widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add X509 BCC type to protobuf and update oemcrypto adapter

Browse Source 
BCC supports two types of format: CBOR and X509. The latter will be
used by Chrome OS. In case of Prov4, BCC type will be queried by
OEMCrypto_GetBCCType() and the returned value is populated in the
provisioning request.

This CL adds X509 type to protobuf, a call from CDM to query BCC type
and OEMCrypto adapter changes for this call.

Test: run_fake_l1_tests, opk_ta_p40
Bug: 307969500
Change-Id: I88acc36da6cb413d537a9ea9dfd2a150d4557595
This commit is contained in:
Cong Lin
2024-01-25 09:39:25 -08:00
committed by Robert Shih
parent baedda469b
commit 4638259a0c
6 changed files with 72 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
libwvdrmengine/cdm/core/include/crypto_session.h
View File

@@ -91,6 +91,13 @@ class CryptoSession {
virtual CdmResponseType GetProvisioningToken(std::string* token,
std::string* additional_token);
virtual CdmResponseType GetProvisioning40TokenType(
RequestedSecurityLevel requested_security_level,
OEMCrypto_BCCType* bcc_type);
// Must be called after session is open.
virtual CdmResponseType GetProvisioning40TokenType(
OEMCrypto_BCCType* bcc_type);
virtual CdmClientTokenType GetPreProvisionTokenType() {
return pre_provision_token_type_;
}
@@ -477,12 +484,12 @@ class CryptoSession {
// otherwise, such as making two calls into OEMCrypto immediately after each
// other.
template <class Func>
static auto WithStaticFieldWriteLock(const char* tag, Func body)
-> decltype(body());
static auto WithStaticFieldWriteLock(const char* tag,
Func body) -> decltype(body());
template <class Func>
static auto WithStaticFieldReadLock(const char* tag, Func body)
-> decltype(body());
static auto WithStaticFieldReadLock(const char* tag,
Func body) -> decltype(body());
template <class Func>
static auto WithOecWriteLock(const char* tag, Func body) -> decltype(body());

3
libwvdrmengine/cdm/core/include/oemcrypto_adapter.h
View File

@@ -94,7 +94,8 @@ OEMCryptoResult OEMCrypto_Generic_Verify(
size_t key_handle_length, const OEMCrypto_SharedMemory* buffer,
size_t buffer_length, OEMCrypto_Algorithm algorithm,
const OEMCrypto_SharedMemory* signature, size_t signature_length);
OEMCryptoResult OEMCrypto_GetBCCType(RequestedSecurityLevel level,
OEMCrypto_BCCType* bcc_type);
} // namespace wvcdm
#endif // WVCDM_CORE_OEMCRYPTO_ADAPTER_H_

26
libwvdrmengine/cdm/core/src/client_identification.cpp
View File

@@ -379,10 +379,30 @@ bool ClientIdentification::GetProvisioningTokenType(
*token_type =
video_widevine::ClientIdentification::OEM_DEVICE_CERTIFICATE;
return true;
case kClientTokenBootCertChain:
*token_type =
video_widevine::ClientIdentification::BOOT_CERTIFICATE_CHAIN;
case kClientTokenBootCertChain: {
OEMCrypto_BCCType bcc_type;
const CdmResponseType result =
crypto_session_->GetProvisioning40TokenType(&bcc_type);
if (result == NOT_IMPLEMENTED_ERROR) {
// Default to CBOR BCC for OEMCrypto that doesn't support GetBCCType().
*token_type =
video_widevine::ClientIdentification::BOOT_CERTIFICATE_CHAIN;
return true;
}
if (result != NO_ERROR) return false;
if (bcc_type == OEMCrypto_CBOR) {
*token_type =
video_widevine::ClientIdentification::BOOT_CERTIFICATE_CHAIN;
} else if (bcc_type == OEMCrypto_X509) {
*token_type =
video_widevine::ClientIdentification::BOOT_CERTIFICATE_CHAIN_X509;
} else {
// shouldn't happen
LOGE("Unexpected BCC type: %d", static_cast<int>(bcc_type));
return false;
}
return true;
}
case kClientTokenDrmCert:
// TODO: b/305093063 - Add token for DRM reprovisioning requests.
case kClientTokenDrmReprovisioning:

38
libwvdrmengine/cdm/core/src/crypto_session.cpp
View File

@@ -667,6 +667,24 @@ CdmResponseType CryptoSession::GetProvisioningToken(
return status;
}
CdmResponseType CryptoSession::GetProvisioning40TokenType(
OEMCrypto_BCCType* bcc_type) {
RETURN_IF_NOT_OPEN(CRYPTO_SESSION_NOT_OPEN);
return GetProvisioning40TokenType(requested_security_level_, bcc_type);
}
CdmResponseType CryptoSession::GetProvisioning40TokenType(
RequestedSecurityLevel requested_security_level,
OEMCrypto_BCCType* bcc_type) {
RETURN_IF_NULL(bcc_type, PARAMETER_NULL);
RETURN_IF_UNINITIALIZED(CRYPTO_SESSION_NOT_INITIALIZED);
OEMCryptoResult sts = WithOecReadLock("GetBCCType", [&] {
return OEMCrypto_GetBCCType(requested_security_level, bcc_type);
});
return MapOEMCryptoResult(sts, UNKNOWN_CLIENT_TOKEN_TYPE,
"GetProvisioning40TokenType");
}
CdmSecurityLevel CryptoSession::GetSecurityLevel() {
LOGV("Getting security level");
RETURN_IF_NOT_OPEN(kSecurityLevelUninitialized);
@@ -3450,40 +3468,40 @@ CdmResponseType CryptoSession::LoadOtaProvisioning(
}
template <class Func>
auto CryptoSession::WithStaticFieldWriteLock(const char* tag, Func body)
-> decltype(body()) {
auto CryptoSession::WithStaticFieldWriteLock(const char* tag,
Func body) -> decltype(body()) {
LOGV("Static field write lock: %s", tag);
std::unique_lock<wvutil::shared_mutex> auto_lock(static_field_mutex_);
return body();
}
template <class Func>
auto CryptoSession::WithStaticFieldReadLock(const char* tag, Func body)
-> decltype(body()) {
auto CryptoSession::WithStaticFieldReadLock(const char* tag,
Func body) -> decltype(body()) {
LOGV("Static field read lock: %s", tag);
wvutil::shared_lock<wvutil::shared_mutex> auto_lock(static_field_mutex_);
return body();
}
template <class Func>
auto CryptoSession::WithOecWriteLock(const char* tag, Func body)
-> decltype(body()) {
auto CryptoSession::WithOecWriteLock(const char* tag,
Func body) -> decltype(body()) {
LOGV("OEMCrypto write lock: %s", tag);
std::unique_lock<wvutil::shared_mutex> auto_lock(oem_crypto_mutex_);
return body();
}
template <class Func>
auto CryptoSession::WithOecReadLock(const char* tag, Func body)
-> decltype(body()) {
auto CryptoSession::WithOecReadLock(const char* tag,
Func body) -> decltype(body()) {
LOGV("OEMCrypto read lock: %s", tag);
wvutil::shared_lock<wvutil::shared_mutex> auto_lock(oem_crypto_mutex_);
return body();
}
template <class Func>
auto CryptoSession::WithOecSessionLock(const char* tag, Func body)
-> decltype(body()) {
auto CryptoSession::WithOecSessionLock(const char* tag,
Func body) -> decltype(body()) {
LOGV("OEMCrypto session lock: %s", tag);
wvutil::shared_lock<wvutil::shared_mutex> oec_auto_lock(oem_crypto_mutex_);
std::unique_lock<std::mutex> session_auto_lock(oem_crypto_session_mutex_);

3
libwvdrmengine/cdm/core/src/license_protocol.proto
View File

@@ -1096,7 +1096,10 @@ message ClientIdentification {
DRM_DEVICE_CERTIFICATE = 1;
REMOTE_ATTESTATION_CERTIFICATE = 2;
OEM_DEVICE_CERTIFICATE = 3;
// Boot certificate chain in CBOR format.
BOOT_CERTIFICATE_CHAIN = 4;
// Boot certificate chain in X509 format.
BOOT_CERTIFICATE_CHAIN_X509 = 5;
}
message NameValue {

7
libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
View File

@@ -1567,10 +1567,13 @@ OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod(
return fcn->GetProvisioningMethod();
}
OEMCryptoResult OEMCrypto_GetBCCType(OEMCrypto_BCCType* bcc_type) {
OEMCryptoResult OEMCrypto_GetBCCType(wvcdm::RequestedSecurityLevel level,
OEMCrypto_BCCType* bcc_type) {
if (!gAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
const FunctionPointers* fcn = gAdapter->GetFunctionPointers(kLevelDefault);
const FunctionPointers* fcn = gAdapter->GetFunctionPointers(level);
if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION;
if (fcn->security_level != wvcdm::kSecurityLevelL1)
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
if (fcn->GetBCCType == nullptr) return OEMCrypto_ERROR_NOT_IMPLEMENTED;
return fcn->GetBCCType(bcc_type);
}