Revise cdm signing api and test
[ Merge of http://go/wvgerrit/178131 ] Bug: 279671867 Bug: 279672538 Test: com.google.android.wvts Change-Id: If2e2c6d250c0379c217b3f9b21efb197c9ae4fd6 (cherry picked from commit 1e05d16ddeaeff5de994e30aa713cd74bed21400)
This commit is contained in:
Kyle Zhang
@@ -396,7 +396,7 @@ class CdmEngine {
|
|||||||
|
|
||||||
// A signing method specifically used by Cast.
|
// A signing method specifically used by Cast.
|
||||||
// This method should not be used otherwise.
|
// This method should not be used otherwise.
|
||||||
virtual CdmResponseType SignRSA(const std::string& wrapped_key,
|
virtual CdmResponseType SignRsa(const std::string& wrapped_key,
|
||||||
const std::string& message,
|
const std::string& message,
|
||||||
std::string* signature,
|
std::string* signature,
|
||||||
RSA_Padding_Scheme padding_scheme);
|
RSA_Padding_Scheme padding_scheme);
|
||||||
|
|||||||
@@ -222,7 +222,7 @@ class CdmSession {
|
|||||||
virtual CdmResponseType LoadCastPrivateKey(
|
virtual CdmResponseType LoadCastPrivateKey(
|
||||||
const CryptoWrappedKey& private_key);
|
const CryptoWrappedKey& private_key);
|
||||||
|
|
||||||
virtual CdmResponseType GenerateRSASignature(const std::string& message,
|
virtual CdmResponseType GenerateRsaSignature(const std::string& message,
|
||||||
std::string* signature,
|
std::string* signature,
|
||||||
RSA_Padding_Scheme scheme);
|
RSA_Padding_Scheme scheme);
|
||||||
|
|
||||||
|
|||||||
@@ -2341,7 +2341,7 @@ void CdmEngine::SetFastOtaKeyboxFallbackDurationRules() {
|
|||||||
system_fallback_policy->SetFastBackoffDurationRules();
|
system_fallback_policy->SetFastBackoffDurationRules();
|
||||||
}
|
}
|
||||||
|
|
||||||
CdmResponseType CdmEngine::SignRSA(const std::string& wrapped_key,
|
CdmResponseType CdmEngine::SignRsa(const std::string& wrapped_key,
|
||||||
const std::string& message,
|
const std::string& message,
|
||||||
std::string* signature,
|
std::string* signature,
|
||||||
RSA_Padding_Scheme padding_scheme) {
|
RSA_Padding_Scheme padding_scheme) {
|
||||||
@@ -2355,9 +2355,13 @@ CdmResponseType CdmEngine::SignRSA(const std::string& wrapped_key,
|
|||||||
|
|
||||||
// Retrieve the cdm session
|
// Retrieve the cdm session
|
||||||
std::shared_ptr<CdmSession> session;
|
std::shared_ptr<CdmSession> session;
|
||||||
if (!session_map_.FindSession(session_id, &session)) {
|
{
|
||||||
LOGE("Session not found: session_id = %s", IdToString(session_id));
|
std::unique_lock<std::recursive_mutex> lock(session_map_lock_);
|
||||||
return CdmResponseType(SESSION_NOT_FOUND_24);
|
if (!session_map_.FindSession(session_id, &session)) {
|
||||||
|
LOGE("Session not found: session_id = %s", IdToString(session_id));
|
||||||
|
CloseSession(session_id);
|
||||||
|
return CdmResponseType(SESSION_NOT_FOUND_24);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Load cast private key for signing
|
// Load cast private key for signing
|
||||||
@@ -2365,13 +2369,15 @@ CdmResponseType CdmEngine::SignRSA(const std::string& wrapped_key,
|
|||||||
sts = session->LoadCastPrivateKey(key);
|
sts = session->LoadCastPrivateKey(key);
|
||||||
if (sts != NO_ERROR) {
|
if (sts != NO_ERROR) {
|
||||||
LOGE("LoadCastPrivateKey failed, status: %d", static_cast<int>(sts));
|
LOGE("LoadCastPrivateKey failed, status: %d", static_cast<int>(sts));
|
||||||
|
CloseSession(session_id);
|
||||||
return sts;
|
return sts;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Generate Rsa signature for cast message
|
// Generate Rsa signature for cast message
|
||||||
sts = session->GenerateRSASignature(message, signature, padding_scheme);
|
sts = session->GenerateRsaSignature(message, signature, padding_scheme);
|
||||||
if (sts != NO_ERROR) {
|
if (sts != NO_ERROR) {
|
||||||
LOGE("GenerateRSASignature failed, status: %d", static_cast<int>(sts));
|
LOGE("GenerateRsaSignature failed, status: %d", static_cast<int>(sts));
|
||||||
|
CloseSession(session_id);
|
||||||
return sts;
|
return sts;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1307,7 +1307,7 @@ CdmResponseType CdmSession::LoadCastPrivateKey(
|
|||||||
return crypto_session_->LoadCertificatePrivateKey(private_key);
|
return crypto_session_->LoadCertificatePrivateKey(private_key);
|
||||||
}
|
}
|
||||||
|
|
||||||
CdmResponseType CdmSession::GenerateRSASignature(const std::string& message,
|
CdmResponseType CdmSession::GenerateRsaSignature(const std::string& message,
|
||||||
std::string* signature,
|
std::string* signature,
|
||||||
RSA_Padding_Scheme scheme) {
|
RSA_Padding_Scheme scheme) {
|
||||||
return crypto_session_->GenerateRsaSignature(message, signature,
|
return crypto_session_->GenerateRsaSignature(message, signature,
|
||||||
|
|||||||
@@ -115,12 +115,12 @@ TEST_F(CorePIGTest, OfflineHWSecureRequired) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
TEST_F(CorePIGTest, CastReceiverProvisioningUsingCdm) {
|
TEST_F(CorePIGTest, CastReceiverProvisioningUsingCdm) {
|
||||||
std::string digest_hex_str =
|
const std::string digest_hex_str =
|
||||||
// digest info header
|
// digest info header
|
||||||
"3021300906052b0e03021a05000414"
|
"3021300906052b0e03021a05000414"
|
||||||
// sha1 of kMessage
|
// sha1 of kMessage
|
||||||
"d2662f893aaec72f3ca6decc2aa942f3949e8b21";
|
"d2662f893aaec72f3ca6decc2aa942f3949e8b21";
|
||||||
auto digest = wvutil::a2b_hex(digest_hex_str);
|
const auto digest = wvutil::a2b_hex(digest_hex_str);
|
||||||
|
|
||||||
if (!wvoec::global_features.cast_receiver) {
|
if (!wvoec::global_features.cast_receiver) {
|
||||||
GTEST_SKIP() << "OEMCrypto does not support CAST Receiver functionality";
|
GTEST_SKIP() << "OEMCrypto does not support CAST Receiver functionality";
|
||||||
@@ -131,19 +131,19 @@ TEST_F(CorePIGTest, CastReceiverProvisioningUsingCdm) {
|
|||||||
config_.provisioning_service_certificate());
|
config_.provisioning_service_certificate());
|
||||||
provisioner.Provision(kCertificateX509, binary_provisioning_);
|
provisioner.Provision(kCertificateX509, binary_provisioning_);
|
||||||
|
|
||||||
// cdm_engine_.SignRSA
|
// cdm_engine_.SignRsa
|
||||||
std::string signature_str;
|
std::string signature_str;
|
||||||
std::string digest_str(digest.begin(), digest.end());
|
const std::string digest_str(digest.begin(), digest.end());
|
||||||
ASSERT_EQ(NO_ERROR, cdm_engine_.SignRSA(provisioner.wrapped_key(), digest_str,
|
ASSERT_EQ(NO_ERROR, cdm_engine_.SignRsa(provisioner.wrapped_key(), digest_str,
|
||||||
&signature_str, kSign_PKCS1_Block1));
|
&signature_str, kSign_PKCS1_Block1));
|
||||||
|
|
||||||
// Verify the generated signature
|
// Verify the generated signature
|
||||||
std::vector<uint8_t> signature(signature_str.begin(), signature_str.end());
|
const std::vector<uint8_t> signature(signature_str.begin(), signature_str.end());
|
||||||
LOGI("digest.size(): %zu, signature.size(): %zu", digest.size(),
|
LOGI("digest.size(): %zu, signature.size(): %zu", digest.size(),
|
||||||
signature.size());
|
signature.size());
|
||||||
|
|
||||||
std::string cert = provisioner.certificate();
|
const std::string cert = provisioner.certificate();
|
||||||
const char* cert_str_ptr = cert.c_str();
|
const char* const cert_str_ptr = cert.c_str();
|
||||||
LOGI("cert: %s", cert_str_ptr);
|
LOGI("cert: %s", cert_str_ptr);
|
||||||
|
|
||||||
// Extract the public key from the x509 cert chain
|
// Extract the public key from the x509 cert chain
|
||||||
@@ -159,15 +159,15 @@ TEST_F(CorePIGTest, CastReceiverProvisioningUsingCdm) {
|
|||||||
|
|
||||||
// remove digest info header for verification
|
// remove digest info header for verification
|
||||||
// SHA1 is 20 bytes long
|
// SHA1 is 20 bytes long
|
||||||
digest.erase(digest.begin(), digest.begin() + digest.size() - 20);
|
const std::vector<uint8_t> sha1_digest(digest.begin() + digest.size() - 20, digest.end());
|
||||||
|
|
||||||
// Modified from openssl example
|
// Modified from openssl example
|
||||||
// https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_verify_init.html
|
// https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_verify_init.html
|
||||||
// Set RSA padding as RSA_PKCS1_PADDING and digest algo to SHA1.
|
// Set RSA padding as RSA_PKCS1_PADDING and digest algo to SHA1.
|
||||||
unsigned char* md = digest.data();
|
const unsigned char* const md = sha1_digest.data();
|
||||||
unsigned char* sig = signature.data();
|
const unsigned char* const sig = signature.data();
|
||||||
size_t mdlen = digest.size();
|
const size_t mdlen = sha1_digest.size();
|
||||||
size_t siglen = signature.size();
|
const size_t siglen = signature.size();
|
||||||
|
|
||||||
std::unique_ptr<EVP_PKEY_CTX, void (*)(EVP_PKEY_CTX*)> ctx(
|
std::unique_ptr<EVP_PKEY_CTX, void (*)(EVP_PKEY_CTX*)> ctx(
|
||||||
EVP_PKEY_CTX_new(pubkey.get(), nullptr /* no engine */), EVP_PKEY_CTX_free);
|
EVP_PKEY_CTX_new(pubkey.get(), nullptr /* no engine */), EVP_PKEY_CTX_free);
|
||||||
|
|||||||
Reference in New Issue
Block a user