5ce29c42da
Add a Bcc parser which prints the public keys in dice chain and a few other key properties. Borrowed code from https://source.corp.google.com/piper///depot/google3/video/widevine/keysmith/provisioning/provisioning40/boot_certificate_chain_parser.cc and modified locally to build an executable tool. Sample output from new pixel device: ROOT DEVICE PUBLIC KEY: key encoding format: DEVICE_KEY_OCTET_PAIR key algorithm type: ECDSA_SHA384 curve: P384 public key bytes: 04de874f6067bde6604b2d7a5d51ad28e6335d4524de4314ba6e594e6c95ccefeb17066a0b2f86b16591815c184694d7c54f02549e390e98e9e244e9cd73e616ffd9160371936b7c57e42617a3b497265bc84a0870fae4542e9f35b350383f4ebf CDI PUBLIC KEY 1: Issuer: 6a680468c33e5a9a95730632070f76e016f971a9 Subject: 5fbc8ab87c4a23ae660ea38461fea5bbc375a08c key encoding format: DEVICE_KEY_OCTET_PAIR key algorithm type: ECDSA_SHA384 curve: P384 public key bytes: 04dfa00e8f96d25400a7824c44a27ba141520629820a7348d48b6fa9b616e6f6793df08288c81985864b07b08fbce4beca3f0297b4b1965be3c26aa493d98ef20f18b2cf2c751ed77b170e04a2a7712f7509b22ac9b504965bd0a963c5947ccc2e CDI PUBLIC KEY 2: Issuer: 5fbc8ab87c4a23ae660ea38461fea5bbc375a08c Subject: 34a2c88d0edfd43663d47357e64280f26ebe5baa key encoding format: DEVICE_KEY_OCTET_PAIR key algorithm type: ECDSA_SHA384 curve: P384 public key bytes: 047717658a703114cd4d287162b3d75ff366b0d7dcd330bdab7fe61bcb1d50b2dd897a2ae6e878100839a3a47b966339bbb1220e76af68832035954ba39266563357fae446b734aefdf8b1295db59ac1ee9692841fee0b62b6d32651c817b34116 CDI PUBLIC KEY 3: Issuer: 34a2c88d0edfd43663d47357e64280f26ebe5baa Subject: 0b657b3c2448a5e0669953f9d5bdd90b431bbff2 key encoding format: DEVICE_KEY_OCTET_PAIR key algorithm type: ECDSA_SHA384 curve: P384 public key bytes: 041a11632576b82a1ead43a6744c6601c869dc8cbc519332f588ad79d01754964b595c4f83a7168c0f494715bedefa87cb699df4d41849fe140ab95252e55808908cc02708bc86b4d3a6a0f4dc6c49d138d67a5d3406ae25773ae182972656599c Test: parse BCC and Dice chain on pixel existing/new devices Bug: 279688624 Change-Id: Ia77a1d9f8f467992b998549572270da2c56b38b8
200 lines
7.2 KiB
C++
200 lines
7.2 KiB
C++
//
|
|
// Copyright 2022 Google LLC. All Rights Reserved. This file and proprietary
|
|
// source code may only be used and distributed under the Widevine License
|
|
// Agreement.
|
|
//
|
|
|
|
#define LOG_TAG "wv_factory_extraction_tool"
|
|
|
|
#include <cppbor.h>
|
|
#include <cppbor_parse.h>
|
|
#include <sys/random.h>
|
|
|
|
#include <algorithm>
|
|
#include <cstdint>
|
|
#include <cstdio>
|
|
#include <cstring>
|
|
#include <iostream>
|
|
#include <iterator>
|
|
#include <utility>
|
|
#include <vector>
|
|
|
|
#include "BccParser.h"
|
|
#include "WidevineProvisioner.h"
|
|
#include "log.h"
|
|
#include "properties.h"
|
|
|
|
constexpr size_t kChallengeSize = 64;
|
|
|
|
// The Google root key for the Endpoint Encryption Key chain, encoded as
|
|
// COSE_Sign1
|
|
inline constexpr uint8_t kCoseEncodedRootCert[] = {
|
|
0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0, 0x58, 0x2a, 0xa4, 0x01, 0x01, 0x03,
|
|
0x27, 0x20, 0x06, 0x21, 0x58, 0x20, 0x99, 0xb9, 0xee, 0xdd, 0x5e, 0xe4,
|
|
0x52, 0xf6, 0x85, 0xc6, 0x4c, 0x62, 0xdc, 0x3e, 0x61, 0xab, 0x57, 0x48,
|
|
0x7d, 0x75, 0x37, 0x29, 0xad, 0x76, 0x80, 0x32, 0xd2, 0xb3, 0xcb, 0x63,
|
|
0x58, 0xd9, 0x58, 0x40, 0x1e, 0x22, 0x08, 0x4b, 0xa4, 0xb7, 0xa4, 0xc8,
|
|
0xd7, 0x4e, 0x03, 0x0e, 0xfe, 0xb8, 0xaf, 0x14, 0x4c, 0xa7, 0x3b, 0x6f,
|
|
0xa5, 0xcd, 0xdc, 0xda, 0x79, 0xc6, 0x2b, 0x64, 0xfe, 0x99, 0x39, 0xaf,
|
|
0x76, 0xe7, 0x80, 0xfa, 0x66, 0x00, 0x85, 0x0d, 0x07, 0x98, 0x2a, 0xac,
|
|
0x91, 0x5c, 0xa7, 0x25, 0x14, 0x49, 0x06, 0x34, 0x75, 0xca, 0x8a, 0x27,
|
|
0x7a, 0xd9, 0xe3, 0x5a, 0x49, 0xeb, 0x02, 0x03};
|
|
|
|
// The Google Endpoint Encryption Key certificate, encoded as COSE_Sign1
|
|
inline constexpr uint8_t kCoseEncodedGeekCert[] = {
|
|
0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0, 0x58, 0x4e, 0xa5, 0x01, 0x01, 0x02,
|
|
0x58, 0x20, 0xd0, 0xae, 0xc1, 0x15, 0xca, 0x2a, 0xcf, 0x73, 0xae, 0x6b,
|
|
0xcc, 0xcb, 0xd1, 0x96, 0x1d, 0x65, 0xe8, 0xb1, 0xdd, 0xd7, 0x4a, 0x1a,
|
|
0x37, 0xb9, 0x43, 0x3a, 0x97, 0xd5, 0x99, 0xdf, 0x98, 0x08, 0x03, 0x38,
|
|
0x18, 0x20, 0x04, 0x21, 0x58, 0x20, 0xbe, 0x85, 0xe7, 0x46, 0xc4, 0xa3,
|
|
0x42, 0x5a, 0x40, 0xd9, 0x36, 0x3a, 0xa6, 0x15, 0xd0, 0x2c, 0x58, 0x7e,
|
|
0x3d, 0xdc, 0x33, 0x02, 0x32, 0xd2, 0xfc, 0x5e, 0x1e, 0x87, 0x25, 0x5f,
|
|
0x72, 0x60, 0x58, 0x40, 0x9b, 0xcf, 0x90, 0xe2, 0x2e, 0x4b, 0xab, 0xd1,
|
|
0x18, 0xb1, 0x0e, 0x8e, 0x5d, 0x20, 0x27, 0x4b, 0x84, 0x58, 0xfe, 0xfc,
|
|
0x32, 0x90, 0x7e, 0x72, 0x05, 0x83, 0xbc, 0xd7, 0x82, 0xbe, 0xfa, 0x64,
|
|
0x78, 0x2d, 0x54, 0x10, 0x4b, 0xc0, 0x31, 0xbf, 0x6b, 0xe8, 0x1e, 0x35,
|
|
0xe2, 0xf0, 0x2d, 0xce, 0x6c, 0x2f, 0x4f, 0xf2, 0xf5, 0x4f, 0xa5, 0xd4,
|
|
0x83, 0xad, 0x96, 0xa2, 0xf1, 0x87, 0x58, 0x04};
|
|
|
|
std::vector<uint8_t> generateChallenge() {
|
|
std::vector<uint8_t> challenge(kChallengeSize);
|
|
|
|
ssize_t bytesRemaining = static_cast<ssize_t>(challenge.size());
|
|
uint8_t* writePtr = challenge.data();
|
|
while (bytesRemaining > 0) {
|
|
int bytesRead = getrandom(writePtr, bytesRemaining, /*flags=*/0);
|
|
if (bytesRead < 0) {
|
|
if (errno == EINTR) {
|
|
continue;
|
|
} else {
|
|
std::cerr << errno << ": " << strerror(errno) << std::endl;
|
|
exit(-1);
|
|
}
|
|
}
|
|
bytesRemaining -= bytesRead;
|
|
writePtr += bytesRead;
|
|
}
|
|
|
|
return challenge;
|
|
}
|
|
|
|
std::vector<uint8_t> getEekChain() {
|
|
cppbor::Array chain;
|
|
chain.add(cppbor::EncodedItem(std::vector<uint8_t>(
|
|
std::begin(kCoseEncodedRootCert), std::end(kCoseEncodedRootCert))));
|
|
chain.add(cppbor::EncodedItem(std::vector<uint8_t>(
|
|
std::begin(kCoseEncodedGeekCert), std::end(kCoseEncodedGeekCert))));
|
|
return chain.encode();
|
|
}
|
|
|
|
cppbor::Array composeCertificateRequest(
|
|
const std::vector<uint8_t>& protectedData,
|
|
const std::vector<uint8_t>& verifiedDeviceInfo,
|
|
const std::vector<uint8_t>& challenge) {
|
|
cppbor::Array macedKeysToSign =
|
|
cppbor::Array()
|
|
.add(std::vector<uint8_t>(0)) // empty protected headers as bstr
|
|
.add(cppbor::Map()) // empty unprotected headers
|
|
.add(cppbor::Null()) // nil for the payload
|
|
.add(std::vector<uint8_t>(0)); // MAC as returned from the HAL
|
|
|
|
cppbor::Array deviceInfo = cppbor::Array()
|
|
.add(cppbor::EncodedItem(verifiedDeviceInfo))
|
|
.add(cppbor::Map()); // Empty device info
|
|
|
|
cppbor::Array certificateRequest =
|
|
cppbor::Array()
|
|
.add(std::move(deviceInfo))
|
|
.add(challenge)
|
|
.add(cppbor::EncodedItem(protectedData))
|
|
.add(std::move(macedKeysToSign));
|
|
return certificateRequest;
|
|
}
|
|
|
|
cppbor::Array getCsr(widevine::WidevineProvisioner& provisioner) {
|
|
const std::vector<uint8_t> challenge = generateChallenge();
|
|
std::vector<uint8_t> verifiedDeviceInfo;
|
|
std::vector<uint8_t> protectedData;
|
|
|
|
if (!provisioner.GenerateCertificateRequest(
|
|
false, getEekChain(), verifiedDeviceInfo, protectedData)) {
|
|
std::cerr << "Failed to generate certificate request." << std::endl;
|
|
exit(-1);
|
|
}
|
|
auto csr =
|
|
composeCertificateRequest(protectedData, verifiedDeviceInfo, challenge);
|
|
return csr;
|
|
}
|
|
|
|
std::unique_ptr<cppbor::Array> composeCertificateRequestV3(
|
|
const std::vector<uint8_t>& csr) {
|
|
auto [parsedCsr, _, csrErrMsg] = cppbor::parse(csr);
|
|
if (!parsedCsr) {
|
|
LOGE("Failed to parse input CSR.");
|
|
return nullptr;
|
|
}
|
|
if (!parsedCsr->asArray()) {
|
|
LOGE("Input CSR is not a CBOR array.");
|
|
return nullptr;
|
|
}
|
|
std::string fingerPrint;
|
|
if (!wvcdm::Properties::GetBuildInfo(&fingerPrint)) {
|
|
LOGE("Failed to get finger print.");
|
|
return nullptr;
|
|
}
|
|
|
|
cppbor::Map unverifiedDeviceInfo =
|
|
cppbor::Map().add("fingerprint", cppbor::Tstr(fingerPrint));
|
|
parsedCsr->asArray()->add(std::move(unverifiedDeviceInfo));
|
|
return std::unique_ptr<cppbor::Array>(parsedCsr.release()->asArray());
|
|
}
|
|
|
|
std::unique_ptr<cppbor::Array> getCsrV3(
|
|
widevine::WidevineProvisioner& provisioner) {
|
|
const std::vector<uint8_t> challenge = generateChallenge();
|
|
std::vector<uint8_t> csr;
|
|
if (!provisioner.GenerateCertificateRequestV2(challenge, &csr)) {
|
|
std::cerr << "Failed to generate certificate request v2." << std::endl;
|
|
exit(-1);
|
|
}
|
|
return composeCertificateRequestV3(csr);
|
|
}
|
|
|
|
int main(int argc, char** argv) {
|
|
if (argc < 2) {
|
|
fprintf(stderr, "%s <bcc|bcc_str|device_info|csr|csr_v3>\n", argv[0]);
|
|
return 0;
|
|
}
|
|
widevine::WidevineProvisioner provisioner;
|
|
if (!std::strcmp(argv[1], "bcc")) {
|
|
auto bcc = provisioner.GetBcc();
|
|
fwrite(bcc.data(), 1, bcc.size(), stdout);
|
|
fflush(stdout);
|
|
} else if (!std::strcmp(argv[1], "bcc_str")) {
|
|
auto bcc = provisioner.GetBcc();
|
|
widevine::BccParser bcc_parser;
|
|
std::string parsed_bcc = bcc_parser.Parse(bcc);
|
|
std::copy(parsed_bcc.begin(), parsed_bcc.end(),
|
|
std::ostream_iterator<char>(std::cout));
|
|
} else if (!std::strcmp(argv[1], "device_info")) {
|
|
std::vector<uint8_t> deviceInfo;
|
|
if (provisioner.GetDeviceInfo(deviceInfo)) {
|
|
fwrite(deviceInfo.data(), 1, deviceInfo.size(), stdout);
|
|
fflush(stdout);
|
|
}
|
|
} else if (!std::strcmp(argv[1], "csr")) {
|
|
auto csr = getCsr(provisioner);
|
|
auto bytes = csr.encode();
|
|
std::copy(bytes.begin(), bytes.end(),
|
|
std::ostream_iterator<char>(std::cout));
|
|
} else if (!std::strcmp(argv[1], "csr_v3")) {
|
|
auto csr = getCsrV3(provisioner);
|
|
if (csr != nullptr) {
|
|
auto bytes = csr->encode();
|
|
std::copy(bytes.begin(), bytes.end(),
|
|
std::ostream_iterator<char>(std::cout));
|
|
}
|
|
}
|
|
return 0;
|
|
}
|