Merge of http://go/wvgerrit/68986
Bug: b/120797208
Test: Android + Linux unit tests
OEMCrypto v15.1 introduced changes to full decrypt path testing.
This CL reflects those changes for the Level 3 code, including
removing InitializeDecryptHash and changes to error reporting.
Change-Id: I09cec6743524d326cb1a6c3ba4dd1764dbefff5f
Merge from Widevine repo of http://go/wvgerrit/68464
The Full Decrypt Path Testing design has changed to remove
OEMCrypto_InitializeDecryptHash. This CL updates the unit tests and
reference code.
Bug: 120795057
Test: unit tests
Change-Id: Iee28fa9034dc21cee81c5b894c192e260375eeee
Import from http://go/wvgerrit/68385
Adds the build information returned from OEMCrypto_BuildInformation()
to the CDM session metrics.
Bug: 117117555
Test: Unit tests. GPlay manual. GTS Tests.
Change-Id: I505c46fec61a7c62538f843185ec0358f860da79
Import of http://go/wvgerrit/68188
This adds an attribute to metrics indicating if the license was online
or offline.
Also, added a unit test for CdmEngineMetricsImpl.
Test: Unit tests. GPlay manual. GTS tests.
Bug: 115523917
Change-Id: Id315c643048914a2c51904451f9665987bc87eb7
Bug: b/70299597
Merge of http://go/wvgerrit/67304
Test: Android, CE CDM, and Linux tests
There's a few different things that can go wrong in the L3
initialization, with seeding and device key failures among others. They
should be recorded in metrics to track. Along the same lines, since
multiple errors can happen in conjunction, metrics needs to change to
add more fields for errors. This CL also adds the
hidl_metrics_adapter_unittest to the Android test scripts.
Change-Id: Ie5bcf81bbe294a1136c58410f90087a13b3d911d
[ Merge of http://go/wvgerrit/67884 ]
Now that we can use C++11, we should use the cross-platform std::mutex
type, not the custom pthread version.
Bug: 111850982
Test: WV unit/integration tests
Change-Id: If2fde2836826c5184609e6b1f3a6511206bd4594
* changes:
Changes to adapter + gyp to support v15
Add full decrypt path testing functionality to Level 3
Update pointers to substrings in Level 3
Update level 3 reference API for v15
[ Merge of http://go/wvgerrit/67324 ]
This introduces the ability to query resource rating tier information
through the plugin and CDM. Resource rating tiers are also
sent in the client identification portion of the license request.
Bug: 117112392
Test: WV unit/integration tests
Change-Id: I68ac6dfc4362f61150af822bd526e346b5cc4bf7
[ Merge of http://go/wvgerrit/67323 ]
This allows the client to report resource rating tier in
ClientIdentification.
Bug: 117112392
Test: WV unit/integration test
Change-Id: I5bcbd5217c376cb52be2548ee63e0b0232b411d3
[ Merge of http://go/wvgerrit/63682 and http://go/wvgerrit/4977904 ]
Enforce OEMCrypto insufficient resources error reporting in CDM tests.
In addition, when CreateNew/LoadUsageEntry fails with OEMCrypto
insufficient resources error, delete a random usage entry
and retry. The current behavior evicts low index entries
from the usage table, which was a crude attempt to emulate a LRU.
This was deficient as, on occasion, it will result in the deletion
of a recently added usage entry.
Bug: 111260263
Bug: 113828866
Bug: 120433165
Test: Widevine OEMCrypto tests, integration tests. GtsMediaTestCases.
Play movies and Netflix playback tests.
GtsMediaTestCases MediaDrmTest#testUsageTableCapacity
Change-Id: I63340f76d1e2af3c6834b98ad816e11eea18fc7f
Bug: b/117558570
Test: Android, CE CDM, and Linux tests
Merge of http://go/wvgerrit/67566
This CL adds changes to support the Level 3 upgrade to v15 with both the
dynamic and static adapters. It also rearranges the wvcrc.cpp files so
that the tests have their own copy and Level 3 can just use the one in
ref/src.
Change-Id: Ieee2859601881aa1800622454e6ce0345eb94aa7
(This is a merge of http://go/wvgerrit/66810)
Netflix discovered that several files were only compiling because of
transitive includes via the Metrics code. This patch adds the missing
headers they noted.
Bug: 118676365
Test: CE CDM Build
Change-Id: Ifbc4e5d4276d1c3fb9bbd677230cd431e34e5c76
(This is a merge of http://go/wvgerrit/66625)
Google C++ Style dictates that methods which override base class or
interface methods should be declared "override" but not "virtual". Since
our codebase has not had access to "override" until now, many of our
classes do not follow this rule. I've updated as many places as I could
find to follow Google C++ Style, which should hopefully help us catch
errors better in the future.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: Ic23e2e482e967256da306791532b5fec7b81b2f2
(This is a merge of http://go/wvgerrit/66643)
The sub-license feature has been removed from the server and packager.
So that we do not have to continue maintaining the code that supports
this feature that never shipped, I am removing it from the CDM as well.
Bug: 113165466
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I5d25844b161e74aa19adf19a29c56e4881aa7304
Bug: b/119276649
Merge from: http://go/wvgerrit/66367
Test: Android, CE CDM, Linux unit tests
The FileSystem interface as it exists expects an Open for a file and
then a Close when finished. However, the Close doesn't delete the file
itself and depending on the platform, the underlying impl_ as well,
leading to a memory leak. To fix this leak as well as harden against
future memory issues, this change refactors the interface to shift away
from raw pointers and towards smart pointers.
Change-Id: I7a7132ea95cd3775796a540f510b698f4f27dd24
Merge from Widevine repo of http://go/wvgerrit/66865
This CL updates the comments for the code that uses
InstallKeyboxOrCert to install a keybox or oem cert at runtime. There
is also a new unit test for the device id. There are not many unit
tests because we don't want to accidentally overwrite the production
keybox or cert on a device when running tests.
bug: 111725154
test: unit tests
Change-Id: Ide9b3d4732f3f96a723a128907babe7e59c02ffc
[ Merge of http://go/wvgerrit/66083 and http://go/ag/5445191 ]
Fix proposed by amlogic. Release usage session early in the CdmEngine
destructor to avoid SIGBUS.
Bug: 118646062
Test: WV unit/integration tests.
Change-Id: I8b419c57814dc32e9873173ab6c24d209bdcc3a0
Merge from Widevine repo of http://go/wvgerrit/66711
This addresses review comments for the OEMCrypto v15 CLs, as documented in
b/119685652.
Test: unit tests
Bug: 119685652
Change-Id: I0e7ce13dd80335eb1a12240df5c1df2c34ba4298
[ Merge of http://go/wvgerrit/65442 ]
This also requires the removal of sub session related code as references
were removed from the proto.
Bug: 119077124
Test: WV unit/integration tests
Change-Id: Ida1a591afc267ec97344e5bba00bbf401887a202
Merge from master branch of Widevine repo of http://go/wvgerrit/66080
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64002
This CL updates OEMCrypto reference code and unit tests to support full decrypt
path testing.
Test: unit tests
Test: tested as part of http://go/ag/5501993
Bug: 34078913
Change-Id: Ia67374599d6619698a336f41513068ad04294e7f
Merge from master branch of Widevine repo of http://go/wvgerrit/66078
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64022
This CL updates OEMCrypto ref code, unit tests, and core code for
setting the sandbox id before initializing OEMCrypto.
Test: unit tests only
Test: tested as part of http://go/ag/5501993
Bug: 115834255
Change-Id: Id9831680fe4db1c69413815931cae4bc80df0c01
Merge from master branch of Widevine repo of http://go/wvgerrit/66074
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/65102
Currently, the string only contains the mac_key_server, which isn't an
issue currently because we just get the offset into the message for the
enc_mac_keys pointer when calling LoadKeys, and rely on OEMCrypto to
read the 64 bytes. However, v15 will need the length of the enc_mac_keys
to reflect the true size.
Test: tested as part of http://go/ag/5501993
Bug: 115874964
Change-Id: Id76e91feb176755467c0433e6b0e87d2bb221033
Merge from master branch of Widevine repo of http://go/wvgerrit/66073
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/64083
As part of the update to v15, LoadKeys, RefreshKeys, and
LoadEntitledContentKeys should all use offsets and lengths into the
message rather than a pointer for its parameters. The CDM, tests,
adapters, and OEMCrypto implementations are changed to reflect this.
Test: tested as part of http://go/ag/5501993
Bug: 115874964
Change-Id: I981fa322dec7c565066fd163ca5775dbff71fccf
Merge from master branch of Widevine repo of http://go/wvgerrit/66072
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63764
This adds the function OEMCrypto_ResourceRatingTier to the oemcrypto referenece
code, dynamic adapter, and unit tests.
Bug: 117110800
Test: tested as part of http://go/ag/5501993
Change-Id: Idf47af405f0c69601108b75c788a97b30abdb39d
Merge from master branch of Widevine repo of http://go/wvgerrit/66070
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63662
To make the threading model more clear, CopyBuffer is now a session function.
This means we need to pass in which session the current thread locks.
Test: unit tests.
Test: tested as part of http://go/ag/5501993
Bug: 113680369
Change-Id: I2fdd2cfcaab99f3793950b3845941463675f5e4c
Merge from master branch of Widevine repo of http://go/wvgerrit/66066
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63628
The error code OEMCrypto_KEY_NOT_LOADED is redundant with
OEMCrypto_ERROR_NO_CONTENT_KEY and OEMCrypto_KEY_NOT_ENTITLED. The
function LoadEntitledContentKey should return KEY_NOT_ENTITLED if it
does not find the corresponding entitlement key in its key table. All
other functions that do not find a key id in the key table should
return OEMCrypto_ERROR_NO_CONTENT_KEY. This includes QueryKeyControl,
SelectKey, and RefreshKeys.
Test: unit tests
Test: tested as part of http://go/ag/5501993
Bug: 115574797
Change-Id: Ida2111f32e331b99f3f0c77fa404a42654d0870c
Merge from master branch of Widevine repo of http://go/wvgerrit/66065
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63080
This is for the reference code, the unit tests, and the oemcrypto adapter.
Bug: 116414218
Test: unit tests
Test: tested as part of http://go/ag/5501993
Change-Id: I05a631f6cfcf1584a748b3a0c9ae48633893589f
Merge from master branch of Widevine repo of http://go/wvgerrit/66064
Merge from oemcrypto-v15 branch of Widevine repo of http://go/wvgerrit/63063
This is in the reference code for OEMCrypto, and in the unit tetss.
Bug: 111939411
Test: unit tests
Test: tested as part of http://go/ag/5501993
Change-Id: I2cc2e7028f62d1c375eb632452eef94566fa9ae3
(This is a merge of http://go/wvgerrit/65782)
We have had our own scoped_ptr implementation that is used throughout
the codebase. Now that we support C++11, we can replace these with
std::unique_ptr.
Doing this replacement exposed a few places where the two were not
interchangeable. OEMCrypto Ref was doing some unsafe things with passing
scoped_ptrs to functions and has been updated to use move semantics. And
a few constructors were explicitly constructing a scoped_ptr with NULL,
which is ambiguous with std::unique_ptr. These have been replaced with
default constructor calls.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I37d6d7aad4906709381c74f0c5439f826d2be768
(This is a merge of http://go/wvgerrit/65783)
Straightforward patch to replace our shared_ptr implementation with
std::shared_ptr, which works identically for all our use cases.
Bug: 111851141
Test: CE CDM Unit Tests
Test: Android Unit Tests
Change-Id: I9e8624dd3cab70a45941a45eb553c1ea0c077d2f
(This is a merge of http://go/wvgerrit/62780)
The EME spec requires that it be possible to do the following flow:
1) Generate a release request for a persistent session.
2) Close the session.
3) Load the persistent session.
4) Update the session with the release response.
This flow is used by Netflix in their API as well. However, our code did
not support this flow, as it rejected attempts to reload
partially-released sessions.
This patch changes attempts to load sessions that have already had
release messages generated into release-retry reloads, allowing them to
be released.
Bug: 113167010
Test: CE CDM Unit Tests
Test: Android CDM Unit Tests
Change-Id: I75bb7c75911e0fad1584bd8dd27f83c17f73bf45
(This is a merge of http://go/wvgerrit/60620)
The license code handles keys larger than 16 bytes correctly, but it
does not properly reject keys smaller than 16 bytes.
This patch adds unit tests not only for the new error case but also
the existing success cases which were not previously being tested. As
part of this, license_unittest was changed to use a Test Peer instead
of making the test fixture a friend class.
Bug: 111069024
Test: CE CDM unit tests
Test: Android unit tests
Change-Id: Idb2deb6fbe0aeb19b530f9818bebff480541f5c8
This log message was printed if initialization data was
not provided, which is actually not an error condition.
bug:116045153
Change-Id: I5597286ddf33d5b6c17f69f9a6a7cdba469b46b6
[ Merge of http://go/wvgerrit/60240 ]
Since the method is not a general purpose check and only verifies that
the key can be used for a given security level the method
has been renamed PolicyEngine::CanUseKeyForSecurityLevel.
Bug: 115701771
Test: WV unit/integration tests
Change-Id: Icd6789538bb709d2a48c67bbd7bc810f4b000e14
Merge from Widevine repo of http://go/wvgerrit/55462
Instead of calling dlclose on liboemcrypto.so after each terminate,
this CL keeps the library loaded. Although the original bug
b/72831885 has been fixed, there is still some lingering worry about
possible hard-to-find resource leaks in dlclose.
For more context, see the discussion around the original bug
b/72831885. The fix that closed this bug has more discussion:
https://boringssl-review.googlesource.com/c/boringssl/+/25784 In
particular, we only fixed a known resource leak in boringssl, not in
any other libraries, and we added a patch that the borringssl team was
not very happy to include because it was not very thread safe.
bug: http://b/72831885 d2i_PKCS8_PRIV_KEY_INFO_bio returns null
test: unit tests on taimen.
Change-Id: I73b5e69bf300e03fe567b8e7e1d8e0e08b6bca37
Merge from Widevine repo of http://go/wvgerrit/55461
This CL allows provisioning 3.0 devices to install their OEM certs
from an initialization partition. This method is already used for
keyboxes on Android -- we are just adding the ability to use it for
OEM certs, also.
Also, for v15, we require OEMCrypto to report a valid certificate in
the unit tests.
bug: 111725154
test: unit tests
Change-Id: I142c84a1a67bdb4cee943cfd12a632421901eb24
Merge from Widevine repo of http://go/wvgerrit/57720
Now that we have oemcrypto mock split into reference and testbed code, it is
time to remove the part of testbed that is an exact copy of the reference code
and just use the reference code.
Test: unit tests
Bug: 76393338
Change-Id: I3831a3f0118221c21ff1c28e6b6101b27b889012
Merge from Widevine repo of http://go/wvgerrit/56523
In OEMCrypto v14, SelectKey can also return KEY_NOT_LOADED if the key
id is not found. This was added to help with entitlement licenses.
However, SelectKey in crypto session converts this to an unknown
error.
In this CL we change that to a NO_CONTENT_KEY_3 error. This is
probably only important because the generic crypto tests expect
NO_CONTENT_KEY_3 when we try to use an undefined key.
Test: existing unit tests pass, and some future unit tests pass.
Bug: 72354901 Turn on generic crypto tests
Change-Id: I3c0b7e6306cafd3feabc8aac7e47983c89194a26
Merge from Widevine repo of http://go/wvgerrit/56520
This CL adds a test base that installs a test keybox and catches nonce
flood errors for all CDM tests.
In order to do this, a new class is added called a
CryptoSessionFactory. The default factory just creates a new
CryptoSession. All places in the code that create a new CryptoSession
now call the static method MakeCryptoSession, which uses the current
factory to create a CryptoSession. If MakeCryptoSession is called and
there is no current factory, a default factory is created.
The CryptoSession constructor is now private, so that we do not
accidentally try to create one without using the factory.
For the new test base, we first create a special test
CryptoSessionFactory that creates a TestCryptoSession. The test
factory catches the first call to MakeCryptoSession and injects an
installation of the test keybox after OEMCrypto_Initialize is called.
The TestCryptoSession injects a sleep statement and a retry whenever
it detects a nonce flood.
Test: current unit tests still pass.
bug: 72354901 Fix Generic Crypto tests.
bug: 111361440 Remove #ifdef from unit tests
Change-Id: I248e7f3c53721c04d2af412ef835e19bb4d15d9a
Merge from Widevine repo of http://go/wvgerrit/55620
There were two places that explicitly referenced BoringSSL instead of
OpenSSL. (Not counting, of course, all the BoringSSL functions and
headers that still have "OpenSSL" in their names.) This change fixes one
to mention either library and the other to specifically mention
BoringSSL.
Bug: 70636815
Test: CE CDM Unit Tests
Change-Id: I8703e1c427c66953fcc565a4f8f85093c7180f46
Merge from Widevine repo of http://go/wvgerrit/56760
This CL backs out one restriction added in http://go/wvgerrit/42941.
In that CL, a sample would not be processed if the policy engine says
the key cannot be used for a given security level. The change relaxes
the check and does not run the verification if the sample is clear.
Bug: 112113797
Bug: 115758660
Test: GTS tests. Unit tests. Verified Play movies and Netflix.
Test: version number unit tests fail as expected.
Change-Id: I5238745c3d3d7f0eb7fae203f4579e8df4d0681b
