Merge of http://go/wvgerrit/17040
The delta document specified the wrong error code if
Minimum_Security_Patch_Level is not valid. The correct error is
OEMCrypto_ERROR_UNKNOWN_FAILURE.
b/27524999
Change-Id: I0c5d9b6d40b384ae3550348569d78c60093a65d4
[ Merge from http://go/wvgerrit/16499 ]
Passing clear subsamples to OEMCrypto_CopyBuffer and encrypted subsamples
to OEMCrypto_DecryptCTR was causing performance issues as a lack of crypto
session information made it hard to associate clear and encrypted
subsamples with each other.
[ Based on a patch from Kelly Ren/Qualcomm ]
b/26538744
Change-Id: I4644f197b2ec481f6aa89d3fce29b22ebb7b0c06
(cherry picked from commit e3724815c6)
[ Merge of https://go/wvgerrit/16940 ]
An alternate scenario to renewing keys is to load the same keys in
a separate session and make use of them by using the session sharing
feature.
Session sharing involves iterating through a map of sessions and
returning the first session that contains the Key ID. In certain cases
(license about to expire) we might prefer an alternate session
be chosen.
Licenses may expire in two ways. Policy engine, driven by a 1 second
timer may detect expiry and send an asynchronous event. OEMCrypto may
also detect expiry based on information in the key control block
and return an error during decryption. It is possible that these
may differ by upto a second. This can lead to issues where decryption
fails but EVENT_KEY_EXPIRED is not generated till later.
It is possible to address this by using information from both timers
to notify the app about expiry. To implement this correctly will
add complexity and require synchronization between threads. To avoid
this an alternate solution is, if session sharing is used, to pick
the session that has a license with the longest remaining validity.
b/27041140
Change-Id: I398cc4c10ee3a2f192d4a0befe7c8a469dd5bf86
Update "Deliverables: section 7.5 to include instructions for N.
Update version to 2.4.
bug:27301749
Change-Id: I84ddaee65325f1efe9da8d9963075b864cf236a2
Update "Deliverables: section 7.5 to include instructions for M.
Update version to 2.3.
bug:27199720
Change-Id: I55b6177f3e3e97763c6c1721836ad19ff457351f
When merging the change from Widevine's repo over to NYC,
some deletes were missed. This change removed the unused
classes profiler_session and stats.
The make file still had a reference to Stats, which was
likely due to a merge conflict.
Change-Id: Ic39baafab4bfd84e2b462f6749761c8a228244c7
This aligns our test script with the functionality found in our TF
test configuration for preventing concurrency issues with DroidGuard.
Matching Widevine cl: go/wvgerrit/16791
Change-Id: Icc891de0a5f3795d8582b21e1bcf734049ddbf42
This change is a merge of the following changes:
1. Remove MultipleSessions (go/wvgerrit/16763)
2. Increase Memory Budget (go/wvgerrit/16764)
3. Fixing Possible Integer Overflow (go/wvgerrit/16765)
4. Creating Call Table (go/wvgerrit/16766)
5. Creating Call History (go/wvgerrit/16767)
6. Connecting Profiled Scope (go/wvgerrit/16768)
7. Adding Call Table Version Number (go/wvgerrit/16780)
8. Add Version Number to Call History (go/wvgerrit/16781)
bug: 27157796
Change-Id: Ia3f088a1714f3f5b426fee6141daa4ea8d832cf4
[ Merge of http://go/wvgerrit/16769 ]
Protos have been updated to match the google3 copy. This introduces
protection scheme to support HLS and MetricData to assist
in reporting. Changes have been made to set or consume data
from appropriate fields.
b/27146600
Change-Id: Ic928a406efb8fbb959b95a77dda6848e839b1948
[ Merge of http://go/wvgerrit/16544, http://go/wvgerrit/16639 ]
* This fixes the oemcrypto unit tests to build with the ce cdm.
The unit tests do not build when it is detected that a long (NULL)
is compared to a pointer.
* Remove NULL pointer comparison
On some platforms ASSERT_NE(NULL, ptr) does not work. This CL
replaces it with ASSERT_TRUE(NULL != ptr).
* Test Simultaneous Decrypt
With the increasing number of devices that support multiple screens or
windows, it is desireable to verify that OEMCrypto can have several
sessions open and actively decrypting at the same time.
Calls to OEMCrypto are still serialized -- this is not a threading
test -- but we still have multiple sessions open and decrypt from each
of them.
* Remove unused variable in initialization_data
Change-Id: I1a4be38fb30a14f610544416db653a81342f16b3
[ Merge of http://go/wvgerrit/16625 and http://go/wvgerrit/16633 ]
Reduce the number of parameters needed by GenerateKeyRequest.
Combining all output values into a single struct.
BUG: 26162546
Change-Id: Ibeb3f4df4a8e877511f8ab2e6c543001a921f285
[Merge of http://go/wvgerrit/16626]
[Cherrypick from http://go/ag/858552 to nyc-dev branch]
Setting umask to ensure only owner can access sensitive files.
Fixes request_license_test which creates directories and files
accessible by group and others.
bug: 26567162
Change-Id: I63553ec9210f3a4c160cd4c4f2a49c9e0a4157db
This silences the canary test to match the Android version string
change from NYC to N. properties_android.cpp has already previously
been updated for N, so no need to bump the Widevine Android version
number at this time (see: go/ag/800077)
Matching Widevine cl: go/wvgerrit/16664
Bug: 26901110
Change-Id: Ib8f47f77bbb4dd2c7c302102fe43007059af2d50
[ Merge of http://go/wvgerrit/16628 ]
Jsmn will replace a local method that parsed json init data.
Added a fix to include all key Ids in the WidevineCencHeader rather than
just the first. Also modified the content_id to reflect that it is a
base64 encoded value.
b/20630275
Change-Id: I7080c8cea21be4dea09a4905a96b4cc03e584c1d
[ Merge for http://go/wvgerrit/16617 ]
This adds additional test coverage to verify HLS EXT-X-KEY attribute
lists.
b/20630275
Change-Id: I72d7aa13b9b190728a56668ab79fa5e93bfa0d8b
[ Merged of http://go/wvgerrit/16576 ]
The WV EXT-X-KEY attribute list earlier expected a cenc PSSH box in the
URI field, in a hexadecimal sequence format. To ease the burden on
content providers, the URI field will now contain init data in a json
format and base64 encoded. The platform will assume responsibility
to parse this data and create a widevine init data protobuf that
can be included in the license request.
b/20630275
Change-Id: I49e270bedbe96791fc9b282214a9a358d95d163e
[ Merge of http://go/wvgerrit/16550 ]
This is in addition to Web safe Base64 encode/decode support by core.
Change-Id: I9ed51721b138a7f15fb4d216796deadd5d5b31a2
This CL is a merge from the widevine repo of
http://go/wvgerrit/16553 Prebuilt Level 3 OEMCrypto for Android
http://go/wvgerrit/16238 Require OEMCrypto v11 for Android N Unit Tests
http://go/wvgerrit/16484 Shared License Tests (OEMCrypto v11)
http://go/wvgerrit/16448 Pattern Decrypt Unit Tests and Reference Implementation
http://go/wvgerrit/16489 Enforce UNUSED Variables
http://go/wvgerrit/16479 Pattern Decrypt for Level 3 OEMCrypto
http://go/wvgerrit/16280 Correctly handle bad RSA key
http://go/wvgerrit/16315 Security Patch Level - haystack version
http://go/wvgerrit/16282 Correctly handle null pointer in GetKeyData
http://go/wvgerrit/16294 Initialize data for generation number
It contains the Level 3 implementation, as well.
mips/libwvlevel3.a Level3 Library Jan 22 2016 14:30:27
arm/libwvlevel3.a Level3 Library Jan 22 2016 15:03:55
x86/libwvlevel3.a Level3 Library Jan 22 2016 13:52:29
b/26692954 [DRM] OEMCrypto v11 needed for Nexus devices
Change-Id: Ibb1384959620f63a1be1e82ce2952ec9f48f0d3e
Merge from Widevine repo of http://go/wvgerrit/16499
With the increasing number of devices that support multiple screens or
windows, it is desireable to verify that OEMCrypto can have several
sessions open and actively decrypting at the same time.
Calls to OEMCrypto are still serialized -- this is not a threading
test -- but we still have multiple sessions open and decrypt from each
of them.
Change-Id: I5b24f4a464ed05a5b21625c66fe7989644b67a5a
[This is a merge of http://go/wvgerrit/16522 ]
This commit adds support for CBC and Pattern Mode to the MediaCrypto
implementation. These are the only changes needed to support HLS. (No
change is needed for MediaDrm, as it already passes HLS initialization
data along to the core without closely inspecting it, as it should.)
Following this change, the glue layer also supports the CENC, CBC1,
CENS, and CBCS modes from the forthcoming update to the ISO-CENC spec.
Note that, in order to differentiate CBC1 and CBCS, we have to cue on
the presence or absence of a pattern, which may not continue to be
sufficient in the future if a third CBC mode using patterns is ever
added.
Note that the unit tests for this code remain disabled for now. New
unit tests are forthcoming in a separate commit.
Bug: 25666017
Change-Id: I5942a8b70393e63b4de9d7dab985c4c2a98a20b3
[ Merge from http://go/wvgerrit/16498 ]
The CDM now supports AES CTR and CBC block cipher modes. The license
specifies the mode to be used in the key container. The mode is
also specified in mediaCrypto when calling decrypt. This adds
verification for the cipher block mode.
Change-Id: I2587fc1e4b6d77161f2f8653f8516024c73dd8ac
[ Merge from http://go/wvgerrit/16499 ]
Passing clear subsamples to OEMCrypto_CopyBuffer and encrypted subsamples
to OEMCrypto_DecryptCTR was causing performance issues as a lack of crypto
session information made it hard to associate clear and encrypted
subsamples with each other.
[ Based on a patch from Kelly Ren/Qualcomm ]
b/26538744
Change-Id: I4644f197b2ec481f6aa89d3fce29b22ebb7b0c06
This is a merge of squashed CLs.
* Cdm Session and Engine interface clean up
[ Merge of http://go/wvgerrit/16387 ]
Key Set Ids have been removed from the CdmSession interface
(GenerateKeyRequest, Addkey) as they can be queried by an accessor.
The CdmEngine interface now allows one to specify or retrieve a session ID,
since both were not being used in a single call. Key set IDs are no longer
returned though GenerateKeyRequest as they was not being used.
* Generate key set ID when session is initialized
[ Merge of http://go/wvgerrit/16370 ]
Key set IDs are currently generated at different times in the
CdmSession lifecycle. Android generates key set IDs when the license
is received, while the CE CDM generates (or overrides them)
when the session is constructed.
The key set IDs are now generated when the session is initialized.
Key set generation cannot occur earlier as it has a dependency on
security level and in turn on crypto session initialization which
occurs when the session is initialized.
Depenencies on Session ID has caused other activities, construction of
PolicyEngine, CdmLicense, setting property CDM client sets to be
deferred from CdmSession constructor to Init().
Android will still retrieve the key set IDs after the offline license is
processed. For streaming requests, the key set will be
unreserved and discarded when the session is terminated.
Change-Id: Ib802d1c043742d62efa9a2c901fcd113e836c33d
(This is a merge of http://go/wvgerrit/16496 )
run_all_unit_tests.sh now aborts and alerts the user if they have
Verity on, as opposed to its current behavior of failing later when
the tests don't copy over successfully.
Bug: 23420350
Change-Id: Ib01d32caaac462974b051f5d019888f7c47bc745
[ Merge of http://go/wvgerrit/16241 and http://go/wvgerrit/16364 ]
This will allow a usage session to be loaded later by key set ID.
This is needed for EME-style secure stop in the new CE CDM API.
b/25816911
Change-Id: I916340047492fbc0556d0e90bd2eac0f3eafe597
Merge of http://go/wvgerrit/16300
This CL removes gtest and boringssl from
build_and_run_all_unit_tests.sh. Instead, we change each "mm"
to "mm || mma". Thus, if mm fails, we assume it is because of a
missing dependency and try mma which builds all dependencies.
bug: 25297287
Change-Id: Ief76fa4077e4cd8653da9306cc92ed14cf080564
