Merge "OEMCrypto Testing: Don't return key data if no keybox" into sc-v2-dev am: ecb4d64e41 am: 6a005a95b9
Original change: https://googleplex-android-review.googlesource.com/c/platform/vendor/widevine/+/16300800 Change-Id: I48765d04825722e493e5f175941c6ebbb57e6a0c
This commit is contained in:
Jeff Tinker
@@ -671,7 +671,9 @@ uint32_t GetDebugIgnoreKeyboxCount() {
|
||||
LOGE("Could not parse an integer from '%s'", contents.c_str());
|
||||
count = 0;
|
||||
}
|
||||
LOGD("Using IgnoreDebugKeyboxCount = %u", count);
|
||||
if (count > 0) {
|
||||
LOGD("Using IgnoreDebugKeyboxCount = %u", count);
|
||||
}
|
||||
return count;
|
||||
}
|
||||
|
||||
@@ -1239,6 +1241,19 @@ class Adapter {
|
||||
: OEMCrypto_ERROR_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
bool IsOTAKeyboxSupported() {
|
||||
// TODO(b/206570220): work around for failing Keybox reprovisioning is
|
||||
// to fall back to Level 3 if the keybox is not found.
|
||||
// Put this back when we can: *needs_keybox_provisioning = true;
|
||||
return false;
|
||||
if (!level1_valid_) return false;
|
||||
if (!level1_.GenerateOTARequest) return false;
|
||||
size_t buffer_size = 500; // a large buffer.
|
||||
std::vector<uint8_t> buffer(buffer_size);
|
||||
return level1_.GenerateOTARequest(0, buffer.data(), &buffer_size, 0) !=
|
||||
OEMCrypto_ERROR_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
private:
|
||||
bool level1_valid_;
|
||||
bool level1_initialized_;
|
||||
@@ -1318,6 +1333,8 @@ OEMCryptoResult OEMCrypto_InitializeAndCheckKeybox(
|
||||
gAdapter.reset(new Adapter());
|
||||
}
|
||||
const OEMCryptoResult status = gAdapter->Initialize();
|
||||
// TODO(fredgc): if L1 is successful, but L3 is not, this does not try to
|
||||
// continue on.
|
||||
if (status != OEMCrypto_SUCCESS) return status;
|
||||
const OEMCryptoResult keybox_status =
|
||||
gAdapter->ValidateOrInstallKeyboxOrCert();
|
||||
@@ -1327,9 +1344,15 @@ OEMCryptoResult OEMCrypto_InitializeAndCheckKeybox(
|
||||
if (ignore_count > 0) {
|
||||
LOGD("Ignoring keybox status %d", static_cast<int>(keybox_status));
|
||||
}
|
||||
LOGD("L1 has no keybox. Falling back to L3.");
|
||||
gAdapter->FallBackToLevel3();
|
||||
return OEMCrypto_SUCCESS;
|
||||
if (gAdapter->IsOTAKeyboxSupported()) {
|
||||
LOGD("L1 needs keybox reprovisioning.");
|
||||
*needs_keybox_provisioning = true;
|
||||
return OEMCrypto_SUCCESS;
|
||||
} else {
|
||||
LOGD("L1 has no keybox. Falling back to L3.");
|
||||
gAdapter->FallBackToLevel3();
|
||||
return OEMCrypto_SUCCESS;
|
||||
}
|
||||
}
|
||||
return keybox_status;
|
||||
}
|
||||
@@ -1367,6 +1390,10 @@ OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID, size_t* idLength,
|
||||
const FunctionPointers* fcn = gAdapter->GetFunctionPointers(level);
|
||||
if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION;
|
||||
if (fcn->GetDeviceID == nullptr) return OEMCrypto_ERROR_NOT_IMPLEMENTED;
|
||||
const uint32_t ignore_count = GetDebugIgnoreKeyboxCount();
|
||||
if (ignore_count > 0 && fcn->security_level == wvcdm::kSecurityLevelL1) {
|
||||
return OEMCrypto_ERROR_KEYBOX_INVALID;
|
||||
}
|
||||
return fcn->GetDeviceID(deviceID, idLength);
|
||||
}
|
||||
|
||||
@@ -1376,6 +1403,10 @@ OEMCryptoResult OEMCrypto_GetKeyData(uint8_t* keyData, size_t* keyDataLength,
|
||||
const FunctionPointers* fcn = gAdapter->GetFunctionPointers(level);
|
||||
if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION;
|
||||
if (fcn->GetKeyData == nullptr) return OEMCrypto_ERROR_NOT_IMPLEMENTED;
|
||||
const uint32_t ignore_count = GetDebugIgnoreKeyboxCount();
|
||||
if (ignore_count > 0 && fcn->security_level == wvcdm::kSecurityLevelL1) {
|
||||
return OEMCrypto_ERROR_KEYBOX_INVALID;
|
||||
}
|
||||
return fcn->GetKeyData(keyData, keyDataLength);
|
||||
}
|
||||
|
||||
@@ -2928,11 +2959,12 @@ extern "C" OEMCryptoResult OEMCrypto_GenerateOTARequest(
|
||||
OEMCrypto_SESSION session, uint8_t* buffer, size_t* buffer_length,
|
||||
uint32_t use_test_key) {
|
||||
if (!gAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||
const FunctionPointers* fcn = gAdapter->GetFunctionPointers(kLevelDefault);
|
||||
if (!fcn) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||
if (fcn->GenerateOTARequest == nullptr)
|
||||
LevelSession pair = gAdapter->GetSession(session);
|
||||
if (!pair.fcn) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||
if (pair.fcn->GenerateOTARequest == nullptr)
|
||||
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
|
||||
return fcn->GenerateOTARequest(session, buffer, buffer_length, use_test_key);
|
||||
return pair.fcn->GenerateOTARequest(pair.session, buffer, buffer_length,
|
||||
use_test_key);
|
||||
}
|
||||
|
||||
extern "C" OEMCryptoResult OEMCrypto_ProcessOTAKeybox(OEMCrypto_SESSION session,
|
||||
|
||||
Reference in New Issue
Block a user