Combined Decrypt Calls

(This is a merge of http://go/wvgerrit/93829, http://go/wvgerrit/93830, http://go/wvgerrit/93832, http://go/wvgerrit/93833, and http://go/wvgerrit/93834 from the Widevine repo.) This implements the CDM code changes necessary to take advantage of Combined Decrypt Calls on OEMCrypto v16. The result of this is that WVCryptoPlugin is much lighter now because it can pass the full sample down to the core in one call, but CryptoSession is heavier, as it now has to handle more complex fallback logic when devices can't handle multiple subsamples at once. This patch also removes support for the 'cens' and 'cbc1' schema, which are being dropped in OEMCrypto v16. This fixes an overflow in the code for handling those schemas by removing it entirely. This patch also fixes the "in chunks" legacy decrypt path to use larger chunk sizes on devices with higher resource rating tiers. Bug: 135285640 Bug: 123435824 Bug: 138584971 Bug: 139257871 Bug: 78289910 Bug: 149361893 Test: no new CE CDM Unit Test failures Test: Google Play plays Test: Netflix plays Test: no new GTS failures Change-Id: Ic4952c9fa3bc7fd5ed08698e88254380a7a18514
2020-02-18 14:46:31 -08:00
parent 3708c4d53f
commit a62886b925
28 changed files with 1253 additions and 1260 deletions
--- a/libwvdrmengine/cdm/core/src/cdm_session.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_session.cpp
@@ -7,6 +7,8 @@
 #include <assert.h>
 #include <stdlib.h>

+#include <algorithm>
+#include <iterator>
 #include <string>

 #include "cdm_engine.h"
@@ -629,23 +631,33 @@ CdmResponseType CdmSession::QueryOemCryptoSessionId(
 }

 // Decrypt() - Accept encrypted buffer and return decrypted data.
-CdmResponseType CdmSession::Decrypt(const CdmDecryptionParameters& params) {
+CdmResponseType CdmSession::Decrypt(const CdmDecryptionParametersV16& params) {
  if (!initialized_) {
    return NOT_INITIALIZED_ERROR;
  }

-  // Encrypted playback may not begin until either the start time passes or the
+  bool is_protected = std::any_of(
+      std::begin(params.samples), std::end(params.samples),
+      [](const CdmDecryptionSample& sample) {
+        return std::any_of(std::begin(sample.subsamples),
+                           std::end(sample.subsamples),
+                           [](const CdmDecryptionSubsample& subsample) {
+                             return subsample.protected_bytes > 0;
+                           });
+      });
+
+  // Protected playback may not begin until either the start time passes or the
  // license is updated, so we treat this Decrypt call as invalid.
  // For the clear lead, we allow playback even if the key_id is not found or if
  // the security level is not high enough yet.
-  if (params.is_encrypted) {
-    if (!policy_engine_->CanDecryptContent(*params.key_id)) {
+  if (is_protected) {
+    if (!policy_engine_->CanDecryptContent(params.key_id)) {
      if (policy_engine_->IsLicenseForFuture()) return DECRYPT_NOT_READY;
-      if (!policy_engine_->IsSufficientOutputProtection(*params.key_id))
+      if (!policy_engine_->IsSufficientOutputProtection(params.key_id))
        return INSUFFICIENT_OUTPUT_PROTECTION;
      return NEED_KEY;
    }
-    if (!policy_engine_->CanUseKeyForSecurityLevel(*params.key_id)) {
+    if (!policy_engine_->CanUseKeyForSecurityLevel(params.key_id)) {
      return KEY_PROHIBITED_FOR_SECURITY_LEVEL;
    }
  }