Source release v3.4.1
This commit is contained in:
Gene Morgan
@@ -17,6 +17,9 @@ class CryptoKey {
|
||||
const std::string& key_data_iv() const { return key_data_iv_; }
|
||||
const std::string& key_control() const { return key_control_; }
|
||||
const std::string& key_control_iv() const { return key_control_iv_; }
|
||||
const std::string& sub_session_key_id() const {return sub_session_key_id_;}
|
||||
const std::string& sub_session_key() const {return sub_session_key_;}
|
||||
const std::string& track_label() const { return track_label_; }
|
||||
CdmCipherMode cipher_mode() const { return cipher_mode_; }
|
||||
void set_key_id(const std::string& key_id) { key_id_ = key_id; }
|
||||
void set_key_data(const std::string& key_data) { key_data_ = key_data; }
|
||||
@@ -28,6 +31,15 @@ class CryptoKey {
|
||||
void set_cipher_mode(CdmCipherMode cipher_mode) {
|
||||
cipher_mode_ = cipher_mode;
|
||||
}
|
||||
void set_sub_session_key_id(const std::string& sub_session_key_id) {
|
||||
sub_session_key_id_ = sub_session_key_id;
|
||||
}
|
||||
void set_sub_session_key(const std::string& sub_session_key) {
|
||||
sub_session_key_ = sub_session_key;
|
||||
}
|
||||
void set_track_label(const std::string& track_label) {
|
||||
track_label_ = track_label;
|
||||
}
|
||||
|
||||
bool HasKeyControl() const { return key_control_.size() >= 16; }
|
||||
|
||||
@@ -37,6 +49,9 @@ class CryptoKey {
|
||||
std::string key_data_;
|
||||
std::string key_control_;
|
||||
std::string key_control_iv_;
|
||||
std::string sub_session_key_id_;
|
||||
std::string track_label_;
|
||||
std::string sub_session_key_;
|
||||
CdmCipherMode cipher_mode_;
|
||||
};
|
||||
|
||||
|
||||
@@ -10,12 +10,39 @@
|
||||
#include "lock.h"
|
||||
#include "oemcrypto_adapter.h"
|
||||
#include "OEMCryptoCENC.h"
|
||||
#include "scoped_ptr.h"
|
||||
#include "wv_cdm_types.h"
|
||||
|
||||
namespace wvcdm {
|
||||
|
||||
class CryptoKey;
|
||||
typedef std::map<CryptoKeyId, CryptoKey*> CryptoKeyMap;
|
||||
typedef std::map<std::string, CryptoSessionId> SubLicenseSessionMap;
|
||||
|
||||
class KeySession {
|
||||
protected:
|
||||
KeySession() {}
|
||||
|
||||
public:
|
||||
typedef enum { kDefault, kSubLicense } KeySessionType;
|
||||
virtual ~KeySession() {}
|
||||
virtual KeySessionType Type() = 0;
|
||||
virtual bool GenerateDerivedKeys(const std::string& message) = 0;
|
||||
virtual bool GenerateDerivedKeys(const std::string& message,
|
||||
const std::string& session_key) = 0;
|
||||
virtual OEMCryptoResult LoadKeys(const std::string& message,
|
||||
const std::string& signature,
|
||||
const std::string& mac_key_iv,
|
||||
const std::string& mac_key,
|
||||
const std::vector<CryptoKey>& keys,
|
||||
const std::string& provider_session_token,
|
||||
CdmCipherMode* cipher_mode) = 0;
|
||||
virtual OEMCryptoResult SelectKey(const std::string& key_id) = 0;
|
||||
virtual OEMCryptoResult Decrypt(
|
||||
const CdmDecryptionParameters& params,
|
||||
OEMCrypto_DestBufferDesc& buffer_descriptor,
|
||||
OEMCrypto_CENCEncryptPatternDesc& pattern_descriptor) = 0;
|
||||
};
|
||||
|
||||
class CryptoSession {
|
||||
public:
|
||||
@@ -79,7 +106,7 @@ class CryptoSession {
|
||||
std::string* wrapped_private_key);
|
||||
|
||||
// Media data path
|
||||
virtual CdmResponseType Decrypt(const CdmDecryptionParameters& parameters);
|
||||
virtual CdmResponseType Decrypt(const CdmDecryptionParameters& params);
|
||||
|
||||
// Usage related methods
|
||||
virtual bool UsageInformationSupport(bool* has_support);
|
||||
@@ -129,19 +156,21 @@ class CryptoSession {
|
||||
CdmSigningAlgorithm algorithm,
|
||||
const std::string& signature);
|
||||
|
||||
virtual CdmResponseType AddSubSession(const std::string& sub_session_key_id);
|
||||
// TODO(jfore): exists is set based on whether a sub session exists. For now,
|
||||
// that is not assumed to be an error.
|
||||
virtual bool GenerateSubSessionNonce(const std::string& sub_session_key_id,
|
||||
bool* exists, uint32_t* nonce);
|
||||
|
||||
private:
|
||||
bool GetProvisioningMethod(CdmClientTokenType& token_type);
|
||||
void Init();
|
||||
void Terminate();
|
||||
bool GetTokenFromKeybox(std::string* token);
|
||||
bool GetTokenFromOemCert(std::string* token);
|
||||
void GenerateMacContext(const std::string& input_context,
|
||||
std::string* deriv_context);
|
||||
void GenerateEncryptContext(const std::string& input_context,
|
||||
std::string* deriv_context);
|
||||
bool GenerateSignature(const std::string& message, std::string* signature);
|
||||
bool GenerateRsaSignature(const std::string& message, std::string* signature);
|
||||
size_t GetOffset(std::string message, std::string field);
|
||||
|
||||
bool SetDestinationBufferType();
|
||||
|
||||
bool RewrapDeviceRSAKey(
|
||||
@@ -154,7 +183,7 @@ class CryptoSession {
|
||||
const std::string& private_key, const std::string& iv,
|
||||
const std::string& wrapping_key, std::string* wrapped_private_key);
|
||||
|
||||
bool SelectKey(const std::string& key_id);
|
||||
CdmResponseType SelectKey(const std::string& key_id);
|
||||
|
||||
static const OEMCrypto_Algorithm kInvalidAlgorithm =
|
||||
static_cast<OEMCrypto_Algorithm>(-1);
|
||||
@@ -177,7 +206,7 @@ class CryptoSession {
|
||||
static void IncrementIV(uint64_t increase_by, std::vector<uint8_t>* iv_out);
|
||||
|
||||
static const size_t kAes128BlockSize = 16; // Block size for AES_CBC_128
|
||||
static const size_t kSignatureSize = 32; // size for HMAC-SHA256 signature
|
||||
static const size_t kSignatureSize = 32; // size for HMAC-SHA256 signature
|
||||
static Lock crypto_lock_;
|
||||
static bool initialized_;
|
||||
static int session_count_;
|
||||
@@ -187,6 +216,10 @@ class CryptoSession {
|
||||
std::string oem_token_; // Cached OEMCrypto Public Key
|
||||
bool update_usage_table_after_close_session_;
|
||||
CryptoSessionId oec_session_id_;
|
||||
SubLicenseSessionMap sub_license_oec_sessions_;
|
||||
// Used for sub license sessions.
|
||||
std::string wrapped_key_;
|
||||
scoped_ptr<KeySession> key_session_;
|
||||
|
||||
OEMCryptoBufferType destination_buffer_type_;
|
||||
bool is_destination_buffer_type_valid_;
|
||||
|
||||
@@ -5,6 +5,7 @@
|
||||
|
||||
#include <string>
|
||||
|
||||
#include "license_protocol.pb.h"
|
||||
#include "wv_cdm_types.h"
|
||||
|
||||
namespace wvcdm {
|
||||
@@ -27,6 +28,7 @@ class InitializationData {
|
||||
const CdmInitData& data() const { return data_; }
|
||||
std::vector<uint8_t> hls_iv() const { return hls_iv_; }
|
||||
CdmHlsMethod hls_method() const { return hls_method_; }
|
||||
std::vector<video_widevine::SubLicense> ExtractEmbeddedKeys() const;
|
||||
|
||||
private:
|
||||
// Parse a blob of multiple concatenated PSSH atoms to extract the first
|
||||
|
||||
@@ -21,6 +21,7 @@ class Clock;
|
||||
class CryptoSession;
|
||||
class PolicyEngine;
|
||||
class ServiceCertificate;
|
||||
class CryptoKey;
|
||||
|
||||
class CdmLicense {
|
||||
public:
|
||||
@@ -43,6 +44,7 @@ class CdmLicense {
|
||||
const CdmKeyResponse& license_response);
|
||||
virtual CdmResponseType HandleKeyUpdateResponse(
|
||||
bool is_renewal, const CdmKeyResponse& license_response);
|
||||
virtual CdmResponseType HandleSubLicense(const InitializationData& init_data);
|
||||
|
||||
virtual bool RestoreOfflineLicense(
|
||||
const CdmKeyMessage& license_request,
|
||||
@@ -107,6 +109,11 @@ class CdmLicense {
|
||||
// For testing
|
||||
// CdmLicense takes ownership of the clock.
|
||||
CdmLicense(const CdmSessionId& session_id, Clock* clock);
|
||||
|
||||
// For sublicense key embedding. This key array will be initilized with any
|
||||
// sub session keys we may have received in a license response. These keys
|
||||
// may be used to support key rotation.
|
||||
std::vector<CryptoKey> sub_session_key_array_;
|
||||
#if defined(UNIT_TEST)
|
||||
friend class CdmLicenseTest;
|
||||
#endif
|
||||
|
||||
@@ -50,6 +50,8 @@ class PolicyEngine {
|
||||
// permits playback.
|
||||
virtual void SetLicense(const video_widevine::License& license);
|
||||
|
||||
virtual void UpdateLicenseKeys(const video_widevine::License& license);
|
||||
|
||||
// SetLicenseForRelease is used when releasing a license. The keys in this
|
||||
// license will be ignored, and any old keys will be expired.
|
||||
virtual void SetLicenseForRelease(
|
||||
|
||||
@@ -109,6 +109,7 @@ class Properties {
|
||||
FRIEND_TEST(CdmSessionTest, InitFailCryptoError);
|
||||
FRIEND_TEST(CdmSessionTest, InitNeedsProvisioning);
|
||||
FRIEND_TEST(CdmLicenseTest, PrepareKeyRequestValidation);
|
||||
FRIEND_TEST(SubLicenseTest, VerifySubSessionData);
|
||||
#endif
|
||||
|
||||
private:
|
||||
|
||||
@@ -271,6 +271,13 @@ enum CdmResponseType {
|
||||
PARSE_RESPONSE_ERROR_2,
|
||||
PARSE_RESPONSE_ERROR_3, /* 230 */
|
||||
PARSE_RESPONSE_ERROR_4,
|
||||
LICENSE_REQUEST_INVALID_SUBLICENSE,
|
||||
INVALID_SESSION_1,
|
||||
NO_DEVICE_KEY_1,
|
||||
NO_CONTENT_KEY_2, /* 235 */
|
||||
INSUFFICIENT_CRYPTO_RESOURCES_2,
|
||||
UNKNOWN_SELECT_KEY_ERROR_1,
|
||||
UNKNOWN_SELECT_KEY_ERROR_2,
|
||||
};
|
||||
|
||||
enum CdmKeyStatus {
|
||||
@@ -294,6 +301,7 @@ enum CdmLicenseType {
|
||||
// Like Streaming, but stricter. Does not permit storage of any kind.
|
||||
// Named after the 'temporary' session type in EME, which has this behavior.
|
||||
kLicenseTypeTemporary,
|
||||
kLicenseTypeSubSession
|
||||
};
|
||||
|
||||
enum SecurityLevel {
|
||||
|
||||
Reference in New Issue
Block a user