Merges to android Pi release (part: 1)

Below are a set of CLs being merged from the wv cdm repo to the android repo. * Fix handling of OEM Cert public key. Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/27921 ] This is a potential fix for b/36656190. Set aside public key on first call to get the public key, and use it afterwards. This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(), which has side-effect of staging the OEM private key. This also fixes a problem where the public cert string was not being trimmed to match the size returned by OEMCrypto_GetOEMPublicCertificate(). * Complete provisioning request/response for Provisioning 3.0 Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/27780 ] Fix bug on provisioning request path where GenerateDerivedKeys() was being called when preparing to generate the signature. Add message signature verification, and call correct OEMCrypto routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30). * Implement Cdm::deleteAllUsageRecords() Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/27780 ] Delete all usage records for current origin. Removes usage records from file system and retains the PSTs. The deletes any usage entries matching those PSTs held by OEMCrypto. BUG: 35319024 * Remove stringencoders library from third_party. Author: Jacob Trimble <modmaker@google.com> [ Merge of http://go/wvgerrit/27585 ] We have a fork of the stringencoders library that we use for base64 encoding. This reimplements base64 encoding to remove the extra dependency and to reduce the amount of code. * Add Cdm::deleteUsageRecord() based on key_set_id. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/27605 ] Delete specified usage record from file system usage info and from OEMCrypto. BUG: 35319024 * Modifiable OEMCrypto Author: Fred Gylys-Colwell <fredgc@google.com> [ Merge of http://go/wvgerrit/24729 ] This CL adds a new variant of the OEMCrypto mock code that adjusts its behavior based on a configuration file. This is intended for testing. For example, a tester can set current_hdcp to 2 in the options.txt file, push it to the device, and verify that a license is granted for HDCP 2.0. Then the tester can edit the value of current_hdcp to 1 and push the file to the device. Playback should stop because the license is no longer valid. This variant uses a real level 1 liboemcrypto.so to push data to a secure buffer. That means we can test playback for a license that requires secure buffers on an Android device with real secure buffers. BUG: 35141278 BUG: 37353534 BUG: 71650075 Test: Not currently passing. Will be addressed in a subsequent commit in the chain. Change-Id: I58443c510919e992bb455192e70373490a00e2b6
2018-01-05 17:05:18 -08:00
parent e34f83cdce
commit 0419b55222
120 changed files with 5402 additions and 6827 deletions
--- a/libwvdrmengine/cdm/core/include/crypto_session.h
+++ b/libwvdrmengine/cdm/core/include/crypto_session.h
@@ -9,7 +9,7 @@

 #include "OEMCryptoCENC.h"
 #include "lock.h"
-#include "metrics_collections.h"
+#include "metrics_group.h"
 #include "oemcrypto_adapter.h"
 #include "timer_metric.h"
 #include "wv_cdm_types.h"
@@ -17,8 +17,6 @@
 namespace wvcdm {

 class CryptoKey;
-class UsageTableHeader;
-
 typedef std::map<CryptoKeyId, CryptoKey*> CryptoKeyMap;

 class CryptoSession {
@@ -36,10 +34,7 @@ class CryptoSession {
    bool rsa_cast;
  };

-  // Creates an instance of CryptoSession with the given |crypto_metrics|.
-  // |crypto_metrics| is owned by the caller, must NOT be null, and must
-  // exist as long as the new CryptoSession exists.
-  CryptoSession(metrics::CryptoMetrics* crypto_metrics);
+  CryptoSession(metrics::MetricsGroup* metrics);
  virtual ~CryptoSession();

  virtual bool GetClientToken(std::string* client_token);
@@ -83,6 +78,8 @@ class CryptoSession {
  virtual bool GenerateDerivedKeys(const std::string& message);
  virtual bool GenerateDerivedKeys(const std::string& message,
                                   const std::string& session_key);
+
+
  virtual bool RewrapCertificate(const std::string& signed_message,
                                 const std::string& signature,
                                 const std::string& nonce,
@@ -96,7 +93,7 @@ class CryptoSession {

  // Usage related methods
  virtual bool UsageInformationSupport(bool* has_support);
-  virtual CdmResponseType UpdateUsageInformation();  // only for OEMCrypto v9-12
+  virtual CdmResponseType UpdateUsageInformation();
  virtual CdmResponseType DeactivateUsageInformation(
      const std::string& provider_session_token);
  virtual CdmResponseType GenerateUsageReport(
@@ -148,9 +145,6 @@ class CryptoSession {
                                        const std::string& signature);

  // Usage table header and usage entry related methods
-  virtual UsageTableHeader* GetUsageTableHeader() {
-    return usage_table_header_;
-  }
  virtual CdmResponseType GetUsageSupportType(CdmUsageSupportType* type);
  virtual CdmResponseType CreateUsageTableHeader(
      CdmUsageTableHeader* usage_table_header);
@@ -165,28 +159,15 @@ class CryptoSession {
  virtual CdmResponseType ShrinkUsageTableHeader(
      uint32_t new_entry_count, CdmUsageTableHeader* usage_table_header);
  virtual CdmResponseType MoveUsageEntry(uint32_t new_entry_number);
-  virtual bool CreateOldUsageEntry(
-      uint64_t time_since_license_received,
-      uint64_t time_since_first_decrypt,
-      uint64_t time_since_last_decrypt,
-      UsageDurationStatus status,
-      const std::string& server_mac_key,
-      const std::string& client_mac_key,
-      const std::string& provider_session_token);
  virtual CdmResponseType CopyOldUsageEntry(
      const std::string& provider_session_token);
-  virtual metrics::CryptoMetrics* GetCryptoMetrics() { return metrics_; }

 private:
-  friend class CryptoSessionForTest;
-
  bool GetProvisioningMethod(CdmClientTokenType* token_type);
  void Init();
  void Terminate();
  bool GetTokenFromKeybox(std::string* token);
  bool GetTokenFromOemCert(std::string* token);
-  static bool ExtractSystemIdFromOemCert(const std::string& oem_cert,
-                                         uint32_t* system_id);
  void GenerateMacContext(const std::string& input_context,
                          std::string* deriv_context);
  void GenerateEncryptContext(const std::string& input_context,
@@ -234,12 +215,12 @@ class CryptoSession {
  static bool initialized_;
  static int session_count_;

-  metrics::CryptoMetrics* metrics_;
+  metrics::MetricsGroup* metrics_;
  metrics::TimerMetric life_span_;

  bool open_;
  CdmClientTokenType pre_provision_token_type_;
-  std::string oem_token_;  // Cached OEMCrypto Public Key
+  std::string oem_token_; // Cached OEMCrypto Public Key
  bool update_usage_table_after_close_session_;
  CryptoSessionId oec_session_id_;

@@ -249,11 +230,7 @@ class CryptoSession {

  KeyId cached_key_id_;

-  bool is_usage_support_type_valid_;
  CdmUsageSupportType usage_support_type_;
-  UsageTableHeader* usage_table_header_;
-  static UsageTableHeader* usage_table_header_l1_;
-  static UsageTableHeader* usage_table_header_l3_;

  uint64_t request_id_base_;
  static uint64_t request_id_index_;