widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8dc7cc0c749f9e46d875c3047b88cc49ee62bcf6
android/libwvdrmengine/factory_upload_tool/src/WidevineRemotelyProvisionedComponent.cpp
Cong Lin 8dc7cc0c74 Factory tool implements Widevine IRPC HAL v3 
Implement IRPC HAL v3 interfaces for extracting device registration CSR.
The new interface calls OEMCrypto_GetDeviceInformation() and
OEMCrypto_GetSignedCsrPayload() and then constructs the CSR.

Also added all mandatory fields of device info in the request.

Test: Run extraction tool on Pixel 7 and upload CSR
Test: Verified Widevine remote provisioning
Bug: 268246995
Change-Id: I24097ba32c7a105266071c1341c938b5874b38d8
2023-03-02 10:51:45 -08:00

136 lines
4.5 KiB
C++
Raw Blame History

/*
* Copyright (C) 2021 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "WidevineRemotelyProvisionedComponent.h"
#include <assert.h>
#include <cppbor.h>
#include <cppbor_parse.h>
#include <keymaster/cppcose/cppcose.h>
#include <keymaster/keymaster_configuration.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/rand.h>
#include <openssl/x509.h>
#include <variant>
namespace aidl::android::hardware::security::keymint {
using ::std::string;
using ::std::unique_ptr;
using ::std::vector;
using bytevec = ::std::vector<uint8_t>;
using ScopedAStatus = ::ndk::ScopedAStatus;
namespace {
constexpr auto STATUS_FAILED = IRemotelyProvisionedComponent::STATUS_FAILED;
struct AStatusDeleter {
void operator()(AStatus* p) { AStatus_delete(p); }
};
class Status {
public:
Status() : status_(AStatus_newOk()) {}
Status(int32_t errCode, const std::string& errMsg)
: status_(AStatus_fromServiceSpecificErrorWithMessage(errCode,
errMsg.c_str())) {}
explicit Status(const std::string& errMsg)
: status_(AStatus_fromServiceSpecificErrorWithMessage(STATUS_FAILED,
errMsg.c_str())) {}
explicit Status(AStatus* status)
: status_(status ? status : AStatus_newOk()) {}
Status(Status&&) = default;
Status(const Status&) = delete;
operator ::ndk::ScopedAStatus() && { // NOLINT(google-explicit-constructor)
return ndk::ScopedAStatus(status_.release());
}
bool isOk() const { return AStatus_isOk(status_.get()); }
const char* getMessage() const { return AStatus_getMessage(status_.get()); }
private:
std::unique_ptr<AStatus, AStatusDeleter> status_;
};
} // namespace
ScopedAStatus WidevineRemotelyProvisionedComponent::getHardwareInfo(
RpcHardwareInfo* info) {
info->versionNumber = 3;
info->rpcAuthorName = "Google";
info->supportedEekCurve = RpcHardwareInfo::CURVE_25519;
info->uniqueId = "Widevine Implementation";
return ScopedAStatus::ok();
}
ScopedAStatus WidevineRemotelyProvisionedComponent::generateEcdsaP256KeyPair(
bool testMode, MacedPublicKey* macedPublicKey, bytevec* privateKeyHandle) {
return Status("Invalid operation.");
}
ScopedAStatus WidevineRemotelyProvisionedComponent::generateCertificateRequest(
bool testMode, const vector<MacedPublicKey>& keysToSign,
const bytevec& endpointEncCertChain, const bytevec& challenge,
DeviceInfo* deviceInfo, ProtectedData* protectedData,
bytevec* keysToSignMac) {
if (!keysToSign.empty()) {
return Status("Invalid operation: Keys to sign must be empty.");
}
if (deviceInfo == nullptr) {
return Status("Parameter deviceInfo must not be null.");
}
if (protectedData == nullptr) {
return Status("Parameter protectedData must not be null.");
}
if (provisioner_ == nullptr) {
provisioner_ = std::make_unique<widevine::WidevineProvisioner>();
}
if (!provisioner_->GenerateCertificateRequest(testMode, endpointEncCertChain,
deviceInfo->deviceInfo,
protectedData->protectedData)) {
return Status("Failed to generate certificate request.");
}
return ScopedAStatus::ok();
}
ScopedAStatus
WidevineRemotelyProvisionedComponent::generateCertificateRequestV2(
const std::vector<MacedPublicKey>& keysToSign,
const std::vector<uint8_t>& challenge, std::vector<uint8_t>* csr) {
if (!keysToSign.empty()) {
return Status("Invalid operation: Keys to sign must be empty.");
}
if (csr == nullptr) {
return Status("Parameter csr must not be null.");
}
if (provisioner_ == nullptr) {
provisioner_ = std::make_unique<widevine::WidevineProvisioner>();
}
if (!provisioner_->GenerateCertificateRequestV2(challenge, csr)) {
return Status("Failed to generate certificate request V2.");
}
return ScopedAStatus::ok();
}
} // namespace aidl::android::hardware::security::keymint
Reference in New Issue View Git Blame Copy Permalink