1 /*
2 * Copyright (C) 2023 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "DrmRemotelyProvisionedComponent"
18 #include "DrmRemotelyProvisionedComponent.h"
19
20 #include <android-base/properties.h>
21 #include <cppbor.h>
22 #include <cppbor_parse.h>
23 #include <log/log.h>
24 #include <map>
25 #include <string>
26
27 namespace android::mediadrm {
DrmRemotelyProvisionedComponent(std::shared_ptr<IDrmPlugin> drm,std::string drmVendor,std::string drmDesc,std::vector<uint8_t> bcc,std::vector<uint8_t> bcc_signature)28 DrmRemotelyProvisionedComponent::DrmRemotelyProvisionedComponent(std::shared_ptr<IDrmPlugin> drm,
29 std::string drmVendor,
30 std::string drmDesc,
31 std::vector<uint8_t> bcc,
32 std::vector<uint8_t> bcc_signature)
33 : mDrm(std::move(drm)),
34 mDrmVendor(std::move(drmVendor)),
35 mDrmDesc(std::move(drmDesc)),
36 mBcc(std::move(bcc)),
37 mBccSignature(std::move(bcc_signature)) {}
38
getHardwareInfo(RpcHardwareInfo * info)39 ScopedAStatus DrmRemotelyProvisionedComponent::getHardwareInfo(RpcHardwareInfo* info) {
40 info->versionNumber = 3;
41 info->rpcAuthorName = mDrmVendor;
42 info->supportedEekCurve = RpcHardwareInfo::CURVE_NONE;
43 info->supportedNumKeysInCsr = RpcHardwareInfo::MIN_SUPPORTED_NUM_KEYS_IN_CSR;
44 info->uniqueId = mDrmDesc;
45 return ScopedAStatus::ok();
46 }
47
generateEcdsaP256KeyPair(bool,MacedPublicKey *,std::vector<uint8_t> *)48 ScopedAStatus DrmRemotelyProvisionedComponent::generateEcdsaP256KeyPair(bool, MacedPublicKey*,
49 std::vector<uint8_t>*) {
50 return ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
51 IRemotelyProvisionedComponent::STATUS_REMOVED,
52 "generateEcdsaP256KeyPair not supported."));
53 }
54
generateCertificateRequest(bool,const std::vector<MacedPublicKey> &,const std::vector<uint8_t> &,const std::vector<uint8_t> &,DeviceInfo *,ProtectedData *,std::vector<uint8_t> *)55 ScopedAStatus DrmRemotelyProvisionedComponent::generateCertificateRequest(
56 bool, const std::vector<MacedPublicKey>&, const std::vector<uint8_t>&,
57 const std::vector<uint8_t>&, DeviceInfo*, ProtectedData*, std::vector<uint8_t>*) {
58 return ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
59 IRemotelyProvisionedComponent::STATUS_REMOVED,
60 "generateCertificateRequest not supported."));
61 }
62
getVerifiedDeviceInfo(cppbor::Map & deviceInfoMap)63 ScopedAStatus DrmRemotelyProvisionedComponent::getVerifiedDeviceInfo(cppbor::Map& deviceInfoMap) {
64 std::vector<uint8_t> verifiedDeviceInfo;
65 auto status = mDrm->getPropertyByteArray("verifiedDeviceInfo", &verifiedDeviceInfo);
66 if (!status.isOk()) {
67 ALOGE("getPropertyByteArray verifiedDeviceInfo failed. Details: [%s].",
68 status.getDescription().c_str());
69 return status;
70 }
71
72 auto [parsed, _, err] = cppbor::parse(
73 reinterpret_cast<const uint8_t*>(verifiedDeviceInfo.data()), verifiedDeviceInfo.size());
74
75 if (!parsed || !parsed->asMap()) {
76 ALOGE("Failed to parse the verified device info cbor: %s", err.c_str());
77 return ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
78 IRemotelyProvisionedComponent::STATUS_FAILED,
79 "Failed to parse the verified device info cbor."));
80 }
81
82 const cppbor::Map* verifiedDeviceInfoMap = parsed->asMap();
83 for (size_t i = 0; i < verifiedDeviceInfoMap->size(); i++) {
84 auto& [keyItem, valueItem] = (*verifiedDeviceInfoMap)[i];
85 ALOGI("Found device info %s", keyItem->asTstr()->value().data());
86 if (valueItem != nullptr && valueItem->asTstr() != nullptr &&
87 valueItem->asTstr()->value().empty()) {
88 ALOGI("Value is empty. Skip");
89 continue;
90 }
91 deviceInfoMap.add(keyItem->clone(), valueItem->clone());
92 }
93
94 return ScopedAStatus::ok();
95 }
96
getDeviceInfo(std::vector<uint8_t> * deviceInfo)97 ScopedAStatus DrmRemotelyProvisionedComponent::getDeviceInfo(std::vector<uint8_t>* deviceInfo) {
98 auto deviceInfoMap = cppbor::Map();
99 auto status = getVerifiedDeviceInfo(deviceInfoMap);
100 if (!status.isOk()) {
101 ALOGE("getVerifiedDeviceInfo failed. Details: [%s].", status.getDescription().c_str());
102 return status;
103 }
104 const std::map<std::string, std::string> keyToProp{{"brand", "ro.product.brand"},
105 {"manufacturer", "ro.product.manufacturer"},
106 {"model", "ro.product.model"},
107 {"device", "ro.product.device"},
108 {"product", "ro.product.name"}};
109 for (auto i : keyToProp) {
110 auto key = i.first;
111 auto prop = i.second;
112 const auto& val = deviceInfoMap.get(key);
113 if (val == nullptr || val->asTstr()->value().empty()) {
114 std::string propValue = android::base::GetProperty(prop, "");
115 if (propValue.empty()) {
116 ALOGE("Failed to get OS property %s", prop.c_str());
117 return ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
118 IRemotelyProvisionedComponent::STATUS_FAILED,
119 "Failed to get OS property."));
120 }
121 deviceInfoMap.add(cppbor::Tstr(key), cppbor::Tstr(propValue));
122 ALOGI("use OS property %s: %s", prop.c_str(), propValue.c_str());
123 } else {
124 ALOGI("use verified key %s: %s", key.c_str(), val->asTstr()->value().data());
125 }
126 }
127 deviceInfoMap.canonicalize();
128 *deviceInfo = deviceInfoMap.encode();
129 return ScopedAStatus::ok();
130 }
131
generateCertificateRequestV2(const std::vector<MacedPublicKey> &,const std::vector<uint8_t> & challenge,std::vector<uint8_t> * out)132 ScopedAStatus DrmRemotelyProvisionedComponent::generateCertificateRequestV2(
133 const std::vector<MacedPublicKey>&, const std::vector<uint8_t>& challenge,
134 std::vector<uint8_t>* out) {
135 // access csr input/output via setPropertyByteArray/getPropertyByteArray
136 auto status = mDrm->setPropertyByteArray("certificateSigningRequestChallenge", challenge);
137 if (!status.isOk()) {
138 ALOGE("setPropertyByteArray certificateSigningRequestChallenge failed. Details: [%s].",
139 status.getDescription().c_str());
140 return status;
141 }
142
143 std::vector<uint8_t> deviceInfo;
144 status = getDeviceInfo(&deviceInfo);
145 if (!status.isOk()) {
146 ALOGE("getDeviceInfo failed. Details: [%s].", status.getDescription().c_str());
147 return status;
148 }
149
150 status = mDrm->setPropertyByteArray("deviceInfo", deviceInfo);
151 if (!status.isOk()) {
152 ALOGE("setPropertyByteArray deviceInfo failed. Details: [%s].",
153 status.getDescription().c_str());
154 return status;
155 }
156
157 std::vector<uint8_t> deviceSignedCsrPayload;
158 status = mDrm->getPropertyByteArray("deviceSignedCsrPayload", &deviceSignedCsrPayload);
159 if (!status.isOk()) {
160 ALOGE("getPropertyByteArray deviceSignedCsrPayload failed. Details: [%s].",
161 status.getDescription().c_str());
162 return status;
163 }
164
165 // assemble AuthenticatedRequest (definition in IRemotelyProvisionedComponent.aidl)
166 cppbor::Array request_array = cppbor::Array().add(1 /* version */);
167 if (!mBccSignature.empty()) {
168 request_array.add(cppbor::EncodedItem(mBccSignature) /* UdsCerts */);
169 } else {
170 request_array.add(cppbor::Map() /* empty UdsCerts */);
171 }
172 request_array.add(cppbor::EncodedItem(mBcc))
173 .add(cppbor::EncodedItem(std::move(deviceSignedCsrPayload)));
174 *out = request_array.encode();
175
176 return ScopedAStatus::ok();
177 }
178 } // namespace android::mediadrm