widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add comments to clarify client and service clock times

Browse Source 
[ Merge of http://go/wvgerrit/120510 ]

* Added some comments to clarify which clock times are computed at the
  client and at the provisioning service. More detail is present in the
  device_files.proto
* Moved helper methods |SetDeviceCertificate| and
  |ExtractFromDeviceCertificate| from class methods to anonymous
  namespace
* Removed some commented out code

Bug: 169740403
Test: WV unit/integration
Change-Id: Ic263f3dfe296fff6d9b5380b2e7c663d87022cb2
This commit is contained in:
Rahul Frias
2021-03-21 14:09:23 -07:00
parent 3050d95f6f
commit f6b4d140f4
3 changed files with 61 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libwvdrmengine/cdm/core/include/device_files.h
View File

@@ -23,8 +23,6 @@ namespace wvcdm {
class FileSystem;
using video_widevine_client::sdk::DeviceCertificate;
class DeviceFiles {
public:
typedef enum {
@@ -282,12 +280,6 @@ class DeviceFiles {
std::string* serial_number,
uint32_t* system_id);
bool HasCertificate(CertificateType certificate_type);
bool SetDeviceCertificate(const std::string& certificate,
const CryptoWrappedKey& wrapped_private_key,
DeviceCertificate* mutable_device_certificate);
bool ExtractFromDeviceCertificate(const DeviceCertificate& device_certificate,
std::string* certificate,
CryptoWrappedKey* wrapped_private_key);
// Helpers that wrap the File interface and automatically handle hashing, as
// well as adding the device files base path to to the file name.

14
libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
View File

@@ -15,8 +15,6 @@
#include "string_conversions.h"
#include "wv_cdm_constants.h"
#include "clock.h"
namespace {
const std::string kEmptyString;
@@ -540,18 +538,6 @@ bool CertificateProvisioning::ExtractDeviceInfo(
? drm_certificate.expiration_time_seconds()
: INVALID_TIME;
}
/*
Clock clock;
//drm_certificate.set_expiration_time_seconds(clock.GetCurrentTime() + 10*365.25*24*60*60);
drm_certificate.set_creation_time_seconds(-5);
std::string serialized_drm_certificate;
drm_certificate.SerializeToString(&serialized_drm_certificate);
signed_drm_certificate.set_drm_certificate(serialized_drm_certificate);
std::string serialized_signed_drm_certificate;
signed_drm_certificate.SerializeToString(&serialized_signed_drm_certificate);
LOGE("serialized_signed_drm_certificate: (%zu) %s", serialized_signed_drm_certificate.size(), b2a_hex(serialized_signed_drm_certificate).c_str());
*/
return true;
}

116
libwvdrmengine/cdm/core/src/device_files.cpp
View File

@@ -95,6 +95,62 @@ const char kUsageTableFileName[] = "usgtable.bin";
const char kWildcard[] = "*";
constexpr int64_t kFourMonthsInSeconds = (2 * 30 + 2 * 31) * 24 * 60 * 60;
// Helper methods
bool SetDeviceCertificate(const std::string& certificate,
const wvcdm::CryptoWrappedKey& private_key,
DeviceCertificate* mutable_device_certificate) {
RETURN_FALSE_IF_NULL(mutable_device_certificate);
mutable_device_certificate->set_certificate(certificate);
mutable_device_certificate->set_wrapped_private_key(private_key.key());
switch (private_key.type()) {
case wvcdm::CryptoWrappedKey::kRsa:
mutable_device_certificate->set_key_type(DeviceCertificate::RSA);
return true;
case wvcdm::CryptoWrappedKey::kEcc:
mutable_device_certificate->set_key_type(DeviceCertificate::ECC);
return true;
case wvcdm::CryptoWrappedKey::kUninitialized: // Suppress compiler
// warnings.
default:
LOGE("Unexpected key type: %d", private_key.type());
return false;
}
}
bool ExtractFromDeviceCertificate(const DeviceCertificate& device_certificate,
std::string* certificate,
wvcdm::CryptoWrappedKey* private_key) {
RETURN_FALSE_IF_NULL(certificate);
RETURN_FALSE_IF_NULL(private_key);
*certificate = device_certificate.certificate();
private_key->Clear();
private_key->set_key(device_certificate.wrapped_private_key());
if (device_certificate.has_key_type()) {
const DeviceCertificate::PrivateKeyType key_type =
device_certificate.key_type();
switch (key_type) {
case DeviceCertificate::RSA:
private_key->set_type(wvcdm::CryptoWrappedKey::kRsa);
break;
case DeviceCertificate::ECC:
private_key->set_type(wvcdm::CryptoWrappedKey::kEcc);
break;
default:
LOGW("Unknown DRM key type, defaulting to RSA: type = %d", key_type);
private_key->set_type(wvcdm::CryptoWrappedKey::kRsa);
break;
}
} else {
// Possible that device certificate is from V15, in this case, the
// only supported key of at that time was RSA.
LOGD("No key type info, assuming RSA");
private_key->set_type(wvcdm::CryptoWrappedKey::kRsa);
}
return true;
}
} // namespace
namespace wvcdm {
@@ -280,7 +336,8 @@ DeviceFiles::CertificateState DeviceFiles::RetrieveCertificate(
// Validation check for DRM certificate that includes an expiration
// time set by the provisioning service. Since provisioning and
// client clocks may not be in sync, verify by comparing time
// elapsed since license was acquired with expiration period.
// elapsed since the certificate was acquired with the expiration
// period specified by the service.
// First verify that all the fields are set to valid values.
// The service will validate certificate expiration so tampering of
// time values at the client is not a concern.
@@ -323,6 +380,9 @@ DeviceFiles::CertificateState DeviceFiles::RetrieveCertificate(
return kCertificateInvalid;
}
// |current_time| and |acquisition_time_seconds| are client clock
// times while |expiration_time_seconds| and |creation_time_seconds|
// are times specified by the provisioning service
if (current_time - acquisition_time_seconds >
expiration_time_seconds - creation_time_seconds) {
return kCertificateExpired;
@@ -1265,60 +1325,6 @@ bool DeviceFiles::HasCertificate(CertificateType certificate_type) {
return FileExists(certificate_file_name);
}
bool DeviceFiles::SetDeviceCertificate(
const std::string& certificate, const CryptoWrappedKey& private_key,
DeviceCertificate* mutable_device_certificate) {
RETURN_FALSE_IF_NULL(mutable_device_certificate);
mutable_device_certificate->set_certificate(certificate);
mutable_device_certificate->set_wrapped_private_key(private_key.key());
switch (private_key.type()) {
case CryptoWrappedKey::kRsa:
mutable_device_certificate->set_key_type(DeviceCertificate::RSA);
return true;
case CryptoWrappedKey::kEcc:
mutable_device_certificate->set_key_type(DeviceCertificate::ECC);
return true;
case CryptoWrappedKey::kUninitialized: // Suppress compiler warnings.
default:
LOGE("Unexpected key type: %d", private_key.type());
return false;
}
}
bool DeviceFiles::ExtractFromDeviceCertificate(
const DeviceCertificate& device_certificate, std::string* certificate,
CryptoWrappedKey* private_key) {
RETURN_FALSE_IF_NULL(certificate);
RETURN_FALSE_IF_NULL(private_key);
*certificate = device_certificate.certificate();
private_key->Clear();
private_key->set_key(device_certificate.wrapped_private_key());
if (device_certificate.has_key_type()) {
const DeviceCertificate::PrivateKeyType key_type =
device_certificate.key_type();
switch (key_type) {
case DeviceCertificate::RSA:
private_key->set_type(CryptoWrappedKey::kRsa);
break;
case DeviceCertificate::ECC:
private_key->set_type(CryptoWrappedKey::kEcc);
break;
default:
LOGW("Unknown DRM key type, defaulting to RSA: type = %d", key_type);
private_key->set_type(CryptoWrappedKey::kRsa);
break;
}
} else {
// Possible that device certificate is from V15, in this case, the
// only supported key of at that time was RSA.
LOGD("No key type info, assuming RSA");
private_key->set_type(CryptoWrappedKey::kRsa);
}
return true;
}
DeviceFiles::ResponseType DeviceFiles::StoreFileWithHash(
const std::string& name, const std::string& serialized_file) {
std::string hash = Sha256Hash(serialized_file);