This is a merge of http://go/wvgerrit/13693 in the Widevine
repository.
This adds level 3 and mock implementation and unit tests for the
OEMCrypto function OEMCrypto_ForceDeleteUsageEntry. It also plumbs
this function up into CdmEngine, CdmSession, and CryptoSession so that
deleting all usage information for a given app id will now delete the
entries in OEMCrypto, too.
b/18194071
Change-Id: Iaea4034a507b323878657215784edfe95876386a
Back when we were being proactive about merging LMP changes to master
in the Widevine repository, there were a few changes that got merged
in a different form than what got checked into the Android repository.
Mostly, this happened due to several large core changes that were
brought over to the master branch in multiple parts so as not to break
other teams using the Widevine repository. This patch brings the two
trees in sync.
Change-Id: I4e56a742686d73d1c6ace209684ce0e8542fd93f
This merges several small changes that were made in response to
comments that arose when LMP changes were merged into the Widevine
repository's master branch.
Change-Id: Ifec968af54dbc3288f24654ec0c6ca9b5962e1aa
(This is a merge of http://go/wvgerrit/10674 from the Widevine CDM
repository.)
Now that the CE CDM has CloseSession to handle closing sessions, we
can rename CancelKeyRequest on the CDM Engine & CDM Session to better
resemble its purpose and the name it is known by on Android.
Change-Id: I68d55b3be733579e5875ab33d8e94a62fe1f651d
Our recommendation to OEMs is that they support a table of at least 50
usage entries in OEMCrypto. If more usage entries are stored, the PSTs get
added to the CDM but are LRU'ed out of the OEMCrypto usage table. When the
CDM queries those usage entries, OEMCrypto will return a
OEMCrypto_ERROR_INVALID_CONTEXT. Rather than return an error and have
MediaDrm throw an exception, CDM should delete this PST and return the
next usage entry, when queried.
[ Merge of https://widevine-internal-review.googlesource.com/#/c/11457/
from Widevine cdm repo ]
b/17994711
Change-Id: I00e3f93000096fb434d94333e22958de795a4bb5
Merge of the widevine change:
https://widevine-internal-review.googlesource.com/#/c/11632
Several unit tests in cdm_engine_test.cpp and request_license_test.cpp
were failing regularly. These were caused by either:
1) The device was not provisioned.
This has been fixed by adding a certificate provisioning step in the
test setup for the cdm engine tests and changing the existing
provision steop in the request license tests to provision for both
security levels.
2) The device was hitting a flaky server.
This has been fixed by switching from the GooglePlayServer to the
Widevine server.
3) A null pointer introduced when testing secure stops with an app
id. This has been fixed by directly injecting the app id in the unit
tests.
4) Flaky network connections. The unit tests were requesting data
from the server and were timing out after 3 seconds. I changed that
to 12 seconds.
5) The tests were searching for an end-of-line marker to find the GLS
header in the license response message. The end-of-line marker was
present in a valid DRM message for almost 1% of the test cases. This
code has been replaced by searching for the string "GLS/1" at the
begining of the HTML body.
I also added test_printers.cpp that defines functions used by GTest to
print error codes by name instead of numeric value.
This CL changes unit tests only. It does not change any production
code.
bug: 18316036
Change-Id: I3398580059a03114e782ac7ac59e6b0944012df4
When falling back to L3, release requests were failing. Information
requesting falling back to L3 is passed along when the session is opened.
Licenses however are released using the key set ID and information
requesting fallback to L3(CdmClientPropertySet) at that point is
unavailable. The release was actually attempting to release a license
at the default security level which is incorrect.
In addition, the mac keys were not being setup correctly and the release
message was signed with keys derived from the license request and not the
response. Both these issues have been addressed and unit tests added
to track release of offline licenses and usage reporting scenarios.
[ Merge of https://widevine-internal-review.googlesource.com/#/c/11062
from wv cdm repo ]
b/17073910
Change-Id: I5cd95a7dfe58ebae7ae27ece6c92e67755c1d665
UAT issues fixed PSTs for each piece of content. This requires the usage
table to be cleared (or usage records released) between tests. If not
PST collisions occur and OEMCrypto fails with
OEMCrypto_ERROR_INVALID_CONTEXT (0x29).
b/17318063
[ Merge of https://widevine-internal-review.googlesource.com/#/c/11061/
from wv cdm repo ]
Change-Id: I7758e5444637583a171edafcd4fb18315bfa8395
* The Usage APIs return usage reports from either L1 or L3 (if available).
* Correction to when usage reports are saved. In addition to other events
they are now saved when keys are loaded, usage reports are released and soon
after first decryption and periodically (60 seconds) after that,
if decryption takes place.
* Usage reports now get deleted on an unprovision request.
* Policy timer is now started when offline licenses are restored.
* Usage session is now released, when a usage response is received.
* Usage tests ahev been enabled.
* Added CDM extended duration (integration) tests to test usage reporting
and querying. These need to be run manually as they take a while (currently
half an hour).
b/15592374
[ Merge of https://widevine-internal-review.googlesource.com/#/c/10800
from the Widevine CDM repo ]
Change-Id: Ia817e03ebbe880e08ba7b4a235ecb82b3ff35fbf
A bug prevented regenerating license release requests. This has
been corrected. A crash due to a formatting error has been addressed.
Clean up of logging and additional logging for open session failures
have been included.
b/16197822
Merge of https://widevine-internal-review.googlesource.com/#/c/10806
from the widevine cdm repo.
Change-Id: I854ead388f311d00b1cd700dfa1b2f58322c2dd4
[ Merge of https://widevine-internal-review.googlesource.com/#/c/10659/
from the widevine cdm repo. ]
CdmEngine::CancelKeyRequest would earlier release keys by closing and
reopening a crypto session. Behavior has been changed to just close
the session.
b/15984869
Change-Id: I92a1f82fd4a97b5510596d4bc69bf07406cee606
Merge of https://widevine-internal-review.googlesource.com/#/c/10614/
from the widevine cdm repo.
* b/15467844 - GenerateRSASignature returns OEMCrypto_ERROR_INVALID_CONTEXT
when called with a non-NULL signature pointer and signature length of
0 (rather than OEMCrypto_ERROR_SHORT_BUFFER)
* b/15989260 - OEMCrypto_DecryptCTR does not return OEMCrypto_ERROR_KEY_EXPIRED
after keys have expired
Also addresses
* integration test updated to reflect that loading certificate errors are
returned on OpenSession rather than GenerateKeyRequest
* compiler warning on type casting
b/15989261
Change-Id: Ib68b972651479e99b9d05de4493aac55a96c4f39
GPlay offline tests were failing due to additional query parameters that were
introduced with b12789275. Additional changes caused offline failures,
as the content pointed to by the test vectors was HD only and did not
allow for offline playback.
This addresses the problem by switching request license tests to point to UAT.
UAT is now the default license server destination for request license tests.
Test vectors for GPlay will be added back as a secondary option when they
are available.
b/13909635
Merge of https://widevine-internal-review.googlesource.com/#/c/10261/
from the widevine cdm repo.
Change-Id: I5e5a2b477b6d591747123e8eeb3cd00b7f762090
Certificate provisioning requests will be made to the production server
since the other URI is being deprecated.
Merge of https://widevine-internal-review.googlesource.com/#/c/10230/
from the widevine cdm repo.
b/15145406
Change-Id: If0cbcaa66fc871568507ee56656c04f8341fcdcf
[ Merge from Widevine CDM repo of
https://widevine-internal-review.googlesource.com/#/c/10171/ and
https://widevine-internal-review.googlesource.com/#/c/10172/ ]
Updated license_protocol.proto from constituent protos in google3
These changes make use of OEMCrypto v9 changes to support usage reporting.
Usage reporting may be enabled for streaming (by means of secure stops) and
offline playback by a provider session token specified in the license.
Changes include periodically updating usage information for relevant
sessions and reporting and releasing usage information as needed.
The CDM has removed all references to Secure Stops. This change
updates the Android API implementation to comply.
b/11987015
Change-Id: Ibb6f2ced4ef20ee349ca1ae6412ce686b2b5d085
OEMCrypto now returns OEMCrypto_ERROR_KEY_EXPIRED rather than
OEMCrypto_UNKNOWN_ERROR when the key has expired. This CL adds
a test to verify that CDM is handling this correctly.
[Merge of https://widevine-internal-review.googlesource.com/#/c/9730
from the Widevine cdm repo]
b/9205119
Change-Id: I6b13b43d71f7fa51531c309ffd3f93d3648f9b89
Adds support for WebM to the CDM. Decryption remains untouched,
however the initialization data is passed differently for WebM.
The previous version of this change broke playback for certain
apps that were being allowed to pass invalid MIME types before
this change was made. This version maintains backwards-compatiblity
for these apps for now by rewriting their MIME types as "video/mp4".
Merge of https://widevine-internal-review.googlesource.com/9225/
and https://widevine-internal-review.googlesource.com/9611/ from
the Widevine cdm repo.
Bug: 10638562
Change-Id: Ib37e838d08363f07b34b3a2e79a3f80a1f43e9ad
Adds support for WebM to the CDM. Decryption remains untouched,
however the initialization data is passed differently for WebM.
Merge of https://widevine-internal-review.googlesource.com/#/c/9225/
from the widevine cdm repo.
Bug: 10638562
Change-Id: I7b8cf4888fa408af77cee103f768f5a7c8ffdc7e
During session sharing, when a sample contains both clear and encrypted
subsamples, subsample flags would on occasion be set incorrectly. Clear
subsamples would be sent to the current session, while encrypted ones
would incur a key id to session lookup and be sent to the appropriate session.
The sessions would then receive decrypt calls with subsample flags
incorrectly set.
In order for this to work correctly all subsamples within a sample need to be
sent to the same session. This requires that key ids be specified and
checked if at least one of the subsamples is encrypted. If however none of
the subsamples are encrypted then a valid key id may not have been provided
to MediaCrypto, and the subsamples may be sent to any session.
In order to support this, the CDM decrypt will now allow the caller to
specify whether to validate the key Id.
Then a check is added to wvcrypto determine whether to ask the CDM to
validate the key ID based on the clear/encrypted states of the subsamples.
The list of subsamples is already being preprocessed, so this
additional check just determines if any subsamples are encrypted, and sets
the validation flag appropriately.
b/11967440
Merge of https://widevine-internal-review.googlesource.com/#/c/8510/3 and
https://widevine-internal-review.googlesource.com/#/c/8520/2 from the
widevine cdm repo.
Change-Id: If65c36a31e56b69f514f0cc547a0becf0c54c40a
A number of failures were observed,
* GPlay dev license server is being worked on. This causes random
failures when running unit tests. Switching to the staging
server for now.
* Occasionally, the license server times out. Introducing a retry
mechanism do deal with HTTP responses (merge from master #45e8ddd5f)
* Release license tests are now disabled. Tests were previously passing,
even though they were not in fact supported by the GPlay license server.
The response included just enough information to be a valid license and
passed minimal verification that was taking place. Additional verification
was not necessary because session is torndown and resources released as
soon as the response has been received.
A change at the GPlay server now causes the release license request to be
flagged as an error and the tests to fail. Work is in progress to
support release of licenses at the GPlay server.
* The wrong message test (from request license tests) fails. This is
because GPlay behaviour changed from returning a HTTP 500, when
processing an invalid PSSH, to returning a HTTP 200 without any included
license.
* Security level path backward compatibility tests on L3 which failed and
caused the succeeding license request tests to fail.
b/12000457
Change-Id: I8e6adc490504475d1039793ea555a17799cb78c4
Merge of https://widevine-internal-review.googlesource.com/#/c/8263
from the Widevine repo.
Changes the behavior of requiresSecureDecoderComponent() to query the
session for whether a lowered security level has been requested
before querying the system to see what its default security level is.
As part of this, we added a new QuerySessionStatus() method to the
CDM that gets status info on a session-specific level, such as the
effective security level of a session.
Bug: 11428937
Change-Id: I5549a2fdd400cc87f567d27fcf74c473451093d6
After a change to the GPlay license server, it no longer accepts heartbeats
at the license server URL ( https://jmt17.google.com/video-dev/license/ ).
The CDM correctly reports https://jmt17.google.com/video-dev/heartbeat/
as the renewal URL but the current test code ignores the reported URL.
The license server then rejects the request and send back an empty
license response.
This causes WvCdmRequestLicenseTest.StreamingLicenseRenewal
and WvCdmRequestLicenseTest.StreamingLicenseRenewal to fail. Request
license tests have been modified to respect the renewal URL.
Merge of https://widevine-internal-review.googlesource.com/#/c/8188
from the widevine cdm repo
b/11290339
Change-Id: I1dcf8277edce99633086fb3db8ffeb7a32a5500d
A staging Root CA public key was used in earlier releases to verify
service certificates. These were in turn used to encrypt the
client identification. This met our needs for an end-to-end verification.
Now that the production Root CA and service certs are available
this change replaces staging certs with production ones.
Merge of https://widevine-internal-review.googlesource.com/#/c/7560/ from
the widevine CDM repo
b/10329328
Change-Id: Id02649201d9a8ba4d08acc4166503341a5bbdd23
Certificates and offline licenses are stored in security level
specific directories in klp. When devices transition from jb-mr2,
their persistent information has to be ported to these directories.
bug:10366036
Merge of https://widevine-internal-review.googlesource.com/#/c/7310/
from the widevine CDM repo
Change-Id: I70b4a79dc5b69bda7fc3a4b92fdcde7ef8b41836
This merges the following changes from the Widevine CDM repository:
da001b6 Add Privacy mode and service certificate
This adds support to the CDM for privacy mode and service certificates.
92bf200 Add support for using Youtube Content Protection server for testing
Enables testing with Youtube Content Protection server. Google Play license
server is still the default. Select YTCP server by using the flag -icp
e.g. adb shell '/system/bin/request_license_test -icp'
85dcd60 Fixes to enable privacy mode
These includes changes to use PKCS7 padding, corrected root CA formatting
and changes to integration test. Also refactored service certificate
handling.
989971c Correction to request license test
Corrected PropertySetTest to provision when needed. Also added disabled
privacy tests to run against YTCP staging server until GooglePlay
integration is complete.
Bug: 10109249
Change-Id: If81d68c65d743d77a485406f48d1be41a74de0af
This merges the following changes from the Widevine CDM repository:
564f4cc Add CdmClientPropertySet to CDM
Adds an interface to the CDM that allows it to query its client for
certain properties. In this case, this includes the ability to
specify what security level is desired, as well as support for
service ceritifcate privacy mode.
9cfbd3e Force Level 3 fallback
Adds support for voluntarily invoking L3 crypto to the OEMCrypto
wrapper.
95d12c1 Add pointer to CdmClientPropertySet class to OpenSession.
Adds support for storing the property set on a session-by-session
basis and choosing the appropriate crypto level.
17de442 Add Settable Properties for Clank to Android
Adds support for setting the aforementioned properties to the
DrmEngine
bbe704d Fixes to force fallback to level three security
Corrections to invoke provisioning, OEMCrypto API with configured
security level rather than the default. Unit tests were also revised.
Note that some parts of this are also support for the ability to use
a service certificate-based privacy mode. The remaining code for
supporting this mode is still forthcoming.
Bug: 10109249
Change-Id: I2755e4dea1de3e8a56cff237360298f7b7f1bddc
Android development of the widevine CDM has been done
on the jb-mr2 branch of the cdm code base. This CL
contains a merge of that jb-mr2 work to CDM master, and
also reflects the evolution of the common Modular DRM
code base since jb-mr2 branched.
Change-Id: I1d7e1a12d092c00044a4298261146cb97808d4ef
Adds a property that allows applications to get the provisioning-unique serial
number.
Bug: 9175567
Also fixes some missing mutexes that were causing intermittent failures in
calls to OEMCrypto due to concurrency issues.
Bug: 9175583
Merge of https://widevine-internal-review.googlesource.com/#/c/5831/
from the Widevine CDM repository
Change-Id: I1d7e3ca9f3b06da345022f5f0d64e0c17a5cedca
Signing and encryption keys are not correctly setup in OEMCrypto, when
an offline license is restored, before generating a key release message.
This results in key release failures. Playing back the license response
causes keys to be derived and allows the key release message to be constructed.
b/9016545
Merge of https://widevine-internal-review.googlesource.com/#/c/5682/
from the Widevine CDM repository
Change-Id: Ica9f13acc7c87e3125fa706f3a56e95b77a14a3c
Bug: 8770327
1. Allow provisioning retries
Allow multiple provisioning request messages to be generated without
requiring an equal number of HandleProvisioningResponse's. This is to
allow for lost messages.
2. Properly deletes cdm and crypto sessions created for cert provisioning.
The CleanupProvisioningSession() has not been deleting the cdm and crypto sessions
created for certificate provisioning properly. The lives of these sessions are
short and therefore, not added to the CdmSessionMap. We need to explicitly delete
these objects when error occurs or when we are done with provisioning.
3. Fixes provisioning responses that contain multiple chunks.
When we make multiple provisioning requests during testing, Apiary
sends response that contains more than one chunk. The test app.
needs to parse the response and concatenates the chunk data.
Otherwise, the size for each chunk is treated as base64 encoded data,
which will generate error when we try to deserialize the response
message.
Merge of https://widevine-internal-review.googlesource.com/#/c/5451/
from the Widevine CDM repository
Change-Id: I5b0ed982849c12628a3949f8d51515fcf6ce5a5f
Currently the CDM requires the caller to specify init data both on key
generation and renewal requests. With this change the CDM relaxes
this requirement for renewals.
Bug: 8732893
Merge of https://widevine-internal-review.googlesource.com/#/c/5322/
from Widevine CDM repo
Change-Id: Idf4ad2bdb20023da4f30bc369ed87eb811c1c4d9
This new format uses the SignedProvisioningMessage proto buffer definition so
the client does not have to parse the message and signature from the JSON
response separately. This change makes it more flexible to extend the fields
in the SignedProvisioningMessage.
Adds Apiary API key to the default provisioning server url.
Fixes a bug in GetCertRequestResponse() where a LOGD() can generate a
fault if there is no response data.
Bug: 8620943
Merge of https://widevine-internal-review.googlesource.com/#/c/5230/
from Widevine CDM repository
Change-Id: I4945ee2d16f88666e41edf990dd07102a9271105
