widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Address failures when provisioning methods differ

Browse Source 
[ Merge of http://go/wvgerrit/46907 ]

The WV client supports root of trusts as keyboxes or OEM certificates.
Devices with keyboxes use provisioning 2.0 protocol to provision
while those with OEM certificates use 3.0. L3 provisioning failures
occur if the L1 and L3 root of trusts differ.

The provisioning method is now retrieved and cached when the
security level is known, when the session is opened.
Earlier it was retrieved and cached at initialization time and
always set to the value of L1 OEMCrypto (if present). This led
to provisioning failures.

A case of acquiring a lock while one was held in GetProvisioningId()
has also fixed.

Bug: 77606913
Test: WV unit/integration tests
Change-Id: I2d66ee2cf64f846cec4a37fbccb554447c8a0e1d
This commit is contained in:
Rahul Frias
2018-04-04 23:41:41 -07:00
parent 9d384305b7
commit f0cd22d4f4
9 changed files with 83 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libwvdrmengine/cdm/core/include/crypto_session.h
View File

@@ -199,7 +199,8 @@ class CryptoSession {
private:
friend class CryptoSessionForTest;
bool GetProvisioningMethod(CdmClientTokenType* token_type);
CdmResponseType GetProvisioningMethod(SecurityLevel requested_security_level,
CdmClientTokenType* token_type);
void Init();
void Terminate();
bool GetTokenFromKeybox(std::string* token);

4
libwvdrmengine/cdm/core/include/wv_cdm_types.h
View File

@@ -324,6 +324,7 @@ enum CdmResponseType {
REMOVE_USAGE_INFO_ERROR_1 = 282,
REMOVE_USAGE_INFO_ERROR_2 = 283,
REMOVE_USAGE_INFO_ERROR_3 = 284,
GET_PROVISIONING_METHOD_ERROR = 285,
};
enum CdmKeyStatus {
@@ -397,7 +398,8 @@ enum CdmSigningAlgorithm {
enum CdmClientTokenType {
kClientTokenKeybox,
kClientTokenDrmCert,
kClientTokenOemCert
kClientTokenOemCert,
kClientTokenUninitialized,
};
// kNonSecureUsageSupport - TEE does not provide any support for usage

2
libwvdrmengine/cdm/core/src/cdm_engine.cpp
View File

@@ -757,6 +757,7 @@ CdmResponseType CdmEngine::QueryOemCryptoSessionId(
CdmResponseType CdmEngine::GetProvisioningRequest(
CdmCertificateType cert_type, const std::string& cert_authority,
CdmProvisioningRequest* request, std::string* default_url) {
LOGI("CdmEngine::GetProvisioningRequest");
if (!request) {
LOGE("CdmEngine::GetProvisioningRequest: invalid output parameters");
return INVALID_PROVISIONING_REQUEST_PARAM_1;
@@ -794,6 +795,7 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
CdmResponseType CdmEngine::HandleProvisioningResponse(
const CdmProvisioningResponse& response, std::string* cert,
std::string* wrapped_key) {
LOGI("CdmEngine::HandleProvisioningResponse");
if (response.empty()) {
LOGE("CdmEngine::HandleProvisioningResponse: Empty provisioning response.");
cert_provisioning_.reset(NULL);

51
libwvdrmengine/cdm/core/src/crypto_session.cpp
View File

@@ -138,6 +138,7 @@ CryptoSession::CryptoSession(metrics::CryptoMetrics* metrics)
: metrics_(metrics),
system_id_(-1),
open_(false),
pre_provision_token_type_(kClientTokenUninitialized),
update_usage_table_after_close_session_(false),
is_destination_buffer_type_valid_(false),
requested_security_level_(kLevelDefault),
@@ -160,9 +161,11 @@ CryptoSession::~CryptoSession() {
M_RECORD(metrics_, crypto_session_life_span_, life_span_.AsMs());
}
bool CryptoSession::GetProvisioningMethod(CdmClientTokenType* token_type) {
CdmResponseType CryptoSession::GetProvisioningMethod(
SecurityLevel requested_security_level,
CdmClientTokenType* token_type) {
OEMCrypto_ProvisioningMethod method =
OEMCrypto_GetProvisioningMethod(requested_security_level_);
OEMCrypto_GetProvisioningMethod(requested_security_level);
metrics_->oemcrypto_provisioning_method_.Record(method);
CdmClientTokenType type;
switch (method) {
@@ -179,10 +182,10 @@ bool CryptoSession::GetProvisioningMethod(CdmClientTokenType* token_type) {
default:
LOGE("OEMCrypto_GetProvisioningMethod failed. %d", method);
metrics_->oemcrypto_provisioning_method_.SetError(method);
return false;
return GET_PROVISIONING_METHOD_ERROR;
}
*token_type = type;
return true;
return NO_ERROR;
}
void CryptoSession::Init() {
@@ -198,9 +201,6 @@ void CryptoSession::Init() {
}
initialized_ = true;
}
if (!GetProvisioningMethod(&pre_provision_token_type_)) {
initialized_ = false;
}
}
void CryptoSession::Terminate() {
@@ -594,10 +594,12 @@ bool CryptoSession::GetProvisioningId(std::string* provisioning_id) {
uint8_t buf[KEYBOX_KEY_DATA_SIZE];
size_t buf_size = sizeof(buf);
LOGV("CryptoSession::GetProvisioningId: Lock");
AutoLock auto_lock(crypto_lock_);
if (!initialized_) {
return false;
{
LOGV("CryptoSession::GetProvisioningId: Lock");
AutoLock auto_lock(crypto_lock_);
if (!initialized_) {
return false;
}
}
if (pre_provision_token_type_ == kClientTokenOemCert) {
@@ -614,6 +616,8 @@ bool CryptoSession::GetProvisioningId(std::string* provisioning_id) {
return true;
} else {
OEMCryptoResult sts;
LOGV("CryptoSession::GetProvisioningId: Lock");
AutoLock auto_lock(crypto_lock_);
M_TIME(
sts = OEMCrypto_GetKeyData(buf, &buf_size, requested_security_level_),
metrics_, oemcrypto_get_key_data_, sts, metrics::Pow2Bucket(buf_size));
@@ -633,14 +637,23 @@ uint8_t CryptoSession::GetSecurityPatchLevel() {
}
CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) {
LOGD("CryptoSession::Open: Lock: requested_security_level: %s",
requested_security_level == kLevel3
? QUERY_VALUE_SECURITY_LEVEL_L3.c_str()
: QUERY_VALUE_SECURITY_LEVEL_DEFAULT.c_str());
AutoLock auto_lock(crypto_lock_);
if (!initialized_) return UNKNOWN_ERROR;
if (open_) return NO_ERROR;
{
LOGD("CryptoSession::Open: Lock: requested_security_level: %s",
requested_security_level == kLevel3
? QUERY_VALUE_SECURITY_LEVEL_L3.c_str()
: QUERY_VALUE_SECURITY_LEVEL_DEFAULT.c_str());
AutoLock auto_lock(crypto_lock_);
if (!initialized_) return UNKNOWN_ERROR;
if (open_) return NO_ERROR;
}
CdmResponseType result =
GetProvisioningMethod(requested_security_level,
&pre_provision_token_type_);
if (result != NO_ERROR) return result;
LOGV("CryptoSession::Open: Lock");
AutoLock auto_lock(crypto_lock_);
OEMCrypto_SESSION sid;
requested_security_level_ = requested_security_level;
OEMCryptoResult sts = OEMCrypto_OpenSession(&sid, requested_security_level);
@@ -679,7 +692,7 @@ CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) {
}
CdmUsageSupportType usage_support_type;
CdmResponseType result = GetUsageSupportType(&usage_support_type);
result = GetUsageSupportType(&usage_support_type);
if (result == NO_ERROR) {
metrics_->oemcrypto_usage_table_support_.Record(usage_support_type);
if (usage_support_type == kUsageEntrySupport) {

2
libwvdrmengine/cdm/core/test/test_printers.cpp
View File

@@ -581,6 +581,8 @@ void PrintTo(const enum CdmResponseType& value, ::std::ostream* os) {
break;
case REMOVE_USAGE_INFO_ERROR_3: *os << "REMOVE_USAGE_INFO_ERROR_3";
break;
case GET_PROVISIONING_METHOD_ERROR: *os << "GET_PROVISIONING_METHOD_ERROR";
break;
default:
*os << "Unknown CdmResponseType";
break;

41
libwvdrmengine/cdm/test/request_license_test.cpp
View File

@@ -1620,8 +1620,39 @@ class WvCdmRequestLicenseTest : public WvCdmTestBase {
};
TEST_F(WvCdmRequestLicenseTest, ProvisioningTest) {
decryptor_.OpenSession(g_key_system, NULL, kDefaultCdmIdentifier, NULL,
&session_id_);
Unprovision();
EXPECT_EQ(NEED_PROVISIONING,
decryptor_.OpenSession(g_key_system, NULL,
kDefaultCdmIdentifier, NULL,
&session_id_));
std::string provisioning_server;
CdmCertificateType cert_type = kCertificateWidevine;
std::string cert_authority, cert, wrapped_key;
EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.GetProvisioningRequest(
cert_type, cert_authority,
kDefaultCdmIdentifier, &key_msg_,
&provisioning_server));
EXPECT_EQ(provisioning_server, g_config->provisioning_server());
std::string response =
GetCertRequestResponse(g_config->provisioning_server());
EXPECT_NE(0, static_cast<int>(response.size()));
EXPECT_EQ(wvcdm::NO_ERROR, decryptor_.HandleProvisioningResponse(
kDefaultCdmIdentifier, response, &cert,
&wrapped_key));
EXPECT_EQ(0, static_cast<int>(cert.size()));
EXPECT_EQ(0, static_cast<int>(wrapped_key.size()));
decryptor_.CloseSession(session_id_);
}
TEST_F(WvCdmRequestLicenseTest, L3ProvisioningTest) {
TestWvCdmClientPropertySet property_set_L3;
property_set_L3.set_security_level(QUERY_VALUE_SECURITY_LEVEL_L3);
EXPECT_EQ(NEED_PROVISIONING,
decryptor_.OpenSession(g_key_system, &property_set_L3,
kDefaultCdmIdentifier, NULL,
&session_id_));
std::string provisioning_server;
CdmCertificateType cert_type = kCertificateWidevine;
std::string cert_authority, cert, wrapped_key;
@@ -3764,7 +3795,8 @@ TEST_F(WvCdmRequestLicenseTest, QueryStatus) {
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_.QueryStatus(kLevelDefault,
wvcdm::QUERY_KEY_PROVISIONING_ID, &value));
EXPECT_EQ(16u, value.size());
EXPECT_TRUE(16u == value.size() || 32u == value.size())
<< "provisioning id size: " << value.size();
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_.QueryStatus(
@@ -3866,7 +3898,8 @@ TEST_F(WvCdmRequestLicenseTest, QueryStatusL3) {
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_.QueryStatus(kLevel3, wvcdm::QUERY_KEY_PROVISIONING_ID,
&value));
EXPECT_EQ(16u, value.size());
EXPECT_TRUE(16u == value.size() || 32u == value.size())
<< "provisioning id size: " << value.size();
EXPECT_EQ(wvcdm::NO_ERROR,
decryptor_.QueryStatus(kLevel3, wvcdm::QUERY_KEY_CURRENT_HDCP_LEVEL,