Enable the CDM to track the DRM private key type.

[ Merge of http://go/wvgerrit/110923 ]

The CDM is responsible for telling OEMCrypto the underlying DRM
private key type when loading it into a session.  To do this, the
CDM must determine and store the key type of a successfully loaded
provisioning response.  The type of key is available from the
DRM certificate proto that is provided in the reponse.

This change introduces a class to contain the wrapped key and
type together.  To store the type, the CDM device files have been
updated to include a key type with the DRM certificate and to
store from and load to the new class.

Unittests have been updated for using the new class where the
wrapped key was used before.

Test: Linux unit tests
Bug: 140813486
Change-Id: I09249afe9c291632fb651ecd00eac697d6939ec7
(cherry picked from commit 6c457402e944079271cef488aa4699f986da6a2e)
Merged-In: I09249afe9c291632fb651ecd00eac697d6939ec7

libwvdrmengine/cdm/core/src/cdm_session.cpp

@@ -13,6 +13,7 @@
 
 #include "cdm_engine.h"
 #include "clock.h"
+#include "crypto_wrapped_key.h"
 #include "file_store.h"
 #include "log.h"
 #include "properties.h"
@@ -170,18 +171,18 @@ CdmResponseType CdmSession::Init(CdmClientPropertySet* cdm_client_property_set,
 
   // License server client ID token is a stored certificate. Stage it or
   // indicate that provisioning is needed. Get token from stored certificate
-  std::string wrapped_key;
+  CryptoWrappedKey private_key;
   bool atsc_mode_enabled = false;
   if (cdm_client_property_set != nullptr)
     atsc_mode_enabled = cdm_client_property_set->use_atsc_mode();
   if (!file_handle_->RetrieveCertificate(atsc_mode_enabled, &client_token,
-                                         &wrapped_key, &serial_number,
+                                         &private_key, &serial_number,
                                          nullptr)) {
     return NEED_PROVISIONING;
   }
   CdmResponseType load_cert_sts;
   M_TIME(
-      load_cert_sts = crypto_session_->LoadCertificatePrivateKey(wrapped_key),
+      load_cert_sts = crypto_session_->LoadCertificatePrivateKey(private_key),
       crypto_metrics_, crypto_session_load_certificate_private_key_,
       load_cert_sts);
   switch (load_cert_sts) {
@@ -202,9 +203,12 @@ CdmResponseType CdmSession::Init(CdmClientPropertySet* cdm_client_property_set,
   if (forced_session_id) {
     key_set_id_ = *forced_session_id;
   } else {
-    bool ok = GenerateKeySetId(atsc_mode_enabled, &key_set_id_);
-    (void)ok;  // ok is now used when assertions are turned off.
+    const bool ok = GenerateKeySetId(atsc_mode_enabled, &key_set_id_);
     assert(ok);
+    if (!ok) {
+      // Assertions may be disabled
+      LOGE("Could not generate keyset ID");
+    }
   }
 
   session_id_ =

libwvdrmengine/cdm/core/src/certificate_provisioning.cpp

@@ -5,6 +5,7 @@
 #include "certificate_provisioning.h"
 
 #include "client_identification.h"
+#include "crypto_wrapped_key.h"
 #include "device_files.h"
 #include "file_store.h"
 #include "license_protocol.pb.h"
@@ -333,7 +334,8 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
   } else {
     // The response is base64 encoded in a JSON wrapper.
     // Extract it and decode it. On error return an empty string.
-    bool result = ExtractAndDecodeSignedMessage(response_message, &response);
+    const bool result =
+        ExtractAndDecodeSignedMessage(response_message, &response);
     if (!result || response.empty()) {
       LOGE("Provisioning response message is an invalid JSON/base64 string");
       return CERT_PROVISIONING_RESPONSE_ERROR_1;
@@ -391,9 +393,9 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
     return CERT_PROVISIONING_RESPONSE_ERROR_4;
   }
 
-  std::string wrapped_private_key;
+  CryptoWrappedKey private_key;
   const CdmResponseType status = crypto_session_->LoadProvisioning(
-      signed_message, core_message, signature, &wrapped_private_key);
+      signed_message, core_message, signature, &private_key.key());
 
   if (status != NO_ERROR) {
     LOGE("LoadProvisioning failed: status = %d", static_cast<int>(status));
@@ -404,15 +406,46 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
   crypto_session_->Close();
 
   // This is the entire certificate (SignedDrmDeviceCertificate).
-  const std::string& device_certificate =
+  const std::string& device_cert_data =
       provisioning_response.device_certificate();
 
   if (cert_type_ == kCertificateX509) {
-    *cert = device_certificate;
-    *wrapped_key = wrapped_private_key;
+    *cert = device_cert_data;
+    *wrapped_key = private_key.key();
     return NO_ERROR;
   }
 
+  // Need to parse cert for key type.
+  SignedDrmDeviceCertificate signed_device_cert;
+  if (!signed_device_cert.ParseFromString(device_cert_data)) {
+    LOGE("Failed to parse signed DRM certificate");
+    return CERT_PROVISIONING_RESPONSE_ERROR_9;
+  }
+  DrmDeviceCertificate device_cert;
+  if (!device_cert.ParseFromString(signed_device_cert.drm_certificate())) {
+    LOGE("Failed to parse DRM certificate");
+    return CERT_PROVISIONING_RESPONSE_ERROR_9;
+  }
+  if (!device_cert.has_algorithm()) {
+    LOGW("DRM certificate does not specify algorithm type, assuming RSA");
+    private_key.set_type(CryptoWrappedKey::kRsa);
+  } else {
+    switch (device_cert.algorithm()) {
+      case DrmDeviceCertificate::RSA:
+        private_key.set_type(CryptoWrappedKey::kRsa);
+        break;
+      case DrmDeviceCertificate::ECC_SECP256R1:
+      case DrmDeviceCertificate::ECC_SECP384R1:
+      case DrmDeviceCertificate::ECC_SECP521R1:
+        private_key.set_type(CryptoWrappedKey::kEcc);
+        break;
+      default:
+        LOGE("Unknown DRM key type: algorithm = %d",
+             static_cast<int>(device_cert.algorithm()));
+        return CERT_PROVISIONING_RESPONSE_ERROR_9;
+    }
+  }
+
   // The certificate will be stored to the device as the final step in
   // the device provisioning process.
 
@@ -421,7 +454,7 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
     LOGE("Failed to initialize DeviceFiles");
     return CERT_PROVISIONING_RESPONSE_ERROR_7;
   }
-  if (!handle.StoreCertificate(device_certificate, wrapped_private_key)) {
+  if (!handle.StoreCertificate(device_cert_data, private_key)) {
     LOGE("Failed to store provisioning certificate");
     return CERT_PROVISIONING_RESPONSE_ERROR_8;
   }

libwvdrmengine/cdm/core/src/crypto_session.cpp

@@ -1271,28 +1271,33 @@ CdmResponseType CryptoSession::LoadEntitledContentKeys(
 }
 
 CdmResponseType CryptoSession::LoadCertificatePrivateKey(
-    const std::string& wrapped_key) {
+    const CryptoWrappedKey& private_key) {
   // TODO(b/141655126): Getting the OEM Cert no longer loads the private key.
   // Call OEMCrypto_GetOEMPublicCertificate before OEMCrypto_LoadDRMPrivateKey
   // so it caches the OEMCrypto Public Key and then throw away result
   std::string temp_buffer(CERTIFICATE_DATA_SIZE, '\0');
   size_t buf_size = temp_buffer.size();
   uint8_t* buf = reinterpret_cast<uint8_t*>(&temp_buffer[0]);
-  OEMCryptoResult sts;
-  WithOecSessionLock(
+  OEMCryptoResult sts = WithOecSessionLock(
       "LoadCertificatePrivateKey() calling OEMCrypto_GetOEMPublicCertificate",
       [&] {
-        sts = OEMCrypto_GetOEMPublicCertificate(buf, &buf_size,
-                                                requested_security_level_);
+        return OEMCrypto_GetOEMPublicCertificate(buf, &buf_size,
+                                                 requested_security_level_);
       });
   metrics_->oemcrypto_get_oem_public_certificate_.Increment(sts);
 
-  LOGV("Loading device RSA key: id = %u", oec_session_id_);
+  const OEMCrypto_PrivateKeyType key_type =
+      (private_key.type() == CryptoWrappedKey::kEcc)
+          ? OEMCrypto_ECC_Private_Key
+          : OEMCrypto_RSA_Private_Key;
+  const std::string& wrapped_key = private_key.key();
+
+  LOGV("Loading device DRM key: id = %u", oec_session_id_);
   // TODO(b/140813486): determine if cert is RSA or ECC.
   WithOecSessionLock(
       "LoadCertificatePrivateKey() calling OEMCrypto_LoadDRMPrivateKey()", [&] {
         M_TIME(sts = OEMCrypto_LoadDRMPrivateKey(
-                   oec_session_id_, OEMCrypto_RSA_Private_Key,
+                   oec_session_id_, key_type,
                    reinterpret_cast<const uint8_t*>(wrapped_key.data()),
                    wrapped_key.size()),
                metrics_, oemcrypto_load_device_rsa_key_, sts);

libwvdrmengine/cdm/core/src/device_files.cpp

@@ -112,8 +112,16 @@ bool DeviceFiles::Init(CdmSecurityLevel security_level) {
 }
 
 bool DeviceFiles::StoreCertificate(const std::string& certificate,
-                                   const std::string& wrapped_private_key) {
+                                   const CryptoWrappedKey& private_key) {
   RETURN_FALSE_IF_UNINITIALIZED();
+  if (certificate.empty()) {
+    LOGE("Missing certificate information");
+    return false;
+  }
+  if (!private_key.IsValid()) {
+    LOGE("Private key is invalid");
+    return false;
+  }
 
   // Fill in file information
   video_widevine_client::sdk::File file;
@@ -123,7 +131,19 @@ bool DeviceFiles::StoreCertificate(const std::string& certificate,
 
   DeviceCertificate* device_certificate = file.mutable_device_certificate();
   device_certificate->set_certificate(certificate);
-  device_certificate->set_wrapped_private_key(wrapped_private_key);
+  device_certificate->set_wrapped_private_key(private_key.key());
+  switch (private_key.type()) {
+    case CryptoWrappedKey::kRsa:
+      device_certificate->set_key_type(DeviceCertificate::RSA);
+      break;
+    case CryptoWrappedKey::kEcc:
+      device_certificate->set_key_type(DeviceCertificate::ECC);
+      break;
+    case CryptoWrappedKey::kUninitialized:  // Suppress compiler warnings.
+    default:
+      LOGE("Unexpected key type");
+      return false;
+  }
 
   std::string serialized_file;
   file.SerializeToString(&serialized_file);
@@ -134,10 +154,12 @@ bool DeviceFiles::StoreCertificate(const std::string& certificate,
 
 bool DeviceFiles::RetrieveCertificate(bool atsc_mode_enabled,
                                       std::string* certificate,
-                                      std::string* wrapped_private_key,
+                                      CryptoWrappedKey* private_key,
                                       std::string* serial_number,
                                       uint32_t* system_id) {
   RETURN_FALSE_IF_UNINITIALIZED();
+  RETURN_FALSE_IF_NULL(certificate);
+  RETURN_FALSE_IF_NULL(private_key);
 
   if (!HasCertificate(atsc_mode_enabled)) {
     return false;
@@ -169,7 +191,30 @@ bool DeviceFiles::RetrieveCertificate(bool atsc_mode_enabled,
 
   DeviceCertificate device_certificate = file.device_certificate();
   *certificate = device_certificate.certificate();
-  *wrapped_private_key = device_certificate.wrapped_private_key();
+  private_key->Clear();
+  private_key->set_key(device_certificate.wrapped_private_key());
+  if (device_certificate.has_key_type()) {
+    const DeviceCertificate::PrivateKeyType key_type =
+        device_certificate.key_type();
+    switch (key_type) {
+      case DeviceCertificate::RSA:
+        private_key->set_type(CryptoWrappedKey::kRsa);
+        break;
+      case DeviceCertificate::ECC:
+        private_key->set_type(CryptoWrappedKey::kEcc);
+        break;
+      default:
+        LOGW("Unknown DRM key type, defaulting to RSA: type = %d", key_type);
+        private_key->set_type(CryptoWrappedKey::kRsa);
+        break;
+    }
+  } else {
+    // Possible that device certificate is from V15, in this case, the
+    // only supported key of at that time was RSA.
+    LOGD("No key type info, assuming RSA");
+    private_key->set_type(CryptoWrappedKey::kRsa);
+  }
+
   return CertificateProvisioning::ExtractDeviceInfo(
       device_certificate.certificate(), serial_number, system_id);
 }

libwvdrmengine/cdm/core/src/device_files.proto

@@ -21,8 +21,13 @@ message NameValue {
 }
 
 message DeviceCertificate {
+  enum PrivateKeyType {
+    RSA = 0;
+    ECC = 1;
+  }
   optional bytes certificate = 1;
   optional bytes wrapped_private_key = 2;
+  optional PrivateKeyType key_type = 3 [default = RSA];
 }
 
 message License {