Use InstallRootKeyCertificate for keybox and cert
Merge from Widevine repo of http://go/wvgerrit/55461 This CL allows provisioning 3.0 devices to install their OEM certs from an initialization partition. This method is already used for keyboxes on Android -- we are just adding the ability to use it for OEM certs, also. Also, for v15, we require OEMCrypto to report a valid certificate in the unit tests. bug: 111725154 test: unit tests Change-Id: I142c84a1a67bdb4cee943cfd12a632421901eb24
This commit is contained in:
Fred Gylys-Colwell
@@ -20,7 +20,7 @@ OEMCryptoResult OEMCrypto_CopyBuffer(
|
|||||||
OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
|
OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
|
||||||
size_t keyBoxLength,
|
size_t keyBoxLength,
|
||||||
SecurityLevel level);
|
SecurityLevel level);
|
||||||
OEMCryptoResult OEMCrypto_IsKeyboxValid(SecurityLevel level);
|
OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(SecurityLevel level);
|
||||||
OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID, size_t* idLength,
|
OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID, size_t* idLength,
|
||||||
SecurityLevel level);
|
SecurityLevel level);
|
||||||
OEMCryptoResult OEMCrypto_GetKeyData(uint8_t* keyData, size_t* keyDataLength,
|
OEMCryptoResult OEMCrypto_GetKeyData(uint8_t* keyData, size_t* keyDataLength,
|
||||||
|
|||||||
@@ -131,12 +131,12 @@ typedef OEMCryptoResult (*L1_WrapKeybox_t)(const uint8_t* keybox,
|
|||||||
size_t* wrappedKeyBoxLength,
|
size_t* wrappedKeyBoxLength,
|
||||||
const uint8_t* transportKey,
|
const uint8_t* transportKey,
|
||||||
size_t transportKeyLength);
|
size_t transportKeyLength);
|
||||||
typedef OEMCryptoResult (*L1_InstallKeybox_t)(const uint8_t* keybox,
|
typedef OEMCryptoResult (*L1_InstallKeyboxOrOEMCert_t)(const uint8_t* keybox,
|
||||||
size_t keyBoxLength);
|
size_t keyBoxLength);
|
||||||
typedef OEMCryptoResult (*L1_LoadTestKeybox_t)(const uint8_t *buffer,
|
typedef OEMCryptoResult (*L1_LoadTestKeybox_t)(const uint8_t *buffer,
|
||||||
size_t length);
|
size_t length);
|
||||||
typedef OEMCryptoResult (*L1_LoadTestKeybox_V13_t)();
|
typedef OEMCryptoResult (*L1_LoadTestKeybox_V13_t)();
|
||||||
typedef OEMCryptoResult (*L1_IsKeyboxValid_t)();
|
typedef OEMCryptoResult (*L1_IsKeyboxOrOEMCertValid_t)();
|
||||||
typedef OEMCryptoResult (*L1_GetDeviceID_t)(uint8_t* deviceID,
|
typedef OEMCryptoResult (*L1_GetDeviceID_t)(uint8_t* deviceID,
|
||||||
size_t* idLength);
|
size_t* idLength);
|
||||||
typedef OEMCryptoResult (*L1_GetKeyData_t)(uint8_t* keyData,
|
typedef OEMCryptoResult (*L1_GetKeyData_t)(uint8_t* keyData,
|
||||||
@@ -282,9 +282,9 @@ struct FunctionPointers {
|
|||||||
L1_DecryptCENC_t DecryptCENC;
|
L1_DecryptCENC_t DecryptCENC;
|
||||||
L1_CopyBuffer_t CopyBuffer;
|
L1_CopyBuffer_t CopyBuffer;
|
||||||
L1_WrapKeybox_t WrapKeybox;
|
L1_WrapKeybox_t WrapKeybox;
|
||||||
L1_InstallKeybox_t InstallKeybox;
|
L1_InstallKeyboxOrOEMCert_t InstallKeyboxOrOEMCert;
|
||||||
L1_LoadTestKeybox_t LoadTestKeybox;
|
L1_LoadTestKeybox_t LoadTestKeybox;
|
||||||
L1_IsKeyboxValid_t IsKeyboxValid;
|
L1_IsKeyboxOrOEMCertValid_t IsKeyboxOrOEMCertValid;
|
||||||
L1_GetDeviceID_t GetDeviceID;
|
L1_GetDeviceID_t GetDeviceID;
|
||||||
L1_GetKeyData_t GetKeyData;
|
L1_GetKeyData_t GetKeyData;
|
||||||
L1_GetRandom_t GetRandom;
|
L1_GetRandom_t GetRandom;
|
||||||
@@ -637,107 +637,94 @@ class Adapter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// clang-format off
|
// clang-format off
|
||||||
LOOKUP_ALL( 8, CloseSession, OEMCrypto_CloseSession);
|
LOOKUP_ALL( 8, CloseSession, OEMCrypto_CloseSession);
|
||||||
LOOKUP_ALL(10, CopyBuffer, OEMCrypto_CopyBuffer);
|
LOOKUP_ALL(10, CopyBuffer, OEMCrypto_CopyBuffer);
|
||||||
LOOKUP_ALL(13, CopyOldUsageEntry, OEMCrypto_CopyOldUsageEntry);
|
LOOKUP_ALL(13, CopyOldUsageEntry, OEMCrypto_CopyOldUsageEntry);
|
||||||
LOOKUP_ALL(13, CreateNewUsageEntry, OEMCrypto_CreateNewUsageEntry);
|
LOOKUP_ALL(13, CreateNewUsageEntry, OEMCrypto_CreateNewUsageEntry);
|
||||||
LOOKUP_ALL(13, CreateOldUsageEntry, OEMCrypto_CreateOldUsageEntry);
|
LOOKUP_ALL(13, CreateOldUsageEntry, OEMCrypto_CreateOldUsageEntry);
|
||||||
LOOKUP_ALL(13, CreateUsageTableHeader, OEMCrypto_CreateUsageTableHeader);
|
LOOKUP_ALL(13, CreateUsageTableHeader, OEMCrypto_CreateUsageTableHeader);
|
||||||
LOOKUP( 9, 12, DeactivateUsageEntry_V12, OEMCrypto_DeactivateUsageEntry_V12);
|
LOOKUP( 9, 12, DeactivateUsageEntry_V12, OEMCrypto_DeactivateUsageEntry_V12);
|
||||||
LOOKUP_ALL(13, DeactivateUsageEntry, OEMCrypto_DeactivateUsageEntry);
|
LOOKUP_ALL(13, DeactivateUsageEntry, OEMCrypto_DeactivateUsageEntry);
|
||||||
LOOKUP( 8, 10, DecryptCTR_V10, OEMCrypto_DecryptCTR_V10);
|
LOOKUP( 8, 10, DecryptCTR_V10, OEMCrypto_DecryptCTR_V10);
|
||||||
LOOKUP_ALL(11, DecryptCENC, OEMCrypto_DecryptCENC);
|
LOOKUP_ALL(11, DecryptCENC, OEMCrypto_DecryptCENC);
|
||||||
LOOKUP_ALL( 9, DeleteOldUsageTable, OEMCrypto_DeleteOldUsageTable);
|
LOOKUP_ALL( 9, DeleteOldUsageTable, OEMCrypto_DeleteOldUsageTable);
|
||||||
LOOKUP( 9, 12, DeleteUsageEntry, OEMCrypto_DeleteUsageEntry);
|
LOOKUP( 9, 12, DeleteUsageEntry, OEMCrypto_DeleteUsageEntry);
|
||||||
LOOKUP_ALL( 8, DeriveKeysFromSessionKey, OEMCrypto_DeriveKeysFromSessionKey);
|
LOOKUP_ALL( 8, DeriveKeysFromSessionKey, OEMCrypto_DeriveKeysFromSessionKey);
|
||||||
LOOKUP(10, 12, ForceDeleteUsageEntry, OEMCrypto_ForceDeleteUsageEntry);
|
LOOKUP(10, 12, ForceDeleteUsageEntry, OEMCrypto_ForceDeleteUsageEntry);
|
||||||
LOOKUP_ALL( 8, GenerateDerivedKeys, OEMCrypto_GenerateDerivedKeys);
|
LOOKUP_ALL( 8, GenerateDerivedKeys, OEMCrypto_GenerateDerivedKeys);
|
||||||
LOOKUP_ALL( 8, GenerateNonce, OEMCrypto_GenerateNonce);
|
LOOKUP_ALL( 8, GenerateNonce, OEMCrypto_GenerateNonce);
|
||||||
LOOKUP( 8, 8, GenerateRSASignature_V8, OEMCrypto_GenerateRSASignature_V8);
|
LOOKUP( 8, 8, GenerateRSASignature_V8, OEMCrypto_GenerateRSASignature_V8);
|
||||||
LOOKUP_ALL( 9, GenerateRSASignature, OEMCrypto_GenerateRSASignature);
|
LOOKUP_ALL( 9, GenerateRSASignature, OEMCrypto_GenerateRSASignature);
|
||||||
LOOKUP_ALL( 8, GenerateSignature, OEMCrypto_GenerateSignature);
|
LOOKUP_ALL( 8, GenerateSignature, OEMCrypto_GenerateSignature);
|
||||||
LOOKUP_ALL( 8, Generic_Decrypt, OEMCrypto_Generic_Decrypt);
|
LOOKUP_ALL( 8, Generic_Decrypt, OEMCrypto_Generic_Decrypt);
|
||||||
LOOKUP_ALL( 8, Generic_Encrypt, OEMCrypto_Generic_Encrypt);
|
LOOKUP_ALL( 8, Generic_Encrypt, OEMCrypto_Generic_Encrypt);
|
||||||
LOOKUP_ALL( 8, Generic_Sign, OEMCrypto_Generic_Sign);
|
LOOKUP_ALL( 8, Generic_Sign, OEMCrypto_Generic_Sign);
|
||||||
LOOKUP_ALL( 8, Generic_Verify, OEMCrypto_Generic_Verify);
|
LOOKUP_ALL( 8, Generic_Verify, OEMCrypto_Generic_Verify);
|
||||||
LOOKUP_ALL(13, GetCurrentSRMVersion, OEMCrypto_GetCurrentSRMVersion);
|
LOOKUP_ALL(13, GetCurrentSRMVersion, OEMCrypto_GetCurrentSRMVersion);
|
||||||
LOOKUP_ALL( 8, GetDeviceID, OEMCrypto_GetDeviceID);
|
LOOKUP_ALL( 8, GetDeviceID, OEMCrypto_GetDeviceID);
|
||||||
LOOKUP( 9, 9, GetHDCPCapability_V9, OEMCrypto_GetHDCPCapability_V9);
|
LOOKUP( 9, 9, GetHDCPCapability_V9, OEMCrypto_GetHDCPCapability_V9);
|
||||||
LOOKUP_ALL(10, GetHDCPCapability, OEMCrypto_GetHDCPCapability);
|
LOOKUP_ALL(10, GetHDCPCapability, OEMCrypto_GetHDCPCapability);
|
||||||
LOOKUP_ALL(14, GetAnalogOutputFlags, OEMCrypto_GetAnalogOutputFlags);
|
LOOKUP_ALL(14, GetAnalogOutputFlags, OEMCrypto_GetAnalogOutputFlags);
|
||||||
LOOKUP_ALL( 8, GetKeyData, OEMCrypto_GetKeyData);
|
LOOKUP_ALL( 8, GetKeyData, OEMCrypto_GetKeyData);
|
||||||
LOOKUP_ALL(10, GetMaxNumberOfSessions, OEMCrypto_GetMaxNumberOfSessions);
|
LOOKUP_ALL(10, GetMaxNumberOfSessions, OEMCrypto_GetMaxNumberOfSessions);
|
||||||
LOOKUP_ALL(10, GetNumberOfOpenSessions, OEMCrypto_GetNumberOfOpenSessions);
|
LOOKUP_ALL(10, GetNumberOfOpenSessions, OEMCrypto_GetNumberOfOpenSessions);
|
||||||
LOOKUP_ALL(12, GetOEMPublicCertificate, OEMCrypto_GetOEMPublicCertificate);
|
LOOKUP_ALL(12, GetOEMPublicCertificate, OEMCrypto_GetOEMPublicCertificate);
|
||||||
LOOKUP_ALL(12, GetProvisioningMethod, OEMCrypto_GetProvisioningMethod);
|
LOOKUP_ALL(12, GetProvisioningMethod, OEMCrypto_GetProvisioningMethod);
|
||||||
LOOKUP_ALL( 8, GetRandom, OEMCrypto_GetRandom);
|
LOOKUP_ALL( 8, GetRandom, OEMCrypto_GetRandom);
|
||||||
LOOKUP_ALL( 8, InstallKeybox, OEMCrypto_InstallKeybox);
|
LOOKUP_ALL( 8, InstallKeyboxOrOEMCert, OEMCrypto_InstallKeyboxOrOEMCert);
|
||||||
LOOKUP_ALL(10, IsAntiRollbackHwPresent, OEMCrypto_IsAntiRollbackHwPresent);
|
LOOKUP_ALL(10, IsAntiRollbackHwPresent, OEMCrypto_IsAntiRollbackHwPresent);
|
||||||
LOOKUP_ALL( 8, IsKeyboxValid, OEMCrypto_IsKeyboxValid);
|
LOOKUP_ALL( 8, IsKeyboxOrOEMCertValid, OEMCrypto_IsKeyboxOrOEMCertValid);
|
||||||
LOOKUP_ALL(13, IsSRMUpdateSupported, OEMCrypto_IsSRMUpdateSupported);
|
LOOKUP_ALL(13, IsSRMUpdateSupported, OEMCrypto_IsSRMUpdateSupported);
|
||||||
LOOKUP_ALL( 8, LoadDeviceRSAKey, OEMCrypto_LoadDeviceRSAKey);
|
LOOKUP_ALL( 8, LoadDeviceRSAKey, OEMCrypto_LoadDeviceRSAKey);
|
||||||
LOOKUP( 8, 8, LoadKeys_V8, OEMCrypto_LoadKeys_V8);
|
LOOKUP( 8, 8, LoadKeys_V8, OEMCrypto_LoadKeys_V8);
|
||||||
LOOKUP( 9, 10, LoadKeys_V9_or_V10, OEMCrypto_LoadKeys_V9_or_V10);
|
LOOKUP( 9, 10, LoadKeys_V9_or_V10, OEMCrypto_LoadKeys_V9_or_V10);
|
||||||
LOOKUP(11, 12, LoadKeys_V11_or_V12, OEMCrypto_LoadKeys_V11_or_V12);
|
LOOKUP(11, 12, LoadKeys_V11_or_V12, OEMCrypto_LoadKeys_V11_or_V12);
|
||||||
LOOKUP(13, 13, LoadKeys_V13, OEMCrypto_LoadKeys_V13);
|
LOOKUP(13, 13, LoadKeys_V13, OEMCrypto_LoadKeys_V13);
|
||||||
LOOKUP_ALL(14, LoadKeys, OEMCrypto_LoadKeys);
|
LOOKUP_ALL(14, LoadKeys, OEMCrypto_LoadKeys);
|
||||||
LOOKUP_ALL(14, LoadEntitledContentKeys, OEMCrypto_LoadEntitledContentKeys);
|
LOOKUP_ALL(14, LoadEntitledContentKeys, OEMCrypto_LoadEntitledContentKeys);
|
||||||
LOOKUP_ALL(13, LoadSRM, OEMCrypto_LoadSRM);
|
LOOKUP_ALL(13, LoadSRM, OEMCrypto_LoadSRM);
|
||||||
LOOKUP(10, 13, LoadTestKeybox_V13, OEMCrypto_LoadTestKeybox_V13);
|
LOOKUP(10, 13, LoadTestKeybox_V13, OEMCrypto_LoadTestKeybox_V13);
|
||||||
LOOKUP_ALL(14, LoadTestKeybox, OEMCrypto_LoadTestKeybox);
|
LOOKUP_ALL(14, LoadTestKeybox, OEMCrypto_LoadTestKeybox);
|
||||||
LOOKUP_ALL(10, LoadTestRSAKey, OEMCrypto_LoadTestRSAKey);
|
LOOKUP_ALL(10, LoadTestRSAKey, OEMCrypto_LoadTestRSAKey);
|
||||||
LOOKUP_ALL(13, LoadUsageEntry, OEMCrypto_LoadUsageEntry);
|
LOOKUP_ALL(13, LoadUsageEntry, OEMCrypto_LoadUsageEntry);
|
||||||
LOOKUP_ALL(13, LoadUsageTableHeader, OEMCrypto_LoadUsageTableHeader);
|
LOOKUP_ALL(13, LoadUsageTableHeader, OEMCrypto_LoadUsageTableHeader);
|
||||||
LOOKUP_ALL(13, MoveEntry, OEMCrypto_MoveEntry);
|
LOOKUP_ALL(13, MoveEntry, OEMCrypto_MoveEntry);
|
||||||
LOOKUP_ALL( 8, OpenSession, OEMCrypto_OpenSession);
|
LOOKUP_ALL( 8, OpenSession, OEMCrypto_OpenSession);
|
||||||
LOOKUP_ALL(10, QueryKeyControl, OEMCrypto_QueryKeyControl);
|
LOOKUP_ALL(10, QueryKeyControl, OEMCrypto_QueryKeyControl);
|
||||||
LOOKUP_ALL( 8, RefreshKeys, OEMCrypto_RefreshKeys);
|
LOOKUP_ALL( 8, RefreshKeys, OEMCrypto_RefreshKeys);
|
||||||
LOOKUP_ALL(13, RemoveSRM, OEMCrypto_RemoveSRM);
|
LOOKUP_ALL(13, RemoveSRM, OEMCrypto_RemoveSRM);
|
||||||
LOOKUP_ALL( 9, ReportUsage, OEMCrypto_ReportUsage);
|
LOOKUP_ALL( 9, ReportUsage, OEMCrypto_ReportUsage);
|
||||||
LOOKUP_ALL( 8, RewrapDeviceRSAKey, OEMCrypto_RewrapDeviceRSAKey);
|
LOOKUP_ALL( 8, RewrapDeviceRSAKey, OEMCrypto_RewrapDeviceRSAKey);
|
||||||
LOOKUP_ALL(12, RewrapDeviceRSAKey30, OEMCrypto_RewrapDeviceRSAKey30);
|
LOOKUP_ALL(12, RewrapDeviceRSAKey30, OEMCrypto_RewrapDeviceRSAKey30);
|
||||||
LOOKUP_ALL( 8, SecurityLevel, OEMCrypto_SecurityLevel);
|
LOOKUP_ALL( 8, SecurityLevel, OEMCrypto_SecurityLevel);
|
||||||
LOOKUP_ALL(11, SecurityPatchLevel, OEMCrypto_Security_Patch_Level);
|
LOOKUP_ALL(11, SecurityPatchLevel, OEMCrypto_Security_Patch_Level);
|
||||||
LOOKUP( 8, 13, SelectKey_V13, OEMCrypto_SelectKey_V13);
|
LOOKUP( 8, 13, SelectKey_V13, OEMCrypto_SelectKey_V13);
|
||||||
LOOKUP_ALL(14, SelectKey, OEMCrypto_SelectKey);
|
LOOKUP_ALL(14, SelectKey, OEMCrypto_SelectKey);
|
||||||
LOOKUP_ALL(13, ShrinkUsageTableHeader, OEMCrypto_ShrinkUsageTableHeader);
|
LOOKUP_ALL(13, ShrinkUsageTableHeader, OEMCrypto_ShrinkUsageTableHeader);
|
||||||
LOOKUP_ALL(13, SupportedCertificates, OEMCrypto_SupportedCertificates);
|
LOOKUP_ALL(13, SupportedCertificates, OEMCrypto_SupportedCertificates);
|
||||||
LOOKUP_ALL( 9, SupportsUsageTable, OEMCrypto_SupportsUsageTable);
|
LOOKUP_ALL( 9, SupportsUsageTable, OEMCrypto_SupportsUsageTable);
|
||||||
LOOKUP_ALL(13, UpdateUsageEntry, OEMCrypto_UpdateUsageEntry);
|
LOOKUP_ALL(13, UpdateUsageEntry, OEMCrypto_UpdateUsageEntry);
|
||||||
LOOKUP( 9, 12, UpdateUsageTable, OEMCrypto_UpdateUsageTable);
|
LOOKUP( 9, 12, UpdateUsageTable, OEMCrypto_UpdateUsageTable);
|
||||||
LOOKUP_ALL( 8, WrapKeybox, OEMCrypto_WrapKeybox);
|
LOOKUP_ALL( 8, WrapKeybox, OEMCrypto_WrapKeybox);
|
||||||
// clang-format on
|
// clang-format on
|
||||||
|
|
||||||
// If we have a valid keybox, initialization is done. We're good.
|
// If the keybox or oem certificate is valid, we are done.
|
||||||
if (OEMCrypto_SUCCESS == level1_.IsKeyboxValid()) {
|
OEMCryptoResult root_valid = level1_.IsKeyboxOrOEMCertValid();
|
||||||
|
OEMCrypto_ProvisioningMethod provisioning_method =
|
||||||
|
level1_.GetProvisioningMethod();
|
||||||
|
if (root_valid == OEMCrypto_SUCCESS) {
|
||||||
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
|
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
|
||||||
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_WITH_KEYBOX);
|
(provisioning_method == OEMCrypto_Keybox)
|
||||||
return true;
|
? wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_WITH_KEYBOX
|
||||||
}
|
: wvcdm::metrics::
|
||||||
// If we use provisioning 3.0, initialization is done. We may not
|
OEMCrypto_INITIALIZED_USING_L1_WITH_PROVISIONING_3_0);
|
||||||
// be good, but there's no reason to try loading a keybox. Any errors
|
|
||||||
// will have to be caught in the future when provisioning fails.
|
|
||||||
if (level1_.version > 11 &&
|
|
||||||
(level1_.GetProvisioningMethod() == OEMCrypto_OEMCertificate)) {
|
|
||||||
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
|
|
||||||
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_WITH_PROVISIONING_3_0);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
uint8_t buffer[1];
|
|
||||||
size_t buffer_size = 0;
|
|
||||||
if (OEMCrypto_ERROR_NOT_IMPLEMENTED == level1_.GetKeyData(buffer,
|
|
||||||
&buffer_size)){
|
|
||||||
// If GetKeyData is not implemented, then the device should only use a
|
|
||||||
// baked in certificate as identification. We will assume that a device
|
|
||||||
// with a bad keybox returns a different error code.
|
|
||||||
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
|
|
||||||
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_WITH_CERTIFICATE);
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
wvcdm::FileSystem file_system;
|
wvcdm::FileSystem file_system;
|
||||||
std::string filename;
|
std::string filename;
|
||||||
if (!wvcdm::Properties::GetFactoryKeyboxPath(&filename)) {
|
if (!wvcdm::Properties::GetFactoryKeyboxPath(&filename)) {
|
||||||
LOGW("Bad Level 1 Keybox. Falling Back to L3.");
|
LOGW("Bad Level 1 Root of Trust. Falling Back to L3.");
|
||||||
level1_.Terminate();
|
level1_.Terminate();
|
||||||
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
|
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
|
||||||
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L3_BAD_KEYBOX);
|
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L3_BAD_KEYBOX);
|
||||||
@@ -761,11 +748,12 @@ class Adapter {
|
|||||||
OEMCrypto_INITIALIZED_USING_L3_COULD_NOT_OPEN_FACTORY_KEYBOX);
|
OEMCrypto_INITIALIZED_USING_L3_COULD_NOT_OPEN_FACTORY_KEYBOX);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
std::vector<uint8_t> keybox(size);
|
std::vector<uint8_t> root_key(size);
|
||||||
ssize_t size_read = file->Read(reinterpret_cast<char*>(&keybox[0]), size);
|
ssize_t size_read = file->Read(reinterpret_cast<char*>(&root_key[0]), size);
|
||||||
file->Close();
|
file->Close();
|
||||||
if (level1_.InstallKeybox(&keybox[0], size_read) != OEMCrypto_SUCCESS) {
|
if (level1_.InstallKeyboxOrOEMCert(&root_key[0], size_read) !=
|
||||||
LOGE("Could NOT install keybox from %s. Falling Back to L3.",
|
OEMCrypto_SUCCESS) {
|
||||||
|
LOGE("Could NOT install root key from %s. Falling Back to L3.",
|
||||||
filename.c_str());
|
filename.c_str());
|
||||||
level1_.Terminate();
|
level1_.Terminate();
|
||||||
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
|
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
|
||||||
@@ -773,7 +761,16 @@ class Adapter {
|
|||||||
OEMCrypto_INITIALIZED_USING_L3_COULD_NOT_INSTALL_KEYBOX);
|
OEMCrypto_INITIALIZED_USING_L3_COULD_NOT_INSTALL_KEYBOX);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
LOGI("Installed keybox from %s", filename.c_str());
|
if (level1_.IsKeyboxOrOEMCertValid() != OEMCrypto_SUCCESS) {
|
||||||
|
LOGE("Installed bad key from %s. Falling Back to L3.",
|
||||||
|
filename.c_str());
|
||||||
|
level1_.Terminate();
|
||||||
|
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
|
||||||
|
wvcdm::metrics::
|
||||||
|
OEMCrypto_INITIALIZED_USING_L3_COULD_NOT_INSTALL_KEYBOX);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
LOGI("Installed root key from %s", filename.c_str());
|
||||||
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
|
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
|
||||||
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_INSTALLED_KEYBOX);
|
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_INSTALLED_KEYBOX);
|
||||||
return true;
|
return true;
|
||||||
@@ -781,64 +778,64 @@ class Adapter {
|
|||||||
|
|
||||||
void LoadLevel3() {
|
void LoadLevel3() {
|
||||||
// clang-format off
|
// clang-format off
|
||||||
level3_.Terminate = Level3_Terminate;
|
level3_.Terminate = Level3_Terminate;
|
||||||
level3_.OpenSession = Level3_OpenSession;
|
level3_.OpenSession = Level3_OpenSession;
|
||||||
level3_.CloseSession = Level3_CloseSession;
|
level3_.CloseSession = Level3_CloseSession;
|
||||||
level3_.GenerateDerivedKeys = Level3_GenerateDerivedKeys;
|
level3_.GenerateDerivedKeys = Level3_GenerateDerivedKeys;
|
||||||
level3_.GenerateNonce = Level3_GenerateNonce;
|
level3_.GenerateNonce = Level3_GenerateNonce;
|
||||||
level3_.GenerateSignature = Level3_GenerateSignature;
|
level3_.GenerateSignature = Level3_GenerateSignature;
|
||||||
level3_.LoadKeys = Level3_LoadKeys;
|
level3_.LoadKeys = Level3_LoadKeys;
|
||||||
level3_.LoadEntitledContentKeys = Level3_LoadEntitledContentKeys;
|
level3_.LoadEntitledContentKeys = Level3_LoadEntitledContentKeys;
|
||||||
level3_.RefreshKeys = Level3_RefreshKeys;
|
level3_.RefreshKeys = Level3_RefreshKeys;
|
||||||
level3_.QueryKeyControl = Level3_QueryKeyControl;
|
level3_.QueryKeyControl = Level3_QueryKeyControl;
|
||||||
level3_.SelectKey = Level3_SelectKey;
|
level3_.SelectKey = Level3_SelectKey;
|
||||||
level3_.DecryptCENC = Level3_DecryptCENC;
|
level3_.DecryptCENC = Level3_DecryptCENC;
|
||||||
level3_.CopyBuffer = Level3_CopyBuffer;
|
level3_.CopyBuffer = Level3_CopyBuffer;
|
||||||
level3_.WrapKeybox = Level3_WrapKeybox;
|
level3_.WrapKeybox = Level3_WrapKeybox;
|
||||||
level3_.InstallKeybox = Level3_InstallKeybox;
|
level3_.InstallKeyboxOrOEMCert = Level3_InstallKeybox;
|
||||||
level3_.LoadTestKeybox = Level3_LoadTestKeybox;
|
level3_.LoadTestKeybox = Level3_LoadTestKeybox;
|
||||||
level3_.IsKeyboxValid = Level3_IsKeyboxValid;
|
level3_.IsKeyboxOrOEMCertValid = Level3_IsKeyboxValid;
|
||||||
level3_.GetDeviceID = Level3_GetDeviceID;
|
level3_.GetDeviceID = Level3_GetDeviceID;
|
||||||
level3_.GetKeyData = Level3_GetKeyData;
|
level3_.GetKeyData = Level3_GetKeyData;
|
||||||
level3_.GetRandom = Level3_GetRandom;
|
level3_.GetRandom = Level3_GetRandom;
|
||||||
level3_.RewrapDeviceRSAKey = Level3_RewrapDeviceRSAKey;
|
level3_.RewrapDeviceRSAKey = Level3_RewrapDeviceRSAKey;
|
||||||
level3_.LoadDeviceRSAKey = Level3_LoadDeviceRSAKey;
|
level3_.LoadDeviceRSAKey = Level3_LoadDeviceRSAKey;
|
||||||
level3_.LoadTestRSAKey = Level3_LoadTestRSAKey;
|
level3_.LoadTestRSAKey = Level3_LoadTestRSAKey;
|
||||||
level3_.GenerateRSASignature = Level3_GenerateRSASignature;
|
level3_.GenerateRSASignature = Level3_GenerateRSASignature;
|
||||||
level3_.DeriveKeysFromSessionKey = Level3_DeriveKeysFromSessionKey;
|
level3_.DeriveKeysFromSessionKey = Level3_DeriveKeysFromSessionKey;
|
||||||
level3_.APIVersion = Level3_APIVersion;
|
level3_.APIVersion = Level3_APIVersion;
|
||||||
level3_.SecurityPatchLevel = Level3_SecurityPatchLevel;
|
level3_.SecurityPatchLevel = Level3_SecurityPatchLevel;
|
||||||
level3_.SecurityLevel = Level3_SecurityLevel;
|
level3_.SecurityLevel = Level3_SecurityLevel;
|
||||||
level3_.GetHDCPCapability = Level3_GetHDCPCapability;
|
level3_.GetHDCPCapability = Level3_GetHDCPCapability;
|
||||||
level3_.GetAnalogOutputFlags = Level3_GetAnalogOutputFlags;
|
level3_.GetAnalogOutputFlags = Level3_GetAnalogOutputFlags;
|
||||||
level3_.SupportsUsageTable = Level3_SupportsUsageTable;
|
level3_.SupportsUsageTable = Level3_SupportsUsageTable;
|
||||||
level3_.IsAntiRollbackHwPresent = Level3_IsAntiRollbackHwPresent;
|
level3_.IsAntiRollbackHwPresent = Level3_IsAntiRollbackHwPresent;
|
||||||
level3_.GetNumberOfOpenSessions = Level3_GetNumberOfOpenSessions;
|
level3_.GetNumberOfOpenSessions = Level3_GetNumberOfOpenSessions;
|
||||||
level3_.GetMaxNumberOfSessions = Level3_GetMaxNumberOfSessions;
|
level3_.GetMaxNumberOfSessions = Level3_GetMaxNumberOfSessions;
|
||||||
level3_.Generic_Decrypt = Level3_Generic_Decrypt;
|
level3_.Generic_Decrypt = Level3_Generic_Decrypt;
|
||||||
level3_.Generic_Encrypt = Level3_Generic_Encrypt;
|
level3_.Generic_Encrypt = Level3_Generic_Encrypt;
|
||||||
level3_.Generic_Sign = Level3_Generic_Sign;
|
level3_.Generic_Sign = Level3_Generic_Sign;
|
||||||
level3_.Generic_Verify = Level3_Generic_Verify;
|
level3_.Generic_Verify = Level3_Generic_Verify;
|
||||||
level3_.DeactivateUsageEntry = Level3_DeactivateUsageEntry;
|
level3_.DeactivateUsageEntry = Level3_DeactivateUsageEntry;
|
||||||
level3_.ReportUsage = Level3_ReportUsage;
|
level3_.ReportUsage = Level3_ReportUsage;
|
||||||
level3_.DeleteOldUsageTable = Level3_DeleteOldUsageTable;
|
level3_.DeleteOldUsageTable = Level3_DeleteOldUsageTable;
|
||||||
level3_.GetProvisioningMethod = Level3_GetProvisioningMethod;
|
level3_.GetProvisioningMethod = Level3_GetProvisioningMethod;
|
||||||
level3_.GetOEMPublicCertificate = Level3_GetOEMPublicCertificate;
|
level3_.GetOEMPublicCertificate = Level3_GetOEMPublicCertificate;
|
||||||
level3_.RewrapDeviceRSAKey30 = Level3_RewrapDeviceRSAKey30;
|
level3_.RewrapDeviceRSAKey30 = Level3_RewrapDeviceRSAKey30;
|
||||||
level3_.SupportedCertificates = Level3_SupportedCertificates;
|
level3_.SupportedCertificates = Level3_SupportedCertificates;
|
||||||
level3_.IsSRMUpdateSupported = Level3_IsSRMUpdateSupported;
|
level3_.IsSRMUpdateSupported = Level3_IsSRMUpdateSupported;
|
||||||
level3_.GetCurrentSRMVersion = Level3_GetCurrentSRMVersion;
|
level3_.GetCurrentSRMVersion = Level3_GetCurrentSRMVersion;
|
||||||
level3_.LoadSRM = Level3_LoadSRM;
|
level3_.LoadSRM = Level3_LoadSRM;
|
||||||
level3_.RemoveSRM = Level3_RemoveSRM;
|
level3_.RemoveSRM = Level3_RemoveSRM;
|
||||||
level3_.CreateUsageTableHeader = Level3_CreateUsageTableHeader;
|
level3_.CreateUsageTableHeader = Level3_CreateUsageTableHeader;
|
||||||
level3_.LoadUsageTableHeader = Level3_LoadUsageTableHeader;
|
level3_.LoadUsageTableHeader = Level3_LoadUsageTableHeader;
|
||||||
level3_.CreateNewUsageEntry = Level3_CreateNewUsageEntry;
|
level3_.CreateNewUsageEntry = Level3_CreateNewUsageEntry;
|
||||||
level3_.LoadUsageEntry = Level3_LoadUsageEntry;
|
level3_.LoadUsageEntry = Level3_LoadUsageEntry;
|
||||||
level3_.UpdateUsageEntry = Level3_UpdateUsageEntry;
|
level3_.UpdateUsageEntry = Level3_UpdateUsageEntry;
|
||||||
level3_.ShrinkUsageTableHeader = Level3_ShrinkUsageTableHeader;
|
level3_.ShrinkUsageTableHeader = Level3_ShrinkUsageTableHeader;
|
||||||
level3_.MoveEntry = Level3_MoveEntry;
|
level3_.MoveEntry = Level3_MoveEntry;
|
||||||
level3_.CopyOldUsageEntry = Level3_CopyOldUsageEntry;
|
level3_.CopyOldUsageEntry = Level3_CopyOldUsageEntry;
|
||||||
level3_.CreateOldUsageEntry = Level3_CreateOldUsageEntry;
|
level3_.CreateOldUsageEntry = Level3_CreateOldUsageEntry;
|
||||||
// clang-format on
|
// clang-format on
|
||||||
|
|
||||||
level3_.version = Level3_APIVersion();
|
level3_.version = Level3_APIVersion();
|
||||||
@@ -954,14 +951,15 @@ OEMCryptoResult OEMCrypto_CopyBuffer(
|
|||||||
return fcn->CopyBuffer(data_addr, data_length, out_buffer, subsample_flags);
|
return fcn->CopyBuffer(data_addr, data_length, out_buffer, subsample_flags);
|
||||||
}
|
}
|
||||||
|
|
||||||
OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
|
OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(const uint8_t* keybox,
|
||||||
size_t keyBoxLength,
|
size_t keyBoxLength,
|
||||||
SecurityLevel level) {
|
SecurityLevel level) {
|
||||||
if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||||
const FunctionPointers* fcn = kAdapter->get(level);
|
const FunctionPointers* fcn = kAdapter->get(level);
|
||||||
if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION;
|
if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION;
|
||||||
if (fcn->InstallKeybox == NULL) return OEMCrypto_ERROR_NOT_IMPLEMENTED;
|
if (fcn->InstallKeyboxOrOEMCert == NULL)
|
||||||
return fcn->InstallKeybox(keybox, keyBoxLength);
|
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
|
||||||
|
return fcn->InstallKeyboxOrOEMCert(keybox, keyBoxLength);
|
||||||
}
|
}
|
||||||
|
|
||||||
OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod(
|
OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod(
|
||||||
@@ -974,12 +972,13 @@ OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod(
|
|||||||
return fcn->GetProvisioningMethod();
|
return fcn->GetProvisioningMethod();
|
||||||
}
|
}
|
||||||
|
|
||||||
OEMCryptoResult OEMCrypto_IsKeyboxValid(SecurityLevel level) {
|
OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(SecurityLevel level) {
|
||||||
if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||||
const FunctionPointers* fcn = kAdapter->get(level);
|
const FunctionPointers* fcn = kAdapter->get(level);
|
||||||
if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION;
|
if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION;
|
||||||
if (fcn->IsKeyboxValid == NULL) return OEMCrypto_ERROR_NOT_IMPLEMENTED;
|
if (fcn->IsKeyboxOrOEMCertValid == NULL)
|
||||||
return fcn->IsKeyboxValid();
|
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
|
||||||
|
return fcn->IsKeyboxOrOEMCertValid();
|
||||||
}
|
}
|
||||||
|
|
||||||
OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID, size_t* idLength,
|
OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID, size_t* idLength,
|
||||||
@@ -1501,9 +1500,9 @@ extern "C" OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox,
|
|||||||
wrappedKeyBoxLength, transportKey, transportKeyLength);
|
wrappedKeyBoxLength, transportKey, transportKeyLength);
|
||||||
}
|
}
|
||||||
|
|
||||||
extern "C" OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
|
extern "C" OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(const uint8_t* keybox,
|
||||||
size_t keyBoxLength) {
|
size_t keyBoxLength) {
|
||||||
return OEMCrypto_InstallKeybox(keybox, keyBoxLength, kLevelDefault);
|
return OEMCrypto_InstallKeyboxOrOEMCert(keybox, keyBoxLength, kLevelDefault);
|
||||||
}
|
}
|
||||||
|
|
||||||
extern "C" OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t* buffer,
|
extern "C" OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t* buffer,
|
||||||
@@ -1520,8 +1519,8 @@ extern "C" OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t* buffer,
|
|||||||
return fcn->LoadTestKeybox(buffer, length);
|
return fcn->LoadTestKeybox(buffer, length);
|
||||||
}
|
}
|
||||||
|
|
||||||
extern "C" OEMCryptoResult OEMCrypto_IsKeyboxValid() {
|
extern "C" OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid() {
|
||||||
return OEMCrypto_IsKeyboxValid(kLevelDefault);
|
return OEMCrypto_IsKeyboxOrOEMCertValid(kLevelDefault);
|
||||||
}
|
}
|
||||||
|
|
||||||
extern "C" OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod() {
|
extern "C" OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod() {
|
||||||
|
|||||||
@@ -370,81 +370,87 @@ typedef enum OEMCrypto_ProvisioningMethod {
|
|||||||
/*
|
/*
|
||||||
* Obfuscation Renames.
|
* Obfuscation Renames.
|
||||||
*/
|
*/
|
||||||
#define OEMCrypto_Initialize _oecc01
|
#define OEMCrypto_Initialize _oecc01
|
||||||
#define OEMCrypto_Terminate _oecc02
|
#define OEMCrypto_Terminate _oecc02
|
||||||
#define OEMCrypto_InstallKeybox _oecc03
|
#define OEMCrypto_InstallKeybox _oecc03
|
||||||
#define OEMCrypto_InstallRootKeyCertificate _oecc03
|
// Rename InstallKeybox to InstallKeyboxOrOEMCert.
|
||||||
#define OEMCrypto_GetKeyData _oecc04
|
#define OEMCrypto_InstallRootKeyCertificate _oecc03
|
||||||
#define OEMCrypto_IsKeyboxValid _oecc05
|
#define OEMCrypto_InstallKeyboxOrOEMCert _oecc03
|
||||||
#define OEMCrypto_IsRootKeyCertificateValid _oecc05
|
#define OEMCrypto_GetKeyData _oecc04
|
||||||
#define OEMCrypto_GetRandom _oecc06
|
#define OEMCrypto_IsKeyboxValid _oecc05
|
||||||
#define OEMCrypto_GetDeviceID _oecc07
|
// Rename IsKeyboxValid to IsKeyboxOrOEMCertValid.
|
||||||
#define OEMCrypto_WrapKeybox _oecc08
|
#define OEMCrypto_IsRootKeyCertificateValid _oecc05
|
||||||
#define OEMCrypto_WrapRootKeyCertificate _oecc08
|
#define OEMCrypto_IsKeyboxOrOEMCertValid _oecc05
|
||||||
#define OEMCrypto_OpenSession _oecc09
|
#define OEMCrypto_GetRandom _oecc06
|
||||||
#define OEMCrypto_CloseSession _oecc10
|
#define OEMCrypto_GetDeviceID _oecc07
|
||||||
#define OEMCrypto_DecryptCTR_V10 _oecc11
|
#define OEMCrypto_WrapKeybox _oecc08
|
||||||
#define OEMCrypto_GenerateDerivedKeys _oecc12
|
// Rename WrapKeybox to WrapKeyboxOrOEMCert
|
||||||
#define OEMCrypto_GenerateSignature _oecc13
|
#define OEMCrypto_WrapRootKeyCertificate _oecc08
|
||||||
#define OEMCrypto_GenerateNonce _oecc14
|
#define OEMCrypto_WrapKeyboxOrOEMCert _oecc08
|
||||||
#define OEMCrypto_LoadKeys_V8 _oecc15
|
#define OEMCrypto_OpenSession _oecc09
|
||||||
#define OEMCrypto_RefreshKeys _oecc16
|
#define OEMCrypto_CloseSession _oecc10
|
||||||
#define OEMCrypto_SelectKey_V13 _oecc17
|
#define OEMCrypto_DecryptCTR_V10 _oecc11
|
||||||
#define OEMCrypto_RewrapDeviceRSAKey _oecc18
|
#define OEMCrypto_GenerateDerivedKeys _oecc12
|
||||||
#define OEMCrypto_LoadDeviceRSAKey _oecc19
|
#define OEMCrypto_GenerateSignature _oecc13
|
||||||
#define OEMCrypto_GenerateRSASignature_V8 _oecc20
|
#define OEMCrypto_GenerateNonce _oecc14
|
||||||
#define OEMCrypto_DeriveKeysFromSessionKey _oecc21
|
#define OEMCrypto_LoadKeys_V8 _oecc15
|
||||||
#define OEMCrypto_APIVersion _oecc22
|
#define OEMCrypto_RefreshKeys _oecc16
|
||||||
#define OEMCrypto_SecurityLevel _oecc23
|
#define OEMCrypto_SelectKey_V13 _oecc17
|
||||||
#define OEMCrypto_Generic_Encrypt _oecc24
|
#define OEMCrypto_RewrapDeviceRSAKey _oecc18
|
||||||
#define OEMCrypto_Generic_Decrypt _oecc25
|
#define OEMCrypto_LoadDeviceRSAKey _oecc19
|
||||||
#define OEMCrypto_Generic_Sign _oecc26
|
#define OEMCrypto_GenerateRSASignature_V8 _oecc20
|
||||||
#define OEMCrypto_Generic_Verify _oecc27
|
#define OEMCrypto_DeriveKeysFromSessionKey _oecc21
|
||||||
#define OEMCrypto_GetHDCPCapability_V9 _oecc28
|
#define OEMCrypto_APIVersion _oecc22
|
||||||
#define OEMCrypto_SupportsUsageTable _oecc29
|
#define OEMCrypto_SecurityLevel _oecc23
|
||||||
#define OEMCrypto_UpdateUsageTable _oecc30
|
#define OEMCrypto_Generic_Encrypt _oecc24
|
||||||
#define OEMCrypto_DeactivateUsageEntry_V12 _oecc31
|
#define OEMCrypto_Generic_Decrypt _oecc25
|
||||||
#define OEMCrypto_ReportUsage _oecc32
|
#define OEMCrypto_Generic_Sign _oecc26
|
||||||
#define OEMCrypto_DeleteUsageEntry _oecc33
|
#define OEMCrypto_Generic_Verify _oecc27
|
||||||
#define OEMCrypto_DeleteOldUsageTable _oecc34
|
#define OEMCrypto_GetHDCPCapability_V9 _oecc28
|
||||||
#define OEMCrypto_LoadKeys_V9_or_V10 _oecc35
|
#define OEMCrypto_SupportsUsageTable _oecc29
|
||||||
#define OEMCrypto_GenerateRSASignature _oecc36
|
#define OEMCrypto_UpdateUsageTable _oecc30
|
||||||
#define OEMCrypto_GetMaxNumberOfSessions _oecc37
|
#define OEMCrypto_DeactivateUsageEntry_V12 _oecc31
|
||||||
#define OEMCrypto_GetNumberOfOpenSessions _oecc38
|
#define OEMCrypto_ReportUsage _oecc32
|
||||||
#define OEMCrypto_IsAntiRollbackHwPresent _oecc39
|
#define OEMCrypto_DeleteUsageEntry _oecc33
|
||||||
#define OEMCrypto_CopyBuffer _oecc40
|
#define OEMCrypto_DeleteOldUsageTable _oecc34
|
||||||
#define OEMCrypto_QueryKeyControl _oecc41
|
#define OEMCrypto_LoadKeys_V9_or_V10 _oecc35
|
||||||
#define OEMCrypto_LoadTestKeybox_V13 _oecc42
|
#define OEMCrypto_GenerateRSASignature _oecc36
|
||||||
#define OEMCrypto_ForceDeleteUsageEntry _oecc43
|
#define OEMCrypto_GetMaxNumberOfSessions _oecc37
|
||||||
#define OEMCrypto_GetHDCPCapability _oecc44
|
#define OEMCrypto_GetNumberOfOpenSessions _oecc38
|
||||||
#define OEMCrypto_LoadTestRSAKey _oecc45
|
#define OEMCrypto_IsAntiRollbackHwPresent _oecc39
|
||||||
#define OEMCrypto_Security_Patch_Level _oecc46
|
#define OEMCrypto_CopyBuffer _oecc40
|
||||||
#define OEMCrypto_LoadKeys_V11_or_V12 _oecc47
|
#define OEMCrypto_QueryKeyControl _oecc41
|
||||||
#define OEMCrypto_DecryptCENC _oecc48
|
#define OEMCrypto_LoadTestKeybox_V13 _oecc42
|
||||||
#define OEMCrypto_GetProvisioningMethod _oecc49
|
#define OEMCrypto_ForceDeleteUsageEntry _oecc43
|
||||||
#define OEMCrypto_GetOEMPublicCertificate _oecc50
|
#define OEMCrypto_GetHDCPCapability _oecc44
|
||||||
#define OEMCrypto_RewrapDeviceRSAKey30 _oecc51
|
#define OEMCrypto_LoadTestRSAKey _oecc45
|
||||||
#define OEMCrypto_SupportedCertificates _oecc52
|
#define OEMCrypto_Security_Patch_Level _oecc46
|
||||||
#define OEMCrypto_IsSRMUpdateSupported _oecc53
|
#define OEMCrypto_LoadKeys_V11_or_V12 _oecc47
|
||||||
#define OEMCrypto_GetCurrentSRMVersion _oecc54
|
#define OEMCrypto_DecryptCENC _oecc48
|
||||||
#define OEMCrypto_LoadSRM _oecc55
|
#define OEMCrypto_GetProvisioningMethod _oecc49
|
||||||
#define OEMCrypto_LoadKeys_V13 _oecc56
|
#define OEMCrypto_GetOEMPublicCertificate _oecc50
|
||||||
#define OEMCrypto_RemoveSRM _oecc57
|
#define OEMCrypto_RewrapDeviceRSAKey30 _oecc51
|
||||||
#define OEMCrypto_CreateUsageTableHeader _oecc61
|
#define OEMCrypto_SupportedCertificates _oecc52
|
||||||
#define OEMCrypto_LoadUsageTableHeader _oecc62
|
#define OEMCrypto_IsSRMUpdateSupported _oecc53
|
||||||
#define OEMCrypto_CreateNewUsageEntry _oecc63
|
#define OEMCrypto_GetCurrentSRMVersion _oecc54
|
||||||
#define OEMCrypto_LoadUsageEntry _oecc64
|
#define OEMCrypto_LoadSRM _oecc55
|
||||||
#define OEMCrypto_UpdateUsageEntry _oecc65
|
#define OEMCrypto_LoadKeys_V13 _oecc56
|
||||||
#define OEMCrypto_DeactivateUsageEntry _oecc66
|
#define OEMCrypto_RemoveSRM _oecc57
|
||||||
#define OEMCrypto_ShrinkUsageTableHeader _oecc67
|
#define OEMCrypto_CreateUsageTableHeader _oecc61
|
||||||
#define OEMCrypto_MoveEntry _oecc68
|
#define OEMCrypto_LoadUsageTableHeader _oecc62
|
||||||
#define OEMCrypto_CopyOldUsageEntry _oecc69
|
#define OEMCrypto_CreateNewUsageEntry _oecc63
|
||||||
#define OEMCrypto_CreateOldUsageEntry _oecc70
|
#define OEMCrypto_LoadUsageEntry _oecc64
|
||||||
#define OEMCrypto_GetAnalogOutputFlags _oecc71
|
#define OEMCrypto_UpdateUsageEntry _oecc65
|
||||||
#define OEMCrypto_LoadTestKeybox _oecc78
|
#define OEMCrypto_DeactivateUsageEntry _oecc66
|
||||||
#define OEMCrypto_LoadEntitledContentKeys _oecc79
|
#define OEMCrypto_ShrinkUsageTableHeader _oecc67
|
||||||
#define OEMCrypto_SelectKey _oecc81
|
#define OEMCrypto_MoveEntry _oecc68
|
||||||
#define OEMCrypto_LoadKeys _oecc82
|
#define OEMCrypto_CopyOldUsageEntry _oecc69
|
||||||
|
#define OEMCrypto_CreateOldUsageEntry _oecc70
|
||||||
|
#define OEMCrypto_GetAnalogOutputFlags _oecc71
|
||||||
|
#define OEMCrypto_LoadTestKeybox _oecc78
|
||||||
|
#define OEMCrypto_LoadEntitledContentKeys _oecc79
|
||||||
|
#define OEMCrypto_SelectKey _oecc81
|
||||||
|
#define OEMCrypto_LoadKeys _oecc82
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* OEMCrypto_Initialize
|
* OEMCrypto_Initialize
|
||||||
@@ -1498,7 +1504,7 @@ OEMCryptoResult OEMCrypto_CopyBuffer(const uint8_t* data_addr,
|
|||||||
uint8_t subsample_flags);
|
uint8_t subsample_flags);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* OEMCrypto_WrapRootKeyCertificate
|
* OEMCrypto_WrapKeyboxOrOEMCert
|
||||||
*
|
*
|
||||||
* Description:
|
* Description:
|
||||||
*
|
*
|
||||||
@@ -1507,13 +1513,13 @@ OEMCryptoResult OEMCrypto_CopyBuffer(const uint8_t* data_addr,
|
|||||||
* manufacturing, the root of trust should be encrypted with the OEM root key
|
* manufacturing, the root of trust should be encrypted with the OEM root key
|
||||||
* and stored on the file system in a region that will not be erased during
|
* and stored on the file system in a region that will not be erased during
|
||||||
* factory reset. This function may be used by legacy systems that use the
|
* factory reset. This function may be used by legacy systems that use the
|
||||||
* two-step WrapRootKeyCertificate/InstallRootKeyCertificate approach. When
|
* two-step WrapKeyboxOrOEMCert/InstallKeyboxOrOEMCert approach. When
|
||||||
* the Widevine DRM plugin initializes, it will look for a wrapped root of
|
* the Widevine DRM plugin initializes, it will look for a wrapped root of
|
||||||
* trust in the file /factory/wv.keys and install it into the security
|
* trust in the file /factory/wv.keys and install it into the security
|
||||||
* processor by calling OEMCrypto_InstallRootKeyCertificate().
|
* processor by calling OEMCrypto_InstallKeyboxOrOEMCert().
|
||||||
*
|
*
|
||||||
* OEMCrypto_WrapRootKeyCertificate() is used to generate an OEM-encrypted
|
* OEMCrypto_WrapKeyboxOrOEMCert() is used to generate an OEM-encrypted
|
||||||
* root of trust that may be passed to OEMCrypto_InstallRootKeyCertificate()
|
* root of trust that may be passed to OEMCrypto_InstallKeyboxOrOEMCert()
|
||||||
* for provisioning. The root of trust may be either passed in the clear or
|
* for provisioning. The root of trust may be either passed in the clear or
|
||||||
* previously encrypted with a transport key. If a transport key is supplied,
|
* previously encrypted with a transport key. If a transport key is supplied,
|
||||||
* the keybox is first decrypted with the transport key before being wrapped
|
* the keybox is first decrypted with the transport key before being wrapped
|
||||||
@@ -1548,14 +1554,14 @@ OEMCryptoResult OEMCrypto_CopyBuffer(const uint8_t* data_addr,
|
|||||||
* Version:
|
* Version:
|
||||||
* This method is supported by all API versions.
|
* This method is supported by all API versions.
|
||||||
*/
|
*/
|
||||||
OEMCryptoResult OEMCrypto_WrapRootKeyCertificate(const uint8_t* rot, size_t rotLength,
|
OEMCryptoResult OEMCrypto_WrapKeyboxOrOEMCert(const uint8_t* rot, size_t rotLength,
|
||||||
uint8_t* wrappedRot,
|
uint8_t* wrappedRot,
|
||||||
size_t* wrappedRotLength,
|
size_t* wrappedRotLength,
|
||||||
const uint8_t* transportKey,
|
const uint8_t* transportKey,
|
||||||
size_t transportKeyLength);
|
size_t transportKeyLength);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* OEMCrypto_InstallRootKeyCertificate
|
* OEMCrypto_InstallKeyboxOrOEMCert
|
||||||
*
|
*
|
||||||
* Description:
|
* Description:
|
||||||
*
|
*
|
||||||
@@ -1564,7 +1570,7 @@ OEMCryptoResult OEMCrypto_WrapRootKeyCertificate(const uint8_t* rot, size_t rotL
|
|||||||
* function is called from the Widevine DRM plugin at initialization time if
|
* function is called from the Widevine DRM plugin at initialization time if
|
||||||
* there is no valid root of trust installed. It looks for wrapped data in
|
* there is no valid root of trust installed. It looks for wrapped data in
|
||||||
* the file /factory/wv.keys and if it is present, will read the file and call
|
* the file /factory/wv.keys and if it is present, will read the file and call
|
||||||
* OEMCrypto_InstallRootKeyCertificate() with the contents of the file. This
|
* OEMCrypto_InstallKeyboxOrOEMCert() with the contents of the file. This
|
||||||
* function is only needed if the factory provisioning method involves saving
|
* function is only needed if the factory provisioning method involves saving
|
||||||
* the keybox to the file system.
|
* the keybox to the file system.
|
||||||
*
|
*
|
||||||
@@ -1585,7 +1591,7 @@ OEMCryptoResult OEMCrypto_WrapRootKeyCertificate(const uint8_t* rot, size_t rotL
|
|||||||
* Version:
|
* Version:
|
||||||
* This method is supported in all API versions.
|
* This method is supported in all API versions.
|
||||||
*/
|
*/
|
||||||
OEMCryptoResult OEMCrypto_InstallRootKeyCertificate(const uint8_t* rot,
|
OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(const uint8_t* rot,
|
||||||
size_t rotLength);
|
size_t rotLength);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -1681,7 +1687,7 @@ OEMCryptoResult OEMCrypto_GetOEMPublicCertificate(OEMCrypto_SESSION session,
|
|||||||
OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t *buffer, size_t length);
|
OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t *buffer, size_t length);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* OEMCrypto_IsRootKeyCertificateValid
|
* OEMCrypto_IsKeyboxOrOEMCertValid
|
||||||
*
|
*
|
||||||
* Description:
|
* Description:
|
||||||
*
|
*
|
||||||
@@ -1713,7 +1719,7 @@ OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t *buffer, size_t length);
|
|||||||
* Version:
|
* Version:
|
||||||
* This method is supported by all API versions.
|
* This method is supported by all API versions.
|
||||||
*/
|
*/
|
||||||
OEMCryptoResult OEMCrypto_IsRootKeyCertificateValid(void);
|
OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(void);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* OEMCrypto_GetDeviceID
|
* OEMCrypto_GetDeviceID
|
||||||
|
|||||||
@@ -548,12 +548,10 @@ extern "C" OEMCryptoResult OEMCrypto_CopyBuffer(
|
|||||||
return crypto_engine->PushDestination(out_buffer, subsample_flags);
|
return crypto_engine->PushDestination(out_buffer, subsample_flags);
|
||||||
}
|
}
|
||||||
|
|
||||||
extern "C" OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox,
|
extern "C" OEMCryptoResult OEMCrypto_WrapKeyboxOrOEMCert(
|
||||||
size_t keyBoxLength,
|
const uint8_t* keybox, size_t keyBoxLength, uint8_t* wrappedKeybox,
|
||||||
uint8_t* wrappedKeybox,
|
size_t* wrappedKeyBoxLength, const uint8_t* transportKey,
|
||||||
size_t* wrappedKeyBoxLength,
|
size_t transportKeyLength) {
|
||||||
const uint8_t* transportKey,
|
|
||||||
size_t transportKeyLength) {
|
|
||||||
if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
|
if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
|
||||||
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
|
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
|
||||||
}
|
}
|
||||||
@@ -567,10 +565,10 @@ extern "C" OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox,
|
|||||||
return OEMCrypto_SUCCESS;
|
return OEMCrypto_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
extern "C" OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
|
extern "C" OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(
|
||||||
size_t keyBoxLength) {
|
const uint8_t* keybox, size_t keyBoxLength) {
|
||||||
if (!crypto_engine) {
|
if (!crypto_engine) {
|
||||||
LOGE("OEMCrypto_InstallKeybox: OEMCrypto Not Initialized.");
|
LOGE("OEMCrypto_InstallKeyboxOrOEMCert: OEMCrypto Not Initialized.");
|
||||||
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||||
}
|
}
|
||||||
if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
|
if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
|
||||||
@@ -595,23 +593,34 @@ extern "C" OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t* buffer,
|
|||||||
return OEMCrypto_SUCCESS;
|
return OEMCrypto_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
extern "C" OEMCryptoResult OEMCrypto_IsKeyboxValid(void) {
|
extern "C" OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(void) {
|
||||||
if (!crypto_engine) {
|
if (!crypto_engine) {
|
||||||
LOGE("OEMCrypto_IsKeyboxValid: OEMCrypto Not Initialized.");
|
LOGE("OEMCrypto_IsKeyboxOrOEMCertValid: OEMCrypto Not Initialized.");
|
||||||
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||||
}
|
}
|
||||||
if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
|
switch (crypto_engine->config_provisioning_method()) {
|
||||||
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
|
case OEMCrypto_DrmCertificate:
|
||||||
}
|
|
||||||
switch (crypto_engine->ValidateKeybox()) {
|
|
||||||
case NO_ERROR:
|
|
||||||
return OEMCrypto_SUCCESS;
|
return OEMCrypto_SUCCESS;
|
||||||
case BAD_CRC:
|
case OEMCrypto_Keybox:
|
||||||
return OEMCrypto_ERROR_BAD_CRC;
|
switch (crypto_engine->ValidateKeybox()) {
|
||||||
case BAD_MAGIC:
|
case NO_ERROR:
|
||||||
return OEMCrypto_ERROR_BAD_MAGIC;
|
return OEMCrypto_SUCCESS;
|
||||||
|
case BAD_CRC:
|
||||||
|
return OEMCrypto_ERROR_BAD_CRC;
|
||||||
|
case BAD_MAGIC:
|
||||||
|
return OEMCrypto_ERROR_BAD_MAGIC;
|
||||||
|
default:
|
||||||
|
case OTHER_ERROR:
|
||||||
|
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case OEMCrypto_OEMCertificate:
|
||||||
|
// TODO(fredgc): verify that the certificate exists and is valid.
|
||||||
|
return OEMCrypto_SUCCESS;
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
case OTHER_ERROR:
|
LOGE("Invalid provisioning method: %d.",
|
||||||
|
crypto_engine->config_provisioning_method());
|
||||||
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -143,6 +143,7 @@ std::string DeviceFeatures::RestrictFilter(const std::string& initial_filter) {
|
|||||||
if (api_version < 12) FilterOut(&filter, "*API12*");
|
if (api_version < 12) FilterOut(&filter, "*API12*");
|
||||||
if (api_version < 13) FilterOut(&filter, "*API13*");
|
if (api_version < 13) FilterOut(&filter, "*API13*");
|
||||||
if (api_version < 14) FilterOut(&filter, "*API14*");
|
if (api_version < 14) FilterOut(&filter, "*API14*");
|
||||||
|
if (api_version < 15) FilterOut(&filter, "*API15*");
|
||||||
// Some tests may require root access. If user is not root, filter these tests
|
// Some tests may require root access. If user is not root, filter these tests
|
||||||
// out.
|
// out.
|
||||||
if (getuid()) {
|
if (getuid()) {
|
||||||
|
|||||||
@@ -538,6 +538,11 @@ TEST_F(OEMCryptoProv30Test, DeviceClaimsOEMCertificate) {
|
|||||||
ASSERT_EQ(OEMCrypto_OEMCertificate, OEMCrypto_GetProvisioningMethod());
|
ASSERT_EQ(OEMCrypto_OEMCertificate, OEMCrypto_GetProvisioningMethod());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// The OEM certificate must be valid.
|
||||||
|
TEST_F(OEMCryptoProv30Test, CertValidAPI15) {
|
||||||
|
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_IsKeyboxOrOEMCertValid());
|
||||||
|
}
|
||||||
|
|
||||||
TEST_F(OEMCryptoProv30Test, OEMCertValid) {
|
TEST_F(OEMCryptoProv30Test, OEMCertValid) {
|
||||||
Session s;
|
Session s;
|
||||||
ASSERT_NO_FATAL_FAILURE(s.open());
|
ASSERT_NO_FATAL_FAILURE(s.open());
|
||||||
|
|||||||
Reference in New Issue
Block a user