Widvine remote provisioning HAL implementation

This HAL implementation should be included in the factory image only. BUG: 213415013 Test: manual Change-Id: Icc0cc7f767a647238ce319623e0408ec22531f58
2022-01-24 11:06:22 -08:00
parent eb711ea0ec
commit 7684054d78
14 changed files with 1011 additions and 0 deletions
--- a/libwvdrmengine/factory_upload_tool/include/WidevineOemcryptoInterface.h
+++ b/libwvdrmengine/factory_upload_tool/include/WidevineOemcryptoInterface.h
@@ -0,0 +1,52 @@
+// Copyright 2021 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine License
+// Agreement.
+
+#ifndef WIDEVINE_OEMCRYPTO_INTERFACE_H_
+#define WIDEVINE_OEMCRYPTO_INTERFACE_H_
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+#include "OEMCryptoCENC.h"
+
+namespace widevine {
+
+class OEMCryptoInterface {
+ public:
+  OEMCryptoInterface() = default;
+  OEMCryptoInterface(const OEMCryptoInterface&) = delete;
+  OEMCryptoInterface& operator=(const OEMCryptoInterface&) = delete;
+  virtual ~OEMCryptoInterface();
+
+  // Initializes this interface by providing path to the OEMCrypto library.
+  bool Init(const std::string& oemcrypto_path);
+
+  // Retrieves the boot certificate chain from OEMCrypto implementation.
+  OEMCryptoResult GetBcc(std::vector<uint8_t>& bcc);
+
+  // Retrieves the build information of the OEMCrypto library from OEMCrypto
+  // implementation.
+  OEMCryptoResult GetOEMCryptoBuildInfo(std::string& build_info);
+
+ private:
+  typedef OEMCryptoResult (*Initialize_t)();
+  typedef OEMCryptoResult (*Terminate_t)();
+  typedef OEMCryptoResult (*GetBootCertificateChain_t)(
+      uint8_t* bcc, size_t* bcc_size, uint8_t* additional_signature,
+      size_t* additional_signature_size);
+  typedef OEMCryptoResult (*BuildInformation_t)(char* buffer,
+                                                size_t* buffer_length);
+
+  Initialize_t Initialize = nullptr;
+  Terminate_t Terminate = nullptr;
+  GetBootCertificateChain_t GetBootCertificateChain = nullptr;
+  BuildInformation_t BuildInformation = nullptr;
+
+  void* handle_ = nullptr;
+};
+
+}  // namespace widevine
+
+#endif  // WIDEVINE_OEMCRYPTO_INTERFACE_H_
--- a/libwvdrmengine/factory_upload_tool/include/WidevineProvisioner.h
+++ b/libwvdrmengine/factory_upload_tool/include/WidevineProvisioner.h
@@ -0,0 +1,50 @@
+// Copyright 2021 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine License
+// Agreement.
+
+#ifndef WIDEVINE_PROVISIONER_H_
+#define WIDEVINE_PROVISIONER_H_
+
+#include <cppbor.h>
+
+#include <cstddef>
+#include <cstdint>
+#include <memory>
+#include <string>
+#include <vector>
+
+#include "WidevineOemcryptoInterface.h"
+
+namespace widevine {
+
+class WidevineProvisioner {
+ public:
+  WidevineProvisioner();
+  WidevineProvisioner(const WidevineProvisioner&) = delete;
+  WidevineProvisioner& operator=(const WidevineProvisioner&) = delete;
+  virtual ~WidevineProvisioner() = default;
+
+  bool GenerateCertificateRequest(
+      bool testMode, const std::vector<uint8_t>& endpointEncCertChain,
+      std::vector<uint8_t>& deviceInfo, std::vector<uint8_t>& protectedData);
+
+ private:
+  bool GetDeviceInfo(std::vector<uint8_t>& device_info);
+  bool GenerateProtectedData(
+      bool test_mode,
+      const std::vector<uint8_t>& endpoint_encryption_cert_chain,
+      std::vector<uint8_t> bcc, std::vector<uint8_t>& protected_data) const;
+  bool ValidateAndExtractEekPubAndId(
+      bool test_mode,
+      const std::vector<uint8_t>& endpoint_encryption_cert_chain,
+      std::vector<uint8_t>* eek_pub, std::vector<uint8_t>* eek_id) const;
+  cppbor::Array BuildCertReqRecipients(const std::vector<uint8_t>& pubkey,
+                                       const std::vector<uint8_t>& kid) const;
+  void InitializeCryptoInterface();
+
+  std::unique_ptr<OEMCryptoInterface> crypto_interface_;
+};
+
+}  // namespace widevine
+
+#endif  // WIDEVINE_PROVISIONER_H_
--- a/libwvdrmengine/factory_upload_tool/include/WidevineRemotelyProvisionedComponent.h
+++ b/libwvdrmengine/factory_upload_tool/include/WidevineRemotelyProvisionedComponent.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2021, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <aidl/android/hardware/security/keymint/BnRemotelyProvisionedComponent.h>
+#include <aidl/android/hardware/security/keymint/RpcHardwareInfo.h>
+#include <aidl/android/hardware/security/keymint/SecurityLevel.h>
+#include <cppbor.h>
+#include <keymaster/UniquePtr.h>
+#include <keymaster/android_keymaster.h>
+
+#include "WidevineProvisioner.h"
+
+namespace aidl::android::hardware::security::keymint {
+
+class WidevineRemotelyProvisionedComponent
+    : public BnRemotelyProvisionedComponent {
+  using ScopedAStatus = ::ndk::ScopedAStatus;
+
+ public:
+  WidevineRemotelyProvisionedComponent() = default;
+  virtual ~WidevineRemotelyProvisionedComponent() = default;
+
+  ScopedAStatus getHardwareInfo(RpcHardwareInfo* info) override;
+
+  ScopedAStatus generateEcdsaP256KeyPair(
+      bool testMode, MacedPublicKey* macedPublicKey,
+      std::vector<uint8_t>* privateKeyHandle) override;
+
+  ScopedAStatus generateCertificateRequest(
+      bool testMode, const std::vector<MacedPublicKey>& keysToSign,
+      const std::vector<uint8_t>& endpointEncCertChain,
+      const std::vector<uint8_t>& challenge, DeviceInfo* deviceInfo,
+      ProtectedData* protectedData,
+      std::vector<uint8_t>* keysToSignMac) override;
+
+ private:
+  std::unique_ptr<widevine::WidevineProvisioner> provisioner_;
+};
+
+}  // namespace aidl::android::hardware::security::keymint
--- a/libwvdrmengine/factory_upload_tool/include/properties.h
+++ b/libwvdrmengine/factory_upload_tool/include/properties.h
@@ -0,0 +1,34 @@
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine License
+// Agreement.
+
+#ifndef WVCDM_CORE_PROPERTIES_H_
+#define WVCDM_CORE_PROPERTIES_H_
+
+#include <map>
+#include <memory>
+#include <mutex>
+#include <string>
+
+#include "disallow_copy_and_assign.h"
+
+namespace wvcdm {
+
+// This class gives device information/meta data.
+class Properties {
+ public:
+  static bool GetCompanyName(std::string* company_name);
+  static bool GetModelName(std::string* model_name);
+  static bool GetArchitectureName(std::string* arch_name);
+  static bool GetDeviceName(std::string* device_name);
+  static bool GetProductName(std::string* product_name);
+  static bool GetBuildInfo(std::string* build_info);
+  static bool GetOEMCryptoPath(std::string* library_name);
+
+ private:
+  CORE_DISALLOW_COPY_AND_ASSIGN(Properties);
+};
+
+}  // namespace wvcdm
+
+#endif  // WVCDM_CORE_PROPERTIES_H_