Corrections for license release on fallback to L3
When falling back to L3, release requests were failing. Information requesting falling back to L3 is passed along when the session is opened. Licenses however are released using the key set ID and information requesting fallback to L3(CdmClientPropertySet) at that point is unavailable. The release was actually attempting to release a license at the default security level which is incorrect. In addition, the mac keys were not being setup correctly and the release message was signed with keys derived from the license request and not the response. Both these issues have been addressed and unit tests added to track release of offline licenses and usage reporting scenarios. [ Merge of https://widevine-internal-review.googlesource.com/#/c/11062 from wv cdm repo ] b/17073910 Change-Id: I5cd95a7dfe58ebae7ae27ece6c92e67755c1d665
This commit is contained in:
Rahul Frias
@@ -34,7 +34,9 @@ class CdmEngine {
|
||||
CdmSessionId* session_id);
|
||||
virtual CdmResponseType CloseSession(const CdmSessionId& session_id);
|
||||
|
||||
virtual CdmResponseType OpenKeySetSession(const CdmKeySetId& key_set_id);
|
||||
virtual CdmResponseType OpenKeySetSession(
|
||||
const CdmKeySetId& key_set_id,
|
||||
const CdmClientPropertySet* property_set);
|
||||
virtual CdmResponseType CloseKeySetSession(const CdmKeySetId& key_set_id);
|
||||
|
||||
// License related methods
|
||||
|
||||
@@ -108,7 +108,9 @@ CdmResponseType CdmEngine::OpenSession(
|
||||
return NO_ERROR;
|
||||
}
|
||||
|
||||
CdmResponseType CdmEngine::OpenKeySetSession(const CdmKeySetId& key_set_id) {
|
||||
CdmResponseType CdmEngine::OpenKeySetSession(
|
||||
const CdmKeySetId& key_set_id,
|
||||
const CdmClientPropertySet* property_set) {
|
||||
LOGI("CdmEngine::OpenKeySetSession");
|
||||
|
||||
if (key_set_id.empty()) {
|
||||
@@ -117,7 +119,7 @@ CdmResponseType CdmEngine::OpenKeySetSession(const CdmKeySetId& key_set_id) {
|
||||
}
|
||||
|
||||
CdmSessionId session_id;
|
||||
CdmResponseType sts = OpenSession(KEY_SYSTEM, NULL, &session_id);
|
||||
CdmResponseType sts = OpenSession(KEY_SYSTEM, property_set, &session_id);
|
||||
|
||||
if (sts != NO_ERROR)
|
||||
return sts;
|
||||
|
||||
@@ -869,7 +869,11 @@ bool CdmLicense::RestoreLicenseForRelease(
|
||||
return false;
|
||||
}
|
||||
|
||||
key_request_ = signed_request.msg();
|
||||
if (Properties::use_certificates_as_identification()) {
|
||||
key_request_ = signed_request.msg();
|
||||
} else {
|
||||
if (!session_->GenerateDerivedKeys(signed_request.msg())) return false;
|
||||
}
|
||||
|
||||
SignedMessage signed_response;
|
||||
if (!signed_response.ParseFromString(license_response)) {
|
||||
@@ -885,19 +889,6 @@ bool CdmLicense::RestoreLicenseForRelease(
|
||||
return false;
|
||||
}
|
||||
|
||||
if (Properties::use_certificates_as_identification()) {
|
||||
if (!signed_response.has_session_key()) {
|
||||
LOGE("CdmLicense::RestoreLicenseForRelease: no session keys present");
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!session_->GenerateDerivedKeys(key_request_,
|
||||
signed_response.session_key()))
|
||||
return false;
|
||||
} else {
|
||||
if (!session_->GenerateDerivedKeys(key_request_)) return false;
|
||||
}
|
||||
|
||||
if (!signed_response.has_signature()) {
|
||||
LOGE("CdmLicense::RestoreLicenseForRelease: license response is not"
|
||||
" signed");
|
||||
@@ -914,6 +905,21 @@ bool CdmLicense::RestoreLicenseForRelease(
|
||||
if (license.id().has_provider_session_token())
|
||||
provider_session_token_ = license.id().provider_session_token();
|
||||
|
||||
if (Properties::use_certificates_as_identification()) {
|
||||
if (!signed_response.has_session_key()) {
|
||||
LOGE("CdmLicense::RestoreLicenseForRelease: no session keys present");
|
||||
return false;
|
||||
}
|
||||
|
||||
if (license.id().has_provider_session_token()) {
|
||||
if (!session_->GenerateDerivedKeys(key_request_,
|
||||
signed_response.session_key()))
|
||||
return false;
|
||||
} else {
|
||||
return KEY_ADDED == HandleKeyResponse(license_response);
|
||||
}
|
||||
}
|
||||
|
||||
if (license.policy().has_renewal_server_url())
|
||||
server_url_ = license.policy().renewal_server_url();
|
||||
|
||||
|
||||
@@ -778,12 +778,14 @@ extern "C" OEMCryptoResult OEMCrypto_DeactivateUsageEntry(const uint8_t *pst,
|
||||
const FunctionPointers* fcn1 = kAdapter->get(kLevelDefault);
|
||||
const FunctionPointers* fcn3 = kAdapter->get(kLevel3);
|
||||
OEMCryptoResult sts = OEMCrypto_ERROR_NOT_IMPLEMENTED;
|
||||
if (fcn3 && fcn3->version > 8) {
|
||||
sts = fcn3->DeactivateUsageEntry(pst, pst_length);
|
||||
}
|
||||
if (fcn1 && fcn1 != fcn3 && fcn1->version > 8) {
|
||||
if (fcn1 && fcn1->version > 8) {
|
||||
sts = fcn1->DeactivateUsageEntry(pst, pst_length);
|
||||
}
|
||||
if (OEMCrypto_SUCCESS != sts) {
|
||||
if (fcn3 && fcn1 != fcn3 && fcn3->version > 8) {
|
||||
sts = fcn3->DeactivateUsageEntry(pst, pst_length);
|
||||
}
|
||||
}
|
||||
return sts;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user