A number of failures were observed,
* GPlay dev license server is being worked on. This causes random
failures when running unit tests. Switching to the staging
server for now.
* Occasionally, the license server times out. Introducing a retry
mechanism do deal with HTTP responses (merge from master #45e8ddd5f)
* Release license tests are now disabled. Tests were previously passing,
even though they were not in fact supported by the GPlay license server.
The response included just enough information to be a valid license and
passed minimal verification that was taking place. Additional verification
was not necessary because session is torndown and resources released as
soon as the response has been received.
A change at the GPlay server now causes the release license request to be
flagged as an error and the tests to fail. Work is in progress to
support release of licenses at the GPlay server.
* The wrong message test (from request license tests) fails. This is
because GPlay behaviour changed from returning a HTTP 500, when
processing an invalid PSSH, to returning a HTTP 200 without any included
license.
* Security level path backward compatibility tests on L3 which failed and
caused the succeeding license request tests to fail.
b/12000457
Change-Id: I8e6adc490504475d1039793ea555a17799cb78c4
Merge of https://widevine-internal-review.googlesource.com/#/c/8263
from the Widevine repo.
Changes the behavior of requiresSecureDecoderComponent() to query the
session for whether a lowered security level has been requested
before querying the system to see what its default security level is.
As part of this, we added a new QuerySessionStatus() method to the
CDM that gets status info on a session-specific level, such as the
effective security level of a session.
Bug: 11428937
Change-Id: I5549a2fdd400cc87f567d27fcf74c473451093d6
After a change to the GPlay license server, it no longer accepts heartbeats
at the license server URL ( https://jmt17.google.com/video-dev/license/ ).
The CDM correctly reports https://jmt17.google.com/video-dev/heartbeat/
as the renewal URL but the current test code ignores the reported URL.
The license server then rejects the request and send back an empty
license response.
This causes WvCdmRequestLicenseTest.StreamingLicenseRenewal
and WvCdmRequestLicenseTest.StreamingLicenseRenewal to fail. Request
license tests have been modified to respect the renewal URL.
Merge of https://widevine-internal-review.googlesource.com/#/c/8188
from the widevine cdm repo
b/11290339
Change-Id: I1dcf8277edce99633086fb3db8ffeb7a32a5500d
A staging Root CA public key was used in earlier releases to verify
service certificates. These were in turn used to encrypt the
client identification. This met our needs for an end-to-end verification.
Now that the production Root CA and service certs are available
this change replaces staging certs with production ones.
Merge of https://widevine-internal-review.googlesource.com/#/c/7560/ from
the widevine CDM repo
b/10329328
Change-Id: Id02649201d9a8ba4d08acc4166503341a5bbdd23
Certificates and offline licenses are stored in security level
specific directories in klp. When devices transition from jb-mr2,
their persistent information has to be ported to these directories.
bug:10366036
Merge of https://widevine-internal-review.googlesource.com/#/c/7310/
from the widevine CDM repo
Change-Id: I70b4a79dc5b69bda7fc3a4b92fdcde7ef8b41836
This merges the following changes from the Widevine CDM repository:
da001b6 Add Privacy mode and service certificate
This adds support to the CDM for privacy mode and service certificates.
92bf200 Add support for using Youtube Content Protection server for testing
Enables testing with Youtube Content Protection server. Google Play license
server is still the default. Select YTCP server by using the flag -icp
e.g. adb shell '/system/bin/request_license_test -icp'
85dcd60 Fixes to enable privacy mode
These includes changes to use PKCS7 padding, corrected root CA formatting
and changes to integration test. Also refactored service certificate
handling.
989971c Correction to request license test
Corrected PropertySetTest to provision when needed. Also added disabled
privacy tests to run against YTCP staging server until GooglePlay
integration is complete.
Bug: 10109249
Change-Id: If81d68c65d743d77a485406f48d1be41a74de0af
This merges the following changes from the Widevine CDM repository:
564f4cc Add CdmClientPropertySet to CDM
Adds an interface to the CDM that allows it to query its client for
certain properties. In this case, this includes the ability to
specify what security level is desired, as well as support for
service ceritifcate privacy mode.
9cfbd3e Force Level 3 fallback
Adds support for voluntarily invoking L3 crypto to the OEMCrypto
wrapper.
95d12c1 Add pointer to CdmClientPropertySet class to OpenSession.
Adds support for storing the property set on a session-by-session
basis and choosing the appropriate crypto level.
17de442 Add Settable Properties for Clank to Android
Adds support for setting the aforementioned properties to the
DrmEngine
bbe704d Fixes to force fallback to level three security
Corrections to invoke provisioning, OEMCrypto API with configured
security level rather than the default. Unit tests were also revised.
Note that some parts of this are also support for the ability to use
a service certificate-based privacy mode. The remaining code for
supporting this mode is still forthcoming.
Bug: 10109249
Change-Id: I2755e4dea1de3e8a56cff237360298f7b7f1bddc
Android development of the widevine CDM has been done
on the jb-mr2 branch of the cdm code base. This CL
contains a merge of that jb-mr2 work to CDM master, and
also reflects the evolution of the common Modular DRM
code base since jb-mr2 branched.
Change-Id: I1d7e1a12d092c00044a4298261146cb97808d4ef
Adds a property that allows applications to get the provisioning-unique serial
number.
Bug: 9175567
Also fixes some missing mutexes that were causing intermittent failures in
calls to OEMCrypto due to concurrency issues.
Bug: 9175583
Merge of https://widevine-internal-review.googlesource.com/#/c/5831/
from the Widevine CDM repository
Change-Id: I1d7e3ca9f3b06da345022f5f0d64e0c17a5cedca
Signing and encryption keys are not correctly setup in OEMCrypto, when
an offline license is restored, before generating a key release message.
This results in key release failures. Playing back the license response
causes keys to be derived and allows the key release message to be constructed.
b/9016545
Merge of https://widevine-internal-review.googlesource.com/#/c/5682/
from the Widevine CDM repository
Change-Id: Ica9f13acc7c87e3125fa706f3a56e95b77a14a3c
Bug: 8770327
1. Allow provisioning retries
Allow multiple provisioning request messages to be generated without
requiring an equal number of HandleProvisioningResponse's. This is to
allow for lost messages.
2. Properly deletes cdm and crypto sessions created for cert provisioning.
The CleanupProvisioningSession() has not been deleting the cdm and crypto sessions
created for certificate provisioning properly. The lives of these sessions are
short and therefore, not added to the CdmSessionMap. We need to explicitly delete
these objects when error occurs or when we are done with provisioning.
3. Fixes provisioning responses that contain multiple chunks.
When we make multiple provisioning requests during testing, Apiary
sends response that contains more than one chunk. The test app.
needs to parse the response and concatenates the chunk data.
Otherwise, the size for each chunk is treated as base64 encoded data,
which will generate error when we try to deserialize the response
message.
Merge of https://widevine-internal-review.googlesource.com/#/c/5451/
from the Widevine CDM repository
Change-Id: I5b0ed982849c12628a3949f8d51515fcf6ce5a5f
Currently the CDM requires the caller to specify init data both on key
generation and renewal requests. With this change the CDM relaxes
this requirement for renewals.
Bug: 8732893
Merge of https://widevine-internal-review.googlesource.com/#/c/5322/
from Widevine CDM repo
Change-Id: Idf4ad2bdb20023da4f30bc369ed87eb811c1c4d9
This new format uses the SignedProvisioningMessage proto buffer definition so
the client does not have to parse the message and signature from the JSON
response separately. This change makes it more flexible to extend the fields
in the SignedProvisioningMessage.
Adds Apiary API key to the default provisioning server url.
Fixes a bug in GetCertRequestResponse() where a LOGD() can generate a
fault if there is no response data.
Bug: 8620943
Merge of https://widevine-internal-review.googlesource.com/#/c/5230/
from Widevine CDM repository
Change-Id: I4945ee2d16f88666e41edf990dd07102a9271105
bug: 8621521
This fixes a problem where insecure audio buffers were being
passed incorrectly as secure buffers to the trusted
environment's OEMCrypto_DecryptCTR.
This is a merge of the following changes from the widevine
git repository to android git repository:
https://widevine-internal-review.googlesource.com/#/c/5163/2
Allow selection of secure/non-secure buffers
https://widevine-internal-review.googlesource.com/#/c/5164/
Pass Secure Buffer Request to CDM
Change-Id: Iec1192a216305c6cf92c359b15b148eccc6ce6ce
Upgrade to version 2.1 of license protocol in OEMCrypto.
related-to-bug: 8621521
Merge of https://widevine-internal-review.googlesource.com/#/c/4952/
from Widevine CDM repository to android repository.
Change-Id: I0d85dae1981b7525ab17aec5f21cf668d078bf47
OEMCrypto was being initialized on session creation. Calls to
get property information may occur before any sessions are
created. This resulted in calls to OEMCrypto before a call to
OEMCrypto_Initialize which caused a segfault.
OEMCrypto initialization is now verified before any other calls are made.
Unit tests have been modified to verify that this indeed works.
bug: 8660973
Change-Id: I1b14fa8ad2e88750776b28715a48d8a1d1c57089
Adds a new property to the CDM's QueryStatus called QUERY_KEY_SYSTEM_ID that
contains the System ID. (as read from OEMCrypto_GetKeyData) Adds a new
property to the DrmPlugin (cleverly named "systemId") that allows the app to
query for this. Also adds unit tests.
Also changes the Device ID getter in crypto_engine.cpp to return a failure
instead of an empty ID.
Bug: 8621632
Merge of https://widevine-internal-review.googlesource.com/#/c/5010/ from
widevine cdm repository to android repository.
Change-Id: I8f309af18487c499e8ce25e829059e45623ea4dc
bug: 8601053
This import syncs to the widevine git repository change
commit 6a99ad1b59ad39495f62954b3065ddc22b78da49
It includes the following changes from the widevine git
repository, which complete the jb-mr2 features
Fix Unit Test Makefile
Adds support for device certificate provisioning.
Support application parameters
Certificate based licensing
Proto for client files
Implement Property Query API
Add Device Query For Unique ID
Implement Generic Crypto in DrmEngine
Do not validate Key IDs on clear playback
Allow OEMCrypto_DecryptCTR with clear content and no key
Add a case to the MediaDrm API test to repro b/8594163
Implement requiresSecureDecoderComponent
Implement Eventing API
Add end-to-end decryption test with vectors
Refactoring of properties class
Refactor OEMCrypto unittest.
Fix for b/8567853: License renewal doesn't renew license.
Add KEY_ERROR callback to WvContentDecryptionModule() ctor.
Merged certificate_provisioning.proto and
client_identification.proto to license_protocol.proto.
Fix nonce check failure after a malformed key in OEC Mock.
asynchronize decryption
Allow querying of control information
make debugging AddKey & Decrypt statuses easier
Revert "Revert "Send KEY_ERROR event to app on license
expiration or failure""
Revert "Send KEY_ERROR event to app on license expiration
or failure"
Send KEY_ERROR event to app on license expiration or failure
remove extra session id copy
use KeyError constants directly
replace variable-length arrays with std::vector and fixed-sized array
pass session ids as const references
refactor key extraction and update keys on renewal
Updates to enable renewals and signaling license expiration.
fix error constant in OEMCrypto_DecryptCTR
Change-Id: I5f7236c7bdff1d5ece6115fd2893f8a1e1e07c50
This import syncs to the widevine git repostiory change
commit ab3e1e43642cf36900f55169597a33f222709fdb
Change-Id: I3a6f1e2969e5fe7ed1ca12f90b0eb0a3b7899835
This change incorporates the following CLs from the Widevine
cdm repository:
Update the java request/response test app to match Drm API changes
Don't build the mock liboemcrypto.so by default
Do not build CDM tests by default
Fix Build Break in DrmEngine Unit Tests
Fix Build Break in WVDrmPlugin
Initial version of roadmap for CDM projects.
Implement License Query
Implement Generic DRM in OEMCrypto Reference Implementation
Add key_data_length field when calling OEMCrypto_LoadKeys
Policy engine unittests
Generalized DRM API for OEMCrypto
Fixes proto buf libraries build.
Add Version Number to OEMCrypto API
Test key control block duration field in OEMCrypto
Add fix for missing crypto offset.
Fixed android/media*/test builds and added proto files for Cert. provisioning
Refactor and clean up callback code in CDM.
Add "device_id" name-value pair to LicenseRequest::ClientIdentification
Separate unit and end-to-end tests from the top level makefie.
Includes changes for 'fall back to l3 oemcrypto lib' in top level makefile.
Fall Back to Level 3 if Level 1 Fails
Fix compilation error in wvcdm_unittest.
Fix Android build break due to Decrypt() signature change in cdm_engine.h.
Wire up callbacks and errors in the Steel proxy.
Fix lock assert if there is no keybox on the device.
RSA Certificate Unit Test
Change Generic_Verify signature to constant.
Change-Id: I2e42db9d0b4f8d4e833675ae81d0714509bbfd2c
Builds libwvmdrmengine.so, which is loaded by the new
MediaDrm APIs to support playback of Widevine/CENC
protected content.
Change-Id: I6f57dd37083dfd96c402cb9dd137c7d74edc8f1c
