Merges to android Pi release (part: 1)
Below are a set of CLs being merged from the wv cdm repo to the android repo. * Fix handling of OEM Cert public key. Author: Srujan Gaddam <srujzs@google.com> [ Merge of http://go/wvgerrit/27921 ] This is a potential fix for b/36656190. Set aside public key on first call to get the public key, and use it afterwards. This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(), which has side-effect of staging the OEM private key. This also fixes a problem where the public cert string was not being trimmed to match the size returned by OEMCrypto_GetOEMPublicCertificate(). * Complete provisioning request/response for Provisioning 3.0 Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/27780 ] Fix bug on provisioning request path where GenerateDerivedKeys() was being called when preparing to generate the signature. Add message signature verification, and call correct OEMCrypto routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30). * Implement Cdm::deleteAllUsageRecords() Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/27780 ] Delete all usage records for current origin. Removes usage records from file system and retains the PSTs. The deletes any usage entries matching those PSTs held by OEMCrypto. BUG: 35319024 * Remove stringencoders library from third_party. Author: Jacob Trimble <modmaker@google.com> [ Merge of http://go/wvgerrit/27585 ] We have a fork of the stringencoders library that we use for base64 encoding. This reimplements base64 encoding to remove the extra dependency and to reduce the amount of code. * Add Cdm::deleteUsageRecord() based on key_set_id. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/27605 ] Delete specified usage record from file system usage info and from OEMCrypto. BUG: 35319024 * Modifiable OEMCrypto Author: Fred Gylys-Colwell <fredgc@google.com> [ Merge of http://go/wvgerrit/24729 ] This CL adds a new variant of the OEMCrypto mock code that adjusts its behavior based on a configuration file. This is intended for testing. For example, a tester can set current_hdcp to 2 in the options.txt file, push it to the device, and verify that a license is granted for HDCP 2.0. Then the tester can edit the value of current_hdcp to 1 and push the file to the device. Playback should stop because the license is no longer valid. This variant uses a real level 1 liboemcrypto.so to push data to a secure buffer. That means we can test playback for a license that requires secure buffers on an Android device with real secure buffers. BUG: 35141278 BUG: 37353534 BUG: 71650075 Test: Not currently passing. Will be addressed in a subsequent commit in the chain. Change-Id: I58443c510919e992bb455192e70373490a00e2b6
This commit is contained in:
Rahul Frias
@@ -34,9 +34,14 @@
|
||||
// an OEMCryptoResult and returned.
|
||||
// srm_load_version: If this is set, then it will be used as the
|
||||
// new srm version after loading an SRM -- ignoring the contents of the SRM.
|
||||
// If srm_load_version is -1, then the buffer passed into LoadSRM will be
|
||||
// parsed.
|
||||
// srm_blacklisted_device_attached: If set to "1", then a
|
||||
// oemcrypto will act as if a blacklisted device is attached -- i.e.
|
||||
// playback will be restricted to the local display only.
|
||||
// srm_attached_device_id: If nonzero, the id of a blacklisted device.
|
||||
// If this id is in the revocation list of an SRM file when it is loaded,
|
||||
// playback will be restricted to the local display only.
|
||||
// security_patch_level: This is the value returned by
|
||||
// OEMCrypto_Security_Patch_Level. If the key control block requires a
|
||||
// higher level, then OEMCrypto_LoadKeys will fail.
|
||||
@@ -72,6 +77,7 @@
|
||||
#include "oemcrypto_engine_mock.h"
|
||||
#include "oemcrypto_logging.h"
|
||||
#include "properties.h"
|
||||
#include "string_conversions.h"
|
||||
|
||||
namespace wvoec_mock {
|
||||
namespace {
|
||||
@@ -126,9 +132,9 @@ class AndroidModifiableCryptoEngine : public CryptoEngine {
|
||||
}
|
||||
while (!feof(file)) {
|
||||
char name[80 + 1];
|
||||
int value;
|
||||
if (fscanf(file, "%80s %d", name, &value)) {
|
||||
LOGV("Option %s = %d", name, value);
|
||||
int64_t value;
|
||||
if (fscanf(file, "%80s %lld", name, &value)) {
|
||||
LOGD("Option %s = %lld", name, value);
|
||||
options_[std::string(name)] = value;
|
||||
}
|
||||
}
|
||||
@@ -136,17 +142,17 @@ class AndroidModifiableCryptoEngine : public CryptoEngine {
|
||||
InitializeLogging();
|
||||
}
|
||||
|
||||
int GetOption(const std::string &key, int default_value) {
|
||||
int64_t GetOption(const std::string &key, int64_t default_value) {
|
||||
MaybeReadOptionsFile();
|
||||
if (options_.find(key) == options_.end() ) {
|
||||
LOGV("Option %s not set. Using default %d", key.c_str(), default_value);
|
||||
LOGW("Option %s not set. Using default %lld", key.c_str(), default_value);
|
||||
return default_value;
|
||||
}
|
||||
return options_[key];
|
||||
}
|
||||
|
||||
void InitializeLogging() {
|
||||
int log_level = GetOption("log_level", 3);
|
||||
int log_level = GetOption("log_level", wvcdm::LOG_DEBUG);
|
||||
int categories = 0;
|
||||
if (GetOption("kLoggingTraceOEMCryptoCalls", 0) > 0)
|
||||
categories |= kLoggingTraceOEMCryptoCalls;
|
||||
@@ -362,6 +368,19 @@ class AndroidModifiableCryptoEngine : public CryptoEngine {
|
||||
}
|
||||
}
|
||||
|
||||
// Convert uint24 or uint40 into a uint64.
|
||||
int64_t unpack_odd_bytes(const uint8_t *buffer, size_t length) {
|
||||
uint8_t small_buffer[8];
|
||||
memset(small_buffer, 0, 8);
|
||||
if (length > 8) {
|
||||
LOGE("OEMCrypto Mock: programmer error. unpack %d bytes.", length);
|
||||
length = 8;
|
||||
}
|
||||
size_t offset = 8 - length;
|
||||
memcpy(small_buffer + offset, buffer, length);
|
||||
return wvcdm::htonll64(*reinterpret_cast<const int64_t*>(small_buffer));
|
||||
}
|
||||
|
||||
OEMCryptoResult load_srm(const uint8_t *buffer, size_t buffer_length) {
|
||||
if (!srm_update_supported()) {
|
||||
LOGE("OEMCrypto mock update not supported, but load_srm called.");
|
||||
@@ -384,29 +403,65 @@ class AndroidModifiableCryptoEngine : public CryptoEngine {
|
||||
srm_loaded_ = true;
|
||||
return OEMCrypto_SUCCESS;
|
||||
}
|
||||
if (buffer_length < 4) {
|
||||
LOGE("OEMCrypto mock bad buffer size: %d.", buffer_length);
|
||||
if (buffer_length < 395) {
|
||||
LOGE("OEMCrypto mock bad buffer size: %ld < 395.", buffer_length);
|
||||
return OEMCrypto_ERROR_SHORT_BUFFER;
|
||||
}
|
||||
uint8_t srm_id = buffer[0];
|
||||
uint8_t first_nibble = srm_id >> 4;
|
||||
uint8_t second_nibble = srm_id & 0x0F;
|
||||
uint8_t srm_id = buffer[0] >> 4;
|
||||
uint8_t hdcp2_indicator = buffer[0] & 0x0F;
|
||||
uint8_t reserved = buffer[1];
|
||||
uint16_t version = htons(*reinterpret_cast<const uint16_t *>(&buffer[2]));
|
||||
if (reserved)
|
||||
if (reserved) {
|
||||
LOGE("OEMCrypto mock. SRM's second byte nonzero: %02X.", reserved);
|
||||
if (first_nibble == 8 && second_nibble == 0) {
|
||||
LOGI("OEMCrypto mock loading HDCP1 SRM. version = %d.", version);
|
||||
} else if (first_nibble == 9 && second_nibble == 1) {
|
||||
LOGI("OEMCrypto mock loading HDCP2 SRM. version = %d.", version);
|
||||
return OEMCrypto_ERROR_INVALID_CONTEXT;
|
||||
}
|
||||
uint8_t generation = buffer[4];
|
||||
if (generation > 1) {
|
||||
LOGW("OEMCrypto mock. SRM Generation number is %d, but only first gen is parsed.",
|
||||
generation);
|
||||
LOGW("If the revoked device is in a a later generation, it will not be recognized.");
|
||||
}
|
||||
int64_t length = unpack_odd_bytes(buffer + 5, 3); // 24 bits.
|
||||
if (length + 5 != buffer_length) {
|
||||
LOGW("OEMCrypto mock. SRM length is %lld = 0x%llx, but I expected %zd = 0x%zx.",
|
||||
length, length, buffer_length - 5, buffer_length - 5);
|
||||
}
|
||||
int64_t count = 0;
|
||||
const uint8_t *ids;
|
||||
if (srm_id == 8 && hdcp2_indicator == 0) {
|
||||
// https://www.digital-cp.com/sites/default/files/specifications/HDCP%20Specification%20Rev1_4_Secure.pdf
|
||||
count = buffer[8];
|
||||
LOGI("OEMCrypto mock loading HDCP1 SRM. version = %d. count=%lld.",
|
||||
version, count);
|
||||
ids = buffer + 9;
|
||||
if (buffer_length < 9 + count*5) {
|
||||
LOGE("OEMCrypto mock bad buffer size for count = %lld: %d < %lld.",
|
||||
count, buffer_length, 12 + count*5);
|
||||
return OEMCrypto_ERROR_SHORT_BUFFER;
|
||||
}
|
||||
} else if (srm_id == 9 && hdcp2_indicator == 1) {
|
||||
// https://www.digital-cp.com/sites/default/files/specifications/HDCP%20on%20HDMI%20Specification%20Rev2_2_Final1.pdf
|
||||
count = unpack_odd_bytes(buffer + 8, 2) >> 6; // 10 bits = 2 bytes - 6.
|
||||
LOGI("OEMCrypto mock loading HDCP2 SRM. version = %d. count=%lld.",
|
||||
version, count);
|
||||
ids = buffer + 12;
|
||||
if (buffer_length < 12 + count*5) {
|
||||
LOGE("OEMCrypto mock bad buffer size for count: %d < %ld.",
|
||||
buffer_length, 12 + count*5);
|
||||
return OEMCrypto_ERROR_SHORT_BUFFER;
|
||||
}
|
||||
} else {
|
||||
LOGE("OEMCrypto mock bad buffer start: %02X%02X%02X%02X...", buffer[0],
|
||||
buffer[1], buffer[2], buffer[3]);
|
||||
return OEMCrypto_ERROR_INVALID_CONTEXT;
|
||||
}
|
||||
// Note: we ignore the signature. Use system property srm_load_fail to
|
||||
// simulate a bad signature.
|
||||
for(size_t i = 0; i < count; i++) {
|
||||
int64_t id = unpack_odd_bytes(ids + 5*i, 5);
|
||||
srm_revocation_list_.push_back(id);
|
||||
LOGI("OEMCrypto mock SRM revokes device %lld = 0x%llx", id, id);
|
||||
}
|
||||
srm_loaded_ = true;
|
||||
srm_version_ = version;
|
||||
return OEMCrypto_SUCCESS;
|
||||
}
|
||||
|
||||
@@ -421,6 +476,9 @@ class AndroidModifiableCryptoEngine : public CryptoEngine {
|
||||
}
|
||||
|
||||
bool srm_blacklisted_device_attached() {
|
||||
if (GetOption("srm_load_version", -1) < 0) {
|
||||
return scan_revoked_list();
|
||||
}
|
||||
static int blacklisted = 0;
|
||||
int new_value = GetOption("srm_blacklisted_device_attached", 0);
|
||||
if (new_value != blacklisted) {
|
||||
@@ -431,6 +489,31 @@ class AndroidModifiableCryptoEngine : public CryptoEngine {
|
||||
return blacklisted > 0;
|
||||
}
|
||||
|
||||
bool scan_revoked_list() {
|
||||
static int64_t old_attached_id = 0;
|
||||
int64_t attached_id = GetOption("srm_attached_device_id", 0);
|
||||
bool print_all_ids = false;
|
||||
if (attached_id != old_attached_id) {
|
||||
LOGD("OEMCrypto mock -- ID of attached device is %lld = 0x%lld",
|
||||
attached_id, attached_id);
|
||||
old_attached_id = attached_id;
|
||||
print_all_ids = true;
|
||||
}
|
||||
for (size_t i = 0; i < srm_revocation_list_.size(); i++) {
|
||||
if (print_all_ids) {
|
||||
LOGD("OEMCrypto mock: %d) revoked id %lld = 0x%lld.", i,
|
||||
srm_revocation_list_[i], srm_revocation_list_[i]);
|
||||
}
|
||||
if (srm_revocation_list_[i] == attached_id) {
|
||||
LOGD("OEMCrypto mock: attached device %lld = 0x%lld is revoked.",
|
||||
attached_id, attached_id);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
LOGD("OEMCrypto mock: attached device %lld is not revoked.", attached_id);
|
||||
return false;
|
||||
}
|
||||
|
||||
virtual void adjust_destination(OEMCrypto_DestBufferDesc *out_description,
|
||||
size_t data_length, uint8_t subsample_flags) {
|
||||
if (out_description->type != OEMCrypto_BufferType_Secure) return;
|
||||
@@ -488,8 +571,10 @@ class AndroidModifiableCryptoEngine : public CryptoEngine {
|
||||
// Current srm version. Before an SRM has been loaded, this will be set from
|
||||
// the system property.
|
||||
int srm_version_;
|
||||
// List of forbidden/revoked devices.
|
||||
std::vector<int64_t> srm_revocation_list_;
|
||||
|
||||
std::map<std::string, int> options_;
|
||||
std::map<std::string, int64_t> options_;
|
||||
|
||||
std::string options_file_;
|
||||
bool level1_valid_;
|
||||
|
||||
Reference in New Issue
Block a user