widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Hash OEM Certificate

Browse Source 
(This is a merge of wvgerrit/25582)

Provisioning 3.0 devices that do not use SPOIDs have been returning
their full OEM Public Certificate as their device ID. While this is not
a security concern, (it is a PUBLIC cert) the cert is many times larger
than applications are likely expecting. (several kilobytes vs. just a
few bytes) This patch hashes the OEM Public Certificate to produce a
smaller value, but only when it is being provided out of the CDM to a
caller.

Bug: 34716264
Test: run_all_unit_tests.sh
Change-Id: Ib82cf7a174a8bf02ff606edd0394ada13842224c
This commit is contained in:
John W. Bruce
2017-04-11 11:57:57 -07:00
parent c0a7655834
commit 8513b71499
5 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
libwvdrmengine/cdm/core/src/crypto_session.cpp
View File

@@ -13,6 +13,7 @@
#include "crypto_key.h"
#include "log.h"
#include "metrics_front_end.h"
#include "openssl/sha.h"
#include "properties.h"
#include "pst_report.h"
#include "string_conversions.h"
@@ -242,13 +243,14 @@ CdmSecurityLevel CryptoSession::GetSecurityLevel() {
return kSecurityLevelUnknown;
}
bool CryptoSession::GetDeviceUniqueId(std::string* device_id) {
bool CryptoSession::GetInternalDeviceUniqueId(std::string* device_id) {
if (!device_id) {
LOGE("CryptoSession::GetDeviceUniqueId : No buffer passed to method.");
LOGE("CryptoSession::GetInternalDeviceUniqueId : No buffer passed to "
"method.");
return false;
}
LOGV("CryptoSession::GetDeviceUniqueId: Lock");
LOGV("CryptoSession::GetInternalDeviceUniqueId: Lock");
AutoLock auto_lock(crypto_lock_);
if (!initialized_) {
return false;
@@ -281,6 +283,26 @@ bool CryptoSession::GetDeviceUniqueId(std::string* device_id) {
}
}
bool CryptoSession::GetExternalDeviceUniqueId(std::string* device_id) {
std::string temp;
if (!GetInternalDeviceUniqueId(&temp)) return false;
if (pre_provision_token_type_ == kClientTokenOemCert) {
// To keep the size of the value passed back to the application down, hash
// the large OEM Public Cert to a smaller value.
uint8_t hash[SHA256_DIGEST_LENGTH];
SHA256_CTX ctx;
SHA256_Init(&ctx);
SHA256_Update(&ctx, temp.data(), temp.length());
SHA256_Final(hash, &ctx);
temp.assign(reinterpret_cast<char*>(hash), SHA256_DIGEST_LENGTH);
}
*device_id = temp;
return true;
}
bool CryptoSession::GetApiVersion(uint32_t* version) {
if (!version) {
LOGE("CryptoSession::GetApiVersion: No buffer passed to method.");