Source release 19.1.0
This commit is contained in:
Matt Feddersen
81
oemcrypto/util/include/bcc_validator.h
Normal file
81
oemcrypto/util/include/bcc_validator.h
Normal file
@@ -0,0 +1,81 @@
|
||||
// Copyright 2023 Google LLC. All Rights Reserved. This file and proprietary
|
||||
// source code may only be used and distributed under the Widevine License
|
||||
// Agreement.
|
||||
//
|
||||
// Reference implementation utilities of OEMCrypto APIs
|
||||
//
|
||||
#ifndef WVOEC_UTIL_BCC_VALIDATOR_H_
|
||||
#define WVOEC_UTIL_BCC_VALIDATOR_H_
|
||||
|
||||
#include <sstream>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
||||
#include "cbor_validator.h"
|
||||
#include "cppbor.h"
|
||||
|
||||
namespace wvoec {
|
||||
namespace util {
|
||||
// Enums and struct to hold EC public key info
|
||||
enum BccSignatureAlgorithm {
|
||||
kBccDefaultSignature = 0,
|
||||
kBccEdDsa = 1,
|
||||
kBccEcdsaSha256 = 2,
|
||||
kBccEcdsaSha384 = 3
|
||||
};
|
||||
|
||||
enum BccCurve {
|
||||
kBccDefaultCurve = 0,
|
||||
kBccEd25519 = 1,
|
||||
kBccP256 = 2,
|
||||
kBccP384 = 3
|
||||
};
|
||||
|
||||
struct BccPublicKeyInfo {
|
||||
BccSignatureAlgorithm signature_algorithm;
|
||||
BccCurve curve;
|
||||
// Raw EC key bytes extracted from BCC
|
||||
std::vector<uint8_t> key_bytes;
|
||||
};
|
||||
|
||||
// BccValidator processes a Provisioning 4.0 device root of trust. It extracts
|
||||
// and validates relevant pieces of information of BCC.
|
||||
// Relevant documents:
|
||||
// Android definition: go/remote-provisioning-hal#bcc.
|
||||
// Google Dice Profile: go/dice-profile
|
||||
class BccValidator : public CborValidator {
|
||||
public:
|
||||
explicit BccValidator() {}
|
||||
virtual ~BccValidator() override = default;
|
||||
BccValidator(const BccValidator&) = delete;
|
||||
BccValidator& operator=(const BccValidator&) = delete;
|
||||
// Verifies the Cbor struct of a client generated root of trust. This message
|
||||
// is part of an attestation model conforming to the Google Open Dice Profile.
|
||||
// This message is received from a client device to attest it is a valid
|
||||
// Widevine device.
|
||||
virtual CborMessageStatus Validate() override;
|
||||
// Outputs BCC in YAML.
|
||||
virtual std::string GetFormattedMessage() const override;
|
||||
|
||||
private:
|
||||
// Processes CoseKey PubKeyEd25519 / PubKeyECDSA256, prints into |fmt_msgs|,
|
||||
// and extracts the PubKey to *|public_key_info|.
|
||||
CborMessageStatus ProcessSubjectPublicKeyInfo(
|
||||
const cppbor::Map& public_key_info_map,
|
||||
std::vector<std::string>& fmt_msgs, BccPublicKeyInfo* public_key_info);
|
||||
// Processes DiceChainEntryPayload, which contains subject public key, prints
|
||||
// into |fmt_msgs|, and extracts the PubKey to *|public_key_info|.
|
||||
CborMessageStatus ProcessDiceChainEntryPayload(
|
||||
const std::vector<uint8_t>& payload, std::vector<std::string>& fmt_msgs,
|
||||
BccPublicKeyInfo* public_key_info);
|
||||
// Verifies the raw EC signature |signature| with the public key
|
||||
// |signing_key|. |signature| extracted from BCC is not ASN.1 DER encoded.
|
||||
bool VerifySignature(const BccPublicKeyInfo& signing_key,
|
||||
const std::vector<uint8_t>& message,
|
||||
const std::vector<uint8_t>& signature);
|
||||
// Used to generate formatted message.
|
||||
std::stringstream msg_ss_;
|
||||
};
|
||||
} // namespace util
|
||||
} // namespace wvoec
|
||||
#endif // WVOEC_UTIL_BCC_VALIDATOR_H_
|
||||
Reference in New Issue
Block a user