Enable the CDM to track the DRM private key type.

[ Merge of http://go/wvgerrit/110923 ] The CDM is responsible for telling OEMCrypto the underlying DRM private key type when loading it into a session. To do this, the CDM must determine and store the key type of a successfully loaded provisioning response. The type of key is available from the DRM certificate proto that is provided in the reponse. This change introduces a class to contain the wrapped key and type together. To store the type, the CDM device files have been updated to include a key type with the DRM certificate and to store from and load to the new class. Unittests have been updated for using the new class where the wrapped key was used before. Test: Linux unit tests Bug: 140813486 Change-Id: I09249afe9c291632fb651ecd00eac697d6939ec7 (cherry picked from commit 6c457402e944079271cef488aa4699f986da6a2e) Merged-In: I09249afe9c291632fb651ecd00eac697d6939ec7
2021-01-27 13:19:13 -08:00
parent e70c7a116e
commit e15c0607c7
16 changed files with 451 additions and 140 deletions
--- a/libwvdrmengine/cdm/core/src/crypto_session.cpp
+++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp
@@ -1271,28 +1271,33 @@ CdmResponseType CryptoSession::LoadEntitledContentKeys(
 }

 CdmResponseType CryptoSession::LoadCertificatePrivateKey(
-    const std::string& wrapped_key) {
+    const CryptoWrappedKey& private_key) {
  // TODO(b/141655126): Getting the OEM Cert no longer loads the private key.
  // Call OEMCrypto_GetOEMPublicCertificate before OEMCrypto_LoadDRMPrivateKey
  // so it caches the OEMCrypto Public Key and then throw away result
  std::string temp_buffer(CERTIFICATE_DATA_SIZE, '\0');
  size_t buf_size = temp_buffer.size();
  uint8_t* buf = reinterpret_cast<uint8_t*>(&temp_buffer[0]);
-  OEMCryptoResult sts;
-  WithOecSessionLock(
+  OEMCryptoResult sts = WithOecSessionLock(
      "LoadCertificatePrivateKey() calling OEMCrypto_GetOEMPublicCertificate",
      [&] {
-        sts = OEMCrypto_GetOEMPublicCertificate(buf, &buf_size,
-                                                requested_security_level_);
+        return OEMCrypto_GetOEMPublicCertificate(buf, &buf_size,
+                                                 requested_security_level_);
      });
  metrics_->oemcrypto_get_oem_public_certificate_.Increment(sts);

-  LOGV("Loading device RSA key: id = %u", oec_session_id_);
+  const OEMCrypto_PrivateKeyType key_type =
+      (private_key.type() == CryptoWrappedKey::kEcc)
+          ? OEMCrypto_ECC_Private_Key
+          : OEMCrypto_RSA_Private_Key;
+  const std::string& wrapped_key = private_key.key();
+
+  LOGV("Loading device DRM key: id = %u", oec_session_id_);
  // TODO(b/140813486): determine if cert is RSA or ECC.
  WithOecSessionLock(
      "LoadCertificatePrivateKey() calling OEMCrypto_LoadDRMPrivateKey()", [&] {
        M_TIME(sts = OEMCrypto_LoadDRMPrivateKey(
-                   oec_session_id_, OEMCrypto_RSA_Private_Key,
+                   oec_session_id_, key_type,
                   reinterpret_cast<const uint8_t*>(wrapped_key.data()),
                   wrapped_key.size()),
               metrics_, oemcrypto_load_device_rsa_key_, sts);