Rename and clarify Drm Reprovisioning token types
[ Merge of http://go/wvgerrit/194374 ] Renames and adds clarifying comments to Drm Reprovisioning token types. All provisioning methods can be forced to reprovision by apps which can cause reprovisioning to be an overloaded term. Renaming token types used by the Drm Reprovisioning method to more clearly state they are used for Drm Certificate Reprovisioning should help to avoid confusion. This change also adds comments to help clarify when and where Drm Reprovisioning is used as a provisioning type. Bug: b/305093063 Test: WVTS * Added dependency to dynamic perf tests to fix missing header build error. Change-Id: I158eb5672ad9e655a60bc68e0f4f2f7a0d464b4e
This commit is contained in:
Geoffrey Alexander
committed by
Rahul Frias
Rahul Frias
parent
7cc19077ca
commit
e9e4b76817
@@ -607,7 +607,9 @@ enum CdmClientTokenType : int32_t {
|
||||
kClientTokenOemCert,
|
||||
kClientTokenUninitialized,
|
||||
kClientTokenBootCertChain,
|
||||
kClientTokenDrmReprovisioning,
|
||||
// For use by internal L3 CDMs supporting individualization of embedded
|
||||
// drm certificates.
|
||||
kClientTokenDrmCertificateReprovisioning,
|
||||
};
|
||||
|
||||
// kNonSecureUsageSupport - TEE does not provide any support for usage
|
||||
|
||||
@@ -754,7 +754,7 @@ CdmResponseType CdmEngine::QueryStatus(RequestedSecurityLevel security_level,
|
||||
}
|
||||
switch (token_type) {
|
||||
case kClientTokenDrmCert:
|
||||
case kClientTokenDrmReprovisioning:
|
||||
case kClientTokenDrmCertificateReprovisioning:
|
||||
*query_response = QUERY_VALUE_DRM_CERTIFICATE;
|
||||
break;
|
||||
case kClientTokenKeybox:
|
||||
|
||||
@@ -169,7 +169,7 @@ CertificateProvisioning::GetProvisioningType() {
|
||||
return SignedProvisioningMessage::PROVISIONING_40;
|
||||
case kClientTokenOemCert:
|
||||
return SignedProvisioningMessage::PROVISIONING_30;
|
||||
case kClientTokenDrmReprovisioning:
|
||||
case kClientTokenDrmCertificateReprovisioning:
|
||||
return SignedProvisioningMessage::DRM_REPROVISIONING;
|
||||
default:
|
||||
return SignedProvisioningMessage::PROVISIONING_20;
|
||||
|
||||
@@ -404,7 +404,7 @@ bool ClientIdentification::GetProvisioningTokenType(
|
||||
}
|
||||
return true;
|
||||
}
|
||||
case kClientTokenDrmReprovisioning:
|
||||
case kClientTokenDrmCertificateReprovisioning:
|
||||
*token_type =
|
||||
video_widevine::ClientIdentification::DRM_DEVICE_CERTIFICATE;
|
||||
return true;
|
||||
|
||||
@@ -348,7 +348,7 @@ CdmResponseType CryptoSession::GetProvisioningMethod(
|
||||
type = kClientTokenBootCertChain;
|
||||
break;
|
||||
case OEMCrypto_DrmReprovisioning:
|
||||
type = kClientTokenDrmReprovisioning;
|
||||
type = kClientTokenDrmCertificateReprovisioning;
|
||||
break;
|
||||
case OEMCrypto_ProvisioningError:
|
||||
default:
|
||||
@@ -666,7 +666,8 @@ CdmResponseType CryptoSession::GetProvisioningToken(
|
||||
} else if (pre_provision_token_type_ == kClientTokenBootCertChain) {
|
||||
status = GetBootCertificateChain(requested_security_level, token,
|
||||
additional_token);
|
||||
} else if (pre_provision_token_type_ == kClientTokenDrmReprovisioning) {
|
||||
} else if (pre_provision_token_type_ ==
|
||||
kClientTokenDrmCertificateReprovisioning) {
|
||||
status = GetTokenFromEmbeddedCertificate(token);
|
||||
}
|
||||
metrics_->crypto_session_get_token_.Increment(status);
|
||||
@@ -1275,7 +1276,8 @@ CdmResponseType CryptoSession::PrepareAndSignProvisioningRequest(
|
||||
should_specify_algorithm = true;
|
||||
// Do nothing here. The key to signing the provisioning 4.0 request for each
|
||||
// stage has been loaded already when it was generated by OEMCrypto.
|
||||
} else if (pre_provision_token_type_ == kClientTokenDrmReprovisioning) {
|
||||
} else if (pre_provision_token_type_ ==
|
||||
kClientTokenDrmCertificateReprovisioning) {
|
||||
should_specify_algorithm = false;
|
||||
// Do nothing here. The baked-in certificate used as the token has already
|
||||
// been loaded when the EncryptedClientId was filled in.
|
||||
@@ -1462,7 +1464,7 @@ CdmResponseType CryptoSession::GetTokenFromEmbeddedCertificate(
|
||||
LOGE("Failed to get token type");
|
||||
return sts;
|
||||
}
|
||||
if (token_type != kClientTokenDrmReprovisioning) {
|
||||
if (token_type != kClientTokenDrmCertificateReprovisioning) {
|
||||
token->clear();
|
||||
return CdmResponseType(NO_ERROR);
|
||||
}
|
||||
|
||||
@@ -1026,7 +1026,8 @@ message SignedProvisioningMessage {
|
||||
ARCPP_PROVISIONING = 4; // ChromeOS/Arc++ devices.
|
||||
// Android-Attestation-based OTA keyboxes.
|
||||
ANDROID_ATTESTATION_KEYBOX_OTA = 6;
|
||||
// Certificate reprovisioning for internal L3 CDMs only.
|
||||
// DRM certificate reprovisioning for individualization of embedded
|
||||
// DRM certificates used by internal L3 CDMs only.
|
||||
DRM_REPROVISIONING = 7;
|
||||
INTEL_SIGMA_101 = 101; // Intel Sigma 1.0.1 protocol.
|
||||
INTEL_SIGMA_210 = 210; // Intel Sigma 2.1.0 protocol.
|
||||
@@ -1275,8 +1276,9 @@ message DrmCertificate {
|
||||
DEVICE = 2;
|
||||
SERVICE = 3;
|
||||
PROVISIONER = 4;
|
||||
// Only used by baked-in certificates with internal L3 CDMs that support
|
||||
// Drm Reprovisioning.
|
||||
// Only used by internal L3 CDMs with baked-in (embedded) certificates that
|
||||
// support the Drm Reprovisioning method for individualization of embedded
|
||||
// certificates.
|
||||
DEVICE_EMBEDDED = 5;
|
||||
}
|
||||
enum ServiceType {
|
||||
|
||||
@@ -60,7 +60,7 @@ bool SystemIdExtractor::ExtractSystemId(uint32_t* system_id) {
|
||||
switch (type) {
|
||||
case kClientTokenDrmCert:
|
||||
// TODO: b/309675153 - Extract system id when using DRM reprovisioning.
|
||||
case kClientTokenDrmReprovisioning:
|
||||
case kClientTokenDrmCertificateReprovisioning:
|
||||
LOGW(
|
||||
"Cannot get a system ID from a DRM certificate, "
|
||||
"using null system ID: security_level = %s",
|
||||
|
||||
@@ -76,8 +76,8 @@ const char* CdmClientTokenTypeToString(CdmClientTokenType type) {
|
||||
return "BootCertChain";
|
||||
case kClientTokenUninitialized:
|
||||
return "Uninitialized";
|
||||
case kClientTokenDrmReprovisioning:
|
||||
return "DrmReprovisioning";
|
||||
case kClientTokenDrmCertificateReprovisioning:
|
||||
return "DrmCertificateReprovisioning";
|
||||
}
|
||||
return UnknownValueRep(type);
|
||||
}
|
||||
|
||||
@@ -482,7 +482,7 @@ TEST_P(CertificateProvisioningTest, ProvisioningResponseSuccess) {
|
||||
INSTANTIATE_TEST_SUITE_P(
|
||||
CertificateProvisioningTests, CertificateProvisioningTest,
|
||||
testing::Values(kClientTokenKeybox, kClientTokenOemCert,
|
||||
kClientTokenDrmReprovisioning),
|
||||
kClientTokenDrmCertificateReprovisioning),
|
||||
[](const testing::TestParamInfo<CertificateProvisioningTest::ParamType>&
|
||||
param_type) {
|
||||
return CdmClientTokenTypeToString(param_type.param);
|
||||
|
||||
@@ -99,7 +99,7 @@ TEST_F(CryptoSessionMetricsTest, OpenSessionValidMetrics) {
|
||||
} else if (token_type == kClientTokenBootCertChain) {
|
||||
EXPECT_EQ(OEMCrypto_BootCertificateChain,
|
||||
metrics_proto.oemcrypto_provisioning_method().int_value());
|
||||
} else if (token_type == kClientTokenDrmReprovisioning) {
|
||||
} else if (token_type == kClientTokenDrmCertificateReprovisioning) {
|
||||
EXPECT_EQ(OEMCrypto_DrmReprovisioning,
|
||||
metrics_proto.oemcrypto_provisioning_method().int_value());
|
||||
} else {
|
||||
@@ -143,7 +143,7 @@ TEST_F(CryptoSessionMetricsTest, GetProvisioningTokenValidMetrics) {
|
||||
} else if (token_type == kClientTokenBootCertChain) {
|
||||
EXPECT_EQ(OEMCrypto_BootCertificateChain,
|
||||
metrics_proto.oemcrypto_provisioning_method().int_value());
|
||||
} else if (token_type == kClientTokenDrmReprovisioning) {
|
||||
} else if (token_type == kClientTokenDrmCertificateReprovisioning) {
|
||||
EXPECT_EQ(OEMCrypto_DrmReprovisioning,
|
||||
metrics_proto.oemcrypto_provisioning_method().int_value());
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user