5ce29c42da
Add a Bcc parser which prints the public keys in dice chain and a few other key properties. Borrowed code from https://source.corp.google.com/piper///depot/google3/video/widevine/keysmith/provisioning/provisioning40/boot_certificate_chain_parser.cc and modified locally to build an executable tool. Sample output from new pixel device: ROOT DEVICE PUBLIC KEY: key encoding format: DEVICE_KEY_OCTET_PAIR key algorithm type: ECDSA_SHA384 curve: P384 public key bytes: 04de874f6067bde6604b2d7a5d51ad28e6335d4524de4314ba6e594e6c95ccefeb17066a0b2f86b16591815c184694d7c54f02549e390e98e9e244e9cd73e616ffd9160371936b7c57e42617a3b497265bc84a0870fae4542e9f35b350383f4ebf CDI PUBLIC KEY 1: Issuer: 6a680468c33e5a9a95730632070f76e016f971a9 Subject: 5fbc8ab87c4a23ae660ea38461fea5bbc375a08c key encoding format: DEVICE_KEY_OCTET_PAIR key algorithm type: ECDSA_SHA384 curve: P384 public key bytes: 04dfa00e8f96d25400a7824c44a27ba141520629820a7348d48b6fa9b616e6f6793df08288c81985864b07b08fbce4beca3f0297b4b1965be3c26aa493d98ef20f18b2cf2c751ed77b170e04a2a7712f7509b22ac9b504965bd0a963c5947ccc2e CDI PUBLIC KEY 2: Issuer: 5fbc8ab87c4a23ae660ea38461fea5bbc375a08c Subject: 34a2c88d0edfd43663d47357e64280f26ebe5baa key encoding format: DEVICE_KEY_OCTET_PAIR key algorithm type: ECDSA_SHA384 curve: P384 public key bytes: 047717658a703114cd4d287162b3d75ff366b0d7dcd330bdab7fe61bcb1d50b2dd897a2ae6e878100839a3a47b966339bbb1220e76af68832035954ba39266563357fae446b734aefdf8b1295db59ac1ee9692841fee0b62b6d32651c817b34116 CDI PUBLIC KEY 3: Issuer: 34a2c88d0edfd43663d47357e64280f26ebe5baa Subject: 0b657b3c2448a5e0669953f9d5bdd90b431bbff2 key encoding format: DEVICE_KEY_OCTET_PAIR key algorithm type: ECDSA_SHA384 curve: P384 public key bytes: 041a11632576b82a1ead43a6744c6601c869dc8cbc519332f588ad79d01754964b595c4f83a7168c0f494715bedefa87cb699df4d41849fe140ab95252e55808908cc02708bc86b4d3a6a0f4dc6c49d138d67a5d3406ae25773ae182972656599c Test: parse BCC and Dice chain on pixel existing/new devices Bug: 279688624 Change-Id: Ia77a1d9f8f467992b998549572270da2c56b38b8
49 lines
1.5 KiB
C++
49 lines
1.5 KiB
C++
// Copyright 2023 Google LLC. All Rights Reserved. This file and proprietary
|
|
// source code may only be used and distributed under the Widevine License
|
|
// Agreement.
|
|
|
|
#ifndef BCC_PARSER_H_
|
|
#define BCC_PARSER_H_
|
|
|
|
#include <cppbor.h>
|
|
#include <stddef.h>
|
|
#include <stdint.h>
|
|
|
|
#include <sstream>
|
|
#include <string>
|
|
#include <utility>
|
|
#include <vector>
|
|
|
|
namespace widevine {
|
|
|
|
// BccParser processes a Provisioning 4.0 device root of trust. It extracts
|
|
// relevant pieces of information and outputs to std::string.
|
|
// Relevant documents:
|
|
// Android definition: go/remote-provisioning-hal#bcc.
|
|
// Google Dice Profile: go/dice-profile
|
|
class BccParser {
|
|
public:
|
|
explicit BccParser() {}
|
|
virtual ~BccParser() = default;
|
|
BccParser(const BccParser&) = delete;
|
|
BccParser& operator=(const BccParser&) = delete;
|
|
// Parse and verify a client generated root of trust. This message is part of
|
|
// an attestation model conforming to the Google Open Dice Profile. This
|
|
// message is received from a client device to attest it is a valid Widevine
|
|
// device.
|
|
virtual std::string Parse(const std::vector<uint8_t>& bcc);
|
|
|
|
private:
|
|
// Process and print CoseKey PubKeyEd25519 / PubKeyECDSA256.
|
|
bool ProcessDevicePublicKeyInfo(std::stringstream& ss,
|
|
const cppbor::Map& public_key_info_map);
|
|
|
|
// Process and print the DiceChainEntryPayload, which contains subject public
|
|
// key.
|
|
bool ProcessDiceChainEntryPayload(std::stringstream& ss,
|
|
std::string& payload);
|
|
};
|
|
|
|
} // namespace widevine
|
|
|
|
#endif // BCC_PARSER_H_
|