diff --git a/libwvdrmengine/cdm/core/include/crypto_session.h b/libwvdrmengine/cdm/core/include/crypto_session.h index abaf0821..e0d6d985 100644 --- a/libwvdrmengine/cdm/core/include/crypto_session.h +++ b/libwvdrmengine/cdm/core/include/crypto_session.h @@ -35,7 +35,8 @@ class CryptoSession { // Key request/response void GenerateRequestId(std::string& req_id_str); bool PrepareRequest(const std::string& key_deriv_message, - std::string* signature); + std::string* signature, + bool is_provisioning); bool PrepareRenewalRequest(const std::string& message, std::string* signature); bool LoadKeys(const std::string& message, @@ -53,16 +54,13 @@ class CryptoSession { bool GenerateDerivedKeys(const std::string& message); bool GenerateDerivedKeys(const std::string& message, const std::string& session_key); - bool GenerateSignature(const std::string& message, - std::string* signature); bool RewrapDeviceRSAKey(const std::string& message, const std::string& signature, const std::string& nonce, const std::string& enc_rsa_key, size_t enc_rsa_key_length, const std::string& rsa_key_iv, - uint8_t* wrapped_rsa_key, - size_t* wrapped_rsa_key_length); + std::string* wrapped_rsa_key); // Media data path bool SelectKey(const std::string& key_id); @@ -83,6 +81,9 @@ class CryptoSession { std::string* deriv_context); void GenerateEncryptContext(const std::string& input_context, std::string* deriv_context); + bool GenerateSignature(const std::string& message, + std::string* signature, + bool use_rsa); size_t GetOffset(std::string message, std::string field); bool SetDestinationBufferType(); diff --git a/libwvdrmengine/cdm/core/src/cdm_engine.cpp b/libwvdrmengine/cdm/core/src/cdm_engine.cpp index e3e45637..a53f90a9 100644 --- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp +++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp @@ -20,6 +20,11 @@ #define CDM_POLICY_TIMER_DURATION_SECONDS 1 #endif +namespace { +const std::string kDefaultProvisioningServerUrl = + "http://www-googleapis-test.sandbox.google.com/certificateprovisioning/v1/devicecertificates/create"; +} + namespace wvcdm { // Protobuf generated classes. @@ -384,6 +389,8 @@ CdmResponseType CdmEngine::GetProvisioningRequest( return UNKNOWN_ERROR; } + default_url->assign(kDefaultProvisioningServerUrl); + if (provisioning_session_) { LOGE("GetProvisioningRequest: duplicate provisioning request?"); return UNKNOWN_ERROR; @@ -457,7 +464,8 @@ CdmResponseType CdmEngine::GetProvisioningRequest( // Derives signing and encryption keys and constructs signature. std::string request_signature; - if (!crypto_session->PrepareRequest(serialized_request, &request_signature)) { + if (!crypto_session->PrepareRequest(serialized_request, + &request_signature, true)) { request->clear(); CleanupProvisioningSession(cdm_session_id); return UNKNOWN_ERROR; @@ -471,11 +479,6 @@ CdmResponseType CdmEngine::GetProvisioningRequest( // converts request into JSON string ComposeJsonRequest(serialized_request, request_signature, request); - - static const std::string kDefaultProvisioningServerUrl = - "http://www-googleapis-test.sandbox.google.com/certificateprovisioning/v1/devicecertificates/create"; - default_url->assign(kDefaultProvisioningServerUrl); - return NO_ERROR; } @@ -591,27 +594,21 @@ CdmResponseType CdmEngine::HandleProvisioningResponse( const std::string& rsa_key_iv = provisioning_response.device_rsa_key_iv(); const std::string& nonce = provisioning_response.nonce(); - const int kRsaKeySize = 256; - size_t wrapped_rsa_key_length = kRsaKeySize + enc_rsa_key.length(); - std::vector wrapped_rsa_key; - wrapped_rsa_key.resize(wrapped_rsa_key_length); - + std::string wrapped_rsa_key; if (!crypto_session->RewrapDeviceRSAKey(signed_message, signature, nonce.data(), enc_rsa_key, enc_rsa_key.size(), rsa_key_iv, - &wrapped_rsa_key[0], - &wrapped_rsa_key_length)) { + &wrapped_rsa_key)) { LOGE("HandleProvisioningResponse: RewrapDeviceRSAKey fails"); CleanupProvisioningSession(cdm_session_id); return UNKNOWN_ERROR; } const std::string& device_certificate = provisioning_response.device_certificate(); - std::string the_wrapped_rsa_key(wrapped_rsa_key.begin(), wrapped_rsa_key.end()); - DeviceFiles::StoreCertificate(device_certificate, the_wrapped_rsa_key); + DeviceFiles::StoreCertificate(device_certificate, wrapped_rsa_key); // //--------------------------------------------------------------------------- diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp index 7cd0db64..586b7e84 100755 --- a/libwvdrmengine/cdm/core/src/crypto_session.cpp +++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp @@ -16,7 +16,6 @@ #include "wv_cdm_constants.h" namespace { - const uint32_t kMaxSignatureBufLength = 256; // Encode unsigned integer into a big endian formatted string std::string EncodeUint32(unsigned int u) { std::string s; @@ -106,7 +105,8 @@ void CryptoSession::GenerateRequestId(std::string& req_id_str) { } bool CryptoSession::PrepareRequest(const std::string& message, - std::string* signature) { + std::string* signature, + bool is_provisioning) { LOGV("CryptoSession::PrepareRequest: Lock"); CryptoEngine* crypto_engine = CryptoEngine::GetInstance(); AutoLock auto_lock(crypto_engine->crypto_lock_); @@ -116,16 +116,16 @@ bool CryptoSession::PrepareRequest(const std::string& message, return false; } - OEMCryptoResult sts; - - if (!Properties::use_certificates_as_identification()) { - if (!GenerateDerivedKeys(message)) { + if (!Properties::use_certificates_as_identification() || is_provisioning) { + if (!GenerateDerivedKeys(message)) return false; - } - } - if (!GenerateSignature(message, signature)) { - return false; + if (!GenerateSignature(message, signature, false)) + return false; + } + else { + if (!GenerateSignature(message, signature, true)) + return false; } return true; @@ -142,7 +142,7 @@ bool CryptoSession::PrepareRenewalRequest(const std::string& message, return false; } - if (!GenerateSignature(message, signature)) { + if (!GenerateSignature(message, signature, false)) { return false; } @@ -356,17 +356,20 @@ bool CryptoSession::GenerateDerivedKeys(const std::string& message, } bool CryptoSession::GenerateSignature(const std::string& message, - std::string* signature) { + std::string* signature, + bool use_rsa) { LOGV("GenerateSignature: id=%ld", (uint32_t) oec_session_id_); - uint8_t signature_buf[kMaxSignatureBufLength]; - size_t length = kMaxSignatureBufLength; + if (!signature) + return false; + + size_t length = 0; OEMCryptoResult sts; - if (Properties::use_certificates_as_identification()) { + if (use_rsa) { sts = OEMCrypto_GenerateRSASignature( oec_session_id_, reinterpret_cast(message.data()), message.size(), - signature_buf, + NULL, &length); } else { @@ -374,7 +377,31 @@ bool CryptoSession::GenerateSignature(const std::string& message, oec_session_id_, reinterpret_cast(message.data()), message.size(), - signature_buf, + NULL, + &length); + } + + if (OEMCrypto_ERROR_SHORT_BUFFER != sts) { + LOGD("GenerateSignature: OEMCrypto_GenerateSignature err=%d", sts); + return false; + } + + signature->resize(length); + + if (use_rsa) { + sts = OEMCrypto_GenerateRSASignature( + oec_session_id_, + reinterpret_cast(message.data()), + message.size(), + reinterpret_cast(const_cast(signature->data())), + &length); + } + else { + sts = OEMCrypto_GenerateSignature( + oec_session_id_, + reinterpret_cast(message.data()), + message.size(), + reinterpret_cast(const_cast(signature->data())), &length); } @@ -383,7 +410,6 @@ bool CryptoSession::GenerateSignature(const std::string& message, return false; } - signature->assign(reinterpret_cast(signature_buf), length); return true; } @@ -481,8 +507,7 @@ bool CryptoSession::RewrapDeviceRSAKey(const std::string& message, const std::string& enc_rsa_key, size_t enc_rsa_key_length, const std::string& rsa_key_iv, - uint8_t* wrapped_rsa_key, - size_t* wrapped_rsa_key_length) { + std::string* wrapped_rsa_key) { LOGV("CryptoSession::RewrapDeviceRSAKey: Lock+++"); CryptoEngine* crypto_engine = CryptoEngine::GetInstance(); AutoLock auto_lock(crypto_engine->crypto_lock_); @@ -496,9 +521,13 @@ bool CryptoSession::RewrapDeviceRSAKey(const std::string& message, if (enc_rsa_key.size() >= MAC_KEY_SIZE && rsa_key_iv.size() >= KEY_IV_SIZE) { msg_rsa_key = signed_msg + GetOffset(message, enc_rsa_key); msg_rsa_key_iv = signed_msg + GetOffset(message, rsa_key_iv); - msg_nonce = reinterpret_cast(signed_msg + GetOffset(message, nonce)); + msg_nonce = reinterpret_cast( + signed_msg + GetOffset(message, nonce)); } + // Gets wrapped_rsa_key_length by passing NULL as uint8_t* wrapped_rsa_key + // and 0 as wrapped_rsa_key_length. + size_t wrapped_rsa_key_length = 0; OEMCryptoResult status = OEMCrypto_RewrapDeviceRSAKey( oec_session_id_, signed_msg, message.size(), @@ -506,13 +535,32 @@ bool CryptoSession::RewrapDeviceRSAKey(const std::string& message, msg_nonce, msg_rsa_key, enc_rsa_key_length, msg_rsa_key_iv, - wrapped_rsa_key, - wrapped_rsa_key_length); + NULL, + &wrapped_rsa_key_length); + if (status != OEMCrypto_ERROR_SHORT_BUFFER) { + LOGE("OEMCrypto_RewrapDeviceRSAKey fails to get wrapped_rsa_key_length"); + return false; + } + + wrapped_rsa_key->resize(wrapped_rsa_key_length); + status = OEMCrypto_RewrapDeviceRSAKey( + oec_session_id_, + signed_msg, + message.size(), + reinterpret_cast(signature.data()), + signature.size(), + msg_nonce, + msg_rsa_key, + enc_rsa_key_length, + msg_rsa_key_iv, + reinterpret_cast(const_cast(wrapped_rsa_key->data())), + &wrapped_rsa_key_length); if (OEMCrypto_SUCCESS != status) { LOGE("OEMCrypto_RewrapDeviceRSAKey fails with %d", status); return false; } + return true; } diff --git a/libwvdrmengine/cdm/core/src/license.cpp b/libwvdrmengine/cdm/core/src/license.cpp index 0ed97025..c02e6095 100644 --- a/libwvdrmengine/cdm/core/src/license.cpp +++ b/libwvdrmengine/cdm/core/src/license.cpp @@ -202,7 +202,7 @@ bool CdmLicense::PrepareKeyRequest(const CdmInitData& init_data, // Derive signing and encryption keys and construct signature. std::string license_request_signature; if (!session_->PrepareRequest(serialized_license_req, - &license_request_signature)) { + &license_request_signature, false)) { signed_request->clear(); return false; } diff --git a/libwvdrmengine/cdm/include/properties_configuration.h b/libwvdrmengine/cdm/include/properties_configuration.h index 49e7a671..852f55ab 100644 --- a/libwvdrmengine/cdm/include/properties_configuration.h +++ b/libwvdrmengine/cdm/include/properties_configuration.h @@ -24,7 +24,7 @@ const bool kPropertyOemCryptoUseUserSpaceBuffers = false; // If false, keyboxes will be used as client identification // and passed as the token in the license request -const bool kPropertyUseCertificatesAsIdentification = false; +const bool kPropertyUseCertificatesAsIdentification = true; } // namespace wvcdm diff --git a/libwvdrmengine/cdm/test/request_license_test.cpp b/libwvdrmengine/cdm/test/request_license_test.cpp index 3a620c69..e363c321 100644 --- a/libwvdrmengine/cdm/test/request_license_test.cpp +++ b/libwvdrmengine/cdm/test/request_license_test.cpp @@ -24,7 +24,7 @@ std::string g_port; wvcdm::KeyId g_wrong_key_id; int g_use_full_path = 0; // cannot use boolean in getopt_long -static const std::string kDefaultProvisioningServerUrl = +const std::string kDefaultProvisioningServerUrl = "http://www-googleapis-test.sandbox.google.com/certificateprovisioning/v1/devicecertificates/create"; } // namespace @@ -56,7 +56,7 @@ class WvCdmRequestLicenseTest : public testing::Test { app_parameters, &key_msg_, &server_url), wvcdm::KEY_MESSAGE); - EXPECT_EQ(0, server_url.size()); + EXPECT_EQ((size_t)0, server_url.size()); } void GenerateRenewalRequest(const std::string& key_system, @@ -71,7 +71,7 @@ class WvCdmRequestLicenseTest : public testing::Test { app_parameters, &key_msg_, &server_url), wvcdm::KEY_MESSAGE); - EXPECT_NE(0, server_url.size()); + EXPECT_NE((size_t)0, server_url.size()); } // posts a request and extracts the drm message from the response diff --git a/libwvdrmengine/cdm/test/unit-test.mk b/libwvdrmengine/cdm/test/unit-test.mk index 909b8fb1..d71f83d5 100644 --- a/libwvdrmengine/cdm/test/unit-test.mk +++ b/libwvdrmengine/cdm/test/unit-test.mk @@ -43,8 +43,8 @@ LOCAL_STATIC_LIBRARIES := \ LOCAL_WHOLE_STATIC_LIBRARIES := libcdm_protos LOCAL_SHARED_LIBRARIES := \ - libchromium_net \ libcrypto \ + libcutils \ libdl \ liblog \ libstlport \