Merge "Create libmediadrmrkp as drm to irpc adapter library" am: 9a518af7...

cc_library {

    name: "libmediadrmrkp",

    vendor_available: true,

    srcs: [

        "src/**/*.cpp",

    ],

    export_include_dirs: [

        "include"

    ],

    shared_libs: [

        "libbinder_ndk",

        "liblog",

        "android.hardware.drm-V1-ndk",

        "android.hardware.security.rkp-V3-ndk",

    ],

    defaults: [

        "keymint_use_latest_hal_aidl_ndk_shared",

    ],

    cflags: [

        "-Wall",

        "-Werror",

    ],

}

cc_binary {

    name: "test_libmediadrmrkp",

    srcs: [

        "test/*",

    ],

    shared_libs: [

        "libbinder_ndk",

        "liblog",

        "android.hardware.drm-V1-ndk",

        "android.hardware.security.rkp-V3-ndk",

    ],

    static_libs: [

        "libmediadrmrkp",

    ],

    vendor: true,

    cflags: [

        "-Wall",

        "-Werror",

    ],

}

 No newline at end of file

/*

 * Copyright (C) 2023 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#ifndef DRM_RKP_COMPONENT_H_

#define DRM_RKP_COMPONENT_H_

#include <aidl/android/hardware/drm/IDrmPlugin.h>

#include <aidl/android/hardware/security/keymint/BnRemotelyProvisionedComponent.h>

#include <aidl/android/hardware/security/keymint/RpcHardwareInfo.h>

namespace android::mediadrm {

using ::aidl::android::hardware::drm::IDrmPlugin;

using ::aidl::android::hardware::security::keymint::BnRemotelyProvisionedComponent;

using ::aidl::android::hardware::security::keymint::DeviceInfo;

using ::aidl::android::hardware::security::keymint::MacedPublicKey;

using ::aidl::android::hardware::security::keymint::ProtectedData;

using ::aidl::android::hardware::security::keymint::RpcHardwareInfo;

using ::ndk::ScopedAStatus;

class DrmRemotelyProvisionedComponent : public BnRemotelyProvisionedComponent {

  public:

    DrmRemotelyProvisionedComponent(std::shared_ptr<IDrmPlugin> drm, std::string drmVendor,

                                    std::string drmDesc);

    ScopedAStatus getHardwareInfo(RpcHardwareInfo* info) override;

    ScopedAStatus generateEcdsaP256KeyPair(bool testMode, MacedPublicKey* macedPublicKey,

                                           std::vector<uint8_t>* privateKeyHandle) override;

    ScopedAStatus generateCertificateRequest(bool testMode,

                                             const std::vector<MacedPublicKey>& keysToSign,

                                             const std::vector<uint8_t>& endpointEncCertChain,

                                             const std::vector<uint8_t>& challenge,

                                             DeviceInfo* deviceInfo, ProtectedData* protectedData,

                                             std::vector<uint8_t>* keysToSignMac) override;

    ScopedAStatus generateCertificateRequestV2(const std::vector<MacedPublicKey>& keysToSign,

                                               const std::vector<uint8_t>& challenge,

                                               std::vector<uint8_t>* csr) override;

  private:

    std::shared_ptr<IDrmPlugin> mDrm;

    std::string mDrmVendor;

    std::string mDrmDesc;

};

}  // namespace android::mediadrm

#endif  // DRM_RKP_COMPONENT_H_

 No newline at end of file

/*

 * Copyright (C) 2023 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#ifndef DRM_RKP_ADAPTER_H_

#define DRM_RKP_ADAPTER_H_

#include <aidl/android/hardware/security/keymint/BnRemotelyProvisionedComponent.h>

#include <map>

#include <string>

namespace android::mediadrm {

using IRemotelyProvisionedComponent =

        ::aidl::android::hardware::security::keymint::IRemotelyProvisionedComponent;

std::map<std::string, std::shared_ptr<IRemotelyProvisionedComponent>>

getDrmRemotelyProvisionedComponents();

}  // namespace android::mediadrm

#endif  // DRM_RKP_ADAPTER_H_

 No newline at end of file

/*

 * Copyright (C) 2023 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#define LOG_TAG "DrmRemotelyProvisionedComponent"

#include "DrmRemotelyProvisionedComponent.h"

#include <log/log.h>

namespace android::mediadrm {

DrmRemotelyProvisionedComponent::DrmRemotelyProvisionedComponent(std::shared_ptr<IDrmPlugin> drm,

                                                                 std::string drmVendor,

                                                                 std::string drmDesc)

    : mDrm(std::move(drm)), mDrmVendor(std::move(drmVendor)), mDrmDesc(std::move(drmDesc)) {}

ScopedAStatus DrmRemotelyProvisionedComponent::getHardwareInfo(RpcHardwareInfo* info) {

    info->versionNumber = 3;

    info->rpcAuthorName = mDrmVendor;

    info->supportedEekCurve = RpcHardwareInfo::CURVE_NONE;

    info->supportedNumKeysInCsr = RpcHardwareInfo::MIN_SUPPORTED_NUM_KEYS_IN_CSR;

    info->uniqueId = mDrmDesc;

    return ScopedAStatus::ok();

}

ScopedAStatus DrmRemotelyProvisionedComponent::generateEcdsaP256KeyPair(bool, MacedPublicKey*,

                                                                        std::vector<uint8_t>*) {

    return ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(

            IRemotelyProvisionedComponent::STATUS_REMOVED,

            "generateEcdsaP256KeyPair not supported."));

}

ScopedAStatus DrmRemotelyProvisionedComponent::generateCertificateRequest(

        bool, const std::vector<MacedPublicKey>&, const std::vector<uint8_t>&,

        const std::vector<uint8_t>&, DeviceInfo*, ProtectedData*, std::vector<uint8_t>*) {

    return ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(

            IRemotelyProvisionedComponent::STATUS_REMOVED,

            "generateCertificateRequest not supported."));

}

ScopedAStatus DrmRemotelyProvisionedComponent::generateCertificateRequestV2(

        const std::vector<MacedPublicKey>&, const std::vector<uint8_t>& challenge,

        std::vector<uint8_t>* csr) {

    // extract csr using setPropertyByteArray/getPropertyByteArray

    auto status = mDrm->setPropertyByteArray("certificateSigningRequestChallenge", challenge);

    if (!status.isOk()) {

        ALOGE("setPropertyByteArray certificateSigningRequestChallenge failed. Details: [%s].",

              status.getDescription().c_str());

        return status;

    }

    status = mDrm->getPropertyByteArray("certificateSigningRequest", csr);

    if (!status.isOk()) {

        ALOGE("getPropertyByteArray certificateSigningRequest failed. Details: [%s].",

              status.getDescription().c_str());

        return status;

    }

    return ScopedAStatus::ok();

}

}  // namespace android::mediadrm

 No newline at end of file

/*

 * Copyright (C) 2023 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#define LOG_TAG "DrmRkpAdapter"

#include "DrmRkpAdapter.h"

#include <aidl/android/hardware/drm/IDrmFactory.h>

#include <aidl/android/hardware/drm/IDrmPlugin.h>

#include <aidl/android/hardware/security/keymint/BnRemotelyProvisionedComponent.h>

#include <android/binder_manager.h>

#include <log/log.h>

#include "DrmRemotelyProvisionedComponent.h"

namespace android::mediadrm {

using CryptoSchemes = ::aidl::android::hardware::drm::CryptoSchemes;

using IDrmFactory = ::aidl::android::hardware::drm::IDrmFactory;

using IDrmPlugin = ::aidl::android::hardware::drm::IDrmPlugin;

std::map<std::string, std::shared_ptr<IRemotelyProvisionedComponent>>

getDrmRemotelyProvisionedComponents() {

    std::map<std::string, std::shared_ptr<IRemotelyProvisionedComponent>> comps;

    AServiceManager_forEachDeclaredInstance(

            IDrmFactory::descriptor, &comps, [](const char* instance, void* context) {

                auto fullName = std::string(IDrmFactory::descriptor) + "/" + std::string(instance);

                auto factory = IDrmFactory::fromBinder(

                        ::ndk::SpAIBinder(AServiceManager_waitForService(fullName.c_str())));

                if (factory == nullptr) {

                    ALOGE("not found IDrmFactory. Instance name:[%s]", fullName.c_str());

                    return;

                }

                ALOGI("found IDrmFactory. Instance name:[%s]", fullName.c_str());

                CryptoSchemes schemes{};

                auto status = factory->getSupportedCryptoSchemes(&schemes);

                if (!status.isOk()) {

                    ALOGE("getSupportedCryptoSchemes failed.Detail: [%s].",

                          status.getDescription().c_str());

                    return;

                }

                if (schemes.uuids.empty()) {

                    ALOGW("IDrmFactory Instance [%s] has empty supported schemes",

                          fullName.c_str());

                    return;

                }

                std::shared_ptr<IDrmPlugin> mDrm;

                status = factory->createDrmPlugin(schemes.uuids[0], "DrmRkpAdapter", &mDrm);

                if (!status.isOk()) {

                    ALOGE("createDrmPlugin failed.Detail: [%s].", status.getDescription().c_str());

                    return;

                }

                std::string drmVendor;

                status = mDrm->getPropertyString("vendor", &drmVendor);

                if (!status.isOk()) {

                    ALOGE("mDrm->getPropertyString(\"vendor\") failed.Detail: [%s].",

                          status.getDescription().c_str());

                    return;

                }

                std::string drmDesc;

                status = mDrm->getPropertyString("description", &drmDesc);

                if (!status.isOk()) {

                    ALOGE("mDrm->getPropertyString(\"description\") failed.Detail: [%s].",

                          status.getDescription().c_str());

                    return;

                }

                std::string compName = "DrmRemotelyProvisionedComponent_" + std::string(instance);

                auto comps = static_cast<

                        std::map<std::string, std::shared_ptr<IRemotelyProvisionedComponent>>*>(

                        context);

                (*comps)[compName] = ::ndk::SharedRefBase::make<DrmRemotelyProvisionedComponent>(

                        mDrm, drmVendor, drmDesc);

            });

    return comps;

}

}  // namespace android::mediadrm

 No newline at end of file