Merge cdm changes to android repo

Bug: 251924225 Test: GtsMediaTestCases Change-Id: I1b4e64c0abf701fe1f5017f14dc72b72c3ea6770
2022-10-07 23:55:37 +00:00
parent 3cfe7c7299
commit af0168dbed
54 changed files with 295536 additions and 294359 deletions
--- a/libwvdrmengine/oemcrypto/util/include/oemcrypto_key_deriver.h
+++ b/libwvdrmengine/oemcrypto/util/include/oemcrypto_key_deriver.h
@@ -47,6 +47,11 @@ class KeyDeriver {
  bool DeriveEncryptionKey(const std::vector<uint8_t>& enc_key_context,
                           std::vector<uint8_t>* enc_key);

+  // Derive renewed device key. Use on KeyDeriver initialized with old device
+  // key. |context| should be just the context field, eg A_priv+CA_token.
+  bool DeriveRenewedDeviceKey(const std::vector<uint8_t>& context,
+                              std::vector<uint8_t>* renewed_device_key);
+
  ~KeyDeriver() {}

 private:
--- a/libwvdrmengine/oemcrypto/util/include/oemcrypto_rsa_key.h
+++ b/libwvdrmengine/oemcrypto/util/include/oemcrypto_rsa_key.h
@@ -268,6 +268,13 @@ class RsaPrivateKey {
  // Returns an empty vector on error.
  std::vector<uint8_t> Serialize() const;

+  // Serializes the key's private exponent in network-byte-order
+  // using I2OSP primitive as defined by RFC3447 Section 4.1.  The
+  // exact length of the exponent will depend on the exponents value,
+  // not the modulus size.
+  // Returns an empty vector on error.
+  std::vector<uint8_t> GetPrivateExponent() const;
+
  // Signs the provided |message| using the RSA signing algorithm
  // specified by |algorithm|.  See RsaSignatureAlgorithm for
  // details on each algorithm.
--- a/libwvdrmengine/oemcrypto/util/src/oemcrypto_key_deriver.cpp
+++ b/libwvdrmengine/oemcrypto/util/src/oemcrypto_key_deriver.cpp
@@ -40,6 +40,31 @@ bool Derive256Key(Cmac* cmac, uint8_t counter_base, const uint8_t* ctx,
  }
  return Derive128KeyAppend(cmac, counter_base + 1, ctx, ctx_size, derived_key);
 }
+
+bool NistKdf(Cmac* cmac, const std::vector<uint8_t>& label,
+             const std::vector<uint8_t>& context, size_t bits,
+             std::vector<uint8_t>* renewed_device_key) {
+  const std::vector<uint8_t> size_bits_big_endian = {
+      static_cast<uint8_t>(bits >> 24), static_cast<uint8_t>(bits >> 16),
+      static_cast<uint8_t>(bits >> 8), static_cast<uint8_t>(bits)};
+  const size_t kAesBlockSizeBits = 16 * 8;
+
+  if (bits % kAesBlockSizeBits != 0) return false;
+  if (renewed_device_key == nullptr) {
+    return false;
+  }
+  renewed_device_key->clear();
+  bool res = false;
+  for (size_t counter = 0; counter < bits / kAesBlockSizeBits; counter++) {
+    cmac->Reset();
+    res = cmac->Update(counter + 1) && cmac->Update(label) &&
+          cmac->Update(0x00) && cmac->Update(context) &&
+          cmac->Update(size_bits_big_endian) &&
+          cmac->FinalizeAppend(renewed_device_key);
+    if (!res) break;
+  }
+  return res;
+}
 }  // namespace

 // static
@@ -150,5 +175,20 @@ bool KeyDeriver::DeriveEncryptionKey(
  return DeriveEncryptionKey(enc_key_context.data(), enc_key_context.size(),
                             enc_key);
 }
+
+bool KeyDeriver::DeriveRenewedDeviceKey(
+    const std::vector<uint8_t>& context,
+    std::vector<uint8_t>* renewed_device_key) {
+  if (renewed_device_key == nullptr) {
+    LOGE("Output key buffer is null");
+    return false;
+  }
+  const std::string kKeyboxRenewalLabel = "Keyboxv4";
+  const std::vector<uint8_t> kKeyboxRenewalLabelVec(kKeyboxRenewalLabel.begin(),
+                                                    kKeyboxRenewalLabel.end());
+
+  return NistKdf(cmac_.get(), kKeyboxRenewalLabelVec, context, 0x80,
+                 renewed_device_key);
+}
 }  // namespace util
 }  // namespace wvoec
--- a/libwvdrmengine/oemcrypto/util/src/oemcrypto_rsa_key.cpp
+++ b/libwvdrmengine/oemcrypto/util/src/oemcrypto_rsa_key.cpp
@@ -326,6 +326,27 @@ bool RsaPublicKey::IsMatchingPrivateKey(
  return RsaKeysAreMatchingPair(GetRsaKey(), private_key.GetRsaKey());
 }

+std::vector<uint8_t> RsaPrivateKey::GetPrivateExponent() const {
+  const BIGNUM* d = RSA_get0_d(key_);
+  if (d == nullptr) {
+    LOGE("Private exponent must not be null");
+    return {};
+  }
+  // Get the required length for the data.
+  const size_t length = BN_num_bytes(d);
+  if (length <= 0) {
+    LOGE("Private exponent length must be positive");
+    return {};
+  }
+  std::vector<uint8_t> serialized_private_exponent(length, 0);
+  if (static_cast<size_t>(BN_bn2bin(d, serialized_private_exponent.data())) !=
+      length) {
+    LOGE("Failed to convert the private exponent");
+    return {};
+  }
+  return serialized_private_exponent;
+}
+
 OEMCryptoResult RsaPublicKey::Serialize(uint8_t* buffer,
                                        size_t* buffer_size) const {
  if (buffer_size == nullptr) {