82 lines
2.8 KiB
C++
82 lines
2.8 KiB
C++
// Copyright 2023 Google LLC. All Rights Reserved. This file and proprietary
|
|
// source code may only be used and distributed under the Widevine License
|
|
// Agreement.
|
|
//
|
|
// Reference implementation utilities of OEMCrypto APIs
|
|
//
|
|
#ifndef WVOEC_UTIL_BCC_VALIDATOR_H_
|
|
#define WVOEC_UTIL_BCC_VALIDATOR_H_
|
|
|
|
#include <sstream>
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include "cbor_validator.h"
|
|
#include "cppbor.h"
|
|
|
|
namespace wvoec {
|
|
namespace util {
|
|
// Enums and struct to hold EC public key info
|
|
enum BccSignatureAlgorithm {
|
|
kBccDefaultSignature = 0,
|
|
kBccEdDsa = 1,
|
|
kBccEcdsaSha256 = 2,
|
|
kBccEcdsaSha384 = 3
|
|
};
|
|
|
|
enum BccCurve {
|
|
kBccDefaultCurve = 0,
|
|
kBccEd25519 = 1,
|
|
kBccP256 = 2,
|
|
kBccP384 = 3
|
|
};
|
|
|
|
struct BccPublicKeyInfo {
|
|
BccSignatureAlgorithm signature_algorithm;
|
|
BccCurve curve;
|
|
// Raw EC key bytes extracted from BCC
|
|
std::vector<uint8_t> key_bytes;
|
|
};
|
|
|
|
// BccValidator processes a Provisioning 4.0 device root of trust. It extracts
|
|
// and validates relevant pieces of information of BCC.
|
|
// Relevant documents:
|
|
// Android definition: go/remote-provisioning-hal#bcc.
|
|
// Google Dice Profile: go/dice-profile
|
|
class BccValidator : public CborValidator {
|
|
public:
|
|
explicit BccValidator() {}
|
|
virtual ~BccValidator() override = default;
|
|
BccValidator(const BccValidator&) = delete;
|
|
BccValidator& operator=(const BccValidator&) = delete;
|
|
// Verifies the Cbor struct of a client generated root of trust. This message
|
|
// is part of an attestation model conforming to the Google Open Dice Profile.
|
|
// This message is received from a client device to attest it is a valid
|
|
// Widevine device.
|
|
virtual CborMessageStatus Validate() override;
|
|
// Outputs BCC in YAML.
|
|
virtual std::string GetFormattedMessage() const override;
|
|
|
|
private:
|
|
// Processes CoseKey PubKeyEd25519 / PubKeyECDSA256, prints into |fmt_msgs|,
|
|
// and extracts the PubKey to *|public_key_info|.
|
|
CborMessageStatus ProcessSubjectPublicKeyInfo(
|
|
const cppbor::Map& public_key_info_map,
|
|
std::vector<std::string>& fmt_msgs, BccPublicKeyInfo* public_key_info);
|
|
// Processes DiceChainEntryPayload, which contains subject public key, prints
|
|
// into |fmt_msgs|, and extracts the PubKey to *|public_key_info|.
|
|
CborMessageStatus ProcessDiceChainEntryPayload(
|
|
const std::vector<uint8_t>& payload, std::vector<std::string>& fmt_msgs,
|
|
BccPublicKeyInfo* public_key_info);
|
|
// Verifies the raw EC signature |signature| with the public key
|
|
// |signing_key|. |signature| extracted from BCC is not ASN.1 DER encoded.
|
|
bool VerifySignature(const BccPublicKeyInfo& signing_key,
|
|
const std::vector<uint8_t>& message,
|
|
const std::vector<uint8_t>& signature);
|
|
// Used to generate formatted message.
|
|
std::stringstream msg_ss_;
|
|
};
|
|
} // namespace util
|
|
} // namespace wvoec
|
|
#endif // WVOEC_UTIL_BCC_VALIDATOR_H_
|