From 68d9d71a792deed75d32fe13febc07c9c12c8449 Mon Sep 17 00:00:00 2001 From: Jeff Tinker Date: Tue, 4 Mar 2014 13:21:31 -0800 Subject: Support CAST V2 Authentication in MediaDrm Java API version Update frameworks to enable support for CAST V2 Authentication in the DRM Plugin. Change-Id: I9066ada0edf8e0d777c503897d8c7fc7f76f2861 related-to-bug: 12702350 --- drm/mediadrm/plugins/mock/MockDrmCryptoPlugin.cpp | 39 +++++++++++++-- drm/mediadrm/plugins/mock/MockDrmCryptoPlugin.h | 16 ++++-- include/media/IDrm.h | 14 +++++- media/libmedia/IDrm.cpp | 60 +++++++++++++++++++++-- media/libmediaplayerservice/Drm.cpp | 30 ++++++++++-- media/libmediaplayerservice/Drm.h | 14 +++++- 6 files changed, 154 insertions(+), 19 deletions(-) diff --git a/drm/mediadrm/plugins/mock/MockDrmCryptoPlugin.cpp b/drm/mediadrm/plugins/mock/MockDrmCryptoPlugin.cpp index f2cadf7..df0bca3 100644 --- a/drm/mediadrm/plugins/mock/MockDrmCryptoPlugin.cpp +++ b/drm/mediadrm/plugins/mock/MockDrmCryptoPlugin.cpp @@ -45,7 +45,7 @@ namespace android { // MockDrmFactory bool MockDrmFactory::isCryptoSchemeSupported(const uint8_t uuid[16]) { - return (!memcmp(uuid, mock_uuid, sizeof(uuid))); + return (!memcmp(uuid, mock_uuid, sizeof(mock_uuid))); } bool MockDrmFactory::isContentTypeSupported(const String8 &mimeType) @@ -65,7 +65,7 @@ namespace android { // MockCryptoFactory bool MockCryptoFactory::isCryptoSchemeSupported(const uint8_t uuid[16]) const { - return (!memcmp(uuid, mock_uuid, sizeof(uuid))); + return (!memcmp(uuid, mock_uuid, sizeof(mock_uuid))); } status_t MockCryptoFactory::createPlugin(const uint8_t uuid[16], const void *data, @@ -254,7 +254,9 @@ namespace android { return OK; } - status_t MockDrmPlugin::getProvisionRequest(Vector &request, + status_t MockDrmPlugin::getProvisionRequest(String8 const &certType, + String8 const &certAuthority, + Vector &request, String8 &defaultUrl) { Mutex::Autolock lock(mLock); @@ -282,7 +284,9 @@ namespace android { return OK; } - status_t MockDrmPlugin::provideProvisionResponse(Vector const &response) + status_t MockDrmPlugin::provideProvisionResponse(Vector const &response, + Vector &certificate, + Vector &wrappedKey) { Mutex::Autolock lock(mLock); ALOGD("MockDrmPlugin::provideProvisionResponse(%s)", @@ -600,6 +604,33 @@ namespace android { return OK; } + status_t MockDrmPlugin::signRSA(Vector const &sessionId, + String8 const &algorithm, + Vector const &message, + Vector const &wrappedKey, + Vector &signature) + { + Mutex::Autolock lock(mLock); + ALOGD("MockDrmPlugin::signRSA(sessionId=%s, algorithm=%s, keyId=%s, " + "message=%s, signature=%s)", + vectorToString(sessionId).string(), + algorithm.string(), + vectorToString(message).string(), + vectorToString(wrappedKey).string(), + vectorToString(signature).string()); + + // Properties used in mock test, set by mock plugin and verifed cts test app + // byte[] wrappedKey -> mock-wrappedkey + // byte[] message -> mock-message + // byte[] signature -> mock-signature + mByteArrayProperties.add(String8("mock-sessionid"), sessionId); + mStringProperties.add(String8("mock-algorithm"), algorithm); + mByteArrayProperties.add(String8("mock-message"), message); + mByteArrayProperties.add(String8("mock-wrappedkey"), wrappedKey); + mByteArrayProperties.add(String8("mock-signature"), signature); + return OK; + } + ssize_t MockDrmPlugin::findSession(Vector const &sessionId) const { ALOGD("findSession: nsessions=%d, size=%d", mSessions.size(), sessionId.size()); diff --git a/drm/mediadrm/plugins/mock/MockDrmCryptoPlugin.h b/drm/mediadrm/plugins/mock/MockDrmCryptoPlugin.h index 2297f9b..97d7052 100644 --- a/drm/mediadrm/plugins/mock/MockDrmCryptoPlugin.h +++ b/drm/mediadrm/plugins/mock/MockDrmCryptoPlugin.h @@ -76,10 +76,14 @@ namespace android { status_t queryKeyStatus(Vector const &sessionId, KeyedVector &infoMap) const; - status_t getProvisionRequest(Vector &request, - String8 &defaultUrl); + status_t getProvisionRequest(String8 const &certType, + String8 const &certAuthority, + Vector &request, + String8 &defaultUrl); - status_t provideProvisionResponse(Vector const &response); + status_t provideProvisionResponse(Vector const &response, + Vector &certificate, + Vector &wrappedKey); status_t getSecureStops(List > &secureStops); status_t releaseSecureStops(Vector const &ssRelease); @@ -122,6 +126,12 @@ namespace android { Vector const &signature, bool &match); + status_t signRSA(Vector const &sessionId, + String8 const &algorithm, + Vector const &message, + Vector const &wrappedKey, + Vector &signature); + private: String8 vectorToString(Vector const &vector) const; String8 arrayToString(uint8_t const *array, size_t len) const; diff --git a/include/media/IDrm.h b/include/media/IDrm.h index 5ef26af..32ae28e 100644 --- a/include/media/IDrm.h +++ b/include/media/IDrm.h @@ -61,10 +61,14 @@ struct IDrm : public IInterface { virtual status_t queryKeyStatus(Vector const &sessionId, KeyedVector &infoMap) const = 0; - virtual status_t getProvisionRequest(Vector &request, + virtual status_t getProvisionRequest(String8 const &certType, + String8 const &certAuthority, + Vector &request, String8 &defaulUrl) = 0; - virtual status_t provideProvisionResponse(Vector const &response) = 0; + virtual status_t provideProvisionResponse(Vector const &response, + Vector &certificate, + Vector &wrappedKey) = 0; virtual status_t getSecureStops(List > &secureStops) = 0; @@ -107,6 +111,12 @@ struct IDrm : public IInterface { Vector const &signature, bool &match) = 0; + virtual status_t signRSA(Vector const &sessionId, + String8 const &algorithm, + Vector const &message, + Vector const &wrappedKey, + Vector &signature) = 0; + virtual status_t setListener(const sp& listener) = 0; private: diff --git a/media/libmedia/IDrm.cpp b/media/libmedia/IDrm.cpp index f7a9a75..f1a6a9f 100644 --- a/media/libmedia/IDrm.cpp +++ b/media/libmedia/IDrm.cpp @@ -51,6 +51,7 @@ enum { ENCRYPT, DECRYPT, SIGN, + SIGN_RSA, VERIFY, SET_LISTENER }; @@ -196,11 +197,15 @@ struct BpDrm : public BpInterface { return reply.readInt32(); } - virtual status_t getProvisionRequest(Vector &request, + virtual status_t getProvisionRequest(String8 const &certType, + String8 const &certAuthority, + Vector &request, String8 &defaultUrl) { Parcel data, reply; data.writeInterfaceToken(IDrm::getInterfaceDescriptor()); + data.writeString8(certType); + data.writeString8(certAuthority); remote()->transact(GET_PROVISION_REQUEST, data, &reply); readVector(reply, request); @@ -209,13 +214,18 @@ struct BpDrm : public BpInterface { return reply.readInt32(); } - virtual status_t provideProvisionResponse(Vector const &response) { + virtual status_t provideProvisionResponse(Vector const &response, + Vector &certificate, + Vector &wrappedKey) { Parcel data, reply; data.writeInterfaceToken(IDrm::getInterfaceDescriptor()); writeVector(data, response); remote()->transact(PROVIDE_PROVISION_RESPONSE, data, &reply); + readVector(reply, certificate); + readVector(reply, wrappedKey); + return reply.readInt32(); } @@ -386,6 +396,25 @@ struct BpDrm : public BpInterface { return reply.readInt32(); } + virtual status_t signRSA(Vector const &sessionId, + String8 const &algorithm, + Vector const &message, + Vector const &wrappedKey, + Vector &signature) { + Parcel data, reply; + data.writeInterfaceToken(IDrm::getInterfaceDescriptor()); + + writeVector(data, sessionId); + data.writeString8(algorithm); + writeVector(data, message); + writeVector(data, wrappedKey); + + remote()->transact(SIGN_RSA, data, &reply); + readVector(reply, signature); + + return reply.readInt32(); + } + virtual status_t setListener(const sp& listener) { Parcel data, reply; data.writeInterfaceToken(IDrm::getInterfaceDescriptor()); @@ -563,9 +592,13 @@ status_t BnDrm::onTransact( case GET_PROVISION_REQUEST: { CHECK_INTERFACE(IDrm, data, reply); + String8 certType = data.readString8(); + String8 certAuthority = data.readString8(); + Vector request; String8 defaultUrl; - status_t result = getProvisionRequest(request, defaultUrl); + status_t result = getProvisionRequest(certType, certAuthority, + request, defaultUrl); writeVector(reply, request); reply->writeString8(defaultUrl); reply->writeInt32(result); @@ -576,8 +609,13 @@ status_t BnDrm::onTransact( { CHECK_INTERFACE(IDrm, data, reply); Vector response; + Vector certificate; + Vector wrappedKey; readVector(data, response); - reply->writeInt32(provideProvisionResponse(response)); + status_t result = provideProvisionResponse(response, certificate, wrappedKey); + writeVector(reply, certificate); + writeVector(reply, wrappedKey); + reply->writeInt32(result); return OK; } @@ -725,6 +763,20 @@ status_t BnDrm::onTransact( return OK; } + case SIGN_RSA: + { + CHECK_INTERFACE(IDrm, data, reply); + Vector sessionId, message, wrappedKey, signature; + readVector(data, sessionId); + String8 algorithm = data.readString8(); + readVector(data, message); + readVector(data, wrappedKey); + uint32_t result = signRSA(sessionId, algorithm, message, wrappedKey, signature); + writeVector(reply, signature); + reply->writeInt32(result); + return OK; + } + case SET_LISTENER: { CHECK_INTERFACE(IDrm, data, reply); sp listener = diff --git a/media/libmediaplayerservice/Drm.cpp b/media/libmediaplayerservice/Drm.cpp index eebcb79..e68d4cd 100644 --- a/media/libmediaplayerservice/Drm.cpp +++ b/media/libmediaplayerservice/Drm.cpp @@ -373,7 +373,8 @@ status_t Drm::queryKeyStatus(Vector const &sessionId, return mPlugin->queryKeyStatus(sessionId, infoMap); } -status_t Drm::getProvisionRequest(Vector &request, String8 &defaultUrl) { +status_t Drm::getProvisionRequest(String8 const &certType, String8 const &certAuthority, + Vector &request, String8 &defaultUrl) { Mutex::Autolock autoLock(mLock); if (mInitCheck != OK) { @@ -384,10 +385,13 @@ status_t Drm::getProvisionRequest(Vector &request, String8 &defaultUrl) return -EINVAL; } - return mPlugin->getProvisionRequest(request, defaultUrl); + return mPlugin->getProvisionRequest(certType, certAuthority, + request, defaultUrl); } -status_t Drm::provideProvisionResponse(Vector const &response) { +status_t Drm::provideProvisionResponse(Vector const &response, + Vector &certificate, + Vector &wrappedKey) { Mutex::Autolock autoLock(mLock); if (mInitCheck != OK) { @@ -398,7 +402,7 @@ status_t Drm::provideProvisionResponse(Vector const &response) { return -EINVAL; } - return mPlugin->provideProvisionResponse(response); + return mPlugin->provideProvisionResponse(response, certificate, wrappedKey); } @@ -589,6 +593,24 @@ status_t Drm::verify(Vector const &sessionId, return mPlugin->verify(sessionId, keyId, message, signature, match); } +status_t Drm::signRSA(Vector const &sessionId, + String8 const &algorithm, + Vector const &message, + Vector const &wrappedKey, + Vector &signature) { + Mutex::Autolock autoLock(mLock); + + if (mInitCheck != OK) { + return mInitCheck; + } + + if (mPlugin == NULL) { + return -EINVAL; + } + + return mPlugin->signRSA(sessionId, algorithm, message, wrappedKey, signature); +} + void Drm::binderDied(const wp &the_late_who) { delete mPlugin; diff --git a/media/libmediaplayerservice/Drm.h b/media/libmediaplayerservice/Drm.h index 119fd50..3d4b0fc 100644 --- a/media/libmediaplayerservice/Drm.h +++ b/media/libmediaplayerservice/Drm.h @@ -66,10 +66,14 @@ struct Drm : public BnDrm, virtual status_t queryKeyStatus(Vector const &sessionId, KeyedVector &infoMap) const; - virtual status_t getProvisionRequest(Vector &request, + virtual status_t getProvisionRequest(String8 const &certType, + String8 const &certAuthority, + Vector &request, String8 &defaulUrl); - virtual status_t provideProvisionResponse(Vector const &response); + virtual status_t provideProvisionResponse(Vector const &response, + Vector &certificate, + Vector &wrappedKey); virtual status_t getSecureStops(List > &secureStops); @@ -111,6 +115,12 @@ struct Drm : public BnDrm, Vector const &signature, bool &match); + virtual status_t signRSA(Vector const &sessionId, + String8 const &algorithm, + Vector const &message, + Vector const &wrappedKey, + Vector &signature); + virtual status_t setListener(const sp& listener); virtual void sendEvent(DrmPlugin::EventType eventType, int extra, -- cgit v1.1