diff --git a/libwvdrmengine/cdm/core/src/initialization_data.cpp b/libwvdrmengine/cdm/core/src/initialization_data.cpp index 688b5249..13f4e404 100644 --- a/libwvdrmengine/cdm/core/src/initialization_data.cpp +++ b/libwvdrmengine/cdm/core/src/initialization_data.cpp @@ -2,6 +2,7 @@ #include "initialization_data.h" +#include #include #include "buffer_reader.h" @@ -19,6 +20,7 @@ const char kDoubleQuote = '\"'; const char kLeftBracket = '['; const char kRightBracket = ']'; const std::string kBase64String = "base64,"; +const uint32_t kFourCcCbcs = 0x63626373; // json init data key values const std::string kProvider = "provider"; @@ -455,12 +457,15 @@ bool InitializationData::ConstructWidevineInitData( // Now format as Widevine init data protobuf WidevineCencHeader cenc_header; + // TODO(rfrias): The algorithm is a deprecated field, but proto changes + // have not yet been pushed to production. Set until then. cenc_header.set_algorithm(WidevineCencHeader_Algorithm_AESCTR); for (size_t i = 0; i < key_ids.size(); ++i) { cenc_header.add_key_id(key_ids[i]); } cenc_header.set_provider(provider); cenc_header.set_content_id(content_id); + cenc_header.set_protection_scheme(htonl(kFourCcCbcs)); cenc_header.SerializeToString(init_data_proto); return true; } diff --git a/libwvdrmengine/cdm/core/src/license.cpp b/libwvdrmengine/cdm/core/src/license.cpp index adbbdd6a..9509bf0b 100644 --- a/libwvdrmengine/cdm/core/src/license.cpp +++ b/libwvdrmengine/cdm/core/src/license.cpp @@ -2,6 +2,7 @@ #include "license.h" +#include #include #include "clock.h" @@ -60,6 +61,10 @@ const unsigned char kServiceCertificateCAPublicKey[] = { 0x78, 0xb4, 0x64, 0x82, 0x50, 0xd2, 0x33, 0x5f, 0x91, 0x02, 0x03, 0x01, 0x00, 0x01}; } +const uint32_t kFourCcCbc1 = 0x63626331; +const uint32_t kFourCcCbcs = 0x63626373; +const uint32_t kFourCcCenc = 0x63656e63; +const uint32_t kFourCcCens = 0x63656e73; namespace wvcdm { @@ -91,7 +96,7 @@ static std::vector ExtractContentKeys(const License& license) { size_t length; switch (license.key(i).type()) { case License_KeyContainer::CONTENT: - case License_KeyContainer::OPERATOR_SESSION: + case License_KeyContainer::OPERATOR_SESSION: { key.set_key_id(license.key(i).id()); // Strip off PKCS#5 padding - since we know the key is 16 or 32 bytes, // the padding will always be 16 bytes. @@ -106,11 +111,17 @@ static std::vector ExtractContentKeys(const License& license) { key.set_key_control(license.key(i).key_control().key_control_block()); key.set_key_control_iv(license.key(i).key_control().iv()); } - // TODO(rfrias): Set cipher mode when the license protocol provides - // it (b/26190665). Set to default for now. - key.set_cipher_mode(kCipherModeCtr); + uint32_t four_cc = kFourCcCenc; + if (license.has_protection_scheme()) { + four_cc = ntohl(license.protection_scheme()); + } + if (four_cc == kFourCcCbc1 || four_cc == kFourCcCbcs) + key.set_cipher_mode(kCipherModeCbc); + else + key.set_cipher_mode(kCipherModeCtr); key_array.push_back(key); break; + } case License_KeyContainer::KEY_CONTROL: if (license.key(i).has_key_control()) { key.set_key_control(license.key(i).key_control().key_control_block()); diff --git a/libwvdrmengine/cdm/core/src/license_protocol.proto b/libwvdrmengine/cdm/core/src/license_protocol.proto index a81885a0..be398202 100644 --- a/libwvdrmengine/cdm/core/src/license_protocol.proto +++ b/libwvdrmengine/cdm/core/src/license_protocol.proto @@ -196,6 +196,10 @@ message License { optional bool remote_attestation_verified = 5 [default = false]; // Client token generated by the content provider. Optional. optional bytes provider_client_token = 6; + // Protection scheme identifying the encryption algorithm. Represented as one + // of the following 4CC values: 'cenc' (AES-CTR), 'cbc1' (AES-CBC), + // 'cens' (AES-CTR subsample), 'cbcs' (AES-CBC subsample). + optional uint32 protection_scheme = 7; } enum ProtocolVersion { @@ -268,6 +272,28 @@ message LicenseError { optional Error error_code = 1; } +message MetricData { + enum MetricType { + // The time spent in the 'stage', specified in microseconds. + LATENCY = 1; + // The UNIX epoch timestamp at which the 'stage' was first accessed in + // microseconds. + TIMESTAMP = 2; + } + + message TypeValue { + optional MetricType type = 1; + // The value associated with 'type'. For example if type == LATENCY, the + // value would be the time in microseconds spent in this 'stage'. + optional int64 value = 2 [default = 0]; + } + + // 'stage' that is currently processing the SignedMessage. Required. + optional string stage_name = 1; + // metric and associated value. + repeated TypeValue metric_data = 2; +} + message RemoteAttestation { // Encrypted ClientIdentification message containing the device remote // attestation certificate. Required. @@ -296,6 +322,14 @@ message SignedMessage { // request for ChromeOS client devices operating in verified mode. Remote // attestation challenge data is |msg| field above. Optional. optional RemoteAttestation remote_attestation = 5; + repeated MetricData metric_data = 6; +} + +message GroupKeys { + repeated License.KeyContainer key = 1; + // Byte string that identifies the group to which this license material + // belongs. + optional bytes group_id = 2; } // ---------------------------------------------------------------------------- @@ -561,7 +595,8 @@ message WidevineCencHeader { UNENCRYPTED = 0; AESCTR = 1; }; - optional Algorithm algorithm = 1; + // Replaced with protection_scheme. + optional Algorithm algorithm = 1 [deprecated=true]; repeated bytes key_id = 2; // Content provider name. @@ -577,7 +612,7 @@ message WidevineCencHeader { optional string track_type_deprecated = 5; // The name of a registered policy to be used for this asset. - optional string policy = 6; + optional string policy = 6 [deprecated=true]; // Crypto period index, for media using key rotation. optional uint32 crypto_period_index = 7; @@ -585,4 +620,9 @@ message WidevineCencHeader { // Optional protected context for group content. The grouped_license is a // serialized SignedMessage. optional bytes grouped_license = 8; + + // Protection scheme identifying the encryption algorithm. Represented as one + // of the following 4CC values: 'cenc' (AES-CTR), 'cbc1' (AES-CBC), + // 'cens' (AES-CTR subsample), 'cbcs' (AES-CBC subsample). + optional uint32 protection_scheme = 9; }