From 7397f773439e9cb316fff7fa07f2b297242974c3 Mon Sep 17 00:00:00 2001 From: Fred Gylys-Colwell Date: Thu, 16 Sep 2021 22:08:34 +0000 Subject: [PATCH] Updates to OTA Keybox Reprovisioning [ Cherry pick of http://ag/15847758 ] Adjust OTA code to account for some design changes and add integration tests. Merge from Widevine repo of http://go/wvgerrit/133775 Change use_test_key to uint32_t type Merge from Widevine repo of http://go/wvgerrit/133774 Cleanup CDM OKP info before tests. Merge from Widevine repo of http://go/wvgerrit/133773 Change context for derivation in OTA keybox solution Merge from Widevine repo of http://go/wvgerrit/133772 Updated OTA keybox key derivation. Merge from Widevine repo of http://go/wvgerrit/133771 Use double provisioning step in integration tests Merge from Widevine repo of http://go/wvgerrit/133770 Erase keybox on initialization for OEMCrypto testbed Merge from Widevine repo of http://go/wvgerrit/133769 Add session id to OEMCrypto OTA functions Merge from Widevine repo of http://go/wvgerrit/133768 Integration test for OTA Keybox reprovisioning Merge from Widevine repo of http://go/wvgerrit/133767 Add test x509 cert for testing Merge from Widevine repo of http://go/wvgerrit/133766 OTA Keybox basic functionality in testbed Merge from Widevine repo of http://go/wvgerrit/133765 Update OTA test script to use newer build scripts Merge from Widevine repo of http://go/wvgerrit/133764 Adjust comment stype for doxygen Test: MediaDrmTest and Android unittests Bug: 190505461 Bug: 190505461 Bug: 190505461 bug: 187646550 Bug: 187646550 Bug: 187646550 Bug: 187646550 Bug: 190505461 Bug: 187646550 Bug: 188228998 Bug: 190505461 Bug: 187646550 Change-Id: I41ff819a1fd8aca2e20adb25127fa0d9c4879b01 --- libwvdrmengine/build_all_unit_tests.sh | 3 + .../cdm/core/include/crypto_session.h | 1 + .../cdm/core/src/crypto_session.cpp | 13 +- .../core/src/oemcrypto_adapter_dynamic.cpp | 25 +- .../cdm/core/src/oemcrypto_ota_stubs.cpp | 11 +- .../cdm/core/test/keybox_ota_test.cpp | 113 +++++++- libwvdrmengine/cdm/core/test/test_base.cpp | 5 +- libwvdrmengine/cdm/test/Android.mk | 4 +- .../oemcrypto/include/OEMCryptoCENC.h | 106 ++++---- .../oemcrypto/test/ota_keybox_test.cpp | 254 +++++++++++++++++- 10 files changed, 443 insertions(+), 92 deletions(-) diff --git a/libwvdrmengine/build_all_unit_tests.sh b/libwvdrmengine/build_all_unit_tests.sh index c1faf174..2892ca04 100755 --- a/libwvdrmengine/build_all_unit_tests.sh +++ b/libwvdrmengine/build_all_unit_tests.sh @@ -48,6 +48,7 @@ WV_TEST_TARGETS="base64_test \ hidl_metrics_adapter_unittest \ http_socket_test \ initialization_data_unittest \ + keybox_ota_test \ libwvdrmdrmplugin_hidl_test \ libwvdrmdrmplugin_test \ libwvdrmengine_hidl_test \ @@ -59,6 +60,8 @@ WV_TEST_TARGETS="base64_test \ metrics_collections_unittest \ oemcrypto_test \ odk_test \ + okp_fallback_policy_test \ + ota_keybox_provisioner_test \ policy_engine_constraints_unittest \ policy_engine_unittest \ policy_integration_test \ diff --git a/libwvdrmengine/cdm/core/include/crypto_session.h b/libwvdrmengine/cdm/core/include/crypto_session.h index 6d04ba4a..f45b547f 100644 --- a/libwvdrmengine/cdm/core/include/crypto_session.h +++ b/libwvdrmengine/cdm/core/include/crypto_session.h @@ -329,6 +329,7 @@ class CryptoSession { #if defined(UNIT_TEST) friend class CertificateProvisioningTest; friend class WvCdmTestBase; + friend class CdmOtaKeyboxTest; #endif // The global factory method can be set to generate special crypto sessions diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp index c6b1b16c..3bcee3ce 100644 --- a/libwvdrmengine/cdm/core/src/crypto_session.cpp +++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp @@ -3041,9 +3041,10 @@ okp::SystemFallbackPolicy* CryptoSession::GetOkpFallbackPolicy() { CdmResponseType CryptoSession::PrepareOtaProvisioningRequest( bool use_test_key, std::string* request) { RETURN_IF_NULL(request, PARAMETER_NULL); + RETURN_IF_NOT_OPEN(CRYPTO_SESSION_NOT_OPEN); size_t buffer_length = 0; - OEMCryptoResult status = - OEMCrypto_GenerateOTARequest(nullptr, &buffer_length, use_test_key); + OEMCryptoResult status = OEMCrypto_GenerateOTARequest( + oec_session_id_, nullptr, &buffer_length, use_test_key); if (status != OEMCrypto_ERROR_SHORT_BUFFER) return MapOEMCryptoResult(status, UNKNOWN_ERROR, "PrepareOtaProvisioningRequest"); @@ -3053,7 +3054,8 @@ CdmResponseType CryptoSession::PrepareOtaProvisioningRequest( } request->resize(buffer_length); uint8_t* buf = reinterpret_cast(&request->front()); - status = OEMCrypto_GenerateOTARequest(buf, &buffer_length, use_test_key); + status = OEMCrypto_GenerateOTARequest(oec_session_id_, buf, &buffer_length, + use_test_key ? 1 : 0); if (OEMCrypto_SUCCESS != status) { request->clear(); } else if (buffer_length != request->size()) { @@ -3065,9 +3067,10 @@ CdmResponseType CryptoSession::PrepareOtaProvisioningRequest( CdmResponseType CryptoSession::LoadOtaProvisioning( bool use_test_key, const std::string& response) { + RETURN_IF_NOT_OPEN(CRYPTO_SESSION_NOT_OPEN); const OEMCryptoResult status = OEMCrypto_ProcessOTAKeybox( - reinterpret_cast(response.data()), response.size(), - use_test_key); + oec_session_id_, reinterpret_cast(response.data()), + response.size(), use_test_key ? 1 : 0); return MapOEMCryptoResult(status, UNKNOWN_ERROR, "LoadOtaProvisioning"); } diff --git a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp index 759c280d..d28bf1b4 100644 --- a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp +++ b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp @@ -318,12 +318,14 @@ typedef OEMCryptoResult (*L1_LoadProvisioning_t)( size_t signature_length, uint8_t* wrapped_private_key, size_t* wrapped_private_key_length); typedef uint32_t (*L1_MinorAPIVersion_t)(); -typedef OEMCryptoResult (*L1_GenerateOTARequest_t)(uint8_t* buffer, +typedef OEMCryptoResult (*L1_GenerateOTARequest_t)(OEMCrypto_SESSION session, + uint8_t* buffer, size_t* buffer_length, - bool use_test_key); -typedef OEMCryptoResult (*L1_ProcessOTAKeybox_t)(const uint8_t* buffer, + uint32_t use_test_key); +typedef OEMCryptoResult (*L1_ProcessOTAKeybox_t)(OEMCrypto_SESSION session, + const uint8_t* buffer, size_t buffer_length, - bool use_test_key); + uint32_t use_test_key); struct FunctionPointers { wvcdm::CdmSecurityLevel security_level; uint32_t version; @@ -2797,23 +2799,24 @@ extern "C" OEMCryptoResult OEMCrypto_FreeSecureBuffer( return pair.fcn->FreeSecureBuffer(pair.session, output_descriptor, secure_fd); } -extern "C" OEMCryptoResult OEMCrypto_GenerateOTARequest(uint8_t* buffer, - size_t* buffer_length, - bool use_test_key) { +extern "C" OEMCryptoResult OEMCrypto_GenerateOTARequest( + OEMCrypto_SESSION session, uint8_t* buffer, size_t* buffer_length, + uint32_t use_test_key) { if (!gAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; const FunctionPointers* fcn = gAdapter->GetFunctionPointers(kLevelDefault); if (!fcn) return OEMCrypto_ERROR_UNKNOWN_FAILURE; if (fcn->GenerateOTARequest == nullptr) return OEMCrypto_ERROR_NOT_IMPLEMENTED; - return fcn->GenerateOTARequest(buffer, buffer_length, use_test_key); + return fcn->GenerateOTARequest(session, buffer, buffer_length, use_test_key); } -extern "C" OEMCryptoResult OEMCrypto_ProcessOTAKeybox(const uint8_t* buffer, +extern "C" OEMCryptoResult OEMCrypto_ProcessOTAKeybox(OEMCrypto_SESSION session, + const uint8_t* buffer, size_t buffer_length, - bool use_test_key) { + uint32_t use_test_key) { if (!gAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; const FunctionPointers* fcn = gAdapter->GetFunctionPointers(kLevelDefault); if (!fcn) return OEMCrypto_ERROR_UNKNOWN_FAILURE; if (fcn->ProcessOTAKeybox == nullptr) return OEMCrypto_ERROR_NOT_IMPLEMENTED; - return fcn->ProcessOTAKeybox(buffer, buffer_length, use_test_key); + return fcn->ProcessOTAKeybox(session, buffer, buffer_length, use_test_key); } diff --git a/libwvdrmengine/cdm/core/src/oemcrypto_ota_stubs.cpp b/libwvdrmengine/cdm/core/src/oemcrypto_ota_stubs.cpp index 74bfb3c1..2c0b59de 100644 --- a/libwvdrmengine/cdm/core/src/oemcrypto_ota_stubs.cpp +++ b/libwvdrmengine/cdm/core/src/oemcrypto_ota_stubs.cpp @@ -4,14 +4,15 @@ #include "OEMCryptoCENC.h" -extern "C" OEMCryptoResult OEMCrypto_GenerateOTARequest(uint8_t* buffer, - size_t* buffer_length, - bool use_test_key) { +extern "C" OEMCryptoResult OEMCrypto_GenerateOTARequest( + OEMCrypto_SESSION session, uint8_t* buffer, size_t* buffer_length, + uint32_t use_test_key) { return OEMCrypto_ERROR_NOT_IMPLEMENTED; } -extern "C" OEMCryptoResult OEMCrypto_ProcessOTAKeybox(const uint8_t* buffer, +extern "C" OEMCryptoResult OEMCrypto_ProcessOTAKeybox(OEMCrypto_SESSION session, + const uint8_t* buffer, size_t buffer_length, - bool use_test_key) { + uint32_t use_test_key) { return OEMCrypto_ERROR_NOT_IMPLEMENTED; } diff --git a/libwvdrmengine/cdm/core/test/keybox_ota_test.cpp b/libwvdrmengine/cdm/core/test/keybox_ota_test.cpp index 16dd0836..36dd09a9 100644 --- a/libwvdrmengine/cdm/core/test/keybox_ota_test.cpp +++ b/libwvdrmengine/cdm/core/test/keybox_ota_test.cpp @@ -3,9 +3,120 @@ // License Agreement. #include +#include +#include #include "crypto_session.h" +#include "properties.h" +#include "test_base.h" +#include "test_printers.h" +#include "test_sleep.h" +#include "url_request.h" + +using wvcdm::metrics::EngineMetrics; namespace wvcdm { -TEST(OTAKeyboxTest, TestThatTheBuildFilesWork) { ASSERT_TRUE(true); } +class CdmOtaKeyboxTest : public ::testing::Test { + public: + void SetUp() override { + ::testing::Test::SetUp(); + Properties::Init(); + const ::testing::TestInfo* const test_info = + ::testing::UnitTest::GetInstance()->current_test_info(); + LOGD("Running test %s.%s", test_info->test_case_name(), test_info->name()); + // Some test environments allow the model name of the device to be set + // dynamically using an environment variable. The model name will show up + // in the license server logs as the part of the device idenfication as + // "model_name". + std::string model_name = + std::string(test_info->test_case_name()) + "." + test_info->name(); + int overwrite = 1; // Set value even if already set. + setenv("MODEL_NAME", model_name.c_str(), overwrite); + // Reset the crypto session factory, so that a default one will be created. + // For these tests, we do *not* want to use the test crypto session factory + // because it automatically installs the test keybox on initialization. We + // do not want that because we are testing keybox provisioning. + CryptoSession::SetCryptoSessionFactory(nullptr); + } + + void Provision(TestCdmEngine* cdm_engine) { + ConfigTestEnv config = WvCdmTestBase::default_config_; + CdmCertificateType cert_type = kCertificateWidevine; + std::string cert_authority; + CdmProvisioningRequest prov_request; + std::string provisioning_server_url; + CdmResponseType result = cdm_engine->GetProvisioningRequest( + cert_type, cert_authority, config.provisioning_service_certificate(), + kLevelDefault, &prov_request, &provisioning_server_url); + ASSERT_EQ(NO_ERROR, result); + + LOGV("Provisioning request: req = %s", prov_request.c_str()); + + // Ignore URL provided by CdmEngine. Use ours, as configured + // for test vs. production server. + provisioning_server_url.assign(config.provisioning_server()); + + // Make request. + UrlRequest url_request(provisioning_server_url); + if (!url_request.is_connected()) { + LOGE("Failed to connect to provisioning server: url = %s", + provisioning_server_url.c_str()); + } + url_request.PostCertRequestInQueryString(prov_request); + + // Receive and parse response. + std::string http_message; + ASSERT_TRUE(url_request.GetResponse(&http_message)) + << "Failed to get provisioning response"; + LOGV("http_message: \n%s\n", http_message.c_str()); + + std::string cert, wrapped_key; + ASSERT_EQ(NO_ERROR, cdm_engine->HandleProvisioningResponse( + http_message, kLevelDefault, &cert, &wrapped_key)); + } +}; + +TEST_F(CdmOtaKeyboxTest, TestThatTheBuildFilesWork) { ASSERT_TRUE(true); } + +TEST_F(CdmOtaKeyboxTest, BasicTest) { + FileSystem file_system; + TestCdmEngine cdm_engine(&file_system, + std::shared_ptr(new EngineMetrics)); + CdmSessionId session_id; + ConfigTestEnv config = WvCdmTestBase::default_config_; + + CdmResponseType status = cdm_engine.OpenSession(config.key_system(), nullptr, + nullptr, &session_id); + // If there is no keybox or there is no drm cert, we should get a + // NEED_PROVISIONING response. If there is a keybox and a drm cert, there + // should be no other error and this test is finished. + if (status != NEED_PROVISIONING) { + ASSERT_EQ(NO_ERROR, status); + std::cout << "Device does not need provisioning. Skipping rest of test.\n"; + return; + } + std::cout << "First provisioning process.\n"; + Provision(&cdm_engine); + + // After the first provisioning pass, we try to open a session again. If the + // first provisioning was to install a keybox, this provisioning should be to + // install a drm cert. If the first provisioning step installed a drm cert, + // there should be no other error and this test is finished. + status = cdm_engine.OpenSession(config.key_system(), nullptr, nullptr, + &session_id); + if (status != NEED_PROVISIONING) { + ASSERT_EQ(NO_ERROR, status); + std::cout << "Device does not need provisioning. Skipping rest of test.\n"; + return; + } + std::cout << "Second provisioning process.\n"; + Provision(&cdm_engine); + + // After the second provisioning pass, we should be able to open a session + // and continue. + status = cdm_engine.OpenSession(config.key_system(), nullptr, nullptr, + &session_id); + ASSERT_EQ(NO_ERROR, status); + // Full recovery will be tested with higher level integration tests. +} } // namespace wvcdm diff --git a/libwvdrmengine/cdm/core/test/test_base.cpp b/libwvdrmengine/cdm/core/test/test_base.cpp index 87c14bd3..d064a37b 100644 --- a/libwvdrmengine/cdm/core/test/test_base.cpp +++ b/libwvdrmengine/cdm/core/test/test_base.cpp @@ -419,7 +419,6 @@ void WvCdmTestBase::EnsureProvisioned() { std::shared_ptr(new EngineMetrics)); CdmResponseType status = cdm_engine.OpenSession(config_.key_system(), nullptr, nullptr, &session_id); - CdmAppParameterMap app_parameters; CdmKeySetId key_set_id; InitializationData init_data(ISO_BMFF_VIDEO_MIME_TYPE, binary_key_id()); @@ -430,7 +429,8 @@ void WvCdmTestBase::EnsureProvisioned() { app_parameters, &key_request); } - if (status == NEED_PROVISIONING) { + // There are situations where we need two provisioning steps. + for (int count = 0; count < 2 && status == NEED_PROVISIONING; count++) { Provision(); status = cdm_engine.OpenSession(config_.key_system(), nullptr, nullptr, &session_id); @@ -439,7 +439,6 @@ void WvCdmTestBase::EnsureProvisioned() { status = cdm_engine.GenerateKeyRequest(session_id, key_set_id, init_data, kLicenseTypeStreaming, app_parameters, &key_request); - ASSERT_EQ(KEY_MESSAGE, status); } ASSERT_EQ(KEY_MESSAGE, status); ASSERT_NE("", session_id) << "Could not open CDM session."; diff --git a/libwvdrmengine/cdm/test/Android.mk b/libwvdrmengine/cdm/test/Android.mk index 09f472df..20d4c522 100644 --- a/libwvdrmengine/cdm/test/Android.mk +++ b/libwvdrmengine/cdm/test/Android.mk @@ -97,9 +97,11 @@ test_name := initialization_data_unittest test_src_dir := ../core/test include $(LOCAL_PATH)/unit-test.mk +# This test is only intended for devices that support OTA keybox provisioning. test_name := keybox_ota_test test_src_dir := ../core/test -include $(LOCAL_PATH)/unit-test.mk +test_main := ../core/test/test_main.cpp +include $(LOCAL_PATH)/integration-test.mk test_name := license_keys_unittest test_src_dir := ../core/test diff --git a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h index 6efc97ac..e40a340c 100644 --- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h +++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h @@ -2959,31 +2959,19 @@ OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod(void); * If the device has an OEM Certificate, this validates the certificate * private key. * + * On devices that support OEMCrypto_GenerateOTARequest and + * OEMCrypto_ProcessOTAKeybox, this function may return + * OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING when a valid keybox is not present. + * * @retval OEMCrypto_SUCCESS * @retval OEMCrypto_ERROR_BAD_MAGIC * @retval OEMCrypto_ERROR_BAD_CRC * @retval OEMCrypto_ERROR_KEYBOX_INVALID * @retval OEMCrypto_ERROR_INVALID_RSA_KEY * @retval OEMCrypto_ERROR_SYSTEM_INVALIDATED + * @retval OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING * - * On devices that support OEMCrypto_GenerateOTARequest and - * OEMCrypto_ProcessOTAKeybox, this function may return - * OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING when a valid keybox is not - * present. - * - * Parameters: - * none - * - * Returns: - * OEMCrypto_SUCCESS - * OEMCrypto_ERROR_BAD_MAGIC - * OEMCrypto_ERROR_BAD_CRC - * OEMCrypto_ERROR_KEYBOX_INVALID - * OEMCrypto_ERROR_INVALID_RSA_KEY - * OEMCrypto_ERROR_SYSTEM_INVALIDATED - * OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING - * - * Threading: + * @threading * This is a "Property Function" and may be called simultaneously with any * other property function or session function, but not any initialization or * usage table function, as if the CDM holds a read lock on the OEMCrypto @@ -4752,27 +4740,25 @@ OEMCryptoResult OEMCrypto_FreeSecureBuffer( /* * OEMCrypto_GenerateOTARequest * - * Description: - * Generate an OTA Keybox provisioning request. The format of the - * message is specified in the document Keybox OTA Reprovisioning. If - * use_test_key is true, then the debug model key and id should be - * used. Widevine does not allow all devices to support OTA - * provisioning. Using an OTA provisioned keybox usually lowers a device's - * security profile in the DCSL. + * Generate an OTA Keybox provisioning request. The format of the + * message is specified in the document Keybox OTA Reprovisioning. If + * use_test_key is true, then the debug model key and id should be + * used. Widevine does not allow all devices to support OTA + * provisioning. Using an OTA provisioned keybox usually lowers a device's + * security profile in the DCSL. * - * Parameters: - * [out] buffer: where the provisioning request is stored. - * [in/out] buffer_length: length of the request, in bytes. - * [in] use_test_key: If true, use the debug model key. This is used for - * testing the workflow. + * @param[in] session: handle for the session to be used. + * @param[out] buffer: where the provisioning request is stored. + * @param[in/out] buffer_length: length of the request, in bytes. + * @param[in] use_test_key: If non-zero, use the debug model key. This is used + * for testing the workflow. * - * Returns: - * OEMCrypto_SUCCESS on success - * OEMCrypto_ERROR_SHORT_BUFFER - if buffer_length is too small. - * OEMCrypto_ERROR_NOT_IMPLEMENTED + * @retval OEMCrypto_SUCCESS on success + * @retval OEMCrypto_ERROR_SHORT_BUFFER - if buffer_length is too small. + * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED * Any other error will be logged. * - * Threading: + * @threading * This is an "Initialization and Termination Function" and will not be called * simultaneously with any other function, as if the CDM holds a write lock on * the OEMCrypto system. It will be called only after @@ -4780,51 +4766,51 @@ OEMCryptoResult OEMCrypto_FreeSecureBuffer( * OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING immediately after initialization, * and before any session is opened. * - * Version: + * @version * This method is new in API version 16. */ -OEMCryptoResult OEMCrypto_GenerateOTARequest(uint8_t* buffer, +OEMCryptoResult OEMCrypto_GenerateOTARequest(OEMCrypto_SESSION session, + uint8_t* buffer, size_t* buffer_length, - bool use_test_key); + uint32_t use_test_key); /* * OEMCrypto_ProcessOTAKeybox * - * Description: - * The buffer will be parsed as an OTA Keybox provisioning message, as - * described in the document OTA Keybox Reprovisioning. The - * signature will be verified. The keybox will be decrypted and verified. If - * use_test_key is false, the keybox will be installed permanently. + * The buffer will be parsed as an OTA Keybox provisioning message, as + * described in the document OTA Keybox Reprovisioning. The + * signature will be verified. The keybox will be decrypted and verified. If + * use_test_key is false, the keybox will be installed permanently. * - * If use_test_keybox is true, do not use the real model key, use the debug - * model key specified in OTA Keybox Reprovisioning. + * If use_test_keybox is true, do not use the real model key, use the debug + * model key specified in OTA Keybox Reprovisioning. * - * Parameters: - * [in] buffer: pointer to provisioning response. - * [in] buffer_length: length of the buffer, in bytes. - * [in] use_test_key: If true, use the debug model key. This is used for - * testing the workflow. + * @param[in] session: handle for the session to be used. + * @param[in] buffer: pointer to provisioning response. + * @param[in] buffer_length: length of the buffer, in bytes. + * @param[in] use_test_key: If non-zero, use the debug model key. This is used + * for testing the workflow. * - * Returns: - * OEMCrypto_SUCCESS on success - * OEMCrypto_ERROR_NOT_IMPLEMENTED - * OEMCrypto_ERROR_SIGNATURE_FAILURE - signature of message was wrong. - * OEMCrypto_ERROR_KEYBOX_INVALID - if the keybox was unpacked, but is + * @retval OEMCrypto_SUCCESS on success + * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED + * @retval OEMCrypto_ERROR_SIGNATURE_FAILURE - signature of message was wrong. + * @retval OEMCrypto_ERROR_KEYBOX_INVALID - if the keybox was unpacked, but is * invalid. - * OEMCrypto_ERROR_WRITE_KEYBOX - could not save keybox. + * @retval OEMCrypto_ERROR_WRITE_KEYBOX - could not save keybox. * Any other error will be logged. * - * Threading: + * @threading * This is an "Initialization and Termination Function" and will not be called * simultaneously with any other function, as if the CDM holds a write lock on * the OEMCrypto system. It will only be called after * OEMCrypto_GenerateOTARequest. * - * Version: + * @version * This method is new in API version 16. */ -OEMCryptoResult OEMCrypto_ProcessOTAKeybox(const uint8_t* buffer, +OEMCryptoResult OEMCrypto_ProcessOTAKeybox(OEMCrypto_SESSION session, + const uint8_t* buffer, size_t buffer_length, - bool use_test_key); + uint32_t use_test_key); /****************************************************************************/ /****************************************************************************/ diff --git a/libwvdrmengine/oemcrypto/test/ota_keybox_test.cpp b/libwvdrmengine/oemcrypto/test/ota_keybox_test.cpp index 1ddaf655..e7d723af 100644 --- a/libwvdrmengine/oemcrypto/test/ota_keybox_test.cpp +++ b/libwvdrmengine/oemcrypto/test/ota_keybox_test.cpp @@ -1,31 +1,169 @@ -// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary +// Copyright 2021 Google LLC. All Rights Reserved. This file and proprietary // source code may only be used and distributed under the Widevine License // Agreement. // +#include #include +#include #include "OEMCryptoCENC.h" -#include "clock.h" +#include "arraysize.h" #include "log.h" -#include "oec_decrypt_fallback_chain.h" -#include "oec_device_features.h" +#include "oec_key_deriver.h" #include "oec_session_util.h" #include "oec_test_data.h" #include "oemcrypto_session_tests_helper.h" #include "oemcrypto_types.h" #include "platform.h" #include "string_conversions.h" -#include "test_sleep.h" using namespace std; namespace wvoec { +namespace { +const std::string kOption2Label = "WV_KB_REPROV_V02"; +constexpr size_t kLabelLength = 16u; +constexpr size_t kDeviceIdLength = 32u; +constexpr size_t kMinimumRequestLength = + kLabelLength // Start with a label. + + kDeviceIdLength // Fixed length device id. + + sizeof(uint32_t) // cert length. + // variable cert length. + + HMAC_SHA256_SIGNATURE_SIZE; // signature. +static const uint8_t TestKeyPKCS8[] = { + 0x30, 0x82, 0x04, 0xbf, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, + 0x04, 0xa9, 0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xa6, 0x33, 0x7f, 0x22, 0x05, 0xae, 0xcf, 0xae, 0x29, 0x67, + 0xa9, 0x3a, 0xe7, 0x08, 0xbf, 0x61, 0x92, 0x62, 0x4a, 0xd4, 0x82, 0x37, + 0x4d, 0x08, 0xa1, 0x77, 0x9f, 0x31, 0xa8, 0x92, 0xc5, 0x8b, 0x85, 0x84, + 0x12, 0x66, 0x52, 0xe6, 0x4b, 0x4c, 0xde, 0xdd, 0x43, 0x85, 0x53, 0xd1, + 0x0c, 0x79, 0x2c, 0xcf, 0x38, 0x4b, 0x72, 0x50, 0xf4, 0x34, 0x15, 0x0b, + 0xbe, 0x06, 0xf7, 0x60, 0x66, 0xda, 0xea, 0x40, 0x25, 0x38, 0x3e, 0xeb, + 0x6e, 0x13, 0x1b, 0xd0, 0x04, 0xd9, 0x4a, 0xa0, 0x7c, 0x7a, 0xb8, 0x64, + 0xde, 0xdb, 0x55, 0x93, 0xed, 0xb9, 0x93, 0x89, 0x83, 0x61, 0x2f, 0x23, + 0x15, 0x91, 0x28, 0xd2, 0x7a, 0x02, 0x69, 0x12, 0x70, 0x19, 0xea, 0xfc, + 0x31, 0xd5, 0xdd, 0x85, 0xeb, 0x81, 0x2f, 0xae, 0xb3, 0x48, 0x94, 0xbe, + 0x57, 0x3b, 0xac, 0x0a, 0x4f, 0x9e, 0x24, 0x2e, 0xae, 0x4e, 0x13, 0x53, + 0x34, 0xe1, 0xcd, 0x66, 0xcc, 0xa6, 0x3a, 0x89, 0x8c, 0x43, 0xef, 0x65, + 0xe7, 0x40, 0xc5, 0x09, 0xb8, 0x36, 0xd6, 0xcd, 0x41, 0xdf, 0x29, 0xbb, + 0x23, 0xa2, 0x54, 0xa5, 0x9f, 0x37, 0x6c, 0xbd, 0x8d, 0xd6, 0x8c, 0x33, + 0xa5, 0xd8, 0x4a, 0xc9, 0x08, 0x35, 0x41, 0xfb, 0xb0, 0x8f, 0x74, 0xdc, + 0xbd, 0x35, 0x01, 0x65, 0xe1, 0x06, 0x6d, 0x41, 0xf4, 0x81, 0x4a, 0xfc, + 0xc3, 0xb3, 0x1c, 0xb7, 0x18, 0xdc, 0x29, 0x4e, 0xea, 0x1b, 0x98, 0xd5, + 0x7d, 0x51, 0x60, 0xcd, 0xfd, 0xdb, 0x74, 0x39, 0x43, 0xa7, 0xc7, 0x0d, + 0xe8, 0x8c, 0xd9, 0xc7, 0xb9, 0xdc, 0x42, 0x08, 0x34, 0x43, 0x2f, 0xf2, + 0x5b, 0xb6, 0x3e, 0x6a, 0x37, 0xb9, 0x08, 0x6a, 0xdf, 0x43, 0x32, 0x0e, + 0x38, 0xd3, 0x3a, 0xeb, 0x13, 0x74, 0xd2, 0x02, 0x36, 0xed, 0xa0, 0x7c, + 0xc8, 0x55, 0xc5, 0xbf, 0x58, 0xbd, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, + 0x82, 0x01, 0x01, 0x00, 0x85, 0x0f, 0x93, 0x88, 0x34, 0x8e, 0x89, 0x3d, + 0x01, 0x6f, 0x39, 0xa0, 0xab, 0xd9, 0x68, 0x07, 0x80, 0xff, 0xea, 0xb3, + 0x0a, 0x71, 0xa5, 0xdd, 0xf4, 0x0f, 0xe6, 0x47, 0x06, 0x94, 0x43, 0x4d, + 0xf9, 0x9e, 0x0c, 0x71, 0x19, 0x8b, 0xc0, 0xdb, 0x91, 0x4e, 0x0a, 0x41, + 0xd3, 0x21, 0xf9, 0xdf, 0x85, 0xcd, 0x7d, 0x5f, 0x81, 0xed, 0x68, 0x25, + 0xce, 0x77, 0xb1, 0x32, 0xb8, 0x98, 0xd8, 0xa0, 0x09, 0x8d, 0x43, 0x7f, + 0x2d, 0x78, 0xa5, 0x8e, 0xec, 0xe4, 0x75, 0x0d, 0x56, 0x5e, 0xf8, 0x69, + 0xf3, 0xf8, 0xe6, 0x27, 0x29, 0xf3, 0x9e, 0x0e, 0xc6, 0x1d, 0x01, 0x2f, + 0x2c, 0x62, 0xe5, 0x60, 0x6b, 0x13, 0x5f, 0x95, 0x50, 0x73, 0xef, 0x86, + 0x00, 0x88, 0xda, 0x89, 0x43, 0xaa, 0x75, 0x2a, 0xdf, 0x76, 0xf9, 0x98, + 0x71, 0x65, 0x96, 0x47, 0x72, 0xec, 0x6a, 0x63, 0xcc, 0xca, 0x06, 0xc7, + 0xb6, 0x58, 0x8d, 0x3e, 0x8a, 0x87, 0x4f, 0x5a, 0x5c, 0x1d, 0x82, 0x40, + 0x61, 0x13, 0xed, 0x6d, 0x21, 0x88, 0x1d, 0xb7, 0x70, 0xda, 0xc9, 0x9d, + 0xb2, 0x29, 0x44, 0x0a, 0xf2, 0xdb, 0xaa, 0x1e, 0xdb, 0x0a, 0x92, 0xf8, + 0x42, 0x1d, 0xe6, 0x75, 0x6a, 0xce, 0x2f, 0xd2, 0xea, 0x9d, 0x71, 0x98, + 0x27, 0x0d, 0xf2, 0xc9, 0x60, 0x85, 0x31, 0x88, 0x1c, 0x91, 0x55, 0xe3, + 0xf8, 0x7e, 0xe6, 0xcf, 0x7b, 0x66, 0x27, 0x45, 0x1e, 0xaa, 0x0a, 0x5a, + 0xfe, 0x07, 0x0a, 0x3a, 0xfd, 0x04, 0xdc, 0xae, 0x5a, 0xf3, 0xc5, 0x3d, + 0x18, 0x36, 0x49, 0x97, 0x5c, 0x42, 0xef, 0x9e, 0x4a, 0xcd, 0xa7, 0x23, + 0xca, 0x17, 0xc4, 0x09, 0x55, 0x15, 0xd4, 0x23, 0x7c, 0x19, 0xb2, 0x24, + 0x87, 0x8f, 0x75, 0x70, 0xca, 0xb4, 0x98, 0x33, 0x8a, 0xf2, 0xdd, 0x15, + 0x8d, 0x27, 0x76, 0xe4, 0xbb, 0xbb, 0x23, 0x2d, 0x02, 0x81, 0x81, 0x00, + 0xdc, 0x3b, 0x21, 0x8d, 0xf2, 0x17, 0xff, 0xc1, 0xc6, 0xfb, 0xe2, 0xdb, + 0x29, 0xed, 0x9e, 0xfd, 0xb6, 0xd5, 0xe7, 0x23, 0x29, 0x86, 0xdc, 0x65, + 0xfc, 0x8b, 0x86, 0x39, 0x52, 0x1e, 0xa4, 0x30, 0x72, 0x14, 0x12, 0x24, + 0x72, 0xb4, 0x97, 0x77, 0x61, 0x7c, 0x34, 0x5a, 0x0a, 0x1d, 0x12, 0xfe, + 0xc7, 0x1f, 0x06, 0x79, 0x8c, 0xf5, 0x41, 0xdd, 0x79, 0x8f, 0xeb, 0x17, + 0xf3, 0x32, 0x32, 0x13, 0x37, 0xee, 0x73, 0xeb, 0x82, 0xfa, 0x7b, 0x55, + 0x16, 0xb0, 0x3e, 0x2f, 0x6f, 0xb6, 0xa6, 0x38, 0x99, 0xaf, 0xde, 0xfd, + 0x3a, 0x48, 0xa2, 0x95, 0x70, 0x14, 0x06, 0xf9, 0x10, 0x0f, 0x48, 0x72, + 0x0d, 0x48, 0x69, 0xfc, 0x81, 0xf1, 0x07, 0x5c, 0x99, 0x44, 0xe9, 0x02, + 0xd5, 0x61, 0x36, 0x31, 0x64, 0x02, 0x5a, 0x1d, 0x3e, 0xae, 0xde, 0x08, + 0xd2, 0xde, 0x42, 0xac, 0xf1, 0xe1, 0x38, 0x9f, 0x02, 0x81, 0x81, 0x00, + 0xc1, 0x31, 0xe3, 0x45, 0xec, 0x53, 0xa5, 0x56, 0xe0, 0xc1, 0xe3, 0xf2, + 0xeb, 0xb0, 0xe5, 0x84, 0xdd, 0x56, 0x59, 0x7c, 0xf4, 0x65, 0x66, 0x8c, + 0x9c, 0x66, 0x55, 0x2a, 0x2c, 0x3c, 0x46, 0xf7, 0xac, 0x36, 0xd8, 0x2f, + 0x27, 0x97, 0x57, 0x64, 0x6e, 0xc7, 0x5f, 0x43, 0xf9, 0x82, 0x27, 0xf3, + 0xc4, 0xfa, 0xc6, 0xb1, 0xea, 0x2d, 0xcc, 0x36, 0x3a, 0x37, 0x22, 0xb6, + 0x7e, 0x6a, 0x25, 0xab, 0x1a, 0xd2, 0x3e, 0x38, 0x38, 0x9d, 0x04, 0xc0, + 0xc7, 0x4a, 0xa2, 0x38, 0xb4, 0xcf, 0x9c, 0x97, 0x4c, 0x03, 0x76, 0x37, + 0x86, 0x09, 0x1e, 0x25, 0x2b, 0x67, 0x8e, 0x7b, 0xce, 0x3d, 0x50, 0xf6, + 0x7a, 0x8b, 0x00, 0x23, 0x48, 0xda, 0x6e, 0xbe, 0x4c, 0x23, 0xdb, 0x9c, + 0x4f, 0x3f, 0xa9, 0x18, 0x59, 0xf6, 0xc4, 0x33, 0xc5, 0xaa, 0x75, 0x40, + 0xf7, 0xba, 0xfc, 0x83, 0x40, 0x36, 0x85, 0x23, 0x02, 0x81, 0x80, 0x68, + 0xd9, 0xf6, 0x35, 0xc0, 0x87, 0x50, 0x8b, 0x0f, 0x93, 0xa9, 0x04, 0x33, + 0x48, 0x20, 0xa4, 0x26, 0xc2, 0x5c, 0x53, 0x4f, 0x58, 0x17, 0xe2, 0xae, + 0x84, 0x37, 0x19, 0x5f, 0x51, 0x9b, 0x56, 0x3d, 0x59, 0xf4, 0xf1, 0x49, + 0x73, 0x55, 0x91, 0xce, 0xe5, 0xf5, 0x7e, 0xd0, 0xc5, 0xda, 0xdf, 0x56, + 0x2a, 0x1d, 0x49, 0x0d, 0xa5, 0x4f, 0x00, 0x84, 0xf9, 0xd2, 0x32, 0x0a, + 0xe5, 0x61, 0x15, 0xe9, 0x51, 0x2b, 0xfb, 0x7a, 0xd6, 0x8a, 0x95, 0x8e, + 0x41, 0xc6, 0xb9, 0x8a, 0xf4, 0x68, 0xdb, 0x15, 0xc0, 0xb7, 0xe7, 0xd4, + 0x31, 0xf4, 0xc6, 0x35, 0x20, 0x33, 0xd9, 0xac, 0x9d, 0xba, 0x1e, 0x22, + 0xd8, 0xd1, 0x2d, 0x19, 0x28, 0x8a, 0x1a, 0xba, 0x16, 0x26, 0xe1, 0xe4, + 0x79, 0x6d, 0xf5, 0xc1, 0xe9, 0xa4, 0xc1, 0xbb, 0xb0, 0x41, 0xa1, 0xed, + 0xd3, 0x47, 0xe7, 0x53, 0x19, 0xa9, 0x7d, 0x02, 0x81, 0x81, 0x00, 0xb4, + 0xd6, 0x5e, 0xb7, 0xd7, 0xe3, 0xe0, 0x13, 0x37, 0x65, 0x26, 0x5a, 0xff, + 0x75, 0x61, 0x12, 0x02, 0x20, 0xce, 0xb9, 0x21, 0x07, 0x3d, 0x7b, 0x86, + 0xf6, 0x5e, 0xe7, 0x8f, 0xea, 0x88, 0x3f, 0x53, 0x4b, 0x2f, 0x06, 0xcc, + 0x97, 0x64, 0x2d, 0x55, 0x68, 0x77, 0xea, 0xe7, 0xc5, 0x86, 0x62, 0x2e, + 0xd2, 0xd2, 0x64, 0x3d, 0x20, 0xcb, 0x53, 0x43, 0x20, 0xd2, 0xf4, 0x61, + 0xd6, 0x38, 0x16, 0x36, 0x8f, 0xef, 0xbf, 0xae, 0x76, 0x83, 0xb9, 0x73, + 0x92, 0x8f, 0xd0, 0x66, 0xa7, 0x23, 0x1b, 0x98, 0x02, 0x71, 0x88, 0xbd, + 0x85, 0x11, 0x5b, 0x97, 0x8a, 0x62, 0x9b, 0xce, 0xcc, 0x24, 0x59, 0xe3, + 0x10, 0xf3, 0x7b, 0x13, 0xb9, 0xab, 0x09, 0xa3, 0xb9, 0xb8, 0xda, 0x52, + 0x6f, 0xf3, 0x77, 0x20, 0xd6, 0xd4, 0x86, 0xe5, 0x92, 0x8e, 0x18, 0xd7, + 0x0a, 0x87, 0x4c, 0xd0, 0x31, 0x78, 0x63, 0x02, 0x81, 0x81, 0x00, 0xc2, + 0x8c, 0xea, 0xa2, 0x9b, 0xfa, 0x42, 0x98, 0x70, 0x5a, 0xf9, 0x73, 0x78, + 0xee, 0xd6, 0x2b, 0x3e, 0x5b, 0xf4, 0x2f, 0x84, 0x60, 0x71, 0x9b, 0xce, + 0xf4, 0x9b, 0x88, 0x25, 0x0a, 0x29, 0x41, 0x4b, 0x4d, 0x36, 0xcf, 0xd9, + 0x86, 0xac, 0x75, 0xa2, 0xed, 0x56, 0x5b, 0x6e, 0x87, 0x1e, 0x32, 0x04, + 0x13, 0xaf, 0xa5, 0x1e, 0xf5, 0x0f, 0x9d, 0x93, 0x4a, 0x29, 0x90, 0x23, + 0x0e, 0xf9, 0x8e, 0xfd, 0x2d, 0xfe, 0x2b, 0x79, 0xa6, 0x03, 0x6c, 0xcd, + 0x01, 0xee, 0xba, 0x69, 0xb3, 0xb9, 0xd4, 0xc8, 0x99, 0x0f, 0x72, 0xba, + 0x59, 0x22, 0xdc, 0x2d, 0xc3, 0x97, 0x8c, 0xa7, 0xb3, 0xbf, 0x60, 0xe1, + 0x61, 0xe5, 0xd4, 0x51, 0x6f, 0x36, 0x9c, 0x9a, 0xb8, 0x1b, 0x52, 0xec, + 0x13, 0xf3, 0xa7, 0xdb, 0xdb, 0x5d, 0x89, 0x2d, 0xd7, 0x02, 0x96, 0xaf, + 0xeb, 0x72, 0x8d, 0xd5, 0x56, 0x3b, 0x3a}; + +// TODO(fredgc): duplicate code. Move to common util package. +// Return a printable string from data. If all the characters are printable, +// then just use the string. Otherwise, convert to hex. +std::string MaybeHex(const uint8_t* data, size_t length) { + for (size_t i = 0; i < length; i++) { + if (!isprint(data[i])) return "0x" + wvcdm::HexEncode(data, length); + } + return std::string(reinterpret_cast(data), length); +} +std::string MaybeHex(const std::vector& data) { + return MaybeHex(data.data(), data.size()); +} + +std::vector GetModelKey(const std::vector& device_id) { + std::vector keymint_key( + TestKeyPKCS8, TestKeyPKCS8 + wvcdm::ArraySize(TestKeyPKCS8)); + keymint_key.insert(keymint_key.end(), device_id.begin(), device_id.end()); + std::vector key(SHA256_DIGEST_LENGTH); + SHA256(keymint_key.data(), keymint_key.size(), key.data()); + key.resize(wvoec::KEY_SIZE); // Truncate to standard AES 128 key. + return key; +} + +} // namespace + class OTAKeyboxProvisioningTest : public ::testing::Test, public SessionUtil { protected: void SetUp() override { ::testing::Test::SetUp(); - wvcdm::TestSleep::SyncFakeClock(); const ::testing::TestInfo* const test_info = ::testing::UnitTest::GetInstance()->current_test_info(); LOGD("Running test %s.%s", test_info->test_case_name(), test_info->name()); @@ -49,5 +187,109 @@ TEST_F(OTAKeyboxProvisioningTest, BasicTest) { ASSERT_EQ(result, OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING); cout << " " << "OTA Keybox functions supported. Device needs provisioning." << endl; + // TODO(fredgc): Make sure that partners can use a test cert when use_test_key + // is true. + constexpr uint32_t use_test_key = 1; + size_t request_length = 0; + std::vector request; + + OEMCrypto_SESSION session_id; + ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_OpenSession(&session_id)); + + ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, + OEMCrypto_GenerateOTARequest(session_id, nullptr, &request_length, + use_test_key)); + ASSERT_NE(request_length, 0u); + request.resize(request_length); + ASSERT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_GenerateOTARequest(session_id, request.data(), + &request_length, use_test_key)); + ASSERT_GT(request_length, kMinimumRequestLength); + request.resize(request_length); + // First 16 bytes should match the label for Option 1 or 2. + // TODO(fredgc): Write tests for Option 1 -- only Option 2 is tested now. + EXPECT_EQ(kOption2Label.length(), kLabelLength); + const uint8_t* label_ptr = request.data(); + EXPECT_EQ(kOption2Label, std::string(label_ptr, label_ptr + kLabelLength)); + // Next 32 bytes are the device id. + const uint8_t* device_id_ptr = label_ptr + kLabelLength; + const std::vector device_id(device_id_ptr, + device_id_ptr + kDeviceIdLength); + LOGD("Device id is %s", MaybeHex(device_id).c_str()); + // Next 4 bytes say that this is a cert. + uint32_t cert_length; + const uint8_t* cert_length_ptr = device_id_ptr + kDeviceIdLength; + memcpy(&cert_length, cert_length_ptr, sizeof(uint32_t)); + cert_length = ntohl(cert_length); + LOGD("Cert Length is 0x%x = %u", cert_length, cert_length); + ASSERT_EQ(request_length, kMinimumRequestLength + cert_length); + const uint8_t* cert_ptr = cert_length_ptr + sizeof(uint32_t); + const std::vector cert(cert_ptr, cert_ptr + cert_length); + LOGD("x509 attestation cert = %s", MaybeHex(cert).c_str()); + const uint8_t* signature_ptr = cert_ptr + cert_length; + const std::vector signature( + signature_ptr, signature_ptr + HMAC_SHA256_SIGNATURE_SIZE); + +#if 0 + // This unit test only works with the test model key. + const std::vector model_key = + wvcdm::a2b_hex("0102030405060708090a0b0c0d0e0f10"); +#else + // This unit test only works with the test cert's private key. + const std::vector model_key = GetModelKey(device_id); +#endif + // The server should derive the same set of keys as the client. + const std::string mac_label = "WV_SIGN"; + std::vector mac_context(mac_label.begin(), mac_label.end()); + mac_context.push_back(0); + std::copy(cert.begin(), cert.end(), std::back_inserter(mac_context)); + std::copy(device_id.begin(), device_id.end(), + std::back_inserter(mac_context)); + uint32_t bit_size = MAC_KEY_SIZE * 8 * 2; + std::string bit_size_string = wvcdm::EncodeUint32(bit_size); + std::copy(bit_size_string.begin(), bit_size_string.end(), + std::back_inserter(mac_context)); + std::string enc_label = "WV_ENCRYPT"; + std::vector enc_context(enc_label.begin(), enc_label.end()); + enc_context.push_back(0); + std::copy(cert.begin(), cert.end(), std::back_inserter(enc_context)); + std::copy(device_id.begin(), device_id.end(), + std::back_inserter(enc_context)); + bit_size = KEY_SIZE * 8; + bit_size_string = wvcdm::EncodeUint32(bit_size); + std::copy(bit_size_string.begin(), bit_size_string.end(), + std::back_inserter(enc_context)); + KeyDeriver keys; + keys.DeriveKeys(model_key.data(), mac_context, enc_context); + const std::vector message( + request.data(), + request.data() + request.size() - HMAC_SHA256_SIGNATURE_SIZE); + // Once the keys have been derived, the server should verify the signature. + std::vector computed_signature; + keys.ClientSignBuffer(message, &computed_signature); + ASSERT_EQ(signature, computed_signature); + + // The server should randomly pick an iv. + uint8_t iv[wvoec::KEY_IV_SIZE]; + EXPECT_EQ(GetRandBytes(iv, KEY_IV_SIZE), 1); + // Encrypt the keybox. + std::vector encrypted_keybox(sizeof(WidevineKeybox)); + keys.CBCEncrypt(reinterpret_cast(&kTestKeybox), + encrypted_keybox.data(), sizeof(WidevineKeybox), iv); + std::vector response(iv, iv + wvoec::KEY_IV_SIZE); + std::copy(encrypted_keybox.begin(), encrypted_keybox.end(), + std::back_inserter(response)); + std::vector response_signature; + // Sign the iv + encrypted keybox. + keys.ServerSignBuffer(response.data(), response.size(), &response_signature); + std::copy(response_signature.begin(), response_signature.end(), + std::back_inserter(response)); + // Finally, send the response back to the device. + EXPECT_EQ(OEMCrypto_SUCCESS, + OEMCrypto_ProcessOTAKeybox(session_id, response.data(), + response.size(), use_test_key)); + ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CloseSession(session_id)); + // After installation, the keybox should be valid. + EXPECT_EQ(OEMCrypto_IsKeyboxValid(), OEMCrypto_SUCCESS); } } // namespace wvoec