[ Cherry-pick of v19 http://go/wvgerrit/219330 ]
[ Merge of http://go/wvgerrit/219454 ]
For two-staged provisioning devices, the behavior of
CdmEngine::Unprovision() varied by platform and context.
For production Android, unprovisioning would remove both;
for production and testing CE CDM it would only remove
DRM provisioning; for testing Android may remove both or
remove everything (both certs and licenses).
This behavior was not documented, making use of the
CdmEngine::Unprovision() API rather unpredictable.
This change attempts to document the unpredictable behavior
and add a way to explicitly remove the OEM certificate
in the core code.
The new CdmEngine::UnprovisionOemCert() will remove only
the OEM certificate.
Bug: 391469176
Test: run_x86_64_tests
Test: WvTs on oriole
Change-Id: Ib2f6ef61f45b5320c71d7e8e8460f7fe8e0e2248
GetDeviceInformation() and GetDeviceSignedCsrPayload() are added to
cdm_engine and crypto_session, so that they can be queried by DRM
plugin. This is to allow the wv drm HAL to be able to extract BCC and
CSR payload to build CSR for prov 4 device registration, such that we
don't need a separate RKP HAL to do this job.
Changes to the DRM plugin to use the exposed methods will be in the
coming CL.
Bug: 286556950
Test: request_license_test
Merged from https://widevine-internal-review.googlesource.com/178890
Merged from https://widevine-internal-review.googlesource.com/179730
Change-Id: Ibafa3a58c99fbb8f1f25f8951d3749110bd32176
[ Merged of go/wvgerrit/186370 ]
CDM by default allows test keybox from device side.
Bug: 299987160
Bug: 301669353
Change-Id: I06f1936ccd068eb71364a5a8931970954233b686
[ Merge of http://go/wvgerrit/169450 ]
OEMCrypto v17 introduced several new HDCP levels that OEMCrypto may
report; however, the CDM never updated to support them. The enum
values of the additional levels are no longer sequential with their
level of support (v1.1 is 7, and v2.1 is 3), this requires more
considerations when comparing the required HDCP levels (as specified
by the license) and current HDCP level supported by OEMCrypto.
The following rules were used:
1) HDCP_NONE is the absolute lowest level
2) HDCP_NO_DIGITAL_OUTPUT is the absolute highest level
3) HDCP_V1 is treated as equal to all V1.x levels
4) All other versions are based on their major-minor pairs
Bug: 269671291
Test: license_unittest
Test: policy_engine_constraints_unittest
Test: policy_engine_unittest
Test: GtsMediaTestCases
Change-Id: Ibecfcb981d7e019c68cb8e0c7286222253d18369
[ Semi-revert of http://ag/20183443 ]
[ Merge of http://go/wvgerrit/168898 ]
These tests were removed from Android last quarter; however, they
now need to be restored. These tests will be removed in Android V.
To help with ambiguity around where the CDM is operating on a single
or set of usage info messages, the variables have been renamed to
propery indicate plurality.
Bug: 263319220
Test: cdm_extended_duration_test
Test: request_license_test
Test: libwvdrmdrmplugin_hal_test
Change-Id: I38b16dd5811069fafaeab5ffc19d0f8a8095f0cf
[ Merge of http://go/wvgerrit/163900/ ]
ATSC licenses can be saved by calling
MediaDrm#setPropertyString("storeAtscLicense",<value>)
where <value> is
"<atsc-key-set-ID>:<license-file-data in Base64 format>"
Before storing an ATSC license a session must be opened and the
ATSC mode must be enabled.
Use MediaDrm#setPropertyString("atscMode","enable");
Bug: 176871821
Test: WV Unit/integration/Luci tests
Test: libwvdrmdrmplugin_hal_test
Test: GtsMediaTestCases
Change-Id: Iec2a8b7f87b1122395d06856202278b92316fdfe
[ Merge of http://go/wvgerrit/158721 ]
This CL removes support for secure stop / usage info sessions from the
CDM engine and CDM session. APIs for related to secure stop
operations will return NOT_IMPLEMENTED_ERROR.
New secure stop licenses will be rejected by the CDM when added.
Bug: 242289743
Test: run_x86_64_tests request_license_test
Change-Id: I30cd47e580d63014e001c903382a28238746f6d4
[ Merge of http://go/wvgerrit/151512 ]
Parameterizing GtsMediaDrm tests exposed a few issues. If secure stops
were stored at L3 security level, retrieval would fail. This CL
checks L3 if the secure stop was not found at the default security
level.
Bug: 221249079
Test: GtsMediaTestCases
Change-Id: Ie88197f8e29457981d782199a76d38774f6faa67
The interface is defined in
hardware/interfaces/drm/aidl(http://go/ag/15329852).
Test: build
m android.hardware.drm-service.widevine -j128
Test: build_and_run_all_unit_tests.sh
for hidl tests
Test: atest VtsAidlHalDrmTargetTest
Bug: 200055138
Bug: 170964303
Change-Id: If2f2a129914436ba5cef1c46f6cb9415e12c3d1c
Merge from Widevine repo of http://go/wvgerrit/142150 (part 2)
For an EVT device, without a keybox or with a test keybox, we want it
to fall back to L3. However, when running the unit or integration
tests it should continue running tests with test keybox. This will
allow us to test L1 oemcrypto on an EVT device, while still using an
EVT device for dogfooding video content at the L3 level.
Bug: 210807585
Bug: 210823889
Change-Id: I30c35134239db35bb39f11f75220063181987763
[ Cherry-pick of http://ag/16064434 ]
[ Merge of http://go/wvgerrit/136330 ]
This changes adds a custom debug property for changing the fallback
policy used for the system. Depending on the value set, the device
will either use a "fast" fallback (30 seconds) or "default" fallback
(~1 day with exponential backoff). Setting this property to either
"fast" or "default" will end the current fallback if it has been
triggered.
Bug: 187646550
Test: Android unit tests
Change-Id: I5271f96139c1e468242f7fa742668cc791ffcf91
Merge from Widevine repo of http://go/wvgerrit/135984
If the MediaDrm property string debugIgnoreKeyboxCount is set to 1,
then the keybox will be ignored on the next initialization. This will
force an OTA keybox reprovisioning.
Equivalently, a 1 may be written to the file
L1/debug_ignore_keybox_count.txt.
In order to test a failed reprovisioning step, a value of 2 may be
used.
Bug: 187646550
Merged-In: Ie7d34a8b355398855f4ec43dd95dd73c5907bdeb
Change-Id: Ie7d34a8b355398855f4ec43dd95dd73c5907bdeb
[ Merge of http://go/wvgerrit/133744 ]
This changes adds several small classes which contain and manage
system and engine information related to OTA keybox provisioning.
These classes closely map to the OKP device file messages.
Bug: 189232882
Test: Linux unit tests
Change-Id: Ia9334c38f9d7ea89b30d9ad05f0595570bb38658
Storing and loading OKP info.
[ Merge of http://go/wvgerrit/133763 and http://go/ag/15645333 ]
This change extends the DeviceFiles module to be able to store and
load OKP info. Mild data validation is performed when storing and
loading the information.
Bug: 189232882
Test: Android unit tests
Change-Id: I077de3234157252f2255a4389bf82a8d5344a355
System OKP fallback policy.
[ Merge of http://go/wvgerrit/133783 and http://go/ag/15645334 ]
SystemFallbackPolicy provides a thread-safe interface for accessing
and modifying OKP info.
Bug: 189232882
Test: Android unit tests
Change-Id: I4e43e3bc047ed5fb6cb517b53e4094e812b70e1e
Engine OKP provisioner.
[ Merge of http://go/wvgerrit/133803 and http://go/ag/15645335 ]
The OtaKeyboxProvisioner provides a CdmEngine-specific context for
performing OTA keybox provisioning. Utilizes the system-wide
SystemFallbackPolicy to relay provisioning status between engines.
The provisioner will handle message wrapping and unwrapping of the
raw OTA keybox request / response into the SignedProvisioningMessage
which is sent to/received from the provisioning server.
[ Partial merge of http://go/wvgerrit/125844 ]
Note: Includes partial CryptoSession changes from various CLs.
CryptoSession functionality has been stripped to reduce impact of
this CL.
Bug: 189232882
Test: Android unit tests
Change-Id: I282bf7d1887daefb2250af1bd595c4dc3dfcfb29
Integrated OKP into CDM Engine
[ Merge of http://go/wvgerrit/133804 and http://go/ag/15646376 ]
Extended the functionality of the CdmEngine to check if the device
requires OKP and to initialize OKP resources if required. The
functionality of OpenSession() and GetProvisioningRequest() have been
the most affected. If OKP is required, these methods will signal to
the app that provisioning is required and will return an OKP request.
Once a device is provisioned, the OKP data is cleared away and the
CdmEngine will resume normal operation. Engines created after a
device is provisioned will immediately enter normal operations.
The exception is for CdmEngines which failed to perform OKP for some
reason and are still running. Those apps will need to restart before
gaining access to L1 operations.
Bug: 187646550
Test: Android integration tests
Merged-In: Ia572a66a7b73479355758aa3d0c682691eaca0fc
Change-Id: Ia572a66a7b73479355758aa3d0c682691eaca0fc
This commit is a combination of the following:
* http://go/wvgerrit/117003
* http://go/wvgerrit/118303
Bug: 162255728
Test: MediaDrmTest#testGetLogMessages
Change-Id: I5699b64d5c4bab463e5b587595fa7d324dc1d93f
[ Merge of http://go/wvgerrit/108904 ]
Client ID name-value fields in the license request share the same
namespace with app parameters and WV standard device information. As
a result, it was possible for applications to provide parameters that
could potentially fool the license server with spoof values.
This CL restricts the use of the fields that are common across both the
Android CDM and CE CDM. Currently, Android specific fields are
restricted by the MediaDrmPlugin layer, and there are no CE CDM
specific fields currently defined.
The non-HIDL DRM plugin does not restrict these fields; however, it
will be removed in S.
Bug: 171723566
Test: Android integration test
Change-Id: I5ad9ead73c5aff712dff8133953de5ddc3296452
Cherry-pick from branch rvc-dev of http://go/wvgerrit/105824 and
rvc-widevine-release http://go/ag/12561660
This adds two policy integration tests to verify that we are handling offline
licenses correctly.
Bug: 161023174
Bug: 129301787
Test: WV unit/integration tests
Change-Id: I20f5d6a9fbfd2ff8cff361e1005e45b46c700704
[ Merge of http://go/wvgerrit/108064 ]
The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the core directory.
Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I8ae5a10cbfdf7faae6a2735e57b33729763f10b8
[ Merge of http://go/wvgerrit/98694 and http://go/ag/11052323 ]
In earlier releases, provisioning would occur based on a cached
security level. If an open session call returned a NotProvisionedException
the security level would be cached for use with any future provisioning
call.
An app would have to set the security level, then call openSession,
have it fail and then request provisioning. This fits the normal flow of
most apps. Still on occasion, an app might change requested security level
after an openSession call failed. Using the cached security level
would result in unexpected behavior.
This change allows provisioning to occur at the last security level that
was set.
Bug: 129356527
Test: wv unit/integration tests, GTS tests (GtsMediaTestCases)
Change-Id: I8d9234eec2b23a9c913e77a709943b431e25e43e
(This is a merge of http://go/wvgerrit/93829,
http://go/wvgerrit/93830, http://go/wvgerrit/93832,
http://go/wvgerrit/93833, and http://go/wvgerrit/93834 from the
Widevine repo.)
This implements the CDM code changes necessary to take advantage of
Combined Decrypt Calls on OEMCrypto v16. The result of this is that
WVCryptoPlugin is much lighter now because it can pass the full sample
down to the core in one call, but CryptoSession is heavier, as it now
has to handle more complex fallback logic when devices can't handle
multiple subsamples at once.
This patch also removes support for the 'cens' and 'cbc1' schema, which
are being dropped in OEMCrypto v16. This fixes an overflow in the code
for handling those schemas by removing it entirely.
This patch also fixes the "in chunks" legacy decrypt path to use larger
chunk sizes on devices with higher resource rating tiers.
Bug: 135285640
Bug: 123435824
Bug: 138584971
Bug: 139257871
Bug: 78289910
Bug: 149361893
Test: no new CE CDM Unit Test failures
Test: Google Play plays
Test: Netflix plays
Test: no new GTS failures
Change-Id: Ic4952c9fa3bc7fd5ed08698e88254380a7a18514
Merge of http://go/wvgerrit/93404
This CL updates the Widevine CDM to support OEMCrypto v16.1
Test: Tested in 16.2 CL
Bug: 141247171
Change-Id: I69bd993500f6fb63bf6010c8b0250dc7acc3d71b
[ Merge of http://go/wvgerrit/87283 ]
SPOIDs (Stable Per-Origin IDentifiers) were not correctly being
set during CdmEngine construction. This resulted in SPOID values not
being sent in provisioning requests. This caused the serial number in
the drm certificate to not be stable after a reprovision.
This behaviour appears to be true going back to O.
CdmEngine no longer takes a SPOID in the constructor since not all
callers use SPOIDs. A setter has been added in its place. Previously
spoid had a default argument to the constructor.
Bug: 142368328
Test: android unit/integration tests
Change-Id: I711346df609636ecf1475dc37873454a7ef000c0
(This is a merge of http://go/wvgerrit/84510)
When the CE CDM 3.5 behavior around service certificates was originally
implemented, it allowed sessions to be created if a service certificate
had not yet been installed, in keeping with the EME spec. However, the
service certificate in use at session creation time was cached, and so
there was a bug where any sessions open before a service certificate was
installed would never be updated with any future service certificates.
The code also caused problems for Android. When it was merged to master,
it was fixed to simply not allow session creation on CE CDM without a
service certificate. However, this created an impedance mismatch between
the CE CDM and EME that has caused pain for Shaka Player Embedded,
Chrome, Chromecast, Fuchsia, and likely every partner that is trying to
implement a fully-compliant EME stack on top of CE CDM.
Removing the code that blocks session creation without a service
certificate is easy. Fixing the bug that motivated it is not. Removing
the caching is not possible because Android needs it for certain
behavior on its end. So instead, the CE CDM will have to iterate over
all open sessions and update their service certificates if the installed
service certificate changes.
Test: CE CDM Unit Tests
Test: Android Unit Tests
Bug: 111766009
Change-Id: I1bd70553e2209b823a6acdc221c0497a5f3181b2
[ Merge of http://go/wvgerrit/84607 ]
[ Merge of http://go/wvgerrit/84608 ]
The primary goal is to replace the use of `rand()` with the random
number generators provided with the C++11 standard.
This simplified generator wraps some of the technical aspects of the
<random> library and provides an interface for uniformly distributed
integers.
As part of the `rand()` purge in the CDM, all uses of the C random int
function in `core()` have been removed. Places that previously used
`rand()` now use `CdmRandom` facilities.
Test: Linux unittest and Android unittest
Bug: 130680365
Change-Id: Ica383870536ed462dbb80e630c2d66845e38b937
[ Merge of http://go/wvgerrit/80805 ]
This change was used only where `typedef` was used for type aliasing,
and not for defining a new type (such as enums, structs, or function
pointer types).
Clang-format was used on the changed files.
Test: WV unit tests
Bug: 134437705
Change-Id: I730b9709a5ac773b3036daa79024caab665b3daa
[ Merge of http://go/wvgerrit/80483 ]
Clang-format has been run on files in core/include
Bug: 134365840
Test: WV unit/integration tests
Change-Id: I890127f23f30f0e63f826d3638521b4cc12fb995
(This is a merge of http://go/wvgerrit/76043)
This renames the tests to be *GenericCrypto* to match the OEMCrypto
tests and ensures these tests are skipped when the device doesn't
support generic crypto.
Test: Android Unit Tests
Bug: 126392281
Change-Id: Ib16ca8c57ed5d99dde802d4d9a63eced0fa807a5
(This is a merge of http://go/wvgerrit/74844)
__attribute__ is not supported on all compilers, notably it's not
supported on MSVC. Commenting out the variable should suppress the
warning this is trying to fix.
Test: Android CDM Build
Bug: 122953649
Change-Id: I0101df1cca271415a6444e5455eb0085676bcabf
(This is a merge of http://go/wvgerrit/72764)
Netflix has identified a calling pattern that causes this mutex to be
taken recursively. This is not guaranteed to be safe for Widevine's
old custom Lock implementation nor std::mutex. However, it is guaranteed
to be safe for std::recursive_mutex. This patch updates the mutex in use
accordingly.
In the long-term, this lock needs to be reconsidered, as already noted
by comments in the code. It would be great if the reconsidered locking
did not require a recursive-safe lock. The TODO for this has been spun
off into its own bug and the comment has been updated to point to this.
Bug: 120471929
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I34df64456de4b469b75caf25a33f0bc53a5da330
(This is a merge of http://go/wvgerrit/71325)
Widevine CE CDM and the buildbot now have parallel operations unit
tests. These tests are not relevant on Android since it is not possible
to call into the Android CDM from multiple threads. However, there is
one change in CdmEngine that needs to be copied over to Android for
consistency's sake.
Bug: 70889998
Bug: 118584039
Test: Android Build
Change-Id: Iea5df62be256383e832b4fcfbd5ff5090e3f3b03
[ Merge from http://go/wvgerrit/71923 ]
Plumb through the device files error detail and add the detail to
metrics.
Bug: http://b/115382201
Test: Unit tests, manual GPlay.
Change-Id: I18139f6712b6670be5fed863a97f9f03440745c7
[ Merge from http://go/wvgerrit/71726 ]
Adds an error detail metric attribute to RestoreUsageSession and
RestoreOfflineSession. These metrics will now report an additional
attribute providing additional error detail for debugging.
BUG: http://b/115517916
Test: CDM Unit Tests. Manually tried GPlay.
Change-Id: Ib48361ef29d33a16150473d8967e4850bc0c623d
[ Merge from http://go/wvgerrit/69105 ]
This adds a metric collecting decorator class around cdm engine. This
implementation uses a templated decorator. The decorator enables:
1) Wrapping the CDM Engine methods to capture timing and error
information.
2) Allows use of a mock CDM Engine for testing.
Test: Unit tests. GPlay manual testing and GTS tests.
BUG: http://b/64724336
Change-Id: I5e4a0f552974fab1939bc7ab02719a1f5849cf3f
Merged from http://go/wvgerrit/69723.
The new APIs are getOfflineLicenseIds, getOfflineLicenseState and
removeOfflineLicense. These methods are currently stubbed out in
Widevine hidl service. This CL completes the implementation.
Test: unit tests - libwvdrmdrmplugin_hidl_test
Test: GTS
--test com.google.android.media.gts.MediaDrmTest#testWidevineApi29
bug: 117570686
Change-Id: I96ffb75f453e36e931effefd3664b5faa8d69d30
[ Merge of http://go/wvgerrit/70665 ]
This allows one to be able to query for security level, from
Crypto factory methods before the plugins and CdmEngine objects
have been created.
Bug: 117104043
Test: WV Unit/integration tests
Change-Id: Id07f420c3cfb92166cd3bb3cf82148d52e10eb03
[ Merge of http://go/wvgerrit/68083 ]
Add ability to query decrypt hash support, set a hash computed over a frame
and retrieve the last error at a later point.
Bug: 34080802
Test: WV unit/integration tests. New tests added to cdm_engine_test,
libwvdrmdrmplugin_hidl_test and request_license_test.
Change-Id: I7548c8798c873a6af3e1cfc0df57c117e1e474a6
Import of http://go/wvgerrit/68188
This adds an attribute to metrics indicating if the license was online
or offline.
Also, added a unit test for CdmEngineMetricsImpl.
Test: Unit tests. GPlay manual. GTS tests.
Bug: 115523917
Change-Id: Id315c643048914a2c51904451f9665987bc87eb7
[ Merge of http://go/wvgerrit/67884 ]
Now that we can use C++11, we should use the cross-platform std::mutex
type, not the custom pthread version.
Bug: 111850982
Test: WV unit/integration tests
Change-Id: If2fde2836826c5184609e6b1f3a6511206bd4594
(This is a merge of http://go/wvgerrit/65782)
We have had our own scoped_ptr implementation that is used throughout
the codebase. Now that we support C++11, we can replace these with
std::unique_ptr.
Doing this replacement exposed a few places where the two were not
interchangeable. OEMCrypto Ref was doing some unsafe things with passing
scoped_ptrs to functions and has been updated to use move semantics. And
a few constructors were explicitly constructing a scoped_ptr with NULL,
which is ambiguous with std::unique_ptr. These have been replaced with
default constructor calls.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I37d6d7aad4906709381c74f0c5439f826d2be768
