widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create new token types for DRM reprovisioning

Browse Source 
Creates new token types for the DRM reprovisioning scheme that will be
used by L3 CDMs with baked-in certificates to allow for use of unique
serial numbers.

- Create new `CdmClientTokenType` for DRM reprovisioning in the CDM
  core.
- Create a new `ProvisioningType` for DRM reprovisioning in the
  provisioning message proto.
- Create new enum value for `DEVICE_EMBEDDED` in DrmCertificate type.
- Update uses of the above to include the new token types.

Bug: b/305093063
Merged from https://widevine-internal-review.googlesource.com/186934

Change-Id: I7e6cc8744b80cbbb624d31e5be1eab1be8a9680f
This commit is contained in:
Geoffrey Alexander
2023-10-23 18:56:19 +00:00
committed by Robert Shih
parent 2fabef5bc9
commit 442ee78db1
7 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
libwvdrmengine/cdm/core/include/wv_cdm_types.h
View File

@@ -606,6 +606,7 @@ enum CdmClientTokenType : int32_t {
kClientTokenOemCert, kClientTokenOemCert,
kClientTokenUninitialized, kClientTokenUninitialized,
kClientTokenBootCertChain, kClientTokenBootCertChain,
kClientTokenDrmReprovisioning,
}; };
// kNonSecureUsageSupport - TEE does not provide any support for usage // kNonSecureUsageSupport - TEE does not provide any support for usage

1
libwvdrmengine/cdm/core/src/cdm_engine.cpp
View File

@@ -754,6 +754,7 @@ CdmResponseType CdmEngine::QueryStatus(RequestedSecurityLevel security_level,
} }
switch (token_type) { switch (token_type) {
case kClientTokenDrmCert: case kClientTokenDrmCert:
case kClientTokenDrmReprovisioning:
*query_response = QUERY_VALUE_DRM_CERTIFICATE; *query_response = QUERY_VALUE_DRM_CERTIFICATE;
break; break;
case kClientTokenKeybox: case kClientTokenKeybox:

2
libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
View File

@@ -169,6 +169,8 @@ CertificateProvisioning::GetProvisioningType() {
return SignedProvisioningMessage::PROVISIONING_40; return SignedProvisioningMessage::PROVISIONING_40;
case kClientTokenOemCert: case kClientTokenOemCert:
return SignedProvisioningMessage::PROVISIONING_30; return SignedProvisioningMessage::PROVISIONING_30;
case kClientTokenDrmReprovisioning:
return SignedProvisioningMessage::DRM_REPROVISIONING;
default: default:
return SignedProvisioningMessage::PROVISIONING_20; return SignedProvisioningMessage::PROVISIONING_20;
} }

2
libwvdrmengine/cdm/core/src/client_identification.cpp
View File

@@ -384,6 +384,8 @@ bool ClientIdentification::GetProvisioningTokenType(
video_widevine::ClientIdentification::BOOT_CERTIFICATE_CHAIN; video_widevine::ClientIdentification::BOOT_CERTIFICATE_CHAIN;
return true; return true;
case kClientTokenDrmCert: case kClientTokenDrmCert:
// TODO: b/305093063 - Add token for DRM reprovisioning requests.
case kClientTokenDrmReprovisioning:
default: default:
// shouldn't happen // shouldn't happen
LOGE("Unexpected provisioning type: %d", static_cast<int>(token)); LOGE("Unexpected provisioning type: %d", static_cast<int>(token));

5
libwvdrmengine/cdm/core/src/license_protocol.proto
View File

@@ -1026,6 +1026,8 @@ message SignedProvisioningMessage {
ARCPP_PROVISIONING = 4; // ChromeOS/Arc++ devices. ARCPP_PROVISIONING = 4; // ChromeOS/Arc++ devices.
// Android-Attestation-based OTA keyboxes. // Android-Attestation-based OTA keyboxes.
ANDROID_ATTESTATION_KEYBOX_OTA = 6; ANDROID_ATTESTATION_KEYBOX_OTA = 6;
// Certificate reprovisioning for internal L3 CDMs only.
DRM_REPROVISIONING = 7;
INTEL_SIGMA_101 = 101; // Intel Sigma 1.0.1 protocol. INTEL_SIGMA_101 = 101; // Intel Sigma 1.0.1 protocol.
INTEL_SIGMA_210 = 210; // Intel Sigma 2.1.0 protocol. INTEL_SIGMA_210 = 210; // Intel Sigma 2.1.0 protocol.
} }
@@ -1270,6 +1272,9 @@ message DrmCertificate {
DEVICE = 2; DEVICE = 2;
SERVICE = 3; SERVICE = 3;
PROVISIONER = 4; PROVISIONER = 4;
// Only used by baked-in certificates with internal L3 CDMs that support
// Drm Reprovisioning.
DEVICE_EMBEDDED = 5;
} }
enum ServiceType { enum ServiceType {
UNKNOWN_SERVICE_TYPE = 0; UNKNOWN_SERVICE_TYPE = 0;

2
libwvdrmengine/cdm/core/src/system_id_extractor.cpp
View File

@@ -59,6 +59,8 @@ bool SystemIdExtractor::ExtractSystemId(uint32_t* system_id) {
bool success = false; bool success = false;
switch (type) { switch (type) {
case kClientTokenDrmCert: case kClientTokenDrmCert:
// TODO: b/305093063 - Extract system id when handling DRM reprovisioning.
case kClientTokenDrmReprovisioning:
LOGW( LOGW(
"Cannot get a system ID from a DRM certificate, " "Cannot get a system ID from a DRM certificate, "
"using null system ID: security_level = %s", "using null system ID: security_level = %s",

2
libwvdrmengine/cdm/core/src/wv_cdm_types.cpp
View File

@@ -74,6 +74,8 @@ const char* CdmClientTokenTypeToString(CdmClientTokenType type) {
return "BootCertChain"; return "BootCertChain";
case kClientTokenUninitialized: case kClientTokenUninitialized:
return "Uninitialized"; return "Uninitialized";
case kClientTokenDrmReprovisioning:
return "DrmReprovisioning";
} }
return UnknownValueRep(type); return UnknownValueRep(type);
} }