Merge cdm changes to android repo

Bug: 251924225 Test: GtsMediaTestCases Change-Id: I1b4e64c0abf701fe1f5017f14dc72b72c3ea6770
2022-10-07 23:55:37 +00:00
parent 3cfe7c7299
commit af0168dbed
54 changed files with 295536 additions and 294359 deletions
--- a/libwvdrmengine/cdm/core/include/properties.h
+++ b/libwvdrmengine/cdm/core/include/properties.h
@@ -78,7 +78,7 @@ class Properties {
  static bool GetDeviceFilesBasePath(CdmSecurityLevel security_level,
                                     std::string* base_path);
  static bool GetFactoryKeyboxPath(std::string* keybox);
-  static bool GetOEMCryptoPath(std::string* library_name);
+  static bool GetOEMCryptoPaths(std::vector<std::string>* library_name);
  static bool GetSandboxId(std::string* sandbox_id);
  static bool AlwaysUseKeySetIds();
  static bool UseProviderIdInProvisioningRequest();
--- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
+++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
@@ -566,7 +566,8 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
    const bool result =
        ExtractAndDecodeSignedMessage(response_message, &response);
    if (!result || response.empty()) {
-      LOGE("Provisioning response message is an invalid JSON/base64 string");
+      LOGE("Provisioning response message is an invalid JSON/base64 string: %s",
+           response.c_str());
      return CERT_PROVISIONING_RESPONSE_ERROR_1;
    }
  }
@@ -733,7 +734,7 @@ bool CertificateProvisioning::ExtractAndDecodeSignedMessage(

  if (start == provisioning_response.npos) {
    // Message is not properly wrapped - reject it.
-    LOGE("Cannot locate start substring");
+    LOGE("Cannot locate start substring '%s'", json_start_substr.c_str());
    result->clear();
    return false;
  }
@@ -742,7 +743,7 @@ bool CertificateProvisioning::ExtractAndDecodeSignedMessage(
  const size_t end = provisioning_response.find(
      json_end_substr, start + json_start_substr.length());
  if (end == provisioning_response.npos) {
-    LOGE("Cannot locate end substring");
+    LOGE("Cannot locate end substring '%s'", json_end_substr.c_str());
    result->clear();
    return false;
  }
--- a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
+++ b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
@@ -924,30 +924,23 @@ class Adapter {
      return result;
    }
    LOGI("L3 Initialized. Trying L1.");
-    std::string library_name;
-    if (!wvcdm::Properties::GetOEMCryptoPath(&library_name)) {
+    std::vector<std::string> library_names;
+    if (!wvcdm::Properties::GetOEMCryptoPaths(&library_names)) {
      LOGW("L1 library not specified. Falling back to L3");
      metrics.OemCryptoDynamicAdapterMetrics::SetInitializationMode(
          wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L3_NO_L1_LIBRARY_PATH);
      return result;
    }
    if (level1_library_ == nullptr) {
-      vector<string> library_paths = {"/vendor/", "/system/", "/odm/"};
-      string sub_dir;
-      #if __LP64__
-            sub_dir = "lib64/";
-      #else
-            sub_dir = "lib/";
-      #endif
-
-      for (auto& path : library_paths) {
-        level1_library_ = dlopen((path + sub_dir + library_name).c_str(), RTLD_NOW);
-        if (level1_library_) break;
+      for (auto& name : library_names) {
+        level1_library_ = dlopen((name.c_str()), RTLD_NOW);
+        if (level1_library_) {
+          LOGV("Using oemcrypto path %s", name.c_str());
+          break;
+        }
      }
-
      if (level1_library_ == nullptr) {
-        LOGW("Could not load %s. Falling back to L3.  %s", library_name.c_str(),
-             dlerror());
+        LOGW("Could not load oemcrypto. Falling back to L3.  %s", dlerror());
        metrics.OemCryptoDynamicAdapterMetrics::SetInitializationMode(
            wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L3_L1_OPEN_FAILED);
        return result;
--- a/libwvdrmengine/cdm/core/test/test_base.cpp
+++ b/libwvdrmengine/cdm/core/test/test_base.cpp
@@ -177,6 +177,57 @@ bool ExtractSignedMessage(const std::string& response,
  return true;
 }

+// TODO(b/242744857): This extra debugging may not be needed in all cases. When
+// provisioning fails, this dumps the cert and other information.
+std::string DumpProvAttempt(const std::string& url, const std::string& request,
+                            const std::string& http_message) {
+  std::stringstream info;
+  info << "Provisioning url: " << url << "\n";
+  info << "Request: " << wvutil::unlimited_b2a_hex(request) << "\n";
+  info << "http_message: " << wvutil::unlimited_b2a_hex(http_message) << "\n";
+  if (wvoec::global_features.derive_key_method ==
+      wvoec::DeviceFeatures::TEST_PROVISION_30) {
+    std::vector<uint8_t> cert;
+    size_t cert_length = 0;
+    OEMCryptoResult result = OEMCrypto_GetOEMPublicCertificate(
+        cert.data(), &cert_length, kLevelDefault);
+    if (result == OEMCrypto_ERROR_SHORT_BUFFER) {
+      cert.resize(cert_length);
+      result = OEMCrypto_GetOEMPublicCertificate(cert.data(), &cert_length,
+                                                 kLevelDefault);
+    }
+    if (result != OEMCrypto_SUCCESS) {
+      info << "--- ERROR GETTING CERT. result=" << result;
+    } else {
+      info << "OEM Cert = (len=" << cert_length << ") "
+           << wvutil::unlimited_b2a_hex(cert);
+    }
+  }
+  if (wvoec::global_features.derive_key_method ==
+      wvoec::DeviceFeatures::TEST_PROVISION_40) {
+    std::vector<uint8_t> bcc;
+    size_t bcc_length = 0;
+    std::vector<uint8_t> signature;
+    size_t signature_length = 0;
+    OEMCryptoResult result = OEMCrypto_GetBootCertificateChain(
+        bcc.data(), &bcc_length, signature.data(), &signature_length);
+    if (result == OEMCrypto_ERROR_SHORT_BUFFER) {
+      bcc.resize(bcc_length);
+      signature.resize(signature_length);
+      result = OEMCrypto_GetBootCertificateChain(
+          bcc.data(), &bcc_length, signature.data(), &signature_length);
+    }
+    if (result != OEMCrypto_SUCCESS) {
+      info << "--- ERROR GETTING BCC. result=" << result;
+    } else {
+      info << "BCC = (len=" << bcc_length << ") "
+           << wvutil::unlimited_b2a_hex(bcc) << "\n"
+           << "Additional Sig = (len=" << signature_length << ") "
+           << wvutil::unlimited_b2a_hex(signature) << "\n";
+    }
+  }
+  return info.str();
+}
 }  // namespace

 std::unique_ptr<ConfigTestEnv> WvCdmTestBase::default_config_;
@@ -443,11 +494,16 @@ void WvCdmTestBase::Provision() {

      ASSERT_EQ(NO_ERROR, cdm_engine.HandleProvisioningResponse(
                              binary_protobuf_response, kLevelDefault, &cert,
-                              &wrapped_key));
+                              &wrapped_key))
+          << "Binary provisioning failed. "
+          << DumpProvAttempt(provisioning_server_url, prov_request,
+                             http_message);
    } else {
-      ASSERT_EQ(NO_ERROR,
-                cdm_engine.HandleProvisioningResponse(
-                    http_message, kLevelDefault, &cert, &wrapped_key));
+      ASSERT_EQ(NO_ERROR, cdm_engine.HandleProvisioningResponse(
+                              http_message, kLevelDefault, &cert, &wrapped_key))
+          << "Non-binary provisioning failed. "
+          << DumpProvAttempt(provisioning_server_url, prov_request,
+                             http_message);
    }
  }
 }