From 6db1ae51673603b3979c77b7bc42fd22c901f8d6 Mon Sep 17 00:00:00 2001
From: Cong Lin <conglin@google.com>
Date: Mon, 27 Mar 2023 10:12:46 -0700
Subject: [PATCH] Fix CSR in wv factory upload tool

Merge of https://widevine-internal-review.googlesource.com/c/cdm/+/169024

The CSR extracted by WV internal BCC extraction tool is missing a
field "unverifiedDeviceInfo". This is required by the RKP's device
uploading tool for the CSR to be accepted.

Also updated the size of the randomly generated challenge from 32 bytes
to 64 bytes, same as what is used by rpk_factory_extraction_tool.

Test: extracted CSR v2 and v3 and dry run uploading
Bug: 275075496
Change-Id: Icc776f810c81ac6589d82935950167925f95f906
---
 .../tools/factory_upload_tool/cli.cpp         | 41 ++++++++++++++++---
 1 file changed, 36 insertions(+), 5 deletions(-)

diff --git a/libwvdrmengine/tools/factory_upload_tool/cli.cpp b/libwvdrmengine/tools/factory_upload_tool/cli.cpp
index 76468be2..9e88e4fd 100644
--- a/libwvdrmengine/tools/factory_upload_tool/cli.cpp
+++ b/libwvdrmengine/tools/factory_upload_tool/cli.cpp
@@ -6,6 +6,8 @@
 
 #define LOG_TAG "wv_factory_extraction_tool"
 
+#include <cppbor.h>
+#include <cppbor_parse.h>
 #include <sys/random.h>
 
 #include <algorithm>
@@ -18,8 +20,10 @@
 #include <vector>
 
 #include "WidevineProvisioner.h"
+#include "log.h"
+#include "properties.h"
 
-constexpr size_t kChallengeSize = 32;
+constexpr size_t kChallengeSize = 64;
 
 // The Google root key for the Endpoint Encryption Key chain, encoded as
 // COSE_Sign1
@@ -121,15 +125,38 @@ cppbor::Array getCsr(widevine::WidevineProvisioner& provisioner) {
   return csr;
 }
 
-std::vector<uint8_t> getCsrV3(widevine::WidevineProvisioner& provisioner) {
+std::unique_ptr<cppbor::Array> composeCertificateRequestV3(
+    const std::vector<uint8_t>& csr) {
+  auto [parsedCsr, _, csrErrMsg] = cppbor::parse(csr);
+  if (!parsedCsr) {
+    LOGE("Failed to parse input CSR.");
+    return nullptr;
+  }
+  if (!parsedCsr->asArray()) {
+    LOGE("Input CSR is not a CBOR array.");
+    return nullptr;
+  }
+  std::string fingerPrint;
+  if (!wvcdm::Properties::GetBuildInfo(&fingerPrint)) {
+    LOGE("Failed to get finger print.");
+    return nullptr;
+  }
+
+  cppbor::Map unverifiedDeviceInfo =
+      cppbor::Map().add("fingerprint", cppbor::Tstr(fingerPrint));
+  parsedCsr->asArray()->add(std::move(unverifiedDeviceInfo));
+  return std::unique_ptr<cppbor::Array>(parsedCsr.release()->asArray());
+}
+
+std::unique_ptr<cppbor::Array> getCsrV3(
+    widevine::WidevineProvisioner& provisioner) {
   const std::vector<uint8_t> challenge = generateChallenge();
   std::vector<uint8_t> csr;
-
   if (!provisioner.GenerateCertificateRequestV2(challenge, &csr)) {
     std::cerr << "Failed to generate certificate request v2." << std::endl;
     exit(-1);
   }
-  return csr;
+  return composeCertificateRequestV3(csr);
 }
 
 int main(int argc, char** argv) {
@@ -155,7 +182,11 @@ int main(int argc, char** argv) {
               std::ostream_iterator<char>(std::cout));
   } else if (!std::strcmp(argv[1], "csr_v3")) {
     auto csr = getCsrV3(provisioner);
-    std::copy(csr.begin(), csr.end(), std::ostream_iterator<char>(std::cout));
+    if (csr != nullptr) {
+      auto bytes = csr->encode();
+      std::copy(bytes.begin(), bytes.end(),
+                std::ostream_iterator<char>(std::cout));
+    }
   }
   return 0;
 }