widevine-partner/ce_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Source release v3.2.0

Browse Source
This commit is contained in:
Gene Morgan
2017-02-01 16:36:41 -08:00
parent 643b91b616
commit 2fde891c01
370 changed files with 40622 additions and 276133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
core/include/cdm_engine.h
View File

@@ -4,14 +4,18 @@
#define WVCDM_CORE_CDM_ENGINE_H_
#include <string>
#include <vector>
#include "certificate_provisioning.h"
#include "clock.h"
#include "crypto_session.h"
#include "file_store.h"
#include "initialization_data.h"
#include "lock.h"
#include "oemcrypto_adapter.h"
#include "scoped_ptr.h"
#include "service_certificate.h"
#include "wv_cdm_constants.h"
#include "wv_cdm_types.h"
namespace wvcdm {
@@ -23,28 +27,41 @@ class UsagePropertySet;
class WvCdmEventListener;
typedef std::map<CdmSessionId, CdmSession*> CdmSessionMap;
typedef std::map<CdmKeySetId, CdmSessionId> CdmReleaseKeySetMap;
typedef std::map<
CdmKeySetId,
std::pair<CdmSessionId, int64_t /* expiration time in seconds */> >
CdmReleaseKeySetMap;
class CdmEngine {
public:
CdmEngine(FileSystem* file_system);
CdmEngine(FileSystem* file_system, const std::string& spoid = EMPTY_SPOID);
virtual ~CdmEngine();
// Set service certificate for all sessions under this CDM/CdmEngine.
// Setting to the empty string is OK. If the License Service certificate is
// empty and privacy mode is true, the certificate will be fetched from
// the server before the first license request.
virtual CdmResponseType SetServiceCertificate(
const std::string& certificate);
// Session related methods
virtual CdmResponseType OpenSession(const CdmKeySystem& key_system,
CdmClientPropertySet* property_set,
const CdmSessionId& forced_session_id,
WvCdmEventListener* event_listener);
virtual CdmResponseType OpenSession(const CdmKeySystem& key_system,
CdmClientPropertySet* property_set,
WvCdmEventListener* event_listener,
CdmSessionId* session_id);
virtual CdmResponseType OpenSession(
const CdmKeySystem& key_system, CdmClientPropertySet* property_set,
const CdmSessionId& forced_session_id,
WvCdmEventListener* event_listener);
virtual CdmResponseType OpenSession(
const CdmKeySystem& key_system, CdmClientPropertySet* property_set,
WvCdmEventListener* event_listener, CdmSessionId* session_id);
virtual CdmResponseType CloseSession(const CdmSessionId& session_id);
virtual bool IsOpenSession(const CdmSessionId& session_id);
virtual CdmResponseType OpenKeySetSession(const CdmKeySetId& key_set_id,
CdmClientPropertySet* property_set,
WvCdmEventListener* event_listener);
virtual CdmResponseType OpenKeySetSession(
const CdmKeySetId& key_set_id, CdmClientPropertySet* property_set,
WvCdmEventListener* event_listener);
virtual CdmResponseType CloseKeySetSession(const CdmKeySetId& key_set_id);
// License related methods
@@ -122,19 +139,32 @@ class CdmEngine {
virtual CdmResponseType QueryOemCryptoSessionId(
const CdmSessionId& session_id, CdmQueryMap* query_response);
// Provisioning related methods
// Generate and return a valid provisioning request.
virtual CdmResponseType GetProvisioningRequest(
CdmCertificateType cert_type, const std::string& cert_authority,
CdmProvisioningRequest* request, std::string* default_url);
// Verify and process a provisioning response.
virtual CdmResponseType HandleProvisioningResponse(
const CdmProvisioningResponse& response, std::string* cert,
std::string* wrapped_key);
// Return true if there is a device certificate on the current
// (origin-specific) file system.
virtual bool IsProvisioned(CdmSecurityLevel security_level);
// Remove provisioning-related from the current (origin-specific) file system.
// This will force the device to reprovision itself.
virtual CdmResponseType Unprovision(CdmSecurityLevel security_level);
// Delete OEMCrypto usage tables. Used by Unprovision().
CdmResponseType DeleteUsageTable(CdmSecurityLevel security_level);
// Return the list of key_set_ids stored on the current (origin-specific)
// file system.
virtual CdmResponseType ListStoredLicenses(
CdmSecurityLevel security_level, std::vector<std::string>* key_set_ids);
// Usage related methods for streaming licenses
// Retrieve a random usage info from the list of all usage infos for this app
// id.
@@ -191,8 +221,9 @@ class CdmEngine {
virtual bool IsKeyLoaded(const KeyId& key_id);
virtual bool FindSessionForKey(const KeyId& key_id, CdmSessionId* sessionId);
// Used for notifying the Max-Res Engine of resolution changes
virtual void NotifyResolution(const CdmSessionId& session_id, uint32_t width,
// Used for notifying the Max-Res Engine of resolution changes.
// Return false if no match is found for session_id.
virtual bool NotifyResolution(const CdmSessionId& session_id, uint32_t width,
uint32_t height);
// Timer expiration method. This method is not re-entrant -- there can be
@@ -206,11 +237,10 @@ class CdmEngine {
private:
// private methods
CdmResponseType OpenSession(const CdmKeySystem& key_system,
CdmClientPropertySet* property_set,
WvCdmEventListener* event_listener,
const CdmSessionId* forced_session_id,
CdmSessionId* session_id);
CdmResponseType OpenSession(
const CdmKeySystem& key_system, CdmClientPropertySet* property_set,
WvCdmEventListener* event_listener, const CdmSessionId* forced_session_id,
CdmSessionId* session_id);
void DeleteAllUsageReportsUponFactoryReset();
bool ValidateKeySystem(const CdmKeySystem& key_system);
@@ -222,15 +252,25 @@ class CdmEngine {
std::string MapHdcpVersion(CryptoSession::HdcpCapability version);
void CloseExpiredReleaseSessions();
// instance variables
CdmSessionMap sessions_;
CdmReleaseKeySetMap release_key_sets_;
scoped_ptr<CertificateProvisioning> cert_provisioning_;
SecurityLevel cert_provisioning_requested_security_level_;
FileSystem* file_system_;
Clock clock_;
std::string spoid_;
static bool seeded_;
// Service certificate for license server and provisioning server.
// It is initially empty. If left empty, the operations that
// require them (getting provider_id, encrypting ClientIdentification)
// are not performed.
ServiceCertificate service_certificate_;
// usage related variables
scoped_ptr<CdmSession> usage_session_;
scoped_ptr<UsagePropertySet> usage_property_set_;
@@ -244,6 +284,8 @@ class CdmEngine {
// occur simultaneously with OpenSession or CloseSession.
Lock session_list_lock_;
Lock release_key_sets_lock_;
CORE_DISALLOW_COPY_AND_ASSIGN(CdmEngine);
};

6
core/include/cdm_session.h
View File

@@ -5,6 +5,7 @@
#include <set>
#include <string>
#include <vector>
#include "crypto_session.h"
#include "device_files.h"
@@ -19,6 +20,7 @@
namespace wvcdm {
class CdmClientPropertySet;
class ServiceCertificate;
class WvCdmEventListener;
class CdmSession {
@@ -27,7 +29,8 @@ class CdmSession {
virtual ~CdmSession();
virtual CdmResponseType Init(CdmClientPropertySet* cdm_client_property_set);
virtual CdmResponseType Init(CdmClientPropertySet* cdm_client_property_set,
virtual CdmResponseType Init(ServiceCertificate* service_certificate,
CdmClientPropertySet* cdm_client_property_set,
const CdmSessionId* forced_session_id,
WvCdmEventListener* event_listener);
@@ -117,6 +120,7 @@ class CdmSession {
// release the underlying crypto session) rather than call this method.
virtual CdmResponseType ReleaseCrypto();
// Delete current license and matching usage record
bool DeleteLicense();
// Generate unique ID for each new session.

43
core/include/certificate_provisioning.h
View File

@@ -6,43 +6,62 @@
#include <string>
#include "crypto_session.h"
#include "license_protocol.pb.h"
#include "oemcrypto_adapter.h"
#include "scoped_ptr.h"
#include "wv_cdm_types.h"
namespace wvcdm {
class CdmClientPropertySet;
class CdmSession;
class FileSystem;
class ServiceCertificate;
class CertificateProvisioning {
public:
CertificateProvisioning() : cert_type_(kCertificateWidevine) {};
explicit CertificateProvisioning(ServiceCertificate* service_certificate) :
cert_type_(kCertificateWidevine),
service_certificate_(service_certificate) {}
~CertificateProvisioning() {};
// Provisioning related methods
CdmResponseType GetProvisioningRequest(SecurityLevel requested_security_level,
CdmCertificateType cert_type,
const std::string& cert_authority,
const std::string& origin,
CdmProvisioningRequest* request,
std::string* default_url);
// Construct a valid provisioning request.
// The request will be sent to the provisioning server.
CdmResponseType GetProvisioningRequest(
SecurityLevel requested_security_level, CdmCertificateType cert_type,
const std::string& cert_authority, const std::string& origin,
const std::string& spoid, CdmProvisioningRequest* request,
std::string* default_url);
// Process the provisioning response.
CdmResponseType HandleProvisioningResponse(
FileSystem* file_system,
const CdmProvisioningResponse& response,
std::string* cert,
std::string* wrapped_key);
FileSystem* file_system, const CdmProvisioningResponse& response,
std::string* cert, std::string* wrapped_key);
private:
bool GetProvisioningTokenType(
video_widevine::ClientIdentification::TokenType* token_type);
bool SetSpoidParameter(const std::string& origin, const std::string& spoid,
video_widevine::ProvisioningRequest* request);
video_widevine::SignedProvisioningMessage::ProtocolVersion
GetProtocolVersion();
void ComposeJsonRequestAsQueryString(const std::string& message,
CdmProvisioningRequest* request);
bool ParseJsonResponse(const CdmProvisioningResponse& json_str,
const std::string& start_substr,
const std::string& end_substr, std::string* result);
CryptoSession crypto_session_;
CdmCertificateType cert_type_;
ServiceCertificate* service_certificate_;
CORE_DISALLOW_COPY_AND_ASSIGN(CertificateProvisioning);
};
} // namespace wvcdm
#endif // WVCDM_CORE_CERTIFICATE_PROVISIONING_H_

24
core/include/crypto_session.h
View File

@@ -5,6 +5,7 @@
#include <map>
#include <string>
#include <vector>
#include "lock.h"
#include "oemcrypto_adapter.h"
@@ -28,8 +29,11 @@ class CryptoSession {
CryptoSession();
virtual ~CryptoSession();
virtual bool ValidateKeybox();
virtual bool GetToken(std::string* token);
virtual bool GetClientToken(std::string* client_token);
virtual bool GetProvisioningToken(std::string* client_token);
virtual CdmClientTokenType GetPreProvisionTokenType() {
return pre_provision_token_type_;
}
virtual CdmSecurityLevel GetSecurityLevel();
virtual bool GetDeviceUniqueId(std::string* device_id);
virtual bool GetApiVersion(uint32_t* version);
@@ -123,8 +127,11 @@ class CryptoSession {
const std::string& signature);
private:
bool GetProvisioningMethod(CdmClientTokenType* token_type);
void Init();
void Terminate();
bool GetTokenFromKeybox(std::string* token);
bool GetTokenFromOemCert(std::string* token);
void GenerateMacContext(const std::string& input_context,
std::string* deriv_context);
void GenerateEncryptContext(const std::string& input_context,
@@ -143,6 +150,18 @@ class CryptoSession {
CdmEncryptionAlgorithm algorithm);
size_t GenericEncryptionBlockSize(CdmEncryptionAlgorithm algorithm);
// These methods are used when a subsample exceeds the maximum buffer size
// that the device can handle.
OEMCryptoResult CopyBufferInChunks(
const CdmDecryptionParameters& params,
OEMCrypto_DestBufferDesc buffer_descriptor);
OEMCryptoResult DecryptInChunks(
const CdmDecryptionParameters& params,
const OEMCrypto_DestBufferDesc& full_buffer_descriptor,
const OEMCrypto_CENCEncryptPatternDesc& pattern_descriptor,
size_t max_chunk_size);
static void IncrementIV(uint64_t increase_by, std::vector<uint8_t>* iv_out);
static const size_t kAes128BlockSize = 16; // Block size for AES_CBC_128
static const size_t kSignatureSize = 32; // size for HMAC-SHA256 signature
static Lock crypto_lock_;
@@ -150,6 +169,7 @@ class CryptoSession {
static int session_count_;
bool open_;
CdmClientTokenType pre_provision_token_type_;
bool update_usage_table_after_close_session_;
CryptoSessionId oec_session_id_;

15
core/include/device_files.h
View File

@@ -7,6 +7,7 @@
#include <set>
#include <string>
#include <vector>
#include "device_files.pb.h"
#include "scoped_ptr.h"
@@ -39,7 +40,9 @@ class DeviceFiles {
virtual bool StoreCertificate(const std::string& certificate,
const std::string& wrapped_private_key);
virtual bool RetrieveCertificate(std::string* certificate,
std::string* wrapped_private_key);
std::string* wrapped_private_key,
std::string* serial_number,
uint32_t* system_id);
virtual bool HasCertificate();
virtual bool RemoveCertificate();
@@ -53,6 +56,7 @@ class DeviceFiles {
const std::string& release_server_url,
int64_t playback_start_time,
int64_t last_playback_time,
int64_t grace_period_end_time,
const CdmAppParameterMap& app_parameters);
virtual bool RetrieveLicense(
const std::string& key_set_id, LicenseState* state,
@@ -60,8 +64,9 @@ class DeviceFiles {
CdmKeyResponse* key_response, CdmKeyMessage* key_renewal_request,
CdmKeyResponse* key_renewal_response, std::string* release_server_url,
int64_t* playback_start_time, int64_t* last_playback_time,
CdmAppParameterMap* app_parameters);
int64_t* grace_period_end_time, CdmAppParameterMap* app_parameters);
virtual bool DeleteLicense(const std::string& key_set_id);
virtual bool ListLicenses(std::vector<std::string>* key_set_ids);
virtual bool DeleteAllFiles();
virtual bool DeleteAllLicenses();
virtual bool LicenseExists(const std::string& key_set_id);
@@ -106,6 +111,11 @@ class DeviceFiles {
std::vector<uint8_t>* media_segment_iv);
virtual bool DeleteHlsAttributes(const std::string& key_set_id);
private:
// Extract serial number and system ID from DRM Device certificate
bool ExtractDeviceInfo(const std::string& device_certificate,
std::string* serial_number,
uint32_t* system_id);
// Helpers that wrap the File interface and automatically handle hashing, as
// well as adding the device files base path to to the file name.
bool StoreFileWithHash(const std::string& name,
@@ -115,6 +125,7 @@ class DeviceFiles {
bool RetrieveHashedFile(const std::string& name,
video_widevine_client::sdk::File* file);
bool FileExists(const std::string& name);
bool ListFiles(std::vector<std::string>* names);
bool RemoveFile(const std::string& name);
ssize_t GetFileSize(const std::string& name);

10
core/include/file_store.h
View File

@@ -55,12 +55,22 @@ class FileSystem {
virtual bool Remove(const std::string& file_path);
virtual ssize_t FileSize(const std::string& file_path);
// Return the filenames stored at dir_path.
// dir_path will be stripped from the returned names.
virtual bool List(const std::string& dir_path,
std::vector<std::string>* names);
const std::string& origin() const { return origin_; }
void SetOrigin(const std::string& origin);
const std::string& identifier() const { return identifier_; }
void SetIdentifier(const std::string& identifier);
bool IsGlobal() const { return identifier_.empty(); }
private:
Impl* impl_;
std::string origin_;
std::string identifier_;
CORE_DISALLOW_COPY_AND_ASSIGN(FileSystem);
};

56
core/include/license.h
View File

@@ -6,32 +6,34 @@
#include <set>
#include "initialization_data.h"
#include "license_protocol.pb.h"
#include "scoped_ptr.h"
#include "wv_cdm_types.h"
namespace video_widevine_server {
namespace sdk {
namespace video_widevine {
class SignedMessage;
class LicenseRequest;
}
} // namespace video_widevine_server
} // namespace video_widevine
namespace wvcdm {
class Clock;
class CryptoSession;
class PolicyEngine;
class ServiceCertificate;
class CdmLicense {
public:
CdmLicense(const CdmSessionId& session_id);
virtual ~CdmLicense();
virtual bool Init(const std::string& token, CryptoSession* session,
PolicyEngine* policy_engine);
virtual bool Init(
ServiceCertificate* service_certificate, const std::string& client_token,
CdmClientTokenType client_token_type, const std::string& serial_number,
CryptoSession* session, PolicyEngine* policy_engine);
virtual CdmResponseType PrepareKeyRequest(
const InitializationData& init_data, const CdmLicenseType license_type,
const InitializationData& init_data, CdmLicenseType license_type,
const CdmAppParameterMap& app_parameters, CdmKeyMessage* signed_request,
std::string* server_url);
virtual CdmResponseType PrepareKeyUpdateRequest(
@@ -46,7 +48,8 @@ class CdmLicense {
const CdmKeyMessage& license_request,
const CdmKeyResponse& license_response,
const CdmKeyResponse& license_renewal_response,
int64_t playback_start_time, int64_t last_playback_time);
int64_t playback_start_time, int64_t last_playback_time,
int64_t grace_period_end_time);
virtual bool RestoreLicenseForRelease(const CdmKeyMessage& license_request,
const CdmKeyResponse& license_response);
virtual bool HasInitData() { return stored_init_data_.get(); }
@@ -60,33 +63,33 @@ class CdmLicense {
return is_offline_;
}
static CdmResponseType VerifySignedServiceCertificate(
const std::string& signed_service_certificate);
private:
bool PrepareServiceCertificateRequest(CdmKeyMessage* signed_request,
std::string* server_url);
CdmResponseType HandleKeyErrorResponse(
const video_widevine_server::sdk::SignedMessage& signed_message);
const video_widevine::SignedMessage& signed_message);
bool GetClientTokenType(
video_widevine::ClientIdentification::TokenType* token_type);
CdmResponseType PrepareClientId(
bool encrypt, const std::string& certificate,
const CdmAppParameterMap& app_parameters,
video_widevine_server::sdk::LicenseRequest* license_request);
video_widevine::LicenseRequest* license_request);
CdmResponseType PrepareContentId(
const InitializationData& init_data, CdmLicenseType license_type,
const std::string& request_id,
video_widevine::LicenseRequest* license_request);
template <typename T>
bool PrepareContentId(const CdmLicenseType license_type,
const std::string& request_id, T* content_id);
bool SetTypeAndId(CdmLicenseType license_type,
const std::string& request_id, T* content_id);
static CdmResponseType VerifyAndExtractSignedServiceCertificate(
const std::string& signed_service_certificate,
std::string* service_certificate);
bool GetServiceCertificate(std::string* service_certificate);
CryptoSession* session_;
CryptoSession* crypto_session_;
PolicyEngine* policy_engine_;
std::string server_url_;
std::string token_;
std::string client_token_;
CdmClientTokenType client_token_type_;
std::string serial_number_;
const CdmSessionId session_id_;
scoped_ptr<InitializationData> stored_init_data_;
bool initialized_;
@@ -95,6 +98,9 @@ class CdmLicense {
bool renew_with_client_id_;
bool is_offline_;
// Used to encrypt ClientIdentification message
ServiceCertificate* service_certificate_;
// Used for certificate based licensing
CdmKeyMessage key_request_;

6
core/include/license_key_status.h
View File

@@ -53,10 +53,10 @@ class LicenseKeys {
// Extracts the keys from a license and makes them available for
// querying usage and constraint settings.
virtual void SetFromLicense(
const video_widevine_server::sdk::License& license);
const video_widevine::License& license);
private:
typedef ::video_widevine_server::sdk::License::KeyContainer KeyContainer;
typedef ::video_widevine::License::KeyContainer KeyContainer;
typedef std::map<wvcdm::KeyId, LicenseKeyStatus*>::const_iterator
LicenseKeyStatusIterator;
@@ -101,7 +101,7 @@ class LicenseKeyStatus {
uint32_t new_resolution, CryptoSession::HdcpCapability new_hdcp_level);
protected:
typedef ::video_widevine_server::sdk::License::KeyContainer KeyContainer;
typedef ::video_widevine::License::KeyContainer KeyContainer;
typedef KeyContainer::OperatorSessionKeyPermissions
OperatorSessionKeyPermissions;
typedef KeyContainer::OutputProtection OutputProtection;

2
core/include/oemcrypto_adapter.h
View File

@@ -35,6 +35,8 @@ OEMCryptoResult OEMCrypto_GetNumberOfOpenSessions(SecurityLevel level,
OEMCryptoResult OEMCrypto_GetMaxNumberOfSessions(SecurityLevel level,
size_t* maximum);
uint8_t OEMCrypto_Security_Patch_Level(SecurityLevel level);
OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod(
SecurityLevel level);
} // namespace wvcdm
#endif // WVCDM_CORE_OEMCRYPTO_ADAPTER_H_

52
core/include/policy_engine.h
View File

@@ -13,7 +13,7 @@
namespace wvcdm {
using video_widevine_server::sdk::LicenseIdentification;
using video_widevine::LicenseIdentification;
class Clock;
class CryptoSession;
@@ -32,7 +32,7 @@ class PolicyEngine {
// UpdateLicense/OnTimerEvent/BeginDecryption and may be out of sync
// depending on the amount of time elapsed. The current decryption
// status is not calculated to avoid overhead in the decryption path.
virtual bool CanDecrypt(const KeyId& key_id);
virtual bool CanDecryptContent(const KeyId& key_id);
// OnTimerEvent is called when a timer fires. It notifies the Policy Engine
// that the timer has fired and dispatches the relevant events through
@@ -43,12 +43,12 @@ class PolicyEngine {
// an exact copy of the policy information stored in the license.
// The license state transitions to kLicenseStateCanPlay if the license
// permits playback.
virtual void SetLicense(const video_widevine_server::sdk::License& license);
virtual void SetLicense(const video_widevine::License& license);
// SetLicenseForRelease is used when releasing a license. The keys in this
// license will be ignored, and any old keys will be expired.
virtual void SetLicenseForRelease(
const video_widevine_server::sdk::License& license);
const video_widevine::License& license);
// Call this on first decrypt to set the start of playback.
virtual void BeginDecryption(void);
@@ -60,7 +60,7 @@ class PolicyEngine {
// updated license_start_time from the server. The license will transition to
// kLicenseStateCanPlay if the license permits playback.
virtual void UpdateLicense(
const video_widevine_server::sdk::License& license);
const video_widevine::License& license);
// Used for notifying the Policy Engine of resolution changes
virtual void NotifyResolution(uint32_t width, uint32_t height);
@@ -80,13 +80,21 @@ class PolicyEngine {
// for offline save and restore
int64_t GetPlaybackStartTime() { return playback_start_time_; }
int64_t GetLastPlaybackTime() { return last_playback_time_; }
int64_t GetGracePeriodEndTime() { return grace_period_end_time_; }
void RestorePlaybackTimes(int64_t playback_start_time,
int64_t last_playback_time);
int64_t last_playback_time,
int64_t grace_period_end_time);
bool IsLicenseForFuture() { return license_state_ == kLicenseStatePending; }
bool IsPlaybackStarted() { return playback_start_time_ > 0; }
bool HasPlaybackStarted(int64_t current_time) {
if (playback_start_time_ == 0)
return false;
bool IsLicenseOrPlaybackDurationExpired(int64_t current_time);
const int64_t playback_time = current_time - playback_start_time_;
return playback_time >= policy_.play_start_grace_period_seconds();
}
bool HasLicenseOrPlaybackDurationExpired(int64_t current_time);
int64_t GetLicenseOrPlaybackDurationRemaining();
bool CanRenew() { return policy_.can_renew(); }
@@ -111,15 +119,22 @@ class PolicyEngine {
kLicenseStateExpired
} LicenseState;
int64_t GetLicenseExpiryTime();
int64_t GetPlaybackExpiryTime();
// Gets the clock time that the license expires. This is the hard limit that
// all license types must obey at all times.
int64_t GetHardLicenseExpiryTime();
// Gets the clock time that the rental duration will expire, using the license
// duration if one is not present.
int64_t GetRentalExpiryTime();
// Gets the clock time that the license expires based on whether we have
// started playing. This takes into account GetHardLicenseExpiryTime.
int64_t GetExpiryTime(int64_t current_time, bool is_load);
int64_t GetLicenseDurationRemaining(int64_t current_time);
int64_t GetLicenseOrRentalDurationRemaining(int64_t current_time);
int64_t GetPlaybackDurationRemaining(int64_t current_time);
bool IsRenewalDelayExpired(int64_t current_time);
bool IsRenewalRecoveryDurationExpired(int64_t current_time);
bool IsRenewalRetryIntervalExpired(int64_t current_time);
bool HasRenewalDelayExpired(int64_t current_time);
bool HasRenewalRecoveryDurationExpired(int64_t current_time);
bool HasRenewalRetryIntervalExpired(int64_t current_time);
void UpdateRenewalRequest(int64_t current_time);
@@ -129,7 +144,7 @@ class PolicyEngine {
// Notifies updates in expiry time and fire OnExpirationUpdate event if
// expiry time changes.
void NotifyExpirationUpdate();
void NotifyExpirationUpdate(int64_t current_time);
// set_clock() is for testing only. It alters ownership of the
// passed-in pointer.
@@ -139,12 +154,12 @@ class PolicyEngine {
// This is the current policy information for this license. This gets updated
// as license renewals occur.
video_widevine_server::sdk::License::Policy policy_;
video_widevine::License::Policy policy_;
// This is the license id field from server response. This data gets passed
// back to the server in each renewal request. When we get a renewal response
// from the license server we will get an updated id field.
video_widevine_server::sdk::LicenseIdentification license_id_;
video_widevine::LicenseIdentification license_id_;
// The server returns the license start time in the license/license renewal
// response based off the request time sent by the client in the
@@ -153,13 +168,14 @@ class PolicyEngine {
int64_t playback_start_time_;
int64_t last_playback_time_;
int64_t last_expiry_time_;
int64_t grace_period_end_time_;
bool last_expiry_time_set_;
bool was_expired_on_load_;
// This is used as a reference point for policy management. This value
// represents an offset from license_start_time_. This is used to
// calculate the time where renewal retries should occur.
int64_t next_renewal_time_;
int64_t policy_max_duration_seconds_;
// Used to dispatch CDM events.
CdmSessionId session_id_;

6
core/include/properties.h
View File

@@ -55,6 +55,7 @@ class Properties {
static bool GetFactoryKeyboxPath(std::string* keybox);
static bool GetOEMCryptoPath(std::string* library_name);
static bool AlwaysUseKeySetIds();
static bool UseProviderIdInProvisioningRequest();
static bool GetSecurityLevelDirectories(std::vector<std::string>* dirs);
static bool GetApplicationId(const CdmSessionId& session_id,
@@ -63,6 +64,10 @@ class Properties {
std::string* service_certificate);
static bool SetServiceCertificate(const CdmSessionId& session_id,
const std::string& service_certificate);
static bool GetDeviceProvisioningServiceCertificate(
const CdmSessionId& session_id, std::string* service_certificate);
static bool SetDeviceProvisioningServiceCertificate(
const CdmSessionId& session_id, const std::string& service_certificate);
static bool UsePrivacyMode(const CdmSessionId& session_id);
static uint32_t GetSessionSharingId(const CdmSessionId& session_id);
@@ -91,6 +96,7 @@ class Properties {
}
#if defined(UNIT_TEST)
FRIEND_TEST(CdmSessionTest, InitWithBuiltInCertificate);
FRIEND_TEST(CdmSessionTest, InitWithCertificate);
FRIEND_TEST(CdmSessionTest, InitWithKeybox);
FRIEND_TEST(CdmSessionTest, ReInitFail);

85
core/include/service_certificate.h Normal file
View File

@@ -0,0 +1,85 @@
// Copyright 2017 Google Inc. All Rights Reserved.
//
#ifndef WVCDM_CORE_SERVICE_CERTIFICATE_H_
#define WVCDM_CORE_SERVICE_CERTIFICATE_H_
// Service Certificates are used to encrypt the ClientIdentification message
// that is part of Device Provisioning, License, Renewal, and Release requests.
// It also supplies a provider_id setting used in device provisioning.
// Service Certificates are typically supplied by the application. If one
// is not supplied and privacy mode is enabled, the CDM will send a Service
// Certificate Request to the target server to get one. Once the Service
// Certificate is established for the session, it should not change.
#include "license_protocol.pb.h"
#include "wv_cdm_types.h"
namespace video_widevine {
class SignedMessage;
class LicenseRequest;
} // namespace video_widevine
namespace wvcdm {
class CryptoSession;
class ServiceCertificate {
public:
ServiceCertificate() {}
virtual ~ServiceCertificate() {}
// Set up a new service certificate.
// Accept a serialized video_widevine::SignedDrmDeviceCertificate message.
virtual CdmResponseType Init(const std::string& signed_certificate);
// Initialize the service certificate.
// Set the certificate with no certificate and provider ID.
virtual void Clear();
// Current state of certificate.
// If !HasCertificate() and privacy mode is enabled, then should call
// PrepareRequest() and pass the request to the license server.
virtual bool HasCertificate() { return !certificate_.empty(); }
virtual bool HasProviderId() { return !provider_id_.empty(); }
virtual const std::string& provider_id() { return provider_id_; }
// Encrypt the ClientIdentification message for a provisioning or
// licensing request. Encryption is performed using the current
// service certificate. Return a failure if the service certificate is
// not present, not valid, or if some other error occurs.
// The routine should not be called if privacy mode is off or if the
// certificate is empty.
virtual CdmResponseType EncryptClientId(
CryptoSession* crypto_session,
const video_widevine::ClientIdentification* clear_client_id,
video_widevine::EncryptedClientIdentification* encrypted_client_id);
// Construct service certificate request.
virtual bool PrepareRequest(CdmKeyMessage* signed_request);
// Parse service certificate response and make it usable.
virtual CdmResponseType HandleResponse(
const std::string& signed_respnse);
private:
// Verify the signature on the signed service certificate.
// Extract and save the certificate and provider_id.
// Expected format: serialized video_widevine::SignedDrmDeviceCertificate.
virtual CdmResponseType VerifyAndExtract(
const std::string& raw_certificate);
// True while waiting for response to service certificate request.
bool fetch_in_progress_;
// Certificate, verified and extracted from signed message.
std::string certificate_;
// Provider ID, extracted from certificate message.
std::string provider_id_;
CORE_DISALLOW_COPY_AND_ASSIGN(ServiceCertificate);
};
} // namespace wvcdm
#endif // WVCDM_CORE_SERVICE_CERTIFICATE_H_

9
core/include/wv_cdm_constants.h
View File

@@ -14,6 +14,10 @@ static const size_t KEY_SIZE = 16;
static const size_t MAC_KEY_SIZE = 32;
static const size_t KEYBOX_KEY_DATA_SIZE = 72;
// Initial estimate of certificate size. Code that
// uses this estimate should be able to adapt to a larger or smaller size.
static const size_t CERTIFICATE_DATA_SIZE = 4 * 1024;
// Use 0 to represent never expired license as specified in EME spec
// (NaN in JS translates to 0 in unix timestamp).
static const int64_t NEVER_EXPIRES = 0;
@@ -32,9 +36,9 @@ static const std::string QUERY_KEY_PERSIST_ALLOWED = "PersistAllowed";
static const std::string QUERY_KEY_RENEW_ALLOWED = "RenewAllowed";
// "True", "False"
static const std::string QUERY_KEY_LICENSE_DURATION_REMAINING =
"LicenseDurationRemaining"; // non-negative integer
"LicenseDurationRemaining"; // non-negative integer denoting seconds
static const std::string QUERY_KEY_PLAYBACK_DURATION_REMAINING =
"PlaybackDurationRemaining"; // non-negative integer
"PlaybackDurationRemaining"; // non-negative integer denoting seconds
static const std::string QUERY_KEY_RENEWAL_SERVER_URL = "RenewalServerUrl";
// url
static const std::string QUERY_KEY_OEMCRYPTO_SESSION_ID = "OemCryptoSessionId";
@@ -94,6 +98,7 @@ static const std::string HLS_IV_ATTRIBUTE = "IV";
static const std::string HLS_URI_ATTRIBUTE = "URI";
static const char EMPTY_ORIGIN[] = "";
static const char EMPTY_SPOID[] = "";
} // namespace wvcdm
#endif // WVCDM_CORE_WV_CDM_CONSTANTS_H_

104
core/include/wv_cdm_types.h
View File

@@ -37,214 +37,220 @@ enum CdmKeyRequestType {
};
enum CdmResponseType {
NO_ERROR,
NO_ERROR, /* 0 */
UNKNOWN_ERROR,
KEY_ADDED,
KEY_ERROR,
KEY_MESSAGE,
NEED_KEY,
NEED_KEY, /* 5 */
KEY_CANCELED,
NEED_PROVISIONING,
DEVICE_REVOKED,
INSUFFICIENT_CRYPTO_RESOURCES,
ADD_KEY_ERROR,
ADD_KEY_ERROR, /* 10 */
CERT_PROVISIONING_GET_KEYBOX_ERROR_1,
CERT_PROVISIONING_GET_KEYBOX_ERROR_2,
CERT_PROVISIONING_INVALID_CERT_TYPE,
CERT_PROVISIONING_REQUEST_ERROR_1,
CERT_PROVISIONING_REQUEST_ERROR_2,
CERT_PROVISIONING_REQUEST_ERROR_2, /* 15 */
CERT_PROVISIONING_REQUEST_ERROR_3,
CERT_PROVISIONING_REQUEST_ERROR_4,
CERT_PROVISIONING_RESPONSE_ERROR_1,
CERT_PROVISIONING_RESPONSE_ERROR_2,
CERT_PROVISIONING_RESPONSE_ERROR_3,
CERT_PROVISIONING_RESPONSE_ERROR_3, /* 20 */
CERT_PROVISIONING_RESPONSE_ERROR_4,
CERT_PROVISIONING_RESPONSE_ERROR_5,
CERT_PROVISIONING_RESPONSE_ERROR_6,
CERT_PROVISIONING_RESPONSE_ERROR_7,
CERT_PROVISIONING_RESPONSE_ERROR_8,
CERT_PROVISIONING_RESPONSE_ERROR_8, /* 25 */
CRYPTO_SESSION_OPEN_ERROR_1,
CRYPTO_SESSION_OPEN_ERROR_2,
CRYPTO_SESSION_OPEN_ERROR_3,
CRYPTO_SESSION_OPEN_ERROR_4,
CRYPTO_SESSION_OPEN_ERROR_5,
CRYPTO_SESSION_OPEN_ERROR_5, /* 30 */
DECRYPT_NOT_READY,
DEVICE_CERTIFICATE_ERROR_1,
DEVICE_CERTIFICATE_ERROR_2,
DEVICE_CERTIFICATE_ERROR_3,
DEVICE_CERTIFICATE_ERROR_4,
DEVICE_CERTIFICATE_ERROR_4, /* 35 */
EMPTY_KEY_DATA_1,
EMPTY_KEY_DATA_2,
EMPTY_KEYSET_ID,
EMPTY_KEYSET_ID_ENG_1,
EMPTY_KEYSET_ID_ENG_2,
EMPTY_KEYSET_ID_ENG_2, /* 40 */
EMPTY_KEYSET_ID_ENG_3,
EMPTY_KEYSET_ID_ENG_4,
EMPTY_LICENSE_RENEWAL,
EMPTY_LICENSE_RESPONSE_1,
EMPTY_LICENSE_RESPONSE_2,
EMPTY_LICENSE_RESPONSE_2, /* 45 */
EMPTY_PROVISIONING_CERTIFICATE_1,
EMPTY_PROVISIONING_RESPONSE,
EMPTY_SESSION_ID,
GENERATE_DERIVED_KEYS_ERROR,
LICENSE_RENEWAL_NONCE_GENERATION_ERROR,
LICENSE_RENEWAL_NONCE_GENERATION_ERROR, /* 50 */
GENERATE_USAGE_REPORT_ERROR,
GET_LICENSE_ERROR,
GET_RELEASED_LICENSE_ERROR,
GET_USAGE_INFO_ERROR_1,
GET_USAGE_INFO_ERROR_2,
GET_USAGE_INFO_ERROR_2, /* 55 */
GET_USAGE_INFO_ERROR_3,
GET_USAGE_INFO_ERROR_4,
INIT_DATA_NOT_FOUND,
INVALID_CRYPTO_SESSION_1,
INVALID_CRYPTO_SESSION_2,
INVALID_CRYPTO_SESSION_2, /* 60 */
INVALID_CRYPTO_SESSION_3,
INVALID_CRYPTO_SESSION_4,
INVALID_CRYPTO_SESSION_5,
INVALID_DECRYPT_PARAMETERS_ENG_1,
INVALID_DECRYPT_PARAMETERS_ENG_2,
INVALID_DECRYPT_PARAMETERS_ENG_2, /* 65 */
INVALID_DECRYPT_PARAMETERS_ENG_3,
INVALID_DECRYPT_PARAMETERS_ENG_4,
INVALID_DEVICE_CERTIFICATE_TYPE,
INVALID_KEY_SYSTEM,
INVALID_LICENSE_RESPONSE,
INVALID_LICENSE_RESPONSE, /* 70 */
INVALID_LICENSE_TYPE,
INVALID_PARAMETERS_ENG_1,
INVALID_PARAMETERS_ENG_2,
INVALID_PARAMETERS_ENG_3,
INVALID_PARAMETERS_ENG_4,
INVALID_PARAMETERS_ENG_4, /* 75 */
INVALID_PARAMETERS_LIC_1,
INVALID_PARAMETERS_LIC_2,
INVALID_PROVISIONING_PARAMETERS_1,
INVALID_PROVISIONING_PARAMETERS_2,
INVALID_PROVISIONING_REQUEST_PARAM_1,
INVALID_PROVISIONING_REQUEST_PARAM_1, /* 80 */
INVALID_PROVISIONING_REQUEST_PARAM_2,
INVALID_QUERY_KEY,
INVALID_SESSION_ID,
KEY_REQUEST_ERROR_1,
UNUSED_1, /* previously KEY_REQUEST_ERROR_2 */
UNUSED_1, /* previously KEY_REQUEST_ERROR_2 */ /* 85 */
KEY_SIZE_ERROR,
KEYSET_ID_NOT_FOUND_1,
KEYSET_ID_NOT_FOUND_2,
KEYSET_ID_NOT_FOUND_3,
LICENSE_ID_NOT_FOUND,
LICENSE_ID_NOT_FOUND, /* 90 */
LICENSE_PARSER_INIT_ERROR,
LICENSE_PARSER_NOT_INITIALIZED_1,
LICENSE_PARSER_NOT_INITIALIZED_2,
LICENSE_PARSER_NOT_INITIALIZED_3,
LICENSE_RESPONSE_NOT_SIGNED,
LICENSE_RESPONSE_NOT_SIGNED, /* 95 */
LICENSE_RESPONSE_PARSE_ERROR_1,
LICENSE_RESPONSE_PARSE_ERROR_2,
LICENSE_RESPONSE_PARSE_ERROR_3,
LOAD_KEY_ERROR,
NO_CONTENT_KEY,
NO_CONTENT_KEY, /* 100 */
REFRESH_KEYS_ERROR,
RELEASE_ALL_USAGE_INFO_ERROR_1,
RELEASE_ALL_USAGE_INFO_ERROR_2,
RELEASE_KEY_ERROR,
RELEASE_KEY_REQUEST_ERROR,
RELEASE_KEY_REQUEST_ERROR, /* 105 */
RELEASE_LICENSE_ERROR_1,
RELEASE_LICENSE_ERROR_2,
RELEASE_USAGE_INFO_ERROR,
RENEW_KEY_ERROR_1,
RENEW_KEY_ERROR_2,
RENEW_KEY_ERROR_2, /* 110 */
LICENSE_RENEWAL_SIGNING_ERROR,
UNUSED_4, /* previously RESTORE_OFFLINE_LICENSE_ERROR_1 */
RESTORE_OFFLINE_LICENSE_ERROR_2,
UNUSED_5, /* SESSION_INIT_ERROR_1 */
SESSION_INIT_ERROR_2,
SESSION_INIT_GET_KEYBOX_ERROR,
SESSION_INIT_ERROR_1,
SESSION_INIT_ERROR_2, /* 115 */
UNUSED_5, /* previously SESSION_INIT_GET_KEYBOX_ERROR */
SESSION_NOT_FOUND_1,
SESSION_NOT_FOUND_2,
SESSION_NOT_FOUND_3,
SESSION_NOT_FOUND_4,
SESSION_NOT_FOUND_4, /* 120 */
SESSION_NOT_FOUND_5,
SESSION_NOT_FOUND_6,
SESSION_NOT_FOUND_7,
SESSION_NOT_FOUND_8,
SESSION_NOT_FOUND_9,
SESSION_NOT_FOUND_9, /* 125 */
SESSION_NOT_FOUND_10,
SESSION_NOT_FOUND_FOR_DECRYPT,
SESSION_KEYS_NOT_FOUND,
SIGNATURE_NOT_FOUND,
STORE_LICENSE_ERROR_1,
STORE_LICENSE_ERROR_1, /* 130 */
STORE_LICENSE_ERROR_2,
UNUSED_6, /* previously STORE_LICENSE_ERROR_3 */
STORE_USAGE_INFO_ERROR,
UNPROVISION_ERROR_1,
UNPROVISION_ERROR_2,
UNPROVISION_ERROR_2, /* 135 */
UNPROVISION_ERROR_3,
UNPROVISION_ERROR_4,
UNSUPPORTED_INIT_DATA,
USAGE_INFO_NOT_FOUND,
LICENSE_RENEWAL_SERVICE_CERTIFICATE_GENERATION_ERROR,
LICENSE_RENEWAL_SERVICE_CERTIFICATE_GENERATION_ERROR, /* 140 */
PARSE_SERVICE_CERTIFICATE_ERROR,
SERVICE_CERTIFICATE_TYPE_ERROR,
CLIENT_ID_GENERATE_RANDOM_ERROR,
CLIENT_ID_AES_INIT_ERROR,
CLIENT_ID_AES_ENCRYPT_ERROR,
CLIENT_ID_AES_ENCRYPT_ERROR, /* 145 */
CLIENT_ID_RSA_INIT_ERROR,
CLIENT_ID_RSA_ENCRYPT_ERROR,
INVALID_QUERY_STATUS,
UNUSED_3, /* previously EMPTY_PROVISIONING_CERTIFICATE_2 on mnc-dev, */
/* DUPLICATE_SESSION_ID_SPECIFIED on master */
LICENSE_PARSER_NOT_INITIALIZED_4,
LICENSE_PARSER_NOT_INITIALIZED_4, /* 150 */
INVALID_PARAMETERS_LIC_3,
INVALID_PARAMETERS_LIC_4,
UNUSED_2, /* previously INVALID_PARAMETERS_LIC_5 */
INVALID_PARAMETERS_LIC_6,
INVALID_PARAMETERS_LIC_7,
INVALID_PARAMETERS_LIC_7, /* 155 */
LICENSE_REQUEST_SERVICE_CERTIFICATE_GENERATION_ERROR,
CENC_INIT_DATA_UNAVAILABLE,
PREPARE_CENC_CONTENT_ID_FAILED,
WEBM_INIT_DATA_UNAVAILABLE,
PREPARE_WEBM_CONTENT_ID_FAILED,
PREPARE_WEBM_CONTENT_ID_FAILED, /* 160 */
UNSUPPORTED_INIT_DATA_FORMAT,
LICENSE_REQUEST_NONCE_GENERATION_ERROR,
LICENSE_REQUEST_SIGNING_ERROR,
EMPTY_LICENSE_REQUEST,
SECURE_BUFFER_REQUIRED,
SECURE_BUFFER_REQUIRED, /* 165 */
DUPLICATE_SESSION_ID_SPECIFIED,
LICENSE_RENEWAL_PROHIBITED,
EMPTY_PROVISIONING_CERTIFICATE_2,
OFFLINE_LICENSE_PROHIBITED,
STORAGE_PROHIBITED,
STORAGE_PROHIBITED, /* 170 */
EMPTY_KEYSET_ID_ENG_5,
SESSION_NOT_FOUND_11,
LOAD_USAGE_INFO_FILE_ERROR,
LOAD_USAGE_INFO_MISSING,
SESSION_FILE_HANDLE_INIT_ERROR,
SESSION_FILE_HANDLE_INIT_ERROR, /* 175 */
INCORRECT_CRYPTO_MODE,
INVALID_PARAMETERS_ENG_5,
DECRYPT_ERROR,
INSUFFICIENT_OUTPUT_PROTECTION,
SESSION_NOT_FOUND_12,
SESSION_NOT_FOUND_12, /* 180 */
KEY_NOT_FOUND_1,
KEY_NOT_FOUND_2,
KEY_CONFLICT_1,
INVALID_PARAMETERS_ENG_6,
INVALID_PARAMETERS_ENG_7,
INVALID_PARAMETERS_ENG_7, /* 185 */
INVALID_PARAMETERS_ENG_8,
INVALID_PARAMETERS_ENG_9,
INVALID_PARAMETERS_ENG_10,
INVALID_PARAMETERS_ENG_11,
INVALID_PARAMETERS_ENG_11, /* 190 */
INVALID_PARAMETERS_ENG_12,
SESSION_NOT_FOUND_13,
SESSION_NOT_FOUND_14,
SESSION_NOT_FOUND_15,
SESSION_NOT_FOUND_16,
SESSION_NOT_FOUND_16, /* 195 */
KEY_NOT_FOUND_3,
KEY_NOT_FOUND_4,
KEY_NOT_FOUND_5,
KEY_NOT_FOUND_6,
KEY_ERROR_1,
KEY_ERROR_1, /* 200 */
KEY_ERROR_2,
KEY_ERROR_3,
KEY_ERROR_4,
INVALID_PARAMETERS_ENG_13,
INVALID_PARAMETERS_ENG_14,
INVALID_PARAMETERS_ENG_14, /* 205 */
INVALID_PARAMETERS_ENG_15,
INVALID_PARAMETERS_ENG_16,
UNUSED_7, /* previously DEVICE_CERTIFICATE_ERROR_5 */
CERT_PROVISIONING_CLIENT_TOKEN_ERROR_1,
CERT_PROVISIONING_CLIENT_TOKEN_ERROR_2, /* 210 */
LICENSING_CLIENT_TOKEN_ERROR_1,
INVALID_PARAMETERS_ENG_17,
STORE_LICENSE_ERROR_3,
};
enum CdmKeyStatus {
@@ -311,6 +317,12 @@ enum CdmSigningAlgorithm {
kSigningAlgorithmHmacSha256
};
enum CdmClientTokenType {
kClientTokenKeybox,
kClientTokenDrmCert,
kClientTokenOemCert
};
class CdmKeyAllowedUsage {
public:
CdmKeyAllowedUsage() {
@@ -362,11 +374,9 @@ class CdmKeyAllowedUsage {
struct CdmCencPatternEncryptionDescriptor {
size_t encrypt_blocks; // number of 16 byte blocks to decrypt
size_t skip_blocks; // number of 16 byte blocks to leave in clear
size_t offset_blocks; // offset into the pattern for this call, in blocks
CdmCencPatternEncryptionDescriptor()
: encrypt_blocks(0),
skip_blocks(0),
offset_blocks(0) {}
skip_blocks(0) {}
};
struct CdmDecryptionParameters {