widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Report OEMCrypto's ECC capabilities.

Browse Source 
[ Merge of http://go/wvgerrit/110824 ]

When generating a provisioning request, the CDM includes the different
certificate key types that are supported.

This change will enable the reporting of ECC certificate types if
OEMCrypto supports them.

Test: Linux unit tests and Android integration test
Bug: 140813486
Change-Id: I713ff1c469dff5c8a41461727ce63486d962575e
This commit is contained in:
Alex Dale
2021-01-27 11:37:21 -08:00
parent 667c672c80
commit 547d2f8775
4 changed files with 78 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libwvdrmengine/cdm/core/include/crypto_session.h
View File

@@ -54,6 +54,9 @@ class CryptoSession {
bool rsa_2048_bit;
bool rsa_3072_bit;
bool rsa_cast;
bool ecc_secp256r1;
bool ecc_secp384r1;
bool ecc_secp521r1;
};
// Creates an instance of CryptoSession with the given |crypto_metrics|.

69
libwvdrmengine/cdm/core/src/client_identification.cpp
View File

@@ -56,7 +56,9 @@ bool IsPropertyKeyReserved(const std::string& prop_name) {
} // namespace
// Protobuf generated classes.
using video_widevine::ClientIdentification_ClientCapabilities;
using ClientCapabilities =
video_widevine::ClientIdentification::ClientCapabilities;
using AnalogOutputCapabilities = ClientCapabilities::AnalogOutputCapabilities;
using video_widevine::ClientIdentification_NameValue;
using video_widevine::EncryptedClientIdentification;
using video_widevine::ProvisioningOptions;
@@ -187,7 +189,7 @@ CdmResponseType ClientIdentification::Prepare(
client_id->set_provider_client_token(provider_client_token);
}
ClientIdentification_ClientCapabilities* client_capabilities =
ClientCapabilities* client_capabilities =
client_id->mutable_client_capabilities();
client_capabilities->set_client_token(true);
@@ -214,38 +216,31 @@ CdmResponseType ClientIdentification::Prepare(
switch (max_version) {
case HDCP_NONE:
client_capabilities->set_max_hdcp_version(
video_widevine::
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_NONE);
ClientCapabilities::HDCP_NONE);
break;
case HDCP_V1:
client_capabilities->set_max_hdcp_version(
video_widevine::
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_V1);
ClientCapabilities::HDCP_V1);
break;
case HDCP_V2:
client_capabilities->set_max_hdcp_version(
video_widevine::
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_V2);
ClientCapabilities::HDCP_V2);
break;
case HDCP_V2_1:
client_capabilities->set_max_hdcp_version(
video_widevine::
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_V2_1);
ClientCapabilities::HDCP_V2_1);
break;
case HDCP_V2_2:
client_capabilities->set_max_hdcp_version(
video_widevine::
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_V2_2);
ClientCapabilities::HDCP_V2_2);
break;
case HDCP_V2_3:
client_capabilities->set_max_hdcp_version(
video_widevine::
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_V2_3);
ClientCapabilities::HDCP_V2_3);
break;
case HDCP_NO_DIGITAL_OUTPUT:
client_capabilities->set_max_hdcp_version(
video_widevine::
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_NO_DIGITAL_OUTPUT);
ClientCapabilities::HDCP_NO_DIGITAL_OUTPUT);
break;
default:
LOGW("Unexpected HDCP max capability version: max_version = %d",
@@ -258,13 +253,23 @@ CdmResponseType ClientIdentification::Prepare(
if (crypto_session_->GetSupportedCertificateTypes(&supported_certs)) {
if (supported_certs.rsa_2048_bit) {
client_capabilities->add_supported_certificate_key_type(
video_widevine::
ClientIdentification_ClientCapabilities_CertificateKeyType_RSA_2048);
ClientCapabilities::RSA_2048);
}
if (supported_certs.rsa_3072_bit) {
client_capabilities->add_supported_certificate_key_type(
video_widevine::
ClientIdentification_ClientCapabilities_CertificateKeyType_RSA_3072);
ClientCapabilities::RSA_3072);
}
if (supported_certs.ecc_secp256r1) {
client_capabilities->add_supported_certificate_key_type(
ClientCapabilities::ECC_SECP256R1);
}
if (supported_certs.ecc_secp384r1) {
client_capabilities->add_supported_certificate_key_type(
ClientCapabilities::ECC_SECP384R1);
}
if (supported_certs.ecc_secp521r1) {
client_capabilities->add_supported_certificate_key_type(
ClientCapabilities::ECC_SECP521R1);
}
}
@@ -280,33 +285,27 @@ CdmResponseType ClientIdentification::Prepare(
bool can_support_cgms_a;
if (crypto_session_->GetAnalogOutputCapabilities(
&can_support_output, &can_disable_output, &can_support_cgms_a)) {
video_widevine::ClientIdentification_ClientCapabilities_AnalogOutputCapabilities
capabilities = video_widevine::
ClientIdentification_ClientCapabilities_AnalogOutputCapabilities_ANALOG_OUTPUT_NONE;
AnalogOutputCapabilities capabilities =
ClientCapabilities::ANALOG_OUTPUT_NONE;
if (can_support_output) {
if (can_support_cgms_a) {
capabilities = video_widevine::
ClientIdentification_ClientCapabilities_AnalogOutputCapabilities_ANALOG_OUTPUT_SUPPORTS_CGMS_A;
capabilities = ClientCapabilities::ANALOG_OUTPUT_SUPPORTS_CGMS_A;
} else {
capabilities = video_widevine::
ClientIdentification_ClientCapabilities_AnalogOutputCapabilities_ANALOG_OUTPUT_SUPPORTED;
capabilities = ClientCapabilities::ANALOG_OUTPUT_SUPPORTED;
}
}
client_capabilities->set_analog_output_capabilities(capabilities);
client_capabilities->set_can_disable_analog_output(can_disable_output);
} else {
client_capabilities->set_analog_output_capabilities(
video_widevine::
ClientIdentification_ClientCapabilities_AnalogOutputCapabilities_ANALOG_OUTPUT_UNKNOWN);
ClientCapabilities::ANALOG_OUTPUT_UNKNOWN);
}
uint32_t version, tier;
if (crypto_session_->GetApiVersion(&version)) {
if (version >= OEM_CRYPTO_API_VERSION_SUPPORTS_RESOURCE_RATING_TIER) {
if (crypto_session_->GetResourceRatingTier(&tier)) {
client_capabilities->set_resource_rating_tier(tier);
}
if (api_version >= OEM_CRYPTO_API_VERSION_SUPPORTS_RESOURCE_RATING_TIER) {
uint32_t tier;
if (crypto_session_->GetResourceRatingTier(&tier)) {
client_capabilities->set_resource_rating_tier(tier);
}
}

12
libwvdrmengine/cdm/core/src/crypto_session.cpp
View File

@@ -1888,14 +1888,16 @@ bool CryptoSession::GetSupportedCertificateTypes(
LOGV("Getting supported certificate types: id = %u", oec_session_id_);
RETURN_IF_UNINITIALIZED(false);
RETURN_IF_NULL(support, false);
uint32_t oec_support;
WithOecReadLock("GetSupportedCertificateTypes", [&] {
oec_support = OEMCrypto_SupportedCertificates(requested_security_level_);
});
const uint32_t oec_support =
WithOecReadLock("GetSupportedCertificateTypes", [&] {
return OEMCrypto_SupportedCertificates(requested_security_level_);
});
support->rsa_2048_bit = oec_support & OEMCrypto_Supports_RSA_2048bit;
support->rsa_3072_bit = oec_support & OEMCrypto_Supports_RSA_3072bit;
support->rsa_cast = oec_support & OEMCrypto_Supports_RSA_CAST;
support->ecc_secp256r1 = oec_support & OEMCrypto_Supports_ECC_secp256r1;
support->ecc_secp384r1 = oec_support & OEMCrypto_Supports_ECC_secp384r1;
support->ecc_secp521r1 = oec_support & OEMCrypto_Supports_ECC_secp521r1;
return true;
}

67
libwvdrmengine/cdm/core/test/license_unittest.cpp
View File

@@ -116,7 +116,10 @@ const std::string kLicenseRequestSignature = a2bs_hex(
const std::string kFakeCoreMessage = a2bs_hex("DEADBEEF");
const CryptoSession::SupportedCertificateTypes kDefaultSupportedCertTypes = {
true, true, true};
/* RSA 2048 */ true, /* RSA 3072 */ true,
/* RSA CAST */ false,
/* ECC 256 */ true, /* ECC 384 */ true,
/* ECC 521 */ true};
const std::string kFakeEntitlementKeyId =
a2bs_hex("2a538231c616c67143032a645f9c545d");
@@ -171,6 +174,8 @@ class MockInitializationData : public InitializationData {
} // namespace
// Protobuf generated classes
using ClientCapabilities =
video_widevine::ClientIdentification::ClientCapabilities;
using video_widevine::ClientIdentification;
using video_widevine::License;
using video_widevine::License_KeyContainer;
@@ -304,7 +309,7 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidation) {
bool usage_information_support = true;
CryptoSession::HdcpCapability current_hdcp_version = HDCP_NO_DIGITAL_OUTPUT;
CryptoSession::HdcpCapability max_hdcp_version = HDCP_V2_1;
uint32_t crypto_session_api_version = 9;
const uint32_t crypto_session_api_version = 16;
EXPECT_CALL(*crypto_session_, IsOpen()).WillOnce(Return(true));
EXPECT_CALL(*crypto_session_, request_id())
@@ -315,10 +320,10 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidation) {
EXPECT_CALL(*crypto_session_, GetHdcpCapabilities(NotNull(), NotNull()))
.WillOnce(DoAll(SetArgPointee<0>(current_hdcp_version),
SetArgPointee<1>(max_hdcp_version), Return(NO_ERROR)));
// Supported certificates set by SetUp().
EXPECT_CALL(*crypto_session_, GetSupportedCertificateTypes(NotNull()));
EXPECT_CALL(*crypto_session_, GetApiVersion(NotNull()))
.Times(2)
.WillRepeatedly(
.WillOnce(
DoAll(SetArgPointee<0>(crypto_session_api_version), Return(true)));
EXPECT_CALL(*clock_, GetCurrentTime()).WillOnce(Return(kLicenseStartTime));
EXPECT_CALL(*crypto_session_, GenerateNonce(NotNull()))
@@ -379,24 +384,22 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidation) {
EXPECT_FALSE(client_id.has_provider_client_token());
EXPECT_FALSE(client_id.has_license_counter());
const ::video_widevine::ClientIdentification_ClientCapabilities&
client_capabilities = client_id.client_capabilities();
const ClientCapabilities& client_capabilities =
client_id.client_capabilities();
EXPECT_TRUE(client_capabilities.has_client_token());
EXPECT_TRUE(client_capabilities.has_session_token());
EXPECT_FALSE(client_capabilities.video_resolution_constraints());
EXPECT_EQ(video_widevine::
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_V2_1,
EXPECT_EQ(ClientCapabilities::HDCP_V2_1,
client_capabilities.max_hdcp_version());
EXPECT_EQ(crypto_session_api_version,
client_capabilities.oem_crypto_api_version());
EXPECT_THAT(
client_capabilities.supported_certificate_key_type(),
UnorderedElementsAre(
video_widevine::
ClientIdentification_ClientCapabilities_CertificateKeyType_RSA_2048,
video_widevine::
ClientIdentification_ClientCapabilities_CertificateKeyType_RSA_3072));
EXPECT_THAT(client_capabilities.supported_certificate_key_type(),
UnorderedElementsAre(ClientCapabilities::RSA_2048,
ClientCapabilities::RSA_3072,
ClientCapabilities::ECC_SECP256R1,
ClientCapabilities::ECC_SECP384R1,
ClientCapabilities::ECC_SECP521R1));
EXPECT_FALSE(client_capabilities.has_resource_rating_tier());
// Verify Content Identification
@@ -425,11 +428,12 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidation) {
}
TEST_F(CdmLicenseTest, PrepareKeyRequestValidationV15) {
bool usage_information_support = true;
CryptoSession::HdcpCapability current_hdcp_version = HDCP_NO_DIGITAL_OUTPUT;
CryptoSession::HdcpCapability max_hdcp_version = HDCP_V2_1;
uint32_t crypto_session_api_version = 15;
uint32_t resource_rating_tier = RESOURCE_RATING_TIER_LOW;
const bool usage_information_support = true;
const CryptoSession::HdcpCapability current_hdcp_version =
HDCP_NO_DIGITAL_OUTPUT;
const CryptoSession::HdcpCapability max_hdcp_version = HDCP_V2_1;
const uint32_t crypto_session_api_version = 15;
const uint32_t resource_rating_tier = RESOURCE_RATING_TIER_LOW;
EXPECT_CALL(*crypto_session_, IsOpen()).WillOnce(Return(true));
EXPECT_CALL(*crypto_session_, request_id())
@@ -442,8 +446,7 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidationV15) {
SetArgPointee<1>(max_hdcp_version), Return(NO_ERROR)));
EXPECT_CALL(*crypto_session_, GetSupportedCertificateTypes(NotNull()));
EXPECT_CALL(*crypto_session_, GetApiVersion(NotNull()))
.Times(2)
.WillRepeatedly(
.WillOnce(
DoAll(SetArgPointee<0>(crypto_session_api_version), Return(true)));
EXPECT_CALL(*crypto_session_, GetResourceRatingTier(NotNull()))
.WillOnce(DoAll(SetArgPointee<0>(resource_rating_tier), Return(true)));
@@ -506,24 +509,22 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidationV15) {
EXPECT_FALSE(client_id.has_provider_client_token());
EXPECT_FALSE(client_id.has_license_counter());
const ::video_widevine::ClientIdentification_ClientCapabilities&
client_capabilities = client_id.client_capabilities();
const ClientCapabilities& client_capabilities =
client_id.client_capabilities();
EXPECT_TRUE(client_capabilities.has_client_token());
EXPECT_TRUE(client_capabilities.has_session_token());
EXPECT_FALSE(client_capabilities.video_resolution_constraints());
EXPECT_EQ(video_widevine::
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_V2_1,
EXPECT_EQ(ClientCapabilities::HDCP_V2_1,
client_capabilities.max_hdcp_version());
EXPECT_EQ(crypto_session_api_version,
client_capabilities.oem_crypto_api_version());
EXPECT_THAT(
client_capabilities.supported_certificate_key_type(),
UnorderedElementsAre(
video_widevine::
ClientIdentification_ClientCapabilities_CertificateKeyType_RSA_2048,
video_widevine::
ClientIdentification_ClientCapabilities_CertificateKeyType_RSA_3072));
EXPECT_THAT(client_capabilities.supported_certificate_key_type(),
UnorderedElementsAre(ClientCapabilities::RSA_2048,
ClientCapabilities::RSA_3072,
ClientCapabilities::ECC_SECP256R1,
ClientCapabilities::ECC_SECP384R1,
ClientCapabilities::ECC_SECP521R1));
EXPECT_EQ(resource_rating_tier, client_capabilities.resource_rating_tier());
// Verify Content Identification