widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates to OTA Keybox Reprovisioning

Browse Source 
[ Cherry pick of http://ag/15847758 ]

Adjust OTA code to account for some design changes and
add integration tests.

Merge from Widevine repo of http://go/wvgerrit/133775
Change use_test_key to uint32_t type

Merge from Widevine repo of http://go/wvgerrit/133774
Cleanup CDM OKP info before tests.

Merge from Widevine repo of http://go/wvgerrit/133773
Change context for derivation in OTA keybox solution

Merge from Widevine repo of http://go/wvgerrit/133772
Updated OTA keybox key derivation.

Merge from Widevine repo of http://go/wvgerrit/133771
Use double provisioning step in integration tests

Merge from Widevine repo of http://go/wvgerrit/133770
Erase keybox on initialization for OEMCrypto testbed

Merge from Widevine repo of http://go/wvgerrit/133769
Add session id to OEMCrypto OTA functions

Merge from Widevine repo of http://go/wvgerrit/133768
Integration test for OTA Keybox reprovisioning

Merge from Widevine repo of http://go/wvgerrit/133767
Add test x509 cert for testing

Merge from Widevine repo of http://go/wvgerrit/133766
OTA Keybox basic functionality in testbed

Merge from Widevine repo of http://go/wvgerrit/133765
Update OTA test script to use newer build scripts

Merge from Widevine repo of http://go/wvgerrit/133764
Adjust comment stype for doxygen

Test: MediaDrmTest and Android unittests

Bug: 190505461
Bug: 190505461
Bug: 190505461
bug: 187646550
Bug: 187646550
Bug: 187646550
Bug: 187646550
Bug: 190505461
Bug: 187646550
Bug: 188228998
Bug: 190505461
Bug: 187646550
Change-Id: I41ff819a1fd8aca2e20adb25127fa0d9c4879b01
This commit is contained in:
Fred Gylys-Colwell
2021-09-16 22:08:34 +00:00
committed by Alex Dale
parent 6afcbab5cf
commit 7397f77343
10 changed files with 443 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libwvdrmengine/build_all_unit_tests.sh
View File

@@ -48,6 +48,7 @@ WV_TEST_TARGETS="base64_test \
hidl_metrics_adapter_unittest \
http_socket_test \
initialization_data_unittest \
keybox_ota_test \
libwvdrmdrmplugin_hidl_test \
libwvdrmdrmplugin_test \
libwvdrmengine_hidl_test \
@@ -59,6 +60,8 @@ WV_TEST_TARGETS="base64_test \
metrics_collections_unittest \
oemcrypto_test \
odk_test \
okp_fallback_policy_test \
ota_keybox_provisioner_test \
policy_engine_constraints_unittest \
policy_engine_unittest \
policy_integration_test \

1
libwvdrmengine/cdm/core/include/crypto_session.h
View File

@@ -329,6 +329,7 @@ class CryptoSession {
#if defined(UNIT_TEST)
friend class CertificateProvisioningTest;
friend class WvCdmTestBase;
friend class CdmOtaKeyboxTest;
#endif
// The global factory method can be set to generate special crypto sessions

13
libwvdrmengine/cdm/core/src/crypto_session.cpp
View File

@@ -3041,9 +3041,10 @@ okp::SystemFallbackPolicy* CryptoSession::GetOkpFallbackPolicy() {
CdmResponseType CryptoSession::PrepareOtaProvisioningRequest(
bool use_test_key, std::string* request) {
RETURN_IF_NULL(request, PARAMETER_NULL);
RETURN_IF_NOT_OPEN(CRYPTO_SESSION_NOT_OPEN);
size_t buffer_length = 0;
OEMCryptoResult status =
OEMCrypto_GenerateOTARequest(nullptr, &buffer_length, use_test_key);
OEMCryptoResult status = OEMCrypto_GenerateOTARequest(
oec_session_id_, nullptr, &buffer_length, use_test_key);
if (status != OEMCrypto_ERROR_SHORT_BUFFER)
return MapOEMCryptoResult(status, UNKNOWN_ERROR,
"PrepareOtaProvisioningRequest");
@@ -3053,7 +3054,8 @@ CdmResponseType CryptoSession::PrepareOtaProvisioningRequest(
}
request->resize(buffer_length);
uint8_t* buf = reinterpret_cast<uint8_t*>(&request->front());
status = OEMCrypto_GenerateOTARequest(buf, &buffer_length, use_test_key);
status = OEMCrypto_GenerateOTARequest(oec_session_id_, buf, &buffer_length,
use_test_key ? 1 : 0);
if (OEMCrypto_SUCCESS != status) {
request->clear();
} else if (buffer_length != request->size()) {
@@ -3065,9 +3067,10 @@ CdmResponseType CryptoSession::PrepareOtaProvisioningRequest(
CdmResponseType CryptoSession::LoadOtaProvisioning(
bool use_test_key, const std::string& response) {
RETURN_IF_NOT_OPEN(CRYPTO_SESSION_NOT_OPEN);
const OEMCryptoResult status = OEMCrypto_ProcessOTAKeybox(
reinterpret_cast<const uint8_t*>(response.data()), response.size(),
use_test_key);
oec_session_id_, reinterpret_cast<const uint8_t*>(response.data()),
response.size(), use_test_key ? 1 : 0);
return MapOEMCryptoResult(status, UNKNOWN_ERROR, "LoadOtaProvisioning");
}

25
libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
View File

@@ -318,12 +318,14 @@ typedef OEMCryptoResult (*L1_LoadProvisioning_t)(
size_t signature_length, uint8_t* wrapped_private_key,
size_t* wrapped_private_key_length);
typedef uint32_t (*L1_MinorAPIVersion_t)();
typedef OEMCryptoResult (*L1_GenerateOTARequest_t)(uint8_t* buffer,
typedef OEMCryptoResult (*L1_GenerateOTARequest_t)(OEMCrypto_SESSION session,
uint8_t* buffer,
size_t* buffer_length,
bool use_test_key);
typedef OEMCryptoResult (*L1_ProcessOTAKeybox_t)(const uint8_t* buffer,
uint32_t use_test_key);
typedef OEMCryptoResult (*L1_ProcessOTAKeybox_t)(OEMCrypto_SESSION session,
const uint8_t* buffer,
size_t buffer_length,
bool use_test_key);
uint32_t use_test_key);
struct FunctionPointers {
wvcdm::CdmSecurityLevel security_level;
uint32_t version;
@@ -2797,23 +2799,24 @@ extern "C" OEMCryptoResult OEMCrypto_FreeSecureBuffer(
return pair.fcn->FreeSecureBuffer(pair.session, output_descriptor, secure_fd);
}
extern "C" OEMCryptoResult OEMCrypto_GenerateOTARequest(uint8_t* buffer,
size_t* buffer_length,
bool use_test_key) {
extern "C" OEMCryptoResult OEMCrypto_GenerateOTARequest(
OEMCrypto_SESSION session, uint8_t* buffer, size_t* buffer_length,
uint32_t use_test_key) {
if (!gAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
const FunctionPointers* fcn = gAdapter->GetFunctionPointers(kLevelDefault);
if (!fcn) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
if (fcn->GenerateOTARequest == nullptr)
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
return fcn->GenerateOTARequest(buffer, buffer_length, use_test_key);
return fcn->GenerateOTARequest(session, buffer, buffer_length, use_test_key);
}
extern "C" OEMCryptoResult OEMCrypto_ProcessOTAKeybox(const uint8_t* buffer,
extern "C" OEMCryptoResult OEMCrypto_ProcessOTAKeybox(OEMCrypto_SESSION session,
const uint8_t* buffer,
size_t buffer_length,
bool use_test_key) {
uint32_t use_test_key) {
if (!gAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
const FunctionPointers* fcn = gAdapter->GetFunctionPointers(kLevelDefault);
if (!fcn) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
if (fcn->ProcessOTAKeybox == nullptr) return OEMCrypto_ERROR_NOT_IMPLEMENTED;
return fcn->ProcessOTAKeybox(buffer, buffer_length, use_test_key);
return fcn->ProcessOTAKeybox(session, buffer, buffer_length, use_test_key);
}

11
libwvdrmengine/cdm/core/src/oemcrypto_ota_stubs.cpp
View File

@@ -4,14 +4,15 @@
#include "OEMCryptoCENC.h"
extern "C" OEMCryptoResult OEMCrypto_GenerateOTARequest(uint8_t* buffer,
size_t* buffer_length,
bool use_test_key) {
extern "C" OEMCryptoResult OEMCrypto_GenerateOTARequest(
OEMCrypto_SESSION session, uint8_t* buffer, size_t* buffer_length,
uint32_t use_test_key) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
extern "C" OEMCryptoResult OEMCrypto_ProcessOTAKeybox(const uint8_t* buffer,
extern "C" OEMCryptoResult OEMCrypto_ProcessOTAKeybox(OEMCrypto_SESSION session,
const uint8_t* buffer,
size_t buffer_length,
bool use_test_key) {
uint32_t use_test_key) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}

113
libwvdrmengine/cdm/core/test/keybox_ota_test.cpp
View File

@@ -3,9 +3,120 @@
// License Agreement.
#include <gtest/gtest.h>
#include <chrono>
#include <thread>
#include "crypto_session.h"
#include "properties.h"
#include "test_base.h"
#include "test_printers.h"
#include "test_sleep.h"
#include "url_request.h"
using wvcdm::metrics::EngineMetrics;
namespace wvcdm {
TEST(OTAKeyboxTest, TestThatTheBuildFilesWork) { ASSERT_TRUE(true); }
class CdmOtaKeyboxTest : public ::testing::Test {
public:
void SetUp() override {
::testing::Test::SetUp();
Properties::Init();
const ::testing::TestInfo* const test_info =
::testing::UnitTest::GetInstance()->current_test_info();
LOGD("Running test %s.%s", test_info->test_case_name(), test_info->name());
// Some test environments allow the model name of the device to be set
// dynamically using an environment variable. The model name will show up
// in the license server logs as the part of the device idenfication as
// "model_name".
std::string model_name =
std::string(test_info->test_case_name()) + "." + test_info->name();
int overwrite = 1; // Set value even if already set.
setenv("MODEL_NAME", model_name.c_str(), overwrite);
// Reset the crypto session factory, so that a default one will be created.
// For these tests, we do *not* want to use the test crypto session factory
// because it automatically installs the test keybox on initialization. We
// do not want that because we are testing keybox provisioning.
CryptoSession::SetCryptoSessionFactory(nullptr);
}
void Provision(TestCdmEngine* cdm_engine) {
ConfigTestEnv config = WvCdmTestBase::default_config_;
CdmCertificateType cert_type = kCertificateWidevine;
std::string cert_authority;
CdmProvisioningRequest prov_request;
std::string provisioning_server_url;
CdmResponseType result = cdm_engine->GetProvisioningRequest(
cert_type, cert_authority, config.provisioning_service_certificate(),
kLevelDefault, &prov_request, &provisioning_server_url);
ASSERT_EQ(NO_ERROR, result);
LOGV("Provisioning request: req = %s", prov_request.c_str());
// Ignore URL provided by CdmEngine. Use ours, as configured
// for test vs. production server.
provisioning_server_url.assign(config.provisioning_server());
// Make request.
UrlRequest url_request(provisioning_server_url);
if (!url_request.is_connected()) {
LOGE("Failed to connect to provisioning server: url = %s",
provisioning_server_url.c_str());
}
url_request.PostCertRequestInQueryString(prov_request);
// Receive and parse response.
std::string http_message;
ASSERT_TRUE(url_request.GetResponse(&http_message))
<< "Failed to get provisioning response";
LOGV("http_message: \n%s\n", http_message.c_str());
std::string cert, wrapped_key;
ASSERT_EQ(NO_ERROR, cdm_engine->HandleProvisioningResponse(
http_message, kLevelDefault, &cert, &wrapped_key));
}
};
TEST_F(CdmOtaKeyboxTest, TestThatTheBuildFilesWork) { ASSERT_TRUE(true); }
TEST_F(CdmOtaKeyboxTest, BasicTest) {
FileSystem file_system;
TestCdmEngine cdm_engine(&file_system,
std::shared_ptr<EngineMetrics>(new EngineMetrics));
CdmSessionId session_id;
ConfigTestEnv config = WvCdmTestBase::default_config_;
CdmResponseType status = cdm_engine.OpenSession(config.key_system(), nullptr,
nullptr, &session_id);
// If there is no keybox or there is no drm cert, we should get a
// NEED_PROVISIONING response. If there is a keybox and a drm cert, there
// should be no other error and this test is finished.
if (status != NEED_PROVISIONING) {
ASSERT_EQ(NO_ERROR, status);
std::cout << "Device does not need provisioning. Skipping rest of test.\n";
return;
}
std::cout << "First provisioning process.\n";
Provision(&cdm_engine);
// After the first provisioning pass, we try to open a session again. If the
// first provisioning was to install a keybox, this provisioning should be to
// install a drm cert. If the first provisioning step installed a drm cert,
// there should be no other error and this test is finished.
status = cdm_engine.OpenSession(config.key_system(), nullptr, nullptr,
&session_id);
if (status != NEED_PROVISIONING) {
ASSERT_EQ(NO_ERROR, status);
std::cout << "Device does not need provisioning. Skipping rest of test.\n";
return;
}
std::cout << "Second provisioning process.\n";
Provision(&cdm_engine);
// After the second provisioning pass, we should be able to open a session
// and continue.
status = cdm_engine.OpenSession(config.key_system(), nullptr, nullptr,
&session_id);
ASSERT_EQ(NO_ERROR, status);
// Full recovery will be tested with higher level integration tests.
}
} // namespace wvcdm

5
libwvdrmengine/cdm/core/test/test_base.cpp
View File

@@ -419,7 +419,6 @@ void WvCdmTestBase::EnsureProvisioned() {
std::shared_ptr<EngineMetrics>(new EngineMetrics));
CdmResponseType status = cdm_engine.OpenSession(config_.key_system(), nullptr,
nullptr, &session_id);
CdmAppParameterMap app_parameters;
CdmKeySetId key_set_id;
InitializationData init_data(ISO_BMFF_VIDEO_MIME_TYPE, binary_key_id());
@@ -430,7 +429,8 @@ void WvCdmTestBase::EnsureProvisioned() {
app_parameters, &key_request);
}
if (status == NEED_PROVISIONING) {
// There are situations where we need two provisioning steps.
for (int count = 0; count < 2 && status == NEED_PROVISIONING; count++) {
Provision();
status = cdm_engine.OpenSession(config_.key_system(), nullptr, nullptr,
&session_id);
@@ -439,7 +439,6 @@ void WvCdmTestBase::EnsureProvisioned() {
status = cdm_engine.GenerateKeyRequest(session_id, key_set_id, init_data,
kLicenseTypeStreaming,
app_parameters, &key_request);
ASSERT_EQ(KEY_MESSAGE, status);
}
ASSERT_EQ(KEY_MESSAGE, status);
ASSERT_NE("", session_id) << "Could not open CDM session.";

4
libwvdrmengine/cdm/test/Android.mk
View File

@@ -97,9 +97,11 @@ test_name := initialization_data_unittest
test_src_dir := ../core/test
include $(LOCAL_PATH)/unit-test.mk
# This test is only intended for devices that support OTA keybox provisioning.
test_name := keybox_ota_test
test_src_dir := ../core/test
include $(LOCAL_PATH)/unit-test.mk
test_main := ../core/test/test_main.cpp
include $(LOCAL_PATH)/integration-test.mk
test_name := license_keys_unittest
test_src_dir := ../core/test

106
libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
View File

@@ -2959,31 +2959,19 @@ OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod(void);
* If the device has an OEM Certificate, this validates the certificate
* private key.
*
* On devices that support OEMCrypto_GenerateOTARequest and
* OEMCrypto_ProcessOTAKeybox, this function may return
* OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING when a valid keybox is not present.
*
* @retval OEMCrypto_SUCCESS
* @retval OEMCrypto_ERROR_BAD_MAGIC
* @retval OEMCrypto_ERROR_BAD_CRC
* @retval OEMCrypto_ERROR_KEYBOX_INVALID
* @retval OEMCrypto_ERROR_INVALID_RSA_KEY
* @retval OEMCrypto_ERROR_SYSTEM_INVALIDATED
* @retval OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING
*
* On devices that support OEMCrypto_GenerateOTARequest and
* OEMCrypto_ProcessOTAKeybox, this function may return
* OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING when a valid keybox is not
* present.
*
* Parameters:
* none
*
* Returns:
* OEMCrypto_SUCCESS
* OEMCrypto_ERROR_BAD_MAGIC
* OEMCrypto_ERROR_BAD_CRC
* OEMCrypto_ERROR_KEYBOX_INVALID
* OEMCrypto_ERROR_INVALID_RSA_KEY
* OEMCrypto_ERROR_SYSTEM_INVALIDATED
* OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING
*
* Threading:
* @threading
* This is a "Property Function" and may be called simultaneously with any
* other property function or session function, but not any initialization or
* usage table function, as if the CDM holds a read lock on the OEMCrypto
@@ -4752,27 +4740,25 @@ OEMCryptoResult OEMCrypto_FreeSecureBuffer(
/*
* OEMCrypto_GenerateOTARequest
*
* Description:
* Generate an OTA Keybox provisioning request. The format of the
* message is specified in the document Keybox OTA Reprovisioning. If
* use_test_key is true, then the debug model key and id should be
* used. Widevine does not allow all devices to support OTA
* provisioning. Using an OTA provisioned keybox usually lowers a device's
* security profile in the DCSL.
* Generate an OTA Keybox provisioning request. The format of the
* message is specified in the document Keybox OTA Reprovisioning. If
* use_test_key is true, then the debug model key and id should be
* used. Widevine does not allow all devices to support OTA
* provisioning. Using an OTA provisioned keybox usually lowers a device's
* security profile in the DCSL.
*
* Parameters:
* [out] buffer: where the provisioning request is stored.
* [in/out] buffer_length: length of the request, in bytes.
* [in] use_test_key: If true, use the debug model key. This is used for
* testing the workflow.
* @param[in] session: handle for the session to be used.
* @param[out] buffer: where the provisioning request is stored.
* @param[in/out] buffer_length: length of the request, in bytes.
* @param[in] use_test_key: If non-zero, use the debug model key. This is used
* for testing the workflow.
*
* Returns:
* OEMCrypto_SUCCESS on success
* OEMCrypto_ERROR_SHORT_BUFFER - if buffer_length is too small.
* OEMCrypto_ERROR_NOT_IMPLEMENTED
* @retval OEMCrypto_SUCCESS on success
* @retval OEMCrypto_ERROR_SHORT_BUFFER - if buffer_length is too small.
* @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
* Any other error will be logged.
*
* Threading:
* @threading
* This is an "Initialization and Termination Function" and will not be called
* simultaneously with any other function, as if the CDM holds a write lock on
* the OEMCrypto system. It will be called only after
@@ -4780,51 +4766,51 @@ OEMCryptoResult OEMCrypto_FreeSecureBuffer(
* OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING immediately after initialization,
* and before any session is opened.
*
* Version:
* @version
* This method is new in API version 16.
*/
OEMCryptoResult OEMCrypto_GenerateOTARequest(uint8_t* buffer,
OEMCryptoResult OEMCrypto_GenerateOTARequest(OEMCrypto_SESSION session,
uint8_t* buffer,
size_t* buffer_length,
bool use_test_key);
uint32_t use_test_key);
/*
* OEMCrypto_ProcessOTAKeybox
*
* Description:
* The buffer will be parsed as an OTA Keybox provisioning message, as
* described in the document OTA Keybox Reprovisioning. The
* signature will be verified. The keybox will be decrypted and verified. If
* use_test_key is false, the keybox will be installed permanently.
* The buffer will be parsed as an OTA Keybox provisioning message, as
* described in the document OTA Keybox Reprovisioning. The
* signature will be verified. The keybox will be decrypted and verified. If
* use_test_key is false, the keybox will be installed permanently.
*
* If use_test_keybox is true, do not use the real model key, use the debug
* model key specified in OTA Keybox Reprovisioning.
* If use_test_keybox is true, do not use the real model key, use the debug
* model key specified in OTA Keybox Reprovisioning.
*
* Parameters:
* [in] buffer: pointer to provisioning response.
* [in] buffer_length: length of the buffer, in bytes.
* [in] use_test_key: If true, use the debug model key. This is used for
* testing the workflow.
* @param[in] session: handle for the session to be used.
* @param[in] buffer: pointer to provisioning response.
* @param[in] buffer_length: length of the buffer, in bytes.
* @param[in] use_test_key: If non-zero, use the debug model key. This is used
* for testing the workflow.
*
* Returns:
* OEMCrypto_SUCCESS on success
* OEMCrypto_ERROR_NOT_IMPLEMENTED
* OEMCrypto_ERROR_SIGNATURE_FAILURE - signature of message was wrong.
* OEMCrypto_ERROR_KEYBOX_INVALID - if the keybox was unpacked, but is
* @retval OEMCrypto_SUCCESS on success
* @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
* @retval OEMCrypto_ERROR_SIGNATURE_FAILURE - signature of message was wrong.
* @retval OEMCrypto_ERROR_KEYBOX_INVALID - if the keybox was unpacked, but is
* invalid.
* OEMCrypto_ERROR_WRITE_KEYBOX - could not save keybox.
* @retval OEMCrypto_ERROR_WRITE_KEYBOX - could not save keybox.
* Any other error will be logged.
*
* Threading:
* @threading
* This is an "Initialization and Termination Function" and will not be called
* simultaneously with any other function, as if the CDM holds a write lock on
* the OEMCrypto system. It will only be called after
* OEMCrypto_GenerateOTARequest.
*
* Version:
* @version
* This method is new in API version 16.
*/
OEMCryptoResult OEMCrypto_ProcessOTAKeybox(const uint8_t* buffer,
OEMCryptoResult OEMCrypto_ProcessOTAKeybox(OEMCrypto_SESSION session,
const uint8_t* buffer,
size_t buffer_length,
bool use_test_key);
uint32_t use_test_key);
/****************************************************************************/
/****************************************************************************/

254
libwvdrmengine/oemcrypto/test/ota_keybox_test.cpp
View File

@@ -1,31 +1,169 @@
// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
// Copyright 2021 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine License
// Agreement.
//
#include <arpa/inet.h>
#include <gtest/gtest.h>
#include <openssl/sha.h>
#include "OEMCryptoCENC.h"
#include "clock.h"
#include "arraysize.h"
#include "log.h"
#include "oec_decrypt_fallback_chain.h"
#include "oec_device_features.h"
#include "oec_key_deriver.h"
#include "oec_session_util.h"
#include "oec_test_data.h"
#include "oemcrypto_session_tests_helper.h"
#include "oemcrypto_types.h"
#include "platform.h"
#include "string_conversions.h"
#include "test_sleep.h"
using namespace std;
namespace wvoec {
namespace {
const std::string kOption2Label = "WV_KB_REPROV_V02";
constexpr size_t kLabelLength = 16u;
constexpr size_t kDeviceIdLength = 32u;
constexpr size_t kMinimumRequestLength =
kLabelLength // Start with a label.
+ kDeviceIdLength // Fixed length device id.
+ sizeof(uint32_t) // cert length.
// variable cert length.
+ HMAC_SHA256_SIGNATURE_SIZE; // signature.
static const uint8_t TestKeyPKCS8[] = {
0x30, 0x82, 0x04, 0xbf, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
0x04, 0xa9, 0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
0x01, 0x00, 0xa6, 0x33, 0x7f, 0x22, 0x05, 0xae, 0xcf, 0xae, 0x29, 0x67,
0xa9, 0x3a, 0xe7, 0x08, 0xbf, 0x61, 0x92, 0x62, 0x4a, 0xd4, 0x82, 0x37,
0x4d, 0x08, 0xa1, 0x77, 0x9f, 0x31, 0xa8, 0x92, 0xc5, 0x8b, 0x85, 0x84,
0x12, 0x66, 0x52, 0xe6, 0x4b, 0x4c, 0xde, 0xdd, 0x43, 0x85, 0x53, 0xd1,
0x0c, 0x79, 0x2c, 0xcf, 0x38, 0x4b, 0x72, 0x50, 0xf4, 0x34, 0x15, 0x0b,
0xbe, 0x06, 0xf7, 0x60, 0x66, 0xda, 0xea, 0x40, 0x25, 0x38, 0x3e, 0xeb,
0x6e, 0x13, 0x1b, 0xd0, 0x04, 0xd9, 0x4a, 0xa0, 0x7c, 0x7a, 0xb8, 0x64,
0xde, 0xdb, 0x55, 0x93, 0xed, 0xb9, 0x93, 0x89, 0x83, 0x61, 0x2f, 0x23,
0x15, 0x91, 0x28, 0xd2, 0x7a, 0x02, 0x69, 0x12, 0x70, 0x19, 0xea, 0xfc,
0x31, 0xd5, 0xdd, 0x85, 0xeb, 0x81, 0x2f, 0xae, 0xb3, 0x48, 0x94, 0xbe,
0x57, 0x3b, 0xac, 0x0a, 0x4f, 0x9e, 0x24, 0x2e, 0xae, 0x4e, 0x13, 0x53,
0x34, 0xe1, 0xcd, 0x66, 0xcc, 0xa6, 0x3a, 0x89, 0x8c, 0x43, 0xef, 0x65,
0xe7, 0x40, 0xc5, 0x09, 0xb8, 0x36, 0xd6, 0xcd, 0x41, 0xdf, 0x29, 0xbb,
0x23, 0xa2, 0x54, 0xa5, 0x9f, 0x37, 0x6c, 0xbd, 0x8d, 0xd6, 0x8c, 0x33,
0xa5, 0xd8, 0x4a, 0xc9, 0x08, 0x35, 0x41, 0xfb, 0xb0, 0x8f, 0x74, 0xdc,
0xbd, 0x35, 0x01, 0x65, 0xe1, 0x06, 0x6d, 0x41, 0xf4, 0x81, 0x4a, 0xfc,
0xc3, 0xb3, 0x1c, 0xb7, 0x18, 0xdc, 0x29, 0x4e, 0xea, 0x1b, 0x98, 0xd5,
0x7d, 0x51, 0x60, 0xcd, 0xfd, 0xdb, 0x74, 0x39, 0x43, 0xa7, 0xc7, 0x0d,
0xe8, 0x8c, 0xd9, 0xc7, 0xb9, 0xdc, 0x42, 0x08, 0x34, 0x43, 0x2f, 0xf2,
0x5b, 0xb6, 0x3e, 0x6a, 0x37, 0xb9, 0x08, 0x6a, 0xdf, 0x43, 0x32, 0x0e,
0x38, 0xd3, 0x3a, 0xeb, 0x13, 0x74, 0xd2, 0x02, 0x36, 0xed, 0xa0, 0x7c,
0xc8, 0x55, 0xc5, 0xbf, 0x58, 0xbd, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
0x82, 0x01, 0x01, 0x00, 0x85, 0x0f, 0x93, 0x88, 0x34, 0x8e, 0x89, 0x3d,
0x01, 0x6f, 0x39, 0xa0, 0xab, 0xd9, 0x68, 0x07, 0x80, 0xff, 0xea, 0xb3,
0x0a, 0x71, 0xa5, 0xdd, 0xf4, 0x0f, 0xe6, 0x47, 0x06, 0x94, 0x43, 0x4d,
0xf9, 0x9e, 0x0c, 0x71, 0x19, 0x8b, 0xc0, 0xdb, 0x91, 0x4e, 0x0a, 0x41,
0xd3, 0x21, 0xf9, 0xdf, 0x85, 0xcd, 0x7d, 0x5f, 0x81, 0xed, 0x68, 0x25,
0xce, 0x77, 0xb1, 0x32, 0xb8, 0x98, 0xd8, 0xa0, 0x09, 0x8d, 0x43, 0x7f,
0x2d, 0x78, 0xa5, 0x8e, 0xec, 0xe4, 0x75, 0x0d, 0x56, 0x5e, 0xf8, 0x69,
0xf3, 0xf8, 0xe6, 0x27, 0x29, 0xf3, 0x9e, 0x0e, 0xc6, 0x1d, 0x01, 0x2f,
0x2c, 0x62, 0xe5, 0x60, 0x6b, 0x13, 0x5f, 0x95, 0x50, 0x73, 0xef, 0x86,
0x00, 0x88, 0xda, 0x89, 0x43, 0xaa, 0x75, 0x2a, 0xdf, 0x76, 0xf9, 0x98,
0x71, 0x65, 0x96, 0x47, 0x72, 0xec, 0x6a, 0x63, 0xcc, 0xca, 0x06, 0xc7,
0xb6, 0x58, 0x8d, 0x3e, 0x8a, 0x87, 0x4f, 0x5a, 0x5c, 0x1d, 0x82, 0x40,
0x61, 0x13, 0xed, 0x6d, 0x21, 0x88, 0x1d, 0xb7, 0x70, 0xda, 0xc9, 0x9d,
0xb2, 0x29, 0x44, 0x0a, 0xf2, 0xdb, 0xaa, 0x1e, 0xdb, 0x0a, 0x92, 0xf8,
0x42, 0x1d, 0xe6, 0x75, 0x6a, 0xce, 0x2f, 0xd2, 0xea, 0x9d, 0x71, 0x98,
0x27, 0x0d, 0xf2, 0xc9, 0x60, 0x85, 0x31, 0x88, 0x1c, 0x91, 0x55, 0xe3,
0xf8, 0x7e, 0xe6, 0xcf, 0x7b, 0x66, 0x27, 0x45, 0x1e, 0xaa, 0x0a, 0x5a,
0xfe, 0x07, 0x0a, 0x3a, 0xfd, 0x04, 0xdc, 0xae, 0x5a, 0xf3, 0xc5, 0x3d,
0x18, 0x36, 0x49, 0x97, 0x5c, 0x42, 0xef, 0x9e, 0x4a, 0xcd, 0xa7, 0x23,
0xca, 0x17, 0xc4, 0x09, 0x55, 0x15, 0xd4, 0x23, 0x7c, 0x19, 0xb2, 0x24,
0x87, 0x8f, 0x75, 0x70, 0xca, 0xb4, 0x98, 0x33, 0x8a, 0xf2, 0xdd, 0x15,
0x8d, 0x27, 0x76, 0xe4, 0xbb, 0xbb, 0x23, 0x2d, 0x02, 0x81, 0x81, 0x00,
0xdc, 0x3b, 0x21, 0x8d, 0xf2, 0x17, 0xff, 0xc1, 0xc6, 0xfb, 0xe2, 0xdb,
0x29, 0xed, 0x9e, 0xfd, 0xb6, 0xd5, 0xe7, 0x23, 0x29, 0x86, 0xdc, 0x65,
0xfc, 0x8b, 0x86, 0x39, 0x52, 0x1e, 0xa4, 0x30, 0x72, 0x14, 0x12, 0x24,
0x72, 0xb4, 0x97, 0x77, 0x61, 0x7c, 0x34, 0x5a, 0x0a, 0x1d, 0x12, 0xfe,
0xc7, 0x1f, 0x06, 0x79, 0x8c, 0xf5, 0x41, 0xdd, 0x79, 0x8f, 0xeb, 0x17,
0xf3, 0x32, 0x32, 0x13, 0x37, 0xee, 0x73, 0xeb, 0x82, 0xfa, 0x7b, 0x55,
0x16, 0xb0, 0x3e, 0x2f, 0x6f, 0xb6, 0xa6, 0x38, 0x99, 0xaf, 0xde, 0xfd,
0x3a, 0x48, 0xa2, 0x95, 0x70, 0x14, 0x06, 0xf9, 0x10, 0x0f, 0x48, 0x72,
0x0d, 0x48, 0x69, 0xfc, 0x81, 0xf1, 0x07, 0x5c, 0x99, 0x44, 0xe9, 0x02,
0xd5, 0x61, 0x36, 0x31, 0x64, 0x02, 0x5a, 0x1d, 0x3e, 0xae, 0xde, 0x08,
0xd2, 0xde, 0x42, 0xac, 0xf1, 0xe1, 0x38, 0x9f, 0x02, 0x81, 0x81, 0x00,
0xc1, 0x31, 0xe3, 0x45, 0xec, 0x53, 0xa5, 0x56, 0xe0, 0xc1, 0xe3, 0xf2,
0xeb, 0xb0, 0xe5, 0x84, 0xdd, 0x56, 0x59, 0x7c, 0xf4, 0x65, 0x66, 0x8c,
0x9c, 0x66, 0x55, 0x2a, 0x2c, 0x3c, 0x46, 0xf7, 0xac, 0x36, 0xd8, 0x2f,
0x27, 0x97, 0x57, 0x64, 0x6e, 0xc7, 0x5f, 0x43, 0xf9, 0x82, 0x27, 0xf3,
0xc4, 0xfa, 0xc6, 0xb1, 0xea, 0x2d, 0xcc, 0x36, 0x3a, 0x37, 0x22, 0xb6,
0x7e, 0x6a, 0x25, 0xab, 0x1a, 0xd2, 0x3e, 0x38, 0x38, 0x9d, 0x04, 0xc0,
0xc7, 0x4a, 0xa2, 0x38, 0xb4, 0xcf, 0x9c, 0x97, 0x4c, 0x03, 0x76, 0x37,
0x86, 0x09, 0x1e, 0x25, 0x2b, 0x67, 0x8e, 0x7b, 0xce, 0x3d, 0x50, 0xf6,
0x7a, 0x8b, 0x00, 0x23, 0x48, 0xda, 0x6e, 0xbe, 0x4c, 0x23, 0xdb, 0x9c,
0x4f, 0x3f, 0xa9, 0x18, 0x59, 0xf6, 0xc4, 0x33, 0xc5, 0xaa, 0x75, 0x40,
0xf7, 0xba, 0xfc, 0x83, 0x40, 0x36, 0x85, 0x23, 0x02, 0x81, 0x80, 0x68,
0xd9, 0xf6, 0x35, 0xc0, 0x87, 0x50, 0x8b, 0x0f, 0x93, 0xa9, 0x04, 0x33,
0x48, 0x20, 0xa4, 0x26, 0xc2, 0x5c, 0x53, 0x4f, 0x58, 0x17, 0xe2, 0xae,
0x84, 0x37, 0x19, 0x5f, 0x51, 0x9b, 0x56, 0x3d, 0x59, 0xf4, 0xf1, 0x49,
0x73, 0x55, 0x91, 0xce, 0xe5, 0xf5, 0x7e, 0xd0, 0xc5, 0xda, 0xdf, 0x56,
0x2a, 0x1d, 0x49, 0x0d, 0xa5, 0x4f, 0x00, 0x84, 0xf9, 0xd2, 0x32, 0x0a,
0xe5, 0x61, 0x15, 0xe9, 0x51, 0x2b, 0xfb, 0x7a, 0xd6, 0x8a, 0x95, 0x8e,
0x41, 0xc6, 0xb9, 0x8a, 0xf4, 0x68, 0xdb, 0x15, 0xc0, 0xb7, 0xe7, 0xd4,
0x31, 0xf4, 0xc6, 0x35, 0x20, 0x33, 0xd9, 0xac, 0x9d, 0xba, 0x1e, 0x22,
0xd8, 0xd1, 0x2d, 0x19, 0x28, 0x8a, 0x1a, 0xba, 0x16, 0x26, 0xe1, 0xe4,
0x79, 0x6d, 0xf5, 0xc1, 0xe9, 0xa4, 0xc1, 0xbb, 0xb0, 0x41, 0xa1, 0xed,
0xd3, 0x47, 0xe7, 0x53, 0x19, 0xa9, 0x7d, 0x02, 0x81, 0x81, 0x00, 0xb4,
0xd6, 0x5e, 0xb7, 0xd7, 0xe3, 0xe0, 0x13, 0x37, 0x65, 0x26, 0x5a, 0xff,
0x75, 0x61, 0x12, 0x02, 0x20, 0xce, 0xb9, 0x21, 0x07, 0x3d, 0x7b, 0x86,
0xf6, 0x5e, 0xe7, 0x8f, 0xea, 0x88, 0x3f, 0x53, 0x4b, 0x2f, 0x06, 0xcc,
0x97, 0x64, 0x2d, 0x55, 0x68, 0x77, 0xea, 0xe7, 0xc5, 0x86, 0x62, 0x2e,
0xd2, 0xd2, 0x64, 0x3d, 0x20, 0xcb, 0x53, 0x43, 0x20, 0xd2, 0xf4, 0x61,
0xd6, 0x38, 0x16, 0x36, 0x8f, 0xef, 0xbf, 0xae, 0x76, 0x83, 0xb9, 0x73,
0x92, 0x8f, 0xd0, 0x66, 0xa7, 0x23, 0x1b, 0x98, 0x02, 0x71, 0x88, 0xbd,
0x85, 0x11, 0x5b, 0x97, 0x8a, 0x62, 0x9b, 0xce, 0xcc, 0x24, 0x59, 0xe3,
0x10, 0xf3, 0x7b, 0x13, 0xb9, 0xab, 0x09, 0xa3, 0xb9, 0xb8, 0xda, 0x52,
0x6f, 0xf3, 0x77, 0x20, 0xd6, 0xd4, 0x86, 0xe5, 0x92, 0x8e, 0x18, 0xd7,
0x0a, 0x87, 0x4c, 0xd0, 0x31, 0x78, 0x63, 0x02, 0x81, 0x81, 0x00, 0xc2,
0x8c, 0xea, 0xa2, 0x9b, 0xfa, 0x42, 0x98, 0x70, 0x5a, 0xf9, 0x73, 0x78,
0xee, 0xd6, 0x2b, 0x3e, 0x5b, 0xf4, 0x2f, 0x84, 0x60, 0x71, 0x9b, 0xce,
0xf4, 0x9b, 0x88, 0x25, 0x0a, 0x29, 0x41, 0x4b, 0x4d, 0x36, 0xcf, 0xd9,
0x86, 0xac, 0x75, 0xa2, 0xed, 0x56, 0x5b, 0x6e, 0x87, 0x1e, 0x32, 0x04,
0x13, 0xaf, 0xa5, 0x1e, 0xf5, 0x0f, 0x9d, 0x93, 0x4a, 0x29, 0x90, 0x23,
0x0e, 0xf9, 0x8e, 0xfd, 0x2d, 0xfe, 0x2b, 0x79, 0xa6, 0x03, 0x6c, 0xcd,
0x01, 0xee, 0xba, 0x69, 0xb3, 0xb9, 0xd4, 0xc8, 0x99, 0x0f, 0x72, 0xba,
0x59, 0x22, 0xdc, 0x2d, 0xc3, 0x97, 0x8c, 0xa7, 0xb3, 0xbf, 0x60, 0xe1,
0x61, 0xe5, 0xd4, 0x51, 0x6f, 0x36, 0x9c, 0x9a, 0xb8, 0x1b, 0x52, 0xec,
0x13, 0xf3, 0xa7, 0xdb, 0xdb, 0x5d, 0x89, 0x2d, 0xd7, 0x02, 0x96, 0xaf,
0xeb, 0x72, 0x8d, 0xd5, 0x56, 0x3b, 0x3a};
// TODO(fredgc): duplicate code. Move to common util package.
// Return a printable string from data. If all the characters are printable,
// then just use the string. Otherwise, convert to hex.
std::string MaybeHex(const uint8_t* data, size_t length) {
for (size_t i = 0; i < length; i++) {
if (!isprint(data[i])) return "0x" + wvcdm::HexEncode(data, length);
}
return std::string(reinterpret_cast<const char*>(data), length);
}
std::string MaybeHex(const std::vector<uint8_t>& data) {
return MaybeHex(data.data(), data.size());
}
std::vector<uint8_t> GetModelKey(const std::vector<uint8_t>& device_id) {
std::vector<uint8_t> keymint_key(
TestKeyPKCS8, TestKeyPKCS8 + wvcdm::ArraySize(TestKeyPKCS8));
keymint_key.insert(keymint_key.end(), device_id.begin(), device_id.end());
std::vector<uint8_t> key(SHA256_DIGEST_LENGTH);
SHA256(keymint_key.data(), keymint_key.size(), key.data());
key.resize(wvoec::KEY_SIZE); // Truncate to standard AES 128 key.
return key;
}
} // namespace
class OTAKeyboxProvisioningTest : public ::testing::Test, public SessionUtil {
protected:
void SetUp() override {
::testing::Test::SetUp();
wvcdm::TestSleep::SyncFakeClock();
const ::testing::TestInfo* const test_info =
::testing::UnitTest::GetInstance()->current_test_info();
LOGD("Running test %s.%s", test_info->test_case_name(), test_info->name());
@@ -49,5 +187,109 @@ TEST_F(OTAKeyboxProvisioningTest, BasicTest) {
ASSERT_EQ(result, OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING);
cout << " "
<< "OTA Keybox functions supported. Device needs provisioning." << endl;
// TODO(fredgc): Make sure that partners can use a test cert when use_test_key
// is true.
constexpr uint32_t use_test_key = 1;
size_t request_length = 0;
std::vector<uint8_t> request;
OEMCrypto_SESSION session_id;
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_OpenSession(&session_id));
ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER,
OEMCrypto_GenerateOTARequest(session_id, nullptr, &request_length,
use_test_key));
ASSERT_NE(request_length, 0u);
request.resize(request_length);
ASSERT_EQ(OEMCrypto_SUCCESS,
OEMCrypto_GenerateOTARequest(session_id, request.data(),
&request_length, use_test_key));
ASSERT_GT(request_length, kMinimumRequestLength);
request.resize(request_length);
// First 16 bytes should match the label for Option 1 or 2.
// TODO(fredgc): Write tests for Option 1 -- only Option 2 is tested now.
EXPECT_EQ(kOption2Label.length(), kLabelLength);
const uint8_t* label_ptr = request.data();
EXPECT_EQ(kOption2Label, std::string(label_ptr, label_ptr + kLabelLength));
// Next 32 bytes are the device id.
const uint8_t* device_id_ptr = label_ptr + kLabelLength;
const std::vector<uint8_t> device_id(device_id_ptr,
device_id_ptr + kDeviceIdLength);
LOGD("Device id is %s", MaybeHex(device_id).c_str());
// Next 4 bytes say that this is a cert.
uint32_t cert_length;
const uint8_t* cert_length_ptr = device_id_ptr + kDeviceIdLength;
memcpy(&cert_length, cert_length_ptr, sizeof(uint32_t));
cert_length = ntohl(cert_length);
LOGD("Cert Length is 0x%x = %u", cert_length, cert_length);
ASSERT_EQ(request_length, kMinimumRequestLength + cert_length);
const uint8_t* cert_ptr = cert_length_ptr + sizeof(uint32_t);
const std::vector<uint8_t> cert(cert_ptr, cert_ptr + cert_length);
LOGD("x509 attestation cert = %s", MaybeHex(cert).c_str());
const uint8_t* signature_ptr = cert_ptr + cert_length;
const std::vector<uint8_t> signature(
signature_ptr, signature_ptr + HMAC_SHA256_SIGNATURE_SIZE);
#if 0
// This unit test only works with the test model key.
const std::vector<uint8_t> model_key =
wvcdm::a2b_hex("0102030405060708090a0b0c0d0e0f10");
#else
// This unit test only works with the test cert's private key.
const std::vector<uint8_t> model_key = GetModelKey(device_id);
#endif
// The server should derive the same set of keys as the client.
const std::string mac_label = "WV_SIGN";
std::vector<uint8_t> mac_context(mac_label.begin(), mac_label.end());
mac_context.push_back(0);
std::copy(cert.begin(), cert.end(), std::back_inserter(mac_context));
std::copy(device_id.begin(), device_id.end(),
std::back_inserter(mac_context));
uint32_t bit_size = MAC_KEY_SIZE * 8 * 2;
std::string bit_size_string = wvcdm::EncodeUint32(bit_size);
std::copy(bit_size_string.begin(), bit_size_string.end(),
std::back_inserter(mac_context));
std::string enc_label = "WV_ENCRYPT";
std::vector<uint8_t> enc_context(enc_label.begin(), enc_label.end());
enc_context.push_back(0);
std::copy(cert.begin(), cert.end(), std::back_inserter(enc_context));
std::copy(device_id.begin(), device_id.end(),
std::back_inserter(enc_context));
bit_size = KEY_SIZE * 8;
bit_size_string = wvcdm::EncodeUint32(bit_size);
std::copy(bit_size_string.begin(), bit_size_string.end(),
std::back_inserter(enc_context));
KeyDeriver keys;
keys.DeriveKeys(model_key.data(), mac_context, enc_context);
const std::vector<uint8_t> message(
request.data(),
request.data() + request.size() - HMAC_SHA256_SIGNATURE_SIZE);
// Once the keys have been derived, the server should verify the signature.
std::vector<uint8_t> computed_signature;
keys.ClientSignBuffer(message, &computed_signature);
ASSERT_EQ(signature, computed_signature);
// The server should randomly pick an iv.
uint8_t iv[wvoec::KEY_IV_SIZE];
EXPECT_EQ(GetRandBytes(iv, KEY_IV_SIZE), 1);
// Encrypt the keybox.
std::vector<uint8_t> encrypted_keybox(sizeof(WidevineKeybox));
keys.CBCEncrypt(reinterpret_cast<const uint8_t*>(&kTestKeybox),
encrypted_keybox.data(), sizeof(WidevineKeybox), iv);
std::vector<uint8_t> response(iv, iv + wvoec::KEY_IV_SIZE);
std::copy(encrypted_keybox.begin(), encrypted_keybox.end(),
std::back_inserter(response));
std::vector<uint8_t> response_signature;
// Sign the iv + encrypted keybox.
keys.ServerSignBuffer(response.data(), response.size(), &response_signature);
std::copy(response_signature.begin(), response_signature.end(),
std::back_inserter(response));
// Finally, send the response back to the device.
EXPECT_EQ(OEMCrypto_SUCCESS,
OEMCrypto_ProcessOTAKeybox(session_id, response.data(),
response.size(), use_test_key));
ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CloseSession(session_id));
// After installation, the keybox should be valid.
EXPECT_EQ(OEMCrypto_IsKeyboxValid(), OEMCrypto_SUCCESS);
}
} // namespace wvoec