Fix CSR in wv factory upload tool
Merge of https://widevine-internal-review.googlesource.com/c/cdm/+/169024 The CSR extracted by WV internal BCC extraction tool is missing a field "unverifiedDeviceInfo". This is required by the RKP's device uploading tool for the CSR to be accepted. Also updated the size of the randomly generated challenge from 32 bytes to 64 bytes, same as what is used by rpk_factory_extraction_tool. Test: extracted CSR v2 and v3 and dry run uploading Bug: 275075496 Change-Id: Icc776f810c81ac6589d82935950167925f95f906
This commit is contained in:
Cong Lin
@@ -6,6 +6,8 @@
|
||||
|
||||
#define LOG_TAG "wv_factory_extraction_tool"
|
||||
|
||||
#include <cppbor.h>
|
||||
#include <cppbor_parse.h>
|
||||
#include <sys/random.h>
|
||||
|
||||
#include <algorithm>
|
||||
@@ -18,8 +20,10 @@
|
||||
#include <vector>
|
||||
|
||||
#include "WidevineProvisioner.h"
|
||||
#include "log.h"
|
||||
#include "properties.h"
|
||||
|
||||
constexpr size_t kChallengeSize = 32;
|
||||
constexpr size_t kChallengeSize = 64;
|
||||
|
||||
// The Google root key for the Endpoint Encryption Key chain, encoded as
|
||||
// COSE_Sign1
|
||||
@@ -121,15 +125,38 @@ cppbor::Array getCsr(widevine::WidevineProvisioner& provisioner) {
|
||||
return csr;
|
||||
}
|
||||
|
||||
std::vector<uint8_t> getCsrV3(widevine::WidevineProvisioner& provisioner) {
|
||||
std::unique_ptr<cppbor::Array> composeCertificateRequestV3(
|
||||
const std::vector<uint8_t>& csr) {
|
||||
auto [parsedCsr, _, csrErrMsg] = cppbor::parse(csr);
|
||||
if (!parsedCsr) {
|
||||
LOGE("Failed to parse input CSR.");
|
||||
return nullptr;
|
||||
}
|
||||
if (!parsedCsr->asArray()) {
|
||||
LOGE("Input CSR is not a CBOR array.");
|
||||
return nullptr;
|
||||
}
|
||||
std::string fingerPrint;
|
||||
if (!wvcdm::Properties::GetBuildInfo(&fingerPrint)) {
|
||||
LOGE("Failed to get finger print.");
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
cppbor::Map unverifiedDeviceInfo =
|
||||
cppbor::Map().add("fingerprint", cppbor::Tstr(fingerPrint));
|
||||
parsedCsr->asArray()->add(std::move(unverifiedDeviceInfo));
|
||||
return std::unique_ptr<cppbor::Array>(parsedCsr.release()->asArray());
|
||||
}
|
||||
|
||||
std::unique_ptr<cppbor::Array> getCsrV3(
|
||||
widevine::WidevineProvisioner& provisioner) {
|
||||
const std::vector<uint8_t> challenge = generateChallenge();
|
||||
std::vector<uint8_t> csr;
|
||||
|
||||
if (!provisioner.GenerateCertificateRequestV2(challenge, &csr)) {
|
||||
std::cerr << "Failed to generate certificate request v2." << std::endl;
|
||||
exit(-1);
|
||||
}
|
||||
return csr;
|
||||
return composeCertificateRequestV3(csr);
|
||||
}
|
||||
|
||||
int main(int argc, char** argv) {
|
||||
@@ -155,7 +182,11 @@ int main(int argc, char** argv) {
|
||||
std::ostream_iterator<char>(std::cout));
|
||||
} else if (!std::strcmp(argv[1], "csr_v3")) {
|
||||
auto csr = getCsrV3(provisioner);
|
||||
std::copy(csr.begin(), csr.end(), std::ostream_iterator<char>(std::cout));
|
||||
if (csr != nullptr) {
|
||||
auto bytes = csr->encode();
|
||||
std::copy(bytes.begin(), bytes.end(),
|
||||
std::ostream_iterator<char>(std::cout));
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user