WvPL License SDK release: 17.0.1 updated cc_header files.

2022-05-10 22:02:05 +00:00
parent 743f4faefe
commit 29a2216e75
14 changed files with 452 additions and 34 deletions
--- a/centos/cc_header/core_message_util.h
+++ b/centos/cc_header/core_message_util.h
@@ -0,0 +1,53 @@
+// Copyright 2019 Google LLC. All rights reserved.
+
+#ifndef VIDEO_WIDEVINE_EXPORT_COMMON_CORE_MESSAGE_UTIL_H_
+#define VIDEO_WIDEVINE_EXPORT_COMMON_CORE_MESSAGE_UTIL_H_
+
+#include <cstdint>
+#include <string>
+
+#include <cstdint>
+#include "common/oemcrypto_core_message/odk/include/core_message_features.h"
+
+namespace video_widevine {
+namespace core_message_util {
+
+// Parse the core message feature specification in |specification| and store the
+// result in |features|. Return true if successful.
+bool ParseCoreMessageFeatures(
+    const std::string& specification,
+    oemcrypto_core_message::features::CoreMessageFeatures* features);
+
+// Gets the |response_core_message| by parsing |request_core_message| and
+// |serialized_provisioning_response|. The output is held in
+// |response_core_message|.
+bool GetCoreProvisioningResponse(
+    const oemcrypto_core_message::features::CoreMessageFeatures& features,
+    const std::string& serialized_provisioning_response,
+    const std::string& request_core_message,
+    std::string* response_core_message);
+
+// Gets the |response_core_message| by parsing |request_core_message| for
+// release and renewal response. The output is held in |response_core_message|.
+bool GetCoreRenewalOrReleaseLicenseResponse(
+    const oemcrypto_core_message::features::CoreMessageFeatures& features,
+    uint64_t renewal_duration_seconds, const std::string& request_core_message,
+    std::string* response_core_message);
+
+// Gets the |response_core_message| by parsing |request_core_message| and
+// |license| for new license response. The output is held in
+// |response_core_message|.
+bool GetCoreNewLicenseResponse(
+    const oemcrypto_core_message::features::CoreMessageFeatures& features,
+    const std::string& license, const std::string& request_core_message,
+    const bool nonce_required, const bool uses_padding,
+    std::string* response_core_message);
+
+// Populates the |odk_major_version| and |odk_minor_version| from the ODK core
+// message sent in the license request by parsing |request_core_message|.
+bool GetCoreVersion(const std::string& request_core_message,
+                    uint16_t* odk_major_version, uint16_t* odk_minor_version);
+
+}  // namespace core_message_util
+}  // namespace video_widevine
+#endif  // VIDEO_WIDEVINE_EXPORT_COMMON_CORE_MESSAGE_UTIL_H_
--- a/centos/cc_header/crypto_util.h
+++ b/centos/cc_header/crypto_util.h
@@ -0,0 +1,102 @@
+// Copyright 2016 Google LLC. All rights reserved.
+
+// Contains common crypto routines for widevine protocols.  These routines are
+// used as part of licensing and provisioning request handling.
+
+#ifndef VIDEO_WIDEVINE_EXPORT_COMMON_CRYPTO_UTIL_H_
+#define VIDEO_WIDEVINE_EXPORT_COMMON_CRYPTO_UTIL_H_
+
+#include <cstdint>
+#include <string>
+
+#include "absl/strings/escaping.h"
+#include "absl/strings/string_view.h"
+#include "openssl/digest.h"
+
+namespace video_widevine {
+namespace crypto_util {
+
+// Default constants used for key derivation for encryption and signing.
+// TODO(blueeyes): These are duplicated in session.cc in the sdk.  de-dup.
+extern const char kWrappingKeyLabel[];
+extern const int kWrappingKeySizeBits;
+extern const char kSigningKeyLabel[];
+extern const int kSigningKeySizeBits;
+extern const size_t kSigningKeySizeBytes;
+extern const char kIvMasterKey[];
+extern const char kIvLabel[];
+extern const int kIvSizeBits;
+extern const int kAes128KeySizeBits;
+extern const int kAes128KeySizeBytes;
+extern const char kKeyboxV3Label[];
+
+extern const uint32_t kCENCSchemeID;  // 'cenc' (AES-CTR): 0x63656E63
+extern const uint32_t kCBC1SchemeID;  // 'cbc1' (AES-CBC): 0x63626331
+extern const uint32_t kCENSSchemeID;  // 'cens' (AES-CTR subsample): 0x63656E73
+extern const uint32_t kCBCSSchemeID;  // 'cbcs' (AES-CBC subsample): 0x63626373
+
+// DeriveKey uses the NIST 800-108 KDF recommendation, using AES-CMAC PRF.
+// NIST 800-108:
+// http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
+// AES-CMAC:
+// http://tools.ietf.org/html/rfc4493
+std::string DeriveKey(absl::string_view key, absl::string_view label,
+                      absl::string_view context, const uint32_t size_bits);
+
+// Derives an IV from the provided |context|.
+std::string DeriveIv(absl::string_view context);
+
+// Derives a key ID from the provided |context|.
+std::string DeriveKeyId(absl::string_view context);
+
+// Helper function to derive a key using the group master key and context.
+std::string DeriveGroupSessionKey(absl::string_view context,
+                                  const uint32_t size_bits);
+
+// Helper function to derive a signing key for from the signing context.
+std::string DeriveSigningKey(absl::string_view key, absl::string_view context,
+                             const uint32_t size_bits);
+
+// Helper function to create a SHA-256 HMAC signature for the given message.
+std::string CreateSignatureHmacSha256(absl::string_view key,
+                                      absl::string_view message);
+
+// Helper function to create a SHA-384 HMAC signature for the given message.
+std::string CreateSignatureHmacSha384(absl::string_view key,
+                                      absl::string_view message);
+// Helper function to create a HMAC signature for the specified hash algorithm
+// and message.
+std::string CreateSignatureHmac(const EVP_MD* hash_algorithm,
+                                unsigned char* digest, absl::string_view key,
+                                absl::string_view message);
+
+// Helper function which compares the SHA-256 HMAC against the provided
+// signature.
+bool VerifySignatureHmacSha256(absl::string_view key,
+                               absl::string_view signature,
+                               absl::string_view message);
+
+// Helper function which compares the SHA-384 HMAC against the provided
+// signature.
+bool VerifySignatureHmacSha384(absl::string_view key,
+                               absl::string_view signature,
+                               absl::string_view message);
+
+// Helper function to create a SHA-1 HMAC signature for the given message.
+std::string CreateSignatureHmacSha1(absl::string_view key,
+                                    absl::string_view message);
+
+// Helper function which compares the SHA-1 HMAC against the provided
+// signature.
+bool VerifySignatureHmacSha1(absl::string_view key, absl::string_view signature,
+                             absl::string_view message);
+
+// Converts a requested 4CC encryption scheme ID from a std::string to a uint32_t and
+// verifies it is a correct value.
+bool FourCCEncryptionSchemeIDFromString(absl::string_view requested,
+                                        uint32_t* four_cc_code);
+
+}  // namespace crypto_util
+}  // namespace video_widevine
+
+#endif  // VIDEO_WIDEVINE_EXPORT_COMMON_CRYPTO_UTIL_H_
--- a/centos/cc_header/environment.h
+++ b/centos/cc_header/environment.h
@@ -4,6 +4,7 @@
 #define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_ENVIRONMENT_H_

 #include <memory>
+#include <string>

 #include "absl/strings/string_view.h"
 #include "absl/synchronization/mutex.h"
--- a/centos/cc_header/environment_impl.h
+++ b/centos/cc_header/environment_impl.h
@@ -58,9 +58,9 @@ class EnvironmentImpl {
  void SetPreProvisioningKeys(const std::multimap<uint32_t, std::string>& keys);

  Status AddDrmServiceCertificate(
-      const std::string& service_certificate,
-      const std::string& service_private_key,
-      const std::string& service_private_key_passphrase);
+      absl::string_view service_certificate,
+      absl::string_view service_private_key,
+      absl::string_view service_private_key_passphrase);

  // Returns true if service certificate is loaded.
  bool is_service_certificate_loaded();
@@ -70,7 +70,7 @@ class EnvironmentImpl {
  // certificate_status_list expires after its creation time
  // (creation_time_seconds).  If |allow_unknown_devices| is false, an error is
  // returned if the device does not appear in the certificate_status_list.
-  Status SetCertificateStatusList(const std::string& certificate_status_list,
+  Status SetCertificateStatusList(absl::string_view certificate_status_list,
                                  uint32_t expiration_period_seconds,
                                  bool allow_unknown_devices);

@@ -83,27 +83,27 @@ class EnvironmentImpl {
  // |device_list_make| is a comma separated list of devices to allow even
  // if the device is in a TEST_ONLY state.  This list wil be used only if
  // AllowDevelopmentClient(false) is in use.
-  void AllowTestOnlyDevicesByMake(const std::string& device_list_make);
+  void AllowTestOnlyDevicesByMake(absl::string_view device_list_make);

  // Enable delivery of licenses to TEST_ONLY client devices.
  // |device_list_provider| is a comma separated list of providers to allow
  // even if the device is in a TEST_ONLY state.  This list wil be used only if
  // AllowDevelopmentClient(false) is in use.
-  void AllowTestOnlyDevicesByProvider(const std::string& device_list_provider);
+  void AllowTestOnlyDevicesByProvider(absl::string_view device_list_provider);

  // Enable delivery of licenses to revoked client devices. |system_id_list| is
  // a comma separated list of systems Ids to allow even if the device is in the
  // revoked state.
-  void AllowRevokedDevices(const std::string& system_id_list);
+  void AllowRevokedDevices(absl::string_view system_id_list);

  // A comma separated list of DRM Certificate Serial Numbers that are revoked.
  void RevokedDrmCertificateSerialNumbers(
-      const std::string& drm_certificate_serial_numbers);
+      absl::string_view drm_certificate_serial_numbers);

  // Restriction on core message features. If this is an empty string, the
  // default feature set is used. If it is an integer, that is the ODK version
  // supported.
-  void SetCoreMessageFeatures(const std::string& core_message_features);
+  void SetCoreMessageFeatures(absl::string_view core_message_features);

  // Generates a SignedMessage containing a message generated in response to
  // an error condition. |status| is a previous error status returned by the
@@ -118,7 +118,7 @@ class EnvironmentImpl {
  // Generates a SignedMessage containing a service certifcate for the specified
  // |provider|. Returns false if |provider| does not exist.  Returns the
  // default service certificate if |provider| is empty.
-  bool GenerateServiceCertificateResponse(const std::string& provider,
+  bool GenerateServiceCertificateResponse(absl::string_view provider,
                                          std::string* signed_message_bytes);

  // DeriveKey uses the NIST 800-108 KDF recommendation, using AES-CMAC PRF.
@@ -126,8 +126,8 @@ class EnvironmentImpl {
  // http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
  // AES-CMAC:
  // http://tools.ietf.org/html/rfc4493
-  std::string DeriveKey(const std::string& key, const std::string& label,
-                        const std::string& context, const uint32_t size_bits);
+  std::string DeriveKey(absl::string_view key, absl::string_view label,
+                        absl::string_view context, const uint32_t size_bits);

  // Returns a std::string containing the Widevine License Server SDK version in the
  // form <major_version>.<minor_version>.<release> <build date> <build time> .
@@ -147,7 +147,7 @@ class EnvironmentImpl {
  // version is not empty, then the server version will be included in the
  // license response. The host_version must be <= 32 characters and limited to
  // alphanumeric and '_', '-', ':', ';'and '.'.
-  bool SetHostServerVersion(const std::string& host_version);
+  bool SetHostServerVersion(absl::string_view host_version);

  void SetDefaultDeviceSecurityProfileList(SecurityProfileList* profile_list);

@@ -182,7 +182,7 @@ class EnvironmentImpl {
  // the Key Control Block which is used by partner.  Otherwise, only 'kctl' or
  // 'kc09' is returned in KCB.
  void SetDevicesToHandleOEMCryptoVersionInKCB(
-      const std::string& system_id_list);
+      absl::string_view system_id_list);

  // Return drm root certificate pointer.
  const DrmRootCertificate* drm_root_certificate() const;
@@ -216,7 +216,7 @@ class EnvironmentImpl {
  // message. Return OK if parsing is successful, otherwise an error is
  // returned.
  virtual Status SetProviderKeyConfig(
-      const std::string& provider_key_config_bytes);
+      absl::string_view provider_key_config_bytes);

  // Returns the provider key config.
  virtual const ProviderKeyConfig& GetProviderKeyConfig() const {
--- a/centos/cc_header/security_profile_list.h
+++ b/centos/cc_header/security_profile_list.h
@@ -9,7 +9,9 @@
 #define VIDEO_WIDEVINE_EXPORT_COMMON_SECURITY_PROFILE_LIST_H_

 #include <cstdint>
+#include <string>

+#include "absl/strings/string_view.h"
 #include "absl/synchronization/mutex.h"
 #include "common/hash_algorithm.h"
 #include "common/output_protection_util.h"
@@ -34,7 +36,7 @@ const char kDefaultProfileOwnerName[] = "Widevine";
 // default_device_security_profile_list gets removed.
 class SecurityProfileList {
 public:
-  explicit SecurityProfileList(const std::string& profile_namespace);
+  explicit SecurityProfileList(absl::string_view profile_namespace);
  virtual ~SecurityProfileList() {}

  // Initialize the security profile list with Widevine default profiles. The
@@ -99,7 +101,7 @@ class SecurityProfileList {

  // Deserialized SignedDeviceSecurityProfiles for custom DSPs.
  static Status DeserializeSignedDeviceSecurityProfiles(
-      const std::string& serialized_signed_device_security_profiles,
+      absl::string_view serialized_signed_device_security_profiles,
      std::string* serialized_device_security_profiles,
      HashAlgorithm* hash_algorithm, std::string* signature);

--- a/centos/cc_header/session_usage_report.h
+++ b/centos/cc_header/session_usage_report.h
@@ -0,0 +1,50 @@
+// Copyright 2017 Google LLC. All rights reserved.
+
+#ifndef VIDEO_WIDEVINE_EXPORT_SDK_INTERNAL_SESSION_USAGE_REPORT_H_
+#define VIDEO_WIDEVINE_EXPORT_SDK_INTERNAL_SESSION_USAGE_REPORT_H_
+
+#include <cstdint>
+
+#include <cstdint>
+#include "absl/base/attributes.h"
+
+namespace video_widevine {
+
+const uint32_t kMaxProviderSessionTokenSizeBytes = 128;
+
+enum SessionUsageStatus {
+  SessionUsageStatus_Unused = 0,
+  // License still active on the device, has not been released yet.
+  SessionUsageStatus_Active = 1,
+  // Deprecated in OEMCrypto V13, replaced with Inactive_Used and
+  // Inactive_Unused.  All Inactive status values indicate the license was
+  // relased.
+  SessionUsageStatus_Inactive_Deprecated = 2,
+  // Keys released after use.
+  SessionUsageStatus_Inactive_Used = 3,
+  // Keys released before use.
+  SessionUsageStatus_Inactive_Unused = 4,
+};
+
+// Data sent in the license release request from the client to indicate the
+// license usage.
+struct InternalSessionUsageReport {
+  // HMAC SHA1 of the rest of the report.
+  uint8_t signature[20];
+  // Current status of status report: 0=unused, 1=active, 2=inactive.
+  uint8_t status;
+  // The clock security level are: 0=insecure clock, 1=secure timer,
+  // 2=secure clock.
+  uint8_t clock_security_level;
+  uint8_t pst_length;
+  // Make int64_t's word aligned.
+  uint8_t padding;
+  int64_t seconds_since_license_received;
+  int64_t seconds_since_first_decrypt;
+  int64_t seconds_since_last_decrypt;
+  uint8_t pst[kMaxProviderSessionTokenSizeBytes];
+} ABSL_ATTRIBUTE_PACKED;
+
+}  // namespace video_widevine
+
+#endif  // VIDEO_WIDEVINE_EXPORT_SDK_INTERNAL_SESSION_USAGE_REPORT_H_
--- a/centos/cc_header/wvpl_sdk_session.h
+++ b/centos/cc_header/wvpl_sdk_session.h
@@ -4,6 +4,7 @@
 #define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_SESSION_H_

 #include <memory>
+#include <string>

 #include "common/security_profile_list.h"
 #include "sdk/external/cpp/wvpl/common/wvpl_types.h"
--- a/ubuntu/cc_header/core_message_util.h
+++ b/ubuntu/cc_header/core_message_util.h
@@ -0,0 +1,53 @@
+// Copyright 2019 Google LLC. All rights reserved.
+
+#ifndef VIDEO_WIDEVINE_EXPORT_COMMON_CORE_MESSAGE_UTIL_H_
+#define VIDEO_WIDEVINE_EXPORT_COMMON_CORE_MESSAGE_UTIL_H_
+
+#include <cstdint>
+#include <string>
+
+#include <cstdint>
+#include "common/oemcrypto_core_message/odk/include/core_message_features.h"
+
+namespace video_widevine {
+namespace core_message_util {
+
+// Parse the core message feature specification in |specification| and store the
+// result in |features|. Return true if successful.
+bool ParseCoreMessageFeatures(
+    const std::string& specification,
+    oemcrypto_core_message::features::CoreMessageFeatures* features);
+
+// Gets the |response_core_message| by parsing |request_core_message| and
+// |serialized_provisioning_response|. The output is held in
+// |response_core_message|.
+bool GetCoreProvisioningResponse(
+    const oemcrypto_core_message::features::CoreMessageFeatures& features,
+    const std::string& serialized_provisioning_response,
+    const std::string& request_core_message,
+    std::string* response_core_message);
+
+// Gets the |response_core_message| by parsing |request_core_message| for
+// release and renewal response. The output is held in |response_core_message|.
+bool GetCoreRenewalOrReleaseLicenseResponse(
+    const oemcrypto_core_message::features::CoreMessageFeatures& features,
+    uint64_t renewal_duration_seconds, const std::string& request_core_message,
+    std::string* response_core_message);
+
+// Gets the |response_core_message| by parsing |request_core_message| and
+// |license| for new license response. The output is held in
+// |response_core_message|.
+bool GetCoreNewLicenseResponse(
+    const oemcrypto_core_message::features::CoreMessageFeatures& features,
+    const std::string& license, const std::string& request_core_message,
+    const bool nonce_required, const bool uses_padding,
+    std::string* response_core_message);
+
+// Populates the |odk_major_version| and |odk_minor_version| from the ODK core
+// message sent in the license request by parsing |request_core_message|.
+bool GetCoreVersion(const std::string& request_core_message,
+                    uint16_t* odk_major_version, uint16_t* odk_minor_version);
+
+}  // namespace core_message_util
+}  // namespace video_widevine
+#endif  // VIDEO_WIDEVINE_EXPORT_COMMON_CORE_MESSAGE_UTIL_H_
--- a/ubuntu/cc_header/crypto_util.h
+++ b/ubuntu/cc_header/crypto_util.h
@@ -0,0 +1,102 @@
+// Copyright 2016 Google LLC. All rights reserved.
+
+// Contains common crypto routines for widevine protocols.  These routines are
+// used as part of licensing and provisioning request handling.
+
+#ifndef VIDEO_WIDEVINE_EXPORT_COMMON_CRYPTO_UTIL_H_
+#define VIDEO_WIDEVINE_EXPORT_COMMON_CRYPTO_UTIL_H_
+
+#include <cstdint>
+#include <string>
+
+#include "absl/strings/escaping.h"
+#include "absl/strings/string_view.h"
+#include "openssl/digest.h"
+
+namespace video_widevine {
+namespace crypto_util {
+
+// Default constants used for key derivation for encryption and signing.
+// TODO(blueeyes): These are duplicated in session.cc in the sdk.  de-dup.
+extern const char kWrappingKeyLabel[];
+extern const int kWrappingKeySizeBits;
+extern const char kSigningKeyLabel[];
+extern const int kSigningKeySizeBits;
+extern const size_t kSigningKeySizeBytes;
+extern const char kIvMasterKey[];
+extern const char kIvLabel[];
+extern const int kIvSizeBits;
+extern const int kAes128KeySizeBits;
+extern const int kAes128KeySizeBytes;
+extern const char kKeyboxV3Label[];
+
+extern const uint32_t kCENCSchemeID;  // 'cenc' (AES-CTR): 0x63656E63
+extern const uint32_t kCBC1SchemeID;  // 'cbc1' (AES-CBC): 0x63626331
+extern const uint32_t kCENSSchemeID;  // 'cens' (AES-CTR subsample): 0x63656E73
+extern const uint32_t kCBCSSchemeID;  // 'cbcs' (AES-CBC subsample): 0x63626373
+
+// DeriveKey uses the NIST 800-108 KDF recommendation, using AES-CMAC PRF.
+// NIST 800-108:
+// http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
+// AES-CMAC:
+// http://tools.ietf.org/html/rfc4493
+std::string DeriveKey(absl::string_view key, absl::string_view label,
+                      absl::string_view context, const uint32_t size_bits);
+
+// Derives an IV from the provided |context|.
+std::string DeriveIv(absl::string_view context);
+
+// Derives a key ID from the provided |context|.
+std::string DeriveKeyId(absl::string_view context);
+
+// Helper function to derive a key using the group master key and context.
+std::string DeriveGroupSessionKey(absl::string_view context,
+                                  const uint32_t size_bits);
+
+// Helper function to derive a signing key for from the signing context.
+std::string DeriveSigningKey(absl::string_view key, absl::string_view context,
+                             const uint32_t size_bits);
+
+// Helper function to create a SHA-256 HMAC signature for the given message.
+std::string CreateSignatureHmacSha256(absl::string_view key,
+                                      absl::string_view message);
+
+// Helper function to create a SHA-384 HMAC signature for the given message.
+std::string CreateSignatureHmacSha384(absl::string_view key,
+                                      absl::string_view message);
+// Helper function to create a HMAC signature for the specified hash algorithm
+// and message.
+std::string CreateSignatureHmac(const EVP_MD* hash_algorithm,
+                                unsigned char* digest, absl::string_view key,
+                                absl::string_view message);
+
+// Helper function which compares the SHA-256 HMAC against the provided
+// signature.
+bool VerifySignatureHmacSha256(absl::string_view key,
+                               absl::string_view signature,
+                               absl::string_view message);
+
+// Helper function which compares the SHA-384 HMAC against the provided
+// signature.
+bool VerifySignatureHmacSha384(absl::string_view key,
+                               absl::string_view signature,
+                               absl::string_view message);
+
+// Helper function to create a SHA-1 HMAC signature for the given message.
+std::string CreateSignatureHmacSha1(absl::string_view key,
+                                    absl::string_view message);
+
+// Helper function which compares the SHA-1 HMAC against the provided
+// signature.
+bool VerifySignatureHmacSha1(absl::string_view key, absl::string_view signature,
+                             absl::string_view message);
+
+// Converts a requested 4CC encryption scheme ID from a std::string to a uint32_t and
+// verifies it is a correct value.
+bool FourCCEncryptionSchemeIDFromString(absl::string_view requested,
+                                        uint32_t* four_cc_code);
+
+}  // namespace crypto_util
+}  // namespace video_widevine
+
+#endif  // VIDEO_WIDEVINE_EXPORT_COMMON_CRYPTO_UTIL_H_
--- a/ubuntu/cc_header/environment.h
+++ b/ubuntu/cc_header/environment.h
@@ -4,6 +4,7 @@
 #define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVDRM_LICENSE_SERVER_SDK_ENVIRONMENT_H_

 #include <memory>
+#include <string>

 #include "absl/strings/string_view.h"
 #include "absl/synchronization/mutex.h"
--- a/ubuntu/cc_header/environment_impl.h
+++ b/ubuntu/cc_header/environment_impl.h
@@ -58,9 +58,9 @@ class EnvironmentImpl {
  void SetPreProvisioningKeys(const std::multimap<uint32_t, std::string>& keys);

  Status AddDrmServiceCertificate(
-      const std::string& service_certificate,
-      const std::string& service_private_key,
-      const std::string& service_private_key_passphrase);
+      absl::string_view service_certificate,
+      absl::string_view service_private_key,
+      absl::string_view service_private_key_passphrase);

  // Returns true if service certificate is loaded.
  bool is_service_certificate_loaded();
@@ -70,7 +70,7 @@ class EnvironmentImpl {
  // certificate_status_list expires after its creation time
  // (creation_time_seconds).  If |allow_unknown_devices| is false, an error is
  // returned if the device does not appear in the certificate_status_list.
-  Status SetCertificateStatusList(const std::string& certificate_status_list,
+  Status SetCertificateStatusList(absl::string_view certificate_status_list,
                                  uint32_t expiration_period_seconds,
                                  bool allow_unknown_devices);

@@ -83,27 +83,27 @@ class EnvironmentImpl {
  // |device_list_make| is a comma separated list of devices to allow even
  // if the device is in a TEST_ONLY state.  This list wil be used only if
  // AllowDevelopmentClient(false) is in use.
-  void AllowTestOnlyDevicesByMake(const std::string& device_list_make);
+  void AllowTestOnlyDevicesByMake(absl::string_view device_list_make);

  // Enable delivery of licenses to TEST_ONLY client devices.
  // |device_list_provider| is a comma separated list of providers to allow
  // even if the device is in a TEST_ONLY state.  This list wil be used only if
  // AllowDevelopmentClient(false) is in use.
-  void AllowTestOnlyDevicesByProvider(const std::string& device_list_provider);
+  void AllowTestOnlyDevicesByProvider(absl::string_view device_list_provider);

  // Enable delivery of licenses to revoked client devices. |system_id_list| is
  // a comma separated list of systems Ids to allow even if the device is in the
  // revoked state.
-  void AllowRevokedDevices(const std::string& system_id_list);
+  void AllowRevokedDevices(absl::string_view system_id_list);

  // A comma separated list of DRM Certificate Serial Numbers that are revoked.
  void RevokedDrmCertificateSerialNumbers(
-      const std::string& drm_certificate_serial_numbers);
+      absl::string_view drm_certificate_serial_numbers);

  // Restriction on core message features. If this is an empty string, the
  // default feature set is used. If it is an integer, that is the ODK version
  // supported.
-  void SetCoreMessageFeatures(const std::string& core_message_features);
+  void SetCoreMessageFeatures(absl::string_view core_message_features);

  // Generates a SignedMessage containing a message generated in response to
  // an error condition. |status| is a previous error status returned by the
@@ -118,7 +118,7 @@ class EnvironmentImpl {
  // Generates a SignedMessage containing a service certifcate for the specified
  // |provider|. Returns false if |provider| does not exist.  Returns the
  // default service certificate if |provider| is empty.
-  bool GenerateServiceCertificateResponse(const std::string& provider,
+  bool GenerateServiceCertificateResponse(absl::string_view provider,
                                          std::string* signed_message_bytes);

  // DeriveKey uses the NIST 800-108 KDF recommendation, using AES-CMAC PRF.
@@ -126,8 +126,8 @@ class EnvironmentImpl {
  // http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
  // AES-CMAC:
  // http://tools.ietf.org/html/rfc4493
-  std::string DeriveKey(const std::string& key, const std::string& label,
-                        const std::string& context, const uint32_t size_bits);
+  std::string DeriveKey(absl::string_view key, absl::string_view label,
+                        absl::string_view context, const uint32_t size_bits);

  // Returns a std::string containing the Widevine License Server SDK version in the
  // form <major_version>.<minor_version>.<release> <build date> <build time> .
@@ -147,7 +147,7 @@ class EnvironmentImpl {
  // version is not empty, then the server version will be included in the
  // license response. The host_version must be <= 32 characters and limited to
  // alphanumeric and '_', '-', ':', ';'and '.'.
-  bool SetHostServerVersion(const std::string& host_version);
+  bool SetHostServerVersion(absl::string_view host_version);

  void SetDefaultDeviceSecurityProfileList(SecurityProfileList* profile_list);

@@ -182,7 +182,7 @@ class EnvironmentImpl {
  // the Key Control Block which is used by partner.  Otherwise, only 'kctl' or
  // 'kc09' is returned in KCB.
  void SetDevicesToHandleOEMCryptoVersionInKCB(
-      const std::string& system_id_list);
+      absl::string_view system_id_list);

  // Return drm root certificate pointer.
  const DrmRootCertificate* drm_root_certificate() const;
@@ -216,7 +216,7 @@ class EnvironmentImpl {
  // message. Return OK if parsing is successful, otherwise an error is
  // returned.
  virtual Status SetProviderKeyConfig(
-      const std::string& provider_key_config_bytes);
+      absl::string_view provider_key_config_bytes);

  // Returns the provider key config.
  virtual const ProviderKeyConfig& GetProviderKeyConfig() const {
--- a/ubuntu/cc_header/security_profile_list.h
+++ b/ubuntu/cc_header/security_profile_list.h
@@ -9,7 +9,9 @@
 #define VIDEO_WIDEVINE_EXPORT_COMMON_SECURITY_PROFILE_LIST_H_

 #include <cstdint>
+#include <string>

+#include "absl/strings/string_view.h"
 #include "absl/synchronization/mutex.h"
 #include "common/hash_algorithm.h"
 #include "common/output_protection_util.h"
@@ -34,7 +36,7 @@ const char kDefaultProfileOwnerName[] = "Widevine";
 // default_device_security_profile_list gets removed.
 class SecurityProfileList {
 public:
-  explicit SecurityProfileList(const std::string& profile_namespace);
+  explicit SecurityProfileList(absl::string_view profile_namespace);
  virtual ~SecurityProfileList() {}

  // Initialize the security profile list with Widevine default profiles. The
@@ -99,7 +101,7 @@ class SecurityProfileList {

  // Deserialized SignedDeviceSecurityProfiles for custom DSPs.
  static Status DeserializeSignedDeviceSecurityProfiles(
-      const std::string& serialized_signed_device_security_profiles,
+      absl::string_view serialized_signed_device_security_profiles,
      std::string* serialized_device_security_profiles,
      HashAlgorithm* hash_algorithm, std::string* signature);

--- a/ubuntu/cc_header/session_usage_report.h
+++ b/ubuntu/cc_header/session_usage_report.h
@@ -0,0 +1,50 @@
+// Copyright 2017 Google LLC. All rights reserved.
+
+#ifndef VIDEO_WIDEVINE_EXPORT_SDK_INTERNAL_SESSION_USAGE_REPORT_H_
+#define VIDEO_WIDEVINE_EXPORT_SDK_INTERNAL_SESSION_USAGE_REPORT_H_
+
+#include <cstdint>
+
+#include <cstdint>
+#include "absl/base/attributes.h"
+
+namespace video_widevine {
+
+const uint32_t kMaxProviderSessionTokenSizeBytes = 128;
+
+enum SessionUsageStatus {
+  SessionUsageStatus_Unused = 0,
+  // License still active on the device, has not been released yet.
+  SessionUsageStatus_Active = 1,
+  // Deprecated in OEMCrypto V13, replaced with Inactive_Used and
+  // Inactive_Unused.  All Inactive status values indicate the license was
+  // relased.
+  SessionUsageStatus_Inactive_Deprecated = 2,
+  // Keys released after use.
+  SessionUsageStatus_Inactive_Used = 3,
+  // Keys released before use.
+  SessionUsageStatus_Inactive_Unused = 4,
+};
+
+// Data sent in the license release request from the client to indicate the
+// license usage.
+struct InternalSessionUsageReport {
+  // HMAC SHA1 of the rest of the report.
+  uint8_t signature[20];
+  // Current status of status report: 0=unused, 1=active, 2=inactive.
+  uint8_t status;
+  // The clock security level are: 0=insecure clock, 1=secure timer,
+  // 2=secure clock.
+  uint8_t clock_security_level;
+  uint8_t pst_length;
+  // Make int64_t's word aligned.
+  uint8_t padding;
+  int64_t seconds_since_license_received;
+  int64_t seconds_since_first_decrypt;
+  int64_t seconds_since_last_decrypt;
+  uint8_t pst[kMaxProviderSessionTokenSizeBytes];
+} ABSL_ATTRIBUTE_PACKED;
+
+}  // namespace video_widevine
+
+#endif  // VIDEO_WIDEVINE_EXPORT_SDK_INTERNAL_SESSION_USAGE_REPORT_H_
--- a/ubuntu/cc_header/wvpl_sdk_session.h
+++ b/ubuntu/cc_header/wvpl_sdk_session.h
@@ -4,6 +4,7 @@
 #define VIDEO_WIDEVINE_EXPORT_SDK_EXTERNAL_CPP_WVPL_COMMON_WVPL_SDK_SESSION_H_

 #include <memory>
+#include <string>

 #include "common/security_profile_list.h"
 #include "sdk/external/cpp/wvpl/common/wvpl_types.h"