Widevine CENC drm engine update

bug: 8601053

This import syncs to the widevine git repository change
commit 6a99ad1b59ad39495f62954b3065ddc22b78da49

It includes the following changes from the widevine git
repository, which complete the jb-mr2 features

    Fix Unit Test Makefile
    Adds support for device certificate provisioning.
    Support application parameters
    Certificate based licensing
    Proto for client files
    Implement Property Query API
    Add Device Query For Unique ID
    Implement Generic Crypto in DrmEngine
    Do not validate Key IDs on clear playback
    Allow OEMCrypto_DecryptCTR with clear content and no key
    Add a case to the MediaDrm API test to repro b/8594163
    Implement requiresSecureDecoderComponent
    Implement Eventing API
    Add end-to-end decryption test with vectors
    Refactoring of properties class
    Refactor OEMCrypto unittest.
    Fix for b/8567853: License renewal doesn't renew license.
    Add KEY_ERROR callback to WvContentDecryptionModule() ctor.
    Merged certificate_provisioning.proto and
      client_identification.proto to license_protocol.proto.
    Fix nonce check failure after a malformed key in OEC Mock.
    asynchronize decryption
    Allow querying of control information
    make debugging AddKey & Decrypt statuses easier
    Revert "Revert "Send KEY_ERROR event to app on license
      expiration or failure""
    Revert "Send KEY_ERROR event to app on license expiration
      or failure"
    Send KEY_ERROR event to app on license expiration or failure
    remove extra session id copy
    use KeyError constants directly
    replace variable-length arrays with std::vector and fixed-sized array
    pass session ids as const references
    refactor key extraction and update keys on renewal
    Updates to enable renewals and signaling license expiration.
    fix error constant in OEMCrypto_DecryptCTR

Change-Id: I5f7236c7bdff1d5ece6115fd2893f8a1e1e07c50

libwvdrmengine/cdm/core/include/cdm_engine.h

@@ -3,6 +3,7 @@
 #ifndef CDM_BASE_CDM_ENGINE_H_
 #define CDM_BASE_CDM_ENGINE_H_
 
+#include "crypto_engine.h"
 #include "timer.h"
 #include "wv_cdm_types.h"
 
@@ -15,13 +16,13 @@ typedef std::map<CdmSessionId, CdmSession*> CdmSessionMap;
 
 class CdmEngine : public TimerHandler {
  public:
-  CdmEngine() {}
+  CdmEngine();
   ~CdmEngine();
 
   // Session related methods
   CdmResponseType OpenSession(const CdmKeySystem& key_system,
                               CdmSessionId* session_id);
-  CdmResponseType CloseSession(CdmSessionId& session_id);
+  CdmResponseType CloseSession(const CdmSessionId& session_id);
 
   // License related methods
   // Construct a valid license request
@@ -66,6 +67,10 @@ class CdmEngine : public TimerHandler {
   CdmResponseType QueryKeyStatus(const CdmSessionId& session_id,
                                  CdmQueryMap* key_info);
 
+  // Query seesion control information
+  CdmResponseType QueryKeyControlInfo(const CdmSessionId& session_id,
+                                      CdmQueryMap* key_info);
+
   // Provisioning related methods
   CdmResponseType GetProvisioningRequest(CdmProvisioningRequest* request,
                                          std::string* default_url);
@@ -92,20 +97,31 @@ class CdmEngine : public TimerHandler {
   bool IsKeyValid(const KeyId& key_id);
 
   // Event listener related methods
-  bool AttachEventListener(CdmSessionId& session_id,
+  bool AttachEventListener(const CdmSessionId& session_id,
                            WvCdmEventListener* listener);
-  bool DetachEventListener(CdmSessionId& session_id,
+  bool DetachEventListener(const CdmSessionId& session_id,
                            WvCdmEventListener* listener);
  private:
   // private methods
-  bool ValidateKeySystem(const CdmKeySystem& key_system);
   // Cancel all sessions
   bool CancelSessions();
+  void CleanupProvisioingSessions(CdmSession* cdm_session,
+                                  CryptoEngine* crypto_engine,
+                                  const CdmSessionId& cdm_session_id);
+  void ComposeJsonRequest(const std::string& message,
+                          const std::string& signature,
+                          CdmProvisioningRequest* request);
+
   // Parse a blob of multiple concatenated PSSH atoms to extract the first
   // widevine pssh
   // TODO(gmorgan): This should be done by the user of this class.
   bool ExtractWidevinePssh(const CdmInitData& init_data,
                            CdmInitData* output);
+  bool ParseJsonResponse(const CdmProvisioningResponse& json_str,
+                         const std::string& start_substr,
+                         const std::string& end_substr,
+                         std::string* result);
+  bool ValidateKeySystem(const CdmKeySystem& key_system);
 
   // timer related methods to drive policy decisions
   void EnablePolicyTimer();

libwvdrmengine/cdm/core/include/cdm_session.h

@@ -18,12 +18,10 @@ namespace wvcdm {
 
 class CdmSession {
  public:
-  CdmSession() : session_id_(GenerateSessionId()),
-                 license_received_(false),
-                 properties_valid_(false) {}
+  CdmSession() : session_id_(GenerateSessionId()), license_received_(false) {}
   ~CdmSession() {}
 
-  bool Init();
+  CdmResponseType Init();
 
   bool DestroySession();
 
@@ -35,7 +33,9 @@ class CdmSession {
   bool VerifySession(const CdmKeySystem& key_system,
                      const CdmInitData& init_data);
 
-  CdmResponseType GenerateKeyRequest(const CdmInitData& init_data,
+  CdmResponseType GenerateKeyRequest(const CdmInitData& pssh_data,
+                                     const CdmLicenseType license_type,
+                                     CdmAppParameterMap& app_parameters,
                                      CdmKeyMessage* key_request);
 
   // AddKey() - Accept license response and extract key info.
@@ -47,6 +47,9 @@ class CdmSession {
   // Query license information
   CdmResponseType QueryKeyStatus(CdmQueryMap* key_info);
 
+  // Query session control info
+  CdmResponseType QueryKeyControlInfo(CdmQueryMap* key_info);
+
   // Decrypt() - Accept encrypted buffer and return decrypted data.
   CdmResponseType Decrypt(bool is_encrypted,
                           const KeyId& key_id,
@@ -77,6 +80,8 @@ class CdmSession {
   // Generate unique ID for each new session.
   CdmSessionId GenerateSessionId();
 
+  bool LoadDeviceCertificate(std::string* cert, std::string* wrapped_key);
+
   // instance variables
   const CdmSessionId session_id_;
   CdmKeySystem key_system_;
@@ -85,11 +90,11 @@ class CdmSession {
   PolicyEngine policy_engine_;
   bool license_received_;
 
-  bool properties_valid_;
-  bool require_explicit_renew_request_;
-
   KeyId key_id_;
 
+  // Used for certificate based licensing
+  std::string wrapped_key_;
+
   std::set<WvCdmEventListener*> listeners_;
 
   // TODO(kqyang): CdmKey not defined yet

libwvdrmengine/cdm/core/include/crypto_engine.h

@@ -5,6 +5,8 @@
 #ifndef CDM_BASE_CRYPTO_ENGINE_H_
 #define CDM_BASE_CRYPTO_ENGINE_H_
 
+#include <string>
+
 #include "crypto_session.h"
 #include "lock.h"
 #include "wv_cdm_types.h"
@@ -46,13 +48,7 @@ class CryptoEngine {
   } SecurityLevel;
 
   SecurityLevel GetSecurityLevel();
-
-  bool properties_valid() const { return properties_valid_; }
-  bool oem_crypto_use_secure_buffers() const
-      { return oem_crypto_use_secure_buffers_; }
-  bool oem_crypto_use_fifo() const { return oem_crypto_use_fifo_; }
-  bool oem_crypto_use_userspace_buffers() const
-      { return oem_crypto_use_userspace_buffers_; }
+  std::string GetDeviceUniqueId();
 
 private:
 
@@ -69,11 +65,6 @@ private:
   mutable Lock sessions_lock_;
   CryptoSessionMap sessions_;
 
-  bool properties_valid_;
-  bool oem_crypto_use_secure_buffers_;
-  bool oem_crypto_use_fifo_;
-  bool oem_crypto_use_userspace_buffers_;
-
   CORE_DISALLOW_COPY_AND_ASSIGN(CryptoEngine);
 };
 

libwvdrmengine/cdm/core/include/crypto_key.h

@@ -35,8 +35,6 @@ private:
   std::string key_data_;
   std::string key_control_;
   std::string key_control_iv_;
-
-  CORE_DISALLOW_COPY_AND_ASSIGN(CryptoKey);
 };
 
 }; // namespace wvcdm

libwvdrmengine/cdm/core/include/crypto_session.h

@@ -44,11 +44,24 @@ class CryptoSession {
                 const std::string& mac_key,
                 int num_keys,
                 const CryptoKey* key_array);
+  bool LoadCertificatePrivateKey(std::string& wrapped_key);
   bool RefreshKeys(const std::string& message,
                    const std::string& signature,
                    int num_keys,
                    const CryptoKey* key_array);
   bool GenerateNonce(uint32_t* nonce);
+  bool GenerateDerivedKeys(const std::string& message);
+  bool GenerateDerivedKeys(const std::string& message,
+                           const std::string& session_key);
+  bool GenerateSignature(const std::string& message,
+                         std::string* signature);
+  bool RewrapDeviceRSAKey(const std::string& message,
+                          const uint32_t* nonce,
+                          const uint8_t* enc_rsa_key,
+                          size_t enc_rsa_key_length,
+                          const uint8_t* enc_rsa_key_iv,
+                          uint8_t* wrapped_rsa_key,
+                          size_t* wrapped_rsa_key_length);
 
   // Media data path
   bool SelectKey(const std::string& key_id);
@@ -61,6 +74,7 @@ class CryptoSession {
                           bool is_video);
 
  private:
+  static const size_t kSignatureSize = 32; // size for HMAC-SHA256 signature
 
   void GenerateMacContext(const std::string& input_context,
                           std::string* deriv_context);

libwvdrmengine/cdm/core/include/license.h

@@ -9,6 +9,7 @@
 namespace wvcdm {
 
 using video_widevine_server::sdk::LicenseIdentification;
+using video_widevine_server::sdk::SignedMessage;
 
 class CryptoSession;
 class PolicyEngine;
@@ -23,19 +24,26 @@ class CdmLicense {
   bool Init(const std::string& token, CryptoSession* session,
             PolicyEngine* policy_engine);
 
-  bool PrepareKeyRequest(const CdmInitData& init_data,
+  bool PrepareKeyRequest(const CdmInitData& pssh_data,
+                         const CdmLicenseType license_type,
+                         CdmAppParameterMap& app_parameters,
                          CdmKeyMessage* signed_request);
   bool PrepareKeyRenewalRequest(CdmKeyMessage* signed_request);
-  bool HandleKeyResponse(const CdmKeyResponse& license_response);
-  bool HandleKeyRenewalResponse(const CdmKeyResponse& license_response);
+  CdmResponseType HandleKeyResponse(const CdmKeyResponse& license_response);
+  CdmResponseType HandleKeyRenewalResponse(
+      const CdmKeyResponse& license_response);
 
 private:
+  CdmResponseType HandleKeyErrorResponse(const SignedMessage& signed_message);
 
   LicenseIdentification license_id_;
   CryptoSession* session_;
   PolicyEngine* policy_engine_;
   std::string token_;
 
+  // Used for certificate based licensing
+  CdmKeyMessage key_request_;
+
   CORE_DISALLOW_COPY_AND_ASSIGN(CdmLicense);
 };
 

libwvdrmengine/cdm/core/include/lock.h

@@ -35,16 +35,23 @@ class Lock {
 };
 
 // Manages the lock automatically. It will be locked when AutoLock
-// is constructed and release when AutoLock goes out of scope
+// is constructed and release when AutoLock goes out of scope.
 class AutoLock {
  public:
-  explicit AutoLock(Lock& lock);
-  explicit AutoLock(Lock* lock);
-  ~AutoLock();
+  explicit AutoLock(Lock& lock) : lock_(&lock) {
+    lock_->Acquire();
+  }
+
+  explicit AutoLock(Lock* lock) : lock_(lock) {
+    lock_->Acquire();
+  }
+
+  ~AutoLock() {
+    lock_->Release();
+  }
 
  private:
-  class Impl;
-  Impl *impl_;
+  Lock *lock_;
 
   CORE_DISALLOW_COPY_AND_ASSIGN(AutoLock);
 };

libwvdrmengine/cdm/core/include/policy_engine.h

@@ -101,9 +101,6 @@ class PolicyEngine {
   int64_t next_renewal_time_;
   int64_t policy_max_duration_seconds_;
 
-  bool properties_valid_;
-  bool begin_license_usage_when_received_;
-
   Clock* clock_;
 
   // For testing

libwvdrmengine/cdm/core/include/properties.h

@@ -11,39 +11,62 @@
 
 namespace wvcdm {
 
-typedef std::map<std::string, bool> CdmBooleanPropertiesMap;
-
-struct CdmBooleanProperties {
-  std::string name;
-  bool value;
-};
-
 // This class saves information about features and properties enabled
-// for a given platform. At initialization it reads in properties from
+// for a given platform. At initialization it initializes properties from
 // property_configuration.h. That file specifies features selected for each
-// platform. Core CDM can then query enabled features though the GetProperty
-// method and tailor its behaviour in a non-platform specific way.
-//
-// Additional features can be added at runtime as long as the key names do
-// not clash. Also, only boolean properties are supported at this time, though
-// it should be trivial to in support for other datatypes.
+// platform. Core CDM can then query enabled features though specific getter
+// methods.
+// Setter methods are provided but their only planned use is for testing.
 class Properties {
  public:
-  static Properties* GetInstance();
+  static void Init();
+
+  static inline bool begin_license_usage_when_received() {
+    return begin_license_usage_when_received_;
+  }
+  static inline bool require_explicit_renew_request() {
+    return require_explicit_renew_request_;
+  }
+  static inline bool oem_crypto_use_secure_buffers() {
+    return oem_crypto_use_secure_buffers_;
+  }
+  static inline bool oem_crypto_use_fifo() {
+    return oem_crypto_use_fifo_;
+  }
+  static inline bool oem_crypto_use_userspace_buffers() {
+    return oem_crypto_use_userspace_buffers_;
+  }
+  static inline bool use_certificates_as_identification() {
+    return use_certificates_as_identification_;
+  }
 
-  // value argument is only set if the property was found (true is returned)
-  bool GetProperty(std::string& key, bool& value);
 
  private:
-  Properties();
-  ~Properties() {}
+  static void set_begin_license_usage_when_received(bool flag) {
+    begin_license_usage_when_received_ = flag;
+  }
+  static void set_require_explicit_renew_request(bool flag) {
+    require_explicit_renew_request_ = flag;
+  }
+  static void set_oem_crypto_use_secure_buffers(bool flag) {
+    oem_crypto_use_secure_buffers_ = flag;
+  }
+  static void set_oem_crypto_use_fifo(bool flag) {
+    oem_crypto_use_fifo_ = flag;
+  }
+  static void set_oem_crypto_use_userspace_buffers(bool flag) {
+    oem_crypto_use_userspace_buffers_ = flag;
+  }
+  static void set_use_certificates_as_identification(bool flag) {
+    use_certificates_as_identification_ = flag;
+  }
 
-  void SetProperty(std::string& key, bool value);
-
-  static Properties* instance_;
-  static Lock properties_lock_;
-
-  CdmBooleanPropertiesMap boolean_properties_;
+  static bool begin_license_usage_when_received_;
+  static bool require_explicit_renew_request_;
+  static bool oem_crypto_use_secure_buffers_;
+  static bool oem_crypto_use_fifo_;
+  static bool oem_crypto_use_userspace_buffers_;
+  static bool use_certificates_as_identification_;
 
   CORE_DISALLOW_COPY_AND_ASSIGN(Properties);
 };

libwvdrmengine/cdm/core/include/wv_cdm_constants.h

@@ -16,24 +16,6 @@ static const size_t KEY_PAD_SIZE = 16;
 static const size_t KEY_SIZE = 16;
 static const size_t MAC_KEY_SIZE = 32;
 
-// define boolean property keys here
-// If false begin license usage on first playback
-static std::string kPropertyKeyBeginLicenseUsageWhenReceived =
-    "WVBeginLicenseUsageWhenReceived";
-// If false, calls to Generate Key request, after the first one,
-// will result in a renewal request being generated
-static std::string kPropertyKeyRequireExplicitRenewRequest =
-    "WVRequireExplicitRenewRequest";
-// Set only one of the three below to true. If secure buffer
-// is selected, fallback to userspace buffers may occur
-// if L1/L2 OEMCrypto APIs fail
-static std::string kPropertyKeyOemCryptoUseSecureBuffers =
-    "WVBeginLicenseOemCryptoUseSecureBuffer";
-static std::string kPropertyKeyOemCryptoUseFifo =
-    "WVBeginLicenseOemCryptoUseFifo";
-static std::string kPropertyKeyOemCryptoUseUserSpaceBuffers =
-    "WVBeginLicenseOemCryptoUseUserSpaceBuffers";
-
 // define query keys, values here
 static const std::string QUERY_KEY_LICENSE_TYPE = "LicenseType";
                                                     // "Streaming", "Offline"
@@ -49,8 +31,12 @@ static const std::string QUERY_KEY_PLAYBACK_DURATION_REMAINING =
     "PlaybackDurationRemaining";                    // non-negative integer
 static const std::string QUERY_KEY_RENEWAL_SERVER_URL = "RenewalServerUrl";
                                                     // url
+static const std::string QUERY_KEY_OEMCRYPTO_SESSION_ID = "OemCryptoSessionId";
+                                                    // session id
 static const std::string QUERY_KEY_SECURITY_LEVEL = "SecurityLevel";
                                                     // "L1", "L3"
+static const std::string QUERY_KEY_DEVICE_ID = "DeviceID";
+                                               // device unique id
 
 static const std::string QUERY_VALUE_TRUE = "True";
 static const std::string QUERY_VALUE_FALSE = "False";

libwvdrmengine/cdm/core/include/wv_cdm_types.h

@@ -35,6 +35,8 @@ enum CdmResponseType {
   KEY_MESSAGE,
   NEED_KEY,
   KEY_CANCELED,
+  NEED_PROVISIONING,
+  DEVICE_REVOKED,
 };
 
 #define CORE_DISALLOW_COPY_AND_ASSIGN(TypeName) \