widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use InstallRootKeyCertificate for keybox and cert

Browse Source 
Merge from Widevine repo of http://go/wvgerrit/55461

This CL allows provisioning 3.0 devices to install their OEM certs
from an initialization partition.  This method is already used for
keyboxes on Android -- we are just adding the ability to use it for
OEM certs, also.

Also, for v15, we require OEMCrypto to report a valid certificate in
the unit tests.

bug: 111725154
test: unit tests
Change-Id: I142c84a1a67bdb4cee943cfd12a632421901eb24
This commit is contained in:
Fred Gylys-Colwell
2018-09-02 13:22:53 -07:00
parent 3a2d291dc5
commit 562c14b5f1
6 changed files with 298 additions and 278 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libwvdrmengine/cdm/core/include/oemcrypto_adapter.h
View File

@@ -20,7 +20,7 @@ OEMCryptoResult OEMCrypto_CopyBuffer(
OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
size_t keyBoxLength,
SecurityLevel level);
OEMCryptoResult OEMCrypto_IsKeyboxValid(SecurityLevel level);
OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(SecurityLevel level);
OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID, size_t* idLength,
SecurityLevel level);
OEMCryptoResult OEMCrypto_GetKeyData(uint8_t* keyData, size_t* keyDataLength,

339
libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
View File

@@ -131,12 +131,12 @@ typedef OEMCryptoResult (*L1_WrapKeybox_t)(const uint8_t* keybox,
size_t* wrappedKeyBoxLength,
const uint8_t* transportKey,
size_t transportKeyLength);
typedef OEMCryptoResult (*L1_InstallKeybox_t)(const uint8_t* keybox,
typedef OEMCryptoResult (*L1_InstallKeyboxOrOEMCert_t)(const uint8_t* keybox,
size_t keyBoxLength);
typedef OEMCryptoResult (*L1_LoadTestKeybox_t)(const uint8_t *buffer,
size_t length);
typedef OEMCryptoResult (*L1_LoadTestKeybox_V13_t)();
typedef OEMCryptoResult (*L1_IsKeyboxValid_t)();
typedef OEMCryptoResult (*L1_IsKeyboxOrOEMCertValid_t)();
typedef OEMCryptoResult (*L1_GetDeviceID_t)(uint8_t* deviceID,
size_t* idLength);
typedef OEMCryptoResult (*L1_GetKeyData_t)(uint8_t* keyData,
@@ -282,9 +282,9 @@ struct FunctionPointers {
L1_DecryptCENC_t DecryptCENC;
L1_CopyBuffer_t CopyBuffer;
L1_WrapKeybox_t WrapKeybox;
L1_InstallKeybox_t InstallKeybox;
L1_InstallKeyboxOrOEMCert_t InstallKeyboxOrOEMCert;
L1_LoadTestKeybox_t LoadTestKeybox;
L1_IsKeyboxValid_t IsKeyboxValid;
L1_IsKeyboxOrOEMCertValid_t IsKeyboxOrOEMCertValid;
L1_GetDeviceID_t GetDeviceID;
L1_GetKeyData_t GetKeyData;
L1_GetRandom_t GetRandom;
@@ -637,107 +637,94 @@ class Adapter {
}
// clang-format off
LOOKUP_ALL( 8, CloseSession, OEMCrypto_CloseSession);
LOOKUP_ALL(10, CopyBuffer, OEMCrypto_CopyBuffer);
LOOKUP_ALL(13, CopyOldUsageEntry, OEMCrypto_CopyOldUsageEntry);
LOOKUP_ALL(13, CreateNewUsageEntry, OEMCrypto_CreateNewUsageEntry);
LOOKUP_ALL(13, CreateOldUsageEntry, OEMCrypto_CreateOldUsageEntry);
LOOKUP_ALL(13, CreateUsageTableHeader, OEMCrypto_CreateUsageTableHeader);
LOOKUP( 9, 12, DeactivateUsageEntry_V12, OEMCrypto_DeactivateUsageEntry_V12);
LOOKUP_ALL(13, DeactivateUsageEntry, OEMCrypto_DeactivateUsageEntry);
LOOKUP( 8, 10, DecryptCTR_V10, OEMCrypto_DecryptCTR_V10);
LOOKUP_ALL(11, DecryptCENC, OEMCrypto_DecryptCENC);
LOOKUP_ALL( 9, DeleteOldUsageTable, OEMCrypto_DeleteOldUsageTable);
LOOKUP( 9, 12, DeleteUsageEntry, OEMCrypto_DeleteUsageEntry);
LOOKUP_ALL( 8, DeriveKeysFromSessionKey, OEMCrypto_DeriveKeysFromSessionKey);
LOOKUP(10, 12, ForceDeleteUsageEntry, OEMCrypto_ForceDeleteUsageEntry);
LOOKUP_ALL( 8, GenerateDerivedKeys, OEMCrypto_GenerateDerivedKeys);
LOOKUP_ALL( 8, GenerateNonce, OEMCrypto_GenerateNonce);
LOOKUP( 8, 8, GenerateRSASignature_V8, OEMCrypto_GenerateRSASignature_V8);
LOOKUP_ALL( 9, GenerateRSASignature, OEMCrypto_GenerateRSASignature);
LOOKUP_ALL( 8, GenerateSignature, OEMCrypto_GenerateSignature);
LOOKUP_ALL( 8, Generic_Decrypt, OEMCrypto_Generic_Decrypt);
LOOKUP_ALL( 8, Generic_Encrypt, OEMCrypto_Generic_Encrypt);
LOOKUP_ALL( 8, Generic_Sign, OEMCrypto_Generic_Sign);
LOOKUP_ALL( 8, Generic_Verify, OEMCrypto_Generic_Verify);
LOOKUP_ALL(13, GetCurrentSRMVersion, OEMCrypto_GetCurrentSRMVersion);
LOOKUP_ALL( 8, GetDeviceID, OEMCrypto_GetDeviceID);
LOOKUP( 9, 9, GetHDCPCapability_V9, OEMCrypto_GetHDCPCapability_V9);
LOOKUP_ALL(10, GetHDCPCapability, OEMCrypto_GetHDCPCapability);
LOOKUP_ALL(14, GetAnalogOutputFlags, OEMCrypto_GetAnalogOutputFlags);
LOOKUP_ALL( 8, GetKeyData, OEMCrypto_GetKeyData);
LOOKUP_ALL(10, GetMaxNumberOfSessions, OEMCrypto_GetMaxNumberOfSessions);
LOOKUP_ALL(10, GetNumberOfOpenSessions, OEMCrypto_GetNumberOfOpenSessions);
LOOKUP_ALL(12, GetOEMPublicCertificate, OEMCrypto_GetOEMPublicCertificate);
LOOKUP_ALL(12, GetProvisioningMethod, OEMCrypto_GetProvisioningMethod);
LOOKUP_ALL( 8, GetRandom, OEMCrypto_GetRandom);
LOOKUP_ALL( 8, InstallKeybox, OEMCrypto_InstallKeybox);
LOOKUP_ALL(10, IsAntiRollbackHwPresent, OEMCrypto_IsAntiRollbackHwPresent);
LOOKUP_ALL( 8, IsKeyboxValid, OEMCrypto_IsKeyboxValid);
LOOKUP_ALL(13, IsSRMUpdateSupported, OEMCrypto_IsSRMUpdateSupported);
LOOKUP_ALL( 8, LoadDeviceRSAKey, OEMCrypto_LoadDeviceRSAKey);
LOOKUP( 8, 8, LoadKeys_V8, OEMCrypto_LoadKeys_V8);
LOOKUP( 9, 10, LoadKeys_V9_or_V10, OEMCrypto_LoadKeys_V9_or_V10);
LOOKUP(11, 12, LoadKeys_V11_or_V12, OEMCrypto_LoadKeys_V11_or_V12);
LOOKUP(13, 13, LoadKeys_V13, OEMCrypto_LoadKeys_V13);
LOOKUP_ALL(14, LoadKeys, OEMCrypto_LoadKeys);
LOOKUP_ALL(14, LoadEntitledContentKeys, OEMCrypto_LoadEntitledContentKeys);
LOOKUP_ALL(13, LoadSRM, OEMCrypto_LoadSRM);
LOOKUP(10, 13, LoadTestKeybox_V13, OEMCrypto_LoadTestKeybox_V13);
LOOKUP_ALL(14, LoadTestKeybox, OEMCrypto_LoadTestKeybox);
LOOKUP_ALL(10, LoadTestRSAKey, OEMCrypto_LoadTestRSAKey);
LOOKUP_ALL(13, LoadUsageEntry, OEMCrypto_LoadUsageEntry);
LOOKUP_ALL(13, LoadUsageTableHeader, OEMCrypto_LoadUsageTableHeader);
LOOKUP_ALL(13, MoveEntry, OEMCrypto_MoveEntry);
LOOKUP_ALL( 8, OpenSession, OEMCrypto_OpenSession);
LOOKUP_ALL(10, QueryKeyControl, OEMCrypto_QueryKeyControl);
LOOKUP_ALL( 8, RefreshKeys, OEMCrypto_RefreshKeys);
LOOKUP_ALL(13, RemoveSRM, OEMCrypto_RemoveSRM);
LOOKUP_ALL( 9, ReportUsage, OEMCrypto_ReportUsage);
LOOKUP_ALL( 8, RewrapDeviceRSAKey, OEMCrypto_RewrapDeviceRSAKey);
LOOKUP_ALL(12, RewrapDeviceRSAKey30, OEMCrypto_RewrapDeviceRSAKey30);
LOOKUP_ALL( 8, SecurityLevel, OEMCrypto_SecurityLevel);
LOOKUP_ALL(11, SecurityPatchLevel, OEMCrypto_Security_Patch_Level);
LOOKUP( 8, 13, SelectKey_V13, OEMCrypto_SelectKey_V13);
LOOKUP_ALL(14, SelectKey, OEMCrypto_SelectKey);
LOOKUP_ALL(13, ShrinkUsageTableHeader, OEMCrypto_ShrinkUsageTableHeader);
LOOKUP_ALL(13, SupportedCertificates, OEMCrypto_SupportedCertificates);
LOOKUP_ALL( 9, SupportsUsageTable, OEMCrypto_SupportsUsageTable);
LOOKUP_ALL(13, UpdateUsageEntry, OEMCrypto_UpdateUsageEntry);
LOOKUP( 9, 12, UpdateUsageTable, OEMCrypto_UpdateUsageTable);
LOOKUP_ALL( 8, WrapKeybox, OEMCrypto_WrapKeybox);
LOOKUP_ALL( 8, CloseSession, OEMCrypto_CloseSession);
LOOKUP_ALL(10, CopyBuffer, OEMCrypto_CopyBuffer);
LOOKUP_ALL(13, CopyOldUsageEntry, OEMCrypto_CopyOldUsageEntry);
LOOKUP_ALL(13, CreateNewUsageEntry, OEMCrypto_CreateNewUsageEntry);
LOOKUP_ALL(13, CreateOldUsageEntry, OEMCrypto_CreateOldUsageEntry);
LOOKUP_ALL(13, CreateUsageTableHeader, OEMCrypto_CreateUsageTableHeader);
LOOKUP( 9, 12, DeactivateUsageEntry_V12, OEMCrypto_DeactivateUsageEntry_V12);
LOOKUP_ALL(13, DeactivateUsageEntry, OEMCrypto_DeactivateUsageEntry);
LOOKUP( 8, 10, DecryptCTR_V10, OEMCrypto_DecryptCTR_V10);
LOOKUP_ALL(11, DecryptCENC, OEMCrypto_DecryptCENC);
LOOKUP_ALL( 9, DeleteOldUsageTable, OEMCrypto_DeleteOldUsageTable);
LOOKUP( 9, 12, DeleteUsageEntry, OEMCrypto_DeleteUsageEntry);
LOOKUP_ALL( 8, DeriveKeysFromSessionKey, OEMCrypto_DeriveKeysFromSessionKey);
LOOKUP(10, 12, ForceDeleteUsageEntry, OEMCrypto_ForceDeleteUsageEntry);
LOOKUP_ALL( 8, GenerateDerivedKeys, OEMCrypto_GenerateDerivedKeys);
LOOKUP_ALL( 8, GenerateNonce, OEMCrypto_GenerateNonce);
LOOKUP( 8, 8, GenerateRSASignature_V8, OEMCrypto_GenerateRSASignature_V8);
LOOKUP_ALL( 9, GenerateRSASignature, OEMCrypto_GenerateRSASignature);
LOOKUP_ALL( 8, GenerateSignature, OEMCrypto_GenerateSignature);
LOOKUP_ALL( 8, Generic_Decrypt, OEMCrypto_Generic_Decrypt);
LOOKUP_ALL( 8, Generic_Encrypt, OEMCrypto_Generic_Encrypt);
LOOKUP_ALL( 8, Generic_Sign, OEMCrypto_Generic_Sign);
LOOKUP_ALL( 8, Generic_Verify, OEMCrypto_Generic_Verify);
LOOKUP_ALL(13, GetCurrentSRMVersion, OEMCrypto_GetCurrentSRMVersion);
LOOKUP_ALL( 8, GetDeviceID, OEMCrypto_GetDeviceID);
LOOKUP( 9, 9, GetHDCPCapability_V9, OEMCrypto_GetHDCPCapability_V9);
LOOKUP_ALL(10, GetHDCPCapability, OEMCrypto_GetHDCPCapability);
LOOKUP_ALL(14, GetAnalogOutputFlags, OEMCrypto_GetAnalogOutputFlags);
LOOKUP_ALL( 8, GetKeyData, OEMCrypto_GetKeyData);
LOOKUP_ALL(10, GetMaxNumberOfSessions, OEMCrypto_GetMaxNumberOfSessions);
LOOKUP_ALL(10, GetNumberOfOpenSessions, OEMCrypto_GetNumberOfOpenSessions);
LOOKUP_ALL(12, GetOEMPublicCertificate, OEMCrypto_GetOEMPublicCertificate);
LOOKUP_ALL(12, GetProvisioningMethod, OEMCrypto_GetProvisioningMethod);
LOOKUP_ALL( 8, GetRandom, OEMCrypto_GetRandom);
LOOKUP_ALL( 8, InstallKeyboxOrOEMCert, OEMCrypto_InstallKeyboxOrOEMCert);
LOOKUP_ALL(10, IsAntiRollbackHwPresent, OEMCrypto_IsAntiRollbackHwPresent);
LOOKUP_ALL( 8, IsKeyboxOrOEMCertValid, OEMCrypto_IsKeyboxOrOEMCertValid);
LOOKUP_ALL(13, IsSRMUpdateSupported, OEMCrypto_IsSRMUpdateSupported);
LOOKUP_ALL( 8, LoadDeviceRSAKey, OEMCrypto_LoadDeviceRSAKey);
LOOKUP( 8, 8, LoadKeys_V8, OEMCrypto_LoadKeys_V8);
LOOKUP( 9, 10, LoadKeys_V9_or_V10, OEMCrypto_LoadKeys_V9_or_V10);
LOOKUP(11, 12, LoadKeys_V11_or_V12, OEMCrypto_LoadKeys_V11_or_V12);
LOOKUP(13, 13, LoadKeys_V13, OEMCrypto_LoadKeys_V13);
LOOKUP_ALL(14, LoadKeys, OEMCrypto_LoadKeys);
LOOKUP_ALL(14, LoadEntitledContentKeys, OEMCrypto_LoadEntitledContentKeys);
LOOKUP_ALL(13, LoadSRM, OEMCrypto_LoadSRM);
LOOKUP(10, 13, LoadTestKeybox_V13, OEMCrypto_LoadTestKeybox_V13);
LOOKUP_ALL(14, LoadTestKeybox, OEMCrypto_LoadTestKeybox);
LOOKUP_ALL(10, LoadTestRSAKey, OEMCrypto_LoadTestRSAKey);
LOOKUP_ALL(13, LoadUsageEntry, OEMCrypto_LoadUsageEntry);
LOOKUP_ALL(13, LoadUsageTableHeader, OEMCrypto_LoadUsageTableHeader);
LOOKUP_ALL(13, MoveEntry, OEMCrypto_MoveEntry);
LOOKUP_ALL( 8, OpenSession, OEMCrypto_OpenSession);
LOOKUP_ALL(10, QueryKeyControl, OEMCrypto_QueryKeyControl);
LOOKUP_ALL( 8, RefreshKeys, OEMCrypto_RefreshKeys);
LOOKUP_ALL(13, RemoveSRM, OEMCrypto_RemoveSRM);
LOOKUP_ALL( 9, ReportUsage, OEMCrypto_ReportUsage);
LOOKUP_ALL( 8, RewrapDeviceRSAKey, OEMCrypto_RewrapDeviceRSAKey);
LOOKUP_ALL(12, RewrapDeviceRSAKey30, OEMCrypto_RewrapDeviceRSAKey30);
LOOKUP_ALL( 8, SecurityLevel, OEMCrypto_SecurityLevel);
LOOKUP_ALL(11, SecurityPatchLevel, OEMCrypto_Security_Patch_Level);
LOOKUP( 8, 13, SelectKey_V13, OEMCrypto_SelectKey_V13);
LOOKUP_ALL(14, SelectKey, OEMCrypto_SelectKey);
LOOKUP_ALL(13, ShrinkUsageTableHeader, OEMCrypto_ShrinkUsageTableHeader);
LOOKUP_ALL(13, SupportedCertificates, OEMCrypto_SupportedCertificates);
LOOKUP_ALL( 9, SupportsUsageTable, OEMCrypto_SupportsUsageTable);
LOOKUP_ALL(13, UpdateUsageEntry, OEMCrypto_UpdateUsageEntry);
LOOKUP( 9, 12, UpdateUsageTable, OEMCrypto_UpdateUsageTable);
LOOKUP_ALL( 8, WrapKeybox, OEMCrypto_WrapKeybox);
// clang-format on
// If we have a valid keybox, initialization is done. We're good.
if (OEMCrypto_SUCCESS == level1_.IsKeyboxValid()) {
// If the keybox or oem certificate is valid, we are done.
OEMCryptoResult root_valid = level1_.IsKeyboxOrOEMCertValid();
OEMCrypto_ProvisioningMethod provisioning_method =
level1_.GetProvisioningMethod();
if (root_valid == OEMCrypto_SUCCESS) {
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_WITH_KEYBOX);
return true;
}
// If we use provisioning 3.0, initialization is done. We may not
// be good, but there's no reason to try loading a keybox. Any errors
// will have to be caught in the future when provisioning fails.
if (level1_.version > 11 &&
(level1_.GetProvisioningMethod() == OEMCrypto_OEMCertificate)) {
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_WITH_PROVISIONING_3_0);
return true;
}
uint8_t buffer[1];
size_t buffer_size = 0;
if (OEMCrypto_ERROR_NOT_IMPLEMENTED == level1_.GetKeyData(buffer,
&buffer_size)){
// If GetKeyData is not implemented, then the device should only use a
// baked in certificate as identification. We will assume that a device
// with a bad keybox returns a different error code.
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_WITH_CERTIFICATE);
(provisioning_method == OEMCrypto_Keybox)
? wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_WITH_KEYBOX
: wvcdm::metrics::
OEMCrypto_INITIALIZED_USING_L1_WITH_PROVISIONING_3_0);
return true;
}
wvcdm::FileSystem file_system;
std::string filename;
if (!wvcdm::Properties::GetFactoryKeyboxPath(&filename)) {
LOGW("Bad Level 1 Keybox. Falling Back to L3.");
LOGW("Bad Level 1 Root of Trust. Falling Back to L3.");
level1_.Terminate();
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L3_BAD_KEYBOX);
@@ -761,11 +748,12 @@ class Adapter {
OEMCrypto_INITIALIZED_USING_L3_COULD_NOT_OPEN_FACTORY_KEYBOX);
return false;
}
std::vector<uint8_t> keybox(size);
ssize_t size_read = file->Read(reinterpret_cast<char*>(&keybox[0]), size);
std::vector<uint8_t> root_key(size);
ssize_t size_read = file->Read(reinterpret_cast<char*>(&root_key[0]), size);
file->Close();
if (level1_.InstallKeybox(&keybox[0], size_read) != OEMCrypto_SUCCESS) {
LOGE("Could NOT install keybox from %s. Falling Back to L3.",
if (level1_.InstallKeyboxOrOEMCert(&root_key[0], size_read) !=
OEMCrypto_SUCCESS) {
LOGE("Could NOT install root key from %s. Falling Back to L3.",
filename.c_str());
level1_.Terminate();
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
@@ -773,7 +761,16 @@ class Adapter {
OEMCrypto_INITIALIZED_USING_L3_COULD_NOT_INSTALL_KEYBOX);
return false;
}
LOGI("Installed keybox from %s", filename.c_str());
if (level1_.IsKeyboxOrOEMCertValid() != OEMCrypto_SUCCESS) {
LOGE("Installed bad key from %s. Falling Back to L3.",
filename.c_str());
level1_.Terminate();
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
wvcdm::metrics::
OEMCrypto_INITIALIZED_USING_L3_COULD_NOT_INSTALL_KEYBOX);
return false;
}
LOGI("Installed root key from %s", filename.c_str());
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_INSTALLED_KEYBOX);
return true;
@@ -781,64 +778,64 @@ class Adapter {
void LoadLevel3() {
// clang-format off
level3_.Terminate = Level3_Terminate;
level3_.OpenSession = Level3_OpenSession;
level3_.CloseSession = Level3_CloseSession;
level3_.GenerateDerivedKeys = Level3_GenerateDerivedKeys;
level3_.GenerateNonce = Level3_GenerateNonce;
level3_.GenerateSignature = Level3_GenerateSignature;
level3_.LoadKeys = Level3_LoadKeys;
level3_.LoadEntitledContentKeys = Level3_LoadEntitledContentKeys;
level3_.RefreshKeys = Level3_RefreshKeys;
level3_.QueryKeyControl = Level3_QueryKeyControl;
level3_.SelectKey = Level3_SelectKey;
level3_.DecryptCENC = Level3_DecryptCENC;
level3_.CopyBuffer = Level3_CopyBuffer;
level3_.WrapKeybox = Level3_WrapKeybox;
level3_.InstallKeybox = Level3_InstallKeybox;
level3_.LoadTestKeybox = Level3_LoadTestKeybox;
level3_.IsKeyboxValid = Level3_IsKeyboxValid;
level3_.GetDeviceID = Level3_GetDeviceID;
level3_.GetKeyData = Level3_GetKeyData;
level3_.GetRandom = Level3_GetRandom;
level3_.RewrapDeviceRSAKey = Level3_RewrapDeviceRSAKey;
level3_.LoadDeviceRSAKey = Level3_LoadDeviceRSAKey;
level3_.LoadTestRSAKey = Level3_LoadTestRSAKey;
level3_.GenerateRSASignature = Level3_GenerateRSASignature;
level3_.DeriveKeysFromSessionKey = Level3_DeriveKeysFromSessionKey;
level3_.APIVersion = Level3_APIVersion;
level3_.SecurityPatchLevel = Level3_SecurityPatchLevel;
level3_.SecurityLevel = Level3_SecurityLevel;
level3_.GetHDCPCapability = Level3_GetHDCPCapability;
level3_.GetAnalogOutputFlags = Level3_GetAnalogOutputFlags;
level3_.SupportsUsageTable = Level3_SupportsUsageTable;
level3_.IsAntiRollbackHwPresent = Level3_IsAntiRollbackHwPresent;
level3_.GetNumberOfOpenSessions = Level3_GetNumberOfOpenSessions;
level3_.GetMaxNumberOfSessions = Level3_GetMaxNumberOfSessions;
level3_.Generic_Decrypt = Level3_Generic_Decrypt;
level3_.Generic_Encrypt = Level3_Generic_Encrypt;
level3_.Generic_Sign = Level3_Generic_Sign;
level3_.Generic_Verify = Level3_Generic_Verify;
level3_.DeactivateUsageEntry = Level3_DeactivateUsageEntry;
level3_.ReportUsage = Level3_ReportUsage;
level3_.DeleteOldUsageTable = Level3_DeleteOldUsageTable;
level3_.GetProvisioningMethod = Level3_GetProvisioningMethod;
level3_.GetOEMPublicCertificate = Level3_GetOEMPublicCertificate;
level3_.RewrapDeviceRSAKey30 = Level3_RewrapDeviceRSAKey30;
level3_.SupportedCertificates = Level3_SupportedCertificates;
level3_.IsSRMUpdateSupported = Level3_IsSRMUpdateSupported;
level3_.GetCurrentSRMVersion = Level3_GetCurrentSRMVersion;
level3_.LoadSRM = Level3_LoadSRM;
level3_.RemoveSRM = Level3_RemoveSRM;
level3_.CreateUsageTableHeader = Level3_CreateUsageTableHeader;
level3_.LoadUsageTableHeader = Level3_LoadUsageTableHeader;
level3_.CreateNewUsageEntry = Level3_CreateNewUsageEntry;
level3_.LoadUsageEntry = Level3_LoadUsageEntry;
level3_.UpdateUsageEntry = Level3_UpdateUsageEntry;
level3_.ShrinkUsageTableHeader = Level3_ShrinkUsageTableHeader;
level3_.MoveEntry = Level3_MoveEntry;
level3_.CopyOldUsageEntry = Level3_CopyOldUsageEntry;
level3_.CreateOldUsageEntry = Level3_CreateOldUsageEntry;
level3_.Terminate = Level3_Terminate;
level3_.OpenSession = Level3_OpenSession;
level3_.CloseSession = Level3_CloseSession;
level3_.GenerateDerivedKeys = Level3_GenerateDerivedKeys;
level3_.GenerateNonce = Level3_GenerateNonce;
level3_.GenerateSignature = Level3_GenerateSignature;
level3_.LoadKeys = Level3_LoadKeys;
level3_.LoadEntitledContentKeys = Level3_LoadEntitledContentKeys;
level3_.RefreshKeys = Level3_RefreshKeys;
level3_.QueryKeyControl = Level3_QueryKeyControl;
level3_.SelectKey = Level3_SelectKey;
level3_.DecryptCENC = Level3_DecryptCENC;
level3_.CopyBuffer = Level3_CopyBuffer;
level3_.WrapKeybox = Level3_WrapKeybox;
level3_.InstallKeyboxOrOEMCert = Level3_InstallKeybox;
level3_.LoadTestKeybox = Level3_LoadTestKeybox;
level3_.IsKeyboxOrOEMCertValid = Level3_IsKeyboxValid;
level3_.GetDeviceID = Level3_GetDeviceID;
level3_.GetKeyData = Level3_GetKeyData;
level3_.GetRandom = Level3_GetRandom;
level3_.RewrapDeviceRSAKey = Level3_RewrapDeviceRSAKey;
level3_.LoadDeviceRSAKey = Level3_LoadDeviceRSAKey;
level3_.LoadTestRSAKey = Level3_LoadTestRSAKey;
level3_.GenerateRSASignature = Level3_GenerateRSASignature;
level3_.DeriveKeysFromSessionKey = Level3_DeriveKeysFromSessionKey;
level3_.APIVersion = Level3_APIVersion;
level3_.SecurityPatchLevel = Level3_SecurityPatchLevel;
level3_.SecurityLevel = Level3_SecurityLevel;
level3_.GetHDCPCapability = Level3_GetHDCPCapability;
level3_.GetAnalogOutputFlags = Level3_GetAnalogOutputFlags;
level3_.SupportsUsageTable = Level3_SupportsUsageTable;
level3_.IsAntiRollbackHwPresent = Level3_IsAntiRollbackHwPresent;
level3_.GetNumberOfOpenSessions = Level3_GetNumberOfOpenSessions;
level3_.GetMaxNumberOfSessions = Level3_GetMaxNumberOfSessions;
level3_.Generic_Decrypt = Level3_Generic_Decrypt;
level3_.Generic_Encrypt = Level3_Generic_Encrypt;
level3_.Generic_Sign = Level3_Generic_Sign;
level3_.Generic_Verify = Level3_Generic_Verify;
level3_.DeactivateUsageEntry = Level3_DeactivateUsageEntry;
level3_.ReportUsage = Level3_ReportUsage;
level3_.DeleteOldUsageTable = Level3_DeleteOldUsageTable;
level3_.GetProvisioningMethod = Level3_GetProvisioningMethod;
level3_.GetOEMPublicCertificate = Level3_GetOEMPublicCertificate;
level3_.RewrapDeviceRSAKey30 = Level3_RewrapDeviceRSAKey30;
level3_.SupportedCertificates = Level3_SupportedCertificates;
level3_.IsSRMUpdateSupported = Level3_IsSRMUpdateSupported;
level3_.GetCurrentSRMVersion = Level3_GetCurrentSRMVersion;
level3_.LoadSRM = Level3_LoadSRM;
level3_.RemoveSRM = Level3_RemoveSRM;
level3_.CreateUsageTableHeader = Level3_CreateUsageTableHeader;
level3_.LoadUsageTableHeader = Level3_LoadUsageTableHeader;
level3_.CreateNewUsageEntry = Level3_CreateNewUsageEntry;
level3_.LoadUsageEntry = Level3_LoadUsageEntry;
level3_.UpdateUsageEntry = Level3_UpdateUsageEntry;
level3_.ShrinkUsageTableHeader = Level3_ShrinkUsageTableHeader;
level3_.MoveEntry = Level3_MoveEntry;
level3_.CopyOldUsageEntry = Level3_CopyOldUsageEntry;
level3_.CreateOldUsageEntry = Level3_CreateOldUsageEntry;
// clang-format on
level3_.version = Level3_APIVersion();
@@ -954,14 +951,15 @@ OEMCryptoResult OEMCrypto_CopyBuffer(
return fcn->CopyBuffer(data_addr, data_length, out_buffer, subsample_flags);
}
OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(const uint8_t* keybox,
size_t keyBoxLength,
SecurityLevel level) {
if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
const FunctionPointers* fcn = kAdapter->get(level);
if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION;
if (fcn->InstallKeybox == NULL) return OEMCrypto_ERROR_NOT_IMPLEMENTED;
return fcn->InstallKeybox(keybox, keyBoxLength);
if (fcn->InstallKeyboxOrOEMCert == NULL)
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
return fcn->InstallKeyboxOrOEMCert(keybox, keyBoxLength);
}
OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod(
@@ -974,12 +972,13 @@ OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod(
return fcn->GetProvisioningMethod();
}
OEMCryptoResult OEMCrypto_IsKeyboxValid(SecurityLevel level) {
OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(SecurityLevel level) {
if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
const FunctionPointers* fcn = kAdapter->get(level);
if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION;
if (fcn->IsKeyboxValid == NULL) return OEMCrypto_ERROR_NOT_IMPLEMENTED;
return fcn->IsKeyboxValid();
if (fcn->IsKeyboxOrOEMCertValid == NULL)
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
return fcn->IsKeyboxOrOEMCertValid();
}
OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID, size_t* idLength,
@@ -1501,9 +1500,9 @@ extern "C" OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox,
wrappedKeyBoxLength, transportKey, transportKeyLength);
}
extern "C" OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
extern "C" OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(const uint8_t* keybox,
size_t keyBoxLength) {
return OEMCrypto_InstallKeybox(keybox, keyBoxLength, kLevelDefault);
return OEMCrypto_InstallKeyboxOrOEMCert(keybox, keyBoxLength, kLevelDefault);
}
extern "C" OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t* buffer,
@@ -1520,8 +1519,8 @@ extern "C" OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t* buffer,
return fcn->LoadTestKeybox(buffer, length);
}
extern "C" OEMCryptoResult OEMCrypto_IsKeyboxValid() {
return OEMCrypto_IsKeyboxValid(kLevelDefault);
extern "C" OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid() {
return OEMCrypto_IsKeyboxOrOEMCertValid(kLevelDefault);
}
extern "C" OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod() {

178
libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
View File

@@ -370,81 +370,87 @@ typedef enum OEMCrypto_ProvisioningMethod {
/*
* Obfuscation Renames.
*/
#define OEMCrypto_Initialize _oecc01
#define OEMCrypto_Terminate _oecc02
#define OEMCrypto_InstallKeybox _oecc03
#define OEMCrypto_InstallRootKeyCertificate _oecc03
#define OEMCrypto_GetKeyData _oecc04
#define OEMCrypto_IsKeyboxValid _oecc05
#define OEMCrypto_IsRootKeyCertificateValid _oecc05
#define OEMCrypto_GetRandom _oecc06
#define OEMCrypto_GetDeviceID _oecc07
#define OEMCrypto_WrapKeybox _oecc08
#define OEMCrypto_WrapRootKeyCertificate _oecc08
#define OEMCrypto_OpenSession _oecc09
#define OEMCrypto_CloseSession _oecc10
#define OEMCrypto_DecryptCTR_V10 _oecc11
#define OEMCrypto_GenerateDerivedKeys _oecc12
#define OEMCrypto_GenerateSignature _oecc13
#define OEMCrypto_GenerateNonce _oecc14
#define OEMCrypto_LoadKeys_V8 _oecc15
#define OEMCrypto_RefreshKeys _oecc16
#define OEMCrypto_SelectKey_V13 _oecc17
#define OEMCrypto_RewrapDeviceRSAKey _oecc18
#define OEMCrypto_LoadDeviceRSAKey _oecc19
#define OEMCrypto_GenerateRSASignature_V8 _oecc20
#define OEMCrypto_DeriveKeysFromSessionKey _oecc21
#define OEMCrypto_APIVersion _oecc22
#define OEMCrypto_SecurityLevel _oecc23
#define OEMCrypto_Generic_Encrypt _oecc24
#define OEMCrypto_Generic_Decrypt _oecc25
#define OEMCrypto_Generic_Sign _oecc26
#define OEMCrypto_Generic_Verify _oecc27
#define OEMCrypto_GetHDCPCapability_V9 _oecc28
#define OEMCrypto_SupportsUsageTable _oecc29
#define OEMCrypto_UpdateUsageTable _oecc30
#define OEMCrypto_DeactivateUsageEntry_V12 _oecc31
#define OEMCrypto_ReportUsage _oecc32
#define OEMCrypto_DeleteUsageEntry _oecc33
#define OEMCrypto_DeleteOldUsageTable _oecc34
#define OEMCrypto_LoadKeys_V9_or_V10 _oecc35
#define OEMCrypto_GenerateRSASignature _oecc36
#define OEMCrypto_GetMaxNumberOfSessions _oecc37
#define OEMCrypto_GetNumberOfOpenSessions _oecc38
#define OEMCrypto_IsAntiRollbackHwPresent _oecc39
#define OEMCrypto_CopyBuffer _oecc40
#define OEMCrypto_QueryKeyControl _oecc41
#define OEMCrypto_LoadTestKeybox_V13 _oecc42
#define OEMCrypto_ForceDeleteUsageEntry _oecc43
#define OEMCrypto_GetHDCPCapability _oecc44
#define OEMCrypto_LoadTestRSAKey _oecc45
#define OEMCrypto_Security_Patch_Level _oecc46
#define OEMCrypto_LoadKeys_V11_or_V12 _oecc47
#define OEMCrypto_DecryptCENC _oecc48
#define OEMCrypto_GetProvisioningMethod _oecc49
#define OEMCrypto_GetOEMPublicCertificate _oecc50
#define OEMCrypto_RewrapDeviceRSAKey30 _oecc51
#define OEMCrypto_SupportedCertificates _oecc52
#define OEMCrypto_IsSRMUpdateSupported _oecc53
#define OEMCrypto_GetCurrentSRMVersion _oecc54
#define OEMCrypto_LoadSRM _oecc55
#define OEMCrypto_LoadKeys_V13 _oecc56
#define OEMCrypto_RemoveSRM _oecc57
#define OEMCrypto_CreateUsageTableHeader _oecc61
#define OEMCrypto_LoadUsageTableHeader _oecc62
#define OEMCrypto_CreateNewUsageEntry _oecc63
#define OEMCrypto_LoadUsageEntry _oecc64
#define OEMCrypto_UpdateUsageEntry _oecc65
#define OEMCrypto_DeactivateUsageEntry _oecc66
#define OEMCrypto_ShrinkUsageTableHeader _oecc67
#define OEMCrypto_MoveEntry _oecc68
#define OEMCrypto_CopyOldUsageEntry _oecc69
#define OEMCrypto_CreateOldUsageEntry _oecc70
#define OEMCrypto_GetAnalogOutputFlags _oecc71
#define OEMCrypto_LoadTestKeybox _oecc78
#define OEMCrypto_LoadEntitledContentKeys _oecc79
#define OEMCrypto_SelectKey _oecc81
#define OEMCrypto_LoadKeys _oecc82
#define OEMCrypto_Initialize _oecc01
#define OEMCrypto_Terminate _oecc02
#define OEMCrypto_InstallKeybox _oecc03
// Rename InstallKeybox to InstallKeyboxOrOEMCert.
#define OEMCrypto_InstallRootKeyCertificate _oecc03
#define OEMCrypto_InstallKeyboxOrOEMCert _oecc03
#define OEMCrypto_GetKeyData _oecc04
#define OEMCrypto_IsKeyboxValid _oecc05
// Rename IsKeyboxValid to IsKeyboxOrOEMCertValid.
#define OEMCrypto_IsRootKeyCertificateValid _oecc05
#define OEMCrypto_IsKeyboxOrOEMCertValid _oecc05
#define OEMCrypto_GetRandom _oecc06
#define OEMCrypto_GetDeviceID _oecc07
#define OEMCrypto_WrapKeybox _oecc08
// Rename WrapKeybox to WrapKeyboxOrOEMCert
#define OEMCrypto_WrapRootKeyCertificate _oecc08
#define OEMCrypto_WrapKeyboxOrOEMCert _oecc08
#define OEMCrypto_OpenSession _oecc09
#define OEMCrypto_CloseSession _oecc10
#define OEMCrypto_DecryptCTR_V10 _oecc11
#define OEMCrypto_GenerateDerivedKeys _oecc12
#define OEMCrypto_GenerateSignature _oecc13
#define OEMCrypto_GenerateNonce _oecc14
#define OEMCrypto_LoadKeys_V8 _oecc15
#define OEMCrypto_RefreshKeys _oecc16
#define OEMCrypto_SelectKey_V13 _oecc17
#define OEMCrypto_RewrapDeviceRSAKey _oecc18
#define OEMCrypto_LoadDeviceRSAKey _oecc19
#define OEMCrypto_GenerateRSASignature_V8 _oecc20
#define OEMCrypto_DeriveKeysFromSessionKey _oecc21
#define OEMCrypto_APIVersion _oecc22
#define OEMCrypto_SecurityLevel _oecc23
#define OEMCrypto_Generic_Encrypt _oecc24
#define OEMCrypto_Generic_Decrypt _oecc25
#define OEMCrypto_Generic_Sign _oecc26
#define OEMCrypto_Generic_Verify _oecc27
#define OEMCrypto_GetHDCPCapability_V9 _oecc28
#define OEMCrypto_SupportsUsageTable _oecc29
#define OEMCrypto_UpdateUsageTable _oecc30
#define OEMCrypto_DeactivateUsageEntry_V12 _oecc31
#define OEMCrypto_ReportUsage _oecc32
#define OEMCrypto_DeleteUsageEntry _oecc33
#define OEMCrypto_DeleteOldUsageTable _oecc34
#define OEMCrypto_LoadKeys_V9_or_V10 _oecc35
#define OEMCrypto_GenerateRSASignature _oecc36
#define OEMCrypto_GetMaxNumberOfSessions _oecc37
#define OEMCrypto_GetNumberOfOpenSessions _oecc38
#define OEMCrypto_IsAntiRollbackHwPresent _oecc39
#define OEMCrypto_CopyBuffer _oecc40
#define OEMCrypto_QueryKeyControl _oecc41
#define OEMCrypto_LoadTestKeybox_V13 _oecc42
#define OEMCrypto_ForceDeleteUsageEntry _oecc43
#define OEMCrypto_GetHDCPCapability _oecc44
#define OEMCrypto_LoadTestRSAKey _oecc45
#define OEMCrypto_Security_Patch_Level _oecc46
#define OEMCrypto_LoadKeys_V11_or_V12 _oecc47
#define OEMCrypto_DecryptCENC _oecc48
#define OEMCrypto_GetProvisioningMethod _oecc49
#define OEMCrypto_GetOEMPublicCertificate _oecc50
#define OEMCrypto_RewrapDeviceRSAKey30 _oecc51
#define OEMCrypto_SupportedCertificates _oecc52
#define OEMCrypto_IsSRMUpdateSupported _oecc53
#define OEMCrypto_GetCurrentSRMVersion _oecc54
#define OEMCrypto_LoadSRM _oecc55
#define OEMCrypto_LoadKeys_V13 _oecc56
#define OEMCrypto_RemoveSRM _oecc57
#define OEMCrypto_CreateUsageTableHeader _oecc61
#define OEMCrypto_LoadUsageTableHeader _oecc62
#define OEMCrypto_CreateNewUsageEntry _oecc63
#define OEMCrypto_LoadUsageEntry _oecc64
#define OEMCrypto_UpdateUsageEntry _oecc65
#define OEMCrypto_DeactivateUsageEntry _oecc66
#define OEMCrypto_ShrinkUsageTableHeader _oecc67
#define OEMCrypto_MoveEntry _oecc68
#define OEMCrypto_CopyOldUsageEntry _oecc69
#define OEMCrypto_CreateOldUsageEntry _oecc70
#define OEMCrypto_GetAnalogOutputFlags _oecc71
#define OEMCrypto_LoadTestKeybox _oecc78
#define OEMCrypto_LoadEntitledContentKeys _oecc79
#define OEMCrypto_SelectKey _oecc81
#define OEMCrypto_LoadKeys _oecc82
/*
* OEMCrypto_Initialize
@@ -1498,7 +1504,7 @@ OEMCryptoResult OEMCrypto_CopyBuffer(const uint8_t* data_addr,
uint8_t subsample_flags);
/*
* OEMCrypto_WrapRootKeyCertificate
* OEMCrypto_WrapKeyboxOrOEMCert
*
* Description:
*
@@ -1507,13 +1513,13 @@ OEMCryptoResult OEMCrypto_CopyBuffer(const uint8_t* data_addr,
* manufacturing, the root of trust should be encrypted with the OEM root key
* and stored on the file system in a region that will not be erased during
* factory reset. This function may be used by legacy systems that use the
* two-step WrapRootKeyCertificate/InstallRootKeyCertificate approach. When
* two-step WrapKeyboxOrOEMCert/InstallKeyboxOrOEMCert approach. When
* the Widevine DRM plugin initializes, it will look for a wrapped root of
* trust in the file /factory/wv.keys and install it into the security
* processor by calling OEMCrypto_InstallRootKeyCertificate().
* processor by calling OEMCrypto_InstallKeyboxOrOEMCert().
*
* OEMCrypto_WrapRootKeyCertificate() is used to generate an OEM-encrypted
* root of trust that may be passed to OEMCrypto_InstallRootKeyCertificate()
* OEMCrypto_WrapKeyboxOrOEMCert() is used to generate an OEM-encrypted
* root of trust that may be passed to OEMCrypto_InstallKeyboxOrOEMCert()
* for provisioning. The root of trust may be either passed in the clear or
* previously encrypted with a transport key. If a transport key is supplied,
* the keybox is first decrypted with the transport key before being wrapped
@@ -1548,14 +1554,14 @@ OEMCryptoResult OEMCrypto_CopyBuffer(const uint8_t* data_addr,
* Version:
* This method is supported by all API versions.
*/
OEMCryptoResult OEMCrypto_WrapRootKeyCertificate(const uint8_t* rot, size_t rotLength,
OEMCryptoResult OEMCrypto_WrapKeyboxOrOEMCert(const uint8_t* rot, size_t rotLength,
uint8_t* wrappedRot,
size_t* wrappedRotLength,
const uint8_t* transportKey,
size_t transportKeyLength);
/*
* OEMCrypto_InstallRootKeyCertificate
* OEMCrypto_InstallKeyboxOrOEMCert
*
* Description:
*
@@ -1564,7 +1570,7 @@ OEMCryptoResult OEMCrypto_WrapRootKeyCertificate(const uint8_t* rot, size_t rotL
* function is called from the Widevine DRM plugin at initialization time if
* there is no valid root of trust installed. It looks for wrapped data in
* the file /factory/wv.keys and if it is present, will read the file and call
* OEMCrypto_InstallRootKeyCertificate() with the contents of the file. This
* OEMCrypto_InstallKeyboxOrOEMCert() with the contents of the file. This
* function is only needed if the factory provisioning method involves saving
* the keybox to the file system.
*
@@ -1585,7 +1591,7 @@ OEMCryptoResult OEMCrypto_WrapRootKeyCertificate(const uint8_t* rot, size_t rotL
* Version:
* This method is supported in all API versions.
*/
OEMCryptoResult OEMCrypto_InstallRootKeyCertificate(const uint8_t* rot,
OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(const uint8_t* rot,
size_t rotLength);
/*
@@ -1681,7 +1687,7 @@ OEMCryptoResult OEMCrypto_GetOEMPublicCertificate(OEMCrypto_SESSION session,
OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t *buffer, size_t length);
/*
* OEMCrypto_IsRootKeyCertificateValid
* OEMCrypto_IsKeyboxOrOEMCertValid
*
* Description:
*
@@ -1713,7 +1719,7 @@ OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t *buffer, size_t length);
* Version:
* This method is supported by all API versions.
*/
OEMCryptoResult OEMCrypto_IsRootKeyCertificateValid(void);
OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(void);
/*
* OEMCrypto_GetDeviceID

51
libwvdrmengine/oemcrypto/ref/src/oemcrypto_ref.cpp
View File

@@ -548,12 +548,10 @@ extern "C" OEMCryptoResult OEMCrypto_CopyBuffer(
return crypto_engine->PushDestination(out_buffer, subsample_flags);
}
extern "C" OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox,
size_t keyBoxLength,
uint8_t* wrappedKeybox,
size_t* wrappedKeyBoxLength,
const uint8_t* transportKey,
size_t transportKeyLength) {
extern "C" OEMCryptoResult OEMCrypto_WrapKeyboxOrOEMCert(
const uint8_t* keybox, size_t keyBoxLength, uint8_t* wrappedKeybox,
size_t* wrappedKeyBoxLength, const uint8_t* transportKey,
size_t transportKeyLength) {
if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
@@ -567,10 +565,10 @@ extern "C" OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox,
return OEMCrypto_SUCCESS;
}
extern "C" OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
size_t keyBoxLength) {
extern "C" OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(
const uint8_t* keybox, size_t keyBoxLength) {
if (!crypto_engine) {
LOGE("OEMCrypto_InstallKeybox: OEMCrypto Not Initialized.");
LOGE("OEMCrypto_InstallKeyboxOrOEMCert: OEMCrypto Not Initialized.");
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
}
if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
@@ -595,23 +593,34 @@ extern "C" OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t* buffer,
return OEMCrypto_SUCCESS;
}
extern "C" OEMCryptoResult OEMCrypto_IsKeyboxValid(void) {
extern "C" OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(void) {
if (!crypto_engine) {
LOGE("OEMCrypto_IsKeyboxValid: OEMCrypto Not Initialized.");
LOGE("OEMCrypto_IsKeyboxOrOEMCertValid: OEMCrypto Not Initialized.");
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
}
if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
switch (crypto_engine->ValidateKeybox()) {
case NO_ERROR:
switch (crypto_engine->config_provisioning_method()) {
case OEMCrypto_DrmCertificate:
return OEMCrypto_SUCCESS;
case BAD_CRC:
return OEMCrypto_ERROR_BAD_CRC;
case BAD_MAGIC:
return OEMCrypto_ERROR_BAD_MAGIC;
case OEMCrypto_Keybox:
switch (crypto_engine->ValidateKeybox()) {
case NO_ERROR:
return OEMCrypto_SUCCESS;
case BAD_CRC:
return OEMCrypto_ERROR_BAD_CRC;
case BAD_MAGIC:
return OEMCrypto_ERROR_BAD_MAGIC;
default:
case OTHER_ERROR:
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
}
break;
case OEMCrypto_OEMCertificate:
// TODO(fredgc): verify that the certificate exists and is valid.
return OEMCrypto_SUCCESS;
break;
default:
case OTHER_ERROR:
LOGE("Invalid provisioning method: %d.",
crypto_engine->config_provisioning_method());
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
}
}

1
libwvdrmengine/oemcrypto/test/oec_device_features.cpp
View File

@@ -143,6 +143,7 @@ std::string DeviceFeatures::RestrictFilter(const std::string& initial_filter) {
if (api_version < 12) FilterOut(&filter, "*API12*");
if (api_version < 13) FilterOut(&filter, "*API13*");
if (api_version < 14) FilterOut(&filter, "*API14*");
if (api_version < 15) FilterOut(&filter, "*API15*");
// Some tests may require root access. If user is not root, filter these tests
// out.
if (getuid()) {

5
libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
View File

@@ -538,6 +538,11 @@ TEST_F(OEMCryptoProv30Test, DeviceClaimsOEMCertificate) {
ASSERT_EQ(OEMCrypto_OEMCertificate, OEMCrypto_GetProvisioningMethod());
}
// The OEM certificate must be valid.
TEST_F(OEMCryptoProv30Test, CertValidAPI15) {
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_IsKeyboxOrOEMCertValid());
}
TEST_F(OEMCryptoProv30Test, OEMCertValid) {
Session s;
ASSERT_NO_FATAL_FAILURE(s.open());