* Add Apple MD5 support in DeviceFiles
[ Merge of http://go/wvgerrit/15544 ]
Patch courtesy of Spotify.
* Changing vague BufferReader log message
[ Merge of http://go/wvgerrit/15515 ]
Amending the buffer reader log message for null parameters in the
read function to say the type of parameter to help tell the
difference between Read2, Read2s, Read4, Read4s, Read8, and
Read8s.
Bug: 23619044
* Fix HTTP socket tests
[ Merge of http://go/wvgerrit/15521 ]
This fixes the build on Jenkins. I missed these when I updated HTTP
socket because they are not part of the CE CDM test suite.
* Update HttpSocket for IPv6
[ Merge of http://go/wvgerrit/15517 ]
Previously, HttpSocket made assumptions about IPv4.
This CL updates this utility to be agnostic to IPv4 vs IPv6.
If our servers start resolving to IPv6 addresses in future,
our tests can now handle this transparently.
* Removed low level warnings from PSSH
[ Merge of http://go/wvgerrit/15489 ]
Unneeded warnings in parsing PSSH and in buffer reader
were appearing in the logs. LOGW commands were replaced
with LOGV.
Bug: 23419359
* BufferReader unit tests and hardening.
[ Merge of http://go/wvgerrit/15449 ]
Added unit tests for public-facing functions.
Added protection against null or negative parameters.
Bug: 23419008
Change-Id: Ia44100a2d1bafe68986ae9a0793214885b21e61e
* Add dummy comments to blank files
git5 patch does not seem to handle blank files well. This CL will
allow the new CDM interface to be tested on iOS before it is
officially merged in google3.
* Stop Parsing the Command Line in InitLogging
[ Merge of http://go/wvgerrit/14164 ]
This change removes the parameters from InitLogging() and removes the
code in the Linux implementation that was using them.
Change-Id: I65849a89a2fac10cfc86eb16165bfcad468140aa
* Extend CdmLicense's stored_init_data_
[ Merge of http://go/wvgerrit/14661 ]
CdmLicense will store init data when a server cert must be
provisioned. After provisioning, the original init data can be used
to generate the originally-intended license request.
To do this before, the caller had to call CdmSession's
GenerateKeyRequest with an empty InitializationData object. However,
the init data's type still had to be set, as did the license type.
This CL allows the caller to use a truly empty InitializationData
without a type. To permit this, CdmLicense now stores a full
InitializationData object, rather than just a copy of it's data field.
With this CL, the caller also avoid storing the original license type.
To accomplish this, CdmSession uses the already-set is_offline_ and
is_release_ flags from the original call to reconstruct the intended
license type. The caller uses the new type kLicenseTypeDeferred.
To facilitate storing whole InitializationData objects, they are now
copyable.
This ultimately simplifies server cert code for the new CE CDM.
* Store service certs in Properties
[ Merge of http://go/wvgerrit/14664 ]
This allows CE devices to mimic the Chrome CDM's behavior of sharing
server certs between sessions.
This also affects Android behavior. Previously, provisioned service
certificates were per-session, while explicitly-set service certs
were per-DRM-plugin. Now, both are per-DRM-plugin.
A DRM plugin is associated with a mediaDrm object. Content
providers will still be able to retrieve and use different
certificates. The change here requires an app, that wishes to use
different provisioned service certificates will have to use
multiple mediaDrm objects. This is an unlikely scenario.
Change-Id: If2586932784ed046ecab72b5720ff30547e84b97
* Add CE test for incomplete remove()
[ Merge of http://go/wvgerrit/14658 ]
This depends on I064c053dd986a432865163aed5c9c3493f14340b to get
PolicyEngine to implement the EME semantics expressed in this test.
This also excludes another error code from causing an error log in
CdmEngine::AddKey, because this is actually an expected, handled
error in the CE CDM and it causes some confusing noise during testing
and development.
* Drop CdmEngine test main
[ Merge of http://go/wvgerrit/14693 ]
The command-line arguments are no longer in use anywhere, and
dropping the CdmEngine test's main allows me to add those tests to
the CE test suite.
* Add PolicyEngine::SetLicenseForRelease()
[ Merge of http://go/wvgerrit/14651 ]
In order to implement the EME-specified behaviors for load() &
remove(), some small changes are required in PolicyEngine.
According to EME, you should be able to remove() an active session.
This means that releasing a persistent session is not a separate load
operation. EME also states that the keys should be expired when this
is done.
Remove() is implemented using GenerateKeyRequest(type=release). This
leads to CdmLicense::RestoreLicenseForRelease, which in turn calls
PolicyEngine::SetLicense. When removing an active session, the policy
engine will have keys already loaded. The old behavior would cause
these keys to be reloaded. We need them to be expired, instead.
Once a remove() has been started, the keys should never be loadable
again. If a release confirmation is not received by the CDM, the
session should still be loadable. EME states that once a session has
had remove() called, then is loaded again later, there should be no
keys. Not that they should be expired, but not present. The old
behavior would cause these keys to be reloaded as usable.
This new method allows EME remove() and load() behaviors to be
faithfully implemented in the CE CDM. When removing an active
session, the old keys become expired. When removing a partially-
removed, newly-loaded session, no keys will be loaded at all.
This change does not affect any existing tests in core/.
New tests have been added in PolicyEngineTest to cover the behavior
of the new method.
Change-Id: Idd61487c277c9eadb4a044cb2a563e151442a548
* Reject session clobbering.
[ Merge of http://go/wvgerrit/14634 ]
This fixes a bug in I17de92b3e682c9c731f755e69466bdae7f560393 in which
sessions can be clobbered by a forced session ID. This bug manifested
in subtle test failures which involved repeatedly creating sessions.
This was traced to OEMCrypto not being terminated, then upward to a
leaked CryptoSession and CdmSession, and then finally to clobbered
session IDs.
To avoid the bug in future, first, reject duplicate session IDs.
Second, change the OpenSession API to make forced IDs explicit.
* Fix unit test namespaces.
[ Merge of http://go/wvgerrit/14622 ]
This fixes some odd errors that occur when linking multiple test
suites into one executable. When two object files both contain
a definition of wvcdm::MockCryptoSession, for example, one will win
silently and cause the other's tests to misbehave and/or crash.
The solution is to put all mocks into an anonymous namespace, since
each wvcdm::(anonymous)::MockCryptoSession is separate.
In order to avoid lots of repetitions of wvcdm:: in the anonymous
namespaces, all anonymous namespaces in unit tests now live inside
or the wvcdm namespace. This has been done even for tests which
are not currently using mocks.
* Move timer and timer_unittest to Android.
[ Merge of http://go/wvgerrit/14619 ]
These are not used anywhere else.
Change-Id: I234f31e9b5c79061205728783596ebaff65e0aff
* Make CdmProvisioningResponse const.
[ Merge of http://go/wvgerrit/14618 ]
The lack of const on this reference seems to be a mistake, since the
responses is never modified. This also allows the new CE CDM to pass
responses directly through from the caller.
* Let Properties determine DeviceFiles level support
[ Merge of http://go/wvgerrit/14620 ]
Non-Android platforms do not have multiple security levels, and so do
not use the security level to construct a base path.
Instead of requiring a known "security level" to construct a file,
accept anything that platform Properties will accept as a base path.
* Drop Properties::GetSecurityLevel().
[ Merge of http://go/wvgerrit/14617 ]
This seems to be dead code.
Change-Id: I94a970279213100730d6e6c763558dbe386f936a
* Expose release and offline statuses in CdmEngine.
[ Merge of http://go/wvgerrit/14616 ]
This will allow me to make some intelligent decisions in the new CE
CDM implementation without having to duplicate all the information
known in the lower levels.
* Account for backward compat support in tests
[ Merge of http://go/wvgerrit/14621 ]
One test ensures that device path backward compatibility is working,
while another assumes it is used.
This fixes test results when
Properties::security_level_path_backward_compatibility_support()
is false.
Previously, the CE CDM did not run these tests, and so this went
unnoticed.
* Remove Lock::Try, which is not used.
[ Merge of http://go/wvgerrit/14624 ]
Change-Id: Id18cf1f5b18c7322b8b636819276361af225734f
* Move Properties::Init into platform-specific code
This enables a refactor where property initialization for CE CDM will
use values provided by the application during library initialization.
[ Merge of http://go/wvgerrit/14510/ ]
* Add Properties::AlwaysUseKeySetIds().
When true, all sessions will have key set IDs and all session IDs
will be the same as the corresponding key set ID.
This will help the new CDM interface stick more closely to the EME
APIs, in which there are no such things as key set IDs and sessions
only have a single, random ID used for both streaming and offline.
[ Merge of http://go/wvgerrit/14521/ ]
* Reserve key set IDs in memory, rather than on the file system.
This makes it more efficient to use key set IDs for non-offline
sessions.
[ Merge of http://go/wvgerrit/14535/ ]
Change-Id: I765c3519619b17cc3c4ef95b1a6b125f479ee1d0
Merge from widevine repo of http://go/wvgerrit/15659
The clang compiler is more strict about C++11. This is needed for
future Android work.
In particular, iostream no longer converts to bool automtically, so
those instances were replaced with ss.fail().
Arrays or structures that appear to be variable length need to be
placed last in a structure. In oemcrypto_test a variable size
structure was replaced with an explicit buffer size, and a check was
added to make sure the buffer is not exceeded.
bug: 20893039
Change-Id: I5e25fc618dcf68262079c15554ee4ceae1858b8b
[ Merge of https://go/wvgerrit/15534 ]
Added command line support and configuration information.
Removed secure transfer, full path and port options from the usage
message as they are not supported.
b/23593222
Change-Id: I7d4cdb4b4db543a6302c742bfc2d2572d75957bd
[ Merge of http://go/wvgerrit/15474 ]
Changes to releaseAllSecureStops made use of a session that was
initialized only if getSecureStops had been previously called. If it was not,
accessing the session resulted in a segfault. This was uncovered by a change
in how the Netflix app invoked mediaDrm.
b/23498809
Change-Id: Ib426ae1830c3a42c5e0849f1b6e8bbfe0d2c74ff
(This is a merge of http://go/wvgerrit/15430)
Previously, after provisioning, any existing offline licenses would be
deleted, as they were inevitably tied to the certificate that was just
replaced. However, due to the way per-origin provisioning works on
Android, this is no longer a safe assumption. Licenses from different
origins are all stored together, so this behavior would delete all
offline licenses across all origins every time any origin is
provisioned. And it is not possible to delete only the licenses for
specific origins without changing how licenses are stored. It is too
late to change how licenses are stored in Android M, so we need to
stop proactively cleaning up licenses in this edge case for now. Once
b/23354606 is resolved, we can reinstate this clean-up and properly
only clean up the licenses associated with the origin that was just
provisioned.
Bug: 23324167
Change-Id: Ic21db8c21bdb4243266cd49020ed52287eb21d9a
Prevent usage of client provided address on
non-secure devices spoofed as being secure.
b/23223325
merge of go/wvgerrit/15420 from widevine repo
Change-Id: I1d4f3a652b3d5e78fca508f92005cfa8df5ec6db
[ Merge of http://go/wvgerrit/14900 ]
When releasing a license, usage entries were being released twice with
both OEMCrypto_DeleteUsageEntry and OEMCrypto_ForceDeleteUsageEntry being
called. The second call would always fail because the usage information had
already been released. The CdmSession::DeleteLicense methods will now only
handles deletion of license metadata and leave deletion of usage entries to
the CdmLicense class.
b/22097805
Change-Id: Ic55764d5357043d136e7d88583f709a4ceea3e64
[ Merge of http://go/wvgerrit/14920 ]
The renew_with_client_id field was not being correctly set when licenses
were being restored for usage reporting.
b/22047007
Change-Id: Ib769431b1e49bb498f53d8153a970b6c0a2776d2
The external/gmock project does not include the patches needed for
widevine, so renaming the internal copy allows both to coexist in the
build system.
(cherry-pick of 5b830f19b6 with conflict.)
Change-Id: I77c956db30921afffe31d11e1cd2d99541925f35
[ Merge of http://go/wvgerrit/14824 ]
OEMCrypto v9 added support for secure usage reporting with the help of
a session usage table. This was enabled through the replay control bits
in the key control block. It was expected that streaming licenses
would enable the nonce required bit, while offline licenses would
enable session usage table entry flag. There are certain cases
where content providers would prefer not to enable the flag for offline
licenses and this test verifies that this scenario works.
b/17514500
Change-Id: Icd1bea8cec2fd52be2be249424891ce1755d5f25
merge of http://go/wvgerrit/14807 from the widevine repo.
The mediaDrm API only allows for a single provisioning attempt at a time.
If concurrent provisioning attempts occur, resources are released from
all but the last request, in order to allow at least that one to be successful.
Any provisioning responses received before one from the last request will
be rejected. A side-effect was that all provisioning resources would
then be released. This caused a provisioning response from the last attempt
to be rejected as well. This CL corrects this behavior and releases resources
only if a provisioning attempt is successful.
The side-effect is that, if the response to the last request is not received
or failure occurs while processing, a crypto session may be held until the
next provisioning attempt.
In other cases of concurrency, provisioning responses to requests other than
the last which are received after the last response will be declared successful.
b/21879484
Change-Id: I3a840ceda1a16ee6adb40c2dbca6c4adf3da12c3
(This is a merge of http://go/wvgerrit/14795)
This change restores the ability to build the Widevine CDM for Android
for MIPS devices. It restores the precompiled binaries for MIPS and
re-adds MIPS to all makefiles.
This change includes a new build of the obfuscated binaries for
MIPS32r1 that were built using a MIPS device on the emulator.
level3/mips/libwvlevel3.a Level3 Library Jun 19 2015 12:32:49
Bug: 19482469
Change-Id: Ifa1c299a5751f3772c42289d8333a2b8cec51f69
(This is a merge of http://go/wvgerrit/14783)
When validation was added to the service certificate property, it
broke the associated test, which sends random data. It also did not
do any testing of the new validation itself.
This fix makes the validation method on WvContentDecryptionModule
non-static so that it can be mocked and handled appropriately in the
test.
Bug: 21923281
Change-Id: Id5d2315709fce35f9347b3545f594371810349f0
[ Merge from http://go/wvgerrit/14745 ]
License generation errors previously would result in code -2916 being returned
though the mediaDrm API. More descriptive error codes are now being returned
from -2850 to -2836
b/13976775
Change-Id: I613ad650ab0a072ce9d8029e2af52b72dc617236
[ Merge from http://go/wvgerrit/14670 ]
Concurrent provisioning attempts are declared successful if any one of them
succeeds. Earlier only the successful ones were declared as such.
b/21727698
Change-Id: I67dedca44790a4ae236e14f90a8fc91775273905
(This is a merge of http://go/wvgerrit/14630)
To create a better flow when an application sets a service certificate
manually, we will now validate the certificate when it is given to us,
and if it is invalid, we will not allow the property to be set.
Bug: 21307186
Change-Id: If980ad075604223fc962a859fae93e98d86a7f4f
(This is a merge of http://go/wvgerrit/14531)
As an optimization, the Media Server now unloads our library when not
in use. This has exposed a bug by which we were never deleting the CDM
singleton. Fix is to make WvContentDecryptionModule an Android smart
pointer ref base and then make sure all the plugins store a strong
pointer to it. The singleton is a weak pointer, so when the last
plugin is cleaned up, the CDM will be as well. And on the off chance
that the library isn't immediately unloaded, the singleton code will
generate a new CDM next time one is needed.
Bug: 21153732
Change-Id: Ifaf02fa9afe0a70a8b53e8b92ee0a3d1359ca001
[ Merge of http://go/wvgerrit/14480 ]
Server upgrades have been completed and allow these tests to run successfully
against UAT. They were earlier tested against staging.
b/21479112
Change-Id: Ifc5e5780fa5305c6ddfd662ada204db599cb5c6e
[ Merge of http://go/wvgerrit/14410 ]
When specifying a service certificate though mediaDrm, the CDM earlier expected
serialized service certificates rather than signed ones.
b/21334970
Change-Id: I39af2aa25e8dc2a651cbdce84eb32f266b5b3382
