* Add Apple MD5 support in DeviceFiles
[ Merge of http://go/wvgerrit/15544 ]
Patch courtesy of Spotify.
* Changing vague BufferReader log message
[ Merge of http://go/wvgerrit/15515 ]
Amending the buffer reader log message for null parameters in the
read function to say the type of parameter to help tell the
difference between Read2, Read2s, Read4, Read4s, Read8, and
Read8s.
Bug: 23619044
* Fix HTTP socket tests
[ Merge of http://go/wvgerrit/15521 ]
This fixes the build on Jenkins. I missed these when I updated HTTP
socket because they are not part of the CE CDM test suite.
* Update HttpSocket for IPv6
[ Merge of http://go/wvgerrit/15517 ]
Previously, HttpSocket made assumptions about IPv4.
This CL updates this utility to be agnostic to IPv4 vs IPv6.
If our servers start resolving to IPv6 addresses in future,
our tests can now handle this transparently.
* Removed low level warnings from PSSH
[ Merge of http://go/wvgerrit/15489 ]
Unneeded warnings in parsing PSSH and in buffer reader
were appearing in the logs. LOGW commands were replaced
with LOGV.
Bug: 23419359
* BufferReader unit tests and hardening.
[ Merge of http://go/wvgerrit/15449 ]
Added unit tests for public-facing functions.
Added protection against null or negative parameters.
Bug: 23419008
Change-Id: Ia44100a2d1bafe68986ae9a0793214885b21e61e
* Add dummy comments to blank files
git5 patch does not seem to handle blank files well. This CL will
allow the new CDM interface to be tested on iOS before it is
officially merged in google3.
* Stop Parsing the Command Line in InitLogging
[ Merge of http://go/wvgerrit/14164 ]
This change removes the parameters from InitLogging() and removes the
code in the Linux implementation that was using them.
Change-Id: I65849a89a2fac10cfc86eb16165bfcad468140aa
* Extend CdmLicense's stored_init_data_
[ Merge of http://go/wvgerrit/14661 ]
CdmLicense will store init data when a server cert must be
provisioned. After provisioning, the original init data can be used
to generate the originally-intended license request.
To do this before, the caller had to call CdmSession's
GenerateKeyRequest with an empty InitializationData object. However,
the init data's type still had to be set, as did the license type.
This CL allows the caller to use a truly empty InitializationData
without a type. To permit this, CdmLicense now stores a full
InitializationData object, rather than just a copy of it's data field.
With this CL, the caller also avoid storing the original license type.
To accomplish this, CdmSession uses the already-set is_offline_ and
is_release_ flags from the original call to reconstruct the intended
license type. The caller uses the new type kLicenseTypeDeferred.
To facilitate storing whole InitializationData objects, they are now
copyable.
This ultimately simplifies server cert code for the new CE CDM.
* Store service certs in Properties
[ Merge of http://go/wvgerrit/14664 ]
This allows CE devices to mimic the Chrome CDM's behavior of sharing
server certs between sessions.
This also affects Android behavior. Previously, provisioned service
certificates were per-session, while explicitly-set service certs
were per-DRM-plugin. Now, both are per-DRM-plugin.
A DRM plugin is associated with a mediaDrm object. Content
providers will still be able to retrieve and use different
certificates. The change here requires an app, that wishes to use
different provisioned service certificates will have to use
multiple mediaDrm objects. This is an unlikely scenario.
Change-Id: If2586932784ed046ecab72b5720ff30547e84b97
* Add CE test for incomplete remove()
[ Merge of http://go/wvgerrit/14658 ]
This depends on I064c053dd986a432865163aed5c9c3493f14340b to get
PolicyEngine to implement the EME semantics expressed in this test.
This also excludes another error code from causing an error log in
CdmEngine::AddKey, because this is actually an expected, handled
error in the CE CDM and it causes some confusing noise during testing
and development.
* Drop CdmEngine test main
[ Merge of http://go/wvgerrit/14693 ]
The command-line arguments are no longer in use anywhere, and
dropping the CdmEngine test's main allows me to add those tests to
the CE test suite.
* Add PolicyEngine::SetLicenseForRelease()
[ Merge of http://go/wvgerrit/14651 ]
In order to implement the EME-specified behaviors for load() &
remove(), some small changes are required in PolicyEngine.
According to EME, you should be able to remove() an active session.
This means that releasing a persistent session is not a separate load
operation. EME also states that the keys should be expired when this
is done.
Remove() is implemented using GenerateKeyRequest(type=release). This
leads to CdmLicense::RestoreLicenseForRelease, which in turn calls
PolicyEngine::SetLicense. When removing an active session, the policy
engine will have keys already loaded. The old behavior would cause
these keys to be reloaded. We need them to be expired, instead.
Once a remove() has been started, the keys should never be loadable
again. If a release confirmation is not received by the CDM, the
session should still be loadable. EME states that once a session has
had remove() called, then is loaded again later, there should be no
keys. Not that they should be expired, but not present. The old
behavior would cause these keys to be reloaded as usable.
This new method allows EME remove() and load() behaviors to be
faithfully implemented in the CE CDM. When removing an active
session, the old keys become expired. When removing a partially-
removed, newly-loaded session, no keys will be loaded at all.
This change does not affect any existing tests in core/.
New tests have been added in PolicyEngineTest to cover the behavior
of the new method.
Change-Id: Idd61487c277c9eadb4a044cb2a563e151442a548
* Reject session clobbering.
[ Merge of http://go/wvgerrit/14634 ]
This fixes a bug in I17de92b3e682c9c731f755e69466bdae7f560393 in which
sessions can be clobbered by a forced session ID. This bug manifested
in subtle test failures which involved repeatedly creating sessions.
This was traced to OEMCrypto not being terminated, then upward to a
leaked CryptoSession and CdmSession, and then finally to clobbered
session IDs.
To avoid the bug in future, first, reject duplicate session IDs.
Second, change the OpenSession API to make forced IDs explicit.
* Fix unit test namespaces.
[ Merge of http://go/wvgerrit/14622 ]
This fixes some odd errors that occur when linking multiple test
suites into one executable. When two object files both contain
a definition of wvcdm::MockCryptoSession, for example, one will win
silently and cause the other's tests to misbehave and/or crash.
The solution is to put all mocks into an anonymous namespace, since
each wvcdm::(anonymous)::MockCryptoSession is separate.
In order to avoid lots of repetitions of wvcdm:: in the anonymous
namespaces, all anonymous namespaces in unit tests now live inside
or the wvcdm namespace. This has been done even for tests which
are not currently using mocks.
* Move timer and timer_unittest to Android.
[ Merge of http://go/wvgerrit/14619 ]
These are not used anywhere else.
Change-Id: I234f31e9b5c79061205728783596ebaff65e0aff
* Make CdmProvisioningResponse const.
[ Merge of http://go/wvgerrit/14618 ]
The lack of const on this reference seems to be a mistake, since the
responses is never modified. This also allows the new CE CDM to pass
responses directly through from the caller.
* Let Properties determine DeviceFiles level support
[ Merge of http://go/wvgerrit/14620 ]
Non-Android platforms do not have multiple security levels, and so do
not use the security level to construct a base path.
Instead of requiring a known "security level" to construct a file,
accept anything that platform Properties will accept as a base path.
* Drop Properties::GetSecurityLevel().
[ Merge of http://go/wvgerrit/14617 ]
This seems to be dead code.
Change-Id: I94a970279213100730d6e6c763558dbe386f936a
* Expose release and offline statuses in CdmEngine.
[ Merge of http://go/wvgerrit/14616 ]
This will allow me to make some intelligent decisions in the new CE
CDM implementation without having to duplicate all the information
known in the lower levels.
* Account for backward compat support in tests
[ Merge of http://go/wvgerrit/14621 ]
One test ensures that device path backward compatibility is working,
while another assumes it is used.
This fixes test results when
Properties::security_level_path_backward_compatibility_support()
is false.
Previously, the CE CDM did not run these tests, and so this went
unnoticed.
* Remove Lock::Try, which is not used.
[ Merge of http://go/wvgerrit/14624 ]
Change-Id: Id18cf1f5b18c7322b8b636819276361af225734f
* Move Properties::Init into platform-specific code
This enables a refactor where property initialization for CE CDM will
use values provided by the application during library initialization.
[ Merge of http://go/wvgerrit/14510/ ]
* Add Properties::AlwaysUseKeySetIds().
When true, all sessions will have key set IDs and all session IDs
will be the same as the corresponding key set ID.
This will help the new CDM interface stick more closely to the EME
APIs, in which there are no such things as key set IDs and sessions
only have a single, random ID used for both streaming and offline.
[ Merge of http://go/wvgerrit/14521/ ]
* Reserve key set IDs in memory, rather than on the file system.
This makes it more efficient to use key set IDs for non-offline
sessions.
[ Merge of http://go/wvgerrit/14535/ ]
Change-Id: I765c3519619b17cc3c4ef95b1a6b125f479ee1d0
Prevent usage of client provided address on
non-secure devices spoofed as being secure.
b/23223325
merge of go/wvgerrit/15420 from widevine repo
Change-Id: I1d4f3a652b3d5e78fca508f92005cfa8df5ec6db
[ Merge from http://go/wvgerrit/14745 ]
License generation errors previously would result in code -2916 being returned
though the mediaDrm API. More descriptive error codes are now being returned
from -2850 to -2836
b/13976775
Change-Id: I613ad650ab0a072ce9d8029e2af52b72dc617236
[ Merge from http://go/wvgerrit/14670 ]
Concurrent provisioning attempts are declared successful if any one of them
succeeds. Earlier only the successful ones were declared as such.
b/21727698
Change-Id: I67dedca44790a4ae236e14f90a8fc91775273905
(This is a merge of http://go/wvgerrit/14630)
To create a better flow when an application sets a service certificate
manually, we will now validate the certificate when it is given to us,
and if it is invalid, we will not allow the property to be set.
Bug: 21307186
Change-Id: If980ad075604223fc962a859fae93e98d86a7f4f
[ Merge of http://go/wvgerrit/14410 ]
When specifying a service certificate though mediaDrm, the CDM earlier expected
serialized service certificates rather than signed ones.
b/21334970
Change-Id: I39af2aa25e8dc2a651cbdce84eb32f266b5b3382
Also fix a missing change for
"playback duration should override license duration".
Merged from Widevine CDM repo:
https://widevine-internal-review.googlesource.com/#/c/14435/
Bug: 21393975
Change-Id: Ibfcf3ae4c13db8944ea285bcc79b6312ea621e1b
[ Merge of go/wvgerrit/14360 ]
If within playback window, do not expire license on expiry of rental or
license duration. In this case playback duration will extend the license.
b/17791094
Change-Id: I26d255aa8f0287bd583ebdeec991c613d49d8f22
[ Merge from go/wvgerrit/14286 ]
CDM now reports status information associated with the specified security level.
Earlier information would be reported from the default security level.
b/18709693
Change-Id: I7a01e8ea9773b56951c207437ce85e567fd32b09
[ Merge of go/wvgerrit/14240 ]
Client information is reported in release and renewal messages based on
flag in the license. License proto has been updated to match server updates.
There are two caveats
* Client IDs will be reported unencrypted when usage reports are requested.
* Release requests that enable privacy mode (encrypted client IDs) but do not
specify a service certificate are not supported.
b/19247020
Change-Id: I95e709922122370f310936fbad3d312262128e49
The errors in the range ERROR_DRM_VENDOR_MIN to ERROR_DRM_VENDOR_MAX are
reflected in the message that is reported to the app, which is
MediaDrmStateException.getDiagnosticInfo().
Many errors map to kErrorCDMGeneric, especially KEY_ERROR is used as a
generic error in CDM. This fix defines more specific error codes in the
CDM for places where KEY_ERROR is returned.
Merge from http://go/wvgerrit/14071
bug: 19244061
Change-Id: I688bf32828f997000fea041dd29567dde18ac677
Implements the optional setMediaDrmSession() method. To enble this,
support was added to the core to report if a session ID is valid.
As a consequence of this, in the tests for the CryptoPlugin,
construction of the plugin must be deferred until all gMock
expectations are set, as construction now calls into the CDM core.
This is a merge of two changes from the Widevine CDM repo:
http://go/wvgerrit/14083
Allow Setting of Session ID
http://go/wvgerrit/14085
Check If Session ID Is Valid When Changing CryptoPlugin IDs
Bug: 19570317
Change-Id: I7dbd777ce6efebd71fdb5e602663a0e35a48a9c4
This is a merge of several Widevine-side commits that, cumulatively,
allow callers to specify an origin to be used to isolate data storage
as specified in the W3C Encrypted Media Extension specification.
Separate origins have separate certificates, and consequently cannot
share device identifiers with each other.
The changes included in this are:
Add Ability to Check for Existing Certificates
http://go/wvgerrit/13974
Add Ability to Remove the Certificate
http://go/wvgerrit/13975
Make CDM Origin-Aware
http://go/wvgerrit/13977
Add Per-Origin Storage to Widevine CDM on Android
http://go/wvgerrit/14026
Remove Automatic Origin Generation
http://go/wvgerrit/14031
Bug: 19771858
Change-Id: I6a01c705d9b6b4887a9c7e6ff4399a125f781569
(This is a merge of http://go/wvgerrit/13813)
Removes the OS Version property which was only ever implemented on
Android to appease Netflix and never actually used by them. Adds,
instead, a Widevine library version property. Also adds
implementations of this function for both Android and CE Devices.
For Android, the version number is starting at 3.0.0-android, to
reflect that this is the third major revision of the Widevine CDM in
Android.
For CE Devices, the version number is not changing from its current
value (2.2.0) but is gaining a "-ce" on the end in order to
differentiate it from the Android version number.
Bug: 18376638
Change-Id: Ifb3fa0d62631b45d9e91a6a53bcab3be38763d3a
This is a merge from the Widevine repository of
http://go/wvgerrit/14024
Add Level 3 Oemcrypto Unit Tests To Run All Tests Script
This CL adds the ability to restrict the oemcrypto unit tests to only
use the fall back level 3. This restriction is per-process, and is
only used while running the unit tests. This allows us to automate
running the unit tests on an android device as both level 1 and level
3 without modifying files in /system/lib. To turn on the restriction,
set the environment variable: FORCE_LEVEL3_OEMCRYPTO=yes.
New level 3 library versions are:
level3/arm/libwvlevel3.a Level3 Library Apr 8 2015 13:09:05
level3/x86/libwvlevel3.a Level3 Library Apr 8 2015 13:15:42
http://go/wvgerrit/14055
Remove Redundant Tests
This CL modifies the UsageTableTests in oemcrypto_test.cpp so that
they are not all parameterized by new_mac_keys_. This parameter is
used when testing signatures. In particular, we do not need to verify
timing twice.
Also, I modified the run_all_unit_tests.sh script so that the
environment variable GTEST_FILTER is passed down to the android
process. This allows us to use the script to run a limited list of
tests while debugging.
http://go/wvgerrit/14054
Filter Out API Version 10 Tests
This CL updates the OEMCrypto tests so that all but one test will pass
for a device that implements the version 9 API.
Android LMP devices should pass tests with
GTEST_FILTER="*-*MNC*:*CanLoadTestKeys*"
http://go/wvgerrit/13886
Update Documentation about Optional Features
The intergration guide has been updated to include reference to
OEMCrypto_LoadTestRSAKey. It also now discusses optional features.
The Delta 10 document now mentions OEMCrypto_LoadTestRSAKey.
The android supplement warns that most optional features are required.
This also adds clarification about which functions should save the
usage table, in answer to:
b/16799904 OEMCrypto v9 ambiguous about saving usage table information
Change-Id: Ifb517d58952c9b332b2958ca99af64bc293b985f
This is a merge from the widevine repository of
http://go/wvgerrit/13923 Switch openssl to use the EVP interface for aes-ctr-128
http://go/wvgerrit/13979 Add Test Certificate to OEMCrypto Mock
http://go/wvgerrit/13978 Add Test Keybox to Level 3 OEMCrypto
http://go/wvgerrit/13873 Enable OEMCrypto Unit Tests
This CL adds a main program to oemcrypto_test.cpp, which filters out
tests that are not supported on the specified platform. It also adds
LoadTestKeybox to the mock. This allows oemcrypto unit tests to be run
on devices that have production keybox. It also allows the same set
of unit tests to work on Android and on non-Android platforms.
b/18962381 Use test certificate (partial fix)
b/19867990 Separate cast receiver tests
Change-Id: If89c31530103ed85aa37d7379bd5b4dc2a927f38
Also removes OnSessionExpiration which is no longer needed with
OnSessionKeysChange.
Bug: 19771612
Bug: 19771431
Merged from Widevine CDM repo:
https://widevine-internal-review.googlesource.com/#/c/13951/
Change-Id: I0603e808e8d50ff7bb1fb1d5e44fabd8d268ee8a
(This is a merge of http://go/wvgerrit/13922 from the Widevine CDM
repository.)
I'm not sure why we chose to pass char* instead of std::string to the
helper functions in DeviceFiles, but it seems to require a lot of
gymnastics of the calling code for minimal gain.
Change-Id: Ie0cdec80ab77c94370648dd74249124aed6e8be1
(This is a merge of http://go/wvgerrit/13910/ from the Widevine CDM
repository.)
DeviceFiles has a lot of repeated code whenever it needs to check for
file existence or remove a file. When reading and writing files, it
has wrappers that handle this repeated burden. This change adds
wrappers for the other functionality used by DeviceFiles as well, to
reduce duplication.
Change-Id: If959b504672c1b907346d28f31648d8028de8bdf
(This is a merge of http://go/wvgerrit/13911/ from the Widevine CDM
repository.)
This wasn't causing problems anywhere yet, but the headers included by
file_store.h were not the headers it actually needed.
Change-Id: I89e6fd30efc8837ba44ce6cfd6d7a7b77db7197a
Copy from Widevine repository of http://go/wvgerrit/13841
This CL adds a nonblocking CopyBuffer to OEMCrypto, its unit tests,
and plumbs it up to the cdm CryptoSession and CdmEngine.
b/19543782
Change-Id: I4c88bd2f8d7f67ecccb549c1934b7c0da15a8429
This is a merge of http://go/wvgerrit/13751 from the widevine
repository.
The CryptoSession had an enumeration for HDCP levels that was copied
from OEMCryptoCENC.h by hand. Since that header is included, there is
no need to have two enumerations.
b/16303994
Change-Id: Ief16ba62163776f9ca80375f3638ef4c7770e742
Also pass session_id and event_listener to PolicyEngine to make it easier
to dispatch events from PolicyEngine.
Bug: 19771437
Merged from Widevine CDM repo:
https://widevine-internal-review.googlesource.com/#/c/13816/
Change-Id: I5723cb371cb3c43c945051af3402b09069ba5859
(This is a merge of http://go/wvgerrit/13761 from the Widevine
repository.)
This cleans up our includes to be in Google Style Guide order and in
alphabetic order, for the parts of the code that are expected to
follow Google Style.
This also converts places in our code that were including C headers
in the C++ style (i.e. <cstring> instead of <string.h>) to use C style
instead. This is because, although it was not causing problems for us
yet, on Android these actually include different headers. (<cstring>
is provided by libcxx, while <string.h> is provided by Bionic)
Lastly, this change puts all headers that do not come from within our
project in <brackets> instead of "quotes," which was not being done
consistently.
This change is explicitly NOT trying to standardize the spacing of our
header includes. I have tried to respect, in each file, the spacing
style already present.
Change-Id: If3dc06532ab9b68010285d64518ef21dce3d6354
