Create libmediadrmrkp as drm to irpc adapter library
Bug: 286556950
Test: ./test_libmediadrmrkp
Change-Id: I25ff07026a62d613bdb415b983824ffaf61c97bb
diff --git a/drm/libmediadrmrkp/Android.bp b/drm/libmediadrmrkp/Android.bp
new file mode 100644
index 0000000..e4a7a81
--- /dev/null
+++ b/drm/libmediadrmrkp/Android.bp
@@ -0,0 +1,44 @@
+cc_library {
+ name: "libmediadrmrkp",
+ vendor_available: true,
+ srcs: [
+ "src/**/*.cpp",
+ ],
+ export_include_dirs: [
+ "include"
+ ],
+ shared_libs: [
+ "libbinder_ndk",
+ "liblog",
+ "android.hardware.drm-V1-ndk",
+ "android.hardware.security.rkp-V3-ndk",
+ ],
+ defaults: [
+ "keymint_use_latest_hal_aidl_ndk_shared",
+ ],
+ cflags: [
+ "-Wall",
+ "-Werror",
+ ],
+}
+
+cc_binary {
+ name: "test_libmediadrmrkp",
+ srcs: [
+ "test/*",
+ ],
+ shared_libs: [
+ "libbinder_ndk",
+ "liblog",
+ "android.hardware.drm-V1-ndk",
+ "android.hardware.security.rkp-V3-ndk",
+ ],
+ static_libs: [
+ "libmediadrmrkp",
+ ],
+ vendor: true,
+ cflags: [
+ "-Wall",
+ "-Werror",
+ ],
+}
\ No newline at end of file
diff --git a/drm/libmediadrmrkp/include/DrmRemotelyProvisionedComponent.h b/drm/libmediadrmrkp/include/DrmRemotelyProvisionedComponent.h
new file mode 100644
index 0000000..893f560
--- /dev/null
+++ b/drm/libmediadrmrkp/include/DrmRemotelyProvisionedComponent.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef DRM_RKP_COMPONENT_H_
+#define DRM_RKP_COMPONENT_H_
+
+#include <aidl/android/hardware/drm/IDrmPlugin.h>
+#include <aidl/android/hardware/security/keymint/BnRemotelyProvisionedComponent.h>
+#include <aidl/android/hardware/security/keymint/RpcHardwareInfo.h>
+
+namespace android::mediadrm {
+
+using ::aidl::android::hardware::drm::IDrmPlugin;
+using ::aidl::android::hardware::security::keymint::BnRemotelyProvisionedComponent;
+using ::aidl::android::hardware::security::keymint::DeviceInfo;
+using ::aidl::android::hardware::security::keymint::MacedPublicKey;
+using ::aidl::android::hardware::security::keymint::ProtectedData;
+using ::aidl::android::hardware::security::keymint::RpcHardwareInfo;
+using ::ndk::ScopedAStatus;
+
+class DrmRemotelyProvisionedComponent : public BnRemotelyProvisionedComponent {
+ public:
+ DrmRemotelyProvisionedComponent(std::shared_ptr<IDrmPlugin> drm, std::string drmVendor,
+ std::string drmDesc);
+ ScopedAStatus getHardwareInfo(RpcHardwareInfo* info) override;
+
+ ScopedAStatus generateEcdsaP256KeyPair(bool testMode, MacedPublicKey* macedPublicKey,
+ std::vector<uint8_t>* privateKeyHandle) override;
+
+ ScopedAStatus generateCertificateRequest(bool testMode,
+ const std::vector<MacedPublicKey>& keysToSign,
+ const std::vector<uint8_t>& endpointEncCertChain,
+ const std::vector<uint8_t>& challenge,
+ DeviceInfo* deviceInfo, ProtectedData* protectedData,
+ std::vector<uint8_t>* keysToSignMac) override;
+
+ ScopedAStatus generateCertificateRequestV2(const std::vector<MacedPublicKey>& keysToSign,
+ const std::vector<uint8_t>& challenge,
+ std::vector<uint8_t>* csr) override;
+
+ private:
+ std::shared_ptr<IDrmPlugin> mDrm;
+ std::string mDrmVendor;
+ std::string mDrmDesc;
+};
+} // namespace android::mediadrm
+
+#endif // DRM_RKP_COMPONENT_H_
\ No newline at end of file
diff --git a/drm/libmediadrmrkp/include/DrmRkpAdapter.h b/drm/libmediadrmrkp/include/DrmRkpAdapter.h
new file mode 100644
index 0000000..0554f6a
--- /dev/null
+++ b/drm/libmediadrmrkp/include/DrmRkpAdapter.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef DRM_RKP_ADAPTER_H_
+#define DRM_RKP_ADAPTER_H_
+
+#include <aidl/android/hardware/security/keymint/BnRemotelyProvisionedComponent.h>
+#include <map>
+#include <string>
+
+namespace android::mediadrm {
+using IRemotelyProvisionedComponent =
+ ::aidl::android::hardware::security::keymint::IRemotelyProvisionedComponent;
+std::map<std::string, std::shared_ptr<IRemotelyProvisionedComponent>>
+getDrmRemotelyProvisionedComponents();
+} // namespace android::mediadrm
+
+#endif // DRM_RKP_ADAPTER_H_
\ No newline at end of file
diff --git a/drm/libmediadrmrkp/src/DrmRemotelyProvisionedComponent.cpp b/drm/libmediadrmrkp/src/DrmRemotelyProvisionedComponent.cpp
new file mode 100644
index 0000000..9d11811
--- /dev/null
+++ b/drm/libmediadrmrkp/src/DrmRemotelyProvisionedComponent.cpp
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "DrmRemotelyProvisionedComponent"
+#include "DrmRemotelyProvisionedComponent.h"
+#include <log/log.h>
+
+namespace android::mediadrm {
+DrmRemotelyProvisionedComponent::DrmRemotelyProvisionedComponent(std::shared_ptr<IDrmPlugin> drm,
+ std::string drmVendor,
+ std::string drmDesc)
+ : mDrm(std::move(drm)), mDrmVendor(std::move(drmVendor)), mDrmDesc(std::move(drmDesc)) {}
+ScopedAStatus DrmRemotelyProvisionedComponent::getHardwareInfo(RpcHardwareInfo* info) {
+ info->versionNumber = 3;
+ info->rpcAuthorName = mDrmVendor;
+ info->supportedEekCurve = RpcHardwareInfo::CURVE_NONE;
+ info->supportedNumKeysInCsr = RpcHardwareInfo::MIN_SUPPORTED_NUM_KEYS_IN_CSR;
+ info->uniqueId = mDrmDesc;
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus DrmRemotelyProvisionedComponent::generateEcdsaP256KeyPair(bool, MacedPublicKey*,
+ std::vector<uint8_t>*) {
+ return ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
+ IRemotelyProvisionedComponent::STATUS_REMOVED,
+ "generateEcdsaP256KeyPair not supported."));
+}
+
+ScopedAStatus DrmRemotelyProvisionedComponent::generateCertificateRequest(
+ bool, const std::vector<MacedPublicKey>&, const std::vector<uint8_t>&,
+ const std::vector<uint8_t>&, DeviceInfo*, ProtectedData*, std::vector<uint8_t>*) {
+ return ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
+ IRemotelyProvisionedComponent::STATUS_REMOVED,
+ "generateCertificateRequest not supported."));
+}
+
+ScopedAStatus DrmRemotelyProvisionedComponent::generateCertificateRequestV2(
+ const std::vector<MacedPublicKey>&, const std::vector<uint8_t>& challenge,
+ std::vector<uint8_t>* csr) {
+ // extract csr using setPropertyByteArray/getPropertyByteArray
+ auto status = mDrm->setPropertyByteArray("certificateSigningRequestChallenge", challenge);
+ if (!status.isOk()) {
+ ALOGE("setPropertyByteArray certificateSigningRequestChallenge failed. Details: [%s].",
+ status.getDescription().c_str());
+ return status;
+ }
+
+ status = mDrm->getPropertyByteArray("certificateSigningRequest", csr);
+ if (!status.isOk()) {
+ ALOGE("getPropertyByteArray certificateSigningRequest failed. Details: [%s].",
+ status.getDescription().c_str());
+ return status;
+ }
+
+ return ScopedAStatus::ok();
+}
+} // namespace android::mediadrm
\ No newline at end of file
diff --git a/drm/libmediadrmrkp/src/DrmRkpAdapter.cpp b/drm/libmediadrmrkp/src/DrmRkpAdapter.cpp
new file mode 100644
index 0000000..a2d4cc1
--- /dev/null
+++ b/drm/libmediadrmrkp/src/DrmRkpAdapter.cpp
@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "DrmRkpAdapter"
+#include "DrmRkpAdapter.h"
+#include <aidl/android/hardware/drm/IDrmFactory.h>
+#include <aidl/android/hardware/drm/IDrmPlugin.h>
+#include <aidl/android/hardware/security/keymint/BnRemotelyProvisionedComponent.h>
+#include <android/binder_manager.h>
+#include <log/log.h>
+#include "DrmRemotelyProvisionedComponent.h"
+
+namespace android::mediadrm {
+using CryptoSchemes = ::aidl::android::hardware::drm::CryptoSchemes;
+using IDrmFactory = ::aidl::android::hardware::drm::IDrmFactory;
+using IDrmPlugin = ::aidl::android::hardware::drm::IDrmPlugin;
+
+std::map<std::string, std::shared_ptr<IRemotelyProvisionedComponent>>
+getDrmRemotelyProvisionedComponents() {
+ std::map<std::string, std::shared_ptr<IRemotelyProvisionedComponent>> comps;
+ AServiceManager_forEachDeclaredInstance(
+ IDrmFactory::descriptor, &comps, [](const char* instance, void* context) {
+ auto fullName = std::string(IDrmFactory::descriptor) + "/" + std::string(instance);
+ auto factory = IDrmFactory::fromBinder(
+ ::ndk::SpAIBinder(AServiceManager_waitForService(fullName.c_str())));
+ if (factory == nullptr) {
+ ALOGE("not found IDrmFactory. Instance name:[%s]", fullName.c_str());
+ return;
+ }
+
+ ALOGI("found IDrmFactory. Instance name:[%s]", fullName.c_str());
+ CryptoSchemes schemes{};
+ auto status = factory->getSupportedCryptoSchemes(&schemes);
+ if (!status.isOk()) {
+ ALOGE("getSupportedCryptoSchemes failed.Detail: [%s].",
+ status.getDescription().c_str());
+ return;
+ }
+
+ if (schemes.uuids.empty()) {
+ ALOGW("IDrmFactory Instance [%s] has empty supported schemes",
+ fullName.c_str());
+ return;
+ }
+
+ std::shared_ptr<IDrmPlugin> mDrm;
+ status = factory->createDrmPlugin(schemes.uuids[0], "DrmRkpAdapter", &mDrm);
+ if (!status.isOk()) {
+ ALOGE("createDrmPlugin failed.Detail: [%s].", status.getDescription().c_str());
+ return;
+ }
+
+ std::string drmVendor;
+ status = mDrm->getPropertyString("vendor", &drmVendor);
+ if (!status.isOk()) {
+ ALOGE("mDrm->getPropertyString(\"vendor\") failed.Detail: [%s].",
+ status.getDescription().c_str());
+ return;
+ }
+
+ std::string drmDesc;
+ status = mDrm->getPropertyString("description", &drmDesc);
+ if (!status.isOk()) {
+ ALOGE("mDrm->getPropertyString(\"description\") failed.Detail: [%s].",
+ status.getDescription().c_str());
+ return;
+ }
+
+ std::string compName = "DrmRemotelyProvisionedComponent_" + std::string(instance);
+ auto comps = static_cast<
+ std::map<std::string, std::shared_ptr<IRemotelyProvisionedComponent>>*>(
+ context);
+ (*comps)[compName] = ::ndk::SharedRefBase::make<DrmRemotelyProvisionedComponent>(
+ mDrm, drmVendor, drmDesc);
+ });
+ return comps;
+}
+} // namespace android::mediadrm
\ No newline at end of file
diff --git a/drm/libmediadrmrkp/test/test_main.cpp b/drm/libmediadrmrkp/test/test_main.cpp
new file mode 100644
index 0000000..d23dc3b
--- /dev/null
+++ b/drm/libmediadrmrkp/test/test_main.cpp
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "DrmRkpAdapter.h"
+
+using ::aidl::android::hardware::security::keymint::MacedPublicKey;
+int main() {
+ std::vector<uint8_t> challenge(16);
+ std::vector<uint8_t> csr;
+ std::vector<MacedPublicKey> k;
+ for (auto const& e : android::mediadrm::getDrmRemotelyProvisionedComponents()) {
+ auto status = e.second.get()->generateCertificateRequestV2(k, challenge, &csr);
+ printf("%s calls generateCertificateRequestV2() gets status.isOk():%d\n",
+ e.first.c_str(), status.isOk());
+ }
+
+ return 0;
+}
\ No newline at end of file