Address failures when provisioning methods differ am: f0cd22d4f4

am: 89f6b215e9 Change-Id: Ic9e300c25404127746cb1995449fe33efd076399
2018-04-09 16:53:22 -07:00
parent 834c15e4e7 89f6b215e9
commit b37e219f46
9 changed files with 83 additions and 26 deletions
--- a/libwvdrmengine/cdm/core/include/crypto_session.h
+++ b/libwvdrmengine/cdm/core/include/crypto_session.h
@@ -199,7 +199,8 @@ class CryptoSession {
 private:
  friend class CryptoSessionForTest;

-  bool GetProvisioningMethod(CdmClientTokenType* token_type);
+  CdmResponseType GetProvisioningMethod(SecurityLevel requested_security_level,
+                                        CdmClientTokenType* token_type);
  void Init();
  void Terminate();
  bool GetTokenFromKeybox(std::string* token);
--- a/libwvdrmengine/cdm/core/include/wv_cdm_types.h
+++ b/libwvdrmengine/cdm/core/include/wv_cdm_types.h
@@ -324,6 +324,7 @@ enum CdmResponseType {
  REMOVE_USAGE_INFO_ERROR_1 = 282,
  REMOVE_USAGE_INFO_ERROR_2 = 283,
  REMOVE_USAGE_INFO_ERROR_3 = 284,
+  GET_PROVISIONING_METHOD_ERROR = 285,
 };

 enum CdmKeyStatus {
@@ -397,7 +398,8 @@ enum CdmSigningAlgorithm {
 enum CdmClientTokenType {
  kClientTokenKeybox,
  kClientTokenDrmCert,
-  kClientTokenOemCert
+  kClientTokenOemCert,
+  kClientTokenUninitialized,
 };

 // kNonSecureUsageSupport - TEE does not provide any support for usage
--- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
@@ -757,6 +757,7 @@ CdmResponseType CdmEngine::QueryOemCryptoSessionId(
 CdmResponseType CdmEngine::GetProvisioningRequest(
    CdmCertificateType cert_type, const std::string& cert_authority,
    CdmProvisioningRequest* request, std::string* default_url) {
+  LOGI("CdmEngine::GetProvisioningRequest");
  if (!request) {
    LOGE("CdmEngine::GetProvisioningRequest: invalid output parameters");
    return INVALID_PROVISIONING_REQUEST_PARAM_1;
@@ -794,6 +795,7 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
 CdmResponseType CdmEngine::HandleProvisioningResponse(
    const CdmProvisioningResponse& response, std::string* cert,
    std::string* wrapped_key) {
+  LOGI("CdmEngine::HandleProvisioningResponse");
  if (response.empty()) {
    LOGE("CdmEngine::HandleProvisioningResponse: Empty provisioning response.");
    cert_provisioning_.reset(NULL);
--- a/libwvdrmengine/cdm/core/src/crypto_session.cpp
+++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp
@@ -138,6 +138,7 @@ CryptoSession::CryptoSession(metrics::CryptoMetrics* metrics)
    : metrics_(metrics),
      system_id_(-1),
      open_(false),
+      pre_provision_token_type_(kClientTokenUninitialized),
      update_usage_table_after_close_session_(false),
      is_destination_buffer_type_valid_(false),
      requested_security_level_(kLevelDefault),
@@ -160,9 +161,11 @@ CryptoSession::~CryptoSession() {
  M_RECORD(metrics_, crypto_session_life_span_, life_span_.AsMs());
 }

-bool CryptoSession::GetProvisioningMethod(CdmClientTokenType* token_type) {
+CdmResponseType CryptoSession::GetProvisioningMethod(
+    SecurityLevel requested_security_level,
+    CdmClientTokenType* token_type) {
  OEMCrypto_ProvisioningMethod method =
-      OEMCrypto_GetProvisioningMethod(requested_security_level_);
+      OEMCrypto_GetProvisioningMethod(requested_security_level);
  metrics_->oemcrypto_provisioning_method_.Record(method);
  CdmClientTokenType type;
  switch (method) {
@@ -179,10 +182,10 @@ bool CryptoSession::GetProvisioningMethod(CdmClientTokenType* token_type) {
    default:
      LOGE("OEMCrypto_GetProvisioningMethod failed. %d", method);
      metrics_->oemcrypto_provisioning_method_.SetError(method);
-      return false;
+      return GET_PROVISIONING_METHOD_ERROR;
  }
  *token_type = type;
-  return true;
+  return NO_ERROR;
 }

 void CryptoSession::Init() {
@@ -198,9 +201,6 @@ void CryptoSession::Init() {
    }
    initialized_ = true;
  }
-  if (!GetProvisioningMethod(&pre_provision_token_type_)) {
-    initialized_ = false;
-  }
 }

 void CryptoSession::Terminate() {
@@ -594,10 +594,12 @@ bool CryptoSession::GetProvisioningId(std::string* provisioning_id) {
  uint8_t buf[KEYBOX_KEY_DATA_SIZE];
  size_t buf_size = sizeof(buf);

-  LOGV("CryptoSession::GetProvisioningId: Lock");
-  AutoLock auto_lock(crypto_lock_);
-  if (!initialized_) {
-    return false;
+  {
+    LOGV("CryptoSession::GetProvisioningId: Lock");
+    AutoLock auto_lock(crypto_lock_);
+    if (!initialized_) {
+      return false;
+    }
  }

  if (pre_provision_token_type_ == kClientTokenOemCert) {
@@ -614,6 +616,8 @@ bool CryptoSession::GetProvisioningId(std::string* provisioning_id) {
    return true;
  } else {
    OEMCryptoResult sts;
+    LOGV("CryptoSession::GetProvisioningId: Lock");
+    AutoLock auto_lock(crypto_lock_);
    M_TIME(
        sts = OEMCrypto_GetKeyData(buf, &buf_size, requested_security_level_),
        metrics_, oemcrypto_get_key_data_, sts, metrics::Pow2Bucket(buf_size));
@@ -633,14 +637,23 @@ uint8_t CryptoSession::GetSecurityPatchLevel() {
 }

 CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) {
-  LOGD("CryptoSession::Open: Lock: requested_security_level: %s",
-       requested_security_level == kLevel3
-           ? QUERY_VALUE_SECURITY_LEVEL_L3.c_str()
-           : QUERY_VALUE_SECURITY_LEVEL_DEFAULT.c_str());
-  AutoLock auto_lock(crypto_lock_);
-  if (!initialized_) return UNKNOWN_ERROR;
-  if (open_) return NO_ERROR;
+  {
+    LOGD("CryptoSession::Open: Lock: requested_security_level: %s",
+         requested_security_level == kLevel3
+             ? QUERY_VALUE_SECURITY_LEVEL_L3.c_str()
+             : QUERY_VALUE_SECURITY_LEVEL_DEFAULT.c_str());
+    AutoLock auto_lock(crypto_lock_);
+    if (!initialized_) return UNKNOWN_ERROR;
+    if (open_) return NO_ERROR;
+  }

+  CdmResponseType result =
+      GetProvisioningMethod(requested_security_level,
+                            &pre_provision_token_type_);
+  if (result != NO_ERROR) return result;
+
+  LOGV("CryptoSession::Open: Lock");
+  AutoLock auto_lock(crypto_lock_);
  OEMCrypto_SESSION sid;
  requested_security_level_ = requested_security_level;
  OEMCryptoResult sts = OEMCrypto_OpenSession(&sid, requested_security_level);
@@ -679,7 +692,7 @@ CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) {
  }

  CdmUsageSupportType usage_support_type;
-  CdmResponseType result = GetUsageSupportType(&usage_support_type);
+  result = GetUsageSupportType(&usage_support_type);
  if (result == NO_ERROR) {
    metrics_->oemcrypto_usage_table_support_.Record(usage_support_type);
    if (usage_support_type == kUsageEntrySupport) {
--- a/libwvdrmengine/cdm/core/test/test_printers.cpp
+++ b/libwvdrmengine/cdm/core/test/test_printers.cpp
@@ -581,6 +581,8 @@ void PrintTo(const enum CdmResponseType& value, ::std::ostream* os) {
      break;
    case REMOVE_USAGE_INFO_ERROR_3: *os << "REMOVE_USAGE_INFO_ERROR_3";
      break;
+    case GET_PROVISIONING_METHOD_ERROR: *os << "GET_PROVISIONING_METHOD_ERROR";
+      break;
    default:
      *os                                        << "Unknown CdmResponseType";
      break;
--- a/libwvdrmengine/cdm/test/request_license_test.cpp
+++ b/libwvdrmengine/cdm/test/request_license_test.cpp
@@ -1620,8 +1620,39 @@ class WvCdmRequestLicenseTest : public WvCdmTestBase {
 };

 TEST_F(WvCdmRequestLicenseTest, ProvisioningTest) {
-  decryptor_.OpenSession(g_key_system, NULL, kDefaultCdmIdentifier, NULL,
-                         &session_id_);
+  Unprovision();
+  EXPECT_EQ(NEED_PROVISIONING,
+              decryptor_.OpenSession(g_key_system, NULL,
+                                     kDefaultCdmIdentifier, NULL,
+                                     &session_id_));
+  std::string provisioning_server;
+  CdmCertificateType cert_type = kCertificateWidevine;
+  std::string cert_authority, cert, wrapped_key;
+
+  EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.GetProvisioningRequest(
+                                 cert_type, cert_authority,
+                                 kDefaultCdmIdentifier, &key_msg_,
+                                 &provisioning_server));
+  EXPECT_EQ(provisioning_server, g_config->provisioning_server());
+
+  std::string response =
+      GetCertRequestResponse(g_config->provisioning_server());
+  EXPECT_NE(0, static_cast<int>(response.size()));
+  EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.HandleProvisioningResponse(
+                                 kDefaultCdmIdentifier, response, &cert,
+                                 &wrapped_key));
+  EXPECT_EQ(0, static_cast<int>(cert.size()));
+  EXPECT_EQ(0, static_cast<int>(wrapped_key.size()));
+  decryptor_.CloseSession(session_id_);
+}
+
+TEST_F(WvCdmRequestLicenseTest, L3ProvisioningTest) {
+  TestWvCdmClientPropertySet property_set_L3;
+  property_set_L3.set_security_level(QUERY_VALUE_SECURITY_LEVEL_L3);
+  EXPECT_EQ(NEED_PROVISIONING,
+              decryptor_.OpenSession(g_key_system, &property_set_L3,
+                                     kDefaultCdmIdentifier, NULL,
+                                     &session_id_));
  std::string provisioning_server;
  CdmCertificateType cert_type = kCertificateWidevine;
  std::string cert_authority, cert, wrapped_key;
@@ -3764,7 +3795,8 @@ TEST_F(WvCdmRequestLicenseTest, QueryStatus) {
  EXPECT_EQ(wvcdm::NO_ERROR,
            decryptor_.QueryStatus(kLevelDefault,
                                   wvcdm::QUERY_KEY_PROVISIONING_ID, &value));
-  EXPECT_EQ(16u, value.size());
+  EXPECT_TRUE(16u == value.size() || 32u == value.size())
+      << "provisioning id size: " << value.size();

  EXPECT_EQ(wvcdm::NO_ERROR,
            decryptor_.QueryStatus(
@@ -3866,7 +3898,8 @@ TEST_F(WvCdmRequestLicenseTest, QueryStatusL3) {
  EXPECT_EQ(wvcdm::NO_ERROR,
            decryptor_.QueryStatus(kLevel3, wvcdm::QUERY_KEY_PROVISIONING_ID,
                                   &value));
-  EXPECT_EQ(16u, value.size());
+  EXPECT_TRUE(16u == value.size() || 32u == value.size())
+      << "provisioning id size: " << value.size();

  EXPECT_EQ(wvcdm::NO_ERROR,
            decryptor_.QueryStatus(kLevel3, wvcdm::QUERY_KEY_CURRENT_HDCP_LEVEL,
--- a/libwvdrmengine/include/WVErrors.h
+++ b/libwvdrmengine/include/WVErrors.h
@@ -263,10 +263,11 @@ enum {
  kRemoveUsageInfoError1 = ERROR_DRM_VENDOR_MIN + 274,
  kRemoveUsageInfoError2 = ERROR_DRM_VENDOR_MIN + 275,
  kRemoveUsageInfoError3 = ERROR_DRM_VENDOR_MIN + 276,
+  kGetProvisioningError = ERROR_DRM_VENDOR_MIN + 277,

  // This should always follow the last error code.
  // The offset value should be updated each time a new error code is added.
-  kErrorWVDrmMaxErrorUsed = ERROR_DRM_VENDOR_MIN + 276,
+  kErrorWVDrmMaxErrorUsed = ERROR_DRM_VENDOR_MIN + 277,

  // Used by crypto test mode
  kErrorTestMode = ERROR_DRM_VENDOR_MAX,
--- a/libwvdrmengine/include/mapErrors-inl.h
+++ b/libwvdrmengine/include/mapErrors-inl.h
@@ -507,6 +507,8 @@ static android::status_t mapCdmResponseType(wvcdm::CdmResponseType res) {
      return kRemoveUsageInfoError2;
    case wvcdm::REMOVE_USAGE_INFO_ERROR_3:
      return kRemoveUsageInfoError3;
+    case wvcdm::GET_PROVISIONING_METHOD_ERROR:
+      return kGetProvisioningError;
  }

  // Return here instead of as a default case so that the compiler will warn
--- a/libwvdrmengine/include_hidl/mapErrors-inl.h
+++ b/libwvdrmengine/include_hidl/mapErrors-inl.h
@@ -290,6 +290,7 @@ static Status mapCdmResponseType(wvcdm::CdmResponseType res) {
    case wvcdm::REMOVE_USAGE_INFO_ERROR_1:
    case wvcdm::REMOVE_USAGE_INFO_ERROR_2:
    case wvcdm::REMOVE_USAGE_INFO_ERROR_3:
+    case wvcdm::GET_PROVISIONING_METHOD_ERROR:
      ALOGW("Returns UNKNOWN error for legacy status: %d", res);
      return Status::ERROR_DRM_UNKNOWN;