widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revise cdm signing api and test

Browse Source 
Bug: 279671867
Bug: 279672538
Change-Id: If2e2c6d250c0379c217b3f9b21efb197c9ae4fd6
This commit is contained in:
Kyle Zhang
2023-05-12 21:28:55 +00:00
committed by Robert Shih
parent 5070a7b949
commit 8fcaa04eab
5 changed files with 28 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libwvdrmengine/cdm/core/include/cdm_engine.h
View File

@@ -390,7 +390,7 @@ class CdmEngine {
// A signing method specifically used by Cast.
// This method should not be used otherwise.
virtual CdmResponseType SignRSA(const std::string& wrapped_key,
virtual CdmResponseType SignRsa(const std::string& wrapped_key,
const std::string& message,
std::string* signature,
RSA_Padding_Scheme padding_scheme);

2
libwvdrmengine/cdm/core/include/cdm_session.h
View File

@@ -222,7 +222,7 @@ class CdmSession {
virtual CdmResponseType LoadCastPrivateKey(
const CryptoWrappedKey& private_key);
virtual CdmResponseType GenerateRSASignature(const std::string& message,
virtual CdmResponseType GenerateRsaSignature(const std::string& message,
std::string* signature,
RSA_Padding_Scheme scheme);

18
libwvdrmengine/cdm/core/src/cdm_engine.cpp
View File

@@ -2341,7 +2341,7 @@ void CdmEngine::SetFastOtaKeyboxFallbackDurationRules() {
system_fallback_policy->SetFastBackoffDurationRules();
}
CdmResponseType CdmEngine::SignRSA(const std::string& wrapped_key,
CdmResponseType CdmEngine::SignRsa(const std::string& wrapped_key,
const std::string& message,
std::string* signature,
RSA_Padding_Scheme padding_scheme) {
@@ -2355,9 +2355,13 @@ CdmResponseType CdmEngine::SignRSA(const std::string& wrapped_key,
// Retrieve the cdm session
std::shared_ptr<CdmSession> session;
if (!session_map_.FindSession(session_id, &session)) {
LOGE("Session not found: session_id = %s", IdToString(session_id));
return CdmResponseType(SESSION_NOT_FOUND_24);
{
std::unique_lock<std::recursive_mutex> lock(session_map_lock_);
if (!session_map_.FindSession(session_id, &session)) {
LOGE("Session not found: session_id = %s", IdToString(session_id));
CloseSession(session_id);
return CdmResponseType(SESSION_NOT_FOUND_24);
}
}
// Load cast private key for signing
@@ -2365,13 +2369,15 @@ CdmResponseType CdmEngine::SignRSA(const std::string& wrapped_key,
sts = session->LoadCastPrivateKey(key);
if (sts != NO_ERROR) {
LOGE("LoadCastPrivateKey failed, status: %d", static_cast<int>(sts));
CloseSession(session_id);
return sts;
}
// Generate Rsa signature for cast message
sts = session->GenerateRSASignature(message, signature, padding_scheme);
sts = session->GenerateRsaSignature(message, signature, padding_scheme);
if (sts != NO_ERROR) {
LOGE("GenerateRSASignature failed, status: %d", static_cast<int>(sts));
LOGE("GenerateRsaSignature failed, status: %d", static_cast<int>(sts));
CloseSession(session_id);
return sts;
}

2
libwvdrmengine/cdm/core/src/cdm_session.cpp
View File

@@ -1307,7 +1307,7 @@ CdmResponseType CdmSession::LoadCastPrivateKey(
return crypto_session_->LoadCertificatePrivateKey(private_key);
}
CdmResponseType CdmSession::GenerateRSASignature(const std::string& message,
CdmResponseType CdmSession::GenerateRsaSignature(const std::string& message,
std::string* signature,
RSA_Padding_Scheme scheme) {
return crypto_session_->GenerateRsaSignature(message, signature,

26
libwvdrmengine/cdm/core/test/policy_integration_test.cpp
View File

@@ -115,12 +115,12 @@ TEST_F(CorePIGTest, OfflineHWSecureRequired) {
}
TEST_F(CorePIGTest, CastReceiverProvisioningUsingCdm) {
std::string digest_hex_str =
const std::string digest_hex_str =
// digest info header
"3021300906052b0e03021a05000414"
// sha1 of kMessage
"d2662f893aaec72f3ca6decc2aa942f3949e8b21";
auto digest = wvutil::a2b_hex(digest_hex_str);
const auto digest = wvutil::a2b_hex(digest_hex_str);
if (!wvoec::global_features.cast_receiver) {
GTEST_SKIP() << "OEMCrypto does not support CAST Receiver functionality";
@@ -131,19 +131,19 @@ TEST_F(CorePIGTest, CastReceiverProvisioningUsingCdm) {
config_.provisioning_service_certificate());
provisioner.Provision(kCertificateX509, binary_provisioning_);
// cdm_engine_.SignRSA
// cdm_engine_.SignRsa
std::string signature_str;
std::string digest_str(digest.begin(), digest.end());
ASSERT_EQ(NO_ERROR, cdm_engine_.SignRSA(provisioner.wrapped_key(), digest_str,
const std::string digest_str(digest.begin(), digest.end());
ASSERT_EQ(NO_ERROR, cdm_engine_.SignRsa(provisioner.wrapped_key(), digest_str,
&signature_str, kSign_PKCS1_Block1));
// Verify the generated signature
std::vector<uint8_t> signature(signature_str.begin(), signature_str.end());
const std::vector<uint8_t> signature(signature_str.begin(), signature_str.end());
LOGI("digest.size(): %zu, signature.size(): %zu", digest.size(),
signature.size());
std::string cert = provisioner.certificate();
const char* cert_str_ptr = cert.c_str();
const std::string cert = provisioner.certificate();
const char* const cert_str_ptr = cert.c_str();
LOGI("cert: %s", cert_str_ptr);
// Extract the public key from the x509 cert chain
@@ -159,15 +159,15 @@ TEST_F(CorePIGTest, CastReceiverProvisioningUsingCdm) {
// remove digest info header for verification
// SHA1 is 20 bytes long
digest.erase(digest.begin(), digest.begin() + digest.size() - 20);
const std::vector<uint8_t> sha1_digest(digest.begin() + digest.size() - 20, digest.end());
// Modified from openssl example
// https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_verify_init.html
// Set RSA padding as RSA_PKCS1_PADDING and digest algo to SHA1.
unsigned char* md = digest.data();
unsigned char* sig = signature.data();
size_t mdlen = digest.size();
size_t siglen = signature.size();
const unsigned char* const md = sha1_digest.data();
const unsigned char* const sig = signature.data();
const size_t mdlen = sha1_digest.size();
const size_t siglen = signature.size();
std::unique_ptr<EVP_PKEY_CTX, void (*)(EVP_PKEY_CTX*)> ctx(
EVP_PKEY_CTX_new(pubkey.get(), nullptr /* no engine */), EVP_PKEY_CTX_free);