Source release 18.6.0

2024-06-27 12:54:34 -07:00
parent 28ec8548c6
commit 20c0587dcb
56 changed files with 1191 additions and 35538 deletions
--- a/oemcrypto/test/oec_session_util.cpp
+++ b/oemcrypto/test/oec_session_util.cpp
@@ -16,6 +16,7 @@
 #include <openssl/hmac.h>
 #include <openssl/pem.h>
 #include <openssl/rand.h>
+#include <openssl/sha.h>
 #include <openssl/x509.h>
 #include <openssl/x509_vfy.h>
 #include <stdint.h>
@@ -353,6 +354,11 @@ void ProvisioningRoundTrip::PrepareSession(
    session_->LoadOEMCert(true);
    session_->GenerateRsaSessionKey(&message_key_, &encrypted_message_key_);
    encryptor_.set_enc_key(message_key_);
+  } else if (global_features.provisioning_method ==
+             OEMCrypto_DrmReprovisioning) {
+    session_->SetTestRsaPublicKey();
+    session_->GenerateRsaSessionKey(&message_key_, &encrypted_message_key_);
+    encryptor_.set_enc_key(message_key_);
  } else {
    EXPECT_EQ(global_features.provisioning_method, OEMCrypto_OEMCertificate);
    session_->LoadOEMCert(true);
@@ -367,6 +373,15 @@ void ProvisioningRoundTrip::VerifyRequestSignature(
  if (global_features.provisioning_method == OEMCrypto_OEMCertificate) {
    session()->VerifyRsaSignature(data, generated_signature.data(),
                                  generated_signature.size(), kSign_RSASSA_PSS);
+  } else if (global_features.provisioning_method ==
+             OEMCrypto_DrmReprovisioning) {
+    // DRM Reprovisioning uses protocol 2.2 which computes signatures for the
+    // sha512 hash of the message and not the full message.
+    std::vector<uint8_t> signature_source;
+    signature_source.resize(SHA512_DIGEST_LENGTH);
+    SHA512(data.data(), data.size(), signature_source.data());
+    session()->VerifyRsaSignature(signature_source, generated_signature.data(),
+                                  generated_signature.size(), kSign_RSASSA_PSS);
  } else {
    EXPECT_EQ(global_features.provisioning_method, OEMCrypto_Keybox);
    ASSERT_EQ(HMAC_SHA256_SIGNATURE_SIZE, generated_signature.size());
@@ -460,9 +475,6 @@ void ProvisioningRoundTrip::SignResponse() {
  memcpy(encrypted_response_.data() + serialized_core_message_.size(),
         reinterpret_cast<const uint8_t*>(&encrypted_response_data_),
         sizeof(encrypted_response_data_));
-  if (global_features.provisioning_method == OEMCrypto_OEMCertificate) {
-    session()->GenerateDerivedKeysFromSessionKey();
-  }
  session()->key_deriver().ServerSignBuffer(encrypted_response_.data(),
                                            encrypted_response_.size(),
                                            &response_signature_);