Merge from Widevine repo of http://go/wvgerrit/46204
Refactor utility code - split the mock, step 1
Merge from Widevine repo of http://go/wvgerrit/46205
Move some OEMCrypto types to common header - split the mock, step 2
Merge from Widevine repo of http://go/wvgerrit/46206
Split mock into two -- step 3
Merge from Widevine repo of http://go/wvgerrit/47460
Split the mock into two -- step 3.5
The CL moves several files used by oemcrypto and cdm into a common
subdirectory, so that it may more easily be shared with partners.
The CORE_DISALLOW_COPY_AND_ASSIGN macro was moved to its own header in
the util/include directory.
This CL removes some references to the mock from other code, and puts
some constants and types, such as the definition of the keybox, into a
header in oemcrypto.
Test: tested as part of http://go/ag/4674759
bug: 76393338
Change-Id: I75b4bde7062ed8ee572c97ebc2f4da018f4be0c9
[ Merge of http://go/wvgerrit/58460 ]
If OEMCrypto runs out of space in the usage table header+entries adding
a new license or loading/using an existing one might fail. This CL makes
two modifications to handle this scenario.
* OEMCrypto_ERROR_INSUFFICIENT_RESOURCES will be returned from
OEMCrypto_CreateNewUsageEntry or OEMCrypto_LoadUsageEntry. An attempt
will be made to release a LRU entry from the usage table and retry
the operation. This may be retried 3 times unless success
occurs earlier.
* On initialization, the usage table header is loaded. If there are more than
the minimum number of usage entries (200), an attempt is made to
add a usage entry. If this fails, we are likely in an unrecoverable
state. We then delete all offline licenses, usage information and
recreate the usage table header. This will allow future playback
attempts to succeed and offline licenses to be able to be downloaded
but will lose all current offline licenses and secure stops.
Bug: 112486006
Test: WV unit/integration tests, GtsMediaDrmTest
Playback tests using Netflix and Play movies.
Change-Id: I41a18d69a329f8a96c7b607d299ce73af3d56177
Merge from Widevine repo of http://go/wvgerrit/58440
This CL modifies the oemcrypto test TwoHundredEntries so that it
attempts to create more than 200 entries. A device is allowed to fail
when such an attempt is made, but it must return an insufficient
resources error.
The test then verifies that each of the entries that were succesfully
created can be used to reload its license and the keys can be used for
decryption.
It then shrinks the usage table header, and verifies that the
remaining licenses can still be used for decryption.
bug: 112486006
test: unit tests (test code only)
Change-Id: I6e6edfb00f0553724e0f99fb4e5ea5c817450937
To be compatible with latest googletest.
Test: compile
Change-Id: I15d857ce7b9b28ba5f75c84c61f1c6a970012ca7
Merged-In: I15d857ce7b9b28ba5f75c84c61f1c6a970012ca7
(This is a merge of http://go/wvgerrit/55265)
Compiling with GCC 7 revealed that a function call in this test was
missing an argument. It meant to be passing the output protection level
to the function, but because of optional arguments, it was instead
passing it as the fourth argument.
Fixing this revealed that the test cases for the test were incorrect in
one case, which has been fixed to expect the correct results.
Thankfully, this part of the code does not appear to have been broken
while the tests had this hole.
Bug: 111648438
Test: build_and_run_all_unit_tests.sh
Change-Id: I6c13d5fecdccc4185ca5e8698fc845929ff16cb1
Merge from Widevine repo of http://go/wvgerrit/53980
The provisioning doc changed names, and I accidentally added the new one
without deleting the old one.
I also added a watermark to the newer one.
Change-Id: Ib6e553aa5222c0c59dc03a897229645d37e4189e
[ Merge of http://go/wvgerrit/52040 ]
Information stored in files are serialized and protected by an MD5 hash.
When files cannot be read because the MD5 hash computed over it
fails verification, the file is deleted. This allows for recovery.
However if the protobuf deserialization fails we return an error
but do not delete the file. When errors of this sort occur
with usage information files, the CDM cannot recover.
removeAllSecureStops() will fail as well and new licenses
with PSTs cannot be processed. In order to recover the file will
be deleted when a protobuf deserialization error occurs.
Bug: 109765590
Test: WV unit, integration tests. GTS tests. Netflix and Play Movies playback
Change-Id: I408914924e644d5c22b2ba7865d3a7d598788ee6
[ Merge of http://go/wvgerrit/51322 ]
This avoids taking the session_map_lock_ twice.
Bug: 80248149
Test: WV unit/integration tests, GtsMediaTestCases,
2 days of netflix playback.
Change-Id: Iea1c7b7ba08d7d40c227d21c5abfce13c0a8b395
Merge from Widevine repo of http://go/wvgerrit/49580
This document explains which version of OEMCrypto is compatible with
which version of CE CDM or Android. The intent is to share this on
all Widevine partner repos.
bug: 77637828
Change-Id: Id7db8f9cb5f2a5c6bf35dfecd2ae3b3fabd09c56
testing: documentation only
Merge from Widevine repo of http://go/wvgerrit/51081
Clarifies the Level 3 OEMCrypto library, talks about build files, and data
migration.
test: documentation only
bug: 74242000
Change-Id: Id1c9f9cb44f0b3e5bc084458b1d934b9fea18ac8
Some documentation updates.
Merge from Widevine repo of http://go/wvgerrit/50941
bug: 79940606 OEMCrypto_PST_Report are network byte order
bug: 79874942 [Documentation] PST_Report struct layout differs from documentation
bug: 74010869 CGMS Best Effort
test: documentation change only
Change-Id: I1e9149efcfa5d91c503b74e6776ebb8f25cda15c
(This is a merge of http://go/wvgerrit/51084)
Nominally, OEMCrypto probably shouldn't modify the buffer descriptor we
pass into OEMCrypto_DecryptCENC(), but in practice, we know some
platforms do this, so we make defensive copies in
CryptoSession::DecryptInChunks() just in case. Turns out, some devices
also behave like this in OEMCrypto_CopyBuffer(), so we should also be
doing defensive copies in CryptoSession::CopyBufferInChunks().
Bug: 79779554
Test: ExoPlayer Demo App, played "Secure Subsample UHD (WebM, VP9)"
Test: build_and_run_all_unit_tests.sh
Change-Id: Ib46043a6cc0aa42d1d1cc85f5adb477c566363e9
Merge from Widevine repo of http://go/wvgerrit/50600
The entry count was really 201 -- it should be 200.
test: This code is unit tests only -- no production code.
bug: 79875327
Change-Id: Ib81253ce9d51a7157ea0a64cddeb6cc266b3e25e
* changes:
Protect sessions from concurrent access.
Address concurrency failures between calls to decrypt and periodic timer
Revert of "Prevent race conditions between decrypt and close session"
Merge from Widevine repo of http://go/wvgerrit/50422
This CL adds unit tests to verify that a usage report can have the status
kInactiveUnused.
bug: 79556142
test: unit test code only
Change-Id: I10f71ac2e585ef33727aa8f80d867d80fe156ab8
Locks in earlier releases controlled access to sessions and the list
of sessions for each CdmEngine instance. This guarded against
concurrent access between session management (OpenSession,
CloseSession, etc), periodic timer calls and calls to Decrypt.
The list of sessions and locking was moved to a separate class
CdmSessionMap. This left open the possibility that a session
might be destructed, while being called to decrypt or invoked through the
timer. An attempt was made to add per-session locks in b/73781703
but this was found insufficient.
Per-session locks will be introduced in a future changelist, but for
now the coarser locks will be reintroduced.
Bug: 73781703
Bug: 79158083
Bug: 79262108
Bug: 79436509
Test: WV unit/integration tests, GTS GtsMediaTestCases tests and
24 hours of continuous Netflix playback.
Change-Id: I30a3ede340192370dfe5c92c01b1c76df16b7123
[ http://go/wvgerrit/50341 ]
The shared_ptr implementation was taken from a google3 implementation.
Updates to the reference counter needed to be atomic and were
platform dependent in the original code. These were not carried
over to this codebase. Race conditions between calls to decrypt and
the periodic timer, led to incorrect reference count values.
CdmSession objects were then destructed while references to
them still existed. Segfaults occurred when they were referenced.
Bug: 79431096
Test: WV unit/integration tests, GTS GtsMediaTestCases tests and
24 hours of continuous Netflix playback.
Change-Id: I6008ddba869efcc58972e5ea8644a204f91410ab
[ Original CL http://ag/3890635,
Merge of http://go/wvgerrit/50340 ]
The original fix was not sufficient to address all race conditions.
A subsequent CL will address them.
Bug: 73781703
Bug: 79158083
Bug: 79262108
Test: WV unit/integration tests, GTS GtsMediaTestCases tests and
24 hours of continuous Netflix playback.
Change-Id: I869c22a250e2467b3d49935815e4157dc012fff5
[ Merge of http://go/wvgerrit/49980 ]
This CL
* corrects some of the test expectations
* switches test content used to test streaming with provider session tokens.
The policy of the earlier test content had changed.
* adds some more information to log messages
Bug: 63819720
Test: WV unit, integration tests, WvCdmExtendedDuraionTest,
GtsMediaDrmTest
Change-Id: I8fdbc9c38d6018cc6e884e1b95b2e9d26e7aa536
This fixes Widevine's getMetrics call so that it will return vendor
metrics through the Drm plugin 1.1 interface.
Bug: 73724453
Test: New and existing unit tests. Updated and existing GTS. Google Play manual.
Change-Id: Ie35128dc80bd6eabf9e1f3b9c1800256af77bc51
Merge from Widevine repo of http://go/wvgerrit/49302
This CL adds some unit tests to verify that several OEMCrypto sessions
do not share nonce tables.
bug: 64850992
test: unit tests run on sailfish, taimen, and walleye.
Change-Id: I06cf3fdafb84f8b09cf2f0e58c1866bac511a293
Merge from Widevine repo of http://go/wvgerrit/49805
This aligns the oemcrypto reference code and unit tests to match the
API design doc: http://go/oemcrypto
bug: 79375509
test: unit tests pass
Change-Id: I13761a7384a17e99d88e61aaf80b4a22941fd172
[ Merge of http://go/wvgerrit/49822 ]
This avoids logging an unnecessary error, when the session is not found.
Bug: 79210873
Test: Wv unit/integration test, GtsMediaDrmTest, playback with Play
Movies and Netflix.
Change-Id: Ifef99d1380d763670ad0fa89c885fb5fd41567e2
Merge from Widevine repo of http://go/wvgerrit/47760
This CL adds a pdf of the document Widevine DRM Device Provisioning
Models, which explains the difference between Provisioning 2.0 and
3.0.
bug: http://b/74242000 Update Integration Guide
test: documentation only.
Change-Id: I64026ab4e93931adaa168d99939ee71d760e5862
[ Merge of http://go/wvgerrit/48640 ]
Usage information is saved periodically, in order to avoid excessive
flash writes. This limits our session usage accuracy to
within a usage save period. Saving usage information when
closing a session is an improvement and addresses some failures
seen with Netflix compliance tests.
Bug: 74015553
Test: WV unit/integration tests
Change-Id: I680aad05922f334df0611ff3933082a512f7c002
[ Merge of http://go/wvgerrit/48720 ]
The device ID does not need to be sent in the client identification
information as it is either present in other fields or ignored
by the license service.
This also allows for build information to be reported during
provisioning for devices with OEM certificates.
Bug: 78578351
Test: WV unit/integration tests. GtsMediaTestCases.
Change-Id: I708c63d34f0e2df7e465154d12096a394a1b23d7
[ Merge of http://go/wvgerrit/48400 ]
Client identification information has recently been enabled in
provisioning messages. For privacy concerns this information
is being encrypted with a default service certificate.
Apps need to be able to override the default one to allow
for provisioning with third party provisioning services.
Bug: 78420508
Test: WV unit, integration tests
New WvCdmRequestLicenseTest.ProvisioningTestWithServiceCertificate test
GTS MediaDrmTestCases
Change-Id: Iee61ad47d33ce011efbea4eb90f7e4b1f032d15f
Merge from http://go/wvgerrit/47640
Test: unit/integration tests
Bug: b/62058202
The usage table keeps track of license duration by using the current
system time. However, if a user were to rollback the time, they can
effectively continue offline playback indefinitely. This changes the way
we compute time by computing offsets by which the user rollbacked the
time and adding it to the current time. This change also includes a test
to verify protection against rollback for usage entries that is only run
when the user is root.
Change-Id: I97c430e1443747b0f9759ae5390b8f5d06bdebf1
