Merges to android Pi release (part 7)

These are a set of CLs merged from the wv cdm repo to the android repo.

* Resolve intermittent decrypt error.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/35720 ]

  The CdmSession's closed state was not properly
  initialized resulting in intermittent
  SESSION_NOT_FOUND_FOR_DECRYPT errors.

  In CdmEngine::Decrypt the session is looked up by
  the key id. A list of open sessions is acquired
  by calling CdmSessionMap::GetSessionList and each
  session in the list is queried to see if it has
  the key.

  In building the list in CdmSessionMap::GetSessionList,
  sessions are only added to the query list *if* the session
  is not closed.

  The closed status was not initialized and during testing
  the query list would not contain the session causing
  CdmEngine::Decrypt to return SESSION_NOT_FOUND_FOR_DECRYPT
  resulting in the ce cdm api returning widevine::Cdm::kNoKey.

* No support for pre- C++11 compilation.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/35381 ]

* Handle unaligned nonce pointer in RewrapDeviceRSAKey calls.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/35340 ]

  The pointer points into a message and it may not be aligned.
  Always copy the nonce into aligned memory before checking it.

  BUG: 38140370

  Add note to CHANGELOG for this.

* Compiler strictness: more checks and code cleanup.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/35300 ]

  Use the switches proposed in b/38033653 (as much as possible - some
  conflicts with protobufs and gtest prevent fully accepting them).

  Switch to clang for x32 build; ensure that both x86-64 and x86-32 builds
  compile and link cleanly.

  BUG: 38032429
  BUG: 38033653

  This partially resolves b/38458986

* Android build fixes

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/35102 ]

  These corrections address compile warnings and errors for android
  and unit tests.

* Embedded License: Add sub license key sessions.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/33680 ]

  NOTE: this adds the AddSubSession() method, but it is not yet being
  used. Use and proper cleanup is in an upcoming CL.

* Embedded license: Add track label field.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/33660 ]

  A new track label field (a string) is added to the key container and the
  sub session data objects.

  This field will be used in handling sub license requests.

* Embedded license: extract keys from init_data.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/33621 ]

* Embedded license: add protobuf messages.

  Author: Jeff Fore <jfore@google.com>

  [ Merge of http://go/wvgerrit/33620 ]

  also sync the widevine header definition with recent naming changes.

* Improve handling of provisioning response errors.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/33600 ]

  Separate out the case of no response and the case
  where the message is believed to be a JSON+base64
  message but it doesn't parse properly.

BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
  commit in the chain.

Change-Id: I3c86f1c54980b071aec7461ac58541836551f896

libwvdrmengine/cdm/core/src/license_protocol.proto

@@ -101,6 +101,7 @@ message License {
       CONTENT = 2;
       KEY_CONTROL = 3;
       OPERATOR_SESSION = 4;
+      SUB_SESSION = 5;
     }
 
     // The SecurityLevel enumeration allows the server to communicate the level
@@ -199,6 +200,9 @@ message License {
     // supports anti rollback of the user table.  Content provider can query the
     // client capabilities to determine if the client support this feature.
     optional bool anti_rollback_usage_table = 11 [default = false];
+    // Optional not limited to commonly known track types such as SD, HD.
+    // It can be some provider defined label to identify the track.
+    optional string track_label = 12;
   }
 
   optional LicenseIdentification id = 1;
@@ -270,6 +274,19 @@ message LicenseRequest {
     //}
   }
 
+  message SubSessionData {
+    // Required. The key ID for the corresponding SUB_SESSION_KEY. The
+    // value must match the sub_session_key_id field for a
+    // corresponding SubLicense message from the PSSH.
+    optional string sub_session_key_id = 1;
+    // Required. The nonce for the track.
+    optional uint32 nonce = 2;
+    // Required for initial license request used for each CONTENT key_container
+    // to know which nonce to use for building its key control block.
+    // Not needed for renewal license request.
+    optional string track_label = 3;
+  }
+
   enum RequestType {
     NEW = 1;
     RENEWAL = 2;
@@ -293,6 +310,9 @@ message LicenseRequest {
   optional uint32 key_control_nonce = 7;
   // Encrypted ClientIdentification message, used for privacy purposes.
   optional EncryptedClientIdentification encrypted_client_id = 8;
+  // Optional sub session context information. Required for using
+  // SubLicenses from the PSSH.
+  repeated SubSessionData sub_session_data = 9;
 }
 
 message LicenseError {
@@ -306,6 +326,7 @@ message LicenseError {
     // or similar circumstances.
     SERVICE_UNAVAILABLE = 3;
   }
+
   optional Error error_code = 1;
 }
 
@@ -410,7 +431,7 @@ message ProvisioningOptions {
   optional CertificateType certificate_type = 1 [default = WIDEVINE_DRM];
 
   // Contains the application-specific name used to identify the certificate
-  // authority for signing the generated certificate. This is required iff the
+  // authority for signing the generated certificate. This is required if the
   // certificate type is X509.
   optional string certificate_authority = 2;
 }
@@ -680,19 +701,33 @@ message ProvisionedDeviceInfo {
 }
 
 // ----------------------------------------------------------------------------
-// widevine_header.proto
+// widevine_pssh.proto
 // ----------------------------------------------------------------------------
 // Description:
 //   Public protocol buffer definitions for Widevine Cenc Header
 //   protocol.
 
-message WidevineCencHeader {
+// Each SubLicense message represents a single content key. These keys can be
+// added to Widevine CENC initialization data to support both content grouping
+// and key rotation.
+message SubLicense {
+  // Required. The key_id of a SUB_SESSION_KEY received in the master license.
+  // SUB_SESSION_KEY is defined in the Widevine License Protocol.
+  optional string sub_session_key_id = 1;
+
+  // Required. The key_msg contains the bytes of a serialized SignedMessage
+  // proto. Internally the message field will contain a serialized KeyContainer
+  // holding a single content key.
+  optional bytes key_msg = 2;
+}
+
+message WidevinePsshData {
   enum Algorithm {
     UNENCRYPTED = 0;
     AESCTR = 1;
   };
   // Replaced with protection_scheme.
-  optional Algorithm algorithm = 1 [deprecated=true];
+  optional Algorithm algorithm = 1;
   repeated bytes key_id = 2;
 
   // Content provider name.
@@ -717,10 +752,22 @@ message WidevineCencHeader {
   // serialized SignedMessage.
   optional bytes grouped_license = 8;
 
-  // Protection scheme identifying the encryption algorithm. Represented as one
-  // of the following 4CC values: 'cenc' (AES-CTR), 'cbc1' (AES-CBC),
-  // 'cens' (AES-CTR subsample), 'cbcs' (AES-CBC subsample).
+  // Protection scheme identifying the encryption algorithm. The protection
+  // scheme is represented as a uint32 value. The uint32 contains 4 bytes each
+  // representing a single ascii character in one of the 4CC protection scheme
+  // values.
+  // 'cenc' (AES-CTR) protection_scheme = 0x63656E63,
+  // 'cbc1' (AES-CBC) protection_scheme = 0x63626331,
+  // 'cens' (AES-CTR subsample) protection_scheme = 0x63656E73,
+  // 'cbcs' (AES-CBC subsample) protection_scheme = 0x63626373.
   optional uint32 protection_scheme = 9;
+
+  // Optional. For media using key rotation, this represents the duration
+  // of each crypto period in seconds.
+  optional uint32 crypto_period_seconds = 10;
+
+  // Required when using content keys that are embedded in content.
+  repeated SubLicense sub_licenses = 11;
 }
 
 // Signed device certificate definition.