widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enable the CDM to track the DRM private key type.

Browse Source 
[ Merge of http://go/wvgerrit/110923 ]

The CDM is responsible for telling OEMCrypto the underlying DRM
private key type when loading it into a session.  To do this, the
CDM must determine and store the key type of a successfully loaded
provisioning response.  The type of key is available from the
DRM certificate proto that is provided in the reponse.

This change introduces a class to contain the wrapped key and
type together.  To store the type, the CDM device files have been
updated to include a key type with the DRM certificate and to
store from and load to the new class.

Unittests have been updated for using the new class where the
wrapped key was used before.

Test: Linux unit tests
Bug: 140813486
Change-Id: I09249afe9c291632fb651ecd00eac697d6939ec7
(cherry picked from commit 6c457402e944079271cef488aa4699f986da6a2e)
Merged-In: I09249afe9c291632fb651ecd00eac697d6939ec7
This commit is contained in:
Alex Dale
2021-01-27 13:19:13 -08:00
parent e70c7a116e
commit e15c0607c7
16 changed files with 451 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
libwvdrmengine/cdm/core/src/device_files.cpp
View File

@@ -112,8 +112,16 @@ bool DeviceFiles::Init(CdmSecurityLevel security_level) {
}
bool DeviceFiles::StoreCertificate(const std::string& certificate,
const std::string& wrapped_private_key) {
const CryptoWrappedKey& private_key) {
RETURN_FALSE_IF_UNINITIALIZED();
if (certificate.empty()) {
LOGE("Missing certificate information");
return false;
}
if (!private_key.IsValid()) {
LOGE("Private key is invalid");
return false;
}
// Fill in file information
video_widevine_client::sdk::File file;
@@ -123,7 +131,19 @@ bool DeviceFiles::StoreCertificate(const std::string& certificate,
DeviceCertificate* device_certificate = file.mutable_device_certificate();
device_certificate->set_certificate(certificate);
device_certificate->set_wrapped_private_key(wrapped_private_key);
device_certificate->set_wrapped_private_key(private_key.key());
switch (private_key.type()) {
case CryptoWrappedKey::kRsa:
device_certificate->set_key_type(DeviceCertificate::RSA);
break;
case CryptoWrappedKey::kEcc:
device_certificate->set_key_type(DeviceCertificate::ECC);
break;
case CryptoWrappedKey::kUninitialized: // Suppress compiler warnings.
default:
LOGE("Unexpected key type");
return false;
}
std::string serialized_file;
file.SerializeToString(&serialized_file);
@@ -134,10 +154,12 @@ bool DeviceFiles::StoreCertificate(const std::string& certificate,
bool DeviceFiles::RetrieveCertificate(bool atsc_mode_enabled,
std::string* certificate,
std::string* wrapped_private_key,
CryptoWrappedKey* private_key,
std::string* serial_number,
uint32_t* system_id) {
RETURN_FALSE_IF_UNINITIALIZED();
RETURN_FALSE_IF_NULL(certificate);
RETURN_FALSE_IF_NULL(private_key);
if (!HasCertificate(atsc_mode_enabled)) {
return false;
@@ -169,7 +191,30 @@ bool DeviceFiles::RetrieveCertificate(bool atsc_mode_enabled,
DeviceCertificate device_certificate = file.device_certificate();
*certificate = device_certificate.certificate();
*wrapped_private_key = device_certificate.wrapped_private_key();
private_key->Clear();
private_key->set_key(device_certificate.wrapped_private_key());
if (device_certificate.has_key_type()) {
const DeviceCertificate::PrivateKeyType key_type =
device_certificate.key_type();
switch (key_type) {
case DeviceCertificate::RSA:
private_key->set_type(CryptoWrappedKey::kRsa);
break;
case DeviceCertificate::ECC:
private_key->set_type(CryptoWrappedKey::kEcc);
break;
default:
LOGW("Unknown DRM key type, defaulting to RSA: type = %d", key_type);
private_key->set_type(CryptoWrappedKey::kRsa);
break;
}
} else {
// Possible that device certificate is from V15, in this case, the
// only supported key of at that time was RSA.
LOGD("No key type info, assuming RSA");
private_key->set_type(CryptoWrappedKey::kRsa);
}
return CertificateProvisioning::ExtractDeviceInfo(
device_certificate.certificate(), serial_number, system_id);
}