widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added an OTA keybox provisioner.

Browse Source 
[ Merge of http://go/wvgerrit/133729 ]
[ Cherry pick of http://ag/15836224 ]

The OtaKeyboxProvisioner is a system-wide provisioner for sharing the
provisioning workflow between CDM engines.

Bug: 189232882
Test: GtsMediaTestCases
Change-Id: I873af3087cc05e1831bdd1d2c14fb002b73e6902

Added keybox provisioning proto fields.

[ Merge of http://go/wvgerrit/133730 and http://go/ag/15113032 ]

This CL copies over the required license_protocol.proto changes that
are required for OTA keybox provisioning.  These fields are defined in
the server-side certificate_provisioning.proto, defined in
http://cl/377533774.

Note, changes are slightly different from server proto due to the RVC
version of license_protocol.proto being out of date with SC and newer
changes.

Bug: 189232882
Test: run_x86_64_tests
Change-Id: I55fcf6a7ac2ba4b6026b9acc63e822ff33c431d9

Added OTA keybox provisioning device files.

[ Merge of http://go/wvgerrit/133743 and http://go/ag/15421141 ]

This change adds a new set of proto messages/fields the CDM's device
files for recording device and engine information around OTA keybox
provisioning (OKP).

To make cleanup and thread protection possible, there is a single file
which will contain all the information for the device as a whole and
each CDM engine tied to an app/origin.

Bug: 189232882
Test: Linux unit tests
Change-Id: Iaf80cd6342f32657e04416750d9b278d935821a5

Client ID for OKP requests.

[ Merge of http://go/wvgerrit/133744 and http://go/ag/15645331 ]

Extended the CDM ClientIdentification class to support a subset of
client info used for OKP requests.

Bug: 189232882
Test: Android unit tests
Change-Id: I6aafb4f2164efe69bc733ece0a912f0e91893b91
This commit is contained in:
Rahul Frias
2021-09-15 02:56:19 -07:00
committed by Alex Dale
parent bac33dbc6e
commit 3acc64a478
13 changed files with 586 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
libwvdrmengine/cdm/core/src/license_protocol.proto
View File

@@ -532,6 +532,14 @@ message ProvisioningRequest {
// Serialized, encrypted session keys. Required.
optional bytes encrypted_session_keys = 2;
}
// This message contains the custom serialized message for OTA provisioning
// using Android Attestation and a device id as authentication.
message AndroidAttestationOtaKeyboxRequest {
// The request contains custom serialized and signed data for the
// Android Attestation OTA request.
optional bytes ota_request = 1;
}
oneof clear_or_encrypted_client_id {
// Device root of trust and other client identification. Required.
ClientIdentification client_id = 1;
@@ -555,6 +563,8 @@ message ProvisioningRequest {
// SessionKeys encrypted using a service cert public key.
// Required for keybox provisioning.
optional EncryptedSessionKeys encrypted_session_keys = 8;
// The custom request for Android Attestation OTA.
optional AndroidAttestationOtaKeyboxRequest android_ota_keybox_request = 9;
}
// Provisioning response sent by the provisioning server to client devices.
@@ -579,6 +589,14 @@ message ProvisioningResponse {
// Devices in this series have been revoked. Provisioning is not possible.
REVOKED_DEVICE_SERIES = 2;
}
// This message contains the custom response for Android Attestation OTA
// provisioning which uses the Android Attestation keybox and a device id
// from the chip set.
message AndroidAttestationOtaKeyboxResponse {
// The response contains custom serialized and signed data for the
// Android Attestation OTA keybox provisioning.
optional bytes ota_response = 1;
}
// AES-128 encrypted device private RSA key. PKCS#1 ASN.1 DER-encoded.
// Required. For X.509 certificates, the private RSA key may also include
@@ -603,6 +621,9 @@ message ProvisioningResponse {
// than |status| may be empty and should be ignored if the |status|
// is present and not NO_ERROR
optional ProvisioningStatus status = 7;
// The Android Attestation OTA response. Only populated if the request
// was an Android Attestation OTA request.
optional AndroidAttestationOtaKeyboxResponse android_ota_keybox_response = 8;
}
// Protocol-specific context data used to hold the state of the server in
@@ -654,6 +675,8 @@ message SignedProvisioningMessage {
PROVISIONING_20 = 2; // Keybox factory-provisioned devices.
PROVISIONING_30 = 3; // OEM certificate factory-provisioned devices.
ARCPP_PROVISIONING = 4; // ChromeOS/Arc++ devices.
// Android-Attestation-based OTA keyboxes.
ANDROID_ATTESTATION_KEYBOX_OTA = 6;
INTEL_SIGMA_101 = 101; // Intel Sigma 1.0.1 protocol.
}