Swallows the error NEED_KEY if it comes back from AddKey(), as this
is expected behavior. (It means privacy mode is on and the key that
was just added was the privacy certificate, ergo the real decryption
key is still absent.) Note that this carefully does not squelch the
notification that comes from NEED_KEY, which is still necessary in
order for the app to make a second key request.
Also streamlines a test case that I noticed was overcomplicated for
what it did while poaching code from it for new test cases.
Also removes a .gyp file that was erroneously being copied to the
Android tree. Android does not use GYP.
Bug: 10495563
Change-Id: Ife3ff0270a0d09dac1b0eb0d84bddffd811e1eef
A staging Root CA public key was used in earlier releases to verify
service certificates. These were in turn used to encrypt the
client identification. This met our needs for an end-to-end verification.
Now that the production Root CA and service certs are available
this change replaces staging certs with production ones.
Merge of https://widevine-internal-review.googlesource.com/#/c/7560/ from
the widevine CDM repo
b/10329328
Change-Id: Id02649201d9a8ba4d08acc4166503341a5bbdd23
In order to run all disabled OEMCrypto unit tests with one gtest
filter, one of them needs to be renamed so it matches the others.
These tests are disabled by default because they install a test
keybox, which would be dangerous on a production device.
Merged from CDM change
https://widevine-internal-review.googlesource.com/7440
bug: 10508973
Change-Id: I9508b133c6500ec28ce8890a4af89f016344b842
1. add missing checks to set the overall result when some tests fail
(to verify b/10528466)
2. Fix test result on L1 devices where we can't hash the decrypt result
due to inaccessible memory buffers.
3. Configure the codec with a surface to avoid codec errors on L1 devices
b/10528466
Merge of https://widevine-internal-review.googlesource.com/#/c/7510/
from the widevine CDM repo
Change-Id: I5c7ef5ce802cc4ff63f62524ef2120fb671920f4
This CL turns off the verbose logging if LOG_NDEBUG is 1, or if NDEBUG
is defined. You can set the environment variable LOG_NDEBUG to 0 to
turn on verbose debugging for the CDM library on android.
Also, as in b/9672657, some applications call SelectKey when switching
between video and audio, which is much too verbose and affects
playback. I have removed the log statements for SelectKey.
bug: 9672657
Change-Id: I635b997118996871356f7126852b4744fb05e810
Certificates and offline licenses are stored in security level
specific directories in klp. When devices transition from jb-mr2,
their persistent information has to be ported to these directories.
bug:10366036
Merge of https://widevine-internal-review.googlesource.com/#/c/7310/
from the widevine CDM repo
Change-Id: I70b4a79dc5b69bda7fc3a4b92fdcde7ef8b41836
Adds support and tests for the new isContentTypeSupported API to the
Widevine DrmEngine.
Bug: 10244066
Merge of https://widevine-internal-review.googlesource.com/#/c/7321/
from the Widevine CDM repo.
Change-Id: I4f606de7897a49da745ff76faceeb358f8ac9073
This merges the following changes from the Widevine CDM repository:
da001b6 Add Privacy mode and service certificate
This adds support to the CDM for privacy mode and service certificates.
92bf200 Add support for using Youtube Content Protection server for testing
Enables testing with Youtube Content Protection server. Google Play license
server is still the default. Select YTCP server by using the flag -icp
e.g. adb shell '/system/bin/request_license_test -icp'
85dcd60 Fixes to enable privacy mode
These includes changes to use PKCS7 padding, corrected root CA formatting
and changes to integration test. Also refactored service certificate
handling.
989971c Correction to request license test
Corrected PropertySetTest to provision when needed. Also added disabled
privacy tests to run against YTCP staging server until GooglePlay
integration is complete.
Bug: 10109249
Change-Id: If81d68c65d743d77a485406f48d1be41a74de0af
This merges the following changes from the Widevine CDM repository:
564f4cc Add CdmClientPropertySet to CDM
Adds an interface to the CDM that allows it to query its client for
certain properties. In this case, this includes the ability to
specify what security level is desired, as well as support for
service ceritifcate privacy mode.
9cfbd3e Force Level 3 fallback
Adds support for voluntarily invoking L3 crypto to the OEMCrypto
wrapper.
95d12c1 Add pointer to CdmClientPropertySet class to OpenSession.
Adds support for storing the property set on a session-by-session
basis and choosing the appropriate crypto level.
17de442 Add Settable Properties for Clank to Android
Adds support for setting the aforementioned properties to the
DrmEngine
bbe704d Fixes to force fallback to level three security
Corrections to invoke provisioning, OEMCrypto API with configured
security level rather than the default. Unit tests were also revised.
Note that some parts of this are also support for the ability to use
a service certificate-based privacy mode. The remaining code for
supporting this mode is still forthcoming.
Bug: 10109249
Change-Id: I2755e4dea1de3e8a56cff237360298f7b7f1bddc
Merges change 267713c (Remove stale licenses on reprovisioning) from
the Widevine CDM repository. This change removes licenses belonging
to the previous provisioning when provisioning changes.
Bug: 9761923
Change-Id: I473816dd11dd950f4fb009b5b004630bd2d2b579
This merges change 43c7fda (Do Not Obscure wvcdm::NEED_KEY) from the
Widevine repository. After this change, decrypt calls will return
ERROR_DRM_NO_LICENSE if the CDM returns NEED_KEY.
Bug: 10157154
Change-Id: I97b3a3990abeebb620ee4925fabf5c4261d968c4
This merges the following changes from the Widevine CDM repository:
bef58bc Add new error codes
Adds new error codes to OEMCryptoCENC.h and rearranges it to more
closely match the documentation.
5fcfbca Handle OEMCrypto_ERROR_INSUFFICIENT_RESOURCES on Decrypt
Changes the CDM to support the new errors from the previous change.
d59c09d Report Insufficient Crypto Resources
Changes the DrmEngine to support the new errors from the previous
change.
1085a21 Respond to Too Many Keys or Sessions Errors
Allows errors around having too many keys or sessions to result in
a unique error in the CDM.
Bug: 9695816
Change-Id: I826bc655109fa57e4f75de7158d7f392053666b1
This merges the following changes from the Widevine CDM repository:
1a72a7e Combine utility code into single library on Android
Combines several previously-separate files into a static library,
libcdm_utils, so that it can easily be used by both CDM and
OEMCrypto.
8c4d04d Install Keybox
If the keybox has not been installed, install it from
/factory/wv.keys.
Bug: 9972451
Change-Id: I8688ecd0adcf321e0c7d0faf55dd10f3910c12ec
Android development of the widevine CDM has been done
on the jb-mr2 branch of the cdm code base. This CL
contains a merge of that jb-mr2 work to CDM master, and
also reflects the evolution of the common Modular DRM
code base since jb-mr2 branched.
Change-Id: I1d7e1a12d092c00044a4298261146cb97808d4ef
The function OEMCrypto_LoadKeys should accept a null pointer for the
enc_mac_keys pointer. This indicates that the mac_keys are not being
updated. This CL just updates the documentation to clarify this behavior.
bug: 9549308
Change-Id: I1073e72f9c8d0fa712ad02e4c2d517202b3defab
Adds a property that allows applications to get the provisioning-unique serial
number.
Bug: 9175567
Also fixes some missing mutexes that were causing intermittent failures in
calls to OEMCrypto due to concurrency issues.
Bug: 9175583
Merge of https://widevine-internal-review.googlesource.com/#/c/5831/
from the Widevine CDM repository
Change-Id: I1d7e3ca9f3b06da345022f5f0d64e0c17a5cedca
The field provisioning code generates a randum number to use as the
device id, and then restricts the data to alphanumeric characters.
Previously, it could have also included a 0 byte in the data. This CL
corrects that.
bug: 9073146
Merge of https://widevine-internal-review.googlesource.com/#/c/5740/
from the Widevine CDM repository
Change-Id: Iaf3e9e733f7c66c19d4168178a8e25ee0ba7e936
The company_name was hardcoded in the CDM as "Google" for all devices.
On Android, it needs to come from the ro.product.manufacturer system
property.
bug: 9074091
This is a merge of https://widevine-internal-review.googlesource.com/#/c/5730/
from the Widevine CDM repository.
Change-Id: Ia3ae82abf350c32ba8b4d05b59e95361927dea40
Signing and encryption keys are not correctly setup in OEMCrypto, when
an offline license is restored, before generating a key release message.
This results in key release failures. Playing back the license response
causes keys to be derived and allows the key release message to be constructed.
b/9016545
Merge of https://widevine-internal-review.googlesource.com/#/c/5682/
from the Widevine CDM repository
Change-Id: Ica9f13acc7c87e3125fa706f3a56e95b77a14a3c
Since CryptoSession::RewrapDeviceRSAKey takes a const std::string& nonce, the calling code
implicitly constructa temporary std::string from a character array with undefined termination
and sometimes bogus value when nonce.data() is passed in.
Bug: 9016828
Merge of https://widevine-internal-review.googlesource.com/#/c/5690/
from the Widevine CDM repository
Change-Id: Ia3beaa5f1a96924a8cc53a719f25af52217b8cc5
Because we do not want to accidentally install a test keybox on a
production device, most of the oemcrypto unit tests are being disabled
by default.
If you wish to run these tests, you can override this choice, by
running:
adb shell /system/bin/oemcrypto_test --gtest_also_run_disabled_tests
This change prompts for and requires positive confirmation before
running the disabled tests on a device that has a non-test keybox
already installed.
Bug: 8907626
Merge of https://widevine-internal-review.googlesource.com/#/c/5531/
from the Widevine CDM repository
Change-Id: Ib8e3605129ebf0861b4af15d04676f7a06cc5b78
There is an ambiguity in the use of the signature length in
OEMCrypto_GenerateRSASignature. If the pointer to the vector is null,
the function should set the length parameter to be the size of the
buffer needed.
This ambiguity has been clarified in the documentation: the
length returned should be the exact length of the buffer. It
will be corrected in a future release of Qualcomm's L1. However,
we are putting this change in both as a stop-gap and as a
belt-and-suspenders fix.
Bug: 8878371
Merge of https://widevine-internal-review.googlesource.com/#/c/5494/
from the Widevine CDM repository
Change-Id: I7574874884ca10da68d15674c971a565d015767d
In the android media DRM api test, provisioning is indicated, when a
generate license request command is issued after a switch between L1 and
L3. This is as expected as oemcrypto is unable to decrypt
the key wrapped earlier (bad padding). Subsequent provisioning request
and storage of wrapped keys complete successfully. If the same session
is used to reissue a generate license request command, the wrapped keys
and cert used are those present in memory from the initial retrival,
rather than rereading the new ones from persistent storage.
This results in a cycle of successful provisioning attempts followed
by generation of license requests commands which return a provisioning needed
error.
A change has been added to reinitialize the session and reload the
wrapped keys.
b/8878324
Merge of https://widevine-internal-review.googlesource.com/#/c/5600/
from the Widevine CDM repository.
Change-Id: Iaf47d15d104fd681706df5f64be583af24186abe
In a renewal message, in order to extend the duration, the server sdk
sends back a single key in the key container. Earlier the key was of type
CONTENT and only contained a key control block. No id, key data or
iv information were supplied. After a recent server sdk update
the key type in the renewal message has been changed to KEY_CONTROL.
This change enables the client to process the updated renewal message.
bug: 8736545
Merge of https://widevine-internal-review.googlesource.com/#/c/5434/
from Widevine CDM repository
Change-Id: Ia9f3620b86460278285fddee57ee923e269de7c1
Bug: 8770327
1. Allow provisioning retries
Allow multiple provisioning request messages to be generated without
requiring an equal number of HandleProvisioningResponse's. This is to
allow for lost messages.
2. Properly deletes cdm and crypto sessions created for cert provisioning.
The CleanupProvisioningSession() has not been deleting the cdm and crypto sessions
created for certificate provisioning properly. The lives of these sessions are
short and therefore, not added to the CdmSessionMap. We need to explicitly delete
these objects when error occurs or when we are done with provisioning.
3. Fixes provisioning responses that contain multiple chunks.
When we make multiple provisioning requests during testing, Apiary
sends response that contains more than one chunk. The test app.
needs to parse the response and concatenates the chunk data.
Otherwise, the size for each chunk is treated as base64 encoded data,
which will generate error when we try to deserialize the response
message.
Merge of https://widevine-internal-review.googlesource.com/#/c/5451/
from the Widevine CDM repository
Change-Id: I5b0ed982849c12628a3949f8d51515fcf6ce5a5f
The android timer class was not generating timer events correctly. This caused
renewal and expiration events not to be sent. A strong pointer to the
timer thread was not held and this caused the android util timer
thread to exit after firing once. This is now addressed.
Bug: 8736545
Merge of https://widevine-internal-review.googlesource.com/#/c/5353/
from the Widevine CDM repository.
Change-Id: I2d904e55d4d10eacc1a51f1c6b5c1a267c92c8d8
Currently the CDM requires the caller to specify init data both on key
generation and renewal requests. With this change the CDM relaxes
this requirement for renewals.
Bug: 8732893
Merge of https://widevine-internal-review.googlesource.com/#/c/5322/
from Widevine CDM repo
Change-Id: Idf4ad2bdb20023da4f30bc369ed87eb811c1c4d9
There is an OEMCrypto wrapper that loads the OEM provided library.
For debugging and initial implementation, this only verified that some
of the API existed before continuing.
With this CL, the level 1 library is not used if any of the API
functions are missing, or if the version number is not correct. There
is no plan to make this library backwards compatible.
bug: 8621521
Merge of https://widevine-internal-review.googlesource.com/#/c/5264/
from the Widevine CDM repo.
Change-Id: Ie82907925450b9fe93d0d857c1133f5382f55d21
Having the integration docs in the tree helps with version
management and distribution to partners.
bug: 8698129
Change-Id: I4c1e4f5902457815eaf58e6bd5313951d2b773ca
