Add OEMCrypto_IsAntiRollbackHwPresent API for OEMCrypto v10.
Merge from WV CDM repo: https://widevine-internal-review.googlesource.com/#/c/13660/. bug: 18948905 Change-Id: I1ffe72baaac9abf05c06139de790236e763f89a8
This commit is contained in:
Edwin Wong
@@ -97,6 +97,7 @@ class CryptoSession {
|
|||||||
const std::string& message, const std::string& signature,
|
const std::string& message, const std::string& signature,
|
||||||
const std::string& provider_session_token);
|
const std::string& provider_session_token);
|
||||||
virtual CdmResponseType DeleteAllUsageReports();
|
virtual CdmResponseType DeleteAllUsageReports();
|
||||||
|
virtual bool IsAntiRollbackHwPresent();
|
||||||
|
|
||||||
virtual bool GetHdcpCapabilities(OemCryptoHdcpVersion* current,
|
virtual bool GetHdcpCapabilities(OemCryptoHdcpVersion* current,
|
||||||
OemCryptoHdcpVersion* max);
|
OemCryptoHdcpVersion* max);
|
||||||
|
|||||||
@@ -864,6 +864,10 @@ CdmResponseType CryptoSession::DeleteAllUsageReports() {
|
|||||||
return NO_ERROR;
|
return NO_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool CryptoSession::IsAntiRollbackHwPresent() {
|
||||||
|
return OEMCrypto_IsAntiRollbackHwPresent(requested_security_level_);
|
||||||
|
}
|
||||||
|
|
||||||
bool CryptoSession::GenerateNonce(uint32_t* nonce) {
|
bool CryptoSession::GenerateNonce(uint32_t* nonce) {
|
||||||
if (!nonce) {
|
if (!nonce) {
|
||||||
LOGE("input parameter is null");
|
LOGE("input parameter is null");
|
||||||
|
|||||||
@@ -274,6 +274,14 @@ bool CdmLicense::PrepareKeyRequest(const InitializationData& init_data,
|
|||||||
client_capabilities->set_session_token(supports_usage_information);
|
client_capabilities->set_session_token(supports_usage_information);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
client_capabilities->set_anti_rollback_hardware_present(
|
||||||
|
session_->IsAntiRollbackHwPresent());
|
||||||
|
|
||||||
|
uint32_t api_version = 0;
|
||||||
|
if (session_->GetApiVersion(&api_version)) {
|
||||||
|
client_capabilities->set_oem_crypto_api_version(api_version);
|
||||||
|
}
|
||||||
|
|
||||||
CryptoSession::OemCryptoHdcpVersion current_version, max_version;
|
CryptoSession::OemCryptoHdcpVersion current_version, max_version;
|
||||||
if (session_->GetHdcpCapabilities(¤t_version, &max_version)) {
|
if (session_->GetHdcpCapabilities(¤t_version, &max_version)) {
|
||||||
switch (max_version) {
|
switch (max_version) {
|
||||||
@@ -315,11 +323,6 @@ bool CdmLicense::PrepareKeyRequest(const InitializationData& init_data,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
uint32_t version = 0;
|
|
||||||
if (session_->GetApiVersion(&version)) {
|
|
||||||
client_capabilities->set_oem_crypto_api_version(version);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (privacy_mode_enabled) {
|
if (privacy_mode_enabled) {
|
||||||
EncryptedClientIdentification* encrypted_client_id =
|
EncryptedClientIdentification* encrypted_client_id =
|
||||||
license_request.mutable_encrypted_client_id();
|
license_request.mutable_encrypted_client_id();
|
||||||
|
|||||||
@@ -410,6 +410,7 @@ message ClientIdentification {
|
|||||||
optional bool video_resolution_constraints = 3 [default = false];
|
optional bool video_resolution_constraints = 3 [default = false];
|
||||||
optional HdcpVersion max_hdcp_version = 4 [default = HDCP_NONE];
|
optional HdcpVersion max_hdcp_version = 4 [default = HDCP_NONE];
|
||||||
optional uint32 oem_crypto_api_version = 5;
|
optional uint32 oem_crypto_api_version = 5;
|
||||||
|
optional bool anti_rollback_hardware_present = 6 [default = false];
|
||||||
}
|
}
|
||||||
|
|
||||||
// Type of factory-provisioned device root of trust. Optional.
|
// Type of factory-provisioned device root of trust. Optional.
|
||||||
|
|||||||
@@ -33,4 +33,10 @@ bool CryptoEngine::supports_storage() {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Returns false for mock library to indicate the client does not support
|
||||||
|
// anti-rollback hardware.
|
||||||
|
bool CryptoEngine::is_anti_rollback_hw_present() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
} // namespace wvoec_mock
|
} // namespace wvoec_mock
|
||||||
|
|||||||
@@ -512,6 +512,13 @@ bool SessionContext::InstallKey(const KeyId& key_id,
|
|||||||
LOGE("Error parsing key control.");
|
LOGE("Error parsing key control.");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
if ((key_control_block.control_bits() &
|
||||||
|
kControlRequireAntiRollbackHardware) &&
|
||||||
|
!ce_->is_anti_rollback_hw_present()) {
|
||||||
|
LOGE("Anti-rollback hardware is required but hardware not present.");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
if (!CheckNonceOrEntry(key_control_block, pst)) {
|
if (!CheckNonceOrEntry(key_control_block, pst)) {
|
||||||
LOGE("Failed Nonce/PST check.");
|
LOGE("Failed Nonce/PST check.");
|
||||||
return false;
|
return false;
|
||||||
|
|||||||
@@ -256,6 +256,7 @@ class CryptoEngine {
|
|||||||
bool local_display();
|
bool local_display();
|
||||||
bool closed_platform();
|
bool closed_platform();
|
||||||
bool supports_storage();
|
bool supports_storage();
|
||||||
|
bool is_anti_rollback_hw_present();
|
||||||
|
|
||||||
private:
|
private:
|
||||||
SessionContext* current_session_;
|
SessionContext* current_session_;
|
||||||
|
|||||||
@@ -19,7 +19,8 @@ namespace wvoec_mock {
|
|||||||
|
|
||||||
bool KeyControlBlock::Validate() {
|
bool KeyControlBlock::Validate() {
|
||||||
if ((FOURCC('k', 'c', 't', 'l') != verification_) && // original verification
|
if ((FOURCC('k', 'c', 't', 'l') != verification_) && // original verification
|
||||||
(FOURCC('k', 'c', '0', '9') != verification_)) { // add in version 9 api.
|
(FOURCC('k', 'c', '0', '9') != verification_) && // add in version 9 api
|
||||||
|
(FOURCC('k', 'c', '1', '0') != verification_)) { // add in version 10 api
|
||||||
LOGE("KCB: BAD verification string: %08X (not %08X or %08X)", verification_,
|
LOGE("KCB: BAD verification string: %08X (not %08X or %08X)", verification_,
|
||||||
0x6b63746c, 0x6b633039);
|
0x6b63746c, 0x6b633039);
|
||||||
return false;
|
return false;
|
||||||
|
|||||||
@@ -14,6 +14,7 @@ namespace wvoec_mock {
|
|||||||
const uint32_t kControlObserveDataPath = (1<<31);
|
const uint32_t kControlObserveDataPath = (1<<31);
|
||||||
const uint32_t kControlObserveHDCP = (1<<30);
|
const uint32_t kControlObserveHDCP = (1<<30);
|
||||||
const uint32_t kControlObserveCGMS = (1<<29);
|
const uint32_t kControlObserveCGMS = (1<<29);
|
||||||
|
const uint32_t kControlRequireAntiRollbackHardware = (1<<28);
|
||||||
const uint32_t kControlReplayMask = (0x03<<13);
|
const uint32_t kControlReplayMask = (0x03<<13);
|
||||||
const uint32_t kControlNonceRequired = (0x01<<13);
|
const uint32_t kControlNonceRequired = (0x01<<13);
|
||||||
const uint32_t kControlNonceOrEntry = (0x02<<13);
|
const uint32_t kControlNonceOrEntry = (0x02<<13);
|
||||||
|
|||||||
@@ -996,7 +996,7 @@ OEMCryptoResult OEMCrypto_DeriveKeysFromSessionKey(
|
|||||||
|
|
||||||
extern "C"
|
extern "C"
|
||||||
uint32_t OEMCrypto_APIVersion() {
|
uint32_t OEMCrypto_APIVersion() {
|
||||||
return 9;
|
return 10;
|
||||||
}
|
}
|
||||||
|
|
||||||
extern "C"
|
extern "C"
|
||||||
@@ -1049,6 +1049,17 @@ OEMCryptoResult OEMCrypto_GetMaxNumberOfSessions(size_t* maximum) {
|
|||||||
return OEMCrypto_SUCCESS;
|
return OEMCrypto_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
extern "C"
|
||||||
|
bool OEMCrypto_IsAntiRollbackHwPresent() {
|
||||||
|
bool anti_rollback_hw_present = crypto_engine->is_anti_rollback_hw_present();
|
||||||
|
|
||||||
|
if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
|
||||||
|
LOGI("-- bool OEMCrypto_IsAntiRollbackHwPresent(): %d\n",
|
||||||
|
anti_rollback_hw_present);
|
||||||
|
}
|
||||||
|
return anti_rollback_hw_present;
|
||||||
|
}
|
||||||
|
|
||||||
extern "C"
|
extern "C"
|
||||||
OEMCryptoResult OEMCrypto_Generic_Encrypt(OEMCrypto_SESSION session,
|
OEMCryptoResult OEMCrypto_Generic_Encrypt(OEMCrypto_SESSION session,
|
||||||
const uint8_t* in_buffer,
|
const uint8_t* in_buffer,
|
||||||
|
|||||||
@@ -1054,8 +1054,10 @@ class Session {
|
|||||||
sizeof(license_.keys[i].key_iv));
|
sizeof(license_.keys[i].key_iv));
|
||||||
OEMCrypto_GetRandom(license_.keys[i].control_iv,
|
OEMCrypto_GetRandom(license_.keys[i].control_iv,
|
||||||
sizeof(license_.keys[i].control_iv));
|
sizeof(license_.keys[i].control_iv));
|
||||||
if (control & (wvoec_mock::kControlHDCPVersionMask |
|
if (control & wvoec_mock::kControlRequireAntiRollbackHardware) {
|
||||||
wvoec_mock::kControlReplayMask)) {
|
memcpy(license_.keys[i].control.verification, "kc10", 4);
|
||||||
|
} else if (control & (wvoec_mock::kControlHDCPVersionMask |
|
||||||
|
wvoec_mock::kControlReplayMask)) {
|
||||||
memcpy(license_.keys[i].control.verification, "kc09", 4);
|
memcpy(license_.keys[i].control.verification, "kc09", 4);
|
||||||
} else {
|
} else {
|
||||||
memcpy(license_.keys[i].control.verification, "kctl", 4);
|
memcpy(license_.keys[i].control.verification, "kctl", 4);
|
||||||
@@ -1585,6 +1587,23 @@ class OEMCryptoClientTest : public ::testing::Test {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
TEST_F(OEMCryptoClientTest, AntiRollbackHardwareRequired) {
|
||||||
|
Session s;
|
||||||
|
s.open();
|
||||||
|
s.GenerateDerivedKeys();
|
||||||
|
s.FillSimpleMessage(0, wvoec_mock::kControlRequireAntiRollbackHardware, 0);
|
||||||
|
s.EncryptAndSign();
|
||||||
|
OEMCryptoResult sts = OEMCrypto_LoadKeys(
|
||||||
|
s.session_id(), s.message_ptr(), sizeof(MessageData), &s.signature()[0],
|
||||||
|
s.signature().size(), s.encrypted_license().mac_key_iv,
|
||||||
|
s.encrypted_license().mac_keys, kNumKeys, s.key_array(), NULL, 0);
|
||||||
|
if (OEMCrypto_IsAntiRollbackHwPresent()) {
|
||||||
|
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
|
||||||
|
} else {
|
||||||
|
ASSERT_EQ(OEMCrypto_ERROR_UNKNOWN_FAILURE, sts);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Keybox Tests
|
// Keybox Tests
|
||||||
// These two tests are first, becuase it might give an idea why other
|
// These two tests are first, becuase it might give an idea why other
|
||||||
|
|||||||
Reference in New Issue
Block a user