widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Factory tool implements Widevine IRPC HAL v3

Browse Source 
Implement IRPC HAL v3 interfaces for extracting device registration CSR.
The new interface calls OEMCrypto_GetDeviceInformation() and
OEMCrypto_GetSignedCsrPayload() and then constructs the CSR.

Also added all mandatory fields of device info in the request.

Test: Run extraction tool on Pixel 7 and upload CSR
Test: Verified Widevine remote provisioning
Bug: 268246995
Change-Id: I24097ba32c7a105266071c1341c938b5874b38d8
This commit is contained in:
Cong Lin
2023-02-19 17:38:25 -08:00
parent e8add8eed8
commit 8dc7cc0c74
6 changed files with 130 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
libwvdrmengine/factory_upload_tool/include/WidevineOemcryptoInterface.h
View File

@@ -13,13 +13,6 @@
namespace widevine {
struct VerifiedDeviceInfo {
std::vector<uint8_t> device_info;
// Used by Interface of Remote Provisioning Component (IRPC) v3 for CSR
// uploading
std::vector<uint8_t> signed_csr_payload;
};
class OEMCryptoInterface {
public:
OEMCryptoInterface() = default;
@@ -40,7 +33,13 @@ class OEMCryptoInterface {
// Retrieves the verified device information of the OEMCrypto library from
// OEMCrypto implementation.
OEMCryptoResult GetVerifiedDeviceInformation(
VerifiedDeviceInfo& verified_device_info);
std::vector<uint8_t>& verified_device_info);
// Generates device registration CSR payload and signs it with the leaf cert
// of BCC.
OEMCryptoResult GetSignedCsrPayload(const std::vector<uint8_t>& challenge,
const std::vector<uint8_t>& device_info,
std::vector<uint8_t>& signed_csr_payload);
private:
typedef OEMCryptoResult (*Initialize_t)();
@@ -50,8 +49,11 @@ class OEMCryptoInterface {
size_t* additional_signature_size);
typedef OEMCryptoResult (*BuildInformation_t)(char* buffer,
size_t* buffer_length);
typedef OEMCryptoResult (*GetDeviceInformation_t)(
uint8_t* device_info, size_t* device_info_length,
typedef OEMCryptoResult (*GetDeviceInformation_t)(uint8_t* device_info,
size_t* device_info_length);
typedef OEMCryptoResult (*GetDeviceSignedCsrPayload_t)(
const uint8_t* challenge, size_t challenge_length,
const uint8_t* device_info, size_t device_info_length,
uint8_t* signed_csr_payload, size_t* signed_csr_payload_length);
Initialize_t Initialize = nullptr;
@@ -59,6 +61,7 @@ class OEMCryptoInterface {
GetBootCertificateChain_t GetBootCertificateChain = nullptr;
BuildInformation_t BuildInformation = nullptr;
GetDeviceInformation_t GetDeviceInformation = nullptr;
GetDeviceSignedCsrPayload_t GetDeviceSignedCsrPayload = nullptr;
void* handle_ = nullptr;
};

3
libwvdrmengine/factory_upload_tool/include/WidevineProvisioner.h
View File

@@ -27,6 +27,8 @@ class WidevineProvisioner {
bool GenerateCertificateRequest(
bool testMode, const std::vector<uint8_t>& endpointEncCertChain,
std::vector<uint8_t>& deviceInfo, std::vector<uint8_t>& protectedData);
bool GenerateCertificateRequestV2(const std::vector<uint8_t>& challenge,
std::vector<uint8_t>* csr);
private:
bool GetDeviceInfo(std::vector<uint8_t>& device_info);
@@ -43,6 +45,7 @@ class WidevineProvisioner {
void InitializeCryptoInterface();
bool GetDeviceInfoCommon(cppbor::Map& device_info_map);
bool TryAddVerifiedDeviceInfo(cppbor::Map& device_info_map);
bool GetDeviceInfoV2(cppbor::Map& device_info_map);
std::unique_ptr<OEMCryptoInterface> crypto_interface_;
};

8
libwvdrmengine/factory_upload_tool/include/WidevineRemotelyProvisionedComponent.h
View File

@@ -49,11 +49,9 @@ class WidevineRemotelyProvisionedComponent
std::vector<uint8_t>* keysToSignMac) override;
ScopedAStatus generateCertificateRequestV2(
const std::vector<MacedPublicKey>& /* keysToSign */,
const std::vector<uint8_t>& /* challenge */,
std::vector<uint8_t>* /* csr */) override {
return ScopedAStatus::fromExceptionCode(EX_UNSUPPORTED_OPERATION);
}
const std::vector<MacedPublicKey>& keysToSign,
const std::vector<uint8_t>& challenge,
std::vector<uint8_t>* csr) override;
private:
std::unique_ptr<widevine::WidevineProvisioner> provisioner_;