Merges to android Pi release (part 8)

These are a set of CLs merged from the wv cdm repo to the android
	   repo.

* Android build fixes

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/36322 ]

* Address android compilation errors and warnings

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/36300 ]

* Gyp cleanup and OpenSSL v10.1 support.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/36001 ]

  OpenSSL 10.1 has a small number of incompatible changes.

  A desktop system upgrade exposed some issue in the build scripts.
  Specifically, the linux build was using both third_party/protobufs (2.6.1)
  and the version installed on the system (3.0 in this case). The linux
  cdm.gyp depended on cdm/cdm.gyp which caused that plus some
  additional issues.

  These changes are necessary to support g++ version:
    g++ (Debian 6.3.0-18) 6.3.0 20170516

  Also did some cosmetic rework on run_current_tests to make it easier
  to figure out what is going on when something fails.

  Also tweaked some of the compiler settings for g++ support (revisit
  this later).

* Refactored Service Certificate encryption to allow encryption of arbitrary data.

  Author: Thomas Inskip <tinskip@google.com>

  [ Merge of http://go/wvgerrit/36141 ]

* Send cdm test requests to UAT.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/36221 ]

  This change resolves the all of the
  CdmDecryptTest/CdmTestWithDecryptParam.DecryptToClearBuffer
  tests.

  The license servers will return different keys and keyids.
  Sending the request to staging returned key ids and keys that were
  not matching what was expected in the unit tests.

* Fix for building L3 OEMCrypto with clang and libc++

  Author: yucliu <yucliu@google.com>

  [ Merge of http://go/wvgerrit/35740 ]

  1. Include <time.h> for time(time_t*).
  2. Create endian check union on stack. Clang may create const union
  somewhere else, which may cause crash.

* Remove error result when a sublicense session does
  not exist. This is not considered an error.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/36080 ]

* Set default mock handler for GetSupportedCertificateTypes
  for all unit tests and removed the use of StrictMock from
  MockCryptoSession.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/35922 ]

  The handler for this was only set for one test and resulted
  in a number of failures.

* Set default handler for GetHdcpCapabilities. For
  now the default action is to call the real
  GetHdcpCapabilities of crypto_session.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/36140 ]

  I also changed the mock to a NiceMock to silence
  responses to unexpected calls to GetHdcpCapabilities.

  The default handler can be overridden as needed in
  the individual tests.

  This resolves the policy engine test failures.

* Finalize merge of cdm_partner_3.4 to master.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/35360 ]

  This is the final set of updates to merge all v3.4.1
  changes into master.

* Embedded license: Sublicense rotation.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/35360 ]

  Handle sublicense rotation event.

* Embedded license: Initial license phase.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/34280 ]

  Initial license phase - key loading subsession.

* Embedded license: generate session data.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/33722 ]

  Generate session data and add it to the license request for
  any embedded license material.

* Resolve missing symbol when building cd-cdm

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/35840 ]

* C++11: Replace OVERRIDE def with override keyword

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/35400 ]

BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
      commit in the chain.

Change-Id: I37d0cb17f255ac6389030047d616ad69f895748c

libwvdrmengine/cdm/core/include/crypto_session.h

@@ -11,6 +11,8 @@
 #include "lock.h"
 #include "metrics_collections.h"
 #include "oemcrypto_adapter.h"
+#include "OEMCryptoCENC.h"
+#include "scoped_ptr.h"
 #include "timer_metric.h"
 #include "wv_cdm_types.h"
 
@@ -22,6 +24,35 @@ class UsageTableHeader;
 typedef std::map<std::string, CryptoKey*> CryptoKeyMap;
 typedef std::map<std::string, CryptoSessionId> SubLicenseSessionMap;
 
+class KeySession {
+ protected:
+  KeySession(metrics::CryptoMetrics* metrics) : metrics_(metrics) {}
+
+ public:
+  typedef enum { kDefault, kSubLicense } KeySessionType;
+  virtual ~KeySession() {}
+  virtual KeySessionType Type() = 0;
+  virtual bool GenerateDerivedKeys(const std::string& message) = 0;
+  virtual bool GenerateDerivedKeys(const std::string& message,
+                                   const std::string& session_key) = 0;
+  virtual OEMCryptoResult LoadKeys(const std::string& message,
+                                   const std::string& signature,
+                                   const std::string& mac_key_iv,
+                                   const std::string& mac_key,
+                                   const std::vector<CryptoKey>& keys,
+                                   const std::string& provider_session_token,
+                                   CdmCipherMode* cipher_mode,
+                                   const std::string& srm_requirement) = 0;
+  virtual OEMCryptoResult SelectKey(const std::string& key_id) = 0;
+  virtual OEMCryptoResult Decrypt(
+      const CdmDecryptionParameters& params,
+      OEMCrypto_DestBufferDesc& buffer_descriptor,
+      OEMCrypto_CENCEncryptPatternDesc& pattern_descriptor) = 0;
+
+ protected:
+  metrics::CryptoMetrics* metrics_;
+};
+
 class CryptoSession {
  public:
   typedef OEMCrypto_HDCP_Capability HdcpCapability;
@@ -84,8 +115,6 @@ class CryptoSession {
   virtual bool GenerateDerivedKeys(const std::string& message);
   virtual bool GenerateDerivedKeys(const std::string& message,
                                    const std::string& session_key);
-
-
   virtual bool RewrapCertificate(const std::string& signed_message,
                                  const std::string& signature,
                                  const std::string& nonce,
@@ -95,7 +124,7 @@ class CryptoSession {
                                  std::string* wrapped_private_key);
 
   // Media data path
-  virtual CdmResponseType Decrypt(const CdmDecryptionParameters& parameters);
+  virtual CdmResponseType Decrypt(const CdmDecryptionParameters& params);
 
   // Usage related methods
   virtual bool UsageInformationSupport(bool* has_support);
@@ -181,6 +210,10 @@ class CryptoSession {
   virtual metrics::CryptoMetrics* GetCryptoMetrics() { return metrics_; }
 
   virtual CdmResponseType AddSubSession(const std::string& sub_session_key_id);
+  // TODO(jfore): exists is set based on whether a sub session exists. For now,
+  // that is not assumed to be an error.
+  virtual bool GenerateSubSessionNonce(const std::string& sub_session_key_id,
+                                       bool* exists, uint32_t* nonce);
 
  private:
   bool GetProvisioningMethod(CdmClientTokenType* token_type);
@@ -188,13 +221,9 @@ class CryptoSession {
   void Terminate();
   bool GetTokenFromKeybox(std::string* token);
   bool GetTokenFromOemCert(std::string* token);
-  void GenerateMacContext(const std::string& input_context,
-                          std::string* deriv_context);
-  void GenerateEncryptContext(const std::string& input_context,
-                              std::string* deriv_context);
   bool GenerateSignature(const std::string& message, std::string* signature);
   bool GenerateRsaSignature(const std::string& message, std::string* signature);
-  size_t GetOffset(std::string message, std::string field);
+
   bool SetDestinationBufferType();
 
   bool RewrapDeviceRSAKey(
@@ -230,7 +259,7 @@ class CryptoSession {
   static void IncrementIV(uint64_t increase_by, std::vector<uint8_t>* iv_out);
 
   static const size_t kAes128BlockSize = 16;  // Block size for AES_CBC_128
-  static const size_t kSignatureSize = 32;  // size for HMAC-SHA256 signature
+  static const size_t kSignatureSize = 32;    // size for HMAC-SHA256 signature
   static Lock crypto_lock_;
   static bool initialized_;
   static int session_count_;
@@ -240,10 +269,13 @@ class CryptoSession {
 
   bool open_;
   CdmClientTokenType pre_provision_token_type_;
-  std::string oem_token_; // Cached OEMCrypto Public Key
+  std::string oem_token_;  // Cached OEMCrypto Public Key
   bool update_usage_table_after_close_session_;
   CryptoSessionId oec_session_id_;
   SubLicenseSessionMap sub_license_oec_sessions_;
+  // Used for sub license sessions.
+  std::string wrapped_key_;
+  scoped_ptr<KeySession> key_session_;
 
   OEMCryptoBufferType destination_buffer_type_;
   bool is_destination_buffer_type_valid_;