widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Widevine CENC drm engine update

Browse Source 
bug: 8601053

This import syncs to the widevine git repository change
commit 6a99ad1b59ad39495f62954b3065ddc22b78da49

It includes the following changes from the widevine git
repository, which complete the jb-mr2 features

    Fix Unit Test Makefile
    Adds support for device certificate provisioning.
    Support application parameters
    Certificate based licensing
    Proto for client files
    Implement Property Query API
    Add Device Query For Unique ID
    Implement Generic Crypto in DrmEngine
    Do not validate Key IDs on clear playback
    Allow OEMCrypto_DecryptCTR with clear content and no key
    Add a case to the MediaDrm API test to repro b/8594163
    Implement requiresSecureDecoderComponent
    Implement Eventing API
    Add end-to-end decryption test with vectors
    Refactoring of properties class
    Refactor OEMCrypto unittest.
    Fix for b/8567853: License renewal doesn't renew license.
    Add KEY_ERROR callback to WvContentDecryptionModule() ctor.
    Merged certificate_provisioning.proto and
      client_identification.proto to license_protocol.proto.
    Fix nonce check failure after a malformed key in OEC Mock.
    asynchronize decryption
    Allow querying of control information
    make debugging AddKey & Decrypt statuses easier
    Revert "Revert "Send KEY_ERROR event to app on license
      expiration or failure""
    Revert "Send KEY_ERROR event to app on license expiration
      or failure"
    Send KEY_ERROR event to app on license expiration or failure
    remove extra session id copy
    use KeyError constants directly
    replace variable-length arrays with std::vector and fixed-sized array
    pass session ids as const references
    refactor key extraction and update keys on renewal
    Updates to enable renewals and signaling license expiration.
    fix error constant in OEMCrypto_DecryptCTR

Change-Id: I5f7236c7bdff1d5ece6115fd2893f8a1e1e07c50
This commit is contained in:
Jeff Tinker
2013-04-12 14:12:16 -07:00
parent 2f980d7d7e
commit e6b1fedc4c
63 changed files with 2885 additions and 1134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

194
libwvdrmengine/cdm/core/src/crypto_session.cpp
View File

@@ -11,6 +11,7 @@
#include "log.h"
// TODO(gmorgan,jtinker): decide if OEMCryptoCENC is needed here.
#include "OEMCryptoCENC.h"
#include "properties.h"
#include "string_conversions.h"
#include "wv_cdm_constants.h"
@@ -114,39 +115,18 @@ bool CryptoSession::PrepareRequest(const std::string& message,
return false;
}
uint8_t signature_buf[32];
size_t length = 32;
OEMCryptoResult sts;
std::string mac_deriv_message;
std::string enc_deriv_message;
GenerateMacContext(message, &mac_deriv_message);
GenerateEncryptContext(message, &enc_deriv_message);
LOGV("GenerateDerivedKeys: id=%ld", (uint32_t) oec_session_id_);
sts = OEMCrypto_GenerateDerivedKeys(
oec_session_id_,
reinterpret_cast<const uint8_t*>(mac_deriv_message.data()),
mac_deriv_message.size(),
reinterpret_cast<const uint8_t*>(enc_deriv_message.data()),
enc_deriv_message.size());
if (OEMCrypto_SUCCESS != sts) {
return false;
if (!Properties::use_certificates_as_identification()) {
if (!GenerateDerivedKeys(message)) {
return false;
}
}
LOGV("GenerateSignature: id=%ld", (uint32_t) oec_session_id_);
sts = OEMCrypto_GenerateSignature(
oec_session_id_,
reinterpret_cast<const uint8_t*>(message.data()),
message.size(),
signature_buf,
&length);
if (OEMCrypto_SUCCESS != sts) {
if (!GenerateSignature(message, signature)) {
return false;
}
signature->assign(reinterpret_cast<const char*>(signature_buf), length);
return true;
}
@@ -155,17 +135,15 @@ bool CryptoSession::PrepareRenewalRequest(const std::string& message,
LOGV("CryptoSession::PrepareRenewalRequest: Lock");
CryptoEngine* crypto_engine = CryptoEngine::GetInstance();
AutoLock auto_lock(crypto_engine->crypto_lock_);
uint8_t signature_buf[32];
size_t length = 32;
OEMCryptoResult sts = OEMCrypto_GenerateSignature(
oec_session_id_, reinterpret_cast<const uint8_t*>(message.data()),
message.size(), signature_buf, &length);
if (OEMCrypto_SUCCESS != sts) {
if (!signature) {
LOGE("CryptoSession::PrepareRenewalRequest : No output destination provided.");
return false;
}
signature->assign(reinterpret_cast<const char*>(signature_buf), length);
if (!GenerateSignature(message, signature)) {
return false;
}
return true;
}
@@ -255,6 +233,25 @@ bool CryptoSession::LoadKeys(const std::string& message,
num_keys, &load_key_array[0]));
}
bool CryptoSession::LoadCertificatePrivateKey(std::string& wrapped_key) {
LOGV("CryptoSession::LoadKeys: Lock");
CryptoEngine* crypto_engine = CryptoEngine::GetInstance();
AutoLock auto_lock(crypto_engine->crypto_lock_);
LOGV("LoadDeviceRSAKey: id=%ld", (uint32_t) oec_session_id_);
OEMCryptoResult sts = OEMCrypto_LoadDeviceRSAKey(
oec_session_id_,
reinterpret_cast<const uint8_t*>(wrapped_key.data()),
wrapped_key.size());
if (OEMCrypto_SUCCESS != sts) {
LOGD("LoadCertificatePrivateKey: OEMCrypto_LoadDeviceRSAKey error=%d", sts);
return false;
}
return true;
}
bool CryptoSession::RefreshKeys(const std::string& message,
const std::string& signature,
int num_keys,
@@ -310,6 +307,85 @@ bool CryptoSession::SelectKey(const std::string& key_id) {
return true;
}
bool CryptoSession::GenerateDerivedKeys(const std::string& message) {
std::string mac_deriv_message;
std::string enc_deriv_message;
GenerateMacContext(message, &mac_deriv_message);
GenerateEncryptContext(message, &enc_deriv_message);
LOGV("GenerateDerivedKeys: id=%ld", (uint32_t) oec_session_id_);
OEMCryptoResult sts = OEMCrypto_GenerateDerivedKeys(
oec_session_id_,
reinterpret_cast<const uint8_t*>(mac_deriv_message.data()),
mac_deriv_message.size(),
reinterpret_cast<const uint8_t*>(enc_deriv_message.data()),
enc_deriv_message.size());
if (OEMCrypto_SUCCESS != sts) {
LOGD("GenerateDerivedKeys: OEMCrypto_GenerateDerivedKeys error=%d", sts);
return false;
}
return true;
}
bool CryptoSession::GenerateDerivedKeys(const std::string& message,
const std::string& session_key) {
std::string mac_deriv_message;
std::string enc_deriv_message;
GenerateMacContext(message, &mac_deriv_message);
GenerateEncryptContext(message, &enc_deriv_message);
LOGV("GenerateDerivedKeys: id=%ld", (uint32_t) oec_session_id_);
OEMCryptoResult sts = OEMCrypto_DeriveKeysFromSessionKey(
oec_session_id_,
reinterpret_cast<const uint8_t*>(session_key.data()),
session_key.size(),
reinterpret_cast<const uint8_t*>(mac_deriv_message.data()),
mac_deriv_message.size(),
reinterpret_cast<const uint8_t*>(enc_deriv_message.data()),
enc_deriv_message.size());
if (OEMCrypto_SUCCESS != sts) {
LOGD("GenerateDerivedKeys: OEMCrypto_DeriveKeysFromSessionKey err=%d", sts);
return false;
}
return true;
}
bool CryptoSession::GenerateSignature(const std::string& message,
std::string* signature) {
LOGV("GenerateSignature: id=%ld", (uint32_t) oec_session_id_);
uint8_t signature_buf[32];
uint32_t length = 32;
OEMCryptoResult sts;
if (Properties::use_certificates_as_identification()) {
sts = OEMCrypto_GenerateRSASignature(
oec_session_id_,
reinterpret_cast<const uint8_t*>(message.data()),
message.size(),
signature_buf,
&length);
}
else {
sts = OEMCrypto_GenerateSignature(
oec_session_id_,
reinterpret_cast<const uint8_t*>(message.data()),
message.size(),
signature_buf,
&length);
}
if (OEMCrypto_SUCCESS != sts) {
LOGD("GenerateSignature: OEMCrypto_GenerateSignature err=%d", sts);
return false;
}
signature->assign(reinterpret_cast<const char*>(signature_buf), length);
return true;
}
CdmResponseType CryptoSession::Decrypt(bool is_encrypted,
const uint8_t* encrypt_buffer,
size_t encrypt_length,
@@ -370,10 +446,7 @@ bool CryptoSession::GenerateNonce(uint32_t* nonce) {
bool CryptoSession::SetDestinationBufferType() {
CryptoEngine* crypto_engine = CryptoEngine::GetInstance();
if (!crypto_engine->properties_valid())
return false;
if (crypto_engine->oem_crypto_use_secure_buffers()) {
if (Properties::oem_crypto_use_secure_buffers()) {
if (crypto_engine->GetSecurityLevel() == CryptoEngine::kSecurityLevelL1) {
destination_buffer_type_ = OEMCrypto_BufferType_Secure;
}
@@ -381,10 +454,10 @@ bool CryptoSession::SetDestinationBufferType() {
destination_buffer_type_ = OEMCrypto_BufferType_Clear;
}
}
else if (crypto_engine->oem_crypto_use_fifo()) {
else if (Properties::oem_crypto_use_fifo()) {
destination_buffer_type_ = OEMCrypto_BufferType_Direct;
}
else if (crypto_engine->oem_crypto_use_userspace_buffers()) {
else if (Properties::oem_crypto_use_userspace_buffers()) {
destination_buffer_type_ = OEMCrypto_BufferType_Clear;
}
else {
@@ -395,4 +468,47 @@ bool CryptoSession::SetDestinationBufferType() {
return true;
}
bool CryptoSession::RewrapDeviceRSAKey(const std::string& message,
const uint32_t* nonce,
const uint8_t* enc_rsa_key,
size_t enc_rsa_key_length,
const uint8_t* enc_rsa_key_iv,
uint8_t* wrapped_rsa_key,
size_t* wrapped_rsa_key_length) {
LOGV("CryptoSession::RewrapDeviceRSAKey: Lock+++");
CryptoEngine* crypto_engine = CryptoEngine::GetInstance();
AutoLock auto_lock(crypto_engine->crypto_lock_);
LOGV("crypto session id=%ld", static_cast<uint32_t>(oec_session_id_));
// HMAC-SHA256 signature
uint8_t signature[kSignatureSize];
size_t signature_length = kSignatureSize;
OEMCryptoResult status = OEMCrypto_GenerateSignature(
oec_session_id_,
reinterpret_cast<const uint8_t*>(message.data()),
message.size(),
signature,
&signature_length);
if (OEMCrypto_SUCCESS != status) {
LOGE("CryptoSession::RewrapDeviceRSAKey: GenerateSiganture failed");
return false;
}
status = OEMCrypto_RewrapDeviceRSAKey(
oec_session_id_,
reinterpret_cast<const uint8_t*>(message.data()), message.length(),
signature, signature_length,
nonce,
enc_rsa_key, enc_rsa_key_length,
enc_rsa_key_iv,
wrapped_rsa_key,
wrapped_rsa_key_length);
if (OEMCrypto_SUCCESS != status) {
return false;
}
return true;
}
}; // namespace wvcdm