Replace OEMCrypto_LoadDeviceRSAKey with OEMCrypto_LoadDRMPrivateKey am: 56b836bda3 am: bb42e9bd41 am: 6b56c1c5ec am: b3657d0a6e

Change-Id: I0dc2f37ce34771592cdd0af4ce905a896a88fccd
2020-03-29 20:13:22 +00:00
parent f88d610570 b3657d0a6e
commit efb0452042
9 changed files with 77 additions and 46 deletions
--- a/libwvdrmengine/cdm/core/src/crypto_session.cpp
+++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp
@@ -1201,7 +1201,7 @@ CdmResponseType CryptoSession::LoadEntitledContentKeys(
 CdmResponseType CryptoSession::LoadCertificatePrivateKey(
    const std::string& wrapped_key) {
  // TODO(b/141655126): Getting the OEM Cert no longer loads the private key.
-  // Call OEMCrypto_GetOEMPublicCertificate before OEMCrypto_LoadDeviceRSAKey
+  // Call OEMCrypto_GetOEMPublicCertificate before OEMCrypto_LoadDRMPrivateKey
  // so it caches the OEMCrypto Public Key and then throw away result
  std::string temp_buffer(CERTIFICATE_DATA_SIZE, '\0');
  size_t buf_size = temp_buffer.size();
@@ -1216,10 +1216,11 @@ CdmResponseType CryptoSession::LoadCertificatePrivateKey(
  metrics_->oemcrypto_get_oem_public_certificate_.Increment(sts);

  LOGV("Loading device RSA key: id = %u", oec_session_id_);
+  // TODO(b/140813486): determine if cert is RSA or ECC.
  WithOecSessionLock(
-      "LoadCertificatePrivateKey() calling OEMCrypto_LoadDeviceRSAKey()", [&] {
-        M_TIME(sts = OEMCrypto_LoadDeviceRSAKey(
-                   oec_session_id_,
+      "LoadCertificatePrivateKey() calling OEMCrypto_LoadDRMPrivateKey()", [&] {
+        M_TIME(sts = OEMCrypto_LoadDRMPrivateKey(
+                   oec_session_id_, OEMCrypto_RSA_Private_Key,
                   reinterpret_cast<const uint8_t*>(wrapped_key.data()),
                   wrapped_key.size()),
               metrics_, oemcrypto_load_device_rsa_key_, sts);
--- a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
+++ b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
@@ -200,6 +200,9 @@ typedef OEMCryptoResult (*L1_RewrapDeviceRSAKey_t)(
 typedef OEMCryptoResult (*L1_LoadDeviceRSAKey_t)(OEMCrypto_SESSION session,
                                                 const uint8_t* wrapped_rsa_key,
                                                 size_t wrapped_rsa_key_length);
+typedef OEMCryptoResult (*L1_LoadDRMPrivateKey_t)(
+    OEMCrypto_SESSION session, OEMCrypto_PrivateKeyType key_type,
+    const uint8_t* wrapped_rsa_key, size_t wrapped_rsa_key_length);
 typedef OEMCryptoResult (*L1_LoadTestRSAKey_t)();
 typedef OEMCryptoResult (*L1_GenerateRSASignature_t)(
    OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
@@ -351,6 +354,7 @@ struct FunctionPointers {
  L1_GetRandom_t GetRandom;
  L1_RewrapDeviceRSAKey_t RewrapDeviceRSAKey;
  L1_LoadDeviceRSAKey_t LoadDeviceRSAKey;
+  L1_LoadDRMPrivateKey_t LoadDRMPrivateKey;
  L1_LoadTestRSAKey_t LoadTestRSAKey;
  L1_GenerateRSASignature_t GenerateRSASignature;
  L1_DeriveKeysFromSessionKey_t DeriveKeysFromSessionKey;
@@ -827,7 +831,8 @@ class Adapter {
    LOOKUP_ALL(10, IsAntiRollbackHwPresent,    OEMCrypto_IsAntiRollbackHwPresent);
    LOOKUP_ALL( 8, IsKeyboxOrOEMCertValid,     OEMCrypto_IsKeyboxOrOEMCertValid);
    LOOKUP_ALL(13, IsSRMUpdateSupported,       OEMCrypto_IsSRMUpdateSupported);
-    LOOKUP_ALL( 8, LoadDeviceRSAKey,           OEMCrypto_LoadDeviceRSAKey);
+    LOOKUP( 8, 15, LoadDeviceRSAKey,           OEMCrypto_LoadDeviceRSAKey);
+    LOOKUP_ALL(16, LoadDRMPrivateKey,          OEMCrypto_LoadDRMPrivateKey);
    LOOKUP( 8,  8, LoadKeys_V8,                OEMCrypto_LoadKeys_V8);
    LOOKUP( 9, 10, LoadKeys_V9_or_V10,         OEMCrypto_LoadKeys_V9_or_V10);
    LOOKUP(11, 12, LoadKeys_V11_or_V12,        OEMCrypto_LoadKeys_V11_or_V12);
@@ -980,6 +985,8 @@ class Adapter {
    level3_.GetRandom                  = Level3_GetRandom;
    level3_.RewrapDeviceRSAKey         = Level3_RewrapDeviceRSAKey;
    level3_.LoadDeviceRSAKey           = Level3_LoadDeviceRSAKey;
+    // TODO(b/139814713): implement V16 DecryptCENC for Haystack L3
+    // level3_.LoadDRMPrivateKey           = Level3_LoadDRMPrivateKey;
    level3_.LoadTestRSAKey             = Level3_LoadTestRSAKey;
    level3_.GenerateRSASignature       = Level3_GenerateRSASignature;
    level3_.DeriveKeysFromSessionKey   = Level3_DeriveKeysFromSessionKey;
@@ -2263,12 +2270,22 @@ extern "C" OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey(
      wrapped_rsa_key_length);
 }

-extern "C" OEMCryptoResult OEMCrypto_LoadDeviceRSAKey(
-    OEMCrypto_SESSION session, const uint8_t* wrapped_rsa_key,
-    size_t wrapped_rsa_key_length) {
+extern "C" OEMCryptoResult OEMCrypto_LoadDRMPrivateKey(
+    OEMCrypto_SESSION session, OEMCrypto_PrivateKeyType key_type,
+    const uint8_t* wrapped_rsa_key, size_t wrapped_rsa_key_length) {
  if (!gAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
  LevelSession pair = gAdapter->GetSession(session);
  if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION;
+  // TODO(152701491): re-introduce version checking. LoadDRMPrivateKey should
+  // always be present for v16 device.
+  if (pair.fcn->LoadDRMPrivateKey != nullptr) {
+    return pair.fcn->LoadDRMPrivateKey(pair.session, key_type, wrapped_rsa_key,
+                                       wrapped_rsa_key_length);
+  }
+  if (key_type != OEMCrypto_RSA_Private_Key) {
+    LOGE("ECC not supported");
+    return OEMCrypto_ERROR_NOT_IMPLEMENTED;
+  }
  if (pair.fcn->LoadDeviceRSAKey == nullptr)
    return OEMCrypto_ERROR_NOT_IMPLEMENTED;
  return pair.fcn->LoadDeviceRSAKey(pair.session, wrapped_rsa_key,