diff --git a/libwvdrmengine/cdm/core/include/crypto_session.h b/libwvdrmengine/cdm/core/include/crypto_session.h index 84da0724..348f2600 100644 --- a/libwvdrmengine/cdm/core/include/crypto_session.h +++ b/libwvdrmengine/cdm/core/include/crypto_session.h @@ -199,7 +199,8 @@ class CryptoSession { private: friend class CryptoSessionForTest; - bool GetProvisioningMethod(CdmClientTokenType* token_type); + CdmResponseType GetProvisioningMethod(SecurityLevel requested_security_level, + CdmClientTokenType* token_type); void Init(); void Terminate(); bool GetTokenFromKeybox(std::string* token); diff --git a/libwvdrmengine/cdm/core/include/wv_cdm_types.h b/libwvdrmengine/cdm/core/include/wv_cdm_types.h index ec2f78c4..f47e132d 100644 --- a/libwvdrmengine/cdm/core/include/wv_cdm_types.h +++ b/libwvdrmengine/cdm/core/include/wv_cdm_types.h @@ -324,6 +324,7 @@ enum CdmResponseType { REMOVE_USAGE_INFO_ERROR_1 = 282, REMOVE_USAGE_INFO_ERROR_2 = 283, REMOVE_USAGE_INFO_ERROR_3 = 284, + GET_PROVISIONING_METHOD_ERROR = 285, }; enum CdmKeyStatus { @@ -397,7 +398,8 @@ enum CdmSigningAlgorithm { enum CdmClientTokenType { kClientTokenKeybox, kClientTokenDrmCert, - kClientTokenOemCert + kClientTokenOemCert, + kClientTokenUninitialized, }; // kNonSecureUsageSupport - TEE does not provide any support for usage diff --git a/libwvdrmengine/cdm/core/src/cdm_engine.cpp b/libwvdrmengine/cdm/core/src/cdm_engine.cpp index 034729af..410b7f99 100644 --- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp +++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp @@ -757,6 +757,7 @@ CdmResponseType CdmEngine::QueryOemCryptoSessionId( CdmResponseType CdmEngine::GetProvisioningRequest( CdmCertificateType cert_type, const std::string& cert_authority, CdmProvisioningRequest* request, std::string* default_url) { + LOGI("CdmEngine::GetProvisioningRequest"); if (!request) { LOGE("CdmEngine::GetProvisioningRequest: invalid output parameters"); return INVALID_PROVISIONING_REQUEST_PARAM_1; @@ -794,6 +795,7 @@ CdmResponseType CdmEngine::GetProvisioningRequest( CdmResponseType CdmEngine::HandleProvisioningResponse( const CdmProvisioningResponse& response, std::string* cert, std::string* wrapped_key) { + LOGI("CdmEngine::HandleProvisioningResponse"); if (response.empty()) { LOGE("CdmEngine::HandleProvisioningResponse: Empty provisioning response."); cert_provisioning_.reset(NULL); diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp index d3dfca58..f53ec294 100644 --- a/libwvdrmengine/cdm/core/src/crypto_session.cpp +++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp @@ -138,6 +138,7 @@ CryptoSession::CryptoSession(metrics::CryptoMetrics* metrics) : metrics_(metrics), system_id_(-1), open_(false), + pre_provision_token_type_(kClientTokenUninitialized), update_usage_table_after_close_session_(false), is_destination_buffer_type_valid_(false), requested_security_level_(kLevelDefault), @@ -160,9 +161,11 @@ CryptoSession::~CryptoSession() { M_RECORD(metrics_, crypto_session_life_span_, life_span_.AsMs()); } -bool CryptoSession::GetProvisioningMethod(CdmClientTokenType* token_type) { +CdmResponseType CryptoSession::GetProvisioningMethod( + SecurityLevel requested_security_level, + CdmClientTokenType* token_type) { OEMCrypto_ProvisioningMethod method = - OEMCrypto_GetProvisioningMethod(requested_security_level_); + OEMCrypto_GetProvisioningMethod(requested_security_level); metrics_->oemcrypto_provisioning_method_.Record(method); CdmClientTokenType type; switch (method) { @@ -179,10 +182,10 @@ bool CryptoSession::GetProvisioningMethod(CdmClientTokenType* token_type) { default: LOGE("OEMCrypto_GetProvisioningMethod failed. %d", method); metrics_->oemcrypto_provisioning_method_.SetError(method); - return false; + return GET_PROVISIONING_METHOD_ERROR; } *token_type = type; - return true; + return NO_ERROR; } void CryptoSession::Init() { @@ -198,9 +201,6 @@ void CryptoSession::Init() { } initialized_ = true; } - if (!GetProvisioningMethod(&pre_provision_token_type_)) { - initialized_ = false; - } } void CryptoSession::Terminate() { @@ -594,10 +594,12 @@ bool CryptoSession::GetProvisioningId(std::string* provisioning_id) { uint8_t buf[KEYBOX_KEY_DATA_SIZE]; size_t buf_size = sizeof(buf); - LOGV("CryptoSession::GetProvisioningId: Lock"); - AutoLock auto_lock(crypto_lock_); - if (!initialized_) { - return false; + { + LOGV("CryptoSession::GetProvisioningId: Lock"); + AutoLock auto_lock(crypto_lock_); + if (!initialized_) { + return false; + } } if (pre_provision_token_type_ == kClientTokenOemCert) { @@ -614,6 +616,8 @@ bool CryptoSession::GetProvisioningId(std::string* provisioning_id) { return true; } else { OEMCryptoResult sts; + LOGV("CryptoSession::GetProvisioningId: Lock"); + AutoLock auto_lock(crypto_lock_); M_TIME( sts = OEMCrypto_GetKeyData(buf, &buf_size, requested_security_level_), metrics_, oemcrypto_get_key_data_, sts, metrics::Pow2Bucket(buf_size)); @@ -633,14 +637,23 @@ uint8_t CryptoSession::GetSecurityPatchLevel() { } CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) { - LOGD("CryptoSession::Open: Lock: requested_security_level: %s", - requested_security_level == kLevel3 - ? QUERY_VALUE_SECURITY_LEVEL_L3.c_str() - : QUERY_VALUE_SECURITY_LEVEL_DEFAULT.c_str()); - AutoLock auto_lock(crypto_lock_); - if (!initialized_) return UNKNOWN_ERROR; - if (open_) return NO_ERROR; + { + LOGD("CryptoSession::Open: Lock: requested_security_level: %s", + requested_security_level == kLevel3 + ? QUERY_VALUE_SECURITY_LEVEL_L3.c_str() + : QUERY_VALUE_SECURITY_LEVEL_DEFAULT.c_str()); + AutoLock auto_lock(crypto_lock_); + if (!initialized_) return UNKNOWN_ERROR; + if (open_) return NO_ERROR; + } + CdmResponseType result = + GetProvisioningMethod(requested_security_level, + &pre_provision_token_type_); + if (result != NO_ERROR) return result; + + LOGV("CryptoSession::Open: Lock"); + AutoLock auto_lock(crypto_lock_); OEMCrypto_SESSION sid; requested_security_level_ = requested_security_level; OEMCryptoResult sts = OEMCrypto_OpenSession(&sid, requested_security_level); @@ -679,7 +692,7 @@ CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) { } CdmUsageSupportType usage_support_type; - CdmResponseType result = GetUsageSupportType(&usage_support_type); + result = GetUsageSupportType(&usage_support_type); if (result == NO_ERROR) { metrics_->oemcrypto_usage_table_support_.Record(usage_support_type); if (usage_support_type == kUsageEntrySupport) { diff --git a/libwvdrmengine/cdm/core/test/test_printers.cpp b/libwvdrmengine/cdm/core/test/test_printers.cpp index 863f3425..7a9de407 100644 --- a/libwvdrmengine/cdm/core/test/test_printers.cpp +++ b/libwvdrmengine/cdm/core/test/test_printers.cpp @@ -581,6 +581,8 @@ void PrintTo(const enum CdmResponseType& value, ::std::ostream* os) { break; case REMOVE_USAGE_INFO_ERROR_3: *os << "REMOVE_USAGE_INFO_ERROR_3"; break; + case GET_PROVISIONING_METHOD_ERROR: *os << "GET_PROVISIONING_METHOD_ERROR"; + break; default: *os << "Unknown CdmResponseType"; break; diff --git a/libwvdrmengine/cdm/test/request_license_test.cpp b/libwvdrmengine/cdm/test/request_license_test.cpp index 3aa74ab4..05f71f24 100644 --- a/libwvdrmengine/cdm/test/request_license_test.cpp +++ b/libwvdrmengine/cdm/test/request_license_test.cpp @@ -1620,8 +1620,39 @@ class WvCdmRequestLicenseTest : public WvCdmTestBase { }; TEST_F(WvCdmRequestLicenseTest, ProvisioningTest) { - decryptor_.OpenSession(g_key_system, NULL, kDefaultCdmIdentifier, NULL, - &session_id_); + Unprovision(); + EXPECT_EQ(NEED_PROVISIONING, + decryptor_.OpenSession(g_key_system, NULL, + kDefaultCdmIdentifier, NULL, + &session_id_)); + std::string provisioning_server; + CdmCertificateType cert_type = kCertificateWidevine; + std::string cert_authority, cert, wrapped_key; + + EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.GetProvisioningRequest( + cert_type, cert_authority, + kDefaultCdmIdentifier, &key_msg_, + &provisioning_server)); + EXPECT_EQ(provisioning_server, g_config->provisioning_server()); + + std::string response = + GetCertRequestResponse(g_config->provisioning_server()); + EXPECT_NE(0, static_cast(response.size())); + EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.HandleProvisioningResponse( + kDefaultCdmIdentifier, response, &cert, + &wrapped_key)); + EXPECT_EQ(0, static_cast(cert.size())); + EXPECT_EQ(0, static_cast(wrapped_key.size())); + decryptor_.CloseSession(session_id_); +} + +TEST_F(WvCdmRequestLicenseTest, L3ProvisioningTest) { + TestWvCdmClientPropertySet property_set_L3; + property_set_L3.set_security_level(QUERY_VALUE_SECURITY_LEVEL_L3); + EXPECT_EQ(NEED_PROVISIONING, + decryptor_.OpenSession(g_key_system, &property_set_L3, + kDefaultCdmIdentifier, NULL, + &session_id_)); std::string provisioning_server; CdmCertificateType cert_type = kCertificateWidevine; std::string cert_authority, cert, wrapped_key; @@ -3764,7 +3795,8 @@ TEST_F(WvCdmRequestLicenseTest, QueryStatus) { EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.QueryStatus(kLevelDefault, wvcdm::QUERY_KEY_PROVISIONING_ID, &value)); - EXPECT_EQ(16u, value.size()); + EXPECT_TRUE(16u == value.size() || 32u == value.size()) + << "provisioning id size: " << value.size(); EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.QueryStatus( @@ -3866,7 +3898,8 @@ TEST_F(WvCdmRequestLicenseTest, QueryStatusL3) { EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.QueryStatus(kLevel3, wvcdm::QUERY_KEY_PROVISIONING_ID, &value)); - EXPECT_EQ(16u, value.size()); + EXPECT_TRUE(16u == value.size() || 32u == value.size()) + << "provisioning id size: " << value.size(); EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.QueryStatus(kLevel3, wvcdm::QUERY_KEY_CURRENT_HDCP_LEVEL, diff --git a/libwvdrmengine/include/WVErrors.h b/libwvdrmengine/include/WVErrors.h index 631e4d0a..9d06d7b5 100644 --- a/libwvdrmengine/include/WVErrors.h +++ b/libwvdrmengine/include/WVErrors.h @@ -263,10 +263,11 @@ enum { kRemoveUsageInfoError1 = ERROR_DRM_VENDOR_MIN + 274, kRemoveUsageInfoError2 = ERROR_DRM_VENDOR_MIN + 275, kRemoveUsageInfoError3 = ERROR_DRM_VENDOR_MIN + 276, + kGetProvisioningError = ERROR_DRM_VENDOR_MIN + 277, // This should always follow the last error code. // The offset value should be updated each time a new error code is added. - kErrorWVDrmMaxErrorUsed = ERROR_DRM_VENDOR_MIN + 276, + kErrorWVDrmMaxErrorUsed = ERROR_DRM_VENDOR_MIN + 277, // Used by crypto test mode kErrorTestMode = ERROR_DRM_VENDOR_MAX, diff --git a/libwvdrmengine/include/mapErrors-inl.h b/libwvdrmengine/include/mapErrors-inl.h index b4aa175c..78105e14 100644 --- a/libwvdrmengine/include/mapErrors-inl.h +++ b/libwvdrmengine/include/mapErrors-inl.h @@ -507,6 +507,8 @@ static android::status_t mapCdmResponseType(wvcdm::CdmResponseType res) { return kRemoveUsageInfoError2; case wvcdm::REMOVE_USAGE_INFO_ERROR_3: return kRemoveUsageInfoError3; + case wvcdm::GET_PROVISIONING_METHOD_ERROR: + return kGetProvisioningError; } // Return here instead of as a default case so that the compiler will warn diff --git a/libwvdrmengine/include_hidl/mapErrors-inl.h b/libwvdrmengine/include_hidl/mapErrors-inl.h index 81b571fc..fabdd6ea 100644 --- a/libwvdrmengine/include_hidl/mapErrors-inl.h +++ b/libwvdrmengine/include_hidl/mapErrors-inl.h @@ -290,6 +290,7 @@ static Status mapCdmResponseType(wvcdm::CdmResponseType res) { case wvcdm::REMOVE_USAGE_INFO_ERROR_1: case wvcdm::REMOVE_USAGE_INFO_ERROR_2: case wvcdm::REMOVE_USAGE_INFO_ERROR_3: + case wvcdm::GET_PROVISIONING_METHOD_ERROR: ALOGW("Returns UNKNOWN error for legacy status: %d", res); return Status::ERROR_DRM_UNKNOWN;