widevine-partner/ce_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Source release v3.5.0

Browse Source
This commit is contained in:
Gene Morgan
2017-11-28 17:42:16 -08:00
parent 501c22890d
commit 31381a1311
155 changed files with 16680 additions and 3816 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
core/include/cdm_engine.h
View File

@@ -14,9 +14,11 @@
#include "file_store.h"
#include "initialization_data.h"
#include "lock.h"
#include "metrics_collections.h"
#include "oemcrypto_adapter.h"
#include "scoped_ptr.h"
#include "service_certificate.h"
#include "timer_metric.h"
#include "wv_cdm_constants.h"
#include "wv_cdm_types.h"
@@ -47,17 +49,6 @@ class CdmEngine {
// Report whether the service certificate has been set.
virtual bool HasServiceCertificate();
// Generate and return a Service Certificate Request message.
// This message can be sent to the License Server to get a service
// certificate.
virtual bool GetServiceCertificateRequest(CdmKeyMessage* request);
// Parse the message returned by the License Server in response to a
// Service Certificate Request message. Return the service certificate
// from the parsed response.
virtual CdmResponseType ParseServiceCertificateResponse(
const std::string& response, std::string* certificate);
// Session related methods
virtual CdmResponseType OpenSession(
const CdmKeySystem& key_system, CdmClientPropertySet* property_set,
@@ -103,7 +94,26 @@ class CdmEngine {
const CdmSessionId& session_id, const CdmKeySetId& key_set_id,
const InitializationData& init_data, const CdmLicenseType license_type,
CdmAppParameterMap& app_parameters, CdmKeyRequest* key_request);
// Accept license response and extract key info.
// This API may
// (a) accept license response, extract key info and load keys.
// (b) accept a renewal response and update license policy information.
// (c) accept a release response and release an offline license or secure
// stop.
// (d) accept a service certificate and cache that information for the
// the lifetime of the session.
//
// |session_id| identifies the session that generated the request and can
// process the response. Should be empty if a release response.
// |key_data| is the license, renewal, release response or service
// certificate response.
// |key_set_id| should be non-null and specified if license release.
// If offline license or streaming license associated with
// a secure stop, |key_set_id| should be non-null and will
// be filled in on return. Use the |key_set_id| with
// RestoreKeys (to reload offline session) or
// GenerateKeyRequest (to release offline session/secure stop).
// |key_set_id| will be cleared if release or streaming
// (not associated with a secure stop).
virtual CdmResponseType AddKey(const CdmSessionId& session_id,
const CdmKeyResponse& key_data,
CdmKeySetId* key_set_id);
@@ -167,8 +177,8 @@ class CdmEngine {
// (origin-specific) file system.
virtual bool IsProvisioned(CdmSecurityLevel security_level);
// Remove provisioning-related from the current (origin-specific) file system.
// This will force the device to reprovision itself.
// Remove device DRM certificate from the current (origin-specific) file
// system. This will force the device to reprovision itself.
virtual CdmResponseType Unprovision(CdmSecurityLevel security_level);
// Delete OEMCrypto usage tables. Used by Unprovision().
@@ -270,6 +280,8 @@ class CdmEngine {
// dead lock.
virtual void OnTimerEvent();
virtual metrics::EngineMetrics* GetMetrics() { return &metrics_; }
private:
// private methods
CdmResponseType OpenSession(
@@ -290,6 +302,17 @@ class CdmEngine {
void CloseExpiredReleaseSessions();
// instance variables
/*
* The metrics group must be the first variable declared to ensure
* that it is the last member destroyed so that no child members
* try to use a reference to it after it is destroyed. This will
* ensure that all data has been properly recorded in the group before
* it is published.
*/
metrics::EngineMetrics metrics_;
metrics::TimerMetric life_span_;
CdmSessionMap session_map_;
CdmReleaseKeySetMap release_key_sets_;
scoped_ptr<CertificateProvisioning> cert_provisioning_;

57
core/include/cdm_session.h
View File

@@ -12,9 +12,11 @@
#include "file_store.h"
#include "initialization_data.h"
#include "license.h"
#include "metrics_collections.h"
#include "oemcrypto_adapter.h"
#include "policy_engine.h"
#include "scoped_ptr.h"
#include "timer_metric.h"
#include "wv_cdm_types.h"
namespace wvcdm {
@@ -22,25 +24,42 @@ namespace wvcdm {
class CdmClientPropertySet;
class ServiceCertificate;
class WvCdmEventListener;
class UsageTableHeader;
class CdmSession {
public:
CdmSession(FileSystem* file_system);
// Creates a new instance of the CdmSession with the given |file_system|
// and |metrics| parameters. Both parameters are owned by the caller and
// must remain in scope througout the scope of the new instance. |metrics|
// must not be null.
CdmSession(FileSystem* file_system, metrics::SessionMetrics* metrics);
virtual ~CdmSession();
void Close() { closed_ = true; }
bool IsClosed() { return closed_; }
// Initializes this instance of CdmSession with the given property set.
// |cdm_client_property_set| MAY be null, is owned by the caller,
// and must remain in scope throughout the scope of this session.
virtual CdmResponseType Init(CdmClientPropertySet* cdm_client_property_set);
virtual CdmResponseType Init(ServiceCertificate* service_certificate,
CdmClientPropertySet* cdm_client_property_set,
// Initializes this instance of CdmSession with the given parmeters.
// All parameters are owned by the caller.
// |service_certificate| is caller owned, cannot be null, and must be in
// scope as long as the session is in scope.
// |cdm_client_property_set| is caller owned, may be null, but must be
// in scope as long as the session is in scope.
// |forced_session_id| is caller owned and may be null.
// |event_listener| is caller owned, may be null, but must be in scope
// as long as the session is in scope.
virtual CdmResponseType Init(CdmClientPropertySet* cdm_client_property_set,
const CdmSessionId* forced_session_id,
WvCdmEventListener* event_listener);
virtual CdmResponseType RestoreOfflineSession(
const CdmKeySetId& key_set_id, const CdmLicenseType license_type);
virtual CdmResponseType RestoreUsageSession(
const CdmKeyMessage& key_request, const CdmKeyResponse& key_response);
const DeviceFiles::CdmUsageData& usage_data);
virtual const CdmSessionId& session_id() { return session_id_; }
virtual const CdmKeySetId& key_set_id() { return key_set_id_; }
@@ -84,6 +103,8 @@ class CdmSession {
// ReleaseKey() - Accept response and release key.
virtual CdmResponseType ReleaseKey(const CdmKeyResponse& key_response);
virtual CdmResponseType DeleteUsageEntry(uint32_t usage_entry_number);
virtual bool IsKeyLoaded(const KeyId& key_id);
virtual int64_t GetDurationRemaining();
@@ -102,7 +123,8 @@ class CdmSession {
// Delete usage information for the list of tokens, |provider_session_tokens|.
virtual CdmResponseType DeleteMultipleUsageInformation(
const std::vector<std::string>& provider_session_tokens);
virtual CdmResponseType UpdateUsageInformation();
virtual CdmResponseType UpdateUsageTableInformation();
virtual CdmResponseType UpdateUsageEntryInformation();
virtual bool is_initial_usage_update() { return is_initial_usage_update_; }
virtual bool is_usage_update_needed() { return is_usage_update_needed_; }
@@ -115,6 +137,13 @@ class CdmSession {
virtual bool is_offline() { return is_offline_; }
virtual bool is_temporary() { return is_temporary_; }
virtual bool license_received() { return license_received_; }
virtual bool has_provider_session_token() {
return (license_parser_.get() != NULL &&
license_parser_->provider_session_token().size() > 0);
}
virtual CdmUsageSupportType get_usage_support_type()
{ return usage_support_type_; }
// ReleaseCrypto() - Closes the underlying crypto session but leaves this
// object alive. It is invalid to call any method that requires a crypto
@@ -158,6 +187,8 @@ class CdmSession {
CdmSigningAlgorithm algorithm,
const std::string& signature);
virtual metrics::SessionMetrics* GetMetrics() { return metrics_; }
private:
friend class CdmSessionTest;
@@ -166,6 +197,8 @@ class CdmSession {
CdmResponseType StoreLicense();
bool StoreLicense(DeviceFiles::LicenseState state);
bool UpdateUsageInfo();
// These setters are for testing only. Takes ownership of the pointers.
void set_license_parser(CdmLicense* license_parser);
void set_crypto_session(CryptoSession* crypto_session);
@@ -173,9 +206,14 @@ class CdmSession {
void set_file_handle(DeviceFiles* file_handle);
// instance variables
metrics::SessionMetrics* metrics_;
metrics::CryptoMetrics* crypto_metrics_;
metrics::TimerMetric life_span_;
bool initialized_;
bool closed_; // Session closed, but final shared_ptr has not been released.
CdmSessionId session_id_;
FileSystem* file_system_;
scoped_ptr<CdmLicense> license_parser_;
scoped_ptr<CryptoSession> crypto_session_;
scoped_ptr<PolicyEngine> policy_engine_;
@@ -188,11 +226,18 @@ class CdmSession {
SecurityLevel requested_security_level_;
CdmAppParameterMap app_parameters_;
// decryption and usage flags
// decryption flags
bool is_initial_decryption_;
bool has_decrypted_since_last_report_; // ... last report to policy engine.
// Usage related flags and data
bool is_initial_usage_update_;
bool is_usage_update_needed_;
CdmUsageSupportType usage_support_type_;
UsageTableHeader* usage_table_header_;
uint32_t usage_entry_number_;
CdmUsageEntry usage_entry_;
std::string usage_provider_session_token_;
// information useful for offline and usage scenarios
CdmKeyMessage key_request_;

12
core/include/cdm_session_map.h
View File

@@ -7,14 +7,14 @@
#include <memory>
#include <string>
#include "cdm_session.h"
#include "lock.h"
#include "shared_ptr.h"
#include "wv_cdm_types.h"
namespace wvcdm {
class CdmSession;
typedef std::list<std::shared_ptr<CdmSession> > CdmSessionList;
typedef std::list<shared_ptr<CdmSession> > CdmSessionList;
class CdmSessionMap {
public:
@@ -30,16 +30,16 @@ class CdmSessionMap {
size_t Size() const { return sessions_.size(); }
bool FindSession(const CdmSessionId& id,
std::shared_ptr<CdmSession>& session);
shared_ptr<CdmSession>* session);
void GetSessionList(CdmSessionList& sessions);
private:
typedef std::map<CdmSessionId, std::shared_ptr<CdmSession> >
typedef std::map<CdmSessionId, shared_ptr<CdmSession> >
CdmIdToSessionMap;
bool FindSessionNoLock(const CdmSessionId& session_id,
std::shared_ptr<CdmSession>& session);
shared_ptr<CdmSession>* session);
Lock lock_;
CdmIdToSessionMap sessions_;

5
core/include/certificate_provisioning.h
View File

@@ -7,6 +7,7 @@
#include "crypto_session.h"
#include "license_protocol.pb.h"
#include "metrics_collections.h"
#include "oemcrypto_adapter.h"
#include "scoped_ptr.h"
#include "wv_cdm_types.h"
@@ -20,7 +21,9 @@ class ServiceCertificate;
class CertificateProvisioning {
public:
explicit CertificateProvisioning(ServiceCertificate* service_certificate) :
CertificateProvisioning(metrics::CryptoMetrics* metrics,
ServiceCertificate* service_certificate) :
crypto_session_(metrics),
cert_type_(kCertificateWidevine),
service_certificate_(service_certificate) {}

89
core/include/crypto_session.h
View File

@@ -7,21 +7,26 @@
#include <string>
#include <vector>
#include "OEMCryptoCENC.h"
#include "lock.h"
#include "metrics_collections.h"
#include "oemcrypto_adapter.h"
#include "OEMCryptoCENC.h"
#include "scoped_ptr.h"
#include "timer_metric.h"
#include "wv_cdm_types.h"
namespace wvcdm {
class CryptoKey;
typedef std::map<CryptoKeyId, CryptoKey*> CryptoKeyMap;
class UsageTableHeader;
typedef std::map<std::string, CryptoKey*> CryptoKeyMap;
typedef std::map<std::string, CryptoSessionId> SubLicenseSessionMap;
class KeySession {
protected:
KeySession() {}
KeySession(metrics::CryptoMetrics* metrics) : metrics_(metrics) {}
public:
typedef enum { kDefault, kSubLicense } KeySessionType;
@@ -36,12 +41,16 @@ class KeySession {
const std::string& mac_key,
const std::vector<CryptoKey>& keys,
const std::string& provider_session_token,
CdmCipherMode* cipher_mode) = 0;
CdmCipherMode* cipher_mode,
const std::string& srm_requirement) = 0;
virtual OEMCryptoResult SelectKey(const std::string& key_id) = 0;
virtual OEMCryptoResult Decrypt(
const CdmDecryptionParameters& params,
OEMCrypto_DestBufferDesc& buffer_descriptor,
OEMCrypto_CENCEncryptPatternDesc& pattern_descriptor) = 0;
protected:
metrics::CryptoMetrics* metrics_;
};
class CryptoSession {
@@ -53,7 +62,16 @@ class CryptoSession {
kUsageDurationsValid = 2,
} UsageDurationStatus;
CryptoSession();
struct SupportedCertificateTypes {
bool rsa_2048_bit;
bool rsa_3072_bit;
bool rsa_cast;
};
// Creates an instance of CryptoSession with the given |crypto_metrics|.
// |crypto_metrics| is owned by the caller, must NOT be null, and must
// exist as long as the new CryptoSession exists.
explicit CryptoSession(metrics::CryptoMetrics* crypto_metrics);
virtual ~CryptoSession();
virtual bool GetClientToken(std::string* client_token);
@@ -62,7 +80,8 @@ class CryptoSession {
return pre_provision_token_type_;
}
virtual CdmSecurityLevel GetSecurityLevel();
virtual bool GetDeviceUniqueId(std::string* device_id);
virtual bool GetInternalDeviceUniqueId(std::string* device_id);
virtual bool GetExternalDeviceUniqueId(std::string* device_id);
virtual bool GetApiVersion(uint32_t* version);
virtual bool GetSystemId(uint32_t* system_id);
virtual bool GetProvisioningId(std::string* provisioning_id);
@@ -86,7 +105,8 @@ class CryptoSession {
const std::string& mac_key_iv,
const std::string& mac_key,
const std::vector<CryptoKey>& key_array,
const std::string& provider_session_token);
const std::string& provider_session_token,
const std::string& srm_requirement);
virtual bool LoadCertificatePrivateKey(std::string& wrapped_key);
virtual bool RefreshKeys(const std::string& message,
const std::string& signature, int num_keys,
@@ -95,8 +115,6 @@ class CryptoSession {
virtual bool GenerateDerivedKeys(const std::string& message);
virtual bool GenerateDerivedKeys(const std::string& message,
const std::string& session_key);
virtual bool RewrapCertificate(const std::string& signed_message,
const std::string& signature,
const std::string& nonce,
@@ -110,7 +128,7 @@ class CryptoSession {
// Usage related methods
virtual bool UsageInformationSupport(bool* has_support);
virtual CdmResponseType UpdateUsageInformation();
virtual CdmResponseType UpdateUsageInformation(); // only for OEMCrypto v9-12
virtual CdmResponseType DeactivateUsageInformation(
const std::string& provider_session_token);
virtual CdmResponseType GenerateUsageReport(
@@ -126,17 +144,22 @@ class CryptoSession {
const std::string& provider_session_token);
// Delete usage information for a list of tokens. This does not require
// a signed message from the server.
virtual CdmResponseType DeleteMultipleUsageInformation(
virtual CdmResponseType DeleteMultipleUsageInformation(
const std::vector<std::string>& provider_session_tokens);
virtual CdmResponseType DeleteAllUsageReports();
virtual bool IsAntiRollbackHwPresent();
virtual bool GetHdcpCapabilities(HdcpCapability* current,
HdcpCapability* max);
virtual bool GetSupportedCertificateTypes(SupportedCertificateTypes* support);
virtual bool GetRandom(size_t data_length, uint8_t* random_data);
virtual bool GetNumberOfOpenSessions(size_t* count);
virtual bool GetMaxNumberOfSessions(size_t* max);
virtual bool GetSrmVersion(uint16_t* srm_version);
virtual bool IsSrmUpdateSupported();
virtual bool LoadSrm(const std::string& srm);
virtual CdmResponseType GenericEncrypt(const std::string& in_buffer,
const std::string& key_id,
const std::string& iv,
@@ -156,14 +179,45 @@ class CryptoSession {
CdmSigningAlgorithm algorithm,
const std::string& signature);
virtual CdmResponseType AddSubSession(const std::string& sub_session_key_id);
// Usage table header and usage entry related methods
virtual UsageTableHeader* GetUsageTableHeader() {
return usage_table_header_;
}
virtual CdmResponseType GetUsageSupportType(CdmUsageSupportType* type);
virtual CdmResponseType CreateUsageTableHeader(
CdmUsageTableHeader* usage_table_header);
virtual CdmResponseType LoadUsageTableHeader(
const CdmUsageTableHeader& usage_table_header);
virtual CdmResponseType CreateUsageEntry(uint32_t* entry_number);
virtual CdmResponseType LoadUsageEntry(uint32_t entry_number,
const CdmUsageEntry& usage_entry);
virtual CdmResponseType UpdateUsageEntry(
CdmUsageTableHeader* usage_table_header,
CdmUsageEntry* usage_entry);
virtual CdmResponseType ShrinkUsageTableHeader(
uint32_t new_entry_count, CdmUsageTableHeader* usage_table_header);
virtual CdmResponseType MoveUsageEntry(uint32_t new_entry_number);
virtual bool CreateOldUsageEntry(
uint64_t time_since_license_received,
uint64_t time_since_first_decrypt,
uint64_t time_since_last_decrypt,
UsageDurationStatus status,
const std::string& server_mac_key,
const std::string& client_mac_key,
const std::string& provider_session_token);
virtual CdmResponseType CopyOldUsageEntry(
const std::string& provider_session_token);
virtual metrics::CryptoMetrics* GetCryptoMetrics() { return metrics_; }
virtual CdmResponseType AddSubSession(const std::string& sub_session_key_id,
const std::string& group_master_key_id);
// TODO(jfore): exists is set based on whether a sub session exists. For now,
// that is not assumed to be an error.
virtual bool GenerateSubSessionNonce(const std::string& sub_session_key_id,
bool* exists, uint32_t* nonce);
private:
bool GetProvisioningMethod(CdmClientTokenType& token_type);
bool GetProvisioningMethod(CdmClientTokenType* token_type);
void Init();
void Terminate();
bool GetTokenFromKeybox(std::string* token);
@@ -211,9 +265,12 @@ class CryptoSession {
static bool initialized_;
static int session_count_;
metrics::CryptoMetrics* metrics_;
metrics::TimerMetric life_span_;
bool open_;
CdmClientTokenType pre_provision_token_type_;
std::string oem_token_; // Cached OEMCrypto Public Key
std::string oem_token_; // Cached OEMCrypto Public Key
bool update_usage_table_after_close_session_;
CryptoSessionId oec_session_id_;
SubLicenseSessionMap sub_license_oec_sessions_;
@@ -227,6 +284,12 @@ class CryptoSession {
KeyId cached_key_id_;
bool is_usage_support_type_valid_;
CdmUsageSupportType usage_support_type_;
UsageTableHeader* usage_table_header_;
static UsageTableHeader* usage_table_header_l1_;
static UsageTableHeader* usage_table_header_l3_;
uint64_t request_id_base_;
static uint64_t request_id_index_;

97
core/include/device_files.h
View File

@@ -29,6 +29,15 @@ class DeviceFiles {
kLicenseStateUnknown,
} LicenseState;
struct CdmUsageData {
std::string provider_session_token;
CdmKeyMessage license_request;
CdmKeyResponse license;
std::string key_set_id;
CdmUsageEntry usage_entry;
uint32_t usage_entry_number;
};
DeviceFiles(FileSystem*);
virtual ~DeviceFiles();
@@ -57,14 +66,17 @@ class DeviceFiles {
int64_t playback_start_time,
int64_t last_playback_time,
int64_t grace_period_end_time,
const CdmAppParameterMap& app_parameters);
const CdmAppParameterMap& app_parameters,
const CdmUsageEntry& usage_entry,
uint32_t usage_entry_number);
virtual bool RetrieveLicense(
const std::string& key_set_id, LicenseState* state,
CdmInitData* pssh_data, CdmKeyMessage* key_request,
CdmKeyResponse* key_response, CdmKeyMessage* key_renewal_request,
CdmKeyResponse* key_renewal_response, std::string* release_server_url,
int64_t* playback_start_time, int64_t* last_playback_time,
int64_t* grace_period_end_time, CdmAppParameterMap* app_parameters);
int64_t* grace_period_end_time, CdmAppParameterMap* app_parameters,
CdmUsageEntry* usage_entry, uint32_t* usage_entry_number);
virtual bool DeleteLicense(const std::string& key_set_id);
virtual bool ListLicenses(std::vector<std::string>* key_set_ids);
virtual bool DeleteAllFiles();
@@ -73,51 +85,84 @@ class DeviceFiles {
virtual bool ReserveLicenseId(const std::string& key_set_id);
virtual bool UnreserveLicenseId(const std::string& key_set_id);
// Store a usage record to the set of usage information on the file system.
// Use this method to create a |usage_info_file_name| from an |app_id|
static std::string GetUsageInfoFileName(const std::string& app_id);
// The UsageInfo methods have been revised to use |usage_info_file_name|
// rather than |app_id| as a parameter. Use the helper method above to
// translate.
// OEMCrypto API 13 introduced big usage tables which required
// migration from usage tables stored by the TEE to usage table
// header+usage entries stored in unsecured persistent storage. The upgrade
// required creation of reverse lookup tables (CdmUsageEntryInfo).
// |app_id| however was hashed and unextractable, and necessitated the
// switch to |usage_info_file_name|
virtual bool StoreUsageInfo(const std::string& provider_session_token,
const CdmKeyMessage& key_request,
const CdmKeyResponse& key_response,
const std::string& app_id,
const std::string& key_set_id);
const std::string& usage_info_file_name,
const std::string& key_set_id,
const CdmUsageEntry& usage_entry,
uint32_t usage_entry_number);
// Extract KSIDs from usage information on the file system.
virtual bool ListUsageRecords(const std::string& app_id,
std::vector<std::string>* ksids);
// Get the provider token for the given key_set_id.
virtual bool GetProviderToken(const std::string& app_id,
const std::string& key_set_id,
std::string* provider_session_token);
// Get the provider session token for the given key_set_id.
virtual bool GetProviderSessionToken(const std::string& app_id,
const std::string& key_set_id,
std::string* provider_session_token);
// Delete the usage record for the given PST.
virtual bool DeleteUsageInfo(const std::string& app_id,
virtual bool DeleteUsageInfo(const std::string& usage_info_file_name,
const std::string& provider_session_token);
// Delete usage information from the file system. Puts a list of all the
// psts that were deleted from the file into |provider_session_tokens|.
virtual bool DeleteAllUsageInfoForApp(
const std::string& app_id,
const std::string& usage_info_file_name,
std::vector<std::string>* provider_session_tokens);
// Retrieve one usage info from the file. Subsequent calls will retrieve
// subsequent entries in the table for this app_id.
virtual bool RetrieveUsageInfo(
const std::string& app_id,
const std::string& usage_info_file_name,
std::vector<std::pair<CdmKeyMessage, CdmKeyResponse> >* usage_info);
// Retrieve the usage info entry specified by |provider_session_token|.
// Returns false if the entry could not be found.
virtual bool RetrieveUsageInfo(const std::string& app_id,
virtual bool RetrieveUsageInfo(const std::string& usage_info_file_name,
const std::string& provider_session_token,
CdmKeyMessage* license_request,
CdmKeyResponse* license_response);
CdmKeyResponse* license_response,
CdmUsageEntry* usage_entry,
uint32_t* usage_entry_number);
// Retrieve the usage info entry specified by |key_set_id|.
// Returns false if the entry could not be found.
virtual bool RetrieveUsageInfoByKeySetId(const std::string& app_id,
const std::string& key_set_id,
CdmKeyMessage* license_request,
CdmKeyResponse* license_response);
virtual bool RetrieveUsageInfoByKeySetId(
const std::string& usage_info_file_name,
const std::string& key_set_id,
std::string* provider_session_token,
CdmKeyMessage* license_request,
CdmKeyResponse* license_response,
CdmUsageEntry* usage_entry,
uint32_t* usage_entry_number);
// These APIs support upgrading from usage tables to usage tabler header +
// entries introduced in OEMCrypto V13.
virtual bool ListUsageInfoFiles(std::vector<std::string>* usage_file_names);
virtual bool RetrieveUsageInfo(const std::string& usage_info_file_name,
std::vector<CdmUsageData>* usage_data);
virtual bool RetrieveUsageInfo(const std::string& usage_info_file_name,
const std::string& provider_session_token,
CdmUsageData* usage_data);
// This method overwrites rather than appends data to the usage file
virtual bool StoreUsageInfo(const std::string& usage_info_file_name,
const std::vector<CdmUsageData>& usage_data);
virtual bool UpdateUsageInfo(const std::string& usage_info_file_name,
const std::string& provider_session_token,
const CdmUsageData& usage_data);
virtual bool StoreHlsAttributes(const std::string& key_set_id,
const CdmHlsMethod method,
@@ -127,6 +172,14 @@ class DeviceFiles {
std::vector<uint8_t>* media_segment_iv);
virtual bool DeleteHlsAttributes(const std::string& key_set_id);
virtual bool StoreUsageTableInfo(
const CdmUsageTableHeader& usage_table_header,
const std::vector<CdmUsageEntryInfo>& usage_entry_info);
virtual bool RetrieveUsageTableInfo(
CdmUsageTableHeader* usage_table_header,
std::vector<CdmUsageEntryInfo>* usage_entry_info);
private:
// Extract serial number and system ID from DRM Device certificate
bool ExtractDeviceInfo(const std::string& device_certificate,
@@ -149,7 +202,7 @@ class DeviceFiles {
static std::string GetCertificateFileName();
static std::string GetHlsAttributesFileNameExtension();
static std::string GetLicenseFileNameExtension();
static std::string GetUsageInfoFileName(const std::string& app_id);
static std::string GetUsageTableFileName();
static std::string GetFileNameSafeHash(const std::string& input);
#if defined(UNIT_TEST)
@@ -171,6 +224,8 @@ class DeviceFiles {
FRIEND_TEST(DeviceFilesUsageInfoTest, DeleteAll);
FRIEND_TEST(DeviceFilesUsageInfoTest, Read);
FRIEND_TEST(DeviceFilesUsageInfoTest, Store);
FRIEND_TEST(DeviceFilesUsageTableTest, Read);
FRIEND_TEST(DeviceFilesUsageTableTest, Store);
FRIEND_TEST(WvCdmRequestLicenseTest, UnprovisionTest);
FRIEND_TEST(WvCdmRequestLicenseTest, ForceL3Test);
FRIEND_TEST(WvCdmRequestLicenseTest, UsageInfoRetryTest);

1
core/include/initialization_data.h
View File

@@ -29,6 +29,7 @@ class InitializationData {
std::vector<uint8_t> hls_iv() const { return hls_iv_; }
CdmHlsMethod hls_method() const { return hls_method_; }
std::vector<video_widevine::SubLicense> ExtractEmbeddedKeys() const;
const std::string ExtractGroupMasterKeyId() const;
private:
// Parse a blob of multiple concatenated PSSH atoms to extract the first

26
core/include/license.h
View File

@@ -8,6 +8,7 @@
#include "initialization_data.h"
#include "license_protocol.pb.h"
#include "scoped_ptr.h"
#include "service_certificate.h"
#include "wv_cdm_types.h"
namespace video_widevine {
@@ -20,7 +21,7 @@ namespace wvcdm {
class Clock;
class CryptoSession;
class PolicyEngine;
class ServiceCertificate;
class CdmSession;
class CryptoKey;
class CdmLicense {
@@ -29,9 +30,10 @@ class CdmLicense {
virtual ~CdmLicense();
virtual bool Init(
ServiceCertificate* service_certificate, const std::string& client_token,
CdmClientTokenType client_token_type, const std::string& device_id,
CryptoSession* session, PolicyEngine* policy_engine);
const std::string& client_token, CdmClientTokenType client_token_type,
const std::string& device_id, bool use_privacy_mode,
const std::string& signed_service_certificate, CryptoSession* session,
PolicyEngine* policy_engine);
virtual CdmResponseType PrepareKeyRequest(
const InitializationData& init_data, CdmLicenseType license_type,
@@ -39,7 +41,8 @@ class CdmLicense {
std::string* server_url);
virtual CdmResponseType PrepareKeyUpdateRequest(
bool is_renewal, const CdmAppParameterMap& app_parameters,
CdmKeyMessage* signed_request, std::string* server_url);
CdmSession* cdm_session, CdmKeyMessage* signed_request,
std::string* server_url);
virtual CdmResponseType HandleKeyResponse(
const CdmKeyResponse& license_response);
virtual CdmResponseType HandleKeyUpdateResponse(
@@ -51,9 +54,10 @@ class CdmLicense {
const CdmKeyResponse& license_response,
const CdmKeyResponse& license_renewal_response,
int64_t playback_start_time, int64_t last_playback_time,
int64_t grace_period_end_time);
int64_t grace_period_end_time, CdmSession* cdm_session);
virtual bool RestoreLicenseForRelease(const CdmKeyMessage& license_request,
const CdmKeyResponse& license_response);
virtual bool HasInitData() { return stored_init_data_.get(); }
virtual bool IsKeyLoaded(const KeyId& key_id);
virtual std::string provider_session_token() {
@@ -64,6 +68,10 @@ class CdmLicense {
return is_offline_;
}
static bool ExtractProviderSessionToken(
const CdmKeyResponse& license_response,
std::string* provider_session_token);
private:
CdmResponseType HandleKeyErrorResponse(
@@ -92,14 +100,16 @@ class CdmLicense {
CdmClientTokenType client_token_type_;
std::string device_id_;
const CdmSessionId session_id_;
scoped_ptr<InitializationData> stored_init_data_;
bool initialized_;
std::set<KeyId> loaded_keys_;
std::string provider_session_token_;
bool renew_with_client_id_;
bool is_offline_;
// Used to encrypt ClientIdentification message
ServiceCertificate* service_certificate_;
// Associated with ClientIdentification encryption
bool use_privacy_mode_;
ServiceCertificate service_certificate_;
// Used for certificate based licensing
CdmKeyMessage key_request_;

19
core/include/log.h
View File

@@ -25,15 +25,20 @@ extern LogPriority g_cutoff;
// unit tests.
void InitLogging();
void Log(const char* file, int line, LogPriority level, const char* fmt, ...);
void Log(const char* file, const char* function, int line, LogPriority level,
const char* fmt, ...);
// Log APIs
#define LOGE(...) Log(__FILE__, __LINE__, wvcdm::LOG_ERROR, __VA_ARGS__)
#define LOGW(...) Log(__FILE__, __LINE__, wvcdm::LOG_WARN, __VA_ARGS__)
#define LOGI(...) Log(__FILE__, __LINE__, wvcdm::LOG_INFO, __VA_ARGS__)
#define LOGD(...) Log(__FILE__, __LINE__, wvcdm::LOG_DEBUG, __VA_ARGS__)
#define LOGV(...) Log(__FILE__, __LINE__, wvcdm::LOG_VERBOSE, __VA_ARGS__)
#define LOGE(...) Log(__FILE__, __func__, __LINE__, \
wvcdm::LOG_ERROR, __VA_ARGS__)
#define LOGW(...) Log(__FILE__, __func__, __LINE__, \
wvcdm::LOG_WARN, __VA_ARGS__)
#define LOGI(...) Log(__FILE__, __func__, __LINE__, \
wvcdm::LOG_INFO, __VA_ARGS__)
#define LOGD(...) Log(__FILE__, __func__, __LINE__, \
wvcdm::LOG_DEBUG, __VA_ARGS__)
#define LOGV(...) Log(__FILE__, __func__, __LINE__, \
wvcdm::LOG_VERBOSE, __VA_ARGS__)
} // namespace wvcdm
#endif // WVCDM_CORE_LOG_H_

43
core/include/oemcrypto_adapter.h
View File

@@ -37,6 +37,49 @@ OEMCryptoResult OEMCrypto_GetMaxNumberOfSessions(SecurityLevel level,
uint8_t OEMCrypto_Security_Patch_Level(SecurityLevel level);
OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod(
SecurityLevel level);
uint32_t OEMCrypto_SupportedCertificates(SecurityLevel level);
OEMCryptoResult OEMCrypto_CreateUsageTableHeader(SecurityLevel level,
uint8_t* header_buffer,
size_t* header_buffer_length);
OEMCryptoResult OEMCrypto_LoadUsageTableHeader(SecurityLevel level,
const uint8_t* buffer,
size_t buffer_length);
OEMCryptoResult OEMCrypto_ShrinkUsageTableHeader(SecurityLevel level,
uint32_t new_table_size,
uint8_t* header_buffer,
size_t* header_buffer_length);
OEMCryptoResult OEMCrypto_CreateOldUsageEntry(SecurityLevel level,
uint64_t time_since_license_received, uint64_t time_since_first_decrypt,
uint64_t time_since_last_decrypt, OEMCrypto_Usage_Entry_Status status,
uint8_t* server_mac_key, uint8_t* client_mac_key, const uint8_t* pst,
size_t pst_length);
} // namespace wvcdm
/* The following functions are deprecated in OEMCrypto v13. They are defined
* here so that core cdm code may be backwards compatible with an OEMCrypto
* v12.
*/
extern "C" {
OEMCryptoResult OEMCrypto_LoadKeys_V11_or_V12(
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
const uint8_t* signature, size_t signature_length,
const uint8_t* enc_mac_keys_iv, const uint8_t* enc_mac_keys,
size_t num_keys, const OEMCrypto_KeyObject* key_array, const uint8_t* pst,
size_t pst_length);
OEMCryptoResult OEMCrypto_UpdateUsageTable();
OEMCryptoResult OEMCrypto_DeactivateUsageEntry_V12(const uint8_t* pst,
size_t pst_length);
OEMCryptoResult OEMCrypto_DeleteUsageEntry(
OEMCrypto_SESSION session, const uint8_t* pst, size_t pst_length,
const uint8_t* message, size_t message_length, const uint8_t* signature,
size_t signature_length);
OEMCryptoResult OEMCrypto_ForceDeleteUsageEntry(const uint8_t* pst,
size_t pst_length);
} // extern "C"
#endif // WVCDM_CORE_OEMCRYPTO_ADAPTER_H_

18
core/include/override.h Normal file
View File

@@ -0,0 +1,18 @@
// Copyright 2015 Google Inc. All Rights Reserved.
// TODO: Import to core/, use everywhere.
#ifndef WVCDM_CDM_OVERRIDE_H_
#define WVCDM_CDM_OVERRIDE_H_
#define GCC_HAS_OVERRIDE ( \
(__GNUC__ > 4) || \
(__GNUC__ == 4 && __GNUC_MINOR__ >= 7) \
)
#if !defined(DISABLE_OVERRIDE_KEYWORD) && \
(defined(COMPILER_MSVC) || defined(__clang__) || GCC_HAS_OVERRIDE)
#define OVERRIDE override
#else
#define OVERRIDE
#endif
#endif // WVCDM_CDM_OVERRIDE_H_

13
core/include/policy_engine.h
View File

@@ -106,6 +106,10 @@ class PolicyEngine {
bool CanRenew() { return policy_.can_renew(); }
bool IsSufficientOutputProtection(const KeyId& key_id) {
return license_keys_->MeetsConstraints(key_id);
}
private:
friend class PolicyEngineTest;
friend class PolicyEngineConstraintsTest;
@@ -132,7 +136,8 @@ class PolicyEngine {
int64_t GetRentalExpiryTime();
// Gets the clock time that the license expires based on whether we have
// started playing. This takes into account GetHardLicenseExpiryTime.
int64_t GetExpiryTime(int64_t current_time, bool is_load);
int64_t GetExpiryTime(int64_t current_time,
bool ignore_soft_enforce_playback_duration);
int64_t GetLicenseOrRentalDurationRemaining(int64_t current_time);
int64_t GetPlaybackDurationRemaining(int64_t current_time);
@@ -151,6 +156,9 @@ class PolicyEngine {
// expiry time changes.
void NotifyExpirationUpdate(int64_t current_time);
// Guard against clock rollbacks
int64_t GetCurrentTime();
// set_clock() is for testing only. It alters ownership of the
// passed-in pointer.
void set_clock(Clock* clock);
@@ -182,6 +190,9 @@ class PolicyEngine {
// calculate the time where renewal retries should occur.
int64_t next_renewal_time_;
// to assist in clock rollback checks
int64_t last_recorded_current_time_;
// Used to dispatch CDM events.
CdmSessionId session_id_;
WvCdmEventListener* event_listener_;

15
core/include/properties.h
View File

@@ -12,7 +12,7 @@
#include "wv_cdm_types.h"
#if defined(UNIT_TEST)
# include <gtest/gtest_prod.h>
#include <gtest/gtest_prod.h>
#endif
namespace wvcdm {
@@ -37,12 +37,15 @@ class Properties {
static inline bool oem_crypto_use_userspace_buffers() {
return oem_crypto_use_userspace_buffers_;
}
static inline bool use_certificates_as_identification() {
return use_certificates_as_identification_;
}
static inline bool provisioning_messages_are_binary() {
return provisioning_messages_are_binary_;
}
static inline bool allow_service_certificate_requests() {
return allow_service_certificate_requests_;
}
static void set_provisioning_messages_are_binary(bool flag) {
provisioning_messages_are_binary_ = flag;
}
static inline bool security_level_path_backward_compatibility_support() {
return security_level_path_backward_compatibility_support_;
}
@@ -93,9 +96,6 @@ class Properties {
static void set_use_certificates_as_identification(bool flag) {
use_certificates_as_identification_ = flag;
}
static void set_provisioning_messages_are_binary(bool flag) {
provisioning_messages_are_binary_ = flag;
}
static void set_security_level_path_backward_compatibility_support(
bool flag) {
security_level_path_backward_compatibility_support_ = flag;
@@ -119,6 +119,7 @@ class Properties {
static bool use_certificates_as_identification_;
static bool security_level_path_backward_compatibility_support_;
static bool provisioning_messages_are_binary_;
static bool allow_service_certificate_requests_;
static scoped_ptr<CdmClientPropertySetMap> session_property_set_;
CORE_DISALLOW_COPY_AND_ASSIGN(Properties);

13
core/include/service_certificate.h
View File

@@ -49,8 +49,19 @@ class ServiceCertificate {
const video_widevine::ClientIdentification* clear_client_id,
video_widevine::EncryptedClientIdentification* encrypted_client_id);
// Helper methods
static bool GetRequest(CdmKeyMessage* request);
static CdmResponseType ParseResponse(const std::string& response,
std::string* signed_certificate);
private:
// Encrypt data using RSA with OAEP padding.
// |plaintext| is the data to be encrypted. |ciphertext| is a pointer to a
// string to contain the decrypted data on return, and may not be null.
// returns NO_ERROR if successful or an appropriate error code otherwise.
virtual CdmResponseType EncryptRsaOaep(const std::string& plaintext,
std::string* ciphertext);
// Track whether object holds valid certificate
bool has_certificate_;
@@ -64,7 +75,7 @@ class ServiceCertificate {
std::string provider_id_;
// Public key.
std::unique_ptr<RsaPublicKey> public_key_;
std::auto_ptr<RsaPublicKey> public_key_;
CORE_DISALLOW_COPY_AND_ASSIGN(ServiceCertificate);
};

222
core/include/shared_ptr.h Normal file
View File

@@ -0,0 +1,222 @@
// Copyright 2017 Google Inc. All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following disclaimer
// in the documentation and/or other materials provided with the
// distribution.
// * Neither the name of Google Inc. nor the names of its
// contributors may be used to endorse or promote products derived from
// this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
// from google3/util/gtl/shared_ptr.h
// from protobuf/src/google/protobuf/stubs/shared_ptr.h
#ifndef WVCDM_CORE_SHARED_PTR_H__
#define WVCDM_CORE_SHARED_PTR_H__
#include <algorithm> // for swap
#include <stddef.h>
#include <memory>
#include "wv_cdm_types.h"
namespace {
bool Barrier_AtomicIncrement(volatile uint32_t* ptr, uint32_t value) {
*ptr += value;
return *ptr;
}
bool NoBarrier_AtomicIncrement(volatile uint32_t* ptr, uint32_t value) {
*ptr += value;
return *ptr;
}
inline bool RefCountDec(volatile uint32_t *ptr) {
return Barrier_AtomicIncrement(ptr, -1) != 0;
}
inline void RefCountInc(volatile uint32_t *ptr) {
NoBarrier_AtomicIncrement(ptr, 1);
}
} // namespace
namespace wvcdm {
template <typename T> class shared_ptr;
// This class is an internal implementation detail for shared_ptr. If two
// shared_ptrs point to the same object, they also share a control block.
// An "empty" shared_pointer refers to NULL and also has a NULL control block.
// It contains all of the state that's needed for reference counting or any
// other kind of resource management. In this implementation the control block
// consists of a single reference count (the number of shared_ptrs that
// share ownership of the object).
class SharedPtrControlBlock {
template <typename T> friend class shared_ptr;
private:
SharedPtrControlBlock() : refcount_(1) {}
uint32_t refcount_;
};
// Forward declaration. The class is defined below.
template <typename T> class enable_shared_from_this;
template <typename T>
class shared_ptr {
public:
typedef T element_type;
shared_ptr() : ptr_(NULL), control_block_(NULL) {}
explicit shared_ptr(T* ptr)
: ptr_(ptr),
control_block_(ptr != NULL ? new SharedPtrControlBlock : NULL) {
}
// Copy constructor: makes this object a copy of ptr, and increments
// the reference count.
template <typename U>
shared_ptr(const shared_ptr<U>& ptr)
: ptr_(NULL),
control_block_(NULL) {
Initialize(ptr);
}
// Need non-templated version to prevent the compiler-generated default
shared_ptr(const shared_ptr<T>& ptr)
: ptr_(NULL),
control_block_(NULL) {
Initialize(ptr);
}
// Assignment operator. Replaces the existing shared_ptr with ptr.
// Increment ptr's reference count and decrement the one being replaced.
template <typename U>
shared_ptr<T>& operator=(const shared_ptr<U>& ptr) {
if (ptr_ != ptr.ptr_) {
shared_ptr<T> me(ptr); // will hold our previous state to be destroyed.
swap(me);
}
return *this;
}
// Need non-templated version to prevent the compiler-generated default
shared_ptr<T>& operator=(const shared_ptr<T>& ptr) {
if (ptr_ != ptr.ptr_) {
shared_ptr<T> me(ptr); // will hold our previous state to be destroyed.
swap(me);
}
return *this;
}
~shared_ptr() {
if (ptr_ != NULL) {
if (!RefCountDec(&control_block_->refcount_)) {
delete ptr_;
}
}
}
// Replaces underlying raw pointer with the one passed in. The reference
// count is set to one (or zero if the pointer is NULL) for the pointer
// being passed in and decremented for the one being replaced.
//
// If you have a compilation error with this code, make sure you aren't
// passing NULL, nullptr, or 0 to this function. Call reset without an
// argument to reset to a null ptr.
template <typename Y>
void reset(Y* p) {
if (p != ptr_) {
shared_ptr<T> tmp(p);
tmp.swap(*this);
}
}
void reset() {
reset(static_cast<T*>(NULL));
}
// Exchanges the contents of this with the contents of r. This function
// supports more efficient swapping since it eliminates the need for a
// temporary shared_ptr object.
void swap(shared_ptr<T>& r) {
using std::swap; // http://go/using-std-swap
swap(ptr_, r.ptr_);
swap(control_block_, r.control_block_);
}
// The following function is useful for gaining access to the underlying
// pointer when a shared_ptr remains in scope so the reference-count is
// known to be > 0 (e.g. for parameter passing).
T* get() const {
return ptr_;
}
T& operator*() const {
return *ptr_;
}
T* operator->() const {
return ptr_;
}
long use_count() const {
return control_block_ ? control_block_->refcount_ : 1;
}
bool unique() const {
return use_count() == 1;
}
private:
// If r is non-empty, initialize *this to share ownership with r,
// increasing the underlying reference count.
// If r is empty, *this remains empty.
// Requires: this is empty, namely this->ptr_ == NULL.
template <typename U>
void Initialize(const shared_ptr<U>& r) {
// This performs a static_cast on r.ptr_ to U*, which is a no-op since it
// is already a U*. So initialization here requires that r.ptr_ is
// implicitly convertible to T*.
InitializeWithStaticCast<U>(r);
}
// Initializes *this as described in Initialize, but additionally performs a
// static_cast from r.ptr_ (V*) to U*.
// NOTE(gfc): We'd need a more general form to support const_pointer_cast and
// dynamic_pointer_cast, but those operations are sufficiently discouraged
// that supporting static_pointer_cast is sufficient.
template <typename U, typename V>
void InitializeWithStaticCast(const shared_ptr<V>& r) {
if (r.control_block_ != NULL) {
RefCountInc(&r.control_block_->refcount_);
ptr_ = static_cast<U*>(r.ptr_);
control_block_ = r.control_block_;
}
}
T* ptr_;
SharedPtrControlBlock* control_block_;
};
} // namespace wvcdm
#endif // WVCDM_CORE_SHARED_PTR_H__

136
core/include/usage_table_header.h Normal file
View File

@@ -0,0 +1,136 @@
// Copyright 2017 Google Inc. All Rights Reserved.
#ifndef WVCDM_CORE_USAGE_TABLE_HEADER_H_
#define WVCDM_CORE_USAGE_TABLE_HEADER_H_
#include <string>
#include <vector>
#include "device_files.h"
#include "file_store.h"
#include "lock.h"
#include "metrics_collections.h"
#include "scoped_ptr.h"
#include "wv_cdm_types.h"
namespace wvcdm {
class CryptoSession;
// Offline licenses/secure stops may be securely tracked using usage
// tables (OEMCrypto v9-12) or usage table headers+usage entries
// (OEMCrypto v13+). This class assists with the latter, synchronizing
// access to usage table header and associated data-structures and controlling
// when they are read in or written out to non-secure persistent storage.
//
// Each OEMCrypto (for each security level) will maintain its own usage table
// header. Each license will have an associated usage entry that is also
// stored in persistent memory and is noted in the usage table header.
// Usage entry information will be verified when licenses are loaded.
//
// OEMCrypto for each security level have their own usage table
// headers. They are loaded on initialization and written out periodically.
// The lifecycle of this class is tied to when OEMCrypto is
// initialized/terminated.
//
// Sessions and licenses are however handled by CdmSession and so most
// calls to maniplate the usage table header related to usage entries
// are by CdmSession.
//
// Upgrades from a fixed size usage table (supported by previous
// versions of the OEMCrypto API v9-12) are handled by this class.
// |usage_entry| and |usage_entry_number|s need to be saved in the license
// and usage info records by the caller.
class UsageTableHeader {
public:
UsageTableHeader();
virtual ~UsageTableHeader() {}
// |crypto_session| is used to create or load a usage master table and
// not cached beyound this call.
bool Init(CdmSecurityLevel security_level, CryptoSession* crypto_session);
// |persistent_license| false indicates usage info record
CdmResponseType AddEntry(CryptoSession* crypto_session,
bool persistent_license,
const CdmKeySetId& key_set_id,
const std::string& usage_info_filename,
uint32_t* usage_entry_number);
CdmResponseType LoadEntry(CryptoSession* crypto_session,
const CdmUsageEntry& usage_entry,
uint32_t usage_entry_number);
CdmResponseType UpdateEntry(CryptoSession* crypto_session,
CdmUsageEntry* usage_entry);
// The licenses or usage info records specified by |usage_entry_number|
// should not be in use by any open CryptoSession objects when calls
// to DeleteEntry and MoveEntry are made.
CdmResponseType DeleteEntry(uint32_t usage_entry_number, DeviceFiles* handle,
metrics::CryptoMetrics* metrics);
private:
CdmResponseType MoveEntry(uint32_t from /* usage entry number */,
const CdmUsageEntry& from_usage_entry,
uint32_t to /* usage entry number */,
DeviceFiles* handle,
metrics::CryptoMetrics* metrics);
CdmResponseType GetEntry(uint32_t usage_entry_number, DeviceFiles* handle,
CdmUsageEntry* usage_entry);
CdmResponseType StoreEntry(uint32_t usage_entry_number, DeviceFiles* handle,
const CdmUsageEntry& usage_entry);
CdmResponseType Shrink(metrics::CryptoMetrics* metrics,
uint32_t number_of_usage_entries_to_delete);
CdmResponseType UpgradeFromUsageTable(DeviceFiles* handle,
metrics::CryptoMetrics* metrics);
bool UpgradeLicensesFromUsageTable(DeviceFiles* handle,
metrics::CryptoMetrics* metrics);
bool UpgradeUsageInfoFromUsageTable(DeviceFiles* handle,
metrics::CryptoMetrics* metrics);
virtual bool is_inited() { return is_inited_; }
virtual bool CreateDummyOldUsageEntry(CryptoSession* crypto_session);
// This handle and file system is only to be used when accessing
// usage_table_header. Usage entries should use the file system provided
// by CdmSession.
scoped_ptr<DeviceFiles> file_handle_;
scoped_ptr<FileSystem> file_system_;
CdmSecurityLevel security_level_;
SecurityLevel requested_security_level_;
CdmUsageTableHeader usage_table_header_;
std::vector<CdmUsageEntryInfo> usage_entry_info_;
// Lock to ensure that a single object is created for each security level
// and data member to represent whether an object has been correctly
// initialized.
bool is_inited_;
// Synchonizes access to the Usage Table Header and bookkeeping
// data-structures
Lock usage_table_header_lock_;
// Test related declarations
friend class UsageTableHeaderTest;
// These setters are for testing only. Takes ownership of the pointers.
void SetDeviceFiles(DeviceFiles* device_files) {
file_handle_.reset(device_files);
}
void SetCryptoSession(CryptoSession* crypto_session) {
test_crypto_session_.reset(crypto_session);
}
// Test related data members
scoped_ptr<CryptoSession> test_crypto_session_;
CORE_DISALLOW_COPY_AND_ASSIGN(UsageTableHeader);
};
} // namespace wvcdm
#endif // WVCDM_CORE_USAGE_TABLE_HEADER_H_

7
core/include/wv_cdm_constants.h
View File

@@ -13,6 +13,7 @@ static const size_t KEY_PAD_SIZE = 16;
static const size_t KEY_SIZE = 16;
static const size_t MAC_KEY_SIZE = 32;
static const size_t KEYBOX_KEY_DATA_SIZE = 72;
static const size_t SRM_REQUIREMENT_SIZE = 12;
// Initial estimate of certificate size. Code that
// uses this estimate should be able to adapt to a larger or smaller size.
@@ -63,6 +64,10 @@ static const std::string QUERY_KEY_MAX_NUMBER_OF_SESSIONS =
"MaxNumberOfSessions";
static const std::string QUERY_KEY_OEMCRYPTO_API_VERSION =
"OemCryptoApiVersion";
static const std::string QUERY_KEY_CURRENT_SRM_VERSION = "CurrentSRMVersion";
static const std::string QUERY_KEY_SRM_UPDATE_SUPPORT = "SRMUpdateSupport";
// whether OEM supports SRM update
static const std::string QUERY_KEY_WVCDM_VERSION = "WidevineCdmVersion";
static const std::string QUERY_VALUE_TRUE = "True";
static const std::string QUERY_VALUE_FALSE = "False";
@@ -72,6 +77,7 @@ static const std::string QUERY_VALUE_SECURITY_LEVEL_L1 = "L1";
static const std::string QUERY_VALUE_SECURITY_LEVEL_L2 = "L2";
static const std::string QUERY_VALUE_SECURITY_LEVEL_L3 = "L3";
static const std::string QUERY_VALUE_SECURITY_LEVEL_UNKNOWN = "Unknown";
static const std::string QUERY_VALUE_SECURITY_LEVEL_DEFAULT = "Default";
static const std::string QUERY_VALUE_DISCONNECTED = "Disconnected";
static const std::string QUERY_VALUE_UNPROTECTED = "Unprotected";
static const std::string QUERY_VALUE_HDCP_V1 = "HDCP-1.x";
@@ -103,6 +109,7 @@ static const char EMPTY_SPOID[] = "";
//Policy engine HDCP enforcement
static const uint32_t HDCP_UNSPECIFIED_VIDEO_RESOLUTION = 0;
static const int64_t HDCP_DEVICE_CHECK_INTERVAL = 10;
static const char EMPTY_APP_PACKAGE_NAME[] = "";
} // namespace wvcdm
#endif // WVCDM_CORE_WV_CDM_CONSTANTS_H_

155
core/include/wv_cdm_types.h
View File

@@ -21,13 +21,14 @@ typedef std::string CdmKeySetId;
typedef std::string RequestId;
typedef uint32_t CryptoResult;
typedef uint32_t CryptoSessionId;
typedef std::string CryptoKeyId;
typedef std::map<std::string, std::string> CdmAppParameterMap;
typedef std::map<std::string, std::string> CdmQueryMap;
typedef std::vector<std::string> CdmUsageInfo;
typedef std::string CdmUsageInfoReleaseMessage;
typedef std::string CdmProvisioningRequest;
typedef std::string CdmProvisioningResponse;
typedef std::string CdmUsageTableHeader;
typedef std::string CdmUsageEntry;
enum CdmKeyRequestType {
kKeyRequestTypeUnknown,
@@ -52,7 +53,7 @@ enum CdmResponseType {
CERT_PROVISIONING_GET_KEYBOX_ERROR_2,
CERT_PROVISIONING_INVALID_CERT_TYPE,
CERT_PROVISIONING_REQUEST_ERROR_1,
CERT_PROVISIONING_REQUEST_ERROR_2, /* 15 */
CERT_PROVISIONING_NONCE_GENERATION_ERROR, /* 15 */
CERT_PROVISIONING_REQUEST_ERROR_3,
CERT_PROVISIONING_REQUEST_ERROR_4,
CERT_PROVISIONING_RESPONSE_ERROR_1,
@@ -195,8 +196,7 @@ enum CdmResponseType {
UNUSED_2, /* previously INVALID_PARAMETERS_LIC_5 */
INVALID_PARAMETERS_LIC_6,
INVALID_PARAMETERS_LIC_7, /* 155 */
UNUSED_9,
/* UNUSED_9 previously LICENSE_REQUEST_SERVICE_CERTIFICATE_GENERATION_ERROR */
LICENSE_REQUEST_SERVICE_CERTIFICATE_GENERATION_ERROR,
CENC_INIT_DATA_UNAVAILABLE,
PREPARE_CENC_CONTENT_ID_FAILED,
WEBM_INIT_DATA_UNAVAILABLE,
@@ -229,55 +229,95 @@ enum CdmResponseType {
INVALID_PARAMETERS_ENG_8,
INVALID_PARAMETERS_ENG_9,
INVALID_PARAMETERS_ENG_10,
INVALID_PARAMETERS_ENG_11, /* 190 */
INVALID_PARAMETERS_ENG_12,
INVALID_PARAMETERS_ENG_11,
INVALID_PARAMETERS_ENG_12, /* 190 */
SESSION_NOT_FOUND_13,
SESSION_NOT_FOUND_14,
SESSION_NOT_FOUND_15,
SESSION_NOT_FOUND_16, /* 195 */
KEY_NOT_FOUND_3,
SESSION_NOT_FOUND_16,
KEY_NOT_FOUND_3, /* 195 */
KEY_NOT_FOUND_4,
KEY_NOT_FOUND_5,
KEY_NOT_FOUND_6,
KEY_ERROR_1, /* 200 */
KEY_ERROR_2,
KEY_ERROR_3,
KEY_ERROR_4,
INVALID_SESSION_1,
NO_DEVICE_KEY_1, /* 200 */
NO_CONTENT_KEY_2,
INSUFFICIENT_CRYPTO_RESOURCES_2,
INVALID_PARAMETERS_ENG_13,
INVALID_PARAMETERS_ENG_14, /* 205 */
INVALID_PARAMETERS_ENG_15,
INVALID_PARAMETERS_ENG_14,
INVALID_PARAMETERS_ENG_15, /* 205 */
INVALID_PARAMETERS_ENG_16,
UNUSED_7, /* previously DEVICE_CERTIFICATE_ERROR_5 */
CERT_PROVISIONING_CLIENT_TOKEN_ERROR_1,
CERT_PROVISIONING_CLIENT_TOKEN_ERROR_2, /* 210 */
LICENSING_CLIENT_TOKEN_ERROR_1,
INVALID_PARAMETERS_ENG_17,
INVALID_PARAMETERS_ENG_18,
LIST_LICENSE_ERROR_1,
LIST_LICENSE_ERROR_2, /* 215 */
LIST_USAGE_ERROR_1,
LIST_USAGE_ERROR_2,
DELETE_USAGE_ERROR_1,
DELETE_USAGE_ERROR_2,
DELETE_USAGE_ERROR_3, /* 220 */
RELEASE_ALL_USAGE_INFO_ERROR_3,
RELEASE_ALL_USAGE_INFO_ERROR_4,
PRIVACY_MODE_ERROR_1,
PRIVACY_MODE_ERROR_2,
PRIVACY_MODE_ERROR_3, /* 225 */
EMPTY_RESPONSE_ERROR_1,
INVALID_PARAMETERS_ENG_19,
PARSE_RESPONSE_ERROR_1,
PARSE_RESPONSE_ERROR_2,
PARSE_RESPONSE_ERROR_3, /* 230 */
PARSE_RESPONSE_ERROR_4,
LICENSE_REQUEST_INVALID_SUBLICENSE,
INVALID_SESSION_1,
NO_DEVICE_KEY_1,
NO_CONTENT_KEY_2, /* 235 */
INSUFFICIENT_CRYPTO_RESOURCES_2,
CERT_PROVISIONING_CLIENT_TOKEN_ERROR_2,
LICENSING_CLIENT_TOKEN_ERROR_1, /* 210 */
ANALOG_OUTPUT_ERROR,
UNKNOWN_SELECT_KEY_ERROR_1,
UNKNOWN_SELECT_KEY_ERROR_2,
CREATE_USAGE_TABLE_ERROR,
LOAD_USAGE_HEADER_GENERATION_SKEW, /* 215 */
LOAD_USAGE_HEADER_SIGNATURE_FAILURE,
LOAD_USAGE_HEADER_BAD_MAGIC,
LOAD_USAGE_HEADER_UNKNOWN_ERROR,
INVALID_PARAMETERS_ENG_17,
INVALID_PARAMETERS_ENG_18, /* 220 */
INSUFFICIENT_CRYPTO_RESOURCES_3,
CREATE_USAGE_ENTRY_UNKNOWN_ERROR,
LOAD_USAGE_ENTRY_GENERATION_SKEW,
LOAD_USAGE_ENTRY_SIGNATURE_FAILURE,
LOAD_USAGE_ENTRY_UNKNOWN_ERROR, /* 225 */
INVALID_PARAMETERS_ENG_19,
INVALID_PARAMETERS_ENG_20,
UPDATE_USAGE_ENTRY_UNKNOWN_ERROR,
INVALID_PARAMETERS_ENG_21,
SHRINK_USAGE_TABLER_HEADER_UNKNOWN_ERROR, /* 230 */
MOVE_USAGE_ENTRY_UNKNOWN_ERROR,
COPY_OLD_USAGE_ENTRY_UNKNOWN_ERROR,
INVALID_PARAMETERS_ENG_22,
LIST_LICENSE_ERROR_1,
LIST_LICENSE_ERROR_2, /* 235 */
INVALID_PARAMETERS_ENG_23,
USAGE_INFORMATION_SUPPORT_FAILED,
USAGE_SUPPORT_GET_API_FAILED,
UNEXPECTED_EMPTY_USAGE_ENTRY,
INVALID_USAGE_ENTRY_NUMBER_MODIFICATION, /* 240 */
USAGE_INVALID_NEW_ENTRY,
USAGE_INVALID_PARAMETERS_1,
USAGE_GET_ENTRY_RETRIEVE_LICENSE_FAILED,
USAGE_GET_ENTRY_RETRIEVE_USAGE_INFO_FAILED,
USAGE_GET_ENTRY_RETRIEVE_INVALID_STORAGE_TYPE, /* 245 */
USAGE_ENTRY_NUMBER_MISMATCH,
USAGE_STORE_LICENSE_FAILED,
USAGE_STORE_USAGE_INFO_FAILED,
USAGE_INVALID_LOAD_ENTRY,
RELEASE_ALL_USAGE_INFO_ERROR_4, /* 250 */
RELEASE_ALL_USAGE_INFO_ERROR_5,
RELEASE_USAGE_INFO_FAILED,
INCORRECT_USAGE_SUPPORT_TYPE_1,
INCORRECT_USAGE_SUPPORT_TYPE_2,
KEY_PROHIBITED_FOR_SECURITY_LEVEL, /* 255 */
KEY_NOT_FOUND_IN_SESSION,
NO_USAGE_ENTRIES,
LIST_USAGE_ERROR_1,
LIST_USAGE_ERROR_2,
DELETE_USAGE_ERROR_1, /* 260 */
DELETE_USAGE_ERROR_2,
DELETE_USAGE_ERROR_3,
PRIVACY_MODE_ERROR_1,
PRIVACY_MODE_ERROR_2,
PRIVACY_MODE_ERROR_3, /* 265 */
EMPTY_RESPONSE_ERROR_1,
INVALID_PARAMETERS_ENG_24,
PARSE_RESPONSE_ERROR_1,
PARSE_RESPONSE_ERROR_2,
PARSE_RESPONSE_ERROR_3, /* 270 */
PARSE_RESPONSE_ERROR_4,
USAGE_STORE_ENTRY_RETRIEVE_LICENSE_FAILED,
USAGE_STORE_ENTRY_RETRIEVE_USAGE_INFO_FAILED,
USAGE_STORE_ENTRY_RETRIEVE_INVALID_STORAGE_TYPE,
RELEASE_ALL_USAGE_INFO_ERROR_6, /* 275 */
RELEASE_ALL_USAGE_INFO_ERROR_7,
LICENSE_REQUEST_INVALID_SUBLICENSE,
};
enum CdmKeyStatus {
@@ -349,6 +389,39 @@ enum CdmClientTokenType {
kClientTokenOemCert
};
// kNonSecureUsageSupport - TEE does not provide any support for usage
// information.
// kUsageTableSupport - TEE persists usage information securely in a fixed
// size table, commonly 50 entries. (OEMCrypto v9+)
// kUsageEntrySupport - usage information (table headers and entries) are
// persisted in non-secure storage but are loaded and unloaded from
// the TEE during use (OEMCrypto v13+)
// kUnknownUsageSupport - usage support type is uninitialized or unavailable
enum CdmUsageSupportType {
kNonSecureUsageSupport,
kUsageTableSupport,
kUsageEntrySupport,
kUnknownUsageSupport,
};
enum CdmUsageEntryStorageType {
kStorageLicense,
kStorageUsageInfo,
kStorageTypeUnknown,
};
struct CdmUsageEntryInfo {
CdmUsageEntryStorageType storage_type;
CdmKeySetId key_set_id;
std::string usage_info_file_name;
bool operator==(const CdmUsageEntryInfo& other) const {
return storage_type == other.storage_type &&
key_set_id == other.key_set_id &&
(storage_type != kStorageUsageInfo ||
usage_info_file_name == other.usage_info_file_name);
}
};
class CdmKeyAllowedUsage {
public:
CdmKeyAllowedUsage() {