Merges to android Pi release (part: 1)

Below are a set of CLs being merged from the wv cdm repo to the android repo. * Fix handling of OEM Cert public key. Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/27921 ] This is a potential fix for b/36656190. Set aside public key on first call to get the public key, and use it afterwards. This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(), which has side-effect of staging the OEM private key. This also fixes a problem where the public cert string was not being trimmed to match the size returned by OEMCrypto_GetOEMPublicCertificate(). * Complete provisioning request/response for Provisioning 3.0 Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/27780 ] Fix bug on provisioning request path where GenerateDerivedKeys() was being called when preparing to generate the signature. Add message signature verification, and call correct OEMCrypto routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30). * Implement Cdm::deleteAllUsageRecords() Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/27780 ] Delete all usage records for current origin. Removes usage records from file system and retains the PSTs. The deletes any usage entries matching those PSTs held by OEMCrypto. BUG: 35319024 * Remove stringencoders library from third_party. Author: Jacob Trimble <modmaker@google.com> [ Merge of http://go/wvgerrit/27585 ] We have a fork of the stringencoders library that we use for base64 encoding. This reimplements base64 encoding to remove the extra dependency and to reduce the amount of code. * Add Cdm::deleteUsageRecord() based on key_set_id. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/27605 ] Delete specified usage record from file system usage info and from OEMCrypto. BUG: 35319024 * Modifiable OEMCrypto Author: Fred Gylys-Colwell <fredgc@google.com> [ Merge of http://go/wvgerrit/24729 ] This CL adds a new variant of the OEMCrypto mock code that adjusts its behavior based on a configuration file. This is intended for testing. For example, a tester can set current_hdcp to 2 in the options.txt file, push it to the device, and verify that a license is granted for HDCP 2.0. Then the tester can edit the value of current_hdcp to 1 and push the file to the device. Playback should stop because the license is no longer valid. This variant uses a real level 1 liboemcrypto.so to push data to a secure buffer. That means we can test playback for a license that requires secure buffers on an Android device with real secure buffers. BUG: 35141278 BUG: 37353534 BUG: 71650075 Test: Not currently passing. Will be addressed in a subsequent commit in the chain. Change-Id: I58443c510919e992bb455192e70373490a00e2b6
2018-01-05 17:05:18 -08:00
parent e34f83cdce
commit 0419b55222
120 changed files with 5402 additions and 6827 deletions
--- a/libwvdrmengine/cdm/core/include/cdm_engine.h
+++ b/libwvdrmengine/cdm/core/include/cdm_engine.h
@@ -3,20 +3,21 @@
 #ifndef WVCDM_CORE_CDM_ENGINE_H_
 #define WVCDM_CORE_CDM_ENGINE_H_

+#include <memory>
 #include <string>
 #include <vector>

+#include "cdm_session_map.h"
 #include "certificate_provisioning.h"
 #include "clock.h"
 #include "crypto_session.h"
 #include "file_store.h"
 #include "initialization_data.h"
 #include "lock.h"
-#include "metrics_collections.h"
 #include "oemcrypto_adapter.h"
 #include "scoped_ptr.h"
-#include "timer_metric.h"
 #include "service_certificate.h"
+#include "timer_metric.h"
 #include "wv_cdm_constants.h"
 #include "wv_cdm_types.h"

@@ -28,11 +29,9 @@ class CryptoEngine;
 class UsagePropertySet;
 class WvCdmEventListener;

-typedef std::map<CdmSessionId, CdmSession*> CdmSessionMap;
-typedef std::map<
-    CdmKeySetId,
-    std::pair<CdmSessionId, int64_t /* expiration time in seconds */> >
-    CdmReleaseKeySetMap;
+// Keep expiration time for each key set
+typedef std::map<CdmKeySetId,
+                 std::pair<CdmSessionId, int64_t> > CdmReleaseKeySetMap;

 class CdmEngine {
 public:
@@ -91,26 +90,7 @@ class CdmEngine {
      const CdmSessionId& session_id, const CdmKeySetId& key_set_id,
      const InitializationData& init_data, const CdmLicenseType license_type,
      CdmAppParameterMap& app_parameters, CdmKeyRequest* key_request);
-  // This API may
-  // (a) accept license response, extract key info and load keys.
-  // (b) accept a renewal response and update license policy information.
-  // (c) accept a release response and release an offline license or secure
-  //     stop.
-  // (d) accept a service certificate and cache that information for the
-  //     the lifetime of the session.
-  //
-  // |session_id| identifies the session that generated the request and can
-  //              process the response. Should be empty if a release response.
-  // |key_data| is the license, renewal, release response or service
-  //            certificate response.
-  // |key_set_id| should be non-null and specified if license release.
-  //              If offline license or streaming license associated with
-  //              a secure stop, |key_set_id| should be non-null and will
-  //              be filled in on return. Use the |key_set_id| with
-  //              RestoreKeys (to reload offline session) or
-  //              GenerateKeyRequest (to release offline session/secure stop).
-  //              |key_set_id| will be cleared if release or streaming
-  //              (not associated with a secure stop).
+  // Accept license response and extract key info.
  virtual CdmResponseType AddKey(const CdmSessionId& session_id,
                                 const CdmKeyResponse& key_data,
                                 CdmKeySetId* key_set_id);
@@ -178,25 +158,46 @@ class CdmEngine {
  // system. This will force the device to reprovision itself.
  virtual CdmResponseType Unprovision(CdmSecurityLevel security_level);

+  // Delete OEMCrypto usage tables. Used by Unprovision().
+  virtual CdmResponseType DeleteUsageTable(CdmSecurityLevel security_level);
+
  // Return the list of key_set_ids stored on the current (origin-specific)
  // file system.
  virtual CdmResponseType ListStoredLicenses(
      CdmSecurityLevel security_level, std::vector<std::string>* key_set_ids);

-  // Delete OEMCrypto usage tables. Used by Unprovision().
-  CdmResponseType DeleteUsageTable(CdmSecurityLevel security_level);
+  // Return the list of key_set_ids stored as usage records on the
+  // current (origin-specific) file system.
+  virtual CdmResponseType ListUsageRecords(
+      const std::string& app_id, CdmSecurityLevel security_level,
+      std::vector<std::string>* ksids);
+
+  // Delete the usage record for the given key_set_id. This removes the
+  // usage record in the file system and the OEMCrypto usage record.
+  virtual CdmResponseType DeleteUsageRecord(const std::string& app_id,
+                                            CdmSecurityLevel security_level,
+                                            const std::string& key_set_id);

  // Usage related methods for streaming licenses
  // Retrieve a random usage info from the list of all usage infos for this app
  // id.
  virtual CdmResponseType GetUsageInfo(const std::string& app_id,
                                       CdmUsageInfo* usage_info);
+
  // Retrieve the usage info for the specified pst.
  // Returns UNKNOWN_ERROR if no usage info was found.
  virtual CdmResponseType GetUsageInfo(const std::string& app_id,
                                       const CdmSecureStopId& ssid,
                                       CdmUsageInfo* usage_info);
+
+  // Release all usage records for the current origin.
+  virtual CdmResponseType ReleaseAllUsageInfo(const std::string& app_id,
+                                              CdmSecurityLevel security_level);
+
+  // Release all usage records for the current origin. Span all
+  // security levels.
  virtual CdmResponseType ReleaseAllUsageInfo(const std::string& app_id);
+
  virtual CdmResponseType ReleaseUsageInfo(
      const CdmUsageInfoReleaseMessage& message);
  virtual CdmResponseType LoadUsageSession(const CdmKeySetId& key_set_id,
@@ -236,7 +237,7 @@ class CdmEngine {
                                        CdmSigningAlgorithm algorithm,
                                        const std::string& signature);

-  virtual size_t SessionSize() const { return sessions_.size(); }
+  virtual size_t SessionSize() const { return session_map_.Size(); }

  // Is the key known to any session?
  virtual bool IsKeyLoaded(const KeyId& key_id);
@@ -256,7 +257,7 @@ class CdmEngine {
  // dead lock.
  virtual void OnTimerEvent();

-  virtual metrics::EngineMetrics* GetMetrics() { return &metrics_; }
+  virtual metrics::MetricsGroup* GetMetrics() { return &metrics_; }

 private:
  // private methods
@@ -279,7 +280,6 @@ class CdmEngine {

  // instance variables

-
  /*
   * The metrics group must be the first variable declared to ensure
   * that it is the last member destroyed so that no child members
@@ -287,10 +287,10 @@ class CdmEngine {
   * ensure that all data has been properly recorded in the group before
   * it is published.
   */
-  metrics::EngineMetrics metrics_;
+  metrics::MetricsGroup metrics_;
  metrics::TimerMetric life_span_;

-  CdmSessionMap sessions_;
+  CdmSessionMap session_map_;
  CdmReleaseKeySetMap release_key_sets_;
  scoped_ptr<CertificateProvisioning> cert_provisioning_;
  SecurityLevel cert_provisioning_requested_security_level_;
@@ -311,14 +311,7 @@ class CdmEngine {
  scoped_ptr<UsagePropertySet> usage_property_set_;
  int64_t last_usage_information_update_time_;

-  // Locks the list of sessions, |sessions_|, for the event timer.  It will be
-  // locked in OpenSession, CloseSession. It is also locked in OnTimerEvent and
-  // OnKeyReleaseEvent while the list of event listeners is being generated.
-  // The layer above the CDM implementation is expected to handle thread
-  // synchronization to make sure other functions that access sessions do not
-  // occur simultaneously with OpenSession or CloseSession.
-  Lock session_list_lock_;
-
+  // Protect release_key_sets_ from non-thread-safe operations.
  Lock release_key_sets_lock_;

  CORE_DISALLOW_COPY_AND_ASSIGN(CdmEngine);