Pick widevine oemcrypto-v18 change

No-Typo-Check: From a third party header file Bug: 260918793 Test: unit tests Test: atp v2/widevine-eng/drm_compliance Change-Id: I36effd6a10a99bdb2399ab1f4a0fad026d607c70
2022-12-16 03:21:08 +00:00
parent 4586522c07
commit 11255b7426
105 changed files with 324641 additions and 299787 deletions
--- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
+++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
@@ -9,6 +9,7 @@
 #include "device_files.h"
 #include "file_store.h"
 #include "license_protocol.pb.h"
+#include "license_protocol_conversions.h"
 #include "log.h"
 #include "properties.h"
 #include "service_certificate.h"
@@ -89,6 +90,7 @@ bool RetrieveOemCertificateAndLoadPrivateKey(CryptoSession& crypto_session,
 // Protobuf generated classes.
 using video_widevine::DrmCertificate;
 using video_widevine::EncryptedClientIdentification;
+using video_widevine::HashAlgorithmProto;
 using video_widevine::ProvisioningOptions;
 using video_widevine::ProvisioningRequest;
 using video_widevine::ProvisioningResponse;
@@ -258,8 +260,11 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequestInternal(
  // Derives signing and encryption keys and constructs signature.
  std::string core_message;
  std::string request_signature;
+  bool should_specify_algorithm;
+  OEMCrypto_SignatureHashAlgorithm oec_algorithm = OEMCrypto_SHA1;
  status = crypto_session_->PrepareAndSignProvisioningRequest(
-      serialized_message, &core_message, &request_signature);
+      serialized_message, &core_message, &request_signature,
+      should_specify_algorithm, oec_algorithm);

  if (status != NO_ERROR) {
    LOGE("Failed to prepare provisioning request: status = %d",
@@ -279,6 +284,14 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequestInternal(
  signed_provisioning_msg.set_oemcrypto_core_message(core_message);
  signed_provisioning_msg.set_protocol_version(
      SignedProvisioningMessage::VERSION_1_1);
+  if (should_specify_algorithm) {
+    HashAlgorithmProto proto_algorithm =
+        HashAlgorithmProto::HASH_ALGORITHM_UNSPECIFIED;
+    if (!OecAlgorithmToProtoAlgorithm(oec_algorithm, proto_algorithm)) {
+      return CdmResponseType(UNSUPPORTED_SIGNATURE_HASH_ALGORITHM_3);
+    }
+    signed_provisioning_msg.set_hash_algorithm(proto_algorithm);
+  }

  std::string serialized_request;
  signed_provisioning_msg.SerializeToString(&serialized_request);
@@ -398,17 +411,56 @@ CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal(
                                   ? PublicKeyToCertify::RSA
                                   : PublicKeyToCertify::ECC);

-  // In provisioning 4, the message is not signed.
+  std::string serialized_message;
+  provisioning_request.SerializeToString(&serialized_message);
+
  SignedProvisioningMessage signed_provisioning_msg;
-  provisioning_request.SerializeToString(
-      signed_provisioning_msg.mutable_message());
+  signed_provisioning_msg.set_message(serialized_message);
  signed_provisioning_msg.set_provisioning_type(GetProvisioningType());
  signed_provisioning_msg.set_protocol_version(
      SignedProvisioningMessage::VERSION_1_1);

+  // Core message and request signature are added to the provisioning request
+  // starting OEMCrypto v18
+  uint32_t api_version = 0;
+  const bool core_message_signature_required =
+      crypto_session_->GetApiVersion(&api_version) &&
+      (api_version >= OEM_CRYPTO_API_VERSION_SUPPORTS_PROV40_CORE_MESSAGE);
+  if (core_message_signature_required) {
+    std::string core_message;
+    std::string request_signature;
+    bool should_specify_algorithm;
+    OEMCrypto_SignatureHashAlgorithm oec_algorithm = OEMCrypto_SHA1;
+    status = crypto_session_->PrepareAndSignProvisioningRequest(
+        serialized_message, &core_message, &request_signature,
+        should_specify_algorithm, oec_algorithm);
+    if (status != NO_ERROR) {
+      LOGE("Failed to prepare provisioning 4.0 request: status = %d",
+           static_cast<int>(status));
+      return status;
+    }
+    if (core_message.empty()) {
+      LOGE("Core message is empty");
+      return CdmResponseType(CERT_PROVISIONING_REQUEST_ERROR_4);
+    }
+    if (request_signature.empty()) {
+      LOGE("Request signature is empty");
+      return CdmResponseType(CERT_PROVISIONING_REQUEST_ERROR_4);
+    }
+    signed_provisioning_msg.set_oemcrypto_core_message(core_message);
+    signed_provisioning_msg.set_signature(request_signature);
+    if (should_specify_algorithm) {
+      HashAlgorithmProto proto_algorithm =
+          HashAlgorithmProto::HASH_ALGORITHM_UNSPECIFIED;
+      if (!OecAlgorithmToProtoAlgorithm(oec_algorithm, proto_algorithm)) {
+        return CdmResponseType(UNSUPPORTED_SIGNATURE_HASH_ALGORITHM_4);
+      }
+      signed_provisioning_msg.set_hash_algorithm(proto_algorithm);
+    }
+  }
+
  std::string serialized_request;
  signed_provisioning_msg.SerializeToString(&serialized_request);
-
  if (!wvcdm::Properties::provisioning_messages_are_binary()) {
    // Return request as web-safe base64 string
    *request = wvutil::Base64SafeEncodeNoPad(serialized_request);