widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge changes I55b1eb04,I839db69a,I43e845b8,I56b6d301,Ia59bfacf, ... into main

Browse Source 
* changes:
  Unit tests for forbidden RSA key usage
  Add DRM reprovisioning request generation
  Correct copyright header
  Fix bcc length for printing
  Update ODK version to 18.4
  Adjust skipping tests when provisioning skipped
  Change test storage to use protobuf
  Remove WvCdmEnginePreProvTestStaging
  Rename and clarify Drm Reprovisioning token types
This commit is contained in:
Rahul Frias
2024-03-26 06:09:26 +00:00
committed by Android (Google) Code Review
parent 284b6bef68 a798692e4e
commit ee77a96d74
22 changed files with 67 additions and 258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libwvdrmengine/cdm/core/src/cdm_engine.cpp
View File

@@ -754,7 +754,7 @@ CdmResponseType CdmEngine::QueryStatus(RequestedSecurityLevel security_level,
}
switch (token_type) {
case kClientTokenDrmCert:
case kClientTokenDrmReprovisioning:
case kClientTokenDrmCertificateReprovisioning:
*query_response = QUERY_VALUE_DRM_CERTIFICATE;
break;
case kClientTokenKeybox:

2
libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
View File

@@ -169,7 +169,7 @@ CertificateProvisioning::GetProvisioningType() {
return SignedProvisioningMessage::PROVISIONING_40;
case kClientTokenOemCert:
return SignedProvisioningMessage::PROVISIONING_30;
case kClientTokenDrmReprovisioning:
case kClientTokenDrmCertificateReprovisioning:
return SignedProvisioningMessage::DRM_REPROVISIONING;
default:
return SignedProvisioningMessage::PROVISIONING_20;

2
libwvdrmengine/cdm/core/src/client_identification.cpp
View File

@@ -404,7 +404,7 @@ bool ClientIdentification::GetProvisioningTokenType(
}
return true;
}
case kClientTokenDrmReprovisioning:
case kClientTokenDrmCertificateReprovisioning:
*token_type =
video_widevine::ClientIdentification::DRM_DEVICE_CERTIFICATE;
return true;

10
libwvdrmengine/cdm/core/src/crypto_session.cpp
View File

@@ -348,7 +348,7 @@ CdmResponseType CryptoSession::GetProvisioningMethod(
type = kClientTokenBootCertChain;
break;
case OEMCrypto_DrmReprovisioning:
type = kClientTokenDrmReprovisioning;
type = kClientTokenDrmCertificateReprovisioning;
break;
case OEMCrypto_ProvisioningError:
default:
@@ -666,7 +666,8 @@ CdmResponseType CryptoSession::GetProvisioningToken(
} else if (pre_provision_token_type_ == kClientTokenBootCertChain) {
status = GetBootCertificateChain(requested_security_level, token,
additional_token);
} else if (pre_provision_token_type_ == kClientTokenDrmReprovisioning) {
} else if (pre_provision_token_type_ ==
kClientTokenDrmCertificateReprovisioning) {
status = GetTokenFromEmbeddedCertificate(token);
}
metrics_->crypto_session_get_token_.Increment(status);
@@ -1275,7 +1276,8 @@ CdmResponseType CryptoSession::PrepareAndSignProvisioningRequest(
should_specify_algorithm = true;
// Do nothing here. The key to signing the provisioning 4.0 request for each
// stage has been loaded already when it was generated by OEMCrypto.
} else if (pre_provision_token_type_ == kClientTokenDrmReprovisioning) {
} else if (pre_provision_token_type_ ==
kClientTokenDrmCertificateReprovisioning) {
should_specify_algorithm = false;
// Do nothing here. The baked-in certificate used as the token has already
// been loaded when the EncryptedClientId was filled in.
@@ -1462,7 +1464,7 @@ CdmResponseType CryptoSession::GetTokenFromEmbeddedCertificate(
LOGE("Failed to get token type");
return sts;
}
if (token_type != kClientTokenDrmReprovisioning) {
if (token_type != kClientTokenDrmCertificateReprovisioning) {
token->clear();
return CdmResponseType(NO_ERROR);
}

4
libwvdrmengine/cdm/core/src/device_files.proto
View File

@@ -20,6 +20,10 @@ message NameValue {
optional string value = 2;
}
message SavedStorage {
map<string, string> files = 1;
}
message OemCertificate {
enum PrivateKeyType {
RSA = 0;

8
libwvdrmengine/cdm/core/src/license_protocol.proto
View File

@@ -1026,7 +1026,8 @@ message SignedProvisioningMessage {
ARCPP_PROVISIONING = 4; // ChromeOS/Arc++ devices.
// Android-Attestation-based OTA keyboxes.
ANDROID_ATTESTATION_KEYBOX_OTA = 6;
// Certificate reprovisioning for internal L3 CDMs only.
// DRM certificate reprovisioning for individualization of embedded
// DRM certificates used by internal L3 CDMs only.
DRM_REPROVISIONING = 7;
INTEL_SIGMA_101 = 101; // Intel Sigma 1.0.1 protocol.
INTEL_SIGMA_210 = 210; // Intel Sigma 2.1.0 protocol.
@@ -1275,8 +1276,9 @@ message DrmCertificate {
DEVICE = 2;
SERVICE = 3;
PROVISIONER = 4;
// Only used by baked-in certificates with internal L3 CDMs that support
// Drm Reprovisioning.
// Only used by internal L3 CDMs with baked-in (embedded) certificates that
// support the Drm Reprovisioning method for individualization of embedded
// certificates.
DEVICE_EMBEDDED = 5;
}
enum ServiceType {

2
libwvdrmengine/cdm/core/src/system_id_extractor.cpp
View File

@@ -60,7 +60,7 @@ bool SystemIdExtractor::ExtractSystemId(uint32_t* system_id) {
switch (type) {
case kClientTokenDrmCert:
// TODO: b/309675153 - Extract system id when using DRM reprovisioning.
case kClientTokenDrmReprovisioning:
case kClientTokenDrmCertificateReprovisioning:
LOGW(
"Cannot get a system ID from a DRM certificate, "
"using null system ID: security_level = %s",

4
libwvdrmengine/cdm/core/src/wv_cdm_types.cpp
View File

@@ -76,8 +76,8 @@ const char* CdmClientTokenTypeToString(CdmClientTokenType type) {
return "BootCertChain";
case kClientTokenUninitialized:
return "Uninitialized";
case kClientTokenDrmReprovisioning:
return "DrmReprovisioning";
case kClientTokenDrmCertificateReprovisioning:
return "DrmCertificateReprovisioning";
}
return UnknownValueRep(type);
}