widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge OEMCrypto KDF and usage functions

Browse Source 
Since KDF functions are only used right before specific functions, this
merges them to simplify internal state within OEMCrypto.

Fixes: 299527712
Change-Id: I426cfcdc102bd73cf65cd809b213da2474f44b34
This commit is contained in:
Jacob Trimble
2023-04-13 18:37:26 +00:00
committed by Robert Shih
parent b04fda2908
commit 488a4647db
21 changed files with 567 additions and 634 deletions
Download Patch File Download Diff File Expand all files Collapse all files

165
libwvdrmengine/oemcrypto/test/oec_session_util.cpp
View File

@@ -234,7 +234,8 @@ RoundTrip<CoreRequest, PrepAndSignRequest, CoreResponse, ResponseData>::
// verified by the server. This simulates that.
size_t gen_signature_length = 0;
size_t core_message_length = 0;
constexpr size_t small_size = 42; // arbitrary.
const vector<uint8_t> context = session()->GetDefaultContext();
const size_t small_size = context.size(); // arbitrary.
if (RequestHasNonce()) {
session()->GenerateNonce();
}
@@ -252,7 +253,10 @@ RoundTrip<CoreRequest, PrepAndSignRequest, CoreResponse, ResponseData>::
size_t message_size =
std::max(required_message_size_, core_message_length + small_size);
vector<uint8_t> data(message_size);
for (size_t i = 0; i < data.size(); i++) data[i] = i & 0xFF;
memcpy(&data[core_message_length], context.data(), context.size());
for (size_t i = context.size() + core_message_length; i < data.size(); i++) {
data[i] = i & 0xFF;
}
if (ShouldGenerateCorpus()) {
WriteRequestApiCorpus<CoreRequest>(gen_signature_length,
core_message_length, data);
@@ -348,29 +352,37 @@ void ProvisioningRoundTrip::PrepareSession(
const wvoec::WidevineKeybox& keybox) {
ASSERT_NO_FATAL_FAILURE(session_->open());
if (global_features.provisioning_method == OEMCrypto_Keybox) {
session_->GenerateDerivedKeysFromKeybox(keybox);
encryptor_ = session_->key_deriver();
keybox_ = &keybox;
} else if (global_features.provisioning_method ==
OEMCrypto_BootCertificateChain) {
// TODO(chelu): change this to CSR provisioning.
session_->LoadOEMCert(true);
session_->GenerateRsaSessionKey(&message_key_, &encrypted_message_key_);
encryptor_.set_enc_key(message_key_);
session_->GenerateRsaSessionKey();
encryptor_.set_enc_key(session_->session_key());
} else {
EXPECT_EQ(global_features.provisioning_method, OEMCrypto_OEMCertificate);
session_->LoadOEMCert(true);
session_->GenerateRsaSessionKey(&message_key_, &encrypted_message_key_);
encryptor_.set_enc_key(message_key_);
session_->GenerateRsaSessionKey();
encryptor_.set_enc_key(session_->session_key());
}
}
void ProvisioningRoundTrip::VerifyRequestSignature(
const vector<uint8_t>& data, const vector<uint8_t>& generated_signature,
size_t /* core_message_length */) {
if (global_features.provisioning_method == OEMCrypto_OEMCertificate) {
size_t core_message_length) {
if (keybox_ == nullptr) {
session()->VerifyRsaSignature(data, generated_signature.data(),
generated_signature.size(), kSign_RSASSA_PSS);
} else {
// Setup the derived keys using the proto message (ignoring the core
// message).
ASSERT_LE(core_message_length, data.size());
const std::vector<uint8_t> base_message(data.begin() + core_message_length,
data.end());
session()->GenerateDerivedKeysFromKeybox(*keybox_, base_message);
encryptor_ = session()->key_deriver();
request_ = base_message;
EXPECT_EQ(global_features.provisioning_method, OEMCrypto_Keybox);
ASSERT_EQ(HMAC_SHA256_SIGNATURE_SIZE, generated_signature.size());
std::vector<uint8_t> expected_signature;
@@ -403,11 +415,11 @@ void ProvisioningRoundTrip::CreateDefaultResponse() {
response_data_.rsa_key_length = encoded_rsa_key_.size();
}
response_data_.nonce = session_->nonce();
if (encrypted_message_key_.size() > 0) {
ASSERT_LE(encrypted_message_key_.size(), kMaxTestRSAKeyLength);
memcpy(response_data_.enc_message_key, encrypted_message_key_.data(),
encrypted_message_key_.size());
response_data_.enc_message_key_length = encrypted_message_key_.size();
if (session_->enc_session_key().size() > 0) {
ASSERT_LE(session_->enc_session_key().size(), kMaxTestRSAKeyLength);
memcpy(response_data_.enc_message_key, session_->enc_session_key().data(),
session_->enc_session_key().size());
response_data_.enc_message_key_length = session_->enc_session_key().size();
} else {
response_data_.enc_message_key_length = 0;
}
@@ -463,9 +475,6 @@ void ProvisioningRoundTrip::SignResponse() {
memcpy(encrypted_response_.data() + serialized_core_message_.size(),
reinterpret_cast<const uint8_t*>(&encrypted_response_data_),
sizeof(encrypted_response_data_));
if (global_features.provisioning_method == OEMCrypto_OEMCertificate) {
session()->GenerateDerivedKeysFromSessionKey();
}
session()->key_deriver().ServerSignBuffer(encrypted_response_.data(),
encrypted_response_.size(),
&response_signature_);
@@ -532,10 +541,10 @@ OEMCryptoResult ProvisioningRoundTrip::LoadResponseNoRetry(
EXPECT_NE(session, nullptr);
VerifyEncryptAndSignResponseLengths();
return OEMCrypto_LoadProvisioning(
session->session_id(), encrypted_response_.data(),
encrypted_response_.size(), serialized_core_message_.size(),
response_signature_.data(), response_signature_.size(),
wrapped_rsa_key_.data(), wrapped_key_length);
session->session_id(), request_.data(), request_.size(),
encrypted_response_.data(), encrypted_response_.size(),
serialized_core_message_.size(), response_signature_.data(),
response_signature_.size(), wrapped_rsa_key_.data(), wrapped_key_length);
}
void ProvisioningRoundTrip::VerifyLoadFailed() {
@@ -754,11 +763,13 @@ OEMCryptoResult Provisioning40CastRoundTrip::LoadResponseNoRetry(
Session* session, size_t* wrapped_key_length) {
EXPECT_NE(session, nullptr);
VerifyEncryptAndSignResponseLengths();
return OEMCrypto_LoadProvisioning(
session->session_id(), encrypted_response_.data(),
encrypted_response_.size(), serialized_core_message_.size(),
response_signature_.data(), response_signature_.size(),
wrapped_rsa_key_.data(), wrapped_key_length);
const std::vector<uint8_t> context = session->GetDefaultContext();
return OEMCrypto_LoadProvisioningCast(
session->session_id(), session->enc_session_key().data(),
session->enc_session_key().size(), context.data(), context.size(),
encrypted_response_.data(), encrypted_response_.size(),
serialized_core_message_.size(), response_signature_.data(),
response_signature_.size(), wrapped_rsa_key_.data(), wrapped_key_length);
}
void LicenseRoundTrip::VerifyRequestSignature(
@@ -1118,6 +1129,8 @@ OEMCryptoResult LicenseRoundTrip::LoadResponse(Session* session,
core_response_.key_array_length * sizeof(*core_response_.key_array));
}
const vector<uint8_t> context = session->GetDefaultContext();
// Some tests adjust the offset to be beyond the length of the message. Here,
// we create a duplicate of the main message buffer so that these offsets do
// not point to garbage data. The goal is to make sure OEMCrypto is verifying
@@ -1134,7 +1147,9 @@ OEMCryptoResult LicenseRoundTrip::LoadResponse(Session* session,
reinterpret_cast<const uint8_t*>(&encrypted_response_data_) +
sizeof(encrypted_response_data_));
OEMCryptoResult result = OEMCrypto_LoadLicense(
session->session_id(), double_message.data(), encrypted_response_.size(),
session->session_id(), context.data(), context.size(),
session->enc_session_key().data(), session->enc_session_key().size(),
double_message.data(), encrypted_response_.size(),
serialized_core_message_.size(), response_signature_.data(),
response_signature_.size());
if (verify_keys && result == OEMCrypto_SUCCESS) {
@@ -1659,63 +1674,42 @@ void Session::GenerateNonce(int* error_counter) {
}
}
void Session::FillDefaultContext(vector<uint8_t>* mac_context,
vector<uint8_t>* enc_context) {
/* Context strings
* These context strings are normally created by the CDM layer
vector<uint8_t> Session::GetDefaultContext() {
/* Context string
* This context string is normally created by the CDM layer
* from a license request message.
* They are used to test MAC and ENC key generation.
*/
*mac_context = wvutil::a2b_hex(
"41555448454e5449434154494f4e000a4c08001248000000020000101907d9ff"
"de13aa95c122678053362136bdf8408f8276e4c2d87ec52b61aa1b9f646e5873"
"4930acebe899b3e464189a14a87202fb02574e70640bd22ef44b2d7e3912250a"
"230a14080112100915007caa9b5931b76a3a85f046523e10011a093938373635"
"34333231180120002a0c31383836373837343035000000000200");
*enc_context = wvutil::a2b_hex(
"454e4352595054494f4e000a4c08001248000000020000101907d9ffde13aa95"
"c122678053362136bdf8408f8276e4c2d87ec52b61aa1b9f646e58734930aceb"
"e899b3e464189a14a87202fb02574e70640bd22ef44b2d7e3912250a230a1408"
"0112100915007caa9b5931b76a3a85f046523e10011a09393837363534333231"
"180120002a0c31383836373837343035000000000080");
return wvutil::a2b_hex(
"0a4c08001248000000020000101907d9ffde13aa95c122678053362136bdf840"
"8f8276e4c2d87ec52b61aa1b9f646e58734930acebe899b3e464189a14a87202"
"fb02574e70640bd22ef44b2d7e3912250a230a14080112100915007caa9b5931"
"b76a3a85f046523e10011a09393837363534333231180120002a0c3138383637"
"38373430350000");
}
// This should only be called if the device uses Provisioning 2.0. A failure in
// this function is probably caused by a bad keybox.
void Session::GenerateDerivedKeysFromKeybox(
const wvoec::WidevineKeybox& keybox) {
vector<uint8_t> mac_context;
vector<uint8_t> enc_context;
FillDefaultContext(&mac_context, &enc_context);
ASSERT_EQ(OEMCrypto_SUCCESS,
OEMCrypto_GenerateDerivedKeys(
session_id(), mac_context.data(), mac_context.size(),
enc_context.data(), enc_context.size()));
return GenerateDerivedKeysFromKeybox(keybox, GetDefaultContext());
}
void Session::GenerateDerivedKeysFromKeybox(
const wvoec::WidevineKeybox& keybox, const std::vector<uint8_t>& context) {
key_deriver_.DeriveKeys(keybox.device_key_, sizeof(keybox.device_key_),
mac_context, enc_context);
context);
}
void Session::GenerateDerivedKeysFromSessionKey() {
// Uses test certificate.
vector<uint8_t> session_key;
vector<uint8_t> enc_session_key;
ASSERT_TRUE(public_rsa_ || public_ec_)
<< "No public RSA/ECC key loaded in test code";
// A failure here probably indicates that there is something wrong with the
// test program and its dependency on BoringSSL.
ASSERT_TRUE(GenerateSessionKey(&session_key, &enc_session_key));
vector<uint8_t> mac_context;
vector<uint8_t> enc_context;
FillDefaultContext(&mac_context, &enc_context);
// A failure here is probably caused by having the wrong RSA key loaded.
ASSERT_EQ(OEMCrypto_SUCCESS,
OEMCrypto_DeriveKeysFromSessionKey(
session_id(), enc_session_key.data(), enc_session_key.size(),
mac_context.data(), mac_context.size(), enc_context.data(),
enc_context.size()));
GenerateDerivedKeysFromSessionKey(GetDefaultContext());
}
key_deriver_.DeriveKeys(session_key.data(), session_key.size(), mac_context,
enc_context);
void Session::GenerateDerivedKeysFromSessionKey(
const std::vector<uint8_t>& context) {
// Uses test certificate.
ASSERT_TRUE(GenerateSessionKey());
key_deriver_.DeriveKeys(session_key_.data(), session_key_.size(), context);
}
void Session::TestDecryptCTR(bool get_fresh_key_handle_first,
@@ -2016,19 +2010,17 @@ void Session::VerifySignature(const vector<uint8_t>& message,
FAIL() << "No public RSA or ECC key loaded in test code";
}
bool Session::GenerateRsaSessionKey(vector<uint8_t>* session_key,
vector<uint8_t>* enc_session_key) {
bool Session::GenerateRsaSessionKey() {
if (!public_rsa_) {
cerr << "No public RSA key loaded in test code\n";
return false;
}
*session_key = wvutil::a2b_hex("6fa479c731d2770b6a61a5d1420bb9d1");
*enc_session_key = public_rsa_->EncryptSessionKey(*session_key);
return !enc_session_key->empty();
session_key_ = wvutil::a2b_hex("6fa479c731d2770b6a61a5d1420bb9d1");
enc_session_key_ = public_rsa_->EncryptSessionKey(session_key_);
return !enc_session_key_.empty();
}
bool Session::GenerateEccSessionKey(vector<uint8_t>* session_key,
vector<uint8_t>* ecdh_public_key_data) {
bool Session::GenerateEccSessionKey() {
if (!public_ec_) {
cerr << "No public ECC key loaded in test code\n";
return false;
@@ -2043,24 +2035,23 @@ bool Session::GenerateEccSessionKey(vector<uint8_t>* session_key,
<< util::EccCurveToString(curve) << std::endl;
return false;
}
*session_key = server_ephemeral_keys_[curve]->DeriveSessionKey(*public_ec_);
if (session_key->empty()) {
session_key_ = server_ephemeral_keys_[curve]->DeriveSessionKey(*public_ec_);
if (session_key_.empty()) {
return false;
}
*ecdh_public_key_data = server_ephemeral_keys_[curve]->SerializeAsPublicKey();
if (ecdh_public_key_data->empty()) {
session_key->clear();
enc_session_key_ = server_ephemeral_keys_[curve]->SerializeAsPublicKey();
if (enc_session_key_.empty()) {
session_key_.clear();
return false;
}
return true;
}
bool Session::GenerateSessionKey(vector<uint8_t>* session_key,
vector<uint8_t>* key_material) {
bool Session::GenerateSessionKey() {
if (public_rsa_ != nullptr) {
return GenerateRsaSessionKey(session_key, key_material);
return GenerateRsaSessionKey();
} else if (public_ec_ != nullptr) {
return GenerateEccSessionKey(session_key, key_material);
return GenerateEccSessionKey();
}
cerr << "No public RSA or ECC key loaded in test code\n";
return false;