Use a placeholder ID for devices missing a system ID

[ Merge of http://go/wvgerrit/139343 ]

The CDM needs to report a system ID to apps on devices where L1
OEMCrypto implementations that are currently waiting for a new
keybox.  A placeholder system ID is now used.  This ID cannot be
used for DRM certificate requests or license requests.

Device ID has a similar issue, but it might not effect all devices.
If getting the device ID fails due to a missing keybox, it will
return an empty device ID.

Bug: 206570220
Bug: 205896558
Bug: 205041153
Test: Android unit tests
Change-Id: I04cdac95fd9a22a181b796c3b58f27cfa3ee684c

libwvdrmengine/cdm/core/include/crypto_session.h

@@ -293,7 +293,7 @@ class CryptoSession {
 
   // OTA Provisioning
 
-  bool needs_keybox_provisioning() const { return needs_keybox_provisioning_; }
+  static bool needs_keybox_provisioning() { return needs_keybox_provisioning_; }
 
   // This tells the OEMCrypto adapter to ignore the next |count| keyboxes and
   // report that it needs provisioning instead.

libwvdrmengine/cdm/core/src/crypto_session.cpp

@@ -90,6 +90,13 @@ static_assert(ArraySize(kMaxSubsampleRegionSizes) ==
 
 constexpr size_t kDefaultMaxSubsampleRegionSize = kMaxSubsampleRegionSizes[0];
 
+// Not a valid system ID.  Used as a placeholder for systems without an ID.
+// Will not be accepted for DRM provisioning requests or license requests.
+constexpr uint32_t kNullSystemId =
+    static_cast<uint32_t>(std::numeric_limits<int>::max());
+
+constexpr size_t kMaxExternalDeviceIdLength = 64;
+
 // This maps a few common OEMCryptoResult to CdmResponseType. Many mappings
 // are not universal but are OEMCrypto method specific. Those will be
 // specified in the CryptoSession method rather than here.
@@ -477,7 +484,6 @@ bool CryptoSession::SetUpUsageTableHeader(
 CdmResponseType CryptoSession::GetTokenFromKeybox(std::string* token) {
   RETURN_IF_UNINITIALIZED(CRYPTO_SESSION_NOT_INITIALIZED);
   RETURN_IF_NULL(token, PARAMETER_NULL);
-
   std::string temp_buffer(KEYBOX_KEY_DATA_SIZE, '\0');
   size_t buf_size = temp_buffer.size();
   uint8_t* buf = reinterpret_cast<uint8_t*>(&temp_buffer[0]);
@@ -613,68 +619,72 @@ CdmResponseType CryptoSession::GetInternalDeviceUniqueId(
   RETURN_IF_NULL(device_id, PARAMETER_NULL);
   RETURN_IF_UNINITIALIZED(CRYPTO_SESSION_NOT_INITIALIZED);
 
-  std::vector<uint8_t> id;
+  size_t device_id_length = 64;
-  size_t id_length = 32;
+  device_id->assign(device_id_length, '\0');
-  id.resize(id_length);
 
-  OEMCryptoResult sts;
+  OEMCryptoResult sts =
-  WithOecReadLock("GetInternalDeviceUniqueId Attempt 1", [&] {
+      WithOecReadLock("GetInternalDeviceUniqueId Attempt 1", [&] {
-    sts = OEMCrypto_GetDeviceID(&id[0], &id_length, requested_security_level_);
+        return OEMCrypto_GetDeviceID(
-  });
+            reinterpret_cast<uint8_t*>(&device_id->front()), &device_id_length,
-  // Increment the count of times this method was called.
+            requested_security_level_);
+      });
   metrics_->oemcrypto_get_device_id_.Increment(sts);
+
   if (sts == OEMCrypto_ERROR_SHORT_BUFFER) {
-    id.resize(id_length);
+    device_id->resize(device_id_length, '\0');
-    WithOecReadLock("GetInternalDeviceUniqueId Attempt 2", [&] {
+    sts = WithOecReadLock("GetInternalDeviceUniqueId Attempt 2", [&] {
-      sts =
+      return OEMCrypto_GetDeviceID(
-          OEMCrypto_GetDeviceID(&id[0], &id_length, requested_security_level_);
+          reinterpret_cast<uint8_t*>(&device_id->front()), &device_id_length,
+          requested_security_level_);
     });
     metrics_->oemcrypto_get_device_id_.Increment(sts);
   }
 
+  // Either the authentication root is a keybox or the device has transitioned
+  // to using OEMCerts.
+  // OEMCryptos, like the Level 3, that transition from Provisioning 2.0 to
+  // 3.0 would have a new device ID, which would affect SPOID calculation.
+  // In order to resolve this, we use OEMCrypto_GetDeviceID if it is
+  // implemented, so the OEMCrypto can continue to report the same device ID.
+  if (sts == OEMCrypto_SUCCESS) {
+    device_id->resize(device_id_length);
+    return NO_ERROR;
+  }
+  device_id->clear();
+
   if (sts == OEMCrypto_ERROR_NOT_IMPLEMENTED &&
       pre_provision_token_type_ == kClientTokenOemCert) {
     return GetTokenFromOemCert(device_id);
-  } else {
-    // Either the authentication root is a keybox or the device has transitioned
-    // to using OEMCerts.
-    // OEMCryptos, like the Level 3, that transition from Provisioning 2.0 to
-    // 3.0 would have a new device ID, which would affect SPOID calculation.
-    // In order to resolve this, we use OEMCrypto_GetDeviceID if it is
-    // implemented, so the OEMCrypto can continue to report the same device ID.
-    if (sts == OEMCrypto_SUCCESS) {
-      device_id->assign(reinterpret_cast<char*>(&id[0]), id_length);
-    }
-
-    return MapOEMCryptoResult(sts, GET_DEVICE_ID_ERROR,
-                              "GetInternalDeviceUniqueId");
   }
+
+  const bool use_null_device_id = WithStaticFieldReadLock(
+      "GetInternalDeviceUniqueId() use_null_device_id", [&] {
+        if (requested_security_level_ != kLevelDefault) return false;
+        return sts == OEMCrypto_ERROR_KEYBOX_INVALID &&
+               needs_keybox_provisioning_;
+      });
+  if (use_null_device_id) {
+    LOGD("Using null device ID");
+    constexpr size_t kKeyboxDeviceIdLength = 32;
+    device_id->assign(kKeyboxDeviceIdLength, '\0');
+    return NO_ERROR;
+  }
+
+  return MapOEMCryptoResult(sts, GET_DEVICE_ID_ERROR,
+                            "GetInternalDeviceUniqueId");
 }
 
 CdmResponseType CryptoSession::GetExternalDeviceUniqueId(
     std::string* device_id) {
   RETURN_IF_NULL(device_id, PARAMETER_NULL);
-
+  RETURN_IF_UNINITIALIZED(CRYPTO_SESSION_NOT_INITIALIZED);
-  std::string temp;
+  const CdmResponseType status = GetInternalDeviceUniqueId(device_id);
-  CdmResponseType status = GetInternalDeviceUniqueId(&temp);
-
   if (status != NO_ERROR) return status;
-
+  if (device_id->size() > kMaxExternalDeviceIdLength) {
-  size_t id_length = 0;
-  OEMCryptoResult sts;
-  WithOecReadLock("GetExternalDeviceUniqueId", [&] {
-    sts = OEMCrypto_GetDeviceID(nullptr, &id_length, requested_security_level_);
-  });
-  metrics_->oemcrypto_get_device_id_.Increment(sts);
-
-  if (sts == OEMCrypto_ERROR_NOT_IMPLEMENTED &&
-      pre_provision_token_type_ == kClientTokenOemCert) {
     // To keep the size of the value passed back to the application down, hash
     // the large OEM Public Cert to a smaller value.
-    temp = Sha256Hash(temp);
+    *device_id = Sha256Hash(*device_id);
   }
-
-  *device_id = temp;
   return NO_ERROR;
 }
 
@@ -736,11 +746,22 @@ CdmResponseType CryptoSession::GetSystemIdInternal(uint32_t* system_id) {
   RETURN_IF_NULL(system_id, PARAMETER_NULL);
 
   if (pre_provision_token_type_ == kClientTokenKeybox) {
+    const bool use_null_system_id = WithStaticFieldReadLock(
+        "GetSystemIdInternal() use_null_system_id", [&] {
+          // Devices with an invalid L1 keybox which support OTA keybox
+          // provisioning require a placeholder system ID while waiting for
+          // keybox.
+          if (requested_security_level_ != kLevelDefault) return false;
+          return needs_keybox_provisioning_;
+        });
+    if (use_null_system_id) {
+      LOGD("Using null system ID");
+      *system_id = kNullSystemId;
+      return NO_ERROR;
+    }
     std::string token;
-    CdmResponseType status = GetTokenFromKeybox(&token);
+    const CdmResponseType status = GetTokenFromKeybox(&token);
-
     if (status != NO_ERROR) return status;
-
     if (token.size() < 2 * sizeof(uint32_t)) {
       LOGE("Keybox token size too small: token_size = %zu", token.size());
       return KEYBOX_TOKEN_TOO_SHORT;
@@ -748,7 +769,7 @@ CdmResponseType CryptoSession::GetSystemIdInternal(uint32_t* system_id) {
 
     // Decode 32-bit int encoded as network-byte-order byte array starting at
     // index 4.
-    uint32_t* id = reinterpret_cast<uint32_t*>(&token[4]);
+    const uint32_t* id = reinterpret_cast<const uint32_t*>(&token[4]);
     *system_id = ntohl(*id);
     return NO_ERROR;
   }

libwvdrmengine/cdm/core/test/crypto_session_unittest.cpp

@@ -25,7 +25,6 @@ using ::testing::Ge;
 using ::testing::Le;
 
 namespace {
-
 const uint8_t kOemCert[] = {
     0x30, 0x82, 0x09, 0xf7, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
     0x01, 0x07, 0x02, 0xa0, 0x82, 0x09, 0xe8, 0x30, 0x82, 0x09, 0xe4, 0x02,
@@ -243,6 +242,8 @@ const uint8_t kOemCert[] = {
 
 const uint32_t kOemCertSystemId = 7346;
 
+constexpr uint32_t kNullSystemId =
+    static_cast<uint32_t>(std::numeric_limits<int>::max());
 }  // namespace
 
 namespace wvcdm {
@@ -274,14 +275,16 @@ TEST(CryptoSessionTest, CanExtractSystemIdFromOemCertificate) {
 class CryptoSessionMetricsTest : public WvCdmTestBase {
  protected:
   uint32_t FindKeyboxSystemID() {
-    OEMCryptoResult sts;
+    if (CryptoSession::needs_keybox_provisioning()) {
+      return kNullSystemId;
+    }
     uint8_t key_data[256];
     size_t key_data_len = sizeof(key_data);
-    sts = OEMCrypto_GetKeyData(key_data, &key_data_len, kLevelDefault);
+    const OEMCryptoResult sts =
-    if (sts != OEMCrypto_SUCCESS) return 0;
+        OEMCrypto_GetKeyData(key_data, &key_data_len, kLevelDefault);
-    uint32_t* data = reinterpret_cast<uint32_t*>(key_data);
+    if (sts != OEMCrypto_SUCCESS) return kNullSystemId;
-    uint32_t system_id = htonl(data[1]);
+    const uint32_t* data = reinterpret_cast<uint32_t*>(key_data);
-    return system_id;
+    return htonl(data[1]);
   }
 };
 
@@ -318,18 +321,24 @@ TEST_F(CryptoSessionMetricsTest, OpenSessionValidMetrics) {
   CdmClientTokenType token_type = session->GetPreProvisionTokenType();
 
   if (token_type == kClientTokenKeybox) {
-    uint32_t system_id = FindKeyboxSystemID();
+    const uint32_t expected_system_id = FindKeyboxSystemID();
-    EXPECT_EQ(system_id, metrics_proto.crypto_session_system_id().int_value());
+    const uint32_t recorded_system_id =
+        metrics_proto.crypto_session_system_id().int_value();
+    EXPECT_EQ(expected_system_id, recorded_system_id);
     EXPECT_EQ(OEMCrypto_Keybox,
               metrics_proto.oemcrypto_provisioning_method().int_value());
-    EXPECT_EQ(1, metrics_proto.oemcrypto_get_key_data_time_us().size());
+    if (recorded_system_id != kNullSystemId) {
+      // Devices with a null system ID don't actually call into the
+      // TEE for the keybox.
+      EXPECT_EQ(1, metrics_proto.oemcrypto_get_key_data_time_us().size());
+    }
   } else if (token_type == kClientTokenOemCert) {
     // Recent devices all have a system id between 1k and 6 or 7k.  Errors
     // we are trying to catch are 0, byte swapped 32 bit numbers, or
     // garbage. These errors will most likely be outside the range of 1000
     // to 2^16.
     EXPECT_LE(1000, metrics_proto.crypto_session_system_id().int_value());
-    EXPECT_GT(0X10000, metrics_proto.crypto_session_system_id().int_value());
+    EXPECT_GT(0x10000, metrics_proto.crypto_session_system_id().int_value());
 
     EXPECT_EQ(OEMCrypto_OEMCertificate,
               metrics_proto.oemcrypto_provisioning_method().int_value());
@@ -368,9 +377,13 @@ TEST_F(CryptoSessionMetricsTest, GetProvisioningTokenValidMetrics) {
     ASSERT_EQ(1, metrics_proto.crypto_session_get_token().size());
     EXPECT_EQ(1, metrics_proto.crypto_session_get_token(0).count());
 
-    uint32_t system_id = FindKeyboxSystemID();
+    const uint32_t expected_system_id = FindKeyboxSystemID();
-    EXPECT_EQ(system_id, metrics_proto.crypto_session_system_id().int_value());
+    const uint32_t recorded_system_id =
-    EXPECT_EQ(1, metrics_proto.oemcrypto_get_key_data_time_us().size());
+        metrics_proto.crypto_session_system_id().int_value();
+    EXPECT_EQ(expected_system_id, recorded_system_id);
+    if (recorded_system_id != kNullSystemId) {
+      EXPECT_EQ(1, metrics_proto.oemcrypto_get_key_data_time_us().size());
+    }
   } else if (token_type == kClientTokenOemCert) {
     // Recent devices all have a system id between 1k and 6 or 7k.  Errors
     // we are trying to catch are 0, byte swapped 32 bit numbers, or