Add basic handling for entitlement keys in a license.

Merge from Widevine repo of http://go/wvgerrit/41834 Key rotation is not yet supported. The key statuses are updated from a license. The mechanism expects content keys tro come in a license. For entitlement licenses, the content keys come in the init_data. This code does not yet support the key rotation event. (A new pssh with wrapped keys is a passed to the cdm) The policy engine/key status mechanism needs to be updated to handle updated from the init_data. For now, the cdm builds a license with a key container with the content keys and used that to call PolicyEngine::SetLicense to setup the policy engine and key statuses. Bug: 64003606 Bug: 70334840 Test: In child CL Change-Id: Ibf46a18f5321cab4ff6f1778ba30527942c8021f
2018-01-25 15:31:49 -08:00
parent 8251aab9f6
commit 9ae7489938
22 changed files with 749 additions and 376 deletions
--- a/libwvdrmengine/cdm/core/src/crypto_session.cpp
+++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp
@@ -13,6 +13,7 @@

 #include "content_key_session.h"
 #include "crypto_key.h"
+#include "entitlement_key_session.h"
 #include "log.h"
 #include "openssl/asn1.h"
 #include "openssl/sha.h"
@@ -119,6 +120,12 @@ void GenerateEncryptContext(const std::string& input_context,
  deriv_context->append(EncodeUint32(kEncryptionKeySizeBits));
 }

+OEMCrypto_LicenseType OEMCryptoLicenseType(CdmLicenseKeyType cdm_license_type) {
+  return cdm_license_type == kLicenseKeyTypeContent
+             ? OEMCrypto_ContentLicense
+             : OEMCrypto_EntitlementLicense;
+}
+
 CryptoSession::CryptoSession(metrics::CryptoMetrics* metrics)
    : metrics_(metrics),
      system_id_(-1),
@@ -692,7 +699,7 @@ CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) {
  }

  // TODO(gmorgan, jfore): resolve handling of usage records in sublicenses
-  key_session_.reset(new DefaultKeySession(oec_session_id_, metrics_));
+  key_session_.reset(new ContentKeySession(oec_session_id_, metrics_));

  return NO_ERROR;
 }
@@ -779,10 +786,15 @@ CdmResponseType CryptoSession::LoadKeys(
    const std::string& mac_key_iv, const std::string& mac_key,
    const std::vector<CryptoKey>& keys,
    const std::string& provider_session_token,
-    const std::string& srm_requirement) {
+    const std::string& srm_requirement, CdmLicenseKeyType key_type) {
  LOGV("CryptoSession::LoadKeys: Lock");
  AutoLock auto_lock(crypto_lock_);

+  if (key_type == kLicenseKeyTypeEntitlement &&
+      key_session_->Type() != KeySession::kEntitlement) {
+    key_session_.reset(new EntitlementKeySession(oec_session_id_, metrics_));
+  }
+
  LOGV("LoadKeys: id=%ld", (uint32_t)oec_session_id_);
  OEMCryptoResult sts = key_session_->LoadKeys(
      message, signature, mac_key_iv, mac_key, keys, provider_session_token,
@@ -815,6 +827,13 @@ CdmResponseType CryptoSession::LoadKeys(
  return result;
 }

+CdmResponseType CryptoSession::LoadEntitledContentKeys(
+    const std::vector<CryptoKey>& key_array) {
+  // TODO(jfore): Handle and return errors.
+  /*OEMCryptoResult status =*/ key_session_->LoadEntitledContentKeys(key_array);
+  return KEY_ADDED;
+}
+
 bool CryptoSession::LoadCertificatePrivateKey(std::string& wrapped_key) {
  LOGV("CryptoSession::LoadCertificatePrivateKey: Lock");
  AutoLock auto_lock(crypto_lock_);