Add OEMCrypto tests for Cast prov 4 flow

Expected flow, which begins with a device that has already been provisioned with Prov 4 stage 1: 1. OEMCrypto_InstallOEMPrivateKey() 2. OEMCrypto_GenerateCertificateKeyPair() -> wrapped_csr_priv 3. OEMCrypto_LoadDRMPrivateKey(wrapped_csr_priv) 4. OEMCrypto_PrepAndSignProvisioningRequest() to create a Prov 4 provisioning request message type with a CAST request in the message body 5. Server sends a Prov 2 response. Server side derivation uses CSR keys to derive session key, mac keys, and encryption keys. 6. OEMCrypto_DeriveKeysFromSessionKey(), same derivation as server side 7. OEMCrypto_LoadProvisioning(), use derived keys to verify + decrypt The OEMCrypto_LoadDRMPrivateKey() step can happen before or after the PrepAndSignProvisioningRequest() call. Test: tests fail Bug: 259452440 Merged from https://widevine-internal-review.googlesource.com/172310 Change-Id: Id5e6737b187339ec93e3d0d03c28e2b379d60747
2023-04-25 23:21:33 +00:00
parent 5a17d8ebd9
commit 27421a9161
6 changed files with 297 additions and 0 deletions
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_session_tests_helper.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_session_tests_helper.cpp
@@ -167,4 +167,45 @@ void SessionUtil::CreateProv4DRMKey() {
  drm_public_key_ = provisioning_messages.drm_public_key();
 }

+// Requires stage 1 prov4 to be complete, ie OEM key is available
+void SessionUtil::CreateProv4CastKey(Session* s,
+                                     bool load_drm_before_prov_req) {
+  if (global_features.provisioning_method != OEMCrypto_BootCertificateChain) {
+    FAIL() << "Provisioning 4.0 is required.";
+  }
+
+  Provisioning40CastRoundTrip prov_cast(s, encoded_rsa_key_);
+
+  // Calls GenerateCertificateKeyPair(). Generated keys stored in
+  // prov_cast.drm_public_key_ and prov_cast.wrapped_drm_key_
+  ASSERT_NO_FATAL_FAILURE(prov_cast.PrepareSession());
+
+  // Can choose to load DRM key before preparing the provisioning request, or
+  // after
+  if (load_drm_before_prov_req) {
+    ASSERT_NO_FATAL_FAILURE(prov_cast.LoadDRMPrivateKey());
+  }
+  ASSERT_NO_FATAL_FAILURE(s->SetPublicKeyFromSubjectPublicKey(
+      prov_cast.drm_key_type(), prov_cast.drm_public_key().data(),
+      prov_cast.drm_public_key().size()));
+  ASSERT_NO_FATAL_FAILURE(prov_cast.SignAndVerifyRequest());
+  if (!load_drm_before_prov_req) {
+    ASSERT_NO_FATAL_FAILURE(prov_cast.LoadDRMPrivateKey());
+  }
+
+  // Generate derived keys in order to verify and decrypt response.
+  // We are cheating a little bit here since this GenerateDerivedKeys helper
+  // simulates work on both client side (calls
+  // OEMCrypto_GenerateDerivedKeysFromSessionKey) and server side (sets
+  // key_deriver() keys used to create response)
+  ASSERT_NO_FATAL_FAILURE(s->GenerateDerivedKeysFromSessionKey());
+
+  // Response is provisioning 2 with CAST key
+  ASSERT_NO_FATAL_FAILURE(prov_cast.CreateDefaultResponse());
+  ASSERT_NO_FATAL_FAILURE(prov_cast.EncryptAndSignResponse());
+
+  // Should parse and load successfully
+  ASSERT_EQ(OEMCrypto_SUCCESS, prov_cast.LoadResponse());
+}
+
 }  // namespace wvoec