Pick widevine oemcrypto-v18 change
No-Typo-Check: From a third party header file Bug: 260918793 Test: unit tests Test: atp v2/widevine-eng/drm_compliance Change-Id: I36effd6a10a99bdb2399ab1f4a0fad026d607c70
This commit is contained in:
Kyle Zhang
@@ -20,16 +20,23 @@ const uint8_t* find(const vector<uint8_t>& message,
|
||||
return &(*pos);
|
||||
}
|
||||
|
||||
// This creates a wrapped RSA key.
|
||||
void SessionUtil::CreateWrappedRSAKey() {
|
||||
Session s;
|
||||
ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
|
||||
provisioning_messages.PrepareSession(keybox_);
|
||||
ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
|
||||
ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, provisioning_messages.LoadResponse());
|
||||
wrapped_rsa_key_ = provisioning_messages.wrapped_rsa_key();
|
||||
void SessionUtil::CreateWrappedDRMKey() {
|
||||
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||
// Have the device create a wrapped key.
|
||||
CreateProv4DRMKey();
|
||||
} else {
|
||||
// Create a wrapped RSA key from encoded_rsa_key_.
|
||||
Session s;
|
||||
ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
|
||||
provisioning_messages.PrepareSession(keybox_);
|
||||
ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
|
||||
ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
|
||||
ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, provisioning_messages.LoadResponse());
|
||||
wrapped_drm_key_ = provisioning_messages.wrapped_rsa_key();
|
||||
drm_key_type_ = OEMCrypto_RSA_Private_Key;
|
||||
drm_public_key_.clear();
|
||||
}
|
||||
}
|
||||
|
||||
void SessionUtil::InstallKeybox(const wvoec::WidevineKeybox& keybox,
|
||||
@@ -48,7 +55,7 @@ void SessionUtil::InstallKeybox(const wvoec::WidevineKeybox& keybox,
|
||||
}
|
||||
}
|
||||
|
||||
void SessionUtil::EnsureTestKeys() {
|
||||
void SessionUtil::EnsureTestROT() {
|
||||
switch (global_features.derive_key_method) {
|
||||
case DeviceFeatures::LOAD_TEST_KEYBOX:
|
||||
keybox_ = kTestKeybox;
|
||||
@@ -73,51 +80,91 @@ void SessionUtil::EnsureTestKeys() {
|
||||
|
||||
// This makes sure that the derived keys (encryption key and two mac keys)
|
||||
// are installed in OEMCrypto and in the test session.
|
||||
void SessionUtil::InstallTestRSAKey(Session* s) {
|
||||
if (global_features.provisioning_method == OEMCrypto_BootCertificateChain) {
|
||||
if (wrapped_rsa_key_.size() == 0) {
|
||||
// If we don't have a wrapped key yet, create one.
|
||||
// This wrapped key will be shared by all sessions in the test.
|
||||
const size_t buffer_size = 5000; // Make sure it is large enough.
|
||||
std::vector<uint8_t> public_key(buffer_size);
|
||||
size_t public_key_size = buffer_size;
|
||||
std::vector<uint8_t> public_key_signature(buffer_size);
|
||||
size_t public_key_signature_size = buffer_size;
|
||||
std::vector<uint8_t> wrapped_private_key(buffer_size);
|
||||
size_t wrapped_private_key_size = buffer_size;
|
||||
OEMCrypto_PrivateKeyType key_type;
|
||||
// Assume OEM cert has been loaded.
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS,
|
||||
OEMCrypto_GenerateCertificateKeyPair(
|
||||
s->session_id(), public_key.data(), &public_key_size,
|
||||
public_key_signature.data(), &public_key_signature_size,
|
||||
wrapped_private_key.data(), &wrapped_private_key_size,
|
||||
&key_type));
|
||||
// Assume the public key has been verified by the server and the DRM cert
|
||||
// is returned.
|
||||
wrapped_private_key.resize(wrapped_private_key_size);
|
||||
public_key.resize(public_key_size);
|
||||
wrapped_rsa_key_ = wrapped_private_key;
|
||||
drm_public_key_ = public_key;
|
||||
key_type_ = key_type;
|
||||
}
|
||||
ASSERT_NO_FATAL_FAILURE(s->LoadWrappedDrmKey(key_type_, wrapped_rsa_key_));
|
||||
ASSERT_NO_FATAL_FAILURE(s->SetPublicKeyFromSubjectPublicKey(
|
||||
key_type_, drm_public_key_.data(), drm_public_key_.size()));
|
||||
return;
|
||||
}
|
||||
|
||||
void SessionUtil::InstallTestDrmKey(Session* s) {
|
||||
if (global_features.loads_certificate) {
|
||||
if (wrapped_rsa_key_.size() == 0) {
|
||||
if (wrapped_drm_key_.size() == 0) {
|
||||
// If we don't have a wrapped key yet, create one.
|
||||
// This wrapped key will be shared by all sessions in the test.
|
||||
ASSERT_NO_FATAL_FAILURE(CreateWrappedRSAKey());
|
||||
ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
|
||||
}
|
||||
// Load the wrapped rsa test key.
|
||||
ASSERT_NO_FATAL_FAILURE(s->LoadWrappedRsaDrmKey(wrapped_rsa_key_));
|
||||
// Load the wrapped drm test key.
|
||||
ASSERT_NO_FATAL_FAILURE(
|
||||
s->LoadWrappedDrmKey(drm_key_type_, wrapped_drm_key_));
|
||||
if (drm_public_key_.size() > 0) {
|
||||
ASSERT_NO_FATAL_FAILURE(s->SetPublicKeyFromSubjectPublicKey(
|
||||
drm_key_type_, drm_public_key_.data(), drm_public_key_.size()));
|
||||
} else {
|
||||
ASSERT_NO_FATAL_FAILURE(s->SetPublicKeyFromPrivateKeyInfo(
|
||||
drm_key_type_, encoded_rsa_key_.data(), encoded_rsa_key_.size()));
|
||||
}
|
||||
} else {
|
||||
// Test RSA key should be loaded.
|
||||
ASSERT_NO_FATAL_FAILURE(s->SetTestRsaPublicKey());
|
||||
}
|
||||
// Test RSA key should be loaded.
|
||||
ASSERT_NO_FATAL_FAILURE(s->SetTestRsaPublicKey());
|
||||
}
|
||||
|
||||
// Generate OEM key pair, craft a provisioning 4.0 OEM cert request, sign it
|
||||
// with the OEM private key and verify the signature. Finally, install OEM
|
||||
// private to session s.
|
||||
void SessionUtil::CreateProv4OEMKey(Session* s) {
|
||||
ASSERT_NE(s, nullptr);
|
||||
if (global_features.provisioning_method != OEMCrypto_BootCertificateChain) {
|
||||
FAIL() << "Provisioning 4.0 is required.";
|
||||
}
|
||||
Provisioning40RoundTrip provisioning_messages(s);
|
||||
// Generate key pair.
|
||||
ASSERT_NO_FATAL_FAILURE(provisioning_messages.PrepareSession(true));
|
||||
// Need OEM public key to verify the signed request.
|
||||
ASSERT_NO_FATAL_FAILURE(s->SetPublicKeyFromSubjectPublicKey(
|
||||
provisioning_messages.oem_key_type(),
|
||||
provisioning_messages.oem_public_key().data(),
|
||||
provisioning_messages.oem_public_key().size()));
|
||||
// Save the generated keys, which will be used by DRM cert provisioning later.
|
||||
wrapped_oem_key_ = provisioning_messages.wrapped_oem_key();
|
||||
oem_public_key_ = provisioning_messages.oem_public_key();
|
||||
oem_key_type_ = provisioning_messages.oem_key_type();
|
||||
ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
|
||||
// Install OEM private key into the session.
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, provisioning_messages.LoadOEMCertResponse());
|
||||
}
|
||||
|
||||
// Generate DRM key pair, craft a provisioning 4.0 DRM cert request, sign it
|
||||
// with the OEM private key and verify the signature. Finally, install DRM
|
||||
// private to session s. An OEM cert needs to be installed first. It is also
|
||||
// done in this function.
|
||||
void SessionUtil::CreateProv4DRMKey() {
|
||||
if (global_features.provisioning_method != OEMCrypto_BootCertificateChain) {
|
||||
FAIL() << "Provisioning 4.0 is required.";
|
||||
}
|
||||
// Provision OEM key first.
|
||||
if (wrapped_oem_key_.size() == 0) {
|
||||
Session oem_session;
|
||||
ASSERT_NO_FATAL_FAILURE(oem_session.open());
|
||||
ASSERT_NO_FATAL_FAILURE(CreateProv4OEMKey(&oem_session));
|
||||
}
|
||||
Session s;
|
||||
ASSERT_NO_FATAL_FAILURE(s.open());
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS,
|
||||
OEMCrypto_InstallOemPrivateKey(
|
||||
s.session_id(), oem_key_type_,
|
||||
reinterpret_cast<const uint8_t*>(wrapped_oem_key_.data()),
|
||||
wrapped_oem_key_.size()));
|
||||
ASSERT_NO_FATAL_FAILURE(s.SetPublicKeyFromSubjectPublicKey(
|
||||
oem_key_type_, oem_public_key_.data(), oem_public_key_.size()));
|
||||
|
||||
// Provision DRM key.
|
||||
Provisioning40RoundTrip provisioning_messages(&s);
|
||||
ASSERT_NO_FATAL_FAILURE(provisioning_messages.PrepareSession(false));
|
||||
// Need DRM public key to verify DRM request signature.
|
||||
ASSERT_NO_FATAL_FAILURE(s.SetPublicKeyFromSubjectPublicKey(
|
||||
provisioning_messages.drm_key_type(),
|
||||
provisioning_messages.drm_public_key().data(),
|
||||
provisioning_messages.drm_public_key().size()));
|
||||
ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
|
||||
ASSERT_EQ(OEMCrypto_SUCCESS, provisioning_messages.LoadDRMCertResponse());
|
||||
wrapped_drm_key_ = provisioning_messages.wrapped_drm_key();
|
||||
drm_key_type_ = provisioning_messages.drm_key_type();
|
||||
drm_public_key_ = provisioning_messages.drm_public_key();
|
||||
}
|
||||
|
||||
} // namespace wvoec
|
||||
|
||||
Reference in New Issue
Block a user