1 /*
2 * Copyright (C) 2023 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "DrmRemotelyProvisionedComponent"
18 #include "DrmRemotelyProvisionedComponent.h"
19
20 #include <android-base/properties.h>
21 #include <cppbor.h>
22 #include <cppbor_parse.h>
23 #include <log/log.h>
24 #include <map>
25 #include <string>
26
27 namespace android::mediadrm {
DrmRemotelyProvisionedComponent(std::shared_ptr<IDrmPlugin> drm,std::string drmVendor,std::string drmDesc,std::vector<uint8_t> bcc)28 DrmRemotelyProvisionedComponent::DrmRemotelyProvisionedComponent(std::shared_ptr<IDrmPlugin> drm,
29 std::string drmVendor,
30 std::string drmDesc,
31 std::vector<uint8_t> bcc)
32 : mDrm(std::move(drm)),
33 mDrmVendor(std::move(drmVendor)),
34 mDrmDesc(std::move(drmDesc)),
35 mBcc(std::move(bcc)) {}
36
getHardwareInfo(RpcHardwareInfo * info)37 ScopedAStatus DrmRemotelyProvisionedComponent::getHardwareInfo(RpcHardwareInfo* info) {
38 info->versionNumber = 3;
39 info->rpcAuthorName = mDrmVendor;
40 info->supportedEekCurve = RpcHardwareInfo::CURVE_NONE;
41 info->supportedNumKeysInCsr = RpcHardwareInfo::MIN_SUPPORTED_NUM_KEYS_IN_CSR;
42 info->uniqueId = mDrmDesc;
43 return ScopedAStatus::ok();
44 }
45
generateEcdsaP256KeyPair(bool,MacedPublicKey *,std::vector<uint8_t> *)46 ScopedAStatus DrmRemotelyProvisionedComponent::generateEcdsaP256KeyPair(bool, MacedPublicKey*,
47 std::vector<uint8_t>*) {
48 return ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
49 IRemotelyProvisionedComponent::STATUS_REMOVED,
50 "generateEcdsaP256KeyPair not supported."));
51 }
52
generateCertificateRequest(bool,const std::vector<MacedPublicKey> &,const std::vector<uint8_t> &,const std::vector<uint8_t> &,DeviceInfo *,ProtectedData *,std::vector<uint8_t> *)53 ScopedAStatus DrmRemotelyProvisionedComponent::generateCertificateRequest(
54 bool, const std::vector<MacedPublicKey>&, const std::vector<uint8_t>&,
55 const std::vector<uint8_t>&, DeviceInfo*, ProtectedData*, std::vector<uint8_t>*) {
56 return ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
57 IRemotelyProvisionedComponent::STATUS_REMOVED,
58 "generateCertificateRequest not supported."));
59 }
60
getVerifiedDeviceInfo(cppbor::Map & deviceInfoMap)61 ScopedAStatus DrmRemotelyProvisionedComponent::getVerifiedDeviceInfo(cppbor::Map& deviceInfoMap) {
62 std::vector<uint8_t> verifiedDeviceInfo;
63 auto status = mDrm->getPropertyByteArray("verifiedDeviceInfo", &verifiedDeviceInfo);
64 if (!status.isOk()) {
65 ALOGE("getPropertyByteArray verifiedDeviceInfo failed. Details: [%s].",
66 status.getDescription().c_str());
67 return status;
68 }
69
70 auto [parsed, _, err] = cppbor::parse(
71 reinterpret_cast<const uint8_t*>(verifiedDeviceInfo.data()), verifiedDeviceInfo.size());
72
73 if (!parsed || !parsed->asMap()) {
74 ALOGE("Failed to parse the verified device info cbor: %s", err.c_str());
75 return ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
76 IRemotelyProvisionedComponent::STATUS_FAILED,
77 "Failed to parse the verified device info cbor."));
78 }
79
80 const cppbor::Map* verifiedDeviceInfoMap = parsed->asMap();
81 for (size_t i = 0; i < verifiedDeviceInfoMap->size(); i++) {
82 auto& [keyItem, valueItem] = (*verifiedDeviceInfoMap)[i];
83 ALOGI("Found device info %s", keyItem->asTstr()->value().data());
84 if (valueItem != nullptr && valueItem->asTstr() != nullptr &&
85 valueItem->asTstr()->value().empty()) {
86 ALOGI("Value is empty. Skip");
87 continue;
88 }
89 deviceInfoMap.add(keyItem->clone(), valueItem->clone());
90 }
91
92 return ScopedAStatus::ok();
93 }
94
getDeviceInfo(std::vector<uint8_t> * deviceInfo)95 ScopedAStatus DrmRemotelyProvisionedComponent::getDeviceInfo(std::vector<uint8_t>* deviceInfo) {
96 auto deviceInfoMap = cppbor::Map();
97 auto status = getVerifiedDeviceInfo(deviceInfoMap);
98 if (!status.isOk()) {
99 ALOGE("getVerifiedDeviceInfo failed. Details: [%s].", status.getDescription().c_str());
100 return status;
101 }
102 const std::map<std::string, std::string> keyToProp{{"brand", "ro.product.brand"},
103 {"manufacturer", "ro.product.manufacturer"},
104 {"model", "ro.product.model"},
105 {"device", "ro.product.device"},
106 {"product", "ro.product.name"}};
107 for (auto i : keyToProp) {
108 auto key = i.first;
109 auto prop = i.second;
110 const auto& val= deviceInfoMap.get(key);
111 if (val == nullptr || val->asTstr()->value().empty()) {
112 std::string propValue = android::base::GetProperty(prop, "");
113 if (propValue.empty()) {
114 ALOGE("Failed to get OS property %s", prop.c_str());
115 return ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
116 IRemotelyProvisionedComponent::STATUS_FAILED,
117 "Failed to get OS property."));
118 }
119 deviceInfoMap.add(cppbor::Tstr(key), cppbor::Tstr(propValue));
120 ALOGI("use OS property %s: %s", prop.c_str(), propValue.c_str());
121 } else {
122 ALOGI("use verified key %s: %s", key.c_str(), val->asTstr()->value().data());
123 }
124 }
125 deviceInfoMap.canonicalize();
126 *deviceInfo = deviceInfoMap.encode();
127 return ScopedAStatus::ok();
128 }
129
generateCertificateRequestV2(const std::vector<MacedPublicKey> &,const std::vector<uint8_t> & challenge,std::vector<uint8_t> * out)130 ScopedAStatus DrmRemotelyProvisionedComponent::generateCertificateRequestV2(
131 const std::vector<MacedPublicKey>&, const std::vector<uint8_t>& challenge,
132 std::vector<uint8_t>* out) {
133 // access csr input/output via setPropertyByteArray/getPropertyByteArray
134 auto status = mDrm->setPropertyByteArray("certificateSigningRequestChallenge", challenge);
135 if (!status.isOk()) {
136 ALOGE("setPropertyByteArray certificateSigningRequestChallenge failed. Details: [%s].",
137 status.getDescription().c_str());
138 return status;
139 }
140
141 std::vector<uint8_t> deviceInfo;
142 status = getDeviceInfo(&deviceInfo);
143 if (!status.isOk()) {
144 ALOGE("getDeviceInfo failed. Details: [%s].", status.getDescription().c_str());
145 return status;
146 }
147
148 status = mDrm->setPropertyByteArray("deviceInfo", deviceInfo);
149 if (!status.isOk()) {
150 ALOGE("setPropertyByteArray deviceInfo failed. Details: [%s].",
151 status.getDescription().c_str());
152 return status;
153 }
154
155 std::vector<uint8_t> deviceSignedCsrPayload;
156 status = mDrm->getPropertyByteArray("deviceSignedCsrPayload", &deviceSignedCsrPayload);
157 if (!status.isOk()) {
158 ALOGE("getPropertyByteArray deviceSignedCsrPayload failed. Details: [%s].",
159 status.getDescription().c_str());
160 return status;
161 }
162
163 // assemble AuthenticatedRequest (definition in IRemotelyProvisionedComponent.aidl)
164 *out = cppbor::Array()
165 .add(1 /* version */)
166 .add(cppbor::Map() /* UdsCerts */)
167 .add(cppbor::EncodedItem(mBcc))
168 .add(cppbor::EncodedItem(std::move(deviceSignedCsrPayload)))
169 .encode();
170 return ScopedAStatus::ok();
171 }
172 } // namespace android::mediadrm