Cdm to expose GetDeviceInformation() and GetDeviceSignedCsrPayload()
[ Merge of https://widevine-internal-review.googlesource.com/c/cdm/+/178890/ ] GetDeviceInformation() and GetDeviceSignedCsrPayload() are added to cdm_engine and crypto_session, so that they can be queried by DRM plugin. This is to allow the wv drm HAL to be able to extract BCC and CSR payload to build CSR for prov 4 device registration, such that we don't need a separate RKP HAL to do this job. Changes to the DRM plugin to use the exposed methods will be in the coming CL. Bug: 286556950 Test: request_license_test Change-Id: I5f7aed8b3471ea477b79d08b95e1d217dc39070b
This commit is contained in:
Cong Lin
@@ -1417,6 +1417,100 @@ CdmResponseType CryptoSession::GetBootCertificateChain(
|
||||
return CdmResponseType(NO_ERROR);
|
||||
}
|
||||
|
||||
CdmResponseType CryptoSession::GetDeviceInformation(
|
||||
RequestedSecurityLevel requested_security_level, std::string* device_info) {
|
||||
RETURN_IF_NULL(device_info, PARAMETER_NULL);
|
||||
RETURN_IF_UNINITIALIZED(CRYPTO_SESSION_NOT_INITIALIZED);
|
||||
if (GetSecurityLevel(requested_security_level) != kSecurityLevelL1) {
|
||||
LOGE("CDM only supports L1 device_info");
|
||||
return CdmResponseType(NOT_IMPLEMENTED_ERROR);
|
||||
}
|
||||
CdmClientTokenType token_type = kClientTokenUninitialized;
|
||||
const CdmResponseType status =
|
||||
GetProvisioningMethod(requested_security_level, &token_type);
|
||||
if (status != NO_ERROR) {
|
||||
LOGE("Failed to get token type");
|
||||
return status;
|
||||
}
|
||||
if (token_type != kClientTokenBootCertChain) {
|
||||
return CdmResponseType(
|
||||
PROVISIONING_TYPE_IS_NOT_BOOT_CERTIFICATE_CHAIN_ERROR);
|
||||
}
|
||||
|
||||
size_t device_info_length = 0;
|
||||
OEMCryptoResult sts = WithOecReadLock("GetDeviceInformation Attempt 1", [&] {
|
||||
return OEMCrypto_GetDeviceInformation(nullptr, &device_info_length);
|
||||
});
|
||||
if (sts == OEMCrypto_ERROR_SHORT_BUFFER) {
|
||||
device_info->resize(device_info_length);
|
||||
sts = WithOecReadLock("GetDeviceInformation Attempt 2", [&] {
|
||||
return OEMCrypto_GetDeviceInformation(
|
||||
MutableStringDataPointer(device_info), &device_info_length);
|
||||
});
|
||||
}
|
||||
if (sts != OEMCrypto_SUCCESS) {
|
||||
LOGE("OEMCrypto_GetDeviceInformation failed: status = %d",
|
||||
static_cast<int>(sts));
|
||||
device_info->clear();
|
||||
return MapOEMCryptoResult(sts, GET_DEVICE_INFORMATION_ERROR,
|
||||
"GetDeviceInformation");
|
||||
}
|
||||
device_info->resize(device_info_length);
|
||||
return CdmResponseType(NO_ERROR);
|
||||
}
|
||||
|
||||
CdmResponseType CryptoSession::GetDeviceSignedCsrPayload(
|
||||
RequestedSecurityLevel requested_security_level,
|
||||
const std::string& challenge, const std::string& device_info,
|
||||
std::string* signed_csr_payload) {
|
||||
RETURN_IF_NULL(signed_csr_payload, PARAMETER_NULL);
|
||||
RETURN_IF_UNINITIALIZED(CRYPTO_SESSION_NOT_INITIALIZED);
|
||||
if (GetSecurityLevel(requested_security_level) != kSecurityLevelL1) {
|
||||
LOGE("CDM only supports L1 CSR payload");
|
||||
return CdmResponseType(NOT_IMPLEMENTED_ERROR);
|
||||
}
|
||||
CdmClientTokenType token_type = kClientTokenUninitialized;
|
||||
const CdmResponseType status =
|
||||
GetProvisioningMethod(requested_security_level, &token_type);
|
||||
if (status != NO_ERROR) {
|
||||
LOGE("Failed to get token type");
|
||||
return status;
|
||||
}
|
||||
if (token_type != kClientTokenBootCertChain) {
|
||||
return CdmResponseType(
|
||||
PROVISIONING_TYPE_IS_NOT_BOOT_CERTIFICATE_CHAIN_ERROR);
|
||||
}
|
||||
|
||||
size_t signed_csr_payload_length = 0;
|
||||
OEMCryptoResult sts =
|
||||
WithOecReadLock("GetDeviceSignedCsrPayload Attempt 1", [&] {
|
||||
return OEMCrypto_GetDeviceSignedCsrPayload(
|
||||
reinterpret_cast<const uint8_t*>(challenge.data()),
|
||||
challenge.size(),
|
||||
reinterpret_cast<const uint8_t*>(device_info.data()),
|
||||
device_info.size(), nullptr, &signed_csr_payload_length);
|
||||
});
|
||||
if (sts == OEMCrypto_ERROR_SHORT_BUFFER) {
|
||||
signed_csr_payload->resize(signed_csr_payload_length);
|
||||
sts = WithOecReadLock("GetDeviceSignedCsrPayload Attempt 2", [&] {
|
||||
return OEMCrypto_GetDeviceSignedCsrPayload(
|
||||
reinterpret_cast<const uint8_t*>(challenge.data()), challenge.size(),
|
||||
reinterpret_cast<const uint8_t*>(device_info.data()),
|
||||
device_info.size(), MutableStringDataPointer(signed_csr_payload),
|
||||
&signed_csr_payload_length);
|
||||
});
|
||||
}
|
||||
if (sts != OEMCrypto_SUCCESS) {
|
||||
LOGE("OEMCrypto_GetDeviceSignedCsrPayload failed: status = %d",
|
||||
static_cast<int>(sts));
|
||||
signed_csr_payload->clear();
|
||||
return MapOEMCryptoResult(sts, GET_DEVICE_SIGNED_CSR_PAYLOAD_ERROR,
|
||||
"GetDeviceSignedCsrPayload");
|
||||
}
|
||||
signed_csr_payload->resize(signed_csr_payload_length);
|
||||
return CdmResponseType(NO_ERROR);
|
||||
}
|
||||
|
||||
CdmResponseType CryptoSession::GenerateCertificateKeyPair(
|
||||
std::string* public_key, std::string* public_key_signature,
|
||||
std::string* wrapped_private_key, CryptoWrappedKey::Type* key_type) {
|
||||
|
||||
Reference in New Issue
Block a user