Address failures when provisioning methods differ
[ Merge of http://go/wvgerrit/46907 ] The WV client supports root of trusts as keyboxes or OEM certificates. Devices with keyboxes use provisioning 2.0 protocol to provision while those with OEM certificates use 3.0. L3 provisioning failures occur if the L1 and L3 root of trusts differ. The provisioning method is now retrieved and cached when the security level is known, when the session is opened. Earlier it was retrieved and cached at initialization time and always set to the value of L1 OEMCrypto (if present). This led to provisioning failures. A case of acquiring a lock while one was held in GetProvisioningId() has also fixed. Bug: 77606913 Test: WV unit/integration tests Change-Id: I2d66ee2cf64f846cec4a37fbccb554447c8a0e1d
This commit is contained in:
Rahul Frias
@@ -138,6 +138,7 @@ CryptoSession::CryptoSession(metrics::CryptoMetrics* metrics)
|
||||
: metrics_(metrics),
|
||||
system_id_(-1),
|
||||
open_(false),
|
||||
pre_provision_token_type_(kClientTokenUninitialized),
|
||||
update_usage_table_after_close_session_(false),
|
||||
is_destination_buffer_type_valid_(false),
|
||||
requested_security_level_(kLevelDefault),
|
||||
@@ -160,9 +161,11 @@ CryptoSession::~CryptoSession() {
|
||||
M_RECORD(metrics_, crypto_session_life_span_, life_span_.AsMs());
|
||||
}
|
||||
|
||||
bool CryptoSession::GetProvisioningMethod(CdmClientTokenType* token_type) {
|
||||
CdmResponseType CryptoSession::GetProvisioningMethod(
|
||||
SecurityLevel requested_security_level,
|
||||
CdmClientTokenType* token_type) {
|
||||
OEMCrypto_ProvisioningMethod method =
|
||||
OEMCrypto_GetProvisioningMethod(requested_security_level_);
|
||||
OEMCrypto_GetProvisioningMethod(requested_security_level);
|
||||
metrics_->oemcrypto_provisioning_method_.Record(method);
|
||||
CdmClientTokenType type;
|
||||
switch (method) {
|
||||
@@ -179,10 +182,10 @@ bool CryptoSession::GetProvisioningMethod(CdmClientTokenType* token_type) {
|
||||
default:
|
||||
LOGE("OEMCrypto_GetProvisioningMethod failed. %d", method);
|
||||
metrics_->oemcrypto_provisioning_method_.SetError(method);
|
||||
return false;
|
||||
return GET_PROVISIONING_METHOD_ERROR;
|
||||
}
|
||||
*token_type = type;
|
||||
return true;
|
||||
return NO_ERROR;
|
||||
}
|
||||
|
||||
void CryptoSession::Init() {
|
||||
@@ -198,9 +201,6 @@ void CryptoSession::Init() {
|
||||
}
|
||||
initialized_ = true;
|
||||
}
|
||||
if (!GetProvisioningMethod(&pre_provision_token_type_)) {
|
||||
initialized_ = false;
|
||||
}
|
||||
}
|
||||
|
||||
void CryptoSession::Terminate() {
|
||||
@@ -594,10 +594,12 @@ bool CryptoSession::GetProvisioningId(std::string* provisioning_id) {
|
||||
uint8_t buf[KEYBOX_KEY_DATA_SIZE];
|
||||
size_t buf_size = sizeof(buf);
|
||||
|
||||
LOGV("CryptoSession::GetProvisioningId: Lock");
|
||||
AutoLock auto_lock(crypto_lock_);
|
||||
if (!initialized_) {
|
||||
return false;
|
||||
{
|
||||
LOGV("CryptoSession::GetProvisioningId: Lock");
|
||||
AutoLock auto_lock(crypto_lock_);
|
||||
if (!initialized_) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (pre_provision_token_type_ == kClientTokenOemCert) {
|
||||
@@ -614,6 +616,8 @@ bool CryptoSession::GetProvisioningId(std::string* provisioning_id) {
|
||||
return true;
|
||||
} else {
|
||||
OEMCryptoResult sts;
|
||||
LOGV("CryptoSession::GetProvisioningId: Lock");
|
||||
AutoLock auto_lock(crypto_lock_);
|
||||
M_TIME(
|
||||
sts = OEMCrypto_GetKeyData(buf, &buf_size, requested_security_level_),
|
||||
metrics_, oemcrypto_get_key_data_, sts, metrics::Pow2Bucket(buf_size));
|
||||
@@ -633,14 +637,23 @@ uint8_t CryptoSession::GetSecurityPatchLevel() {
|
||||
}
|
||||
|
||||
CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) {
|
||||
LOGD("CryptoSession::Open: Lock: requested_security_level: %s",
|
||||
requested_security_level == kLevel3
|
||||
? QUERY_VALUE_SECURITY_LEVEL_L3.c_str()
|
||||
: QUERY_VALUE_SECURITY_LEVEL_DEFAULT.c_str());
|
||||
AutoLock auto_lock(crypto_lock_);
|
||||
if (!initialized_) return UNKNOWN_ERROR;
|
||||
if (open_) return NO_ERROR;
|
||||
{
|
||||
LOGD("CryptoSession::Open: Lock: requested_security_level: %s",
|
||||
requested_security_level == kLevel3
|
||||
? QUERY_VALUE_SECURITY_LEVEL_L3.c_str()
|
||||
: QUERY_VALUE_SECURITY_LEVEL_DEFAULT.c_str());
|
||||
AutoLock auto_lock(crypto_lock_);
|
||||
if (!initialized_) return UNKNOWN_ERROR;
|
||||
if (open_) return NO_ERROR;
|
||||
}
|
||||
|
||||
CdmResponseType result =
|
||||
GetProvisioningMethod(requested_security_level,
|
||||
&pre_provision_token_type_);
|
||||
if (result != NO_ERROR) return result;
|
||||
|
||||
LOGV("CryptoSession::Open: Lock");
|
||||
AutoLock auto_lock(crypto_lock_);
|
||||
OEMCrypto_SESSION sid;
|
||||
requested_security_level_ = requested_security_level;
|
||||
OEMCryptoResult sts = OEMCrypto_OpenSession(&sid, requested_security_level);
|
||||
@@ -679,7 +692,7 @@ CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) {
|
||||
}
|
||||
|
||||
CdmUsageSupportType usage_support_type;
|
||||
CdmResponseType result = GetUsageSupportType(&usage_support_type);
|
||||
result = GetUsageSupportType(&usage_support_type);
|
||||
if (result == NO_ERROR) {
|
||||
metrics_->oemcrypto_usage_table_support_.Record(usage_support_type);
|
||||
if (usage_support_type == kUsageEntrySupport) {
|
||||
|
||||
Reference in New Issue
Block a user