Since CryptoSession::RewrapDeviceRSAKey takes a const std::string& nonce, the calling code
implicitly constructa temporary std::string from a character array with undefined termination
and sometimes bogus value when nonce.data() is passed in.
Bug: 9016828
Merge of https://widevine-internal-review.googlesource.com/#/c/5690/
from the Widevine CDM repository
Change-Id: Ia3beaa5f1a96924a8cc53a719f25af52217b8cc5
There is an ambiguity in the use of the signature length in
OEMCrypto_GenerateRSASignature. If the pointer to the vector is null,
the function should set the length parameter to be the size of the
buffer needed.
This ambiguity has been clarified in the documentation: the
length returned should be the exact length of the buffer. It
will be corrected in a future release of Qualcomm's L1. However,
we are putting this change in both as a stop-gap and as a
belt-and-suspenders fix.
Bug: 8878371
Merge of https://widevine-internal-review.googlesource.com/#/c/5494/
from the Widevine CDM repository
Change-Id: I7574874884ca10da68d15674c971a565d015767d
In the android media DRM api test, provisioning is indicated, when a
generate license request command is issued after a switch between L1 and
L3. This is as expected as oemcrypto is unable to decrypt
the key wrapped earlier (bad padding). Subsequent provisioning request
and storage of wrapped keys complete successfully. If the same session
is used to reissue a generate license request command, the wrapped keys
and cert used are those present in memory from the initial retrival,
rather than rereading the new ones from persistent storage.
This results in a cycle of successful provisioning attempts followed
by generation of license requests commands which return a provisioning needed
error.
A change has been added to reinitialize the session and reload the
wrapped keys.
b/8878324
Merge of https://widevine-internal-review.googlesource.com/#/c/5600/
from the Widevine CDM repository.
Change-Id: Iaf47d15d104fd681706df5f64be583af24186abe
In a renewal message, in order to extend the duration, the server sdk
sends back a single key in the key container. Earlier the key was of type
CONTENT and only contained a key control block. No id, key data or
iv information were supplied. After a recent server sdk update
the key type in the renewal message has been changed to KEY_CONTROL.
This change enables the client to process the updated renewal message.
bug: 8736545
Merge of https://widevine-internal-review.googlesource.com/#/c/5434/
from Widevine CDM repository
Change-Id: Ia9f3620b86460278285fddee57ee923e269de7c1
Bug: 8770327
1. Allow provisioning retries
Allow multiple provisioning request messages to be generated without
requiring an equal number of HandleProvisioningResponse's. This is to
allow for lost messages.
2. Properly deletes cdm and crypto sessions created for cert provisioning.
The CleanupProvisioningSession() has not been deleting the cdm and crypto sessions
created for certificate provisioning properly. The lives of these sessions are
short and therefore, not added to the CdmSessionMap. We need to explicitly delete
these objects when error occurs or when we are done with provisioning.
3. Fixes provisioning responses that contain multiple chunks.
When we make multiple provisioning requests during testing, Apiary
sends response that contains more than one chunk. The test app.
needs to parse the response and concatenates the chunk data.
Otherwise, the size for each chunk is treated as base64 encoded data,
which will generate error when we try to deserialize the response
message.
Merge of https://widevine-internal-review.googlesource.com/#/c/5451/
from the Widevine CDM repository
Change-Id: I5b0ed982849c12628a3949f8d51515fcf6ce5a5f
The android timer class was not generating timer events correctly. This caused
renewal and expiration events not to be sent. A strong pointer to the
timer thread was not held and this caused the android util timer
thread to exit after firing once. This is now addressed.
Bug: 8736545
Merge of https://widevine-internal-review.googlesource.com/#/c/5353/
from the Widevine CDM repository.
Change-Id: I2d904e55d4d10eacc1a51f1c6b5c1a267c92c8d8
Currently the CDM requires the caller to specify init data both on key
generation and renewal requests. With this change the CDM relaxes
this requirement for renewals.
Bug: 8732893
Merge of https://widevine-internal-review.googlesource.com/#/c/5322/
from Widevine CDM repo
Change-Id: Idf4ad2bdb20023da4f30bc369ed87eb811c1c4d9
This new format uses the SignedProvisioningMessage proto buffer definition so
the client does not have to parse the message and signature from the JSON
response separately. This change makes it more flexible to extend the fields
in the SignedProvisioningMessage.
Adds Apiary API key to the default provisioning server url.
Fixes a bug in GetCertRequestResponse() where a LOGD() can generate a
fault if there is no response data.
Bug: 8620943
Merge of https://widevine-internal-review.googlesource.com/#/c/5230/
from Widevine CDM repository
Change-Id: I4945ee2d16f88666e41edf990dd07102a9271105
bug: 8621521
This fixes a problem where insecure audio buffers were being
passed incorrectly as secure buffers to the trusted
environment's OEMCrypto_DecryptCTR.
This is a merge of the following changes from the widevine
git repository to android git repository:
https://widevine-internal-review.googlesource.com/#/c/5163/2
Allow selection of secure/non-secure buffers
https://widevine-internal-review.googlesource.com/#/c/5164/
Pass Secure Buffer Request to CDM
Change-Id: Iec1192a216305c6cf92c359b15b148eccc6ce6ce
Upgrade to version 2.1 of license protocol in OEMCrypto.
related-to-bug: 8621521
Merge of https://widevine-internal-review.googlesource.com/#/c/4952/
from Widevine CDM repository to android repository.
Change-Id: I0d85dae1981b7525ab17aec5f21cf668d078bf47
OEMCrypto was being initialized on session creation. Calls to
get property information may occur before any sessions are
created. This resulted in calls to OEMCrypto before a call to
OEMCrypto_Initialize which caused a segfault.
OEMCrypto initialization is now verified before any other calls are made.
Unit tests have been modified to verify that this indeed works.
bug: 8660973
Change-Id: I1b14fa8ad2e88750776b28715a48d8a1d1c57089
When non-encrypted buffers are sent to OEMCrypto_DecryptCTR,
the cdm is overriding the buffer type to be non-secure. This
is incorrect, the encrypted state is not the same as the buffer
protection level.
This change removes the special case override that should not
be there.
bug: 8621521
Change-Id: I705b1dc82b393305b9e6bdcb524d6b8126f58d3d
Adds a new property to the CDM's QueryStatus called QUERY_KEY_SYSTEM_ID that
contains the System ID. (as read from OEMCrypto_GetKeyData) Adds a new
property to the DrmPlugin (cleverly named "systemId") that allows the app to
query for this. Also adds unit tests.
Also changes the Device ID getter in crypto_engine.cpp to return a failure
instead of an empty ID.
Bug: 8621632
Merge of https://widevine-internal-review.googlesource.com/#/c/5010/ from
widevine cdm repository to android repository.
Change-Id: I8f309af18487c499e8ce25e829059e45623ea4dc
bug: 8601053
This import syncs to the widevine git repository change
commit 6a99ad1b59ad39495f62954b3065ddc22b78da49
It includes the following changes from the widevine git
repository, which complete the jb-mr2 features
Fix Unit Test Makefile
Adds support for device certificate provisioning.
Support application parameters
Certificate based licensing
Proto for client files
Implement Property Query API
Add Device Query For Unique ID
Implement Generic Crypto in DrmEngine
Do not validate Key IDs on clear playback
Allow OEMCrypto_DecryptCTR with clear content and no key
Add a case to the MediaDrm API test to repro b/8594163
Implement requiresSecureDecoderComponent
Implement Eventing API
Add end-to-end decryption test with vectors
Refactoring of properties class
Refactor OEMCrypto unittest.
Fix for b/8567853: License renewal doesn't renew license.
Add KEY_ERROR callback to WvContentDecryptionModule() ctor.
Merged certificate_provisioning.proto and
client_identification.proto to license_protocol.proto.
Fix nonce check failure after a malformed key in OEC Mock.
asynchronize decryption
Allow querying of control information
make debugging AddKey & Decrypt statuses easier
Revert "Revert "Send KEY_ERROR event to app on license
expiration or failure""
Revert "Send KEY_ERROR event to app on license expiration
or failure"
Send KEY_ERROR event to app on license expiration or failure
remove extra session id copy
use KeyError constants directly
replace variable-length arrays with std::vector and fixed-sized array
pass session ids as const references
refactor key extraction and update keys on renewal
Updates to enable renewals and signaling license expiration.
fix error constant in OEMCrypto_DecryptCTR
Change-Id: I5f7236c7bdff1d5ece6115fd2893f8a1e1e07c50
This import syncs to the widevine git repostiory change
commit ab3e1e43642cf36900f55169597a33f222709fdb
Change-Id: I3a6f1e2969e5fe7ed1ca12f90b0eb0a3b7899835
This change incorporates the following CLs from the Widevine
cdm repository:
Update the java request/response test app to match Drm API changes
Don't build the mock liboemcrypto.so by default
Do not build CDM tests by default
Fix Build Break in DrmEngine Unit Tests
Fix Build Break in WVDrmPlugin
Initial version of roadmap for CDM projects.
Implement License Query
Implement Generic DRM in OEMCrypto Reference Implementation
Add key_data_length field when calling OEMCrypto_LoadKeys
Policy engine unittests
Generalized DRM API for OEMCrypto
Fixes proto buf libraries build.
Add Version Number to OEMCrypto API
Test key control block duration field in OEMCrypto
Add fix for missing crypto offset.
Fixed android/media*/test builds and added proto files for Cert. provisioning
Refactor and clean up callback code in CDM.
Add "device_id" name-value pair to LicenseRequest::ClientIdentification
Separate unit and end-to-end tests from the top level makefie.
Includes changes for 'fall back to l3 oemcrypto lib' in top level makefile.
Fall Back to Level 3 if Level 1 Fails
Fix compilation error in wvcdm_unittest.
Fix Android build break due to Decrypt() signature change in cdm_engine.h.
Wire up callbacks and errors in the Steel proxy.
Fix lock assert if there is no keybox on the device.
RSA Certificate Unit Test
Change Generic_Verify signature to constant.
Change-Id: I2e42db9d0b4f8d4e833675ae81d0714509bbfd2c
The top level makefile will build license_protocol_protos.a, which is
needed by libcdm.a. Unit and end-to-end tests are now build separately
under cdm/test.
Also, the tests use Google C++ Testing Framework, so please build the
gtest library from external/gtest and run "mm" once before building
the tests.
Or just run "mmma vendor/widevine/libwvdrmengine" (or mma in
vendor/widevine/libwvdrmengine") once.
Change-Id: Iec5a7a974e2f23651191b7325230d9ae3d6b83f2
Builds libwvmdrmengine.so, which is loaded by the new
MediaDrm APIs to support playback of Widevine/CENC
protected content.
Change-Id: I6f57dd37083dfd96c402cb9dd137c7d74edc8f1c
This header file documents the interface of the ContentDecryptionModule
and the CDM client.
b7615806
Change-Id: I9a036ec5539f7e5b66adb8a6a4326120624d1b30
