Use local provisioning server

Merge from Widevine repo of http://go/wvgerrit/133703 and http://ag/14707867 [ Cherry-pick of http://ag/15835345 ] In order to use a local provisioning server, we need to use a different test keybox system id that is in the dev device database instead of the production database. We also need to use a local license server that uses the dev license server. Bug: 187646550 Test: GtsMediaTestCases Change-Id: Ice89143dd26de22757375a770c6bac716fcbc057 Add Keybox OTA Provisioning functions to OEMCrypto header Merge from Widevine repo of http://go/wvgerrit/133704 and http://go/ag/14707868 Bug: 188228998 Change-Id: Iff54bc2870e87bf7239e179e1d02fbcc8df6198f Stub build changes to support OTA Keybox Merge from Widevine repo of http://go/wvgerrit/133725 and http://go/ag/14781459 This CL adds a new unit test file for testing OTA keybox reprovisioning functionality. This new test is built when running the dynamic adapter in the linux build, and in the Android build. Bug: 187646550 Change-Id: I625513840188f95e74831ef2ea399e827e837439 Add OTA Keybox functions to dynamic adapter Merge from Widevine repo of http://go/wvgerrit/125843 and http://go/ag/14781460 Bug: 187646550 Change-Id: Ief78ed10599c091690e0d7dc488ea71674c763b5 Refactor dynamic adapter keybox verification Merge from Widevine repo of http://go/wvgerrit/133727 http://go/ag/14812524 The keybox validation needs to be done separately from initializing the library so that we can support Keybox OTA Reprovisioning. If L1 loads, but the keybox is missing, the initialization should succeed. When the keybox is validated, the adapter should try to look for a keybox on the filesystem. if none is found, it should either return NEEDS PROVISIONING or an error. Bug: 187646550 Change-Id: I34a8c365a5a5ca35c379bea827c85c749964744c Update crypto session to use new OTA keybox functionality Merge from Widevine repo of http://go/wvgerrit/133728 and http://go/ag/14812525 This CL stubs out two new CryptoSession functions that call the new OEMCrypto functions for OTA Keybox Provisioning. It builds! Yay! It also adds a boolean needs_keybox_provisioning that is set to true when OEMCrypto reports that it needs a keybox. This should only happen if there is no keybox installed and oemcrypto supports provisioning. Bug: 187646550 Change-Id: Ide9533943125aa13b8899b652b118a0b410c882c
2021-05-25 01:33:04 +00:00
parent 3b179876b8
commit bac33dbc6e
17 changed files with 526 additions and 98 deletions
--- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
+++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
@@ -624,6 +624,9 @@ typedef enum OEMCrypto_ProvisioningMethod {
 #define OEMCrypto_MinorAPIVersion             _oecc108
 #define OEMCrypto_AllocateSecureBuffer        _oecc109
 #define OEMCrypto_FreeSecureBuffer            _oecc110
+// Reserved 111-112.
+#define OEMCrypto_GenerateOTARequest          _oecc113
+#define OEMCrypto_ProcessOTAKeybox            _oecc114
 // clang-format on

 /// @addtogroup initcontrol
@@ -2963,7 +2966,24 @@ OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod(void);
 * @retval OEMCrypto_ERROR_INVALID_RSA_KEY
 * @retval OEMCrypto_ERROR_SYSTEM_INVALIDATED
 *
- * @threading
+ *   On devices that support OEMCrypto_GenerateOTARequest and
+ *   OEMCrypto_ProcessOTAKeybox, this function may return
+ *   OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING when a valid keybox is not
+ *   present.
+ *
+ * Parameters:
+ *   none
+ *
+ * Returns:
+ *   OEMCrypto_SUCCESS
+ *   OEMCrypto_ERROR_BAD_MAGIC
+ *   OEMCrypto_ERROR_BAD_CRC
+ *   OEMCrypto_ERROR_KEYBOX_INVALID
+ *   OEMCrypto_ERROR_INVALID_RSA_KEY
+ *   OEMCrypto_ERROR_SYSTEM_INVALIDATED
+ *   OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING
+ *
+ * Threading:
 *   This is a "Property Function" and may be called simultaneously with any
 *   other property function or session function, but not any initialization or
 *   usage table function, as if the CDM holds a read lock on the OEMCrypto
@@ -4719,6 +4739,93 @@ OEMCryptoResult OEMCrypto_FreeSecureBuffer(

 /// @}

+/****************************************************************************/
+/****************************************************************************/
+/* The following functions are optional. They are only used if the device
+ * supports OTA keybox provisioning.  Widevine does not allow all devices to
+ * support OTA provisioning. Using an OTA provisioned keybox usually lowers a
+ * device's security profile in the DCSL. Please work with your Widevine Partner
+ * Engineer before implementing these functions to make sure you understand the
+ * security implications of using Keybox OTA Provisioning.
+ */
+
+/*
+ * OEMCrypto_GenerateOTARequest
+ *
+ * Description:
+ *   Generate an OTA Keybox provisioning request. The format of the
+ *   message is specified in the document Keybox OTA Reprovisioning. If
+ *   use_test_key is true, then the debug model key and id should be
+ *   used. Widevine does not allow all devices to support OTA
+ *   provisioning. Using an OTA provisioned keybox usually lowers a device's
+ *   security profile in the DCSL.
+ *
+ * Parameters:
+ *   [out] buffer: where the provisioning request is stored.
+ *   [in/out] buffer_length: length of the request, in bytes.
+ *   [in] use_test_key: If true, use the debug model key. This is used for
+ *   testing the workflow.
+ *
+ * Returns:
+ *   OEMCrypto_SUCCESS on success
+ *   OEMCrypto_ERROR_SHORT_BUFFER - if buffer_length is too small.
+ *   OEMCrypto_ERROR_NOT_IMPLEMENTED
+ *   Any other error will be logged.
+ *
+ * Threading:
+ *   This is an "Initialization and Termination Function" and will not be called
+ *   simultaneously with any other function, as if the CDM holds a write lock on
+ *   the OEMCrypto system. It will be called only after
+ *   OEMCrypto_IsKeyboxOrOEMCertValid() returns
+ *   OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING immediately after initialization,
+ *   and before any session is opened.
+ *
+ * Version:
+ *   This method is new in API version 16.
+ */
+OEMCryptoResult OEMCrypto_GenerateOTARequest(uint8_t* buffer,
+                                             size_t* buffer_length,
+                                             bool use_test_key);
+/*
+ * OEMCrypto_ProcessOTAKeybox
+ *
+ * Description:
+ *   The buffer will be parsed as an OTA Keybox provisioning message, as
+ *   described in the document OTA Keybox Reprovisioning. The
+ *   signature will be verified. The keybox will be decrypted and verified. If
+ *   use_test_key is false, the keybox will be installed permanently.
+ *
+ *   If use_test_keybox is true, do not use the real model key, use the debug
+ *   model key specified in OTA Keybox Reprovisioning.
+ *
+ * Parameters:
+ *   [in] buffer: pointer to provisioning response.
+ *   [in] buffer_length: length of the buffer, in bytes.
+ *   [in] use_test_key: If true, use the debug model key. This is used for
+ *   testing the workflow.
+ *
+ * Returns:
+ *   OEMCrypto_SUCCESS on success
+ *   OEMCrypto_ERROR_NOT_IMPLEMENTED
+ *   OEMCrypto_ERROR_SIGNATURE_FAILURE - signature of message was wrong.
+ *   OEMCrypto_ERROR_KEYBOX_INVALID - if the keybox was unpacked, but is
+ *      invalid.
+ *   OEMCrypto_ERROR_WRITE_KEYBOX - could not save keybox.
+ *   Any other error will be logged.
+ *
+ * Threading:
+ *   This is an "Initialization and Termination Function" and will not be called
+ *   simultaneously with any other function, as if the CDM holds a write lock on
+ *   the OEMCrypto system. It will only be called after
+ *   OEMCrypto_GenerateOTARequest.
+ *
+ * Version:
+ *   This method is new in API version 16.
+ */
+OEMCryptoResult OEMCrypto_ProcessOTAKeybox(const uint8_t* buffer,
+                                           size_t buffer_length,
+                                           bool use_test_key);
+
 /****************************************************************************/
 /****************************************************************************/
 /* The following functions are deprecated.  They are not required for the