5ce29c42da
Add a Bcc parser which prints the public keys in dice chain and a few other key properties. Borrowed code from https://source.corp.google.com/piper///depot/google3/video/widevine/keysmith/provisioning/provisioning40/boot_certificate_chain_parser.cc and modified locally to build an executable tool. Sample output from new pixel device: ROOT DEVICE PUBLIC KEY: key encoding format: DEVICE_KEY_OCTET_PAIR key algorithm type: ECDSA_SHA384 curve: P384 public key bytes: 04de874f6067bde6604b2d7a5d51ad28e6335d4524de4314ba6e594e6c95ccefeb17066a0b2f86b16591815c184694d7c54f02549e390e98e9e244e9cd73e616ffd9160371936b7c57e42617a3b497265bc84a0870fae4542e9f35b350383f4ebf CDI PUBLIC KEY 1: Issuer: 6a680468c33e5a9a95730632070f76e016f971a9 Subject: 5fbc8ab87c4a23ae660ea38461fea5bbc375a08c key encoding format: DEVICE_KEY_OCTET_PAIR key algorithm type: ECDSA_SHA384 curve: P384 public key bytes: 04dfa00e8f96d25400a7824c44a27ba141520629820a7348d48b6fa9b616e6f6793df08288c81985864b07b08fbce4beca3f0297b4b1965be3c26aa493d98ef20f18b2cf2c751ed77b170e04a2a7712f7509b22ac9b504965bd0a963c5947ccc2e CDI PUBLIC KEY 2: Issuer: 5fbc8ab87c4a23ae660ea38461fea5bbc375a08c Subject: 34a2c88d0edfd43663d47357e64280f26ebe5baa key encoding format: DEVICE_KEY_OCTET_PAIR key algorithm type: ECDSA_SHA384 curve: P384 public key bytes: 047717658a703114cd4d287162b3d75ff366b0d7dcd330bdab7fe61bcb1d50b2dd897a2ae6e878100839a3a47b966339bbb1220e76af68832035954ba39266563357fae446b734aefdf8b1295db59ac1ee9692841fee0b62b6d32651c817b34116 CDI PUBLIC KEY 3: Issuer: 34a2c88d0edfd43663d47357e64280f26ebe5baa Subject: 0b657b3c2448a5e0669953f9d5bdd90b431bbff2 key encoding format: DEVICE_KEY_OCTET_PAIR key algorithm type: ECDSA_SHA384 curve: P384 public key bytes: 041a11632576b82a1ead43a6744c6601c869dc8cbc519332f588ad79d01754964b595c4f83a7168c0f494715bedefa87cb699df4d41849fe140ab95252e55808908cc02708bc86b4d3a6a0f4dc6c49d138d67a5d3406ae25773ae182972656599c Test: parse BCC and Dice chain on pixel existing/new devices Bug: 279688624 Change-Id: Ia77a1d9f8f467992b998549572270da2c56b38b8
54 lines
1.6 KiB
C++
54 lines
1.6 KiB
C++
// Copyright 2023 Google LLC. All Rights Reserved. This file and proprietary
|
|
// source code may only be used and distributed under the Widevine License
|
|
// Agreement.
|
|
|
|
#ifndef DICE_CBOR_CONSTANTS_H_
|
|
#define DICE_CBOR_CONSTANTS_H_
|
|
|
|
namespace widevine {
|
|
|
|
// The BCC is encoded using RFC 8949- Concise Binary Object Representation
|
|
// (CBOR).
|
|
|
|
// The full definition of the following enums can be found here:
|
|
// go/remote-provisioning-hal#bcc.
|
|
|
|
// The device key is encoded in a cbor map. The key values are a mix of
|
|
// positive and negative integer values.
|
|
enum {
|
|
MAP_KEY_DEVICE_KEY_TYPE = 1,
|
|
MAP_KEY_DEVICE_KEY_ALGORITHM = 3,
|
|
MAP_KEY_DEVICE_KEY_OPS = 4,
|
|
MAP_KEY_DEVICE_KEY_CURVE = -1,
|
|
MAP_KEY_DEVICE_KEY_BYTES_0 = -2,
|
|
MAP_KEY_DEVICE_KEY_BYTES_1 = -3,
|
|
};
|
|
|
|
// The device key may be encoded in the BCC as either X,Y elliptic curve
|
|
// coordinates, or as raw bytes. The value is identified using
|
|
// MAP_KEY_DEVICE_KEY_TYPE.
|
|
enum {
|
|
DEVICE_KEY_ENCODING_UNKNOWN = 0,
|
|
DEVICE_KEY_BYTE_STRING = 1,
|
|
DEVICE_KEY_OCTET_PAIR = 2,
|
|
};
|
|
|
|
// Android/Widevine Dice Attestation allows two signing models. This is
|
|
// identified using MAP_KEY_DEVICE_KEY_ALGORITHM.
|
|
enum {
|
|
DEVICE_KEY_ALGORITHM_ES256 = -7, // EC key with SHA-256
|
|
DEVICE_KEY_ALGORITHM_EDDSA = -8, // Pure ED25519.
|
|
DEVICE_KEY_ALGORITHM_ES384 = -35, // EC key with SHA-384
|
|
};
|
|
|
|
// The curve used to generate the device public key is identified using the
|
|
// MAP_KEY_DEVICE_KEY_CURVE.
|
|
enum {
|
|
DEVICE_KEY_CURVE_P256 = 1,
|
|
DEVICE_KEY_CURVE_P384 = 2,
|
|
DEVICE_KEY_CURVE_ED25519 = 6,
|
|
};
|
|
|
|
} // namespace widevine
|
|
|
|
#endif // DICE_CBOR_CONSTANTS_H_
|