widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Report OEMCrypto's ECC capabilities.

Browse Source 
[ Merge of http://go/wvgerrit/110824 ]

When generating a provisioning request, the CDM includes the different
certificate key types that are supported.

This change will enable the reporting of ECC certificate types if
OEMCrypto supports them.

Test: Linux unit tests and Android integration test
Bug: 140813486
Change-Id: I713ff1c469dff5c8a41461727ce63486d962575e
(cherry picked from commit 547d2f8775)
Merged-In: I713ff1c469dff5c8a41461727ce63486d962575e
This commit is contained in:
Alex Dale
2021-01-27 11:37:21 -08:00
parent 5e982e8fff
commit e70c7a116e
4 changed files with 78 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libwvdrmengine/cdm/core/include/crypto_session.h
View File

@@ -54,6 +54,9 @@ class CryptoSession {
bool rsa_2048_bit; bool rsa_2048_bit;
bool rsa_3072_bit; bool rsa_3072_bit;
bool rsa_cast; bool rsa_cast;
bool ecc_secp256r1;
bool ecc_secp384r1;
bool ecc_secp521r1;
}; };
// Creates an instance of CryptoSession with the given |crypto_metrics|. // Creates an instance of CryptoSession with the given |crypto_metrics|.

69
libwvdrmengine/cdm/core/src/client_identification.cpp
View File

@@ -56,7 +56,9 @@ bool IsPropertyKeyReserved(const std::string& prop_name) {
} // namespace } // namespace
// Protobuf generated classes. // Protobuf generated classes.
using video_widevine::ClientIdentification_ClientCapabilities; using ClientCapabilities =
video_widevine::ClientIdentification::ClientCapabilities;
using AnalogOutputCapabilities = ClientCapabilities::AnalogOutputCapabilities;
using video_widevine::ClientIdentification_NameValue; using video_widevine::ClientIdentification_NameValue;
using video_widevine::EncryptedClientIdentification; using video_widevine::EncryptedClientIdentification;
using video_widevine::ProvisioningOptions; using video_widevine::ProvisioningOptions;
@@ -187,7 +189,7 @@ CdmResponseType ClientIdentification::Prepare(
client_id->set_provider_client_token(provider_client_token); client_id->set_provider_client_token(provider_client_token);
} }
ClientIdentification_ClientCapabilities* client_capabilities = ClientCapabilities* client_capabilities =
client_id->mutable_client_capabilities(); client_id->mutable_client_capabilities();
client_capabilities->set_client_token(true); client_capabilities->set_client_token(true);
@@ -214,38 +216,31 @@ CdmResponseType ClientIdentification::Prepare(
switch (max_version) { switch (max_version) {
case HDCP_NONE: case HDCP_NONE:
client_capabilities->set_max_hdcp_version( client_capabilities->set_max_hdcp_version(
video_widevine:: ClientCapabilities::HDCP_NONE);
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_NONE);
break; break;
case HDCP_V1: case HDCP_V1:
client_capabilities->set_max_hdcp_version( client_capabilities->set_max_hdcp_version(
video_widevine:: ClientCapabilities::HDCP_V1);
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_V1);
break; break;
case HDCP_V2: case HDCP_V2:
client_capabilities->set_max_hdcp_version( client_capabilities->set_max_hdcp_version(
video_widevine:: ClientCapabilities::HDCP_V2);
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_V2);
break; break;
case HDCP_V2_1: case HDCP_V2_1:
client_capabilities->set_max_hdcp_version( client_capabilities->set_max_hdcp_version(
video_widevine:: ClientCapabilities::HDCP_V2_1);
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_V2_1);
break; break;
case HDCP_V2_2: case HDCP_V2_2:
client_capabilities->set_max_hdcp_version( client_capabilities->set_max_hdcp_version(
video_widevine:: ClientCapabilities::HDCP_V2_2);
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_V2_2);
break; break;
case HDCP_V2_3: case HDCP_V2_3:
client_capabilities->set_max_hdcp_version( client_capabilities->set_max_hdcp_version(
video_widevine:: ClientCapabilities::HDCP_V2_3);
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_V2_3);
break; break;
case HDCP_NO_DIGITAL_OUTPUT: case HDCP_NO_DIGITAL_OUTPUT:
client_capabilities->set_max_hdcp_version( client_capabilities->set_max_hdcp_version(
video_widevine:: ClientCapabilities::HDCP_NO_DIGITAL_OUTPUT);
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_NO_DIGITAL_OUTPUT);
break; break;
default: default:
LOGW("Unexpected HDCP max capability version: max_version = %d", LOGW("Unexpected HDCP max capability version: max_version = %d",
@@ -258,13 +253,23 @@ CdmResponseType ClientIdentification::Prepare(
if (crypto_session_->GetSupportedCertificateTypes(&supported_certs)) { if (crypto_session_->GetSupportedCertificateTypes(&supported_certs)) {
if (supported_certs.rsa_2048_bit) { if (supported_certs.rsa_2048_bit) {
client_capabilities->add_supported_certificate_key_type( client_capabilities->add_supported_certificate_key_type(
video_widevine:: ClientCapabilities::RSA_2048);
ClientIdentification_ClientCapabilities_CertificateKeyType_RSA_2048);
} }
if (supported_certs.rsa_3072_bit) { if (supported_certs.rsa_3072_bit) {
client_capabilities->add_supported_certificate_key_type( client_capabilities->add_supported_certificate_key_type(
video_widevine:: ClientCapabilities::RSA_3072);
ClientIdentification_ClientCapabilities_CertificateKeyType_RSA_3072); }
if (supported_certs.ecc_secp256r1) {
client_capabilities->add_supported_certificate_key_type(
ClientCapabilities::ECC_SECP256R1);
}
if (supported_certs.ecc_secp384r1) {
client_capabilities->add_supported_certificate_key_type(
ClientCapabilities::ECC_SECP384R1);
}
if (supported_certs.ecc_secp521r1) {
client_capabilities->add_supported_certificate_key_type(
ClientCapabilities::ECC_SECP521R1);
} }
} }
@@ -280,33 +285,27 @@ CdmResponseType ClientIdentification::Prepare(
bool can_support_cgms_a; bool can_support_cgms_a;
if (crypto_session_->GetAnalogOutputCapabilities( if (crypto_session_->GetAnalogOutputCapabilities(
&can_support_output, &can_disable_output, &can_support_cgms_a)) { &can_support_output, &can_disable_output, &can_support_cgms_a)) {
video_widevine::ClientIdentification_ClientCapabilities_AnalogOutputCapabilities AnalogOutputCapabilities capabilities =
capabilities = video_widevine:: ClientCapabilities::ANALOG_OUTPUT_NONE;
ClientIdentification_ClientCapabilities_AnalogOutputCapabilities_ANALOG_OUTPUT_NONE;
if (can_support_output) { if (can_support_output) {
if (can_support_cgms_a) { if (can_support_cgms_a) {
capabilities = video_widevine:: capabilities = ClientCapabilities::ANALOG_OUTPUT_SUPPORTS_CGMS_A;
ClientIdentification_ClientCapabilities_AnalogOutputCapabilities_ANALOG_OUTPUT_SUPPORTS_CGMS_A;
} else { } else {
capabilities = video_widevine:: capabilities = ClientCapabilities::ANALOG_OUTPUT_SUPPORTED;
ClientIdentification_ClientCapabilities_AnalogOutputCapabilities_ANALOG_OUTPUT_SUPPORTED;
} }
} }
client_capabilities->set_analog_output_capabilities(capabilities); client_capabilities->set_analog_output_capabilities(capabilities);
client_capabilities->set_can_disable_analog_output(can_disable_output); client_capabilities->set_can_disable_analog_output(can_disable_output);
} else { } else {
client_capabilities->set_analog_output_capabilities( client_capabilities->set_analog_output_capabilities(
video_widevine:: ClientCapabilities::ANALOG_OUTPUT_UNKNOWN);
ClientIdentification_ClientCapabilities_AnalogOutputCapabilities_ANALOG_OUTPUT_UNKNOWN);
} }
uint32_t version, tier; if (api_version >= OEM_CRYPTO_API_VERSION_SUPPORTS_RESOURCE_RATING_TIER) {
if (crypto_session_->GetApiVersion(&version)) { uint32_t tier;
if (version >= OEM_CRYPTO_API_VERSION_SUPPORTS_RESOURCE_RATING_TIER) { if (crypto_session_->GetResourceRatingTier(&tier)) {
if (crypto_session_->GetResourceRatingTier(&tier)) { client_capabilities->set_resource_rating_tier(tier);
client_capabilities->set_resource_rating_tier(tier);
}
} }
} }

12
libwvdrmengine/cdm/core/src/crypto_session.cpp
View File

@@ -1888,14 +1888,16 @@ bool CryptoSession::GetSupportedCertificateTypes(
LOGV("Getting supported certificate types: id = %u", oec_session_id_); LOGV("Getting supported certificate types: id = %u", oec_session_id_);
RETURN_IF_UNINITIALIZED(false); RETURN_IF_UNINITIALIZED(false);
RETURN_IF_NULL(support, false); RETURN_IF_NULL(support, false);
const uint32_t oec_support =
uint32_t oec_support; WithOecReadLock("GetSupportedCertificateTypes", [&] {
WithOecReadLock("GetSupportedCertificateTypes", [&] { return OEMCrypto_SupportedCertificates(requested_security_level_);
oec_support = OEMCrypto_SupportedCertificates(requested_security_level_); });
});
support->rsa_2048_bit = oec_support & OEMCrypto_Supports_RSA_2048bit; support->rsa_2048_bit = oec_support & OEMCrypto_Supports_RSA_2048bit;
support->rsa_3072_bit = oec_support & OEMCrypto_Supports_RSA_3072bit; support->rsa_3072_bit = oec_support & OEMCrypto_Supports_RSA_3072bit;
support->rsa_cast = oec_support & OEMCrypto_Supports_RSA_CAST; support->rsa_cast = oec_support & OEMCrypto_Supports_RSA_CAST;
support->ecc_secp256r1 = oec_support & OEMCrypto_Supports_ECC_secp256r1;
support->ecc_secp384r1 = oec_support & OEMCrypto_Supports_ECC_secp384r1;
support->ecc_secp521r1 = oec_support & OEMCrypto_Supports_ECC_secp521r1;
return true; return true;
} }

67
libwvdrmengine/cdm/core/test/license_unittest.cpp
View File

@@ -116,7 +116,10 @@ const std::string kLicenseRequestSignature = a2bs_hex(
const std::string kFakeCoreMessage = a2bs_hex("DEADBEEF"); const std::string kFakeCoreMessage = a2bs_hex("DEADBEEF");
const CryptoSession::SupportedCertificateTypes kDefaultSupportedCertTypes = { const CryptoSession::SupportedCertificateTypes kDefaultSupportedCertTypes = {
true, true, true}; /* RSA 2048 */ true, /* RSA 3072 */ true,
/* RSA CAST */ false,
/* ECC 256 */ true, /* ECC 384 */ true,
/* ECC 521 */ true};
const std::string kFakeEntitlementKeyId = const std::string kFakeEntitlementKeyId =
a2bs_hex("2a538231c616c67143032a645f9c545d"); a2bs_hex("2a538231c616c67143032a645f9c545d");
@@ -171,6 +174,8 @@ class MockInitializationData : public InitializationData {
} // namespace } // namespace
// Protobuf generated classes // Protobuf generated classes
using ClientCapabilities =
video_widevine::ClientIdentification::ClientCapabilities;
using video_widevine::ClientIdentification; using video_widevine::ClientIdentification;
using video_widevine::License; using video_widevine::License;
using video_widevine::License_KeyContainer; using video_widevine::License_KeyContainer;
@@ -304,7 +309,7 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidation) {
bool usage_information_support = true; bool usage_information_support = true;
CryptoSession::HdcpCapability current_hdcp_version = HDCP_NO_DIGITAL_OUTPUT; CryptoSession::HdcpCapability current_hdcp_version = HDCP_NO_DIGITAL_OUTPUT;
CryptoSession::HdcpCapability max_hdcp_version = HDCP_V2_1; CryptoSession::HdcpCapability max_hdcp_version = HDCP_V2_1;
uint32_t crypto_session_api_version = 9; const uint32_t crypto_session_api_version = 16;
EXPECT_CALL(*crypto_session_, IsOpen()).WillOnce(Return(true)); EXPECT_CALL(*crypto_session_, IsOpen()).WillOnce(Return(true));
EXPECT_CALL(*crypto_session_, request_id()) EXPECT_CALL(*crypto_session_, request_id())
@@ -315,10 +320,10 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidation) {
EXPECT_CALL(*crypto_session_, GetHdcpCapabilities(NotNull(), NotNull())) EXPECT_CALL(*crypto_session_, GetHdcpCapabilities(NotNull(), NotNull()))
.WillOnce(DoAll(SetArgPointee<0>(current_hdcp_version), .WillOnce(DoAll(SetArgPointee<0>(current_hdcp_version),
SetArgPointee<1>(max_hdcp_version), Return(NO_ERROR))); SetArgPointee<1>(max_hdcp_version), Return(NO_ERROR)));
// Supported certificates set by SetUp().
EXPECT_CALL(*crypto_session_, GetSupportedCertificateTypes(NotNull())); EXPECT_CALL(*crypto_session_, GetSupportedCertificateTypes(NotNull()));
EXPECT_CALL(*crypto_session_, GetApiVersion(NotNull())) EXPECT_CALL(*crypto_session_, GetApiVersion(NotNull()))
.Times(2) .WillOnce(
.WillRepeatedly(
DoAll(SetArgPointee<0>(crypto_session_api_version), Return(true))); DoAll(SetArgPointee<0>(crypto_session_api_version), Return(true)));
EXPECT_CALL(*clock_, GetCurrentTime()).WillOnce(Return(kLicenseStartTime)); EXPECT_CALL(*clock_, GetCurrentTime()).WillOnce(Return(kLicenseStartTime));
EXPECT_CALL(*crypto_session_, GenerateNonce(NotNull())) EXPECT_CALL(*crypto_session_, GenerateNonce(NotNull()))
@@ -379,24 +384,22 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidation) {
EXPECT_FALSE(client_id.has_provider_client_token()); EXPECT_FALSE(client_id.has_provider_client_token());
EXPECT_FALSE(client_id.has_license_counter()); EXPECT_FALSE(client_id.has_license_counter());
const ::video_widevine::ClientIdentification_ClientCapabilities& const ClientCapabilities& client_capabilities =
client_capabilities = client_id.client_capabilities(); client_id.client_capabilities();
EXPECT_TRUE(client_capabilities.has_client_token()); EXPECT_TRUE(client_capabilities.has_client_token());
EXPECT_TRUE(client_capabilities.has_session_token()); EXPECT_TRUE(client_capabilities.has_session_token());
EXPECT_FALSE(client_capabilities.video_resolution_constraints()); EXPECT_FALSE(client_capabilities.video_resolution_constraints());
EXPECT_EQ(video_widevine:: EXPECT_EQ(ClientCapabilities::HDCP_V2_1,
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_V2_1,
client_capabilities.max_hdcp_version()); client_capabilities.max_hdcp_version());
EXPECT_EQ(crypto_session_api_version, EXPECT_EQ(crypto_session_api_version,
client_capabilities.oem_crypto_api_version()); client_capabilities.oem_crypto_api_version());
EXPECT_THAT( EXPECT_THAT(client_capabilities.supported_certificate_key_type(),
client_capabilities.supported_certificate_key_type(), UnorderedElementsAre(ClientCapabilities::RSA_2048,
UnorderedElementsAre( ClientCapabilities::RSA_3072,
video_widevine:: ClientCapabilities::ECC_SECP256R1,
ClientIdentification_ClientCapabilities_CertificateKeyType_RSA_2048, ClientCapabilities::ECC_SECP384R1,
video_widevine:: ClientCapabilities::ECC_SECP521R1));
ClientIdentification_ClientCapabilities_CertificateKeyType_RSA_3072));
EXPECT_FALSE(client_capabilities.has_resource_rating_tier()); EXPECT_FALSE(client_capabilities.has_resource_rating_tier());
// Verify Content Identification // Verify Content Identification
@@ -425,11 +428,12 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidation) {
} }
TEST_F(CdmLicenseTest, PrepareKeyRequestValidationV15) { TEST_F(CdmLicenseTest, PrepareKeyRequestValidationV15) {
bool usage_information_support = true; const bool usage_information_support = true;
CryptoSession::HdcpCapability current_hdcp_version = HDCP_NO_DIGITAL_OUTPUT; const CryptoSession::HdcpCapability current_hdcp_version =
CryptoSession::HdcpCapability max_hdcp_version = HDCP_V2_1; HDCP_NO_DIGITAL_OUTPUT;
uint32_t crypto_session_api_version = 15; const CryptoSession::HdcpCapability max_hdcp_version = HDCP_V2_1;
uint32_t resource_rating_tier = RESOURCE_RATING_TIER_LOW; const uint32_t crypto_session_api_version = 15;
const uint32_t resource_rating_tier = RESOURCE_RATING_TIER_LOW;
EXPECT_CALL(*crypto_session_, IsOpen()).WillOnce(Return(true)); EXPECT_CALL(*crypto_session_, IsOpen()).WillOnce(Return(true));
EXPECT_CALL(*crypto_session_, request_id()) EXPECT_CALL(*crypto_session_, request_id())
@@ -442,8 +446,7 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidationV15) {
SetArgPointee<1>(max_hdcp_version), Return(NO_ERROR))); SetArgPointee<1>(max_hdcp_version), Return(NO_ERROR)));
EXPECT_CALL(*crypto_session_, GetSupportedCertificateTypes(NotNull())); EXPECT_CALL(*crypto_session_, GetSupportedCertificateTypes(NotNull()));
EXPECT_CALL(*crypto_session_, GetApiVersion(NotNull())) EXPECT_CALL(*crypto_session_, GetApiVersion(NotNull()))
.Times(2) .WillOnce(
.WillRepeatedly(
DoAll(SetArgPointee<0>(crypto_session_api_version), Return(true))); DoAll(SetArgPointee<0>(crypto_session_api_version), Return(true)));
EXPECT_CALL(*crypto_session_, GetResourceRatingTier(NotNull())) EXPECT_CALL(*crypto_session_, GetResourceRatingTier(NotNull()))
.WillOnce(DoAll(SetArgPointee<0>(resource_rating_tier), Return(true))); .WillOnce(DoAll(SetArgPointee<0>(resource_rating_tier), Return(true)));
@@ -506,24 +509,22 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidationV15) {
EXPECT_FALSE(client_id.has_provider_client_token()); EXPECT_FALSE(client_id.has_provider_client_token());
EXPECT_FALSE(client_id.has_license_counter()); EXPECT_FALSE(client_id.has_license_counter());
const ::video_widevine::ClientIdentification_ClientCapabilities& const ClientCapabilities& client_capabilities =
client_capabilities = client_id.client_capabilities(); client_id.client_capabilities();
EXPECT_TRUE(client_capabilities.has_client_token()); EXPECT_TRUE(client_capabilities.has_client_token());
EXPECT_TRUE(client_capabilities.has_session_token()); EXPECT_TRUE(client_capabilities.has_session_token());
EXPECT_FALSE(client_capabilities.video_resolution_constraints()); EXPECT_FALSE(client_capabilities.video_resolution_constraints());
EXPECT_EQ(video_widevine:: EXPECT_EQ(ClientCapabilities::HDCP_V2_1,
ClientIdentification_ClientCapabilities_HdcpVersion_HDCP_V2_1,
client_capabilities.max_hdcp_version()); client_capabilities.max_hdcp_version());
EXPECT_EQ(crypto_session_api_version, EXPECT_EQ(crypto_session_api_version,
client_capabilities.oem_crypto_api_version()); client_capabilities.oem_crypto_api_version());
EXPECT_THAT( EXPECT_THAT(client_capabilities.supported_certificate_key_type(),
client_capabilities.supported_certificate_key_type(), UnorderedElementsAre(ClientCapabilities::RSA_2048,
UnorderedElementsAre( ClientCapabilities::RSA_3072,
video_widevine:: ClientCapabilities::ECC_SECP256R1,
ClientIdentification_ClientCapabilities_CertificateKeyType_RSA_2048, ClientCapabilities::ECC_SECP384R1,
video_widevine:: ClientCapabilities::ECC_SECP521R1));
ClientIdentification_ClientCapabilities_CertificateKeyType_RSA_3072));
EXPECT_EQ(resource_rating_tier, client_capabilities.resource_rating_tier()); EXPECT_EQ(resource_rating_tier, client_capabilities.resource_rating_tier());
// Verify Content Identification // Verify Content Identification