Merge "Key Status should reflect key container security level" into qt-dev
This commit is contained in:
Rahul Frias
@@ -21,7 +21,8 @@ using video_widevine::WidevinePsshData_EntitledKey;
|
||||
// Holds all content and operator session keys for a session.
|
||||
class LicenseKeys {
|
||||
public:
|
||||
LicenseKeys() {}
|
||||
LicenseKeys(CdmSecurityLevel security_level)
|
||||
: security_level_(security_level) {}
|
||||
virtual ~LicenseKeys() { Clear(); }
|
||||
|
||||
virtual bool Empty() { return key_statuses_.empty(); }
|
||||
@@ -54,6 +55,9 @@ class LicenseKeys {
|
||||
// to the key, returns true.
|
||||
virtual bool MeetsConstraints(const KeyId& key_id);
|
||||
|
||||
// Indicates whether specified key can be used for the sessions security level
|
||||
virtual bool MeetsSecurityLevelConstraints(const KeyId& key_id);
|
||||
|
||||
// Applies a resolution and/or hdcp change to each key, updating their
|
||||
// useability under their constraints.
|
||||
virtual void ApplyConstraints(uint32_t new_resolution,
|
||||
@@ -67,6 +71,10 @@ class LicenseKeys {
|
||||
virtual void SetEntitledKeys(
|
||||
const std::vector<WidevinePsshData_EntitledKey>& keys);
|
||||
|
||||
// For test use: Sets the OEMCrypto security level
|
||||
virtual void SetSecurityLevelForTest(
|
||||
CdmSecurityLevel security_level) { security_level_ = security_level; }
|
||||
|
||||
private:
|
||||
typedef ::video_widevine::License::KeyContainer KeyContainer;
|
||||
typedef std::map<wvcdm::KeyId, LicenseKeyStatus*>::const_iterator
|
||||
@@ -83,6 +91,8 @@ class LicenseKeys {
|
||||
// key status from |key_statuses_| when using entitlement key licensing.
|
||||
std::map<KeyId, KeyId> content_keyid_to_entitlement_key_id_;
|
||||
|
||||
CdmSecurityLevel security_level_;
|
||||
|
||||
CORE_DISALLOW_COPY_AND_ASSIGN(LicenseKeys);
|
||||
};
|
||||
|
||||
@@ -114,6 +124,10 @@ class LicenseKeyStatus {
|
||||
// Note: this will return true until the first call to ApplyConstraints().
|
||||
virtual bool MeetsConstraints() const { return meets_constraints_; }
|
||||
|
||||
// Indicates whether a key can be used for a given security level
|
||||
virtual bool MeetsSecurityLevelConstraints() const {
|
||||
return meets_security_level_constraints_; }
|
||||
|
||||
// Applies the given changes in resolution or HDCP settings.
|
||||
virtual void ApplyConstraints(uint32_t new_resolution,
|
||||
CryptoSession::HdcpCapability new_hdcp_level);
|
||||
@@ -127,12 +141,12 @@ class LicenseKeyStatus {
|
||||
typedef ::google::protobuf::RepeatedPtrField<VideoResolutionConstraint>
|
||||
ConstraintList;
|
||||
|
||||
LicenseKeyStatus(const KeyContainer& key);
|
||||
LicenseKeyStatus(const KeyContainer& key, const CdmSecurityLevel level);
|
||||
|
||||
virtual ~LicenseKeyStatus() {}
|
||||
|
||||
private:
|
||||
void ParseContentKey(const KeyContainer& key);
|
||||
void ParseContentKey(const KeyContainer& key, CdmSecurityLevel level);
|
||||
void ParseOperatorSessionKey(const KeyContainer& key);
|
||||
|
||||
bool HasConstraints() { return is_content_key_ && constraints_.size() != 0; }
|
||||
@@ -142,6 +156,7 @@ class LicenseKeyStatus {
|
||||
bool is_content_key_;
|
||||
CdmKeyStatus key_status_;
|
||||
bool meets_constraints_;
|
||||
bool meets_security_level_constraints_;
|
||||
CdmKeyAllowedUsage allowed_usage_;
|
||||
CryptoSession::HdcpCapability default_hdcp_level_;
|
||||
ConstraintList constraints_;
|
||||
|
||||
@@ -45,8 +45,7 @@ class PolicyEngine {
|
||||
|
||||
// Verifies whether the policy allows use of the specified key of
|
||||
// a given security level for content decryption.
|
||||
virtual bool CanUseKeyForSecurityLevel(const KeyId& key_id,
|
||||
CdmSecurityLevel security_level);
|
||||
virtual bool CanUseKeyForSecurityLevel(const KeyId& key_id);
|
||||
|
||||
// OnTimerEvent is called when a timer fires. It notifies the Policy Engine
|
||||
// that the timer has fired and dispatches the relevant events through
|
||||
@@ -167,10 +166,12 @@ class PolicyEngine {
|
||||
// Guard against clock rollbacks
|
||||
int64_t GetCurrentTime();
|
||||
|
||||
// set_clock() is for testing only. It alters ownership of the
|
||||
// passed-in pointer.
|
||||
// Test only methods
|
||||
// set_clock alters ownership of the passed-in pointer.
|
||||
void set_clock(Clock* clock);
|
||||
|
||||
void SetSecurityLevelForTest(CdmSecurityLevel security_level);
|
||||
|
||||
LicenseState license_state_;
|
||||
|
||||
// This is the current policy information for this license. This gets updated
|
||||
|
||||
@@ -635,8 +635,7 @@ CdmResponseType CdmSession::Decrypt(const CdmDecryptionParameters& params) {
|
||||
return INSUFFICIENT_OUTPUT_PROTECTION;
|
||||
return NEED_KEY;
|
||||
}
|
||||
if (!policy_engine_->CanUseKeyForSecurityLevel(*params.key_id,
|
||||
security_level_)) {
|
||||
if (!policy_engine_->CanUseKeyForSecurityLevel(*params.key_id)) {
|
||||
return KEY_PROHIBITED_FOR_SECURITY_LEVEL;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -152,6 +152,16 @@ bool LicenseKeys::MeetsConstraints(const KeyId& key_id) {
|
||||
}
|
||||
}
|
||||
|
||||
bool LicenseKeys::MeetsSecurityLevelConstraints(const KeyId& key_id) {
|
||||
if (key_statuses_.count(key_id) > 0) {
|
||||
return key_statuses_[key_id]->MeetsSecurityLevelConstraints();
|
||||
} else {
|
||||
// If a Key ID is unknown to us, we don't know of any constraints for it,
|
||||
// so never block decryption.
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
void LicenseKeys::ApplyConstraints(
|
||||
uint32_t new_resolution, CryptoSession::HdcpCapability new_hdcp_level) {
|
||||
for (LicenseKeyStatusIterator i = key_statuses_.begin();
|
||||
@@ -168,7 +178,7 @@ void LicenseKeys::SetFromLicense(const video_widevine::License& license) {
|
||||
key.type() == KeyContainer::OPERATOR_SESSION ||
|
||||
key.type() == KeyContainer::ENTITLEMENT)) {
|
||||
const KeyId& key_id = key.id();
|
||||
key_statuses_[key_id] = new LicenseKeyStatus(key);
|
||||
key_statuses_[key_id] = new LicenseKeyStatus(key, security_level_);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -190,23 +200,26 @@ void LicenseKeys::SetEntitledKeys(
|
||||
}
|
||||
}
|
||||
|
||||
LicenseKeyStatus::LicenseKeyStatus(const KeyContainer& key)
|
||||
LicenseKeyStatus::LicenseKeyStatus(const KeyContainer& key,
|
||||
const CdmSecurityLevel security_level)
|
||||
: is_content_key_(false),
|
||||
key_status_(kKeyStatusInternalError),
|
||||
meets_constraints_(true),
|
||||
meets_security_level_constraints_(true),
|
||||
default_hdcp_level_(HDCP_NONE) {
|
||||
allowed_usage_.Clear();
|
||||
constraints_.Clear();
|
||||
|
||||
if (key.type() == KeyContainer::CONTENT ||
|
||||
key.type() == KeyContainer::ENTITLEMENT) {
|
||||
ParseContentKey(key);
|
||||
ParseContentKey(key, security_level);
|
||||
} else if (key.type() == KeyContainer::OPERATOR_SESSION) {
|
||||
ParseOperatorSessionKey(key);
|
||||
}
|
||||
}
|
||||
|
||||
void LicenseKeyStatus::ParseContentKey(const KeyContainer& key) {
|
||||
void LicenseKeyStatus::ParseContentKey(const KeyContainer& key,
|
||||
CdmSecurityLevel security_level) {
|
||||
is_content_key_ = true;
|
||||
if (key.has_level() && ((key.level() == KeyContainer::HW_SECURE_DECODE) ||
|
||||
(key.level() == KeyContainer::HW_SECURE_ALL))) {
|
||||
@@ -238,8 +251,34 @@ void LicenseKeyStatus::ParseContentKey(const KeyContainer& key) {
|
||||
allowed_usage_.key_security_level_ = kKeySecurityLevelUnknown;
|
||||
break;
|
||||
}
|
||||
|
||||
switch (security_level) {
|
||||
case kSecurityLevelL1:
|
||||
meets_security_level_constraints_ = true;
|
||||
break;
|
||||
case kSecurityLevelL2:
|
||||
case kSecurityLevelL3:
|
||||
switch (key.level()) {
|
||||
case KeyContainer::SW_SECURE_CRYPTO:
|
||||
case KeyContainer::SW_SECURE_DECODE:
|
||||
meets_security_level_constraints_ = true;
|
||||
break;
|
||||
case KeyContainer::HW_SECURE_CRYPTO:
|
||||
meets_security_level_constraints_ =
|
||||
security_level == kSecurityLevelL2;
|
||||
break;
|
||||
default:
|
||||
meets_security_level_constraints_ = false;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
meets_security_level_constraints_ = false;
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
allowed_usage_.key_security_level_ = kKeySecurityLevelUnset;
|
||||
meets_security_level_constraints_ = true;
|
||||
}
|
||||
allowed_usage_.SetValid();
|
||||
|
||||
@@ -301,7 +340,7 @@ bool LicenseKeyStatus::ApplyStatusChange(CdmKeyStatus new_status,
|
||||
}
|
||||
CdmKeyStatus updated_status = new_status;
|
||||
if (updated_status == kKeyStatusUsable) {
|
||||
if (!MeetsConstraints()) {
|
||||
if (!MeetsConstraints() || !MeetsSecurityLevelConstraints()) {
|
||||
updated_status = kKeyStatusOutputNotAllowed;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -40,7 +40,7 @@ PolicyEngine::PolicyEngine(CdmSessionId session_id,
|
||||
last_recorded_current_time_(0),
|
||||
session_id_(session_id),
|
||||
event_listener_(event_listener),
|
||||
license_keys_(new LicenseKeys),
|
||||
license_keys_(new LicenseKeys(crypto_session->GetSecurityLevel())),
|
||||
clock_(new Clock) {
|
||||
InitDevice(crypto_session);
|
||||
}
|
||||
@@ -311,30 +311,8 @@ CdmResponseType PolicyEngine::QueryKeyAllowedUsage(
|
||||
return KEY_NOT_FOUND_1;
|
||||
}
|
||||
|
||||
bool PolicyEngine::CanUseKeyForSecurityLevel(
|
||||
const KeyId& key_id,
|
||||
CdmSecurityLevel security_level) {
|
||||
|
||||
if (security_level == kSecurityLevelL1) return true;
|
||||
|
||||
CdmKeyAllowedUsage key_usage;
|
||||
CdmResponseType status = QueryKeyAllowedUsage(key_id, &key_usage);
|
||||
|
||||
if (status != NO_ERROR) return false;
|
||||
|
||||
// L1 has already been addressed so verify that L2/3 are allowed
|
||||
switch (key_usage.key_security_level_) {
|
||||
case kKeySecurityLevelUnset:
|
||||
return true;
|
||||
case kSoftwareSecureCrypto:
|
||||
case kSoftwareSecureDecode:
|
||||
return security_level == kSecurityLevelL2 ||
|
||||
security_level == kSecurityLevelL3;
|
||||
case kHardwareSecureCrypto:
|
||||
return security_level == kSecurityLevelL2;
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
bool PolicyEngine::CanUseKeyForSecurityLevel(const KeyId& key_id) {
|
||||
return license_keys_->MeetsSecurityLevelConstraints(key_id);
|
||||
}
|
||||
|
||||
bool PolicyEngine::GetSecondsSinceStarted(int64_t* seconds_since_started) {
|
||||
@@ -525,4 +503,8 @@ int64_t PolicyEngine::GetCurrentTime() {
|
||||
|
||||
void PolicyEngine::set_clock(Clock* clock) { clock_.reset(clock); }
|
||||
|
||||
void PolicyEngine::SetSecurityLevelForTest(CdmSecurityLevel security_level) {
|
||||
license_keys_->SetSecurityLevelForTest(security_level);
|
||||
}
|
||||
|
||||
} // namespace wvcdm
|
||||
|
||||
@@ -152,7 +152,8 @@ class MockCryptoSession : public TestCryptoSession {
|
||||
|
||||
class MockPolicyEngine : public PolicyEngine {
|
||||
public:
|
||||
MockPolicyEngine() : PolicyEngine("mock_session_id", NULL, NULL) {}
|
||||
MockPolicyEngine(CryptoSession* crypto_session)
|
||||
: PolicyEngine("mock_session_id", NULL, crypto_session) {}
|
||||
|
||||
// Leaving a place-holder for when PolicyEngine methods need to be mocked
|
||||
};
|
||||
@@ -181,7 +182,7 @@ class CdmSessionTest : public WvCdmTestBase {
|
||||
cdm_session_->set_license_parser(license_parser_);
|
||||
crypto_session_ = new NiceMock<MockCryptoSession>(&crypto_metrics_);
|
||||
cdm_session_->set_crypto_session(crypto_session_);
|
||||
policy_engine_ = new MockPolicyEngine();
|
||||
policy_engine_ = new MockPolicyEngine(crypto_session_);
|
||||
cdm_session_->set_policy_engine(policy_engine_);
|
||||
file_handle_ = new MockDeviceFiles();
|
||||
cdm_session_->set_file_handle(file_handle_);
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -182,6 +182,10 @@ class PolicyEngineTest : public WvCdmTestBase {
|
||||
expected_has_new_usable_key));
|
||||
}
|
||||
|
||||
void SetCdmSecurityLevel(CdmSecurityLevel security_level) {
|
||||
policy_engine_->SetSecurityLevelForTest(security_level);
|
||||
}
|
||||
|
||||
metrics::CryptoMetrics dummy_metrics_;
|
||||
NiceMock<HdcpOnlyMockCryptoSession> crypto_session_;
|
||||
StrictMock<MockCdmEventListener> mock_event_listener_;
|
||||
@@ -1725,20 +1729,29 @@ TEST_P(PolicyEngineKeySecurityLevelTest, CanUseKeyForSecurityLevel) {
|
||||
ExpectSessionKeysChange(kKeyStatusUsable, true);
|
||||
EXPECT_CALL(mock_event_listener_, OnExpirationUpdate(_, _));
|
||||
|
||||
SetCdmSecurityLevel(kSecurityLevelL1);
|
||||
policy_engine_->SetLicense(license_);
|
||||
|
||||
EXPECT_EQ(param->expect_can_L1_use_key,
|
||||
policy_engine_->CanUseKeyForSecurityLevel(kKeyId,
|
||||
kSecurityLevelL1));
|
||||
policy_engine_->CanUseKeyForSecurityLevel(kKeyId));
|
||||
|
||||
SetCdmSecurityLevel(kSecurityLevelL2);
|
||||
policy_engine_->SetLicense(license_);
|
||||
|
||||
EXPECT_EQ(param->expect_can_L2_use_key,
|
||||
policy_engine_->CanUseKeyForSecurityLevel(kKeyId,
|
||||
kSecurityLevelL2));
|
||||
policy_engine_->CanUseKeyForSecurityLevel(kKeyId));
|
||||
|
||||
SetCdmSecurityLevel(kSecurityLevelL3);
|
||||
policy_engine_->SetLicense(license_);
|
||||
|
||||
EXPECT_EQ(param->expect_can_L3_use_key,
|
||||
policy_engine_->CanUseKeyForSecurityLevel(kKeyId,
|
||||
kSecurityLevelL3));
|
||||
policy_engine_->CanUseKeyForSecurityLevel(kKeyId));
|
||||
|
||||
SetCdmSecurityLevel(kSecurityLevelUnknown);
|
||||
policy_engine_->SetLicense(license_);
|
||||
|
||||
EXPECT_EQ(param->expect_can_level_unknown_use_key,
|
||||
policy_engine_->CanUseKeyForSecurityLevel(kKeyId,
|
||||
kSecurityLevelUnknown));
|
||||
policy_engine_->CanUseKeyForSecurityLevel(kKeyId));
|
||||
}
|
||||
|
||||
INSTANTIATE_TEST_CASE_P(
|
||||
@@ -1859,6 +1872,8 @@ TEST_F(PolicyEngineKeyAllowedUsageTest, AllowedUsageBasic) {
|
||||
content_key->set_id(kKeyId);
|
||||
content_key->set_level(License::KeyContainer::HW_SECURE_ALL);
|
||||
|
||||
SetCdmSecurityLevel(kSecurityLevelL1);
|
||||
|
||||
// generic operator session key (sign)
|
||||
AddOperatorSessionKey(kGenericKeyId, kEncryptNull, kDecryptNull, kSignTrue,
|
||||
kVerifyNull);
|
||||
@@ -1917,6 +1932,8 @@ TEST_F(PolicyEngineKeyAllowedUsageTest, AllowedUsageGeneric) {
|
||||
another_content_key->set_id(kAnotherKeyId);
|
||||
another_content_key->set_level(License::KeyContainer::HW_SECURE_CRYPTO);
|
||||
|
||||
SetCdmSecurityLevel(kSecurityLevelL1);
|
||||
|
||||
// generic operator session keys
|
||||
AddOperatorSessionKey(kGenericSignKeyId, kEncryptNull, kDecryptNull,
|
||||
kSignTrue, kVerifyNull);
|
||||
|
||||
Reference in New Issue
Block a user