Revise cdm signing api and test

Bug: 279671867 Bug: 279672538 Change-Id: If2e2c6d250c0379c217b3f9b21efb197c9ae4fd6
2023-05-12 21:28:55 +00:00
parent 5070a7b949
commit 8fcaa04eab
5 changed files with 28 additions and 22 deletions
--- a/libwvdrmengine/cdm/core/test/policy_integration_test.cpp
+++ b/libwvdrmengine/cdm/core/test/policy_integration_test.cpp
@@ -115,12 +115,12 @@ TEST_F(CorePIGTest, OfflineHWSecureRequired) {
 }

 TEST_F(CorePIGTest, CastReceiverProvisioningUsingCdm) {
-  std::string digest_hex_str =
+  const std::string digest_hex_str =
      // digest info header
      "3021300906052b0e03021a05000414"
      // sha1 of kMessage
      "d2662f893aaec72f3ca6decc2aa942f3949e8b21";
-  auto digest = wvutil::a2b_hex(digest_hex_str);
+  const auto digest = wvutil::a2b_hex(digest_hex_str);

  if (!wvoec::global_features.cast_receiver) {
    GTEST_SKIP() << "OEMCrypto does not support CAST Receiver functionality";
@@ -131,19 +131,19 @@ TEST_F(CorePIGTest, CastReceiverProvisioningUsingCdm) {
                                 config_.provisioning_service_certificate());
  provisioner.Provision(kCertificateX509, binary_provisioning_);

-  // cdm_engine_.SignRSA
+  // cdm_engine_.SignRsa
  std::string signature_str;
-  std::string digest_str(digest.begin(), digest.end());
-  ASSERT_EQ(NO_ERROR, cdm_engine_.SignRSA(provisioner.wrapped_key(), digest_str,
+  const std::string digest_str(digest.begin(), digest.end());
+  ASSERT_EQ(NO_ERROR, cdm_engine_.SignRsa(provisioner.wrapped_key(), digest_str,
                                          &signature_str, kSign_PKCS1_Block1));

  // Verify the generated signature
-  std::vector<uint8_t> signature(signature_str.begin(), signature_str.end());
+  const std::vector<uint8_t> signature(signature_str.begin(), signature_str.end());
  LOGI("digest.size(): %zu, signature.size(): %zu", digest.size(),
       signature.size());

-  std::string cert = provisioner.certificate();
-  const char* cert_str_ptr = cert.c_str();
+  const std::string cert = provisioner.certificate();
+  const char* const cert_str_ptr = cert.c_str();
  LOGI("cert: %s", cert_str_ptr);

  // Extract the public key from the x509 cert chain
@@ -159,15 +159,15 @@ TEST_F(CorePIGTest, CastReceiverProvisioningUsingCdm) {

  // remove digest info header for verification
  // SHA1 is 20 bytes long
-  digest.erase(digest.begin(), digest.begin() + digest.size() - 20);
+  const std::vector<uint8_t> sha1_digest(digest.begin() + digest.size() - 20, digest.end());

  // Modified from openssl example
  // https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_verify_init.html
  // Set RSA padding as RSA_PKCS1_PADDING and digest algo to SHA1.
-  unsigned char* md = digest.data();
-  unsigned char* sig = signature.data();
-  size_t mdlen = digest.size();
-  size_t siglen = signature.size();
+  const unsigned char* const md = sha1_digest.data();
+  const unsigned char* const sig = signature.data();
+  const size_t mdlen = sha1_digest.size();
+  const size_t siglen = signature.size();

  std::unique_ptr<EVP_PKEY_CTX, void (*)(EVP_PKEY_CTX*)> ctx(
      EVP_PKEY_CTX_new(pubkey.get(), nullptr /* no engine */), EVP_PKEY_CTX_free);