Merge "DrmRemotelyProvisionedComponent: assemble csr in adaptor" into main

    ],

    shared_libs: [

        "libbinder_ndk",

        "libcrypto",

        "liblog",

    ],

    static_libs: [

        "android.hardware.common-V2-ndk",

        "android.hardware.drm-V1-ndk",

        "android.hardware.security.rkp-V3-ndk",

        "libbase",

        "libcppbor_external",

    ],

    defaults: [

        "keymint_use_latest_hal_aidl_ndk_shared",

    shared_libs: [

        "libbinder_ndk",

        "liblog",

        "android.hardware.drm-V1-ndk",

        "android.hardware.security.rkp-V3-ndk",

    ],

    static_libs: [

        "android.hardware.common-V2-ndk",

        "android.hardware.drm-V1-ndk",

        "android.hardware.security.rkp-V3-ndk",

        "libbase",

        "libcppbor_external",

        "libmediadrmrkp",

    ],

    vendor: true,

#include <aidl/android/hardware/drm/IDrmPlugin.h>

#include <aidl/android/hardware/security/keymint/BnRemotelyProvisionedComponent.h>

#include <aidl/android/hardware/security/keymint/RpcHardwareInfo.h>

#include <cppbor.h>

namespace android::mediadrm {

                                               std::vector<uint8_t>* csr) override;

  private:

    ScopedAStatus getVerifiedDeviceInfo(cppbor::Map& deviceInfoMap);

    ScopedAStatus getDeviceInfo(std::vector<uint8_t>* deviceInfo);

    std::shared_ptr<IDrmPlugin> mDrm;

    std::string mDrmVendor;

    std::string mDrmDesc;

#define LOG_TAG "DrmRemotelyProvisionedComponent"

#include "DrmRemotelyProvisionedComponent.h"

#include <android-base/properties.h>

#include <cppbor.h>

#include <cppbor_parse.h>

#include <log/log.h>

#include <map>

#include <string>

namespace android::mediadrm {

DrmRemotelyProvisionedComponent::DrmRemotelyProvisionedComponent(std::shared_ptr<IDrmPlugin> drm,

            "generateCertificateRequest not supported."));

}

ScopedAStatus DrmRemotelyProvisionedComponent::getVerifiedDeviceInfo(cppbor::Map& deviceInfoMap) {

    std::vector<uint8_t> verifiedDeviceInfo;

    auto status = mDrm->getPropertyByteArray("verifiedDeviceInfo", &verifiedDeviceInfo);

    if (!status.isOk()) {

        ALOGE("getPropertyByteArray verifiedDeviceInfo failed. Details: [%s].",

              status.getDescription().c_str());

        return status;

    }

    auto [parsed, _, err] = cppbor::parse(

            reinterpret_cast<const uint8_t*>(verifiedDeviceInfo.data()), verifiedDeviceInfo.size());

    if (!parsed || !parsed->asMap()) {

        ALOGE("Failed to parse the verified device info cbor: %s", err.c_str());

        return ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(

                IRemotelyProvisionedComponent::STATUS_FAILED,

                "Failed to parse the verified device info cbor."));

    }

    const cppbor::Map* verifiedDeviceInfoMap = parsed->asMap();

    for (size_t i = 0; i < verifiedDeviceInfoMap->size(); i++) {

        auto& [keyItem, valueItem] = (*verifiedDeviceInfoMap)[i];

        ALOGI("Found device info %s", keyItem->asTstr()->value().data());

        if (valueItem != nullptr && valueItem->asTstr() != nullptr &&

            valueItem->asTstr()->value().empty()) {

            ALOGI("Value is empty. Skip");

            continue;

        }

        deviceInfoMap.add(keyItem->clone(), valueItem->clone());

    }

    return ScopedAStatus::ok();

}

ScopedAStatus DrmRemotelyProvisionedComponent::getDeviceInfo(std::vector<uint8_t>* deviceInfo) {

    auto deviceInfoMap = cppbor::Map();

    auto status = getVerifiedDeviceInfo(deviceInfoMap);

    if (!status.isOk()) {

        ALOGE("getVerifiedDeviceInfo failed. Details: [%s].", status.getDescription().c_str());

        return status;

    }

    const std::map<std::string, std::string> keyToProp{{"brand", "ro.product.brand"},

                                                       {"manufacturer", "ro.product.manufacturer"},

                                                       {"model", "ro.product.model"},

                                                       {"device", "ro.product.device"},

                                                       {"product", "ro.product.name"}};

    for (auto i : keyToProp) {

        auto key = i.first;

        auto prop = i.second;

        const auto& val= deviceInfoMap.get(key);

        if (val == nullptr || val->asTstr()->value().empty()) {

            std::string propValue = android::base::GetProperty(prop, "");

            if (propValue.empty()) {

                ALOGE("Failed to get OS property %s", prop.c_str());

                return ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(

                        IRemotelyProvisionedComponent::STATUS_FAILED,

                        "Failed to get OS property."));

            }

            deviceInfoMap.add(cppbor::Tstr(key), cppbor::Tstr(propValue));

            ALOGI("use OS property %s: %s", prop.c_str(), propValue.c_str());

        } else {

            ALOGI("use verified key %s: %s", key.c_str(), val->asTstr()->value().data());

        }

    }

    deviceInfoMap.canonicalize();

    *deviceInfo = deviceInfoMap.encode();

    return ScopedAStatus::ok();

}

ScopedAStatus DrmRemotelyProvisionedComponent::generateCertificateRequestV2(

        const std::vector<MacedPublicKey>&, const std::vector<uint8_t>& challenge,

        std::vector<uint8_t>* csr) {

    // extract csr using setPropertyByteArray/getPropertyByteArray

        std::vector<uint8_t>* out) {

    // access csr input/output via setPropertyByteArray/getPropertyByteArray

    auto status = mDrm->setPropertyByteArray("certificateSigningRequestChallenge", challenge);

    if (!status.isOk()) {

        ALOGE("setPropertyByteArray certificateSigningRequestChallenge failed. Details: [%s].",

        return status;

    }

    status = mDrm->getPropertyByteArray("certificateSigningRequest", csr);

    std::vector<uint8_t> bcc;

    status = mDrm->getPropertyByteArray("bootCertificateChain", &bcc);

    if (!status.isOk()) {

        ALOGE("getPropertyByteArray bootCertificateChain failed. Details: [%s].",

              status.getDescription().c_str());

        return status;

    }

    std::vector<uint8_t> deviceInfo;

    status = getDeviceInfo(&deviceInfo);

    if (!status.isOk()) {

        ALOGE("getDeviceInfo failed. Details: [%s].", status.getDescription().c_str());

        return status;

    }

    status = mDrm->setPropertyByteArray("deviceInfo", deviceInfo);

    if (!status.isOk()) {

        ALOGE("setPropertyByteArray deviceInfo failed. Details: [%s].",

              status.getDescription().c_str());

        return status;

    }

    std::vector<uint8_t> deviceSignedCsrPayload;

    status = mDrm->getPropertyByteArray("deviceSignedCsrPayload", &deviceSignedCsrPayload);

    if (!status.isOk()) {

        ALOGE("getPropertyByteArray certificateSigningRequest failed. Details: [%s].",

        ALOGE("getPropertyByteArray deviceSignedCsrPayload failed. Details: [%s].",

              status.getDescription().c_str());

        return status;

    }

    // assemble AuthenticatedRequest (definition in IRemotelyProvisionedComponent.aidl)

    *out = cppbor::Array()

                   .add(1 /* version */)

                   .add(cppbor::Map() /* UdsCerts */)

                   .add(cppbor::EncodedItem(std::move(bcc)))

                   .add(cppbor::EncodedItem(std::move(deviceSignedCsrPayload)))

                   .encode();

    return ScopedAStatus::ok();

}

}  // namespace android::mediadrm

 No newline at end of file