Bug: b/78359032
Merge of http://go/wvgerrit/70544
Test: Android unit + integration tests/manual checking of system time to
make sure it's restored correctly
Integration tests are added to make sure that clock rollback of the
device system time does not affect key duration for both streaming and
offline licenses. These tests require root access as they modify system
time and restore them.
Change-Id: I3e1802205e2fc2056093c1e39b0ff6e0a8816abc
[ Merge of http://go/wvgerrit/71907 ]
The client token needed to be enabled in the license request.
Bug: 123369846
Bug: 123370099
Test: WV unit/integration tests
Change-Id: I4d3e944b1d79010977c119291594878c406b00c5
[ Merge of http://go/wvgerrit/71326 ]
Nonce flood, frame size, session and system invalidation errors
will now bubble up to the app. OEMCrypto v15 returns
OEMCrypto_ERROR_BUFFER_TOO_LARGE, OEMCrypto_ERROR_SESSION_LOST_STATE,
OEMCrypto_ERROR_SYSTEM_INVALIDATED and a variety of nonce errors.
These will be reported to HIDL as OUTPUT_TOO_LARGE_ERROR,
ERROR_DRM_SESSION_LOST_STATE, ERROR_DRM_INVALID_STATE and
ERROR_DRM_RESOURCE_CONTENTION.
Bug: 120572706
Test: Unit/Integration tests
Change-Id: Ida177300046327ce81592a273028ef6c3a0d9fd9
[ Merge of http://go/wvgerrit/71103 ]
A content provider may specify a provider client token in a license.
This is a client token generated by a provider. If present in a license,
they will now be included in a license renewal request.
Bug: 34386290
Test: WV unit/integration tests
Change-Id: I3db303ea4d8b4ff4495393be4015b49e13db2ffc
[ Merge of http://go/wvgerrit/70665 ]
This allows one to be able to query for security level, from
Crypto factory methods before the plugins and CdmEngine objects
have been created.
Bug: 117104043
Test: WV Unit/integration tests
Change-Id: Id07f420c3cfb92166cd3bb3cf82148d52e10eb03
[ Merge of http://go/wvgerrit/70203 ]
The earlier property_get() method had a limitation on property length.
Properties of some new devices exceed that length. An error message
is returned rather than a truncated string. Replace its use with
android::base::GetProperty() which does not have a length limitation.
Bug: 115358798
Test: WV unit/integration tests
Change-Id: I46ce9a7e77bcd031225d0082f83c57d484fe5405
[ Merge of http://go/wvgerrit/68083 ]
Add ability to query decrypt hash support, set a hash computed over a frame
and retrieve the last error at a later point.
Bug: 34080802
Test: WV unit/integration tests. New tests added to cdm_engine_test,
libwvdrmdrmplugin_hidl_test and request_license_test.
Change-Id: I7548c8798c873a6af3e1cfc0df57c117e1e474a6
[ Merge of http://go/wvgerrit/67324 ]
This introduces the ability to query resource rating tier information
through the plugin and CDM. Resource rating tiers are also
sent in the client identification portion of the license request.
Bug: 117112392
Test: WV unit/integration tests
Change-Id: I68ac6dfc4362f61150af822bd526e346b5cc4bf7
Bug: b/119276649
Merge from: http://go/wvgerrit/66367
Test: Android, CE CDM, Linux unit tests
The FileSystem interface as it exists expects an Open for a file and
then a Close when finished. However, the Close doesn't delete the file
itself and depending on the platform, the underlying impl_ as well,
leading to a memory leak. To fix this leak as well as harden against
future memory issues, this change refactors the interface to shift away
from raw pointers and towards smart pointers.
Change-Id: I7a7132ea95cd3775796a540f510b698f4f27dd24
[ Merge of http://go/wvgerrit/66002 ]
Client authentication was needed when licenses were requested from
the Play movies license service. For UAT/staging client authentication
is set to the empty string.
The play movies license service has not been used recently for testing.
Also, client authentication has not been supported as one of the
command line arguments. This was even before the command line parameters
were consolidated in TestBase.
Since it is not possible to specify client authentication on the
command line, the configured(default) value is always used.
This CL will remove code in the test to check if it has
been specified on the command line. It can be added back later,
if we decide to support client authentication as an option.
b/119221644
Test: WV unit/integration tests
Change-Id: I4a7fab5ec27b4897c9a73bd3ff34615d8ae11c28
[ Merge of http://go/ag/5334065 and http://go/wvgerrit/65122 ]
Sessions were not being correctly released when CloseCdm() was called.
Broadcom noticed this issue and proposed the fix.
Bug: 117876077
Test: WV unit/integration tests, GtsMediaTestCases and playback tests
Change-Id: I8800744f2396f0955c76d5f3e187a69fe04330f6
[ Merge of http://go/wvgerrit/54880 ]
Sending clear subsamples but filtering out encrypted ones,
before the keys have been loaded, causes problems during decode.
This is because subsamples that contain the first and last
subsample flags may be filtered out.
Clear subsamples that have first and last subsample flags set
will still be allowed to be passed to the decoder.
Bug: 110251447
Bug: 73447733
Test: WV Unit/integration tests.
Change-Id: I8c91c88f6313ad7b7b21c1c95e4c5787381949c1
Merge from Widevine repo of http://go/wvgerrit/56521
This CL adds a common main routine for integration tests. It sets a
default test configuration for the provisioning and license server
urls and certificates, and allows the user to set them on the command
line.
Test: current unit tests still pass.
Bug: 72354901 Fix Generic Crypto tests.
Change-Id: I604a3d9e15d50da5041794624c4571c0dcb091f5
Merge from Widevine repo of http://go/wvgerrit/56520
This CL adds a test base that installs a test keybox and catches nonce
flood errors for all CDM tests.
In order to do this, a new class is added called a
CryptoSessionFactory. The default factory just creates a new
CryptoSession. All places in the code that create a new CryptoSession
now call the static method MakeCryptoSession, which uses the current
factory to create a CryptoSession. If MakeCryptoSession is called and
there is no current factory, a default factory is created.
The CryptoSession constructor is now private, so that we do not
accidentally try to create one without using the factory.
For the new test base, we first create a special test
CryptoSessionFactory that creates a TestCryptoSession. The test
factory catches the first call to MakeCryptoSession and injects an
installation of the test keybox after OEMCrypto_Initialize is called.
The TestCryptoSession injects a sleep statement and a retry whenever
it detects a nonce flood.
Test: current unit tests still pass.
bug: 72354901 Fix Generic Crypto tests.
bug: 111361440 Remove #ifdef from unit tests
Change-Id: I248e7f3c53721c04d2af412ef835e19bb4d15d9a
Merge from Widevine repo of http://go/wvgerrit/56540
The pssh in request_license_test had the wrong size field.
Test: tested as part of http://go/ag/4674759
Change-Id: I6fed0fc8d11aec0a360d300e500a4ef62b658dad
Merge from Widevine repo of http://go/wvgerrit/48841
This test is not providing value to the CDM, as it seems to exist
primarily to validate server behavior. However, it is not doing what
it says it is (the request is rejected because it is using unparseable
garbage data, not because its key ID is unknown) and according to
tinskip@, the behavior it claims to be testing is not valid. (The
licensing service will not fail just because the key ID is unknown.
Indeed, if the test data is fixed to use a valid payload with an
unknown key ID, the test fails because the server does not.)
Bug: 78640287
Test: CE CDM Unit Tests
Test: Android Unit Tests
Test: tested as part of http://go/ag/4674759
Change-Id: Idfcff15ab3d15fdfb6eb111b5dff68aa5a23fb37
[ Merge of http://go/wvgerrit/52040 ]
Information stored in files are serialized and protected by an MD5 hash.
When files cannot be read because the MD5 hash computed over it
fails verification, the file is deleted. This allows for recovery.
However if the protobuf deserialization fails we return an error
but do not delete the file. When errors of this sort occur
with usage information files, the CDM cannot recover.
removeAllSecureStops() will fail as well and new licenses
with PSTs cannot be processed. In order to recover the file will
be deleted when a protobuf deserialization error occurs.
Bug: 109765590
Test: WV unit, integration tests. GTS tests. Netflix and Play Movies playback
Change-Id: I408914924e644d5c22b2ba7865d3a7d598788ee6
[ Merge of http://go/wvgerrit/48400 ]
Client identification information has recently been enabled in
provisioning messages. For privacy concerns this information
is being encrypted with a default service certificate.
Apps need to be able to override the default one to allow
for provisioning with third party provisioning services.
Bug: 78420508
Test: WV unit, integration tests
New WvCdmRequestLicenseTest.ProvisioningTestWithServiceCertificate test
GTS MediaDrmTestCases
Change-Id: Iee61ad47d33ce011efbea4eb90f7e4b1f032d15f
(This is a merge of http://go/wvgerrit/47990)
This is a test-only change.
Bug: 78117686
Test: VersionNumberTest.*
Change-Id: I4f53358fd6eacd498ddd1df7324084d0d4ae67fe
This change creates a unique id in the cdm identifier in order to force
a one-to-one mapping between WVDrmPlugin instances and CDM Engines. This
change simplifies some assumptions. This includes ensuring that the
metrics for a given MediaDrm instance map to a given CdmEngine instance.
This change contains the original change go/ag/3819203 and a fix to the
deadlock that was seen on Marlin and Taimen.
Bug: 73724453
Test: Updated unit tests. GTS test pass. Shaka Player, Netflix and Google Play test.
Change-Id: Ib208204a1b794df9f306fa11d13a8bb6cd6889f7
Merge from Widevine repo of http://go/wvgerrit/47860
This CL updates the copyright notice to indicate that files
shared with partners are shared under the Widevine Master
License Agreement.
bug: 77926774
test: comment change only
Change-Id: I0423668111578b80fb39a932d763df2827e2dfc3
[ Merge of http://go/wvgerrit/47065 ]
RemoveKeys now resets associated crypto and policy resources,
rather than just closing the crypto session. This results in a
MediaCodec.CryptoException with error code ERROR_NO_KEY
rather than ERROR_SESSION_NOT_OPENED, if decrypt is called
afterwards.
Error SESSION_NOT_FOUND_FOR_DECRYPT is made unique. Error codes
were also synchonized between various branches in the widevine repo.
Bug: 77304819
Test: WV unit/integration tests, VtsHalDrmV1_0Target tests
Change-Id: I6cba2a3e1ce466d58c7727cde2d8f81d9503d655
[ Merge of http://go/wvgerrit/46907 ]
The WV client supports root of trusts as keyboxes or OEM certificates.
Devices with keyboxes use provisioning 2.0 protocol to provision
while those with OEM certificates use 3.0. L3 provisioning failures
occur if the L1 and L3 root of trusts differ.
The provisioning method is now retrieved and cached when the
security level is known, when the session is opened.
Earlier it was retrieved and cached at initialization time and
always set to the value of L1 OEMCrypto (if present). This led
to provisioning failures.
A case of acquiring a lock while one was held in GetProvisioningId()
has also fixed.
Bug: 77606913
Test: WV unit/integration tests
Change-Id: I2d66ee2cf64f846cec4a37fbccb554447c8a0e1d
This change creates a unique id in the cdm identifier in order to force
a one-to-one mapping between WVDrmPlugin instances and CDM Engines. This
change simplifies some assumptions. This includes ensuring that the
metrics for a given MediaDrm instance map to a given CdmEngine instance.
Bug: 73724453
Test: Updated unit tests. GTS test pass. Shaka Player, Netflix and Google Play test.
Change-Id: I7e041b6cdf3e272d067da49d25a297b4a4663f1f
[ Merge of http://go/wvgerrit/46623 ]
If corruption of the usage information file is detected while saving a
streaming license with a PST, usage information file is deleted, so that
a subsequent load keys may succeed.
Also when calling the MediaDrm API releaseAllSecureStops(), an error would
be returned if usage info file was corrupted. Since this file is
deleted successfully, errors have been replaced with warnings.
Bug: 73447733
Test: wv unit/integration tests
Change-Id: Ie4a63ac202fd6009609105f38ffa8a3b23ed334e
(This is a cherry-pick of http://go/ag/3684977 that got left behind when
pi-dev was branched.)
The various Shared Source CDM groups have agreed on a more unified
version numbering scheme. Henceforth, the pattern for the version number
will be:
<max-oemcrypto-version-supported>.<minor-version>.<patch-version>
Where "minor-version" and "patch-version" are incremented independently
at the discretion of each CDM product.
This patch updates the version number for the Android CDM to match the
new scheme and updates the relevant tests.
Bug: 73090259
Test: request_license_test --gtest_filter=VersionNumberTest.*
Merged-In: Idcead5d92565dd549aa35565da632f01abb9e513
Change-Id: Idcead5d92565dd549aa35565da632f01abb9e513
[ Merge of http://go/wvgerrit/44921 ]
* Added the ability to remove a single usage information record.
* Added a method to retrieve all secure stop Ids.
Bug: 69674645
Test: WV unit, integration tests
Change-Id: I04ac8224b4bdda69541e61ff1103af3836138228
Merge of http://go/wvgerrit/43541
Test: Unit/Integration tests
b/73500155
This change uses the same clear data as the kCenc30Cbc1Key33Sample to
verify decryption, since it shares the same key as opposed to the
32Sample.
Merge from Widevine repo of http://go/wvgerrit/43440
This CL changes several tests so that they abort after multiple
failures. This prevents a network error from putting one of the usage
table tests into an infinite loop.
bug: 73397596
test: unit tests
Change-Id: Iaaec9eb2b39a6a2b2cfc90ee1c28bae0486aa851
Merge from Widevine repo of http://go/wvgerrit/43420
Remove or mark unused variables. Fix unsigned/signed comparisons.
bug: 73390805
test: unit tests
Change-Id: Ic523400a5decf82fae733042b260e0c39a087cd3
[ Merge of http://go/wvgerrit/42444 ]
This covers cenc, cens, cbc1 and cbcs. This also covers
HLS v2 format.
b/70684636
Test: Verified using WV unit/integration tests
Change-Id: I3e85b496d29b91c514f0bb806712cdf0cee12903
[ Merge of http://go/wvgerrit/42103 ]
* While deprecating keyboxes as identification, some code to
restore a license was mistakenly removed in http:://go/wvgerrit/36740,
http://ag/3442777
* Corrections to keep track of cipher mode, call SelectKeys when cipher
mode changes and to use the backward compatible LoadKeys call in case
OEMCrypto is v13.
Bug: 70160032
Test: Ran WV unit/integration tests. Request license test failures
have been addressed.
Change-Id: Id03c50874085af6d9985d10c19a74a02efb7a1f5
Merge from Widevine repo of http://go/wvgerrit/42020
This CL fixes the OEMCrypto unit tests for refresh license.
Test: ran unit tests
bug: 64851667
bug: 72497813
Change-Id: Ice1661fd832793358b725be9016d85465f6b8d14
Merge from Widevine repo of http://go/wvgerrit/41784
To avoid a seg fault, WithClientId will quit as soon as we find
usage_info is empty.
test: run unit tests (with no wifi to force failure)
bug: 72457799
Change-Id: I250538e750e14ed5780572a69360c8ec304e2554
[ Merge of http://go/wvgerrit/41340 ]
An initial license request may actually result in a service certificate
request. Once the service certificate has been successfully handled,
an app may make a license request without needing to provide
the initialization data again. This behavior was broken in a recent
merge. Correcting the test as well.
b/72182032
Test: Ran wv unit/integration tests
Change-Id: I82401b9a3bf38140706dad859b4ae241b7ddac12
These are a set of CLs merged from the wv cdm repo to the android repo.
* Correct error logging
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/40000 ]
In tests, we set the cipher list to avoid using insecure
ciphers when connecting to the provisioning/license service.
The result of setting the cipher list was being incorrectly
validated.
Bug: 64847919
* Move mips cache headers to clear_cache_function.h
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39700 ]
Since the clear_cache function has been moved away from the dynamic
adapter, we need these conditional includes to be migrated as well for
MIPS.
* Comment out Level 3 debug call until merge
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39761 ]
This call was introduced in go/wvgerrit/34260/. Since the haystack tool
in google3 still needs this merge, this should be commented out so the
tool can still build until the merge has finished.
* Add logging for MAC keys to mock
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39740 ]
Bug: 70637842
* Move external interfaces into level3.h + refactor
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39673 ]
As part of b/70523618, this CL moves interfaces that partners are
responsible for in Level 3 to level3.h so they can be visible as
part of the CDM release process. It also cleans up some of the
names of the files and adds documentation.
* Corrected close session logging level
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39676 ]
Bug: 69460963
* Remove Security Level Path Backward Compatibility Support
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/39505 ]
From the android K release onwards certificates were stored in
security level specific directories. If upgrading from
previous releases persistent information needed to be moved
to those directories.
Since no device is likely to upgrade from J to Pi, comptibility
support can be removed.
Bug: 70160032
* Rename privacy_crypto_openssl To privacy_crypto_boringssl
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37122 ]
Now that we no longer support OpenSSL in the Shared Source CDM, the name
of this file can be updated.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Remove Conditional Compilation from OpenSSL/BoringSSL
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/39460 ]
This change removes the usages of conditional compilation to support
both BoringSSL and OpenSSL, as well as to support multiple versions of
the OpenSSL API. All code is now compiled against one of the two
versions of BoringSSL in third_party/.
Note that in some cases, the kit/ and legacy_kit/ versions of BoringSSL
had different APIs, so when removing the OpenSSL version compatibility
conditional compilation, sometimes the older branch was kept and
sometimes the newer branch was kept.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Build CE & Jenkins CDMs With BoringSSL from third_party/
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/37120 ]
Up until now, integrators have been responsible for providing a
compatible crypto library for use by the CE CDM. (either OpenSSL or
BoringSSL) After this change, this decision will no longer be in their
hands. The CE CDM build will always use the copy of BoringSSL in
third_party/, which will be statically linked with our library with
hidden visibility. This allows us to better control what crypto library
we use and will prevent continuing problems with trying to support both
OpenSSL and BoringSSL.
Unfortunately, BoringSSL began using C++11 in mid-2017, and we can't
support C++11 right now. Until we can, we need to use a C++11-free
version of BoringSSL for libssl. The CDM itself will continue to use a
recent BoringSSL, as it only needs libcrypto. But the unit tests that
need libssl have to use the legacy version.
Bug: 67907873
Test: build.py x86-64
Test: wv_ce_cdm_unittest
Test: jenkins/linux_unit_tests
* Modified RNG for Level3 to use more entropy
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39220 ]
Bug: 65165076
Modified seed generation to use an xor of clock_gettime and
client-implemented code to supply random seeds to the RNG. Modified the RNG
as well to use xoroshiro128+ instead of xorshift, since it uses more
than one seed/state (which are 64-bit) and has higher "statistical quality".
The default implementations for the seed generation use /dev/urandom.
* Configure base path for Level3FileSystem
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/39506 ]
This is in response to b/70354006. This change makes the
Android Level3FileSystem use the existing properties method
GetDevicesFilesBasePath for binderization. The same is done for the
Linux implementation.
* Add legacy_kit/ to BoringSSL Directory
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38861 ]
This adds a second copy of BoringSSL to the third_party/boringssl/
directory. This second copy is pinned to the last revision of BoringSSL
not to require C++11 and is not updated by the UPDATE_BORINGSSL.sh
script. This second copy will be used to provide libssl to the tests on
devices that do not support C++11.
Once we support C++11 in the CDM again, this weight should be removed
and all targets should use the copy of BoringSSL in the kit/ directory.
Bug: 67907873
* Use Shared Libraries for Unit Tests
Author: John W. Bruce <juce@google.com>
[ Merge of http://go/wvgerrit/38860 ]
Some unit tests were using a statically-linked CDM instead of a
dynamically-linked one. (Or, in one case, trying to link both ways into
the same binary.) For now, we need to only link dynamically, so that the
unit tests and the CDM can use different versions of BoringSSL.
Long-term, we would like to test both kinds of linkage. (See b/69548115
for that.)
Some unit tests were also using a dynamicaly-linked CDM that was named
such that it appeared to be statically-linked. This patch renames some
targets to make the linkage clearer.
Bug: 67907873
* Change CDM_Backwards_Compatiblity_Tests to dedicated brances
Author: Fred Gylys-Colwell <fredgc@google.com>
[ Merge of http://go/wvgerrit/39003 ]
The build scripts used by CDM_Backwards_Compatiblity_Tests now pull
old versions of oemcrypto from the dedicated branches oemcrypto-v*,
which [will eventually] contain old oemcrypto versions, that build
with the current build system with a current boringssl version.
bug: 67907873
* Fix spacing on level3 header
Author: Srujan Gaddam <srujzs@google.com>
[ Merge of http://go/wvgerrit/38760 ]
* Correct Query status calls
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38640 ]
Bug: 70160032
* Refactoring to allow encryption of client ID
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/37460 ]
The code has been restructured to allow encryption of client
identification in provisioning requests. This will be enabled
when server side changes have been made (b/69427217).
* Additional information is included in the Client Identification
portion of the provisioning request.
* Client identification will be encrypted with a service
certificate provided by the app/client. Platform changes
to enable passing this to core are needed. If a service certificate
is not provided, a default one associated with the production Keysmith
will be used.
* Switched APIs in CdmEngine to take a service certificate for
provisioning rather than licensing. Service certificates for
licensing are session based and passed as properties from platform
code.
Bug: 30737060
* Allow some CDM errors to be reported from multiple locations
Author: Rahul Frias <rfrias@google.com>
[ Merge of http://go/wvgerrit/38360 ]
This creates some CdmResponseType errors which may be reused
PARAMETER_NULL, NOT_INITIALIZED_ERROR, REINIT_ERROR.
I have made changes to a few classes to report these errors.
Will work on additional classes in a separate CL.
Bug: 69864404
BUG: 71650075
Test: WV Unit/integration tests
Change-Id: Icc048770d424ac537d11ff327cda2cb142da802d
