* Reject session clobbering.
[ Merge of http://go/wvgerrit/14634 ]
This fixes a bug in I17de92b3e682c9c731f755e69466bdae7f560393 in which
sessions can be clobbered by a forced session ID. This bug manifested
in subtle test failures which involved repeatedly creating sessions.
This was traced to OEMCrypto not being terminated, then upward to a
leaked CryptoSession and CdmSession, and then finally to clobbered
session IDs.
To avoid the bug in future, first, reject duplicate session IDs.
Second, change the OpenSession API to make forced IDs explicit.
* Fix unit test namespaces.
[ Merge of http://go/wvgerrit/14622 ]
This fixes some odd errors that occur when linking multiple test
suites into one executable. When two object files both contain
a definition of wvcdm::MockCryptoSession, for example, one will win
silently and cause the other's tests to misbehave and/or crash.
The solution is to put all mocks into an anonymous namespace, since
each wvcdm::(anonymous)::MockCryptoSession is separate.
In order to avoid lots of repetitions of wvcdm:: in the anonymous
namespaces, all anonymous namespaces in unit tests now live inside
or the wvcdm namespace. This has been done even for tests which
are not currently using mocks.
* Move timer and timer_unittest to Android.
[ Merge of http://go/wvgerrit/14619 ]
These are not used anywhere else.
Change-Id: I234f31e9b5c79061205728783596ebaff65e0aff
* Make CdmProvisioningResponse const.
[ Merge of http://go/wvgerrit/14618 ]
The lack of const on this reference seems to be a mistake, since the
responses is never modified. This also allows the new CE CDM to pass
responses directly through from the caller.
* Let Properties determine DeviceFiles level support
[ Merge of http://go/wvgerrit/14620 ]
Non-Android platforms do not have multiple security levels, and so do
not use the security level to construct a base path.
Instead of requiring a known "security level" to construct a file,
accept anything that platform Properties will accept as a base path.
* Drop Properties::GetSecurityLevel().
[ Merge of http://go/wvgerrit/14617 ]
This seems to be dead code.
Change-Id: I94a970279213100730d6e6c763558dbe386f936a
* Expose release and offline statuses in CdmEngine.
[ Merge of http://go/wvgerrit/14616 ]
This will allow me to make some intelligent decisions in the new CE
CDM implementation without having to duplicate all the information
known in the lower levels.
* Account for backward compat support in tests
[ Merge of http://go/wvgerrit/14621 ]
One test ensures that device path backward compatibility is working,
while another assumes it is used.
This fixes test results when
Properties::security_level_path_backward_compatibility_support()
is false.
Previously, the CE CDM did not run these tests, and so this went
unnoticed.
* Remove Lock::Try, which is not used.
[ Merge of http://go/wvgerrit/14624 ]
Change-Id: Id18cf1f5b18c7322b8b636819276361af225734f
[ Merge from go/wvgerrit/14286 ]
CDM now reports status information associated with the specified security level.
Earlier information would be reported from the default security level.
b/18709693
Change-Id: I7a01e8ea9773b56951c207437ce85e567fd32b09
Implements the optional setMediaDrmSession() method. To enble this,
support was added to the core to report if a session ID is valid.
As a consequence of this, in the tests for the CryptoPlugin,
construction of the plugin must be deferred until all gMock
expectations are set, as construction now calls into the CDM core.
This is a merge of two changes from the Widevine CDM repo:
http://go/wvgerrit/14083
Allow Setting of Session ID
http://go/wvgerrit/14085
Check If Session ID Is Valid When Changing CryptoPlugin IDs
Bug: 19570317
Change-Id: I7dbd777ce6efebd71fdb5e602663a0e35a48a9c4
This is a merge of several Widevine-side commits that, cumulatively,
allow callers to specify an origin to be used to isolate data storage
as specified in the W3C Encrypted Media Extension specification.
Separate origins have separate certificates, and consequently cannot
share device identifiers with each other.
The changes included in this are:
Add Ability to Check for Existing Certificates
http://go/wvgerrit/13974
Add Ability to Remove the Certificate
http://go/wvgerrit/13975
Make CDM Origin-Aware
http://go/wvgerrit/13977
Add Per-Origin Storage to Widevine CDM on Android
http://go/wvgerrit/14026
Remove Automatic Origin Generation
http://go/wvgerrit/14031
Bug: 19771858
Change-Id: I6a01c705d9b6b4887a9c7e6ff4399a125f781569
This is a merge of http://go/wvgerrit/13751 from the widevine
repository.
The CryptoSession had an enumeration for HDCP levels that was copied
from OEMCryptoCENC.h by hand. Since that header is included, there is
no need to have two enumerations.
b/16303994
Change-Id: Ief16ba62163776f9ca80375f3638ef4c7770e742
This merges several small changes that were made in response to
comments that arose when LMP changes were merged into the Widevine
repository's master branch.
Change-Id: Ifec968af54dbc3288f24654ec0c6ca9b5962e1aa
This copies over formatting changes from the Widevine CDM repository
that resulted from running clang-format with Google style on the
shared core/ directory. It also copies over some rewordings of log
messages that were made at the same time.
Aside from the changed log messages, this should not affect behavior
or functionality.
Change-Id: I69c57c188f7a79f30fa3517afeed17365929b6b6
(This is a merge of http://go/wvgerrit/11285 from the Widevine CDM
repository.)
The key set ID is now available earlier, in order to support the CE
CDM 4.5 interface, which needs it at key request generation time, not
later at key response receipt time. It is still possible to receive
the key set ID at key response time, for Android's purposes. Either
API may now be passed a pointer to store the ID in, which may also be
left NULL if this is not needed.
Change-Id: I47e80ea4005c80282e36cfae92cb91142208f624
This is a combined merge of several small changes to the core in the
Widevine CDM repository:
http://go/wvgerrit/10941
Rename privacy_crypto to allow more variants.
http://go/wvgerrit/11530
Add Missing Header to properties.h
http://go/wvgerrit/11531
More Loosely Couple CdmEngine and CdmSession
Change-Id: I5b3f738ae495ab267da1440421dd7aa6f7860194
(This is a merge of http://go/wvgerrit/10674 from the Widevine CDM
repository.)
Now that the CE CDM has CloseSession to handle closing sessions, we
can rename CancelKeyRequest on the CDM Engine & CDM Session to better
resemble its purpose and the name it is known by on Android.
Change-Id: I68d55b3be733579e5875ab33d8e94a62fe1f651d
This is a copy of the widevine CL:
https://widevine-internal-review.googlesource.com/#/c/12742/
If a session is closed at the same time as an OnTimerEvent is
processing an event, there could be a race condition between the two
threads. This CL adds a lock that prevents a session from being
removed from the list while the timer is currently processing an
event.
If CloseSession is called while the OnTimerEvent method is active, the
session will be added to a dead list, and deleted when the timer event
has finished.
This CL does not address the main problem in bug 19252886, but
one bugreport, netflix_log_3.txt, indicates there may have been
a problem with the CDM timer.
bug: 19252886
Change-Id: I17190edaeb3eef1295d4d204232cc4262cb5fa9b
(This is a port of http://go/wvgerrit/11556 from the Widevine CDM
repo.)
This wires up the new method on the crypto interface with the core
code that handles the max-res decode.
Bug: 16034599
Change-Id: Id2ea5635bf732eabf1fd33712ff8bab6cf1a1745
When falling back to L3, release requests were failing. Information
requesting falling back to L3 is passed along when the session is opened.
Licenses however are released using the key set ID and information
requesting fallback to L3(CdmClientPropertySet) at that point is
unavailable. The release was actually attempting to release a license
at the default security level which is incorrect.
In addition, the mac keys were not being setup correctly and the release
message was signed with keys derived from the license request and not the
response. Both these issues have been addressed and unit tests added
to track release of offline licenses and usage reporting scenarios.
[ Merge of https://widevine-internal-review.googlesource.com/#/c/11062
from wv cdm repo ]
b/17073910
Change-Id: I5cd95a7dfe58ebae7ae27ece6c92e67755c1d665
* The Usage APIs return usage reports from either L1 or L3 (if available).
* Correction to when usage reports are saved. In addition to other events
they are now saved when keys are loaded, usage reports are released and soon
after first decryption and periodically (60 seconds) after that,
if decryption takes place.
* Usage reports now get deleted on an unprovision request.
* Policy timer is now started when offline licenses are restored.
* Usage session is now released, when a usage response is received.
* Usage tests ahev been enabled.
* Added CDM extended duration (integration) tests to test usage reporting
and querying. These need to be run manually as they take a while (currently
half an hour).
b/15592374
[ Merge of https://widevine-internal-review.googlesource.com/#/c/10800
from the Widevine CDM repo ]
Change-Id: Ia817e03ebbe880e08ba7b4a235ecb82b3ff35fbf
Merge of CDM change:
https://widevine-internal-review.googlesource.com/#/c/10691/
This prevents the provisioning session from being created unless the
device needs provisioning. And then, after provisioning, it closes
the session it had previously opened.
b/15782159 CertificateProvisioning object keeps unused CryptoSession
Change-Id: Ic52ed864fa47c7ba50b7ca4d9fea1e74930228e9
[ Merge from Widevine CDM repo of
https://widevine-internal-review.googlesource.com/#/c/10171/ and
https://widevine-internal-review.googlesource.com/#/c/10172/ ]
Updated license_protocol.proto from constituent protos in google3
These changes make use of OEMCrypto v9 changes to support usage reporting.
Usage reporting may be enabled for streaming (by means of secure stops) and
offline playback by a provider session token specified in the license.
Changes include periodically updating usage information for relevant
sessions and reporting and releasing usage information as needed.
The CDM has removed all references to Secure Stops. This change
updates the Android API implementation to comply.
b/11987015
Change-Id: Ibb6f2ced4ef20ee349ca1ae6412ce686b2b5d085
This CL removes TODOs and email addresses from comments, unifies some
namespaces and cleans a few variable names. It is a copy of multiple
CLs on the widevine side.
Change-Id: I1bb649096476a5001a56d746427399de6a88ff69
The EME spec technically requires CDMs to treat audio/mp4 and
video/mp4 equivalently, as well as audio/webm and video/webm. We had
only been accepting video/mp4 and video/webm up until now.
This change also centralizes handling of init data types in the shared
CDM code instead of having it spread across multiple places in the
codebase.
(This is a merge of https://widevine-internal-review.googlesource.com/9532/
from the Widevine CDM repo.)
Bug: 13564917
Change-Id: Ib8bdfb2b003ffb00e8f0559561335abb3c5778b0
Adds support for WebM to the CDM. Decryption remains untouched,
however the initialization data is passed differently for WebM.
The previous version of this change broke playback for certain
apps that were being allowed to pass invalid MIME types before
this change was made. This version maintains backwards-compatiblity
for these apps for now by rewriting their MIME types as "video/mp4".
Merge of https://widevine-internal-review.googlesource.com/9225/
and https://widevine-internal-review.googlesource.com/9611/ from
the Widevine cdm repo.
Bug: 10638562
Change-Id: Ib37e838d08363f07b34b3a2e79a3f80a1f43e9ad
Adds support for WebM to the CDM. Decryption remains untouched,
however the initialization data is passed differently for WebM.
Merge of https://widevine-internal-review.googlesource.com/#/c/9225/
from the widevine cdm repo.
Bug: 10638562
Change-Id: I7b8cf4888fa408af77cee103f768f5a7c8ffdc7e
Merge of https://widevine-internal-review.googlesource.com/#/c/8263
from the Widevine repo.
Changes the behavior of requiresSecureDecoderComponent() to query the
session for whether a lowered security level has been requested
before querying the system to see what its default security level is.
As part of this, we added a new QuerySessionStatus() method to the
CDM that gets status info on a session-specific level, such as the
effective security level of a session.
Bug: 11428937
Change-Id: I5549a2fdd400cc87f567d27fcf74c473451093d6
The CDM session was being destroyed before the policy timer was stopped
and before the session was removed from a list of active sessions. This
allowed race conditions, where the policy timer would try to evaluate
policy for a closed session. This led to segfaults.
b/11338324
Merge of https://widevine-internal-review.googlesource.com/#/c/8240/1
from the widevine cdm repo.
Change-Id: Ib159ccfdb763a47da573f5c06c0793c2c63886c4
This merges the following changes from the Widevine CDM repository:
564f4cc Add CdmClientPropertySet to CDM
Adds an interface to the CDM that allows it to query its client for
certain properties. In this case, this includes the ability to
specify what security level is desired, as well as support for
service ceritifcate privacy mode.
9cfbd3e Force Level 3 fallback
Adds support for voluntarily invoking L3 crypto to the OEMCrypto
wrapper.
95d12c1 Add pointer to CdmClientPropertySet class to OpenSession.
Adds support for storing the property set on a session-by-session
basis and choosing the appropriate crypto level.
17de442 Add Settable Properties for Clank to Android
Adds support for setting the aforementioned properties to the
DrmEngine
bbe704d Fixes to force fallback to level three security
Corrections to invoke provisioning, OEMCrypto API with configured
security level rather than the default. Unit tests were also revised.
Note that some parts of this are also support for the ability to use
a service certificate-based privacy mode. The remaining code for
supporting this mode is still forthcoming.
Bug: 10109249
Change-Id: I2755e4dea1de3e8a56cff237360298f7b7f1bddc
Android development of the widevine CDM has been done
on the jb-mr2 branch of the cdm code base. This CL
contains a merge of that jb-mr2 work to CDM master, and
also reflects the evolution of the common Modular DRM
code base since jb-mr2 branched.
Change-Id: I1d7e1a12d092c00044a4298261146cb97808d4ef
Bug: 8770327
1. Allow provisioning retries
Allow multiple provisioning request messages to be generated without
requiring an equal number of HandleProvisioningResponse's. This is to
allow for lost messages.
2. Properly deletes cdm and crypto sessions created for cert provisioning.
The CleanupProvisioningSession() has not been deleting the cdm and crypto sessions
created for certificate provisioning properly. The lives of these sessions are
short and therefore, not added to the CdmSessionMap. We need to explicitly delete
these objects when error occurs or when we are done with provisioning.
3. Fixes provisioning responses that contain multiple chunks.
When we make multiple provisioning requests during testing, Apiary
sends response that contains more than one chunk. The test app.
needs to parse the response and concatenates the chunk data.
Otherwise, the size for each chunk is treated as base64 encoded data,
which will generate error when we try to deserialize the response
message.
Merge of https://widevine-internal-review.googlesource.com/#/c/5451/
from the Widevine CDM repository
Change-Id: I5b0ed982849c12628a3949f8d51515fcf6ce5a5f
Currently the CDM requires the caller to specify init data both on key
generation and renewal requests. With this change the CDM relaxes
this requirement for renewals.
Bug: 8732893
Merge of https://widevine-internal-review.googlesource.com/#/c/5322/
from Widevine CDM repo
Change-Id: Idf4ad2bdb20023da4f30bc369ed87eb811c1c4d9
This new format uses the SignedProvisioningMessage proto buffer definition so
the client does not have to parse the message and signature from the JSON
response separately. This change makes it more flexible to extend the fields
in the SignedProvisioningMessage.
Adds Apiary API key to the default provisioning server url.
Fixes a bug in GetCertRequestResponse() where a LOGD() can generate a
fault if there is no response data.
Bug: 8620943
Merge of https://widevine-internal-review.googlesource.com/#/c/5230/
from Widevine CDM repository
Change-Id: I4945ee2d16f88666e41edf990dd07102a9271105
bug: 8621521
This fixes a problem where insecure audio buffers were being
passed incorrectly as secure buffers to the trusted
environment's OEMCrypto_DecryptCTR.
This is a merge of the following changes from the widevine
git repository to android git repository:
https://widevine-internal-review.googlesource.com/#/c/5163/2
Allow selection of secure/non-secure buffers
https://widevine-internal-review.googlesource.com/#/c/5164/
Pass Secure Buffer Request to CDM
Change-Id: Iec1192a216305c6cf92c359b15b148eccc6ce6ce
