[ Merge of http://go/wvgerrit/117267 ]
The client will now advertise the ability to handle provisioning errors
by a minor version updated to the provisioning protocol version.
The provisioning service may indicate that the individual device
is revoked or all devices with the same make/model have been revoked.
If the provisoning service has not been upgraded, the protocol version
field in the request will be ignored. The provisioning service/SDK
will respond with an HTTP 400 error to a provisioning request from
a revoked device.
Bug: 174174765
Test: WvCdmRequestLicenseTest.ProvisioningRevocationTest,
WV unit/integration tests
Change-Id: I5ff61496685f310de6704a90452b8b76b3505cbb
[ Merge of http://go/wvgerrit/117266 ]
These changes facilitate communication of provisioning errors from
provisioning service/SDK to the client.
Clients will indicate in the SignedProvisioningMessage whether they
support handling of error information in the ProvisioningResponse.
The provisioning service/SDK can then indicate why the provisioning
request is being rejected.
The protocol_version field from SignedProvisioningMessage has also been
broken into separate protocol version and provisioning type fields.
This will support changes planned for future releases.
Bug: 174174765
Test: WV unit/integration tests
Change-Id: Ic1a41ed8f83b69697300c586a78266fac20298fb
If not argument is given, the app just sits and wait
for stdin input, this can be confusing for the user.
Add logic to display menu if no argument is given.
Test: metrics_dump
display menu
Test: metrics_dump [bugreport from sabrina-q.gz]
display mediadrm and widevine metrics
Test: metrics_dump --mediadrm [adb shell dumpsys media.metrics output]
display mediadrm metrics
Test: metrics_dump --widevine [adb shell dumpsys media.metrics output]
display widevine metrics
Test: metrics_dump [bugreport from sabrina-q.gz] --widevine
display menu because the order is app_name, options, input file
Bug: 180983850
Change-Id: I9b35f782d8f59663661148d3950f89e4724b6bce
Merged-In: I9b35f782d8f59663661148d3950f89e4724b6bce
[ Merge of http://go/wvgerrit/110923 ]
The CDM is responsible for telling OEMCrypto the underlying DRM
private key type when loading it into a session. To do this, the
CDM must determine and store the key type of a successfully loaded
provisioning response. The type of key is available from the
DRM certificate proto that is provided in the reponse.
This change introduces a class to contain the wrapped key and
type together. To store the type, the CDM device files have been
updated to include a key type with the DRM certificate and to
store from and load to the new class.
Unittests have been updated for using the new class where the
wrapped key was used before.
Test: Linux unit tests
Bug: 140813486
Change-Id: I09249afe9c291632fb651ecd00eac697d6939ec7
(cherry picked from commit 6c457402e944079271cef488aa4699f986da6a2e)
Merged-In: I09249afe9c291632fb651ecd00eac697d6939ec7
[ Merge of http://go/wvgerrit/110824 ]
When generating a provisioning request, the CDM includes the different
certificate key types that are supported.
This change will enable the reporting of ECC certificate types if
OEMCrypto supports them.
Test: Linux unit tests and Android integration test
Bug: 140813486
Change-Id: I713ff1c469dff5c8a41461727ce63486d962575e
(cherry picked from commit 547d2f8775)
Merged-In: I713ff1c469dff5c8a41461727ce63486d962575e
[ Merge of http://go/wvgerrit/110823 ]
DrmDeviceCertificate is the CDM's reduced version of DrmCertificate
used in the backend. With the introduction of ECC, the CDM needs to
extract the signature algorithm to determine how to handle the wrapped
private key used by OEMCrypto post-provisioning.
This change brings the DrmDeviceCertificate in line with the
provisioning service's DrmCertificate message as the new source of
truth.
Bug: 140813486
Test: Compiled proto
Change-Id: I164a1c9266fb74b6cdd0ff35f1986ca032033bba
(cherry picked from commit 667c672c80)
Merged-In: I164a1c9266fb74b6cdd0ff35f1986ca032033bba
Merged from http://go/wvgerrit/114903
There is a potential integer overflow to bypass the
source base size check in decrypt. The source pointer
can then point to the outside of the source buffer,
which could potentially leak arbitrary memory content
to destination pointer.
Test: sts-tradefed
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176496160#testPocBug_176496160
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-17649616064
Bug: 176496160
Bug: 176444786
Change-Id: I208e0d5d949e8ef003fcf7d6f129eab66b9b3656
[ Merge of http://go/wvgerrit/108904 ]
Client ID name-value fields in the license request share the same
namespace with app parameters and WV standard device information. As
a result, it was possible for applications to provide parameters that
could potentially fool the license server with spoof values.
This CL restricts the use of the fields that are common across both the
Android CDM and CE CDM. Currently, Android specific fields are
restricted by the MediaDrmPlugin layer, and there are no CE CDM
specific fields currently defined.
The non-HIDL DRM plugin does not restrict these fields; however, it
will be removed in S.
Bug: 171723566
Test: Android integration test
Change-Id: I5ad9ead73c5aff712dff8133953de5ddc3296452
[ Merge of http://go/wvgerrit/110603 and http://go/ag/13139808 ]
Qualcomm SoC may report 10085 (RSASSA-PSS signature error) when
OEMCrypto_PrepareAndSignLicenseRequest is called. The app needs to
reprovision (or the user needs to factory reset their device) in order
to recover.
If the 10085 error is returned, the app currently will get a
MediaDrmStateException. The app has no way to be able to tell
whether this is due to the 10085 error or some other error.
This change returns a NEED_PROVISIONING error at the CDM level, which
will result in the app receiving a NotProvisionedException when
MediaDrm.getKeyRequest is called.
Bug: 174375589
Test: GtsMediaTestCases, WV unit/integration tests
Change-Id: I4f2884c8a5fd88ab2e9bfbc0731a20e58cec0f36
[ Merge of http://go/wvgerrit/110603 ]
Qualcomm SoC may report 10085 (RSASSA-PSS signature error) when
OEMCrypto_PrepareAndSignLicenseRequest is called. The app needs to
reprovision (or the user needs to factory reset their device) in order
to recover.
If the 10085 error is returned, the app currently will get a
MediaDrmStateException. The app has no way to be able to tell
whether this is due to the 10085 error or some other error.
This change returns a NEED_PROVISIONING error at the CDM level, which
will result in the app receiving a NotProvisionedException when
MediaDrm.getKeyRequest is called.
Bug: 174375589
Test: WV unit/integration tests
Change-Id: I4f2884c8a5fd88ab2e9bfbc0731a20e58cec0f36
[ Merge of http://go/wvgerrit/110165 ]
The conditional compilation for flagging the CDM and ODKiTEE logging
functions as printf-like was guarded by a check on "__gnuc__" or
"__clang__". However, GCC doesn't actually define "__gnuc__", it
defines "__GNUC__", all caps. Fixing this causes GCC to find a slew
of format-string errors that Clang was accepting. This patch fixes the
capitalization and the uncovered errors, most of which fall into one of
a few categories:
1) The format string and variable had different signedness. For these,
the format strings are updated to match the variables.
2) The variable was an array index that was not of size_t. For these,
the variables have been updated to be size_t and the format strings
have been updated to use %zu. A few index variables that weren't
actually used in format strings are also fixed to be size_t.
3) The code assumed the signedness of the internal representation of an
integer literal, enum constant, or enum variable. For these, I either
cast the input to a known type so that the format string is valid
regardless of internal representation or I switched to a hexadecimal
format string. The latter case is more useful on ODKiTEE enums where
the literal value is in the code as a 32-bit hexadecimal value
anyway.
This patch also adds missing integer casts to the enum literals in the
ODKiTEE logging header. (These are required for pedantic C99
compatibility when using literal values that do not fit into a 16-bit
integer.)
Bug: 173460694
Test: jenkins/odkitee_ta
Test: build.py x86-64
Change-Id: I244972639a5a6ea0de157eb67e1e0dfa9787ec32
Merging CL:
* http://go/wvgerrit/108203
* http://go/wvgerrit/103904 (changes to L3 source files excluded)
Also added ODK dependency which is required by L3 v16.
Do not replace constant sizeof() with a hard-coded value in L3 library because it is target-specific.
Test: Unit tests on gLinux
jenkins/linux_unit_tests
jenkins/ce_cdm_tests
Test: Unit tests on Pixel 4(flame-userdebug, rvc-qpr-dev)
vendor/widevine/libwvdrmengine/build_and_run_all_unit_tests.sh
Test: Manual ExoPlayer L1/L3 playback tests (flame-userdebug)
WV: Secure HD/SD (cenc,MP4,H264)
WV: Secure HD/SD (cbc1,MP4,H264)
WV: Secure HD/SD (cbcs,MP4,H264)
Test: Widevine GTS tests(bramble-userdebug, master)
http://ab/I23800006571451275
Bug: 136317881
Bug: 139814713
Bug: 173331251
Change-Id: I1656e83a74a0eaf650f55f5e2388819bf5020c0d
