Regular update

Plugin:
1. Process ECM v3 and send fingerprinting/service_blocking events
2. Rmove unused function Ctr128Add
3. Add support for ECM v3

OEMCrypto:
1. Update API description of OEMCrypto_LoadCasECMKeys
2. Fix android build files for ODK
3. Load content keys to shared memory
4. Move KCB check to LoadCasKeys call
5. Support even/odd content keys to share entitlement key

oemcrypto/include/OEMCryptoCAS.h

@@ -268,10 +268,10 @@ typedef struct {
  * padding.
  * entitlement_key_id - entitlement key id to be matched to key table.
  * content_key_id - content key id to be loaded into key table.
- * content_key_data_iv - the IV for performing AES-256-CBC decryption of the key data.
- * content_key_data - encrypted content key data.
- * content_iv - the 16 byte iv used to decrypt content.
- * cipher_mode - the cipher mode to be used to decrypt the content.
+ * content_key_data_iv - the IV for performing AES-256-CBC decryption of the key
+ * data. content_key_data - encrypted content key data. content_iv - the 16 byte
+ * iv used to decrypt content. cipher_mode - the cipher mode to be used to
+ * decrypt the content.
  */
 typedef struct {
   OEMCrypto_Substring entitlement_key_id;
@@ -1737,42 +1737,44 @@ OEMCryptoResult OEMCrypto_LoadEntitledContentKeys(
  * OEMCrypto_LoadCasECMKeys
  *
  * Description:
- *   Load content keys into a session which already has entitlement
- *   keys loaded.  This function will only be called for a session after a call
- *   to OEMCrypto_LoadKeys with the parameter type license_type equal to
- *   OEMCrypto_EntitlementLicense.  This function may be called multiple times
- *   for the same session.
+ *   The OEMCrypto_LoadCasECMKeys method is added to load content keys into an
+ *   entitled key session, which already has entitlement keys loaded.
  *
- *   If the session does not have license_type equal to
- *   OEMCrypto_EntitlementLicense, return OEMCrypto_ERROR_INVALID_CONTEXT and
- *   perform no work.
+ *   This function will only be called for a session after a call to
+ *   OEMCrypto_LoadKeys with the license_type equal to
+ *   OEMCrypto_EntitlementLicense, and a call to
+ *   OEMCrypto_CreateEntitledKeySession initializing the entitled key session.
+ *   This function may be called multiple times for the same session.
  *
- *   For each key object in key_array, OEMCrypto shall look up the entry in the
- *   key table with the corresponding entitlement_key_id.
+ *   For each key object, odd and even, OEMCrypto shall look up the entry in the
+ *   key table with the corresponding entitlement_key_id. Before the
+ *   entitlement_key is used:
  *    1) If no entry is found, return OEMCrypto_KEY_NOT_ENTITLED.
- *    2) If the entry already has a content_key_id and content_key_data, that id
- *       and data are erased.
- *    3) The content_key_id from the key_array is copied to the entry's
- *       content_key_id.
+ *    2) Check the entitlement key’s key control block use. If failed, return
+ *       corresponding error code such as OEMCrypto_ERROR_ANALOG_OUTPUT,
+ *       OEMCrypto_ERROR_INSUFFICIENT_HDCP.
+ *    3) If the entitlement key’s control block has a nonzero Duration field,
+ *       then the API shall verify that the duration is greater than the
+ *       session’s elapsed time clock before the key is used. OEMCrypto will
+ *       return OEMCrypto_ERROR_KEY_EXPIRED.
  *    4) The content_key_data decrypted using the entitlement_key_data as a key
- *       for AES-256-CBC with an IV of content_key_data_iv, and using PKCS#7
- *       padding.  Notice that the entitlement key will be an AES 256 bit key.
- *       The clear content key data will be stored in the entry's
- *       content_key_data.
- *    5) The decrypted content key data may be set in a hardware descrambler
- *       if present.
- *
- *   Entries in the key table that do not correspond to anything in the
- *   key_array are not modified or removed.
- *
- *   For devices that use a hardware key ladder, it may be more appropriate to
- *   store the encrypted content key data in the key table, and defer decrypting
- *   it until the function SelectKey is called.
+ *       for AES-256-CBC with an IV of content_key_data_iv. Wrapped content is
+ *       padded using PKCS#7 padding. Notice that the entitlement key will be an
+ *       AES 256 bit key.  The clear content key data will be stored in the
+ *       entry’s content_key_data.
+ *    5) The decrypted content key data may be set in a hardware KeySlot,
+ *       together with content iv and cipher mode information, which can be used
+ *       by the Descrambler in TunerHal. The entitled key session ID may be used
+ *       as the key token to uniquely identify the content key in KeySlot.
  *
  * Parameters:
- *   session (in) - handle for the session to be used.
- *   even_key (in) - key update for the even ecm key.
- *   odd_key (in) - key update for the odd ecm key.
+ *   [in] session: handle for the entitled key session to be used.
+ *   [in] message: pointer to memory containing message to be verified.
+ *   [in] message_length: length of the message, in bytes.
+ *   [in] even_key: key update for the even ecm key. May be null if the key
+ *        does not change.
+ *   [in] odd_key: key update for the odd ecm key. May be null if the key does
+ *        not change.
  *
  * Returns
  *   OEMCrypto_SUCCESS success
@@ -1781,6 +1783,11 @@ OEMCryptoResult OEMCrypto_LoadEntitledContentKeys(
  *   OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
  *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *   OEMCrypto_KEY_NOT_ENTITLED
+ *   OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION
+ *   OEMCrypto_ERROR_KEY_EXPIRED
+ *   OEMCrypto_ERROR_ANALOG_OUTPUT
+ *   OEMCrypto_ERROR_INSUFFICIENT_HDCP
+ *
  * Threading
  *
  *   This function may be called simultaneously with functions on other