widevine-partner/ce_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Source release 16.3.0

Browse Source
This commit is contained in:
John W. Bruce
2020-07-24 14:30:03 -07:00
parent b830b1d1fb
commit 160df9f57a
74 changed files with 4632 additions and 2561 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
core/include/cdm_client_property_set.h
View File

@@ -24,6 +24,7 @@ class CdmClientPropertySet {
virtual uint32_t session_sharing_id() const = 0;
virtual void set_session_sharing_id(uint32_t id) = 0;
virtual const std::string& app_id() const = 0;
virtual bool use_atsc_mode() const = 0;
};
} // namespace wvcdm

7
core/include/cdm_engine.h
View File

@@ -179,12 +179,14 @@ class CdmEngine {
// Generate and return a valid provisioning request.
virtual CdmResponseType GetProvisioningRequest(
CdmCertificateType cert_type, const std::string& cert_authority,
const std::string& service_certificate, CdmProvisioningRequest* request,
const std::string& service_certificate,
SecurityLevel requested_security_level, CdmProvisioningRequest* request,
std::string* default_url);
// Verify and process a provisioning response.
virtual CdmResponseType HandleProvisioningResponse(
const CdmProvisioningResponse& response, std::string* cert,
const CdmProvisioningResponse& response,
SecurityLevel requested_security_level, std::string* cert,
std::string* wrapped_key);
// Return true if there is a device certificate on the current
@@ -388,7 +390,6 @@ class CdmEngine {
CdmSessionMap session_map_;
CdmReleaseKeySetMap release_key_sets_;
std::unique_ptr<CertificateProvisioning> cert_provisioning_;
SecurityLevel cert_provisioning_requested_security_level_;
FileSystem* file_system_;
Clock clock_;
std::string spoid_;

13
core/include/cdm_engine_metrics_decorator.h
View File

@@ -156,21 +156,24 @@ class CdmEngineMetricsImpl : public T {
CdmResponseType GetProvisioningRequest(CdmCertificateType cert_type,
const std::string& cert_authority,
const std::string& service_certificate,
SecurityLevel requested_security_level,
CdmProvisioningRequest* request,
std::string* default_url) override {
CdmResponseType sts;
M_TIME(sts = T::GetProvisioningRequest(cert_type, cert_authority,
service_certificate, request,
default_url),
M_TIME(sts = T::GetProvisioningRequest(
cert_type, cert_authority, service_certificate,
requested_security_level, request, default_url),
metrics_, cdm_engine_get_provisioning_request_, sts);
return sts;
}
CdmResponseType HandleProvisioningResponse(
const CdmProvisioningResponse& response, std::string* cert,
const CdmProvisioningResponse& response,
SecurityLevel requested_security_level, std::string* cert,
std::string* wrapped_key) override {
CdmResponseType sts;
M_TIME(sts = T::HandleProvisioningResponse(response, cert, wrapped_key),
M_TIME(sts = T::HandleProvisioningResponse(
response, requested_security_level, cert, wrapped_key),
metrics_, cdm_engine_handle_provisioning_response_, sts);
return sts;
}

8
core/include/cdm_session.h
View File

@@ -219,7 +219,7 @@ class CdmSession {
private:
friend class CdmSessionTest;
bool GenerateKeySetId(CdmKeySetId* key_set_id);
bool GenerateKeySetId(bool atsc_mode_enabled, CdmKeySetId* key_set_id);
CdmResponseType StoreLicense();
@@ -233,6 +233,12 @@ class CdmSession {
virtual CdmResponseType AddKeyInternal(const CdmKeyResponse& key_response);
void UpdateRequestLatencyTiming(CdmResponseType sts);
// Checks that the usage entry in the usage table header matches the
// information of the currently loaded license for this session.
// Returns false if there is any unexpected mismatch of information,
// true otherwise.
bool VerifyOfflineUsageEntry();
// These setters are for testing only. Takes ownership of the pointers.
void set_license_parser(CdmLicense* license_parser);
void set_crypto_session(CryptoSession* crypto_session);

23
core/include/crypto_session.h
View File

@@ -89,7 +89,20 @@ class CryptoSession {
virtual bool GetApiMinorVersion(SecurityLevel requested_level,
uint32_t* minor_version);
// This method will return, for devices with a
// * keybox: the 32 byte device ID from the keybox.
// * OEM certificate:
// - that implements |OEMCrypto_GetDeviceID|: the (1 to 64 byte) device ID.
// - that does not implement |OEMCrypto_GetDeviceID|: the OEM public
// certificate.
virtual CdmResponseType GetInternalDeviceUniqueId(std::string* device_id);
// This method will return, for devices with a
// * keybox: the 32 byte device ID from the keybox.
// * OEM certificate:
// - that implements |OEMCrypto_GetDeviceID|: the (1 to 64 byte) device ID.
// - that does not implement |OEMCrypto_GetDeviceID|: the 32 byte hash
// of the OEM public certificate.
virtual CdmResponseType GetExternalDeviceUniqueId(std::string* device_id);
virtual bool GetSystemId(uint32_t* system_id);
virtual CdmResponseType GetProvisioningId(std::string* provisioning_id);
@@ -242,11 +255,17 @@ class CryptoSession {
virtual UsageTableHeader* GetUsageTableHeader() {
return usage_table_header_;
}
// The following crypto methods do not require an open session to
// complete the operations.
virtual CdmResponseType CreateUsageTableHeader(
SecurityLevel requested_security_level,
CdmUsageTableHeader* usage_table_header);
virtual CdmResponseType LoadUsageTableHeader(
SecurityLevel requested_security_level,
const CdmUsageTableHeader& usage_table_header);
virtual CdmResponseType ShrinkUsageTableHeader(
SecurityLevel requested_security_level, uint32_t new_entry_count,
CdmUsageTableHeader* usage_table_header);
// Usage entry.
virtual CdmResponseType CreateUsageEntry(uint32_t* entry_number);
@@ -256,8 +275,6 @@ class CryptoSession {
CdmUsageTableHeader* usage_table_header, CdmUsageEntry* usage_entry);
// Adjust usage entries in usage table header.
virtual CdmResponseType ShrinkUsageTableHeader(
uint32_t new_entry_count, CdmUsageTableHeader* usage_table_header);
virtual CdmResponseType MoveUsageEntry(uint32_t new_entry_number);
virtual bool GetAnalogOutputCapabilities(bool* can_support_output,

13
core/include/device_files.h
View File

@@ -95,13 +95,16 @@ class DeviceFiles {
return Init(security_level);
}
// ATSC certificates are installed by the ATSC service. They can be read
// and used but not written or removed.
virtual bool StoreCertificate(const std::string& certificate,
const std::string& wrapped_private_key);
virtual bool RetrieveCertificate(std::string* certificate,
virtual bool RetrieveCertificate(bool atsc_mode_enabled,
std::string* certificate,
std::string* wrapped_private_key,
std::string* serial_number,
uint32_t* system_id);
virtual bool HasCertificate();
virtual bool HasCertificate(bool atsc_mode_enabled);
virtual bool RemoveCertificate();
virtual bool StoreLicense(const CdmLicenseData& license_data,
@@ -256,7 +259,7 @@ class DeviceFiles {
bool RemoveFile(const std::string& name);
ssize_t GetFileSize(const std::string& name);
static std::string GetCertificateFileName();
static std::string GetCertificateFileName(bool atsc_mode_enabled);
static std::string GetHlsAttributesFileNameExtension();
static std::string GetLicenseFileNameExtension();
static std::string GetUsageTableFileName();
@@ -264,8 +267,8 @@ class DeviceFiles {
#if defined(UNIT_TEST)
FRIEND_TEST(DeviceFilesSecurityLevelTest, SecurityLevel);
FRIEND_TEST(DeviceCertificateStoreTest, StoreCertificate);
FRIEND_TEST(DeviceCertificateTest, DISABLED_ReadCertificate);
FRIEND_TEST(DeviceCertificateTest, StoreCertificate);
FRIEND_TEST(DeviceCertificateTest, ReadCertificate);
FRIEND_TEST(DeviceCertificateTest, HasCertificate);
FRIEND_TEST(DeviceFilesStoreTest, StoreLicense);
FRIEND_TEST(DeviceFilesHlsAttributesTest, Delete);

3
core/include/license.h
View File

@@ -176,6 +176,9 @@ class CdmLicense {
// HandleKeyResponse
VersionInfo latest_service_version_;
// The nonce used in the original license request.
uint32_t license_nonce_;
#if defined(UNIT_TEST)
friend class CdmLicenseTestPeer;
#endif

96
core/include/usage_table_header.h
View File

@@ -73,23 +73,37 @@ class UsageTableHeader {
// The licenses or usage info records specified by |usage_entry_number|
// should not be in use by any open CryptoSession objects when calls
// to DeleteEntry and MoveEntry are made.
virtual CdmResponseType DeleteEntry(uint32_t usage_entry_number,
DeviceFiles* handle,
metrics::CryptoMetrics* metrics);
// to InvalidateEntry and MoveEntry are made.
// If |defrag_table| is true, the table will be defragmented after
// the entry has been invalidated.
virtual CdmResponseType InvalidateEntry(uint32_t usage_entry_number,
bool defrag_table,
DeviceFiles* device_files,
metrics::CryptoMetrics* metrics);
// Test only method. This method emulates the behavior of DeleteEntry
// Test only method. This method emulates the behavior of InvalidateEntry
// without actually invoking OEMCrypto (through CryptoSession)
// or storage (through DeviceFiles). It modifies internal data structures
// when DeleteEntry is mocked. This allows one to test methods that are
// dependent on DeleteEntry without having to set expectations
// for the objects that DeleteEntry depends on.
void DeleteEntryForTest(uint32_t usage_entry_number);
// when InvalidateEntry is mocked. This allows one to test methods that are
// dependent on InvalidateEntry without having to set expectations
// for the objects that InvalidateEntry depends on.
void InvalidateEntryForTest(uint32_t usage_entry_number);
size_t size() { return usage_entry_info_.size(); }
size_t potential_table_capacity() const { return potential_table_capacity_; }
bool HasUnlimitedTableCapacity() const {
return potential_table_capacity_ == 0;
}
// Returns the number of entries currently tracked by the CDM that
// are related to usage info (streaming licenses).
size_t UsageInfoCount() const;
// Returns the number of entries currently tracked by the CDM that
// are related to offline licenses.
size_t OfflineEntryCount() const;
const std::vector<CdmUsageEntryInfo>& usage_entry_info() const {
return usage_entry_info_;
}
@@ -104,39 +118,58 @@ class UsageTableHeader {
static bool DetermineLicenseToRemoveForTesting(
const std::vector<CdmUsageEntryInfo>& usage_entry_info_list,
int64_t current_time, size_t unexpired_threshold, size_t removal_count,
std::vector<uint32_t>* removal_candidates) {
int64_t current_time, size_t unexpired_threshold,
uint32_t* entry_to_remove) {
return DetermineLicenseToRemove(usage_entry_info_list, current_time,
unexpired_threshold, removal_count,
removal_candidates);
unexpired_threshold, entry_to_remove);
}
private:
CdmResponseType MoveEntry(uint32_t from /* usage entry number */,
const CdmUsageEntry& from_usage_entry,
uint32_t to /* usage entry number */,
DeviceFiles* handle,
DeviceFiles* device_files,
metrics::CryptoMetrics* metrics);
CdmResponseType GetEntry(uint32_t usage_entry_number, DeviceFiles* handle,
CdmResponseType GetEntry(uint32_t usage_entry_number,
DeviceFiles* device_files,
CdmUsageEntry* usage_entry);
CdmResponseType StoreEntry(uint32_t usage_entry_number, DeviceFiles* handle,
CdmResponseType StoreEntry(uint32_t usage_entry_number,
DeviceFiles* device_files,
const CdmUsageEntry& usage_entry);
// Stores the usage table and it's info. This will increment
// |store_table_counter_| if successful.
bool StoreTable(DeviceFiles* device_files);
CdmResponseType Shrink(metrics::CryptoMetrics* metrics,
uint32_t number_of_usage_entries_to_delete);
// Must lock table before calling.
CdmResponseType DefragTable(DeviceFiles* device_files,
metrics::CryptoMetrics* metrics);
// This will use the LRU algorithm to decide which entry is to be
// evicted.
CdmResponseType ReleaseOldestEntry(metrics::CryptoMetrics* metrics);
virtual bool is_inited() { return is_inited_; }
// Performs and LRU upgrade on all loaded CdmUsageEntryInfo from a
// device file that had not yet been upgraded to use the LRU data.
virtual bool LruUpgradeAllUsageEntries();
virtual bool GetRemovalCandidates(std::vector<uint32_t>* removal_candidates);
virtual bool GetRemovalCandidate(uint32_t* entry_to_remove);
int64_t GetCurrentTime() { return clock_ref_->GetCurrentTime(); }
// Uses an LRU-base algorithm to determine which licenses should be
// Sets LRU related metrics based on the provided |staleness| (in
// seconds) and |storage_type| of the entry removed.
void RecordLruEventMetrics(metrics::CryptoMetrics* metrics,
uint64_t staleness,
CdmUsageEntryStorageType storage_type);
// Uses an LRU-base algorithm to determine which license should be
// removed. This is intended to be used if the usage table is full
// and a new entry needs to be added.
//
@@ -151,8 +184,6 @@ class UsageTableHeader {
// 2) Unexpired offline licenses will only be considered for
// removal if the number of unexpired offline licenses exceeds
// |unexpired_threshold|.
// The number of licenses to be considered will be less than or
// equal to the requested |removal_count|.
//
// Unknown storage types will be considered above all other entry
// types.
@@ -165,26 +196,22 @@ class UsageTableHeader {
// [in] unexpired_threshold: The maximum number of unexpired
// offline licenses that are present, before offline
// licenses would be considered for removal.
// [in] removal_count: The desired number of removal candidate to
// find. Note that the actual number will be anywhere
// between 1 and |removal_count|. Must be greater than or
// equal to 1.
// [out] removal_candidates: List of usage entry numbers of the
// entries to be removed. Assume to be unaffected if the
// [out] entry_to_remove: Usage entry index of the entry selected
// to be removed. Assume to be unaffected if the
// function returns |false|.
//
// Returns:
// |true| if at least one removal candidate can be determined.
// |true| if an entry has been determined to be removed.
// Otherwise returns |false|.
static bool DetermineLicenseToRemove(
const std::vector<CdmUsageEntryInfo>& usage_entry_info_list,
int64_t current_time, size_t unexpired_threshold, size_t removal_count,
std::vector<uint32_t>* removal_candidates);
int64_t current_time, size_t unexpired_threshold,
uint32_t* entry_to_remove);
// This handle and file system is only to be used when accessing
// usage_table_header. Usage entries should use the file system provided
// by CdmSession.
std::unique_ptr<DeviceFiles> file_handle_;
std::unique_ptr<DeviceFiles> device_files_;
std::unique_ptr<FileSystem> file_system_;
CdmSecurityLevel security_level_;
SecurityLevel requested_security_level_;
@@ -199,7 +226,7 @@ class UsageTableHeader {
// Synchonizes access to the Usage Table Header and bookkeeping
// data-structures
std::mutex usage_table_header_lock_;
mutable std::mutex usage_table_header_lock_;
metrics::CryptoMetrics alternate_crypto_metrics_;
@@ -217,6 +244,11 @@ class UsageTableHeader {
// assumed to be |kMinimumUsageTableEntriesSupported|.
size_t potential_table_capacity_ = 0u;
// Counts the number of successful calls to |StoreTable()|. Used
// to reduce the number of calls to device files for certain
// table operations.
uint32_t store_table_counter_ = 0u;
#if defined(UNIT_TEST)
// Test related declarations
friend class UsageTableHeaderTest;
@@ -228,7 +260,7 @@ class UsageTableHeader {
// These setters are for testing only. Takes ownership of the pointers.
void SetDeviceFiles(DeviceFiles* device_files) {
file_handle_.reset(device_files);
device_files_.reset(device_files);
}
void SetCryptoSession(CryptoSession* crypto_session) {
test_crypto_session_.reset(crypto_session);

2
core/include/wv_cdm_constants.h
View File

@@ -43,8 +43,10 @@ static const uint32_t RESOURCE_RATING_TIER_MAX = RESOURCE_RATING_TIER_VERY_HIGH;
static const uint32_t OEM_CRYPTO_API_VERSION_SUPPORTS_RESOURCE_RATING_TIER = 15;
static const char SESSION_ID_PREFIX[] = "sid";
static const char ATSC_KEY_SET_ID_PREFIX[] = "atscksid";
static const char KEY_SET_ID_PREFIX[] = "ksid";
static const char KEY_SYSTEM[] = "com.widevine";
static const char ATSC_APP_PACKAGE_NAME[] = "org.atsc";
// define query keys, values here
static const std::string QUERY_KEY_LICENSE_TYPE =

26
core/include/wv_cdm_types.h
View File

@@ -253,7 +253,7 @@ enum CdmResponseType {
INVALID_SESSION_1 = 199,
NO_DEVICE_KEY_1 = 200,
NO_CONTENT_KEY_2 = 201,
INSUFFICIENT_CRYPTO_RESOURCES_2 = 202,
/* previously INSUFFICIENT_CRYPTO_RESOURCES_2 = 202, */
INVALID_PARAMETERS_ENG_13 = 203,
INVALID_PARAMETERS_ENG_14 = 204,
INVALID_PARAMETERS_ENG_15 = 205,
@@ -272,7 +272,7 @@ enum CdmResponseType {
LOAD_USAGE_HEADER_UNKNOWN_ERROR = 218,
/* previously INVALID_PARAMETERS_ENG_17 = 219, */
/* preivously INVALID_PARAMETERS_ENG_18 = 220, */
INSUFFICIENT_CRYPTO_RESOURCES_3 = 221,
/* previously INSUFFICIENT_CRYPTO_RESOURCES_3 = 221, */
CREATE_USAGE_ENTRY_UNKNOWN_ERROR = 222,
LOAD_USAGE_ENTRY_GENERATION_SKEW = 223,
LOAD_USAGE_ENTRY_SIGNATURE_FAILURE = 224,
@@ -281,7 +281,7 @@ enum CdmResponseType {
/* previsouly INVALID_PARAMETERS_ENG_20 = 227, */
UPDATE_USAGE_ENTRY_UNKNOWN_ERROR = 228,
/* previously INVALID_PARAMETERS_ENG_21 = 229, */
SHRINK_USAGE_TABLER_HEADER_UNKNOWN_ERROR = 230,
SHRINK_USAGE_TABLE_HEADER_UNKNOWN_ERROR = 230,
MOVE_USAGE_ENTRY_UNKNOWN_ERROR = 231,
COPY_OLD_USAGE_ENTRY_UNKNOWN_ERROR = 232,
INVALID_PARAMETERS_ENG_22 = 233,
@@ -331,12 +331,12 @@ enum CdmResponseType {
/* previously LICENSE_REQUEST_INVALID_SUBLICENSE = 277, */
CERT_PROVISIONING_EMPTY_SERVICE_CERTIFICATE = 278,
LOAD_SYSTEM_ID_ERROR = 279,
INSUFFICIENT_CRYPTO_RESOURCES_4 = 280,
INSUFFICIENT_CRYPTO_RESOURCES_5 = 281,
/* previously INSUFFICIENT_CRYPTO_RESOURCES_4 = 280, */
/* previously INSUFFICIENT_CRYPTO_RESOURCES_5 = 281, */
REMOVE_USAGE_INFO_ERROR_1 = 282,
REMOVE_USAGE_INFO_ERROR_2 = 283,
REMOVE_USAGE_INFO_ERROR_3 = 284,
INSUFFICIENT_CRYPTO_RESOURCES_6 = 285,
/* previously INSUFFICIENT_CRYPTO_RESOURCES_6 = 285, */
NOT_AN_ENTITLEMENT_SESSION = 286,
NO_MATCHING_ENTITLEMENT_KEY = 287,
LOAD_ENTITLED_CONTENT_KEYS_ERROR = 288,
@@ -408,6 +408,12 @@ enum CdmResponseType {
CANNOT_DECRYPT_ZERO_SUBSAMPLES = 354,
SAMPLE_AND_SUBSAMPLE_SIZE_MISMATCH = 355,
INVALID_IV_SIZE = 356,
PROVISIONING_NOT_ALLOWED_FOR_ATSC = 357,
// 357 was |LOAD_USAGE_ENTRY_INVALID_SESSION| in early R builds
MOVE_USAGE_ENTRY_DESTINATION_IN_USE = 358,
SHRINK_USAGE_TABLE_HEADER_ENTRY_IN_USE = 359,
LICENSE_USAGE_ENTRY_MISSING = 360,
LOAD_USAGE_ENTRY_INVALID_SESSION = 361,
// Don't forget to add new values to
// * core/test/test_printers.cpp.
// * android/include/mapErrors-inl.h
@@ -529,6 +535,14 @@ struct CdmUsageEntryInfo {
// else storage_type == kStorageTypeUnknown
return true;
}
void Clear() {
storage_type = kStorageTypeUnknown;
key_set_id.clear();
usage_info_file_name.clear();
last_use_time = 0;
offline_license_expiry_time = 0;
}
};
enum CdmKeySecurityLevel {