Implement license protocol 2.2 for OEMCrypto v19
This updates the code and tests to allow for using license protocol 2.2 when using OEMCrypto v19. Issue: 80428549 Issue: 121031064 Issue: 232464183 Change-Id: Ib6bb61f86dd310b566227462658530bca5940b88
This commit is contained in:
Jacob Trimble
committed by
Robert Shih
Robert Shih
parent
5f3bc77c52
commit
4b32cb4b10
@@ -782,17 +782,18 @@ void LicenseRoundTrip::VerifyRequestSignature(
|
||||
if (api_version_ > global_features.api_version)
|
||||
api_version_ = global_features.api_version;
|
||||
|
||||
vector<uint8_t> sign_source;
|
||||
if (global_features.api_version < 17) {
|
||||
const std::vector<uint8_t> subdata(data.begin() + core_message_length,
|
||||
data.end());
|
||||
session()->VerifyRsaSignature(subdata, generated_signature.data(),
|
||||
generated_signature.size(), kSign_RSASSA_PSS);
|
||||
SHA256(data.data(), core_message_length, request_hash_);
|
||||
sign_source.assign(data.begin() + core_message_length, data.end());
|
||||
} else if (global_features.api_version < 19) {
|
||||
sign_source = data;
|
||||
} else {
|
||||
session()->VerifySignature(data, generated_signature.data(),
|
||||
generated_signature.size(), kSign_RSASSA_PSS);
|
||||
SHA256(data.data(), core_message_length, request_hash_);
|
||||
sign_source.resize(SHA512_DIGEST_LENGTH);
|
||||
SHA512(data.data(), data.size(), sign_source.data());
|
||||
}
|
||||
session()->VerifySignature(sign_source, generated_signature.data(),
|
||||
generated_signature.size(), kSign_RSASSA_PSS);
|
||||
SHA256(data.data(), core_message_length, request_hash_);
|
||||
}
|
||||
|
||||
void LicenseRoundTrip::FillAndVerifyCoreRequest(
|
||||
@@ -998,7 +999,8 @@ void LicenseRoundTrip::FillCoreResponseSubstrings() {
|
||||
}
|
||||
|
||||
void LicenseRoundTrip::EncryptResponse(bool force_clear_kcb) {
|
||||
ASSERT_NO_FATAL_FAILURE(session_->GenerateDerivedKeysFromSessionKey());
|
||||
const auto context = session_->GetDefaultContext(!skip_request_hash_);
|
||||
ASSERT_NO_FATAL_FAILURE(session_->GenerateDerivedKeysFromSessionKey(context));
|
||||
encrypted_response_data_ = response_data_;
|
||||
uint8_t iv_buffer[KEY_IV_SIZE];
|
||||
memcpy(iv_buffer, &response_data_.mac_key_iv[0], KEY_IV_SIZE);
|
||||
@@ -1129,7 +1131,8 @@ OEMCryptoResult LicenseRoundTrip::LoadResponse(Session* session,
|
||||
core_response_.key_array_length * sizeof(*core_response_.key_array));
|
||||
}
|
||||
|
||||
const vector<uint8_t> context = session->GetDefaultContext();
|
||||
const vector<uint8_t> context =
|
||||
session->GetDefaultContext(!skip_request_hash_);
|
||||
|
||||
// Some tests adjust the offset to be beyond the length of the message. Here,
|
||||
// we create a duplicate of the main message buffer so that these offsets do
|
||||
@@ -1674,18 +1677,24 @@ void Session::GenerateNonce(int* error_counter) {
|
||||
}
|
||||
}
|
||||
|
||||
vector<uint8_t> Session::GetDefaultContext() {
|
||||
vector<uint8_t> Session::GetDefaultContext(bool do_hash) {
|
||||
/* Context string
|
||||
* This context string is normally created by the CDM layer
|
||||
* from a license request message.
|
||||
* They are used to test MAC and ENC key generation.
|
||||
*/
|
||||
return wvutil::a2b_hex(
|
||||
auto ret = wvutil::a2b_hex(
|
||||
"0a4c08001248000000020000101907d9ffde13aa95c122678053362136bdf840"
|
||||
"8f8276e4c2d87ec52b61aa1b9f646e58734930acebe899b3e464189a14a87202"
|
||||
"fb02574e70640bd22ef44b2d7e3912250a230a14080112100915007caa9b5931"
|
||||
"b76a3a85f046523e10011a09393837363534333231180120002a0c3138383637"
|
||||
"38373430350000");
|
||||
if (do_hash) {
|
||||
uint8_t hash[SHA512_DIGEST_LENGTH];
|
||||
SHA512(ret.data(), ret.size(), hash);
|
||||
ret.assign(hash, hash + sizeof(hash));
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
// This should only be called if the device uses Provisioning 2.0. A failure in
|
||||
|
||||
Reference in New Issue
Block a user