This change is a merge of the following changes:
1. Remove MultipleSessions (go/wvgerrit/16763)
2. Increase Memory Budget (go/wvgerrit/16764)
3. Fixing Possible Integer Overflow (go/wvgerrit/16765)
4. Creating Call Table (go/wvgerrit/16766)
5. Creating Call History (go/wvgerrit/16767)
6. Connecting Profiled Scope (go/wvgerrit/16768)
7. Adding Call Table Version Number (go/wvgerrit/16780)
8. Add Version Number to Call History (go/wvgerrit/16781)
bug: 27157796
Change-Id: Ia3f088a1714f3f5b426fee6141daa4ea8d832cf4
[ Merge of http://go/wvgerrit/16769 ]
Protos have been updated to match the google3 copy. This introduces
protection scheme to support HLS and MetricData to assist
in reporting. Changes have been made to set or consume data
from appropriate fields.
b/27146600
Change-Id: Ic928a406efb8fbb959b95a77dda6848e839b1948
[ Merge of http://go/wvgerrit/16544, http://go/wvgerrit/16639 ]
* This fixes the oemcrypto unit tests to build with the ce cdm.
The unit tests do not build when it is detected that a long (NULL)
is compared to a pointer.
* Remove NULL pointer comparison
On some platforms ASSERT_NE(NULL, ptr) does not work. This CL
replaces it with ASSERT_TRUE(NULL != ptr).
* Test Simultaneous Decrypt
With the increasing number of devices that support multiple screens or
windows, it is desireable to verify that OEMCrypto can have several
sessions open and actively decrypting at the same time.
Calls to OEMCrypto are still serialized -- this is not a threading
test -- but we still have multiple sessions open and decrypt from each
of them.
* Remove unused variable in initialization_data
Change-Id: I1a4be38fb30a14f610544416db653a81342f16b3
[ Merge of http://go/wvgerrit/16625 and http://go/wvgerrit/16633 ]
Reduce the number of parameters needed by GenerateKeyRequest.
Combining all output values into a single struct.
BUG: 26162546
Change-Id: Ibeb3f4df4a8e877511f8ab2e6c543001a921f285
[Merge of http://go/wvgerrit/16626]
[Cherrypick from http://go/ag/858552 to nyc-dev branch]
Setting umask to ensure only owner can access sensitive files.
Fixes request_license_test which creates directories and files
accessible by group and others.
bug: 26567162
Change-Id: I63553ec9210f3a4c160cd4c4f2a49c9e0a4157db
This silences the canary test to match the Android version string
change from NYC to N. properties_android.cpp has already previously
been updated for N, so no need to bump the Widevine Android version
number at this time (see: go/ag/800077)
Matching Widevine cl: go/wvgerrit/16664
Bug: 26901110
Change-Id: Ib8f47f77bbb4dd2c7c302102fe43007059af2d50
[ Merge of http://go/wvgerrit/16628 ]
Jsmn will replace a local method that parsed json init data.
Added a fix to include all key Ids in the WidevineCencHeader rather than
just the first. Also modified the content_id to reflect that it is a
base64 encoded value.
b/20630275
Change-Id: I7080c8cea21be4dea09a4905a96b4cc03e584c1d
[ Merge for http://go/wvgerrit/16617 ]
This adds additional test coverage to verify HLS EXT-X-KEY attribute
lists.
b/20630275
Change-Id: I72d7aa13b9b190728a56668ab79fa5e93bfa0d8b
[ Merged of http://go/wvgerrit/16576 ]
The WV EXT-X-KEY attribute list earlier expected a cenc PSSH box in the
URI field, in a hexadecimal sequence format. To ease the burden on
content providers, the URI field will now contain init data in a json
format and base64 encoded. The platform will assume responsibility
to parse this data and create a widevine init data protobuf that
can be included in the license request.
b/20630275
Change-Id: I49e270bedbe96791fc9b282214a9a358d95d163e
[ Merge of http://go/wvgerrit/16550 ]
This is in addition to Web safe Base64 encode/decode support by core.
Change-Id: I9ed51721b138a7f15fb4d216796deadd5d5b31a2
This CL is a merge from the widevine repo of
http://go/wvgerrit/16553 Prebuilt Level 3 OEMCrypto for Android
http://go/wvgerrit/16238 Require OEMCrypto v11 for Android N Unit Tests
http://go/wvgerrit/16484 Shared License Tests (OEMCrypto v11)
http://go/wvgerrit/16448 Pattern Decrypt Unit Tests and Reference Implementation
http://go/wvgerrit/16489 Enforce UNUSED Variables
http://go/wvgerrit/16479 Pattern Decrypt for Level 3 OEMCrypto
http://go/wvgerrit/16280 Correctly handle bad RSA key
http://go/wvgerrit/16315 Security Patch Level - haystack version
http://go/wvgerrit/16282 Correctly handle null pointer in GetKeyData
http://go/wvgerrit/16294 Initialize data for generation number
It contains the Level 3 implementation, as well.
mips/libwvlevel3.a Level3 Library Jan 22 2016 14:30:27
arm/libwvlevel3.a Level3 Library Jan 22 2016 15:03:55
x86/libwvlevel3.a Level3 Library Jan 22 2016 13:52:29
b/26692954 [DRM] OEMCrypto v11 needed for Nexus devices
Change-Id: Ibb1384959620f63a1be1e82ce2952ec9f48f0d3e
[ Merge from http://go/wvgerrit/16498 ]
The CDM now supports AES CTR and CBC block cipher modes. The license
specifies the mode to be used in the key container. The mode is
also specified in mediaCrypto when calling decrypt. This adds
verification for the cipher block mode.
Change-Id: I2587fc1e4b6d77161f2f8653f8516024c73dd8ac
[ Merge from http://go/wvgerrit/16499 ]
Passing clear subsamples to OEMCrypto_CopyBuffer and encrypted subsamples
to OEMCrypto_DecryptCTR was causing performance issues as a lack of crypto
session information made it hard to associate clear and encrypted
subsamples with each other.
[ Based on a patch from Kelly Ren/Qualcomm ]
b/26538744
Change-Id: I4644f197b2ec481f6aa89d3fce29b22ebb7b0c06
This is a merge of squashed CLs.
* Cdm Session and Engine interface clean up
[ Merge of http://go/wvgerrit/16387 ]
Key Set Ids have been removed from the CdmSession interface
(GenerateKeyRequest, Addkey) as they can be queried by an accessor.
The CdmEngine interface now allows one to specify or retrieve a session ID,
since both were not being used in a single call. Key set IDs are no longer
returned though GenerateKeyRequest as they was not being used.
* Generate key set ID when session is initialized
[ Merge of http://go/wvgerrit/16370 ]
Key set IDs are currently generated at different times in the
CdmSession lifecycle. Android generates key set IDs when the license
is received, while the CE CDM generates (or overrides them)
when the session is constructed.
The key set IDs are now generated when the session is initialized.
Key set generation cannot occur earlier as it has a dependency on
security level and in turn on crypto session initialization which
occurs when the session is initialized.
Depenencies on Session ID has caused other activities, construction of
PolicyEngine, CdmLicense, setting property CDM client sets to be
deferred from CdmSession constructor to Init().
Android will still retrieve the key set IDs after the offline license is
processed. For streaming requests, the key set will be
unreserved and discarded when the session is terminated.
Change-Id: Ib802d1c043742d62efa9a2c901fcd113e836c33d
[ Merge of http://go/wvgerrit/16241 and http://go/wvgerrit/16364 ]
This will allow a usage session to be loaded later by key set ID.
This is needed for EME-style secure stop in the new CE CDM API.
b/25816911
Change-Id: I916340047492fbc0556d0e90bd2eac0f3eafe597
[ Merge of http://go/wvgerrit/16364 ]
http://go/wvgerrit/16249 changed the name of the encryption pattern
structure from OEMCrypto_PatternDesc to OEMCrypto_CENCEncryptPatternDesc
to remove ambiguity. These are matching changes to CDM core.
[ Merge of http://go/wvgerrit/16340 ]
This CL passes the cipher mode in the license to OEMCrypto when
keys are loaded and specifies the pattern encryption scheme to
OEMCrypto_DecryptCENC.
b/20630275
Change-Id: I86b82bbdc891fd0100beb9fad385ca2082176271
[ Merge of http://go/wvgerrit/16290 ]
HLS uses an EXT-X-KEY tag and attribute list in the media playlist to
identify the key and method used to encrypt media segments. This allows
for the attributes to be parsed and extracted.
b/20630275
Change-Id: I2c4a419022f933b7b34b64dc48930f167abe65c6
[ Merge from http://go/wvgerrit/16406 ]
This was detected by static analysis tool cppcheck.
b/26348775
Change-Id: Icc6a55b9b4a1ffe882488ac069e3c3df2e796e91
[ Merge of http://go/wvgerrit/16405/ ]
Methods in string conversion and license request tests were not being used.
This was detected by static analysis cppcheck reports.
b/26349052
Change-Id: I44779abf6b6fdc01b5391bff7d47be1d20ef84d2
Merge of widevine change http://go/wvgerrit/16249
This CL adds unit tests and reference code for the security patch
level, which is a new feature in OEMCrypto v11. This CL also adjusts
the dynamic and static adapters to still run with devices that have a
v10 OEMCrypto.
The level 3 haystack code will be updated in a future CL.
bug: 26188985
Change-Id: I518ef46b4098cf3718fe0c0390bfb6825db4fb6b
Merge from widevine repo of http://go/wvgerrit/16186
These are the OEMCrypto v11 documents and header files. I have updated
just enough code so that existing unit tests pass. New unit tests,
the reference implementation, and the level 3 implementation are in
future CLs.
Change-Id: I9bbf1909e047f63a5877320a2d06740a3c4a3e32
(This is a merge of http://go/wvgerrit/16162)
Usage tables on L3 devices are stored under IDM*. They will be removed
upon factory reset. However, we need to call OEMCrypto_DeleteUsageTable
for L1 devices because the usage tables are stored in secure storage.
bug: 25597957
Change-Id: I8533dfac60fad6ce7ddfd026a283633d6875dcf3
(This is a merge of http://go/wvgerrit/15992)
This also updates the canary so that it will be silent on master.
Bug: 25153516
Change-Id: I11163c98230c5a521609b5556b139f4508996858
* Fix strict aliasing error in gcc
[ Merge of http://go/wvgerrit/15856 ]
This also ensures the alignment of 64-bit memory access in a portable
way, without using compiler-specific mechanisms like attributes or
platform-specific mechanisms like memalign.
(The aliasing error does not show up in clang.)
* Return kNotSupported for non-Widevine init data
[ Merge of http://go/wvgerrit/15853 ]
This also improves logging for the init data parser by including a
verbose message for non-Widevine PSSHs and by using a new IsEOF()
method to avoid misleading "Unable to read atom size" logs.
* Cast RSA_size() to int
[ Merge of http://go/wvgerrit/15880 ]
It has been suggested that this may be unsigned on some versions of
OpenSSL or BoringSSL.
* Be strict about warnings for CE CDM
[ Merge of http://go/wvgerrit/15831 ]
* Enable all warnings and treat warnings as errors in the CE build.
* Fix all existing warnings (mostly unused variables, consts, and
functions, and one signed/unsigned comparison).
* Exclude protobuf warnings rather than maintain a divergent copy.
* Fix release build errors
[ Merge of http://go/wvgerrit/15855 ]
* Level 3 Build With Android Emulator
[ Merge of http://go/wvgerrit/15778 ]
This CL rebuilds the level 3 libraries with the android emulator
sdk_phone_*. This seems to avoid problems with the x86 build using
incorrect compiler flags.
These libraries work for arm, x86, mips, arm64, and x86_64. The level
3 library is disabled for mips64.
Versions:
level3/mips/libwvlevel3.a Level3 Library Sep 30 2015 18:29:50
level3/arm/libwvlevel3.a Level3 Library Sep 28 2015 13:18:25
level3/x86/libwvlevel3.a Level3 Library Sep 28 2015 13:08:28
Change-Id: I1e50aa78bdc84ecb905f2e55297d4f48b140341c
[ Merge of http://go/wvgerrit/15780 ]
Android mediaDrm allows callers to serially query status information through a
property API. CDM however retrieves all status information in a map and
filters out all but the relevent one. This leads to delays in Netflix app
startup. Rewriting the CDM interface to return only the queried value.
b/24181894
Change-Id: Ie9ed6288524e3a7e03b83aa55ef3531dd52a0dfb
* Update unit test make files to use BoringSSL
[ Merge of http://go/wvgerrit/14173 ]
This CL updates the android makefiles to use the libcrypto_static.
* Do Not Run Provisioning Tests On Devices Without Keyboxes
[ Merge of http://go/wvgerrit/15633 ]
The provisioning tests outside OEMCrypto were failing on devices that
use baked-in certificates because only OEMCrypto knows that the cert
is baked in and the device cannot be reprovisioned. This change
skips those two tests if the device says it does not implement
rewrapping the cert. (i.e. it does not implement provisioning)
Bug: 23554998
* Add new third-party libs (protobuf & gyp)
[ Merge of http://go/wvgerrit/14717 ]
The CE CDM used to expect these to be installed system-wide, which
creates challenges for integrators who must cross-compile the CDM.
These are now used in source form from third_party.
Change-Id: I29cca2f9415fe2fafdf948273e5a0f5d7de50285
* Add Apple MD5 support in DeviceFiles
[ Merge of http://go/wvgerrit/15544 ]
Patch courtesy of Spotify.
* Changing vague BufferReader log message
[ Merge of http://go/wvgerrit/15515 ]
Amending the buffer reader log message for null parameters in the
read function to say the type of parameter to help tell the
difference between Read2, Read2s, Read4, Read4s, Read8, and
Read8s.
Bug: 23619044
* Fix HTTP socket tests
[ Merge of http://go/wvgerrit/15521 ]
This fixes the build on Jenkins. I missed these when I updated HTTP
socket because they are not part of the CE CDM test suite.
* Update HttpSocket for IPv6
[ Merge of http://go/wvgerrit/15517 ]
Previously, HttpSocket made assumptions about IPv4.
This CL updates this utility to be agnostic to IPv4 vs IPv6.
If our servers start resolving to IPv6 addresses in future,
our tests can now handle this transparently.
* Removed low level warnings from PSSH
[ Merge of http://go/wvgerrit/15489 ]
Unneeded warnings in parsing PSSH and in buffer reader
were appearing in the logs. LOGW commands were replaced
with LOGV.
Bug: 23419359
* BufferReader unit tests and hardening.
[ Merge of http://go/wvgerrit/15449 ]
Added unit tests for public-facing functions.
Added protection against null or negative parameters.
Bug: 23419008
Change-Id: Ia44100a2d1bafe68986ae9a0793214885b21e61e
* Add dummy comments to blank files
git5 patch does not seem to handle blank files well. This CL will
allow the new CDM interface to be tested on iOS before it is
officially merged in google3.
* Stop Parsing the Command Line in InitLogging
[ Merge of http://go/wvgerrit/14164 ]
This change removes the parameters from InitLogging() and removes the
code in the Linux implementation that was using them.
Change-Id: I65849a89a2fac10cfc86eb16165bfcad468140aa
* Extend CdmLicense's stored_init_data_
[ Merge of http://go/wvgerrit/14661 ]
CdmLicense will store init data when a server cert must be
provisioned. After provisioning, the original init data can be used
to generate the originally-intended license request.
To do this before, the caller had to call CdmSession's
GenerateKeyRequest with an empty InitializationData object. However,
the init data's type still had to be set, as did the license type.
This CL allows the caller to use a truly empty InitializationData
without a type. To permit this, CdmLicense now stores a full
InitializationData object, rather than just a copy of it's data field.
With this CL, the caller also avoid storing the original license type.
To accomplish this, CdmSession uses the already-set is_offline_ and
is_release_ flags from the original call to reconstruct the intended
license type. The caller uses the new type kLicenseTypeDeferred.
To facilitate storing whole InitializationData objects, they are now
copyable.
This ultimately simplifies server cert code for the new CE CDM.
* Store service certs in Properties
[ Merge of http://go/wvgerrit/14664 ]
This allows CE devices to mimic the Chrome CDM's behavior of sharing
server certs between sessions.
This also affects Android behavior. Previously, provisioned service
certificates were per-session, while explicitly-set service certs
were per-DRM-plugin. Now, both are per-DRM-plugin.
A DRM plugin is associated with a mediaDrm object. Content
providers will still be able to retrieve and use different
certificates. The change here requires an app, that wishes to use
different provisioned service certificates will have to use
multiple mediaDrm objects. This is an unlikely scenario.
Change-Id: If2586932784ed046ecab72b5720ff30547e84b97
* Add CE test for incomplete remove()
[ Merge of http://go/wvgerrit/14658 ]
This depends on I064c053dd986a432865163aed5c9c3493f14340b to get
PolicyEngine to implement the EME semantics expressed in this test.
This also excludes another error code from causing an error log in
CdmEngine::AddKey, because this is actually an expected, handled
error in the CE CDM and it causes some confusing noise during testing
and development.
* Drop CdmEngine test main
[ Merge of http://go/wvgerrit/14693 ]
The command-line arguments are no longer in use anywhere, and
dropping the CdmEngine test's main allows me to add those tests to
the CE test suite.
* Add PolicyEngine::SetLicenseForRelease()
[ Merge of http://go/wvgerrit/14651 ]
In order to implement the EME-specified behaviors for load() &
remove(), some small changes are required in PolicyEngine.
According to EME, you should be able to remove() an active session.
This means that releasing a persistent session is not a separate load
operation. EME also states that the keys should be expired when this
is done.
Remove() is implemented using GenerateKeyRequest(type=release). This
leads to CdmLicense::RestoreLicenseForRelease, which in turn calls
PolicyEngine::SetLicense. When removing an active session, the policy
engine will have keys already loaded. The old behavior would cause
these keys to be reloaded. We need them to be expired, instead.
Once a remove() has been started, the keys should never be loadable
again. If a release confirmation is not received by the CDM, the
session should still be loadable. EME states that once a session has
had remove() called, then is loaded again later, there should be no
keys. Not that they should be expired, but not present. The old
behavior would cause these keys to be reloaded as usable.
This new method allows EME remove() and load() behaviors to be
faithfully implemented in the CE CDM. When removing an active
session, the old keys become expired. When removing a partially-
removed, newly-loaded session, no keys will be loaded at all.
This change does not affect any existing tests in core/.
New tests have been added in PolicyEngineTest to cover the behavior
of the new method.
Change-Id: Idd61487c277c9eadb4a044cb2a563e151442a548
* Reject session clobbering.
[ Merge of http://go/wvgerrit/14634 ]
This fixes a bug in I17de92b3e682c9c731f755e69466bdae7f560393 in which
sessions can be clobbered by a forced session ID. This bug manifested
in subtle test failures which involved repeatedly creating sessions.
This was traced to OEMCrypto not being terminated, then upward to a
leaked CryptoSession and CdmSession, and then finally to clobbered
session IDs.
To avoid the bug in future, first, reject duplicate session IDs.
Second, change the OpenSession API to make forced IDs explicit.
* Fix unit test namespaces.
[ Merge of http://go/wvgerrit/14622 ]
This fixes some odd errors that occur when linking multiple test
suites into one executable. When two object files both contain
a definition of wvcdm::MockCryptoSession, for example, one will win
silently and cause the other's tests to misbehave and/or crash.
The solution is to put all mocks into an anonymous namespace, since
each wvcdm::(anonymous)::MockCryptoSession is separate.
In order to avoid lots of repetitions of wvcdm:: in the anonymous
namespaces, all anonymous namespaces in unit tests now live inside
or the wvcdm namespace. This has been done even for tests which
are not currently using mocks.
* Move timer and timer_unittest to Android.
[ Merge of http://go/wvgerrit/14619 ]
These are not used anywhere else.
Change-Id: I234f31e9b5c79061205728783596ebaff65e0aff
* Make CdmProvisioningResponse const.
[ Merge of http://go/wvgerrit/14618 ]
The lack of const on this reference seems to be a mistake, since the
responses is never modified. This also allows the new CE CDM to pass
responses directly through from the caller.
* Let Properties determine DeviceFiles level support
[ Merge of http://go/wvgerrit/14620 ]
Non-Android platforms do not have multiple security levels, and so do
not use the security level to construct a base path.
Instead of requiring a known "security level" to construct a file,
accept anything that platform Properties will accept as a base path.
* Drop Properties::GetSecurityLevel().
[ Merge of http://go/wvgerrit/14617 ]
This seems to be dead code.
Change-Id: I94a970279213100730d6e6c763558dbe386f936a
* Expose release and offline statuses in CdmEngine.
[ Merge of http://go/wvgerrit/14616 ]
This will allow me to make some intelligent decisions in the new CE
CDM implementation without having to duplicate all the information
known in the lower levels.
* Account for backward compat support in tests
[ Merge of http://go/wvgerrit/14621 ]
One test ensures that device path backward compatibility is working,
while another assumes it is used.
This fixes test results when
Properties::security_level_path_backward_compatibility_support()
is false.
Previously, the CE CDM did not run these tests, and so this went
unnoticed.
* Remove Lock::Try, which is not used.
[ Merge of http://go/wvgerrit/14624 ]
Change-Id: Id18cf1f5b18c7322b8b636819276361af225734f
* Move Properties::Init into platform-specific code
This enables a refactor where property initialization for CE CDM will
use values provided by the application during library initialization.
[ Merge of http://go/wvgerrit/14510/ ]
* Add Properties::AlwaysUseKeySetIds().
When true, all sessions will have key set IDs and all session IDs
will be the same as the corresponding key set ID.
This will help the new CDM interface stick more closely to the EME
APIs, in which there are no such things as key set IDs and sessions
only have a single, random ID used for both streaming and offline.
[ Merge of http://go/wvgerrit/14521/ ]
* Reserve key set IDs in memory, rather than on the file system.
This makes it more efficient to use key set IDs for non-offline
sessions.
[ Merge of http://go/wvgerrit/14535/ ]
Change-Id: I765c3519619b17cc3c4ef95b1a6b125f479ee1d0
