widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Signed CSR payload validator to oemcrypto util and unit tests

Browse Source 
Validator that can parse and validate SignedCsrPayload Cbor object.
The SignedCsrPayload is generated by
OEMCrypto_GetDeviceSignedCsrPayload() and will be put into prov4 CSR
request during factory uploading.

Test: opk_ta_p40
Bug: 300304834

Change-Id: Ib569dc22fe76dbaa98657e96aa4c93a272bbcd1b
This commit is contained in:
Cong Lin
2023-12-06 21:24:06 -08:00
committed by Robert Shih
parent d89faef0f3
commit 778d4f7026
2 changed files with 437 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
libwvdrmengine/oemcrypto/util/include/signed_csr_payload_validator.h Normal file
View File

@@ -0,0 +1,44 @@
// Copyright 2023 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine License
// Agreement.
//
// Reference implementation utilities of OEMCrypto APIs
//
#ifndef WVOEC_UTIL_SIGNED_CSR_PAYLOAD_VALIDATOR_H_
#define WVOEC_UTIL_SIGNED_CSR_PAYLOAD_VALIDATOR_H_
#include <sstream>
#include <string>
#include "cbor_validator.h"
#include "cppbor.h"
namespace wvoec {
namespace util {
// SignedCsrPayloadValidator parses and validates a Cbor struct of
// SignedData<CsrPayload>. The definition of SignedData<T> and CsrPayload can be
// found at:
// https://source.corp.google.com/h/googleplex-android/platform/superproject/main/+/main:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl
class SignedCsrPayloadValidator : public CborValidator {
public:
explicit SignedCsrPayloadValidator() {}
virtual ~SignedCsrPayloadValidator() override = default;
SignedCsrPayloadValidator(const SignedCsrPayloadValidator&) = delete;
SignedCsrPayloadValidator& operator=(const SignedCsrPayloadValidator&) =
delete;
// Verifies the Cbor struct of a client generated SignedData<CsrPayload>.
virtual CborMessageStatus Validate() override;
// Outputs SignedData<CsrPayload> in YAML.
virtual std::string GetFormattedMessage() const override;
private:
CborMessageStatus ValidateProtectedParams(
const cppbor::Bstr* protected_params);
CborMessageStatus ValidateDataToBeSigned(const cppbor::Bstr* data);
// Used to generate formatted message.
std::stringstream msg_ss_;
};
} // namespace util
} // namespace wvoec
#endif // WVOEC_UTIL_SIGNED_CSR_PAYLOAD_VALIDATOR_H_