Enable the CDM to track the DRM private key type.

[ Merge of http://go/wvgerrit/110923 ] The CDM is responsible for telling OEMCrypto the underlying DRM private key type when loading it into a session. To do this, the CDM must determine and store the key type of a successfully loaded provisioning response. The type of key is available from the DRM certificate proto that is provided in the reponse. This change introduces a class to contain the wrapped key and type together. To store the type, the CDM device files have been updated to include a key type with the DRM certificate and to store from and load to the new class. Unittests have been updated for using the new class where the wrapped key was used before. Test: Linux unit tests Bug: 140813486 Change-Id: I09249afe9c291632fb651ecd00eac697d6939ec7 (cherry picked from commit 6c457402e944079271cef488aa4699f986da6a2e) Merged-In: I09249afe9c291632fb651ecd00eac697d6939ec7
2021-01-27 13:19:13 -08:00
parent e70c7a116e
commit e15c0607c7
16 changed files with 451 additions and 140 deletions
--- a/libwvdrmengine/cdm/core/include/crypto_session.h
+++ b/libwvdrmengine/cdm/core/include/crypto_session.h
@@ -13,6 +13,7 @@
 #include <vector>

 #include "OEMCryptoCENC.h"
+#include "crypto_wrapped_key.h"
 #include "disallow_copy_and_assign.h"
 #include "key_session.h"
 #include "metrics_collections.h"
@@ -170,7 +171,7 @@ class CryptoSession {
                                           const std::string& signature,
                                           std::string* wrapped_private_key);
  virtual CdmResponseType LoadCertificatePrivateKey(
-      const std::string& wrapped_key);
+      const CryptoWrappedKey& private_key);

  // Media data path
  virtual CdmResponseType Decrypt(const CdmDecryptionParametersV16& params);
--- a/libwvdrmengine/cdm/core/include/crypto_wrapped_key.h
+++ b/libwvdrmengine/cdm/core/include/crypto_wrapped_key.h
@@ -0,0 +1,52 @@
+// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine License
+// Agreement.
+#ifndef WVCDM_CORE_CRYPTO_WRAPPED_KEY_H_
+#define WVCDM_CORE_CRYPTO_WRAPPED_KEY_H_
+
+#include <string>
+
+namespace wvcdm {
+
+// Represents OEMCrypto's wrapped private DRM key.  As of v16, it is
+// possible for OEMCrypto to support ECC-based DRM certificates. The
+// format of the wrapped key is vendor specific; however, the API
+// requires that the CDM track whether the wrapped key is RSA or ECC.
+class CryptoWrappedKey {
+ public:
+  enum Type : int32_t { kUninitialized = 0, kRsa = 1, kEcc = 2 };
+  CryptoWrappedKey() {}
+  CryptoWrappedKey(Type type, const std::string& key)
+      : type_(type), key_(key) {}
+
+  Type type() const { return type_; }
+  void set_type(Type type) { type_ = type; }
+
+  const std::string& key() const { return key_; }
+  // Mutable reference getter for passing to OMECrypto.
+  std::string& key() { return key_; }
+  void set_key(const std::string& key) { key_ = key; }
+
+  void Clear() {
+    type_ = kUninitialized;
+    key_.clear();
+  }
+  // A valid key must have a known key type and have key data.
+  bool IsValid() const { return type_ != kUninitialized && !key_.empty(); }
+  // Equality operator is for testing only.  Real keys may have
+  // different meta data but the same logical key.
+  bool operator==(const CryptoWrappedKey& other) const {
+    return type_ == other.type_ && key_ == other.key_;
+  }
+
+ private:
+  // DRM key type of the wrapped key.  For wrapped keys which the type
+  // of key is unknown, assume it to be RSA.
+  Type type_ = kUninitialized;
+  // Vendor-specific wrapped DRM key.
+  std::string key_;
+};  // class CryptoWrappedKey
+
+}  // namespace wvcdm
+
+#endif  // WVCDM_CORE_CRYPTO_WRAPPED_KEY_H_
--- a/libwvdrmengine/cdm/core/include/device_files.h
+++ b/libwvdrmengine/cdm/core/include/device_files.h
@@ -9,6 +9,7 @@
 #include <string>
 #include <vector>

+#include "crypto_wrapped_key.h"
 #include "device_files.pb.h"
 #include "disallow_copy_and_assign.h"
 #include "platform.h"
@@ -98,10 +99,10 @@ class DeviceFiles {
  // ATSC certificates are installed by the ATSC service. They can be read
  // and used but not written or removed.
  virtual bool StoreCertificate(const std::string& certificate,
-                                const std::string& wrapped_private_key);
+                                const CryptoWrappedKey& private_key);
  virtual bool RetrieveCertificate(bool atsc_mode_enabled,
                                   std::string* certificate,
-                                   std::string* wrapped_private_key,
+                                   CryptoWrappedKey* private_key,
                                   std::string* serial_number,
                                   uint32_t* system_id);
  virtual bool HasCertificate(bool atsc_mode_enabled);
@@ -269,6 +270,7 @@ class DeviceFiles {
  FRIEND_TEST(DeviceFilesSecurityLevelTest, SecurityLevel);
  FRIEND_TEST(DeviceCertificateTest, StoreCertificate);
  FRIEND_TEST(DeviceCertificateTest, ReadCertificate);
+  FRIEND_TEST(DeviceCertificateTest, ReadCertificateWithoutKeyType);
  FRIEND_TEST(DeviceCertificateTest, HasCertificate);
  FRIEND_TEST(DeviceFilesStoreTest, StoreLicense);
  FRIEND_TEST(DeviceFilesHlsAttributesTest, Delete);
--- a/libwvdrmengine/cdm/core/include/wv_cdm_types.h
+++ b/libwvdrmengine/cdm/core/include/wv_cdm_types.h
@@ -417,6 +417,7 @@ enum CdmResponseType : int32_t {
  RESTORE_OFFLINE_LICENSE_ERROR_3 = 362,
  NO_SRM_VERSION = 363,
  SESSION_NOT_FOUND_23 = 364,
+  CERT_PROVISIONING_RESPONSE_ERROR_9 = 365,
  // Don't forget to add new values to
  //  * core/test/test_printers.cpp.
  //  * android/include/mapErrors-inl.h