Migration from jb-mr2 to master for Widevine CDM
Android development of the widevine CDM has been done on the jb-mr2 branch of the cdm code base. This CL contains a merge of that jb-mr2 work to CDM master, and also reflects the evolution of the common Modular DRM code base since jb-mr2 branched. Change-Id: I1d7e1a12d092c00044a4298261146cb97808d4ef
This commit is contained in:
Jeff Tinker
@@ -7,87 +7,67 @@
|
||||
#include <sstream>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include "clock.h"
|
||||
#include "cdm_engine.h"
|
||||
#include "crypto_engine.h"
|
||||
#include "clock.h"
|
||||
#include "crypto_session.h"
|
||||
#include "device_files.h"
|
||||
#include "file_store.h"
|
||||
#include "log.h"
|
||||
#include "openssl/sha.h"
|
||||
#include "properties.h"
|
||||
#include "string_conversions.h"
|
||||
#include "wv_cdm_constants.h"
|
||||
#include "wv_cdm_event_listener.h"
|
||||
|
||||
namespace {
|
||||
const size_t kKeySetIdLength = 14;
|
||||
} // namespace
|
||||
|
||||
namespace wvcdm {
|
||||
|
||||
typedef std::set<WvCdmEventListener*>::iterator CdmEventListenerIter;
|
||||
|
||||
CdmResponseType CdmSession::Init() {
|
||||
CryptoEngine* crypto_engine = CryptoEngine::GetInstance();
|
||||
if (!crypto_engine) {
|
||||
LOGE("CdmSession::Init failed to get CryptoEngine instance.");
|
||||
return UNKNOWN_ERROR;
|
||||
}
|
||||
|
||||
crypto_session_ = crypto_engine->CreateSession(session_id_);
|
||||
if (!crypto_session_) {
|
||||
LOGE("CdmSession::Init crypto session creation failure");
|
||||
return UNKNOWN_ERROR;
|
||||
}
|
||||
scoped_ptr<CryptoSession> session(new CryptoSession());
|
||||
if (!session->Open()) return UNKNOWN_ERROR;
|
||||
|
||||
std::string token;
|
||||
if (Properties::use_certificates_as_identification()) {
|
||||
if (!LoadDeviceCertificate(&token, &wrapped_key_)) {
|
||||
LOGE("CdmSession::Init provisioning needed");
|
||||
return NEED_PROVISIONING;
|
||||
}
|
||||
}
|
||||
else {
|
||||
if (!crypto_engine->GetToken(&token)) {
|
||||
LOGE("CdmSession::Init token retrieval failure");
|
||||
return UNKNOWN_ERROR;
|
||||
}
|
||||
if (!LoadDeviceCertificate(&token, &wrapped_key_)) return NEED_PROVISIONING;
|
||||
} else {
|
||||
if (!session->GetToken(&token)) return UNKNOWN_ERROR;
|
||||
}
|
||||
|
||||
if (license_parser_.Init(token, crypto_session_, &policy_engine_))
|
||||
return NO_ERROR;
|
||||
else
|
||||
if (!license_parser_.Init(token, session.get(), &policy_engine_))
|
||||
return UNKNOWN_ERROR;
|
||||
}
|
||||
|
||||
CdmResponseType CdmSession::ReInit() {
|
||||
DestroySession();
|
||||
return Init();
|
||||
}
|
||||
|
||||
bool CdmSession::DestroySession() {
|
||||
if (crypto_session_) {
|
||||
delete crypto_session_;
|
||||
crypto_session_ = NULL;
|
||||
}
|
||||
return true;
|
||||
crypto_session_.reset(session.release());
|
||||
license_received_ = false;
|
||||
reinitialize_session_ = false;
|
||||
return NO_ERROR;
|
||||
}
|
||||
|
||||
CdmResponseType CdmSession::RestoreOfflineSession(
|
||||
const CdmKeySetId& key_set_id,
|
||||
const CdmLicenseType license_type) {
|
||||
const CdmKeySetId& key_set_id, const CdmLicenseType license_type) {
|
||||
key_set_id_ = key_set_id;
|
||||
|
||||
// Retrieve license information from persistent store
|
||||
File file;
|
||||
DeviceFiles handle;
|
||||
if (!handle.Init(&file)) return UNKNOWN_ERROR;
|
||||
|
||||
DeviceFiles::LicenseState license_state;
|
||||
|
||||
if (!DeviceFiles::RetrieveLicense(key_set_id, &license_state,
|
||||
&offline_pssh_data_,
|
||||
&offline_key_request_,
|
||||
&offline_key_response_,
|
||||
&offline_key_renewal_request_,
|
||||
&offline_key_renewal_response_,
|
||||
&offline_release_server_url_)) {
|
||||
if (!handle.RetrieveLicense(key_set_id, &license_state, &offline_pssh_data_,
|
||||
&offline_key_request_, &offline_key_response_,
|
||||
&offline_key_renewal_request_,
|
||||
&offline_key_renewal_response_,
|
||||
&offline_release_server_url_)) {
|
||||
LOGE("CdmSession::Init failed to retrieve license. key set id = %s",
|
||||
key_set_id.c_str());
|
||||
key_set_id.c_str());
|
||||
return UNKNOWN_ERROR;
|
||||
}
|
||||
|
||||
if (license_state != DeviceFiles::kLicenseStateActive) {
|
||||
if (license_state != DeviceFiles::kLicenseStateActive) {
|
||||
LOGE("CdmSession::Init invalid offline license state = %s", license_state);
|
||||
return UNKNOWN_ERROR;
|
||||
}
|
||||
@@ -117,21 +97,18 @@ bool CdmSession::VerifySession(const CdmKeySystem& key_system,
|
||||
}
|
||||
|
||||
CdmResponseType CdmSession::GenerateKeyRequest(
|
||||
const CdmInitData& init_data,
|
||||
const CdmLicenseType license_type,
|
||||
const CdmAppParameterMap& app_parameters,
|
||||
CdmKeyMessage* key_request,
|
||||
const CdmInitData& init_data, const CdmLicenseType license_type,
|
||||
const CdmAppParameterMap& app_parameters, CdmKeyMessage* key_request,
|
||||
std::string* server_url) {
|
||||
|
||||
if (reinitialize_session_) {
|
||||
CdmResponseType sts = ReInit();
|
||||
CdmResponseType sts = Init();
|
||||
if (sts != NO_ERROR) {
|
||||
LOGW("CdmSession::GenerateKeyRequest: Reinitialization failed");
|
||||
return sts;
|
||||
}
|
||||
reinitialize_session_ = false;
|
||||
}
|
||||
|
||||
if (!crypto_session_) {
|
||||
if (crypto_session_.get() == NULL) {
|
||||
LOGW("CdmSession::GenerateKeyRequest: Invalid crypto session");
|
||||
return UNKNOWN_ERROR;
|
||||
}
|
||||
@@ -145,17 +122,23 @@ CdmResponseType CdmSession::GenerateKeyRequest(
|
||||
|
||||
if (license_type_ == kLicenseTypeRelease) {
|
||||
return GenerateReleaseRequest(key_request, server_url);
|
||||
}
|
||||
else if (license_received_) { // renewal
|
||||
return Properties::require_explicit_renew_request() ?
|
||||
UNKNOWN_ERROR : GenerateRenewalRequest(key_request, server_url);
|
||||
}
|
||||
else {
|
||||
CdmInitData pssh_data;
|
||||
if (!CdmEngine::ExtractWidevinePssh(init_data, &pssh_data)) {
|
||||
} else if (license_received_) { // renewal
|
||||
return Properties::require_explicit_renew_request()
|
||||
? UNKNOWN_ERROR
|
||||
: GenerateRenewalRequest(key_request, server_url);
|
||||
} else {
|
||||
if (init_data.empty()) {
|
||||
LOGW("CdmSession::GenerateKeyRequest: init data absent");
|
||||
return KEY_ERROR;
|
||||
}
|
||||
|
||||
CdmInitData pssh_data = init_data;
|
||||
if (Properties::extract_pssh_data()) {
|
||||
if (!CdmEngine::ExtractWidevinePssh(init_data, &pssh_data)) {
|
||||
return KEY_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
if (Properties::use_certificates_as_identification()) {
|
||||
if (!crypto_session_->LoadCertificatePrivateKey(wrapped_key_)) {
|
||||
reinitialize_session_ = true;
|
||||
@@ -163,11 +146,8 @@ CdmResponseType CdmSession::GenerateKeyRequest(
|
||||
}
|
||||
}
|
||||
|
||||
if (!license_parser_.PrepareKeyRequest(pssh_data,
|
||||
license_type,
|
||||
app_parameters,
|
||||
key_request,
|
||||
server_url)) {
|
||||
if (!license_parser_.PrepareKeyRequest(
|
||||
pssh_data, license_type, app_parameters, key_request, server_url)) {
|
||||
return KEY_ERROR;
|
||||
}
|
||||
|
||||
@@ -182,10 +162,9 @@ CdmResponseType CdmSession::GenerateKeyRequest(
|
||||
}
|
||||
|
||||
// AddKey() - Accept license response and extract key info.
|
||||
CdmResponseType CdmSession::AddKey(
|
||||
const CdmKeyResponse& key_response,
|
||||
CdmKeySetId* key_set_id) {
|
||||
if (!crypto_session_) {
|
||||
CdmResponseType CdmSession::AddKey(const CdmKeyResponse& key_response,
|
||||
CdmKeySetId* key_set_id) {
|
||||
if (crypto_session_.get() == NULL) {
|
||||
LOGW("CdmSession::AddKey: Invalid crypto session");
|
||||
return UNKNOWN_ERROR;
|
||||
}
|
||||
@@ -197,25 +176,32 @@ CdmResponseType CdmSession::AddKey(
|
||||
|
||||
if (license_type_ == kLicenseTypeRelease) {
|
||||
return ReleaseKey(key_response);
|
||||
}
|
||||
else if (license_received_) { // renewal
|
||||
return Properties::require_explicit_renew_request() ?
|
||||
UNKNOWN_ERROR : RenewKey(key_response);
|
||||
}
|
||||
else {
|
||||
} else if (license_received_) { // renewal
|
||||
return Properties::require_explicit_renew_request()
|
||||
? UNKNOWN_ERROR
|
||||
: RenewKey(key_response);
|
||||
} else {
|
||||
CdmResponseType sts = license_parser_.HandleKeyResponse(key_response);
|
||||
|
||||
if (sts != KEY_ADDED)
|
||||
return sts;
|
||||
if (sts != KEY_ADDED) return sts;
|
||||
|
||||
license_received_ = true;
|
||||
|
||||
if (license_type_ == kLicenseTypeOffline) {
|
||||
offline_key_response_ = key_response;
|
||||
key_set_id_ = GenerateKeySetId(offline_pssh_data_);
|
||||
if (!StoreLicense(true)) {
|
||||
if (!GenerateKeySetId(&key_set_id_)) {
|
||||
LOGE("CdmSession::AddKey: Unable to generate key set Id");
|
||||
return UNKNOWN_ERROR;
|
||||
}
|
||||
|
||||
if (!StoreLicense(DeviceFiles::kLicenseStateActive)) {
|
||||
LOGE("CdmSession::AddKey: Unable to store license");
|
||||
ReInit();
|
||||
CdmResponseType sts = Init();
|
||||
if (sts != NO_ERROR) {
|
||||
LOGW("CdmSession::AddKey: Reinitialization failed");
|
||||
return sts;
|
||||
}
|
||||
|
||||
key_set_id_.clear();
|
||||
return UNKNOWN_ERROR;
|
||||
}
|
||||
@@ -231,7 +217,7 @@ CdmResponseType CdmSession::QueryKeyStatus(CdmQueryMap* key_info) {
|
||||
}
|
||||
|
||||
CdmResponseType CdmSession::QueryKeyControlInfo(CdmQueryMap* key_info) {
|
||||
if ((!crypto_session_) || (!crypto_session_->IsOpen()))
|
||||
if (crypto_session_.get() == NULL || !crypto_session_->IsOpen())
|
||||
return UNKNOWN_ERROR;
|
||||
|
||||
std::stringstream ss;
|
||||
@@ -248,17 +234,12 @@ CdmResponseType CdmSession::CancelKeyRequest() {
|
||||
}
|
||||
|
||||
// Decrypt() - Accept encrypted buffer and return decrypted data.
|
||||
CdmResponseType CdmSession::Decrypt(bool is_encrypted,
|
||||
bool is_secure,
|
||||
const KeyId& key_id,
|
||||
const uint8_t* encrypt_buffer,
|
||||
size_t encrypt_length,
|
||||
const std::vector<uint8_t>& iv,
|
||||
size_t block_offset,
|
||||
void* decrypt_buffer,
|
||||
size_t decrypt_buffer_offset,
|
||||
bool is_video) {
|
||||
if (!crypto_session_ || !crypto_session_->IsOpen())
|
||||
CdmResponseType CdmSession::Decrypt(
|
||||
bool is_encrypted, bool is_secure, const KeyId& key_id,
|
||||
const uint8_t* encrypt_buffer, size_t encrypt_length,
|
||||
const std::vector<uint8_t>& iv, size_t block_offset, void* decrypt_buffer,
|
||||
size_t decrypt_buffer_offset, bool is_video) {
|
||||
if (crypto_session_.get() == NULL || !crypto_session_->IsOpen())
|
||||
return UNKNOWN_ERROR;
|
||||
|
||||
// Check if key needs to be selected
|
||||
@@ -266,17 +247,15 @@ CdmResponseType CdmSession::Decrypt(bool is_encrypted,
|
||||
if (key_id_.compare(key_id) != 0) {
|
||||
if (crypto_session_->SelectKey(key_id)) {
|
||||
key_id_ = key_id;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return NEED_KEY;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return crypto_session_->Decrypt(is_encrypted, is_secure, encrypt_buffer,
|
||||
encrypt_length, iv, block_offset,
|
||||
decrypt_buffer, decrypt_buffer_offset,
|
||||
is_video);
|
||||
return crypto_session_->Decrypt(
|
||||
is_encrypted, is_secure, encrypt_buffer, encrypt_length, iv, block_offset,
|
||||
decrypt_buffer, decrypt_buffer_offset, is_video);
|
||||
}
|
||||
|
||||
// License renewal
|
||||
@@ -295,37 +274,34 @@ CdmResponseType CdmSession::GenerateRenewalRequest(CdmKeyMessage* key_request,
|
||||
|
||||
// RenewKey() - Accept renewal response and update key info.
|
||||
CdmResponseType CdmSession::RenewKey(const CdmKeyResponse& key_response) {
|
||||
CdmResponseType sts = license_parser_.HandleKeyUpdateResponse(true,
|
||||
key_response);
|
||||
if (sts != KEY_ADDED)
|
||||
return sts;
|
||||
CdmResponseType sts =
|
||||
license_parser_.HandleKeyUpdateResponse(true, key_response);
|
||||
if (sts != KEY_ADDED) return sts;
|
||||
|
||||
if (license_type_ == kLicenseTypeOffline) {
|
||||
offline_key_renewal_response_ = key_response;
|
||||
if (!StoreLicense(true))
|
||||
return UNKNOWN_ERROR;
|
||||
if (!StoreLicense(DeviceFiles::kLicenseStateActive)) return UNKNOWN_ERROR;
|
||||
}
|
||||
return KEY_ADDED;
|
||||
}
|
||||
|
||||
CdmResponseType CdmSession::GenerateReleaseRequest(CdmKeyMessage* key_request,
|
||||
std::string* server_url) {
|
||||
if (license_parser_.PrepareKeyUpdateRequest(false, key_request,
|
||||
server_url)) {
|
||||
if (license_parser_.PrepareKeyUpdateRequest(false, key_request, server_url)) {
|
||||
// Mark license as being released
|
||||
if (!StoreLicense(false))
|
||||
return UNKNOWN_ERROR;
|
||||
|
||||
return KEY_MESSAGE;
|
||||
if (StoreLicense(DeviceFiles::kLicenseStateReleasing)) return KEY_MESSAGE;
|
||||
}
|
||||
return UNKNOWN_ERROR;
|
||||
}
|
||||
|
||||
// ReleaseKey() - Accept release response and release license.
|
||||
CdmResponseType CdmSession::ReleaseKey(const CdmKeyResponse& key_response) {
|
||||
CdmResponseType sts = license_parser_.HandleKeyUpdateResponse(false,
|
||||
key_response);
|
||||
DeviceFiles::DeleteLicense(key_set_id_);
|
||||
CdmResponseType sts =
|
||||
license_parser_.HandleKeyUpdateResponse(false, key_response);
|
||||
File file;
|
||||
DeviceFiles handle;
|
||||
if (handle.Init(&file)) handle.DeleteLicense(key_set_id_);
|
||||
|
||||
return sts;
|
||||
}
|
||||
|
||||
@@ -342,51 +318,51 @@ CdmSessionId CdmSession::GenerateSessionId() {
|
||||
return SESSION_ID_PREFIX + IntToString(++session_num);
|
||||
}
|
||||
|
||||
bool CdmSession::GenerateKeySetId(CdmKeySetId* key_set_id) {
|
||||
if (!key_set_id) {
|
||||
LOGW("CdmSession::GenerateKeySetId: key set id destination not provided");
|
||||
return false;
|
||||
}
|
||||
|
||||
CdmSessionId CdmSession::GenerateKeySetId(CdmInitData& pssh_data) {
|
||||
Clock clock;
|
||||
int64_t current_time = clock.GetCurrentTime();
|
||||
std::string key_set_id;
|
||||
std::vector<uint8_t> random_data(
|
||||
(kKeySetIdLength - sizeof(KEY_SET_ID_PREFIX)) / 2, 0);
|
||||
|
||||
while (key_set_id.empty()) {
|
||||
int random = rand();
|
||||
File file;
|
||||
DeviceFiles handle;
|
||||
if (!handle.Init(&file)) return false;
|
||||
|
||||
std::vector<uint8_t> hash(SHA256_DIGEST_LENGTH, 0);
|
||||
SHA256_CTX sha256;
|
||||
SHA256_Init(&sha256);
|
||||
SHA256_Update(&sha256, pssh_data.data(), pssh_data.size());
|
||||
SHA256_Update(&sha256, ¤t_time, sizeof(int64_t));
|
||||
SHA256_Update(&sha256, &random, sizeof(random));
|
||||
SHA256_Final(&hash[0], &sha256);
|
||||
for (int i = 0; i < SHA256_DIGEST_LENGTH; ++i) {
|
||||
hash[i%(SHA256_DIGEST_LENGTH/4)] ^= hash[i];
|
||||
}
|
||||
hash.resize(SHA256_DIGEST_LENGTH/4);
|
||||
key_set_id = KEY_SET_ID_PREFIX + b2a_hex(hash);
|
||||
while (key_set_id->empty()) {
|
||||
if (!crypto_session_->GetRandom(&random_data[0], random_data.size()))
|
||||
return false;
|
||||
|
||||
if (DeviceFiles::LicenseExists(key_set_id)) { // key set collision
|
||||
key_set_id.clear();
|
||||
*key_set_id = KEY_SET_ID_PREFIX + b2a_hex(random_data);
|
||||
|
||||
// key set collision
|
||||
if (handle.LicenseExists(*key_set_id)) {
|
||||
key_set_id->clear();
|
||||
}
|
||||
}
|
||||
return key_set_id;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool CdmSession::LoadDeviceCertificate(std::string* certificate,
|
||||
std::string* wrapped_key) {
|
||||
return DeviceFiles::RetrieveCertificate(certificate,
|
||||
wrapped_key);
|
||||
File file;
|
||||
DeviceFiles handle;
|
||||
if (!handle.Init(&file)) return false;
|
||||
|
||||
return handle.RetrieveCertificate(certificate, wrapped_key);
|
||||
}
|
||||
|
||||
bool CdmSession::StoreLicense(bool active) {
|
||||
DeviceFiles::LicenseState state = DeviceFiles::kLicenseStateReleasing;
|
||||
if (active)
|
||||
state = DeviceFiles::kLicenseStateActive;
|
||||
bool CdmSession::StoreLicense(DeviceFiles::LicenseState state) {
|
||||
File file;
|
||||
DeviceFiles handle;
|
||||
if (!handle.Init(&file)) return false;
|
||||
|
||||
return DeviceFiles::StoreLicense(key_set_id_, state, offline_pssh_data_,
|
||||
offline_key_request_, offline_key_response_,
|
||||
offline_key_renewal_request_,
|
||||
offline_key_renewal_response_,
|
||||
offline_release_server_url_);
|
||||
return handle.StoreLicense(
|
||||
key_set_id_, state, offline_pssh_data_, offline_key_request_,
|
||||
offline_key_response_, offline_key_renewal_request_,
|
||||
offline_key_renewal_response_, offline_release_server_url_);
|
||||
}
|
||||
|
||||
bool CdmSession::AttachEventListener(WvCdmEventListener* listener) {
|
||||
@@ -407,22 +383,16 @@ void CdmSession::OnTimerEvent() {
|
||||
if (event_occurred) {
|
||||
for (CdmEventListenerIter iter = listeners_.begin();
|
||||
iter != listeners_.end(); ++iter) {
|
||||
CdmSessionId id = (*iter)->session_id();
|
||||
if (id.empty() || (id.compare(session_id_) == 0)) {
|
||||
(*iter)->onEvent(session_id_, event);
|
||||
}
|
||||
(*iter)->onEvent(session_id_, event);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void CdmSession::OnKeyReleaseEvent(CdmKeySetId key_set_id) {
|
||||
if (key_set_id_.compare(key_set_id) == 0) {
|
||||
void CdmSession::OnKeyReleaseEvent(const CdmKeySetId& key_set_id) {
|
||||
if (key_set_id_ == key_set_id) {
|
||||
for (CdmEventListenerIter iter = listeners_.begin();
|
||||
iter != listeners_.end(); ++iter) {
|
||||
CdmSessionId id = (*iter)->session_id();
|
||||
if (id.empty() || (id.compare(session_id_) == 0)) {
|
||||
(*iter)->onEvent(session_id_, LICENSE_EXPIRED_EVENT);
|
||||
}
|
||||
iter != listeners_.end(); ++iter) {
|
||||
(*iter)->onEvent(session_id_, LICENSE_EXPIRED_EVENT);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user