for Provisioning 3.0
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Fix bug on provisioning request path where GenerateDerivedKeys()
was being called when preparing to generate the signature.
Add message signature verification, and call correct OEMCrypto
routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30).
* Implement Cdm::deleteAllUsageRecords()
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27780 ]
Delete all usage records for current origin. Removes usage
records from file system and retains the PSTs. The deletes
any usage entries matching those PSTs held by OEMCrypto.
BUG: 35319024
* Remove stringencoders library from third_party.
Author: Jacob Trimble <modmaker@google.com>
[ Merge of http://go/wvgerrit/27585 ]
We have a fork of the stringencoders library that we use for base64
encoding. This reimplements base64 encoding to remove the extra
dependency and to reduce the amount of code.
* Add Cdm::deleteUsageRecord() based on key_set_id.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/27605 ]
Delete specified usage record from file system usage info and
from OEMCrypto.
BUG: 35319024
* Modifiable OEMCrypto
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/24729 ]
This CL adds a new variant of the OEMCrypto mock code that adjusts its
behavior based on a configuration file. This is intended for
testing.
For example, a tester can set current_hdcp to 2 in the options.txt
file, push it to the device, and verify that a license is granted for
HDCP 2.0. Then the tester can edit the value of current_hdcp to 1 and
push the file to the device. Playback should stop because the license
is no longer valid.
This variant uses a real level 1 liboemcrypto.so to push data to a
secure buffer. That means we can test playback for a license that
requires secure buffers on an Android device with real secure buffers.
BUG: 35141278
BUG: 37353534
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: I58443c510919e992bb455192e70373490a00e2b6
[ Merge of http://go/wvgerrit/23360 ]
Service Certificates are used in two places, provisioning and
licensing. The service certificate code depended on a session_id
to get and set the service certificate properties, but the session_id
was not available in the provisioning path.
This patch pulls out the property lookup by session_id dependency,
and passes the CdmImpl's property_set into the provisioning code, so
the service certificate can be read and written there.
Bug: 62972441
Test: WV unit/integration tests. This introduces three test failures
* WvCdmRequestLicenseTest.PrivacyModeWithServiceCertificateTest
* Cdm/WvCdmStreamingLicenseRenewalTest.WithClientId/4
* Cdm/WvCdmOfflineLicenseReleaseTest.WithClientId/3
Change-Id: I6e9d4e23a9e7e81a63a994db8ec0b443893449a6
[ Merge of http://go/wvgerrit/33340 ]
Update usage entry information only when usage entries are
supported.
Bug: 65483034
Test: wv unit/integration tests on angler
Test: GTS tests
Test: playback using play movies and netflix
Change-Id: If5a33900a30ce88f97ef46a800817cd4c71d195e
The test verifies that a downloaded license receives an expiry event
in a session if it is released from another session. With
the introduction of the big usage table feature loading a
license/usage entry into multiple sessions is not permitted and
so this test is no longer needed.
Some OEMCrypto implementations might require OEMCrypto_UpdateUsageEntry
to be called between calls to OEMCrypto_LoadKeys and
OEMCrypto_ReportUsage. This CL adds the call to
OEMCrypto_UpdateUsageEntry.
Test: WV unit/integration test
Test: Playback using play movies and netflix
Test: GTS tests
Bug: 64988654
Change-Id: Ic737c3200ea1858736a168be835507378eaf7b3e
[ Merge of http://go/wvgerrit/26421 ]
* Corrects usage_table_header lifetime management. Earlier the
UsageTableHeader class was a singleton tied to the CdmEngine lifetime.
With SPOIDs there might be multiple concurrent CdmEngine objects.
The UsageTableHeader class is now associated with OEMCrypto
lifetime. There are two UsageTableHeader objects one for each L1 and L3.
These get allocated/deallocated on OEMCrypto Initialization/Termination
respectively.
* UsageTableHeader requires OEMCrypto, file read/writes and
metric gathering to perform its required functionality. Because of the
lifetime changes, CryptoSession, DeviceFiles and MetricsGroup objects
need to passed to the methods rather than at Creation time.
* Miscellaneous fixes, when moving or deleteing entries.
* Adds usage_table_header_unittests.
* Addresses failures with request_license_test with secure stop in L3.
b/36858906
b/36855557
b/36048120
b/38341136
b/37100505
b/35946047
Test: Verified by unit and integration tests. Added new
usage_table_header_unittests
Change-Id: I20e396ab2c0afbd14372dd93b969e5b0f1ccd291
(This is a merge of wvgerrit/25582)
Provisioning 3.0 devices that do not use SPOIDs have been returning
their full OEM Public Certificate as their device ID. While this is not
a security concern, (it is a PUBLIC cert) the cert is many times larger
than applications are likely expecting. (several kilobytes vs. just a
few bytes) This patch hashes the OEM Public Certificate to produce a
smaller value, but only when it is being provided out of the CDM to a
caller.
Bug: 34716264
Test: run_all_unit_tests.sh
Change-Id: Ib82cf7a174a8bf02ff606edd0394ada13842224c
[ Merge of http://go/wvgerrit/23820 ]
The UsageTableHeader class is a singleton that CDM sessions will share.
A separate object will be created for each security level. The class
synchronizes access to usage table header and associated data-structures
and controls when they are read in or written out to non-secure persistent
storage. Upgrades from a fixed size usage table (supported by previous
versions of the OEMCrypto API v9-12) are handled by this class.
b/34327459
Test: Verified by unit/integration tests on angler
Change-Id: Ifc5996985e76bc260c01e55bc12aab1248389a80
(This is a merge of go/wvgerrit/23154)
This patch updates the ClientCapabilities protobuf to match the latest
on the server side and adds plumbing to the provisioning request
process so that devices can report whether they like big certs.
Their capacity to lie remains untested.
Bug: 34076937
Test: license_unittest
Change-Id: I3bcc9f1741146953d8bc0ff3d7d2305e7ac2c118
[ Merge of http://go/wvgerrit/22980 ]
System Renewability Messages (SRM) contains a list of Key Selection
Vectors, which are HDCP Identifiers that have been revoked.
During HDCP negotiations a transmitter may authenticate a receiver
and verify that its unique identier is not present in the SRM.
This CL enables reporting of the current SRM version and whether SRM
updates are supported. It also loads SRM updates in the license
and specifies SRM version requirements when keys are loaded.
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
b/28955520
Change-Id: Id840078ea2deb01d9619c1cd8d367b50452f76cc
[ Merge of http://go/wvgerrit/22900 ]
Add GetClientToken(), GetProvisioningToken(), GetPreProvisionTokenType()
to CryptoSession. They return the correct token bytes and token type
for preparing the ClientIdentification message for provisioning and
license server transactions.
Also refactor service certificate handling.
OEM certs are introduced in Provisioning 3.0
b/30811184
* Address build breaks
[ Merge of http://go/wvgerrit/23162 ]
This addresses issues introduced by http://go/wvgerrit/22900
b/30811184
* When http://go/wvgerrit/18012 was merged (ag/1446934) some changes
were not merged for mapErrors-inl.h. These changes are included in this CL.
* When ag/1678104 was reverse merged to http//go/wvgerrit/21981/ a variable
was renamed and some comments were added to add clarity in cdm_engine.cpp.
These changes are included in this CL.
Test: All unittests other than some oemcrypto, request_license_test
passed. Those tests failed with or without this CL.
Change-Id: Ie0215509f2f985f2a610f5a4c865db47edec8662
[ Merge of http://go/wvgerrit/22565 ]
When using the grace period, the CDM will need to override the values
given to use by the TEE (through OEMCrypto). Normally the first (and
last) decrypt times are stored securely by the TEE. To avoid extra
complexity in OEMCrypto, we will simply ignore the values given to us
by the TEE when using this feature.
However, the TEE will still enforce the (hard) license duration. So
only the rental/playback durations will be affected by malicious
editing of files.
b/34211676
Test: Reran unittests including newly added tests. All tests other than
some oemcrypto, request_license_test passed. Those tests failed with
or without this CL.
Change-Id: I6d7b5bfb669fd8603b474b68c2f7175b0c30901d
* CDM license protocol updates
[ Merge of http://go/wvgerrit/22789 ]
No functional changes (yet) - all tests in widevine_ce_cdm_unittest
run successfully.
* Address android test build failures
[ Merge of http://go/wvgerrit/22983 ]
Updates to the license_protocol.proto in go/wvgerrit/22789
did not include the integration tests for android.
b/34202048
Test: Reran unittests. All tests other than some oemcrypto,
request_license_test passed. Those tests failed with or without this CL.
Change-Id: Ib9041d397187859b8fcbc1b1f7d275f8c4ef6aba
[ Merge of http://go/wvgerrit/19960 ]
Protections schemes are specified using a 4CC code {"cbc1", "cbcs",
"cenc", "cens"}. A host to network conversion was performed when the
PSSH was created and inserted into the license request. A reverse
conversion was performed when the code was extracted from the
license response.
These conversions are problematic if the PSSH is created externally and
passed into mediaDrm. To address this, the conversions have been removed
and allow protobuf to handle byte ordering. For backward compatibility
we allow codes in either ordering.
b/30713238
Change-Id: I25f01ecc621549fd3c13b443e4c8b89168463249
[ Merge of http://go/wvgerrit/17959 ]
This will allow the license server to base licensing decisions on the
devices security module revision.
b/28882058
Change-Id: I574e7686bb305397946d2bfaff504cfae242e628
[ merge of http://go/wvgerrit/17454 ]
When processing a license or renewal, calls to Set/UpdateLicense
update the policy information. A side effect was introduced whereby
updating the policy may cause (expiration, session key state)
notifications to be sent to the listener. Due to the ordering,
the notifications would be sent before the keys were loaded/refreshed,
which caused issues when the notifications were immediately acted upon.
This has now been corrected.
b/27842970
Change-Id: Id81a71ff48edfa9ca0baafc43267995d5a3e80a6
[ Merge of https://go/wvgerrit/17055 ]
There are a few bugs that need to be addressed to get HLS to work.
* Content ID in json init data is base64 encoded and needs to be decoded
before being added to the WidevineCencHeader proto.
* Protection scheme was not set in the WidevineCencHeader proto.
* HLS initialization data should be sent as a CENC content identification
in a license request.
b/20630275
Change-Id: Ie0ac33ac061931df6f26c0afbf3e62e5d01e5041
[ Merge of http://go/wvgerrit/16769 ]
Protos have been updated to match the google3 copy. This introduces
protection scheme to support HLS and MetricData to assist
in reporting. Changes have been made to set or consume data
from appropriate fields.
b/27146600
Change-Id: Ic928a406efb8fbb959b95a77dda6848e839b1948
[ Merge of http://go/wvgerrit/16364 ]
http://go/wvgerrit/16249 changed the name of the encryption pattern
structure from OEMCrypto_PatternDesc to OEMCrypto_CENCEncryptPatternDesc
to remove ambiguity. These are matching changes to CDM core.
[ Merge of http://go/wvgerrit/16340 ]
This CL passes the cipher mode in the license to OEMCrypto when
keys are loaded and specifies the pattern encryption scheme to
OEMCrypto_DecryptCENC.
b/20630275
Change-Id: I86b82bbdc891fd0100beb9fad385ca2082176271
* Update unit test make files to use BoringSSL
[ Merge of http://go/wvgerrit/14173 ]
This CL updates the android makefiles to use the libcrypto_static.
* Do Not Run Provisioning Tests On Devices Without Keyboxes
[ Merge of http://go/wvgerrit/15633 ]
The provisioning tests outside OEMCrypto were failing on devices that
use baked-in certificates because only OEMCrypto knows that the cert
is baked in and the device cannot be reprovisioned. This change
skips those two tests if the device says it does not implement
rewrapping the cert. (i.e. it does not implement provisioning)
Bug: 23554998
* Add new third-party libs (protobuf & gyp)
[ Merge of http://go/wvgerrit/14717 ]
The CE CDM used to expect these to be installed system-wide, which
creates challenges for integrators who must cross-compile the CDM.
These are now used in source form from third_party.
Change-Id: I29cca2f9415fe2fafdf948273e5a0f5d7de50285
* Extend CdmLicense's stored_init_data_
[ Merge of http://go/wvgerrit/14661 ]
CdmLicense will store init data when a server cert must be
provisioned. After provisioning, the original init data can be used
to generate the originally-intended license request.
To do this before, the caller had to call CdmSession's
GenerateKeyRequest with an empty InitializationData object. However,
the init data's type still had to be set, as did the license type.
This CL allows the caller to use a truly empty InitializationData
without a type. To permit this, CdmLicense now stores a full
InitializationData object, rather than just a copy of it's data field.
With this CL, the caller also avoid storing the original license type.
To accomplish this, CdmSession uses the already-set is_offline_ and
is_release_ flags from the original call to reconstruct the intended
license type. The caller uses the new type kLicenseTypeDeferred.
To facilitate storing whole InitializationData objects, they are now
copyable.
This ultimately simplifies server cert code for the new CE CDM.
* Store service certs in Properties
[ Merge of http://go/wvgerrit/14664 ]
This allows CE devices to mimic the Chrome CDM's behavior of sharing
server certs between sessions.
This also affects Android behavior. Previously, provisioned service
certificates were per-session, while explicitly-set service certs
were per-DRM-plugin. Now, both are per-DRM-plugin.
A DRM plugin is associated with a mediaDrm object. Content
providers will still be able to retrieve and use different
certificates. The change here requires an app, that wishes to use
different provisioned service certificates will have to use
multiple mediaDrm objects. This is an unlikely scenario.
Change-Id: If2586932784ed046ecab72b5720ff30547e84b97
* Add CE test for incomplete remove()
[ Merge of http://go/wvgerrit/14658 ]
This depends on I064c053dd986a432865163aed5c9c3493f14340b to get
PolicyEngine to implement the EME semantics expressed in this test.
This also excludes another error code from causing an error log in
CdmEngine::AddKey, because this is actually an expected, handled
error in the CE CDM and it causes some confusing noise during testing
and development.
* Drop CdmEngine test main
[ Merge of http://go/wvgerrit/14693 ]
The command-line arguments are no longer in use anywhere, and
dropping the CdmEngine test's main allows me to add those tests to
the CE test suite.
* Add PolicyEngine::SetLicenseForRelease()
[ Merge of http://go/wvgerrit/14651 ]
In order to implement the EME-specified behaviors for load() &
remove(), some small changes are required in PolicyEngine.
According to EME, you should be able to remove() an active session.
This means that releasing a persistent session is not a separate load
operation. EME also states that the keys should be expired when this
is done.
Remove() is implemented using GenerateKeyRequest(type=release). This
leads to CdmLicense::RestoreLicenseForRelease, which in turn calls
PolicyEngine::SetLicense. When removing an active session, the policy
engine will have keys already loaded. The old behavior would cause
these keys to be reloaded. We need them to be expired, instead.
Once a remove() has been started, the keys should never be loadable
again. If a release confirmation is not received by the CDM, the
session should still be loadable. EME states that once a session has
had remove() called, then is loaded again later, there should be no
keys. Not that they should be expired, but not present. The old
behavior would cause these keys to be reloaded as usable.
This new method allows EME remove() and load() behaviors to be
faithfully implemented in the CE CDM. When removing an active
session, the old keys become expired. When removing a partially-
removed, newly-loaded session, no keys will be loaded at all.
This change does not affect any existing tests in core/.
New tests have been added in PolicyEngineTest to cover the behavior
of the new method.
Change-Id: Idd61487c277c9eadb4a044cb2a563e151442a548
[ Merge of http://go/wvgerrit/14920 ]
The renew_with_client_id field was not being correctly set when licenses
were being restored for usage reporting.
b/22047007
Change-Id: Ib769431b1e49bb498f53d8153a970b6c0a2776d2
[ Merge from http://go/wvgerrit/14745 ]
License generation errors previously would result in code -2916 being returned
though the mediaDrm API. More descriptive error codes are now being returned
from -2850 to -2836
b/13976775
Change-Id: I613ad650ab0a072ce9d8029e2af52b72dc617236
(This is a merge of http://go/wvgerrit/14630)
To create a better flow when an application sets a service certificate
manually, we will now validate the certificate when it is given to us,
and if it is invalid, we will not allow the property to be set.
Bug: 21307186
Change-Id: If980ad075604223fc962a859fae93e98d86a7f4f
[ Merge of http://go/wvgerrit/14410 ]
When specifying a service certificate though mediaDrm, the CDM earlier expected
serialized service certificates rather than signed ones.
b/21334970
Change-Id: I39af2aa25e8dc2a651cbdce84eb32f266b5b3382
[ Merge of go/wvgerrit/14240 ]
Client information is reported in release and renewal messages based on
flag in the license. License proto has been updated to match server updates.
There are two caveats
* Client IDs will be reported unencrypted when usage reports are requested.
* Release requests that enable privacy mode (encrypted client IDs) but do not
specify a service certificate are not supported.
b/19247020
Change-Id: I95e709922122370f310936fbad3d312262128e49
The errors in the range ERROR_DRM_VENDOR_MIN to ERROR_DRM_VENDOR_MAX are
reflected in the message that is reported to the app, which is
MediaDrmStateException.getDiagnosticInfo().
Many errors map to kErrorCDMGeneric, especially KEY_ERROR is used as a
generic error in CDM. This fix defines more specific error codes in the
CDM for places where KEY_ERROR is returned.
Merge from http://go/wvgerrit/14071
bug: 19244061
Change-Id: I688bf32828f997000fea041dd29567dde18ac677
(This is a merge of http://go/wvgerrit/13813)
Removes the OS Version property which was only ever implemented on
Android to appease Netflix and never actually used by them. Adds,
instead, a Widevine library version property. Also adds
implementations of this function for both Android and CE Devices.
For Android, the version number is starting at 3.0.0-android, to
reflect that this is the third major revision of the Widevine CDM in
Android.
For CE Devices, the version number is not changing from its current
value (2.2.0) but is gaining a "-ce" on the end in order to
differentiate it from the Android version number.
Bug: 18376638
Change-Id: Ifb3fa0d62631b45d9e91a6a53bcab3be38763d3a
This is a merge of http://go/wvgerrit/13751 from the widevine
repository.
The CryptoSession had an enumeration for HDCP levels that was copied
from OEMCryptoCENC.h by hand. Since that header is included, there is
no need to have two enumerations.
b/16303994
Change-Id: Ief16ba62163776f9ca80375f3638ef4c7770e742
(This is a merge of http://go/wvgerrit/13761 from the Widevine
repository.)
This cleans up our includes to be in Google Style Guide order and in
alphabetic order, for the parts of the code that are expected to
follow Google Style.
This also converts places in our code that were including C headers
in the C++ style (i.e. <cstring> instead of <string.h>) to use C style
instead. This is because, although it was not causing problems for us
yet, on Android these actually include different headers. (<cstring>
is provided by libcxx, while <string.h> is provided by Bionic)
Lastly, this change puts all headers that do not come from within our
project in <brackets> instead of "quotes," which was not being done
consistently.
This change is explicitly NOT trying to standardize the spacing of our
header includes. I have tried to respect, in each file, the spacing
style already present.
Change-Id: If3dc06532ab9b68010285d64518ef21dce3d6354
Change anti_rollback_hardware_present field name in ClientCapabilities
message to indicate the field is for usage table rollback prevention.
Merge from go/wvgerrit/13817.
bug: 19869828
Change-Id: I982bfe484aa39a54d0c3a9ae60dd9e46351385d9
This copies over formatting changes from the Widevine CDM repository
that resulted from running clang-format with Google style on the
shared core/ directory. It also copies over some rewordings of log
messages that were made at the same time.
Aside from the changed log messages, this should not affect behavior
or functionality.
Change-Id: I69c57c188f7a79f30fa3517afeed17365929b6b6
OEMCrypto may report an HDCP status of "No HDCP device attached/using
local display with secure path". This is not propagated upto
the server as an appropriate HDCP value did not exist in the
license protocol. This has now been added. Netflix has requested that
this be reported.
[ Merge of https://widevine-internal-review.googlesource.com/#/c/11806/
from Widevine cdm repo ]
b/18377309
Change-Id: I3db88c7ab5e79a3c12dbc8a398c4770e14e5ee5c
Our recommendation to OEMs is that they support a table of at least 50
usage entries in OEMCrypto. If more usage entries are stored, the PSTs get
added to the CDM but are LRU'ed out of the OEMCrypto usage table. When the
CDM queries those usage entries, OEMCrypto will return a
OEMCrypto_ERROR_INVALID_CONTEXT. Rather than return an error and have
MediaDrm throw an exception, CDM should delete this PST and return the
next usage entry, when queried.
[ Merge of https://widevine-internal-review.googlesource.com/#/c/11457/
from Widevine cdm repo ]
b/17994711
Change-Id: I00e3f93000096fb434d94333e22958de795a4bb5
(This is a merge of http://go/wvgerrit/11613 from the Widevine CDM
repo.)
Adds a property for the OS version, implements it on Android, and
adds it to the license request property bag so that Netflix may
use it to discern the supported capabilities of the CDM.
Bug: 18230738
Change-Id: If5174a108093855314f3e0102b83691e20bb247b
When falling back to L3, release requests were failing. Information
requesting falling back to L3 is passed along when the session is opened.
Licenses however are released using the key set ID and information
requesting fallback to L3(CdmClientPropertySet) at that point is
unavailable. The release was actually attempting to release a license
at the default security level which is incorrect.
In addition, the mac keys were not being setup correctly and the release
message was signed with keys derived from the license request and not the
response. Both these issues have been addressed and unit tests added
to track release of offline licenses and usage reporting scenarios.
[ Merge of https://widevine-internal-review.googlesource.com/#/c/11062
from wv cdm repo ]
b/17073910
Change-Id: I5cd95a7dfe58ebae7ae27ece6c92e67755c1d665
* The Usage APIs return usage reports from either L1 or L3 (if available).
* Correction to when usage reports are saved. In addition to other events
they are now saved when keys are loaded, usage reports are released and soon
after first decryption and periodically (60 seconds) after that,
if decryption takes place.
* Usage reports now get deleted on an unprovision request.
* Policy timer is now started when offline licenses are restored.
* Usage session is now released, when a usage response is received.
* Usage tests ahev been enabled.
* Added CDM extended duration (integration) tests to test usage reporting
and querying. These need to be run manually as they take a while (currently
half an hour).
b/15592374
[ Merge of https://widevine-internal-review.googlesource.com/#/c/10800
from the Widevine CDM repo ]
Change-Id: Ia817e03ebbe880e08ba7b4a235ecb82b3ff35fbf
