OEMCrypto Tests Provisioning Method

Merge from widevine repo of http://go/wvgerrit/21682 This CL updates oemcrypto/test/oec_device_features.cpp to figure out the provisioning method and filter out tests that are not relevant to the device's method. This CL also introduces unit tests for GetOEMPublicCertificate. Unit tests for RewrapDeviceRSAKey30 will be in a future CL. Change-Id: Ib7065ce866d1171ca61b9aa08188fa2ac8d90fc2
2016-11-29 15:15:08 -08:00
parent 0fb76d5c1b
commit 053ff5bd3c
6 changed files with 251 additions and 22 deletions
--- a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp
+++ b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp
@@ -531,6 +531,54 @@ void Session::TestDecryptCTR(bool select_key_first,
  }
 }

+void Session::LoadOEMCert(bool verify_cert) {
+  vector<uint8_t> public_cert;
+  size_t public_cert_length = 0;
+  ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER,
+            OEMCrypto_GetOEMPublicCertificate(session_id(), NULL,
+                                              &public_cert_length));
+  ASSERT_GT(public_cert_length, 0);
+  public_cert.resize(public_cert_length);
+  ASSERT_EQ(OEMCrypto_SUCCESS,
+            OEMCrypto_GetOEMPublicCertificate(session_id(), &public_cert[0],
+                                              &public_cert_length));
+  // load the cert into rsa_key_.
+  openssl_ptr<BIO, BIO_vfree> bio(
+      BIO_new_mem_buf(&public_cert[0], public_cert_length));
+  ASSERT_TRUE(bio.NotNull());
+  openssl_ptr<X509, X509_free> cert(
+      PEM_read_bio_X509(bio.get(), NULL, 0, NULL));
+  ASSERT_TRUE(cert.NotNull());
+  openssl_ptr<EVP_PKEY, EVP_PKEY_free> pubkey(X509_get_pubkey(cert.get()));
+  ASSERT_TRUE(pubkey.NotNull());
+  public_rsa_ = EVP_PKEY_get1_RSA(pubkey.get());
+  if (!public_rsa_) {
+    cout << "d2i_RSAPrivateKey failed.\n";
+    dump_openssl_error();
+    ASSERT_TRUE(NULL != public_rsa_);
+  }
+  if (verify_cert) {
+    vector<char> buffer(80);
+    X509_NAME* name = X509_get_subject_name(cert.get());
+    printf("  OEM Certificate Name: %s\n",
+           X509_NAME_oneline(name, &buffer[0], buffer.size()));
+    openssl_ptr<X509_STORE, X509_STORE_free> store(X509_STORE_new());
+    ASSERT_TRUE(store.NotNull());
+    openssl_ptr<X509_STORE_CTX, X509_STORE_CTX_free> store_ctx(
+        X509_STORE_CTX_new());
+    ASSERT_TRUE(store_ctx.NotNull());
+    X509_STORE_CTX_init(store_ctx.get(), store.get(), cert.get(), NULL);
+    // TODO(fredgc): Verify cert is signed by Google.
+    int result = X509_verify_cert(store_ctx.get());
+    ASSERT_GE(0, result) << "  OEM Cert not valid. "
+                         << X509_verify_cert_error_string(store_ctx->error);
+    if (result == 0) {
+      printf("Cert not verified: %s.\n",
+             X509_verify_cert_error_string(store_ctx->error));
+    }
+  }
+}
+
 void Session::MakeRSACertificate(struct RSAPrivateKeyMessage* encrypted,
                                 size_t message_size,
                                 std::vector<uint8_t>* signature,