DrmRemotelyProvisionedComponent: assemble csr in adaptor
Bug: 286556950
Test: rkp_factory_extraction_tool
Change-Id: Ie748a782f25fb0825c7932f0319e190d3d6d973a
diff --git a/drm/libmediadrmrkp/src/DrmRemotelyProvisionedComponent.cpp b/drm/libmediadrmrkp/src/DrmRemotelyProvisionedComponent.cpp
index 9d11811..0b4daca 100644
--- a/drm/libmediadrmrkp/src/DrmRemotelyProvisionedComponent.cpp
+++ b/drm/libmediadrmrkp/src/DrmRemotelyProvisionedComponent.cpp
@@ -16,7 +16,13 @@
#define LOG_TAG "DrmRemotelyProvisionedComponent"
#include "DrmRemotelyProvisionedComponent.h"
+
+#include <android-base/properties.h>
+#include <cppbor.h>
+#include <cppbor_parse.h>
#include <log/log.h>
+#include <map>
+#include <string>
namespace android::mediadrm {
DrmRemotelyProvisionedComponent::DrmRemotelyProvisionedComponent(std::shared_ptr<IDrmPlugin> drm,
@@ -47,10 +53,79 @@
"generateCertificateRequest not supported."));
}
+ScopedAStatus DrmRemotelyProvisionedComponent::getVerifiedDeviceInfo(cppbor::Map& deviceInfoMap) {
+ std::vector<uint8_t> verifiedDeviceInfo;
+ auto status = mDrm->getPropertyByteArray("verifiedDeviceInfo", &verifiedDeviceInfo);
+ if (!status.isOk()) {
+ ALOGE("getPropertyByteArray verifiedDeviceInfo failed. Details: [%s].",
+ status.getDescription().c_str());
+ return status;
+ }
+
+ auto [parsed, _, err] = cppbor::parse(
+ reinterpret_cast<const uint8_t*>(verifiedDeviceInfo.data()), verifiedDeviceInfo.size());
+
+ if (!parsed || !parsed->asMap()) {
+ ALOGE("Failed to parse the verified device info cbor: %s", err.c_str());
+ return ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
+ IRemotelyProvisionedComponent::STATUS_FAILED,
+ "Failed to parse the verified device info cbor."));
+ }
+
+ const cppbor::Map* verifiedDeviceInfoMap = parsed->asMap();
+ for (size_t i = 0; i < verifiedDeviceInfoMap->size(); i++) {
+ auto& [keyItem, valueItem] = (*verifiedDeviceInfoMap)[i];
+ ALOGI("Found device info %s", keyItem->asTstr()->value().data());
+ if (valueItem != nullptr && valueItem->asTstr() != nullptr &&
+ valueItem->asTstr()->value().empty()) {
+ ALOGI("Value is empty. Skip");
+ continue;
+ }
+ deviceInfoMap.add(keyItem->clone(), valueItem->clone());
+ }
+
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus DrmRemotelyProvisionedComponent::getDeviceInfo(std::vector<uint8_t>* deviceInfo) {
+ auto deviceInfoMap = cppbor::Map();
+ auto status = getVerifiedDeviceInfo(deviceInfoMap);
+ if (!status.isOk()) {
+ ALOGE("getVerifiedDeviceInfo failed. Details: [%s].", status.getDescription().c_str());
+ return status;
+ }
+ const std::map<std::string, std::string> keyToProp{{"brand", "ro.product.brand"},
+ {"manufacturer", "ro.product.manufacturer"},
+ {"model", "ro.product.model"},
+ {"device", "ro.product.device"},
+ {"product", "ro.product.name"}};
+ for (auto i : keyToProp) {
+ auto key = i.first;
+ auto prop = i.second;
+ const auto& val= deviceInfoMap.get(key);
+ if (val == nullptr || val->asTstr()->value().empty()) {
+ std::string propValue = android::base::GetProperty(prop, "");
+ if (propValue.empty()) {
+ ALOGE("Failed to get OS property %s", prop.c_str());
+ return ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
+ IRemotelyProvisionedComponent::STATUS_FAILED,
+ "Failed to get OS property."));
+ }
+ deviceInfoMap.add(cppbor::Tstr(key), cppbor::Tstr(propValue));
+ ALOGI("use OS property %s: %s", prop.c_str(), propValue.c_str());
+ } else {
+ ALOGI("use verified key %s: %s", key.c_str(), val->asTstr()->value().data());
+ }
+ }
+ deviceInfoMap.canonicalize();
+ *deviceInfo = deviceInfoMap.encode();
+ return ScopedAStatus::ok();
+}
+
ScopedAStatus DrmRemotelyProvisionedComponent::generateCertificateRequestV2(
const std::vector<MacedPublicKey>&, const std::vector<uint8_t>& challenge,
- std::vector<uint8_t>* csr) {
- // extract csr using setPropertyByteArray/getPropertyByteArray
+ std::vector<uint8_t>* out) {
+ // access csr input/output via setPropertyByteArray/getPropertyByteArray
auto status = mDrm->setPropertyByteArray("certificateSigningRequestChallenge", challenge);
if (!status.isOk()) {
ALOGE("setPropertyByteArray certificateSigningRequestChallenge failed. Details: [%s].",
@@ -58,13 +133,43 @@
return status;
}
- status = mDrm->getPropertyByteArray("certificateSigningRequest", csr);
+ std::vector<uint8_t> bcc;
+ status = mDrm->getPropertyByteArray("bootCertificateChain", &bcc);
if (!status.isOk()) {
- ALOGE("getPropertyByteArray certificateSigningRequest failed. Details: [%s].",
+ ALOGE("getPropertyByteArray bootCertificateChain failed. Details: [%s].",
status.getDescription().c_str());
return status;
}
+ std::vector<uint8_t> deviceInfo;
+ status = getDeviceInfo(&deviceInfo);
+ if (!status.isOk()) {
+ ALOGE("getDeviceInfo failed. Details: [%s].", status.getDescription().c_str());
+ return status;
+ }
+
+ status = mDrm->setPropertyByteArray("deviceInfo", deviceInfo);
+ if (!status.isOk()) {
+ ALOGE("setPropertyByteArray deviceInfo failed. Details: [%s].",
+ status.getDescription().c_str());
+ return status;
+ }
+
+ std::vector<uint8_t> deviceSignedCsrPayload;
+ status = mDrm->getPropertyByteArray("deviceSignedCsrPayload", &deviceSignedCsrPayload);
+ if (!status.isOk()) {
+ ALOGE("getPropertyByteArray deviceSignedCsrPayload failed. Details: [%s].",
+ status.getDescription().c_str());
+ return status;
+ }
+
+ // assemble AuthenticatedRequest (definition in IRemotelyProvisionedComponent.aidl)
+ *out = cppbor::Array()
+ .add(1 /* version */)
+ .add(cppbor::Map() /* UdsCerts */)
+ .add(cppbor::EncodedItem(std::move(bcc)))
+ .add(cppbor::EncodedItem(std::move(deviceSignedCsrPayload)))
+ .encode();
return ScopedAStatus::ok();
}
} // namespace android::mediadrm
\ No newline at end of file