Merge from Widevine repo of http://go/wvgerrit/75123
Merge from Widevine repo of http://go/wvgerrit/75114
This changes the encoding for the hash to be hex instead of base64.
Also, the bad frame number is initialized to 0 to make it easier to
debug. And the FDPT test app now uses the correct byte order.
Bug: 129100318
Test: unit tests, FDPT test app.
Change-Id: I296bab990125a4e18bec92f3316e8289a3b25a6b
(This is a merge of http://go/wvgerrit/72764)
Netflix has identified a calling pattern that causes this mutex to be
taken recursively. This is not guaranteed to be safe for Widevine's
old custom Lock implementation nor std::mutex. However, it is guaranteed
to be safe for std::recursive_mutex. This patch updates the mutex in use
accordingly.
In the long-term, this lock needs to be reconsidered, as already noted
by comments in the code. It would be great if the reconsidered locking
did not require a recursive-safe lock. The TODO for this has been spun
off into its own bug and the comment has been updated to point to this.
Bug: 120471929
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I34df64456de4b469b75caf25a33f0bc53a5da330
[ Merge of http://go/wvgerrit/72703 ]
SRM is an optional feature and whether it is implemented is upto the
discretion of OEMs. If it is not, avoid logging this information.
Bug: 124391178
Test: WV unit/integration tests
Change-Id: If8d2b1e0b59fb11825f832a5d4259b03c482fd6b
[ Merge from http://go/wvgerrit/71923 ]
Plumb through the device files error detail and add the detail to
metrics.
Bug: http://b/115382201
Test: Unit tests, manual GPlay.
Change-Id: I18139f6712b6670be5fed863a97f9f03440745c7
[ Merge from http://go/wvgerrit/71726 ]
Adds an error detail metric attribute to RestoreUsageSession and
RestoreOfflineSession. These metrics will now report an additional
attribute providing additional error detail for debugging.
BUG: http://b/115517916
Test: CDM Unit Tests. Manually tried GPlay.
Change-Id: Ib48361ef29d33a16150473d8967e4850bc0c623d
[ Merge from http://go/wvgerrit/71443 ]
The assumption that the metrics will always outlive the CdmSession
instance appears not to always hold (at least in a non-android
multi-threaded solution). The shared_ptr ensures that the metrics
are available even in these rare race conditions.
BUG: http://b/123321465
Test: CDM unit tests. Also http://go/wvgerrit/71264 parallel tests.
Change-Id: Iaa6a8f6c0fdc46a911789759d6e1228d849aa237
[ Merge from http://go/wvgerrit/69105 ]
This adds a metric collecting decorator class around cdm engine. This
implementation uses a templated decorator. The decorator enables:
1) Wrapping the CDM Engine methods to capture timing and error
information.
2) Allows use of a mock CDM Engine for testing.
Test: Unit tests. GPlay manual testing and GTS tests.
BUG: http://b/64724336
Change-Id: I5e4a0f552974fab1939bc7ab02719a1f5849cf3f
[ Merge of http://go/wvgerrit/71326 ]
Nonce flood, frame size, session and system invalidation errors
will now bubble up to the app. OEMCrypto v15 returns
OEMCrypto_ERROR_BUFFER_TOO_LARGE, OEMCrypto_ERROR_SESSION_LOST_STATE,
OEMCrypto_ERROR_SYSTEM_INVALIDATED and a variety of nonce errors.
These will be reported to HIDL as OUTPUT_TOO_LARGE_ERROR,
ERROR_DRM_SESSION_LOST_STATE, ERROR_DRM_INVALID_STATE and
ERROR_DRM_RESOURCE_CONTENTION.
Bug: 120572706
Test: Unit/Integration tests
Change-Id: Ida177300046327ce81592a273028ef6c3a0d9fd9
Merged from http://go/wvgerrit/69723.
The new APIs are getOfflineLicenseIds, getOfflineLicenseState and
removeOfflineLicense. These methods are currently stubbed out in
Widevine hidl service. This CL completes the implementation.
Test: unit tests - libwvdrmdrmplugin_hidl_test
Test: GTS
--test com.google.android.media.gts.MediaDrmTest#testWidevineApi29
bug: 117570686
Change-Id: I96ffb75f453e36e931effefd3664b5faa8d69d30
[ Merge of http://go/wvgerrit/70665 ]
This allows one to be able to query for security level, from
Crypto factory methods before the plugins and CdmEngine objects
have been created.
Bug: 117104043
Test: WV Unit/integration tests
Change-Id: Id07f420c3cfb92166cd3bb3cf82148d52e10eb03
[ Merge of http://go/wvgerrit/65983 ]
Add support to drop closed metrics in order to save space for
long-running applications (and CdmEngine instances). The code now keeps
only a limited number of metrics collections after the session is closed.
As a session (and its metrics session) is closed, the oldest, closed metrics
session is dropped. This means those metrics will not be reported nor
accessible in the client.
Bug: http://b/118664842
Test: CDM Unit tests. Android Unit Test. Ran GPLay Manually.
Change-Id: I27d6e61a8fe4148ad1ef2a433c8e5f4cdd84cc72
[ Merge of http://go/wvgerrit/69724 ]
Some queries no longer require a session to be opened before they
can be answered - security level, current HDCP level, max HDCP level,
usage support, number of open sessions, max sessions,
OEMCrypto API version, current SRM version, SRM update support,
resource rating tier and OEMCrypto build information.
b/117104043
Test: WV unit/integration tests
Change-Id: I92f8249e5599860da8cbf42d3b16f25515a46c55
[ Merge of http://go/wvgerrit/68083 ]
Add ability to query decrypt hash support, set a hash computed over a frame
and retrieve the last error at a later point.
Bug: 34080802
Test: WV unit/integration tests. New tests added to cdm_engine_test,
libwvdrmdrmplugin_hidl_test and request_license_test.
Change-Id: I7548c8798c873a6af3e1cfc0df57c117e1e474a6
Import of http://go/wvgerrit/68188
This adds an attribute to metrics indicating if the license was online
or offline.
Also, added a unit test for CdmEngineMetricsImpl.
Test: Unit tests. GPlay manual. GTS tests.
Bug: 115523917
Change-Id: Id315c643048914a2c51904451f9665987bc87eb7
[ Merge of http://go/wvgerrit/67884 ]
Now that we can use C++11, we should use the cross-platform std::mutex
type, not the custom pthread version.
Bug: 111850982
Test: WV unit/integration tests
Change-Id: If2fde2836826c5184609e6b1f3a6511206bd4594
[ Merge of http://go/wvgerrit/67324 ]
This introduces the ability to query resource rating tier information
through the plugin and CDM. Resource rating tiers are also
sent in the client identification portion of the license request.
Bug: 117112392
Test: WV unit/integration tests
Change-Id: I68ac6dfc4362f61150af822bd526e346b5cc4bf7
(This is a merge of http://go/wvgerrit/66625)
Google C++ Style dictates that methods which override base class or
interface methods should be declared "override" but not "virtual". Since
our codebase has not had access to "override" until now, many of our
classes do not follow this rule. I've updated as many places as I could
find to follow Google C++ Style, which should hopefully help us catch
errors better in the future.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: Ic23e2e482e967256da306791532b5fec7b81b2f2
[ Merge of http://go/wvgerrit/66083 and http://go/ag/5445191 ]
Fix proposed by amlogic. Release usage session early in the CdmEngine
destructor to avoid SIGBUS.
Bug: 118646062
Test: WV unit/integration tests.
Change-Id: I8b419c57814dc32e9873173ab6c24d209bdcc3a0
(This is a merge of http://go/wvgerrit/65782)
We have had our own scoped_ptr implementation that is used throughout
the codebase. Now that we support C++11, we can replace these with
std::unique_ptr.
Doing this replacement exposed a few places where the two were not
interchangeable. OEMCrypto Ref was doing some unsafe things with passing
scoped_ptrs to functions and has been updated to use move semantics. And
a few constructors were explicitly constructing a scoped_ptr with NULL,
which is ambiguous with std::unique_ptr. These have been replaced with
default constructor calls.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I37d6d7aad4906709381c74f0c5439f826d2be768
(This is a merge of http://go/wvgerrit/65783)
Straightforward patch to replace our shared_ptr implementation with
std::shared_ptr, which works identically for all our use cases.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I9e8624dd3cab70a45941a45eb553c1ea0c077d2f
Merge from Widevine repo of http://go/wvgerrit/56520
This CL adds a test base that installs a test keybox and catches nonce
flood errors for all CDM tests.
In order to do this, a new class is added called a
CryptoSessionFactory. The default factory just creates a new
CryptoSession. All places in the code that create a new CryptoSession
now call the static method MakeCryptoSession, which uses the current
factory to create a CryptoSession. If MakeCryptoSession is called and
there is no current factory, a default factory is created.
The CryptoSession constructor is now private, so that we do not
accidentally try to create one without using the factory.
For the new test base, we first create a special test
CryptoSessionFactory that creates a TestCryptoSession. The test
factory catches the first call to MakeCryptoSession and injects an
installation of the test keybox after OEMCrypto_Initialize is called.
The TestCryptoSession injects a sleep statement and a retry whenever
it detects a nonce flood.
Test: current unit tests still pass.
bug: 72354901 Fix Generic Crypto tests.
bug: 111361440 Remove #ifdef from unit tests
Change-Id: I248e7f3c53721c04d2af412ef835e19bb4d15d9a
Merge from Widevine repo of http://go/wvgerrit/52480
Partners have asked for a way to release offline licenses without
using a release message. This is typically used by cable partners who
are caching licenses ahead of time and do not care about usage
statistics.
As part of implementing this request, CdmSession::DeleteLicense() was
renamed to reflect that it only deletes the *files* associated with a
license, and a new CdmSession::DeleteLicense() has been written that
also cleans up other related data.
Bug: 77955334
Test: CE CDM Unit Tests
Test: tested as part of http://go/ag/4674759
Change-Id: I00d6e20935c5fecb3ac9be6757c0f191d85c6bd6
Merge from Widevine repo of http://go/wvgerrit/49820
Devices with baked-in DRM certs cannot be reprovisioned. As such, we
must protect them against being unprovisioned. Currently, our unit
tests break such devices by attempting to unprovision them. This patch
adds code to block the Unprovision() call on these devices.
Bug: 69264798
Test: CE CDM Unit Tests
Test: tested as part of http://go/ag/4674759
Change-Id: I49322dcb2d3d5c7953e870eb91a9e0b978d4dabe
[ Merge of http://go/wvgerrit/51322 ]
This avoids taking the session_map_lock_ twice.
Bug: 80248149
Test: WV unit/integration tests, GtsMediaTestCases,
2 days of netflix playback.
Change-Id: Iea1c7b7ba08d7d40c227d21c5abfce13c0a8b395
Locks in earlier releases controlled access to sessions and the list
of sessions for each CdmEngine instance. This guarded against
concurrent access between session management (OpenSession,
CloseSession, etc), periodic timer calls and calls to Decrypt.
The list of sessions and locking was moved to a separate class
CdmSessionMap. This left open the possibility that a session
might be destructed, while being called to decrypt or invoked through the
timer. An attempt was made to add per-session locks in b/73781703
but this was found insufficient.
Per-session locks will be introduced in a future changelist, but for
now the coarser locks will be reintroduced.
Bug: 73781703
Bug: 79158083
Bug: 79262108
Bug: 79436509
Test: WV unit/integration tests, GTS GtsMediaTestCases tests and
24 hours of continuous Netflix playback.
Change-Id: I30a3ede340192370dfe5c92c01b1c76df16b7123
[ http://go/wvgerrit/50341 ]
The shared_ptr implementation was taken from a google3 implementation.
Updates to the reference counter needed to be atomic and were
platform dependent in the original code. These were not carried
over to this codebase. Race conditions between calls to decrypt and
the periodic timer, led to incorrect reference count values.
CdmSession objects were then destructed while references to
them still existed. Segfaults occurred when they were referenced.
Bug: 79431096
Test: WV unit/integration tests, GTS GtsMediaTestCases tests and
24 hours of continuous Netflix playback.
Change-Id: I6008ddba869efcc58972e5ea8644a204f91410ab
[ Merge of http://go/wvgerrit/49980 ]
This CL
* corrects some of the test expectations
* switches test content used to test streaming with provider session tokens.
The policy of the earlier test content had changed.
* adds some more information to log messages
Bug: 63819720
Test: WV unit, integration tests, WvCdmExtendedDuraionTest,
GtsMediaDrmTest
Change-Id: I8fdbc9c38d6018cc6e884e1b95b2e9d26e7aa536
[ Merge of http://go/wvgerrit/48400 ]
Client identification information has recently been enabled in
provisioning messages. For privacy concerns this information
is being encrypted with a default service certificate.
Apps need to be able to override the default one to allow
for provisioning with third party provisioning services.
Bug: 78420508
Test: WV unit, integration tests
New WvCdmRequestLicenseTest.ProvisioningTestWithServiceCertificate test
GTS MediaDrmTestCases
Change-Id: Iee61ad47d33ce011efbea4eb90f7e4b1f032d15f
Merge from Widevine repo of http://go/wvgerrit/47860
This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.
bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
[ Merge of http://go/wvgerrit/47065 ]
RemoveKeys now resets associated crypto and policy resources,
rather than just closing the crypto session. This results in a
MediaCodec.CryptoException with error code ERROR_NO_KEY
rather than ERROR_SESSION_NOT_OPENED, if decrypt is called
afterwards.
Error SESSION_NOT_FOUND_FOR_DECRYPT is made unique. Error codes
were also synchonized between various branches in the widevine repo.
Bug: 77304819
Test: WV unit/integration tests, VtsHalDrmV1_0Target tests
Change-Id: I6cba2a3e1ce466d58c7727cde2d8f81d9503d655
[ Merge of http://go/wvgerrit/46907 ]
The WV client supports root of trusts as keyboxes or OEM certificates.
Devices with keyboxes use provisioning 2.0 protocol to provision
while those with OEM certificates use 3.0. L3 provisioning failures
occur if the L1 and L3 root of trusts differ.
The provisioning method is now retrieved and cached when the
security level is known, when the session is opened.
Earlier it was retrieved and cached at initialization time and
always set to the value of L1 OEMCrypto (if present). This led
to provisioning failures.
A case of acquiring a lock while one was held in GetProvisioningId()
has also fixed.
Bug: 77606913
Test: WV unit/integration tests
Change-Id: I2d66ee2cf64f846cec4a37fbccb554447c8a0e1d
[ Merge of http://go/wvgerrit/46623 ]
If corruption of the usage information file is detected while saving a
streaming license with a PST, usage information file is deleted, so that
a subsequent load keys may succeed.
Also when calling the MediaDrm API releaseAllSecureStops(), an error would
be returned if usage info file was corrupted. Since this file is
deleted successfully, errors have been replaced with warnings.
Bug: 73447733
Test: wv unit/integration tests
Change-Id: Ie4a63ac202fd6009609105f38ffa8a3b23ed334e
[ Merge of http://go/wvgerrit/46622 ]
Secure stop API related changes introduced in b/69674645 caused
segfaults on taimen/walleye but not other devices due to a difference
in OEMCrypto version.
Bug: 77294890
Test: WV unit/integration tests on sailfish and walleye
Change-Id: I8523ef283334d7d32d180e902072fe1dd6e665c1
A few metrics were missing or not properly collected in the CDM metrics.
This CL addresses them.
Bug: 64570194
Bug: 72866232
Test: Unit tests and Google Play manual test.
Change-Id: I3a3aa4fb3eb8422c9c8c398016f02409307beb33
(This is a merge of http://go/wvgerrit/46203)
Previously, IsProvisioned() only confirmed the existence of a
certificate file, not whether the contents of that file were actually
valid. This patch changes its behavior so that it actually validates the
loadability of the file before returning.
This is sufficient to resolve Netflix's use case in b/65835227, but it
is only part of the solution for Android's use case in b/72353451. A
second patch will be required to cover cases where the certificate can
be loaded but cannot be used with the current OEMCrypto or with the
server.
Bug: 65835227
Bug: 72353451
Test: Android and CE CDM unit tests
Change-Id: Id3987a6f3c4097d7d356dfa631b023287354439a
[ Merge of http://go/wvgerrit/44921 ]
* Added the ability to remove a single usage information record.
* Added a method to retrieve all secure stop Ids.
Bug: 69674645
Test: WV unit, integration tests
Change-Id: I04ac8224b4bdda69541e61ff1103af3836138228
CdmEngine::QueryStatus was mapping all error codes
returned from crypto_session.Open to INVALID_QUERY_STATUS
which caused important failure information to be lost.
The GTS DrmSessionManagerTest test was failing as a
result, because session reclaiming no longer worked.
merge of http://go/wvgerrit/44800
bug:72705384
test:gts DrmSessionManagerTest
Change-Id: Id404a18b8f66cf6137b69f6b4e1bdd7004706a0c
(cherry picked from commit 6aad0f77cb)
Merge from Widevine repo of http://go/wvgerrit/43420
Remove or mark unused variables. Fix unsigned/signed comparisons.
bug: 73390805
test: unit tests
Change-Id: Ic523400a5decf82fae733042b260e0c39a087cd3
This is a merge of Widevine cl 39040.
A few of the metrics were not implemented, or implemented incorrectly in
O MR1. This cleans them up
Bug: 64001676
Test: Re-ran unit tests and added some additional tests. GPlay Movies check.
Change-Id: I1e8bcc36fecd76e72d853306075bc46d82f45161
These are a set of CLs merged from the wv cdm repo to the android repo.
* Correct error logging
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/40000 ]
In tests, we set the cipher list to avoid using insecure
ciphers when connecting to the provisioning/license service.
The result of setting the cipher list was being incorrectly
validated.
Bug: 64847919
* Move mips cache headers to clear_cache_function.h
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39700 ]
Since the clear_cache function has been moved away from the dynamic
adapter, we need these conditional includes to be migrated as well for
MIPS.
* Comment out Level 3 debug call until merge
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39761 ]
This call was introduced in go/wvgerrit/34260/. Since the haystack tool
in google3 still needs this merge, this should be commented out so the
tool can still build until the merge has finished.
* Add logging for MAC keys to mock
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39740 ]
Bug: 70637842
* Move external interfaces into level3.h + refactor
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39673 ]
As part of b/70523618, this CL moves interfaces that partners are
responsible for in Level 3 to level3.h so they can be visible as
part of the CDM release process. It also cleans up some of the
names of the files and adds documentation.
* Corrected close session logging level
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39676 ]
Bug: 69460963
* Remove Security Level Path Backward Compatibility Support
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39505 ]
From the android K release onwards certificates were stored in
security level specific directories. If upgrading from
previous releases persistent information needed to be moved
to those directories.
Since no device is likely to upgrade from J to Pi, comptibility
support can be removed.
Bug: 70160032
* Rename privacy_crypto_openssl To privacy_crypto_boringssl
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37122 ]
Now that we no longer support OpenSSL in the Shared Source CDM, the name
of this file can be updated.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Remove Conditional Compilation from OpenSSL/BoringSSL
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/39460 ]
This change removes the usages of conditional compilation to support
both BoringSSL and OpenSSL, as well as to support multiple versions of
the OpenSSL API. All code is now compiled against one of the two
versions of BoringSSL in third_party/.
Note that in some cases, the kit/ and legacy_kit/ versions of BoringSSL
had different APIs, so when removing the OpenSSL version compatibility
conditional compilation, sometimes the older branch was kept and
sometimes the newer branch was kept.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Build CE & Jenkins CDMs With BoringSSL from third_party/
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37120 ]
Up until now, integrators have been responsible for providing a
compatible crypto library for use by the CE CDM. (either OpenSSL or
BoringSSL) After this change, this decision will no longer be in their
hands. The CE CDM build will always use the copy of BoringSSL in
third_party/, which will be statically linked with our library with
hidden visibility. This allows us to better control what crypto library
we use and will prevent continuing problems with trying to support both
OpenSSL and BoringSSL.
Unfortunately, BoringSSL began using C++11 in mid-2017, and we can't
support C++11 right now. Until we can, we need to use a C++11-free
version of BoringSSL for libssl. The CDM itself will continue to use a
recent BoringSSL, as it only needs libcrypto. But the unit tests that
need libssl have to use the legacy version.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Modified RNG for Level3 to use more entropy
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39220 ]
Bug: 65165076
Modified seed generation to use an xor of clock_gettime and
client-implemented code to supply random seeds to the RNG. Modified the RNG
as well to use xoroshiro128+ instead of xorshift, since it uses more
than one seed/state (which are 64-bit) and has higher "statistical quality".
The default implementations for the seed generation use /dev/urandom.
* Configure base path for Level3FileSystem
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39506 ]
This is in response to b/70354006. This change makes the
Android Level3FileSystem use the existing properties method
GetDevicesFilesBasePath for binderization. The same is done for the
Linux implementation.
* Add legacy_kit/ to BoringSSL Directory
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38861 ]
This adds a second copy of BoringSSL to the third_party/boringssl/
directory. This second copy is pinned to the last revision of BoringSSL
not to require C++11 and is not updated by the UPDATE_BORINGSSL.sh
script. This second copy will be used to provide libssl to the tests on
devices that do not support C++11.
Once we support C++11 in the CDM again, this weight should be removed
and all targets should use the copy of BoringSSL in the kit/ directory.
Bug: 67907873
* Use Shared Libraries for Unit Tests
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38860 ]
Some unit tests were using a statically-linked CDM instead of a
dynamically-linked one. (Or, in one case, trying to link both ways into
the same binary.) For now, we need to only link dynamically, so that the
unit tests and the CDM can use different versions of BoringSSL.
Long-term, we would like to test both kinds of linkage. (See b/69548115
for that.)
Some unit tests were also using a dynamicaly-linked CDM that was named
such that it appeared to be statically-linked. This patch renames some
targets to make the linkage clearer.
Bug: 67907873
* Change CDM_Backwards_Compatiblity_Tests to dedicated brances
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/39003 ]
The build scripts used by CDM_Backwards_Compatiblity_Tests now pull
old versions of oemcrypto from the dedicated branches oemcrypto-v*,
which [will eventually] contain old oemcrypto versions, that build
with the current build system with a current boringssl version.
bug: 67907873
* Fix spacing on level3 header
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/38760 ]
* Correct Query status calls
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38640 ]
Bug: 70160032
* Refactoring to allow encryption of client ID
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37460 ]
The code has been restructured to allow encryption of client
identification in provisioning requests. This will be enabled
when server side changes have been made (b/69427217).
* Additional information is included in the Client Identification
portion of the provisioning request.
* Client identification will be encrypted with a service
certificate provided by the app/client. Platform changes
to enable passing this to core are needed. If a service certificate
is not provided, a default one associated with the production Keysmith
will be used.
* Switched APIs in CdmEngine to take a service certificate for
provisioning rather than licensing. Service certificates for
licensing are session based and passed as properties from platform
code.
Bug: 30737060
* Allow some CDM errors to be reported from multiple locations
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38360 ]
This creates some CdmResponseType errors which may be reused
PARAMETER_NULL, NOT_INITIALIZED_ERROR, REINIT_ERROR.
I have made changes to a few classes to report these errors.
Will work on additional classes in a separate CL.
Bug: 69864404
BUG: 71650075
Test: WV Unit/integration tests
Change-Id: Icc048770d424ac537d11ff327cda2cb142da802d
These are a set of CLs merged from the wv cdm repo to the android repo.
* Get System ID From OEM Cert
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37940 ]
(This is a merge of http://go/wvgerrit/30220 . However, it has been
significantly modified in the merge due to needing to support both
OpenSSL and BoringSSL.)
Previously, extracting the system ID was only supported on Keybox-based
systems. This patch adds support for extracting the system ID from the
OEM Certificate chain on Provisioning 3.0 devices. This is done by
getting the Widevine intermediate cert from the chain, finding the
Widevine System ID extension in that cert, and extracting the value.
The code that does the extraction is separate from any code that calls
OEMCrypto so that it can be unit-tested in isolation. This patch adds a
crypto_session_unittest test to do this unit-testing.
Bug: 34776194
Test: crypto_session_unittest
Test: widevine_ce_cdm_unittest
* Remove unique_ptr from oemcrypto mod mock
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/38500 ]
Because we can't have C++11.
Bug: 69935608
* Update CHANGELOG.md
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38460 ]
- Add items about adapter support.
- Add mention of SRM support.
Merged from cdm_partner_3.5
(Change-Id: I6d891e157edc3afb2797bf281ef3f06bdb8fe474)
* Add Adapter for OEMCrypto v13 to v12.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38440 ]
Also fix OEMCrypto_LoadKeys() definition broken by wvcl/38160
(srm_requirement param).
* Allow certain warnings in protobuf build.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38424 ]
maybe-uninitialized is triggered in release build. Allow it.
* Enable -fPIC for jsmc.c build.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38423 ]
-fPIC was removed for common c/c++ build rules. Add it back.
* Missing OEMCrypto_LoadKeys param in static adapter.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38422 ]
srm_requirement param was omitted in v11 static adapter.
* Remove OEMCrypto v12 specification.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38421 ]
* Update documentation for v3.5.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/38420 ]
* Added padded preprov key for 7880
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/36924 ]
Bug: 68765915
* Change overrides in CE L3FileSystem
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/38380 ]
The 'override's are changed to the macro defined in override.h to
be gnu++98 compliant.
* Use source android level3 + add cache_flush call
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/37900 ]
I put both changes in this CL since I have to generate Level3 libraries
for both anyways. The first change involves shifting from using a
prebuilt static library to using an obfuscated source library output
from the Haystack tool on google3. The second change is from here:
https://critique.corp.google.com/#review/176536782, and addresses
b/69387416. Since the cache_flush function wasn't being used, the
execution on Angler gave inconsistent segfaults, which this CL fixes.
Verified on Angler, Sailfish, and Linux.
11/27/17: Added mips and mips64 libraries.
* Make CDM result codes constexprs
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38280 ]
The values in the enumeration list of CdmResponseType error codes
were earlier implicit. Comments were added to denote the actual
values. This changes to make it fixed values, which makes it slightly
more error prone, but cleaner when errors are retired.
* Change watchdog timer to 2 minutes
[ Merge of http://go/wvgerrit/36340 ]
This relaxes the watchdog timer around the level 3 oemcrypto
initialization to 120 seconds. There are also a couple of new log
messages at the end of initialization and at termination.
Library for arm updated:
level3/arm/libwvlevel3.a Level3 Library 4445 Oct 4 2017 17:06:25
Bug: 65379279
Merged from https://widevine-internal-review.googlesource.com/35480
* Add test to get service certificate from server.
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37780 ]
This was extracted from Ic38dd27d06dc7528ae4cd995da4261fe6c34ad55
* Add watch dog timer to OEMCrypto L3
commit ec624ea483cbf8fb3d4e8f393bc25c90a0e29d4b
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/34260 ]
This code adds a watchdog timer to the level 3 initialization. If
initialization does not finish within 5 seconds, the process
will abort, printing a small amount of debugging information.
arm/libwvlevel3.a Level3 Library 4445 Sep 11 2017 14:05:15
Test: unit tests on bullhead. Video on Play Movies.
GTS tests run on loop overnight.
Bug: 65379279
Merged from https://widevine-internal-review.googlesource.com/33540
* Remove libwidevinehidl_utils dependency
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37822 ]
libwvdrmcryptoplugin_hidl has a dependency on libwidevinehidl_utils
which was introduced due to an out of order merge from oc-mr1-dev
to master.
Bug: 69573113
* Automatically generate log location information
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/36563 ]
Currently class and method names are manually added to each log message
in the CDM on android and some other platforms. This change prepends
log messages with file name, line number and function name automatically.
The code is platform specific so it can be enabled and the precise
format configured on a per-platform basis.
As an example, here is a log on android before the change,
11-01 02:48:48.658 D/WVCdm (32198): CryptoSession::Open:
Lock: requested_security_level: Default
and after,
11-01 02:48:48.658 D/WVCdm (32198): [crypto_session.cpp(1108):Open]
Lock: requested_security_level: Default
A follow on CL will remove the manually added class/method information.
Bug: 9261010
* Fix BoringSSL Compatibility of oec_session_util.cpp
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37121 ]
A previous change inadvertantly used APIs from OpenSSL that do not exist
in BoringSSL in oec_session_util.cpp. As a temporary fix until we can
move all targets to BoringSSL, this patch switches that file to use
conditional compilation to choose the correct API depending on the
library in use. It does not otherwise change the behavior of the file.
Bug: 67908123
Test: wv_ce_cdm_unittest on x86-64
Test: linux_unit_tests
* Create local shared_ptr implementation
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37600 ]
Derived from protobuf version, which came from google3.
Removed locking (not thread-safe) and removed weak pointers (not
needed for usages in CDM).
Locking can easily be added if needed.
* Revert C++11 usage - back to gnu++98
Author: Gene Morgan <gmorgan@google.com>
[ Merge of http://go/wvgerrit/37440 ]
These changes roll back C++11-specific constructs:
std::unique_ptr -> std::auto_ptr
container initializers
nullptr -> NULL
std::shared_ptr to local shared_ptr
compiler flags (-std=c++11 -> -sdt=gnu++98)
NOTE: the "local" shared_ptr implementation is temporarily
a direct reference to the shared_ptr implementation in
third_party/protobuf. This has been fixed (implementation
extracted and moved to core/include) in CL 37600.
BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
commit in the chain.
Change-Id: Ie09ecb970aa06fe9301ac255375ca7d8e7ead8bc
