diff --git a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_auth_ref.h b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_auth_ref.h index 523a8b28..6bdeb84c 100644 --- a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_auth_ref.h +++ b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_auth_ref.h @@ -67,7 +67,7 @@ class AuthenticationRoot { WvKeybox& real_keybox() { return keybox_; } WvKeybox keybox_; - WvTestKeybox test_keybox_; + WvKeybox test_keybox_; bool use_test_keybox_; RSA_shared_ptr rsa_key_; // If no keybox, this is baked in certificate. diff --git a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_engine_ref.h b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_engine_ref.h index 9fb9f0ae..8bbbaeb8 100644 --- a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_engine_ref.h +++ b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_engine_ref.h @@ -58,8 +58,8 @@ class CryptoEngine { KeyboxError ValidateKeybox() { return root_of_trust_.ValidateKeybox(); } - const std::vector& DeviceRootKey(bool override_to_real = false) { - return root_of_trust_.DeviceKey(override_to_real); + const std::vector& DeviceRootKey() { + return root_of_trust_.DeviceKey(); } const std::vector& DeviceRootId() { diff --git a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_keybox_ref.cpp b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_keybox_ref.cpp index 0ed25006..0118e177 100644 --- a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_keybox_ref.cpp +++ b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_keybox_ref.cpp @@ -17,48 +17,10 @@ namespace wvoec_ref { -namespace { - -const wvoec::WidevineKeybox kTestKeybox = { - // Sample keybox used for test vectors - { - // deviceID - 0x54, 0x65, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x30, // TestKey01 - 0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // ........ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // ........ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // ........ - }, { - // key - 0xfb, 0xda, 0x04, 0x89, 0xa1, 0x58, 0x16, 0x0e, - 0xa4, 0x02, 0xe9, 0x29, 0xe3, 0xb6, 0x8f, 0x04, - }, { - // data - 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x10, 0x19, - 0x07, 0xd9, 0xff, 0xde, 0x13, 0xaa, 0x95, 0xc1, - 0x22, 0x67, 0x80, 0x53, 0x36, 0x21, 0x36, 0xbd, - 0xf8, 0x40, 0x8f, 0x82, 0x76, 0xe4, 0xc2, 0xd8, - 0x7e, 0xc5, 0x2b, 0x61, 0xaa, 0x1b, 0x9f, 0x64, - 0x6e, 0x58, 0x73, 0x49, 0x30, 0xac, 0xeb, 0xe8, - 0x99, 0xb3, 0xe4, 0x64, 0x18, 0x9a, 0x14, 0xa8, - 0x72, 0x02, 0xfb, 0x02, 0x57, 0x4e, 0x70, 0x64, - 0x0b, 0xd2, 0x2e, 0xf4, 0x4b, 0x2d, 0x7e, 0x39, - }, { - // magic - 0x6b, 0x62, 0x6f, 0x78, - }, { - // Crc - 0x0a, 0x7a, 0x2c, 0x35, - } -}; - -} // namespace - -WvKeybox::WvKeybox() { - valid_ = Prepare(); -} +WvKeybox::WvKeybox() : loaded_(false) {} KeyboxError WvKeybox::Validate() { - if (!valid_) { + if (!loaded_) { LOGE("[KEYBOX NOT LOADED]"); return OTHER_ERROR; } @@ -68,7 +30,7 @@ KeyboxError WvKeybox::Validate() { } uint32_t crc_computed; uint32_t crc_stored; - uint8_t* crc_stored_bytes = (uint8_t*) &crc_stored; + uint8_t* crc_stored_bytes = (uint8_t*)&crc_stored; memcpy(crc_stored_bytes, crc_, sizeof(crc_)); wvoec::WidevineKeybox keybox; memset(&keybox, 0, sizeof(keybox)); @@ -91,25 +53,18 @@ bool WvKeybox::InstallKeybox(const uint8_t* buffer, size_t keyBoxLength) { if (keyBoxLength != 128) { return false; } - - const wvoec::WidevineKeybox* keybox - = reinterpret_cast(buffer); - size_t device_id_length - = strnlen(reinterpret_cast(keybox->device_id_), 32); - device_id_.assign(keybox->device_id_, - keybox->device_id_ + device_id_length); + const wvoec::WidevineKeybox* keybox = + reinterpret_cast(buffer); + size_t device_id_length = + strnlen(reinterpret_cast(keybox->device_id_), 32); + device_id_.assign(keybox->device_id_, keybox->device_id_ + device_id_length); device_key_.assign(keybox->device_key_, keybox->device_key_ + sizeof(keybox->device_key_)); memcpy(key_data_, keybox->data_, sizeof(keybox->data_)); memcpy(magic_, keybox->magic_, sizeof(keybox->magic_)); memcpy(crc_, keybox->crc_, sizeof(keybox->crc_)); - + loaded_ = true; return true; } -WvTestKeybox::WvTestKeybox() { - InstallKeybox(reinterpret_cast(&kTestKeybox), - sizeof(kTestKeybox)); -} - } // namespace wvoec_ref diff --git a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_keybox_ref.h b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_keybox_ref.h index 3dec1d0e..5f65ea70 100644 --- a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_keybox_ref.h +++ b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_keybox_ref.h @@ -33,9 +33,7 @@ class WvKeybox { bool InstallKeybox(const uint8_t* keybox, size_t keyBoxLength); private: - bool Prepare(); - - bool valid_; + bool loaded_; std::vector device_id_; std::vector device_key_; WvKeyboxKeyData key_data_; @@ -43,11 +41,6 @@ class WvKeybox { uint8_t crc_[4]; }; -class WvTestKeybox : public WvKeybox { - public: - WvTestKeybox(); -}; - } // namespace wvoec_ref #endif // OEMCRYPTO_KEYBOX_REF_H_ diff --git a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_keybox_testkey.cpp b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_keybox_testkey.cpp deleted file mode 100644 index 6035181e..00000000 --- a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_keybox_testkey.cpp +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary -// source code may only be used and distributed under the Widevine Master -// License Agreement. -// -// Test keybox. - -#include "oemcrypto_keybox_ref.h" -#include "oemcrypto_types.h" - -namespace wvoec_ref { - -namespace { - -// Note: this is a valid keybox, but it is not accepted by production servers. -// However, it is different from the one used for most of the unit tests. -const wvoec::WidevineKeybox kKeybox = { - // Sample keybox used for test vectors - { - // deviceID - 0x54, 0x65, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x30, // TestKey02 - 0x32, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // ........ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // ........ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // ........ - }, { - // key - 0x76, 0x5d, 0xce, 0x01, 0x04, 0x89, 0xb3, 0xd0, - 0xdf, 0xce, 0x54, 0x8a, 0x49, 0xda, 0xdc, 0xb6, - }, { - // data - 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x10, 0x19, - 0x92, 0x27, 0x0b, 0x1f, 0x1a, 0xd5, 0xc6, 0x93, - 0x19, 0x3f, 0xaa, 0x74, 0x1f, 0xdd, 0x5f, 0xb4, - 0xe9, 0x40, 0x2f, 0x34, 0xa4, 0x92, 0xf4, 0xae, - 0x9a, 0x52, 0x39, 0xbc, 0xb7, 0x24, 0x38, 0x13, - 0xab, 0xf4, 0x92, 0x96, 0xc4, 0x81, 0x60, 0x33, - 0xd8, 0xb8, 0x09, 0xc7, 0x55, 0x0e, 0x12, 0xfa, - 0xa8, 0x98, 0x62, 0x8a, 0xec, 0xea, 0x74, 0x8a, - 0x4b, 0xfa, 0x5a, 0x9e, 0xb6, 0x49, 0x0d, 0x80, - }, { - // magic - 0x6b, 0x62, 0x6f, 0x78, - }, { - // Crc - 0x2a, 0x3b, 0x3e, 0xe4, - } -}; - -} // namespace - -bool WvKeybox::Prepare() { - InstallKeybox(reinterpret_cast(&kKeybox), - sizeof(kKeybox)); - return true; -} - -} // namespace wvoec_ref diff --git a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_old_usage_table_ref.cpp b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_old_usage_table_ref.cpp index e1a6cf93..e40134bf 100644 --- a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_old_usage_table_ref.cpp +++ b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_old_usage_table_ref.cpp @@ -98,8 +98,7 @@ OldUsageTable::OldUsageTable(CryptoEngine *ce) { // This should be encrypted and signed with a device specific key. // For the reference implementation, I'm just going to use the keybox key. - const bool override_to_real = true; - const std::vector &key = ce_->DeviceRootKey(override_to_real); + const std::vector &key = ce_->DeviceRootKey(); uint8_t computed_signature[SHA256_DIGEST_LENGTH]; unsigned int sig_length = sizeof(computed_signature); diff --git a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_usage_table_ref.cpp b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_usage_table_ref.cpp index 37c4cfd5..c515c0f2 100644 --- a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_usage_table_ref.cpp +++ b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_usage_table_ref.cpp @@ -206,8 +206,7 @@ OEMCryptoResult UsageTableEntry::SaveData(CryptoEngine* ce, // This should be encrypted and signed with a device specific key. // For the reference implementation, I'm just going to use the keybox key. - const bool override_to_real = true; - const std::vector& key = ce->DeviceRootKey(override_to_real); + const std::vector& key = ce->DeviceRootKey(); // Encrypt the entry. RAND_bytes(encrypted->iv, wvoec::KEY_IV_SIZE); @@ -245,8 +244,7 @@ OEMCryptoResult UsageTableEntry::LoadData(CryptoEngine* ce, uint32_t index, // This should be encrypted and signed with a device specific key. // For the reference implementation, I'm just going to use the keybox key. - const bool override_to_real = true; - const std::vector& key = ce->DeviceRootKey(override_to_real); + const std::vector& key = ce->DeviceRootKey(); // Verify the signature of the usage entry. Sign encrypted into clear buffer. unsigned int sig_length = SHA256_DIGEST_LENGTH; @@ -500,8 +498,7 @@ OEMCryptoResult UsageTable::SaveUsageTableHeader(uint8_t* signed_buffer, // This should be encrypted and signed with a device specific key. // For the reference implementation, I'm just going to use the keybox key. - const bool override_to_real = true; - const std::vector& key = ce_->DeviceRootKey(override_to_real); + const std::vector& key = ce_->DeviceRootKey(); // Encrypt the entry. RAND_bytes(encrypted->iv, wvoec::KEY_IV_SIZE); @@ -538,8 +535,7 @@ OEMCryptoResult UsageTable::LoadUsageTableHeader( // This should be encrypted and signed with a device specific key. // For the reference implementation, I'm just going to use the keybox key. - const bool override_to_real = true; - const std::vector& key = ce_->DeviceRootKey(override_to_real); + const std::vector& key = ce_->DeviceRootKey(); // Verify the signature of the usage entry. Sign encrypted into clear buffer. unsigned int sig_length = SHA256_DIGEST_LENGTH; diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp index 8d66df2f..c5c6bd8e 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp @@ -445,7 +445,21 @@ TEST_F(OEMCryptoClientTest, CanLoadTestKeys) { << "Session tests cannot run with out a test keybox or RSA cert."; } -class OEMCryptoKeyboxTest : public OEMCryptoClientTest {}; +class OEMCryptoKeyboxTest : public OEMCryptoClientTest { + virtual void SetUp() { + OEMCryptoClientTest::SetUp(); + OEMCryptoResult sts = OEMCrypto_IsKeyboxValid(); + // If the production keybox is valid, use it for these tests. Most of the + // other tests will use a test keybox anyway, but it's nice to check the + // device ID for the real keybox if we can. + if (sts == OEMCrypto_SUCCESS) return; + printf("Production keybox is NOT valid. All tests use test keybox.\n"); + ASSERT_EQ( + OEMCrypto_SUCCESS, + OEMCrypto_LoadTestKeybox(reinterpret_cast(&kTestKeybox), + sizeof(kTestKeybox))); + } +}; TEST_F(OEMCryptoKeyboxTest, NormalGetDeviceId) { OEMCryptoResult sts; diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test_android.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test_android.cpp index 05319c2a..9b06368c 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_test_android.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test_android.cpp @@ -40,6 +40,12 @@ TEST_F(OEMCryptoAndroidLMPTest, GetKeyDataImplemented) { } } +TEST_F(OEMCryptoAndroidLMPTest, ValidKeybox) { + if (OEMCrypto_GetProvisioningMethod() == OEMCrypto_Keybox) { + ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_IsKeyboxValid()); + } +} + TEST_F(OEMCryptoAndroidLMPTest, MinVersionNumber9) { uint32_t version = OEMCrypto_APIVersion(); ASSERT_LE(9u, version);