[ Merge of http://go/wvgerrit/102108 ]
Several tests that make parallel license requests were disabled due
to a flaky server failure unrelated to CDM code. Most of these tests
are now re-enabled to ensure the multi-threaded license requests is
functional on V16.
These tests remains disabled for L3 due to continued flakiness.
Added a lock around the initialization of the SSL library to prevent
issues with license requests getting garbled.
Bug: 137619348
Test: Linux and Android unit tests
Change-Id: Idffaa6039b2bde12613bb5033af32d1af6704c76
(This is a merge of http://go/wvgerrit/102084.)
No one was claiming ownership of the metrics object in
CertificateProvisioningTest, resulting in a leak. This patch makes the
test hold onto ownership.
Bug: 159486086
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I84710782b7a60d6bd3a7eda981de4f0af877fc39
(This is a merge of http://go/wvgerrit/102104)
The device file unit tests use some custom matchers that were written
back when we didn't have C++11. Because gMock requires std::tuple to
pass a pointer AND a length to a matcher, these matchers had to estimate
the length of the file. This technically meant they were causing a
benign buffer overrun sometimes.
Since we have C++11 now, we can fix this by using a matcher over a
std::pair of the pointer and length. I also took the opportunity to
refactor the matchers a little. The old matchers had many very specific
overloads and also collided with the names of some standard gMock
matchers. Now there are just two more-general matchers with unique
names.
Test: CE CDM Unit Tests
Test: Android Unit Tests
Bug: 159463905
Change-Id: I758b140226bfe2bae6962ee5c64fd6af186b5819
[ Merge of http://go/wvgerrit/102109 ]
The CDM was using unique CDM error codes for the various cases
where OEMCrypto would return INSUFFICIENT_RESOURCE. However, these
error codes were being incorrectly mapped at the Android level,
resulting in incorrect errors in the MediaDRM layer.
At no point does the CDM handle different INSUFFICIENT_RESOURCE_x
within the same case, as such the use of unique codes are limited.
This CL removes the unique codes, and unifies them under the same
CDM error code.
This CL also extends SelectKey to handle error codes returned by
LoadEntitledContentKeys.
Bug: 154682842
Test: Unit tests
Change-Id: I319fabf6cac60b0dc19ea891609689daeeaeb435
[ Merge of http://go/wvgerrit/102068 ]
CDM sessions should not be able to load multiple usage entries.
OEMCrypto already prevents multiple entries from being loaded by the
same OEMCrypto session; however, restoring a key typically creates a
new OEMCrypto session, which should not be allowed twice within the
same CDM session.
This test verifies that CDM returns an error if restore key is called
multiple times within the same session.
Bug: 136143733
Test: Android integration test
Change-Id: I594c91250217fd958837328162f909bc931d373f
[ Merge of http://go/wvgerrit/101443 ]
The WVDrmPlugin has a single CdmIdentifier. The CdmIdentifier contains
a SPOID that is calculated from the device ID (keybox or OEM cert),
an application reverse domain name and possibly an origin.
The CdmIdentifier is set and SPOID calculated on certain calls into
WVDrmPlugin. Once it is set, it will not be recalculated. We prevent
certain operations such as modifying the origin once the CdmIdentifier
has been set as this will require recalculating the SPOID.
Recalculating the SPOID may affect open sessions or calls in progress.
In a similar way, modifying the security level, will affect the
Device ID value and in turn the SPOID. The security level cannot be modified
if any sessions are open. This does leave open the possibility that the
SPOID may be calculated at one security level, sessions are then closed,
and the security level is then changed without an error being flagged.
The provisioning certificate file name is based on the SPOID. When
the SPOID does not match the security level, either the provisioning
information may not be found even though that security level has
been provisionined or the provisioning information may be stored
in an incorrect location if provisioning occurs.
The correct solution is to prevent modifications to the security level
once the CdmIdentifier is set. This is a behavior change and might
impact apps. We will reevaluate this for the next release.
For now, we will work around this. When the CdmIdentifier is set for L3,
we will calculate SPOIDs with both L1 and L3 device IDs and check if
provisioning previously occurred with SPOIDs calculated for that level.
If so, use that level, otherwise use L3.
Bug: 147703382
Test: Android unit/integration tests, GtsMediaDrmTests
Change-Id: Ia64adfc5848e431ee3876af03eebdb4b6eb83116
Merge from Widevine repo of http://go/wvgerrit/101905
The reference OEMCrypto should not be built as part of Android.
Test: Builds
Bug: 146361995
Change-Id: Ic25e6e567fcac519636f64dabc0d59b3df78990e
[ Merge of http://go/wvgerrit/100905 and http://go/ag/10708438 ]
Add support for ATSC certificate and licenses handling. ATSC
files are distinguished from the apps DRM certificate and licenses
by file naming conventions.
Bug: 139730600
Test: WV unit/integration test, GtsMediaTestCases
Change-Id: I295f66f92fe01d7716978deac9dc360d74addedd
libcrypto_static has restricted visibility, which is now being
implemented in Make, so we either need to allow it for all vendor
modules, or use the shared library instead.
Bug: 158599308
Test: treehugger
Test: mmma vendor/widevine/libwvdrmengine
Change-Id: I88ddce7ad221c66a20f4e05409ae77421e4196ad
[ Merge of http://go/wvgerrit/100864 and http://go/ag/10704773 ]
ATSC 3.0 allows for licenses to be downloaded OTA and are tied to
a DRM certificate that may be shared across apps. The provisioning
process for ATSC may happen at the factory or during an OS update.
This contrasts from the regular OTT model, which requires that
provisioning and license download have an uplink as well as a
downlink connection.
This adds support for the ATSC mode property. ATSC mode can only be
set (or unset) before sessions are opened. Once the CDM identifier is
set/sealed, requests to modify the ATSC mode will be rejected.
If one needs to open sessions with both ATSC mode and regular (non-ATSC)
mode, separate MediaDrm objects will need to be created. The default
mode is to not use ATSC.
Enable ATSC mode by calling
mediaDrm.setPropertyString("atscMode", "enable")
Disable ATSC mode by calling
mediaDrm.setPropertyString("atscMode", "disable")
Provisioning and unprovisioning requests for ATSC will be rejected as
certificates will be retrieved by the ATSC service.
Bug: 139730600
Test: WV unit/integration test, GtsMediaTestCases
Change-Id: I142f286c711fe007ff42125c3c8cdc6450b6ea36
(This is a merge of http://go/wvgerrit/101423 to Android.)
This header was missing. On the STL used inside Google, it gets included
transitively, but this is not guaranteed and broke in a partner's STL.
Bug: 154185251
Test: Android Build
Test: CE CDM Build and Unit Tests
Change-Id: If8df7e288073e69250f98d67f732804a955bbaa3
Merge from Widevine repo of http://go/wvgerrit/101243
Changed the version number to 16.3 and the date to June 1st. The
delta document has a short description of CL's added since
April 6th.
Test: documentation changes only
Bug: 157030231
Change-Id: I93c2b09d6a24efc71ed77110b115cafbd6fde1c6
Merge from Widevine repo of http://go/wvgerrit/101144
This CL updates the version string of the oemcrypto unit tests.
Test: unit tests on taimen and with reference oemcrypto v16.
Bug: 156789529
Change-Id: I504a32f0c3781870052b58d30312c58e090b145c
Merge from Widevine repo of http://go/wvgerrit/101143
This CL removes the check for a decrypt hash error when CopyBuffer is
used instead of DecryptCenc because a key was not selected.
We also remove the attempt to check the decrypt hash when there are
multiple buffers, because that is not well defined behavior.
Bug: 155185867
Bug: 155192141
Test: ran unit tests on taimen and on v16 reference oemcrypto
Change-Id: I640e904e256f0913ca606bb5db891430b23f44a3
Merge from Widevine repo of http://go/wvgerrit/100964
The previous nonce-free test used the same session to generate the
request as to load the license. However, it is a realistic use case to
have a new session used for loading the license.
The use case relates to a pre-loaded, shared license.
Test: Ran unit tests on taimen and on v16 ref implementation
Bug: 156853321
Change-Id: Ibc07744a16edcd3952d88d73660a75d0c3e8eeb8
