widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge changes I939e4797,Iefbfe2dd,I002202b4,I09262da0

Browse Source 
* changes:
  Core CDM: Remove usage info as a run-time type.
  Core CDM: Do not store/retrieve USAGE_INFO entries.
  Core CDM: Remove usage info API from DeviceFiles.
  Core CDM: Removed ability to add secure stop entry.
This commit is contained in:
Alex Dale
2022-11-10 03:03:27 +00:00
committed by Android (Google) Code Review
parent a84c7b8ac4 5dd2b07286
commit 789b9b675c
10 changed files with 1085 additions and 4136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
libwvdrmengine/cdm/core/include/device_files.h
View File

@@ -103,17 +103,6 @@ class DeviceFiles {
CryptoWrappedKey wrapped_private_key;
};
struct CdmUsageData {
std::string provider_session_token;
CdmKeyMessage license_request;
CdmKeyResponse license;
std::string key_set_id;
CdmUsageEntry usage_entry;
uint32_t usage_entry_number;
std::string drm_certificate;
CryptoWrappedKey wrapped_private_key;
};
DeviceFiles(wvutil::FileSystem*);
virtual ~DeviceFiles();
@@ -164,103 +153,10 @@ class DeviceFiles {
virtual bool ReserveLicenseId(const std::string& key_set_id);
virtual bool UnreserveLicenseId(const std::string& key_set_id);
// Use this method to create a |usage_info_file_name| from an |app_id|
static std::string GetUsageInfoFileName(const std::string& app_id);
// The UsageInfo methods have been revised to use |usage_info_file_name|
// rather than |app_id| as a parameter. Use the helper method above to
// translate.
// OEMCrypto API 13 introduced big usage tables which required
// migration from usage tables stored by the TEE to usage table
// header+usage entries stored in unsecured persistent storage. The upgrade
// required creation of reverse lookup tables (CdmUsageEntryInfo).
// |app_id| however was hashed and unextractable, and necessitated the
// switch to |usage_info_file_name|
virtual bool StoreUsageInfo(
const std::string& provider_session_token,
const CdmKeyMessage& key_request, const CdmKeyResponse& key_response,
const std::string& usage_info_file_name, const std::string& key_set_id,
const CdmUsageEntry& usage_entry, uint32_t usage_entry_number,
const std::string& drm_certificate, const CryptoWrappedKey& wrapped_key);
// Retrieve usage identifying information stored on the file system.
// The caller needs to specify at least one of |ksids| or
// |provider_session_tokens|
virtual bool ListUsageIds(const std::string& app_id,
std::vector<std::string>* ksids,
std::vector<std::string>* provider_session_tokens);
// Get the provider session token for the given key_set_id.
virtual bool GetProviderSessionToken(const std::string& app_id,
const std::string& key_set_id,
std::string* provider_session_token);
virtual bool DeleteUsageInfo(const std::string& usage_info_file_name,
const std::string& provider_session_token);
// Deletes a set of provider sessions from the specified usage info.
// Sessions removed are based on the provided |key_set_ids|. If
// there are no remaining sessions associated with the usage info
// then the file will be deleted; otherwise, the remaining sessions
// are written back to the usage info file.
//
// Args:
// usage_info_file_name: name of the file containing the usage info
// message. This name should _not_ be the complete path, just
// the file name.
// key_set_ids: The list of key set IDs to be removed from the
// usage info. Note that any key set ids that are not present
// in the usage info are silently ignored.
// Returns:
// `true` if the file existed, and operations were completed as
// expected. `false` if the file does not exist or if there is an
// issue writing the result back to file.
virtual bool DeleteMultipleUsageInfoByKeySetIds(
const std::string& usage_info_file_name,
const std::vector<std::string>& key_set_ids);
// Delete usage information from the file system. Puts a list of all the
// psts that were deleted from the file into |provider_session_tokens|.
virtual bool DeleteAllUsageInfoForApp(
const std::string& usage_info_file_name,
std::vector<std::string>* provider_session_tokens);
// Usage info has been deprecated, however, these two methods remain
// for the removal of their storage data.
virtual bool DeleteAllUsageInfo();
// Retrieve the usage info entry specified by |provider_session_token|.
// Returns false if the entry could not be found.
virtual bool RetrieveUsageInfo(const std::string& usage_info_file_name,
const std::string& provider_session_token,
CdmKeyMessage* license_request,
CdmKeyResponse* license_response,
CdmUsageEntry* usage_entry,
uint32_t* usage_entry_number,
std::string* drm_certificate,
CryptoWrappedKey* wrapped_key);
// Retrieve the usage info entry specified by |key_set_id|.
// Returns false if the entry could not be found.
virtual bool RetrieveUsageInfoByKeySetId(
const std::string& usage_info_file_name, const std::string& key_set_id,
std::string* provider_session_token, CdmKeyMessage* license_request,
CdmKeyResponse* license_response, CdmUsageEntry* usage_entry,
uint32_t* usage_entry_number, std::string* drm_certificate,
CryptoWrappedKey* wrapped_key);
// These APIs support upgrading from usage tables to usage tabler header +
// entries introduced in OEMCrypto V13.
virtual bool ListUsageInfoFiles(std::vector<std::string>* usage_file_names);
virtual bool RetrieveUsageInfo(const std::string& usage_info_file_name,
std::vector<CdmUsageData>* usage_data);
virtual bool RetrieveUsageInfo(const std::string& usage_info_file_name,
const std::string& provider_session_token,
CdmUsageData* usage_data);
// This method overwrites rather than appends data to the usage file
virtual bool StoreUsageInfo(const std::string& usage_info_file_name,
const std::vector<CdmUsageData>& usage_data);
virtual bool UpdateUsageInfo(const std::string& usage_info_file_name,
const std::string& provider_session_token,
const CdmUsageData& usage_data);
virtual bool StoreHlsAttributes(const std::string& key_set_id,
const CdmHlsMethod method,
@@ -272,7 +168,7 @@ class DeviceFiles {
virtual bool StoreUsageTableInfo(
const CdmUsageTableHeader& usage_table_header,
const std::vector<CdmUsageEntryInfo>& usage_entry_info);
const std::vector<CdmUsageEntryInfo>& usage_entry_info_list);
// When retrieving usage table information from the file system; any
// table that has yet to be updated for the LRU attributes will be
@@ -283,7 +179,7 @@ class DeviceFiles {
// is set to true if any are detected.
virtual bool RetrieveUsageTableInfo(
CdmUsageTableHeader* usage_table_header,
std::vector<CdmUsageEntryInfo>* usage_entry_info, bool* lru_upgrade,
std::vector<CdmUsageEntryInfo>* usage_entry_info_list, bool* lru_upgrade,
bool* has_usage_info_entries);
virtual bool DeleteUsageTableInfo();
@@ -355,23 +251,16 @@ class DeviceFiles {
FRIEND_TEST(DeviceFilesTest, OkpInfo_FileDoesNotExist);
FRIEND_TEST(DeviceFilesTest, OkpInfo_DeleteFile);
FRIEND_TEST(DeviceFilesTest, OkpInfo_StoreAndRetrieve);
FRIEND_TEST(DeviceFilesUsageInfoTest, Delete);
FRIEND_TEST(DeviceFilesUsageInfoTest, DeleteAll);
FRIEND_TEST(DeviceFilesUsageInfoTest, Read);
FRIEND_TEST(DeviceFilesUsageInfoTest, Store);
FRIEND_TEST(DeviceFilesUsageTableTest, Read);
FRIEND_TEST(DeviceFilesUsageTableTest, Store);
FRIEND_TEST(DeviceFilesUsageTableTest, ReadWithoutLruData);
FRIEND_TEST(DeviceFilesUsageTableTest, ReadWithUsageInfoType);
FRIEND_TEST(RetrieveDefaultCertificateTest, ErrorScenarios);
FRIEND_TEST(RetrieveLegacyCertificateTest, ErrorScenarios);
FRIEND_TEST(StoreCertificateTest, DefaultAndLegacy);
FRIEND_TEST(WvCdmRequestLicenseTest, UnprovisionTest);
FRIEND_TEST(WvCdmRequestLicenseTest, ForceL3Test);
FRIEND_TEST(WvCdmRequestLicenseTest, UsageInfoRetryTest);
FRIEND_TEST(WvCdmRequestLicenseTest, UsageReleaseAllTest);
FRIEND_TEST(WvCdmUsageInfoTest, UsageInfo);
FRIEND_TEST(WvCdmUsageTest, WithClientId);
FRIEND_TEST(WvCdmExtendedDurationTest, UsageOverflowTest);
#endif
static std::set<std::string> reserved_license_ids_;

98
libwvdrmengine/cdm/core/include/usage_table_header.h
View File

@@ -46,7 +46,7 @@ namespace wvcdm {
//
// Upgrades from a fixed size usage table (supported by previous
// versions of the OEMCrypto API v9-12) are handled by this class.
// |usage_entry| and |usage_entry_number|s need to be saved in the license
// |usage_entry| and |entry_number|s need to be saved in the license
// and usage info records by the caller.
class UsageTableHeader {
public:
@@ -65,36 +65,30 @@ class UsageTableHeader {
// Adds a new entry to the OEMCrypto usage table header, and associates
// the entry with the provided |crypto_session|. The index of the new
// usage entry will be returned by |usage_entry_number|.
// usage entry will be returned by |entry_number|.
//
// Type of entry depends on the value of |persistent_license|:
// false - usage info / secure stop record
// true - offline license
//
// Threading: Method takes exclusive use of |usage_table_header_lock_|.
// Threading: Method takes exclusive use of |table_lock_|.
virtual CdmResponseType AddEntry(CryptoSession* crypto_session,
bool persistent_license,
const CdmKeySetId& key_set_id,
const std::string& usage_info_filename,
const CdmKeyResponse& license_message,
uint32_t* usage_entry_number);
// Threading: Method takes exclusive use of |usage_table_header_lock_|.
uint32_t* entry_number);
// Threading: Method takes exclusive use of |table_lock_|.
virtual CdmResponseType LoadEntry(CryptoSession* crypto_session,
const CdmUsageEntry& usage_entry,
uint32_t usage_entry_number);
// Threading: Method takes exclusive use of |usage_table_header_lock_|.
virtual CdmResponseType UpdateEntry(uint32_t usage_entry_number,
uint32_t entry_number);
// Threading: Method takes exclusive use of |table_lock_|.
virtual CdmResponseType UpdateEntry(uint32_t entry_number,
CryptoSession* crypto_session,
CdmUsageEntry* usage_entry);
// The licenses or usage info records specified by |usage_entry_number|
// The licenses or usage info records specified by |entry_number|
// should not be in use by any open CryptoSession objects when calls
// to InvalidateEntry and MoveEntry are made.
// If |defrag_table| is true, the table will be defragmented after
// the entry has been invalidated.
//
// Threading: Method takes exclusive use of |usage_table_header_lock_|.
virtual CdmResponseType InvalidateEntry(uint32_t usage_entry_number,
// Threading: Method takes exclusive use of |table_lock_|.
virtual CdmResponseType InvalidateEntry(uint32_t entry_number,
bool defrag_table,
DeviceFiles* device_files,
metrics::CryptoMetrics* metrics);
@@ -107,13 +101,13 @@ class UsageTableHeader {
// for the objects that InvalidateEntry depends on.
//
// Threading: Method requires care of caller for exclusive access.
void InvalidateEntryForTest(uint32_t usage_entry_number);
void InvalidateEntryForTest(uint32_t entry_number);
// == Table information methods ==
// Threading: None of the following are thread safe. Intended for
// testing or internal use.
size_t size() { return usage_entry_info_.size(); }
size_t size() { return entry_info_list_.size(); }
size_t potential_table_capacity() const { return potential_table_capacity_; }
@@ -122,14 +116,11 @@ class UsageTableHeader {
}
// Returns the number of entries currently tracked by the CDM that
// are related to usage info (streaming licenses).
size_t UsageInfoCount() const;
// Returns the number of entries currently tracked by the CDM that
// are related to offline licenses.
size_t OfflineEntryCount() const;
// are populated (non-empty).
size_t OccupiedEntryCount() const;
const std::vector<CdmUsageEntryInfo>& usage_entry_info() const {
return usage_entry_info_;
const std::vector<CdmUsageEntryInfo>& entry_info_list() const {
return entry_info_list_;
}
// Set the reference clock used for the method GetCurrentTime().
@@ -141,10 +132,10 @@ class UsageTableHeader {
}
static bool DetermineLicenseToRemoveForTesting(
const std::vector<CdmUsageEntryInfo>& usage_entry_info_list,
const std::vector<CdmUsageEntryInfo>& entry_info_list,
int64_t current_time, size_t unexpired_threshold,
uint32_t* entry_to_remove) {
return DetermineLicenseToRemove(usage_entry_info_list, current_time,
return DetermineLicenseToRemove(entry_info_list, current_time,
unexpired_threshold, entry_to_remove);
}
@@ -155,13 +146,13 @@ class UsageTableHeader {
// Creates a new, empty usage table. Any existing usage table files
// will be deleted.
// Threading: Method takes exclusive use of |usage_table_header_lock_|
// Threading: Method takes exclusive use of |table_lock_|
// when required.
bool CreateNewTable(CryptoSession* const crypto_session);
// Attempts to restore the usage table from persistent storage, and
// loads the usage table header into OEMCrypto.
// Note: No other OEMCrypto session should be opened before calling.
// Threading: Method takes exclusive use of |usage_table_header_lock_|
// Threading: Method takes exclusive use of |table_lock_|
// when required.
bool RestoreTable(CryptoSession* const crypto_session);
@@ -173,55 +164,52 @@ class UsageTableHeader {
// one more entry if the table is at or near the reported capacity.
// If this check fails, a new usage table SHOULD be created.
// Threading: Method requires caller to take exclusive use of
// |usage_table_header_lock_|.
// |table_lock_|.
bool CapacityCheck(CryptoSession* const crypto_session);
// Attempts to determine the capacity of the OEMCrypto usage table.
// Sets the result to |potential_table_capacity_|.
// Threading: Method requires caller to take exclusive use of
// |usage_table_header_lock_|.
// |table_lock_|.
bool DetermineTableCapacity(CryptoSession* crypto_session);
// == Table operation methods ==
// Threading: All of the following methods require caller to take
// exclusive use of |usage_table_header_lock_|.
// exclusive use of |table_lock_|.
// Creates a new entry for the provided crypto session. If the
// entry is created successfully in OEMCrypto, then a new entry
// info is added to the table's vector of entry info.
CdmResponseType CreateEntry(CryptoSession* const crypto_session,
uint32_t* usage_entry_number);
uint32_t* entry_number);
// Attempts to relocate a newly created usage entry associated with
// the provided |crypto_session| to the lowest unoccupied position in
// the table.
// |usage_entry_number| is treated as both an input and output.
// |entry_number| is treated as both an input and output.
// Returns NO_ERROR so long as no internal operation fails,
// regardless of whether the entry was moved or not.
CdmResponseType RelocateNewEntry(CryptoSession* const crypto_session,
uint32_t* usage_entry_number);
uint32_t* entry_number);
// Checks if the specified |usage_entry_number| is known to be
// Checks if the specified |entry_number| is known to be
// unoccupied (released).
bool IsEntryUnoccupied(const uint32_t usage_entry_number) const;
bool IsEntryUnoccupied(const uint32_t entry_number) const;
// SetOfflineEntryInfo() and SetUsageInfoEntryInfo() populate the
// Populates the entry's meta-data with the required information based
// entry meta-data with the required information based on the type
// of entry.
void SetOfflineEntryInfo(const uint32_t usage_entry_number,
// on the license content.
void SetOfflineEntryInfo(const uint32_t entry_number,
const std::string& key_set_id,
const CdmKeyResponse& license_message);
void SetUsageInfoEntryInfo(const uint32_t usage_entry_number,
const std::string& key_set_id,
const std::string& usage_info_file_name);
// Shrinks the table, removing all trailing unoccupied entries.
// |usage_entry_info_| will be resized appropriately.
// |entry_info_| will be resized appropriately.
// Caller must store the table after a successful call.
CdmResponseType RefitTable(CryptoSession* const crypto_session);
virtual CdmResponseType InvalidateEntryInternal(
uint32_t usage_entry_number, bool defrag_table, DeviceFiles* device_files,
uint32_t entry_number, bool defrag_table, DeviceFiles* device_files,
metrics::CryptoMetrics* metrics);
CdmResponseType MoveEntry(uint32_t from /* usage entry number */,
@@ -230,11 +218,9 @@ class UsageTableHeader {
DeviceFiles* device_files,
metrics::CryptoMetrics* metrics);
CdmResponseType GetEntry(uint32_t usage_entry_number,
DeviceFiles* device_files,
CdmResponseType GetEntry(uint32_t entry_number, DeviceFiles* device_files,
CdmUsageEntry* usage_entry);
CdmResponseType StoreEntry(uint32_t usage_entry_number,
DeviceFiles* device_files,
CdmResponseType StoreEntry(uint32_t entry_number, DeviceFiles* device_files,
const CdmUsageEntry& usage_entry);
// Stores the usage table and it's info. This will increment
@@ -285,7 +271,7 @@ class UsageTableHeader {
// types.
//
// Parameters:
// [in] usage_entry_info_list: The complete list of known usage
// [in] entry_info_list: The complete list of known usage
// entries.
// [in] current_time: The current time to compare expiration times
// against.
@@ -300,20 +286,20 @@ class UsageTableHeader {
// |true| if an entry has been determined to be removed.
// Otherwise returns |false|.
static bool DetermineLicenseToRemove(
const std::vector<CdmUsageEntryInfo>& usage_entry_info_list,
const std::vector<CdmUsageEntryInfo>& entry_info_list,
int64_t current_time, size_t unexpired_threshold,
uint32_t* entry_to_remove);
// This handle and file system is only to be used when accessing
// usage_table_header. Usage entries should use the file system provided
// |table_header|. Usage entries should use the file system provided
// by CdmSession.
std::unique_ptr<DeviceFiles> device_files_;
std::unique_ptr<wvutil::FileSystem> file_system_;
CdmSecurityLevel security_level_ = kSecurityLevelUninitialized;
RequestedSecurityLevel requested_security_level_ = kLevelDefault;
CdmUsageTableHeader usage_table_header_;
std::vector<CdmUsageEntryInfo> usage_entry_info_;
CdmUsageTableHeader table_header_;
std::vector<CdmUsageEntryInfo> entry_info_list_;
// Table is sync with persistent storage and can be used by the CDM
// to interact with OEMCrypto.
@@ -321,7 +307,7 @@ class UsageTableHeader {
// Synchonizes access to the Usage Table Header and bookkeeping
// data-structures
mutable std::mutex usage_table_header_lock_;
mutable std::mutex table_lock_;
metrics::CryptoMetrics alternate_crypto_metrics_;

86
libwvdrmengine/cdm/core/include/wv_cdm_types.h
View File

@@ -537,44 +537,71 @@ enum CdmUsageSupportType : int32_t {
kUnknownUsageSupport,
};
enum CdmUsageEntryStorageType : int32_t {
kStorageLicense,
kStorageUsageInfo,
kStorageTypeUnknown,
};
class CdmUsageEntryInfo {
public:
CdmUsageEntryInfo() {}
CdmUsageEntryInfo(const std::string& key_set_id, int64_t last_use_time,
int64_t license_expiry_time)
: key_set_id_(key_set_id),
last_use_time_(last_use_time),
license_expiry_time_(license_expiry_time) {
if (key_set_id.empty()) Clear();
}
CdmUsageEntryInfo(const CdmUsageEntryInfo&) = default;
CdmUsageEntryInfo& operator=(const CdmUsageEntryInfo&) = default;
CdmUsageEntryInfo(CdmUsageEntryInfo&&) = default;
CdmUsageEntryInfo& operator=(CdmUsageEntryInfo&&) = default;
bool HasKeySetId() const { return !key_set_id_.empty(); }
bool IsEmpty() const { return key_set_id_.empty(); }
const std::string& key_set_id() const { return key_set_id_; }
void SetKeySetId(const std::string& key_set_id) {
if (key_set_id.empty()) {
Clear();
} else {
key_set_id_ = key_set_id;
}
}
int64_t last_use_time() const { return last_use_time_; }
void SetLastUseTime(int64_t last_use_time) { last_use_time_ = last_use_time; }
// Used for testing.
void IncLastUseTime() { last_use_time_++; }
void DecLastUseTime() { last_use_time_--; }
int64_t license_expiry_time() const { return license_expiry_time_; }
void SetLicenseExpiryTime(int64_t license_expiry_time) {
license_expiry_time_ = license_expiry_time;
}
void Clear() {
key_set_id_.clear();
last_use_time_ = license_expiry_time_ = 0;
}
struct CdmUsageEntryInfo {
CdmUsageEntryStorageType storage_type;
CdmKeySetId key_set_id;
std::string usage_info_file_name;
int64_t last_use_time;
int64_t offline_license_expiry_time; // Only for offline licenses.
bool operator==(const CdmUsageEntryInfo& other) const {
if (this == &other) {
return true;
}
if (storage_type != other.storage_type || key_set_id != other.key_set_id ||
last_use_time != other.last_use_time) {
if (IsEmpty() && other.IsEmpty()) {
// All other fields are ignored if there is no key set ID set.
return true;
}
if (key_set_id_ != other.key_set_id_) {
return false;
}
// Certain fields only have meaning based on the storage type.
if (storage_type == kStorageUsageInfo) {
return usage_info_file_name == other.usage_info_file_name;
}
if (storage_type == kStorageLicense) {
return offline_license_expiry_time == other.offline_license_expiry_time;
}
// else storage_type == kStorageTypeUnknown
return true;
return last_use_time_ == other.last_use_time_ &&
license_expiry_time_ == other.license_expiry_time_;
}
void Clear() {
storage_type = kStorageTypeUnknown;
key_set_id.clear();
usage_info_file_name.clear();
last_use_time = 0;
offline_license_expiry_time = 0;
}
private:
// If |key_set_id_| is empty, the other fields are ignored.
CdmKeySetId key_set_id_ = "";
int64_t last_use_time_ = 0;
int64_t license_expiry_time_ = 0;
};
enum CdmKeySecurityLevel : int32_t {
@@ -846,7 +873,6 @@ const char* CdmOfflineLicenseStateToString(
CdmOfflineLicenseState license_state);
const char* CdmResponseTypeToString(int cdm_response_type);
const char* CdmSecurityLevelToString(CdmSecurityLevel security_level);
const char* CdmUsageEntryStorageTypeToString(CdmUsageEntryStorageType type);
const char* RequestedSecurityLevelToString(
RequestedSecurityLevel security_level);
const char* CdmWatermarkingSupportToString(CdmWatermarkingSupport support);