Update to support OEMCrypto v16 with ODK

2020-09-21 15:54:04 -07:00
parent 93265ab9d1
commit 69d813f0f1
203 changed files with 16337 additions and 2290 deletions
--- a/provisioning_sdk/internal/provisioning30_session_impl.cc
+++ b/provisioning_sdk/internal/provisioning30_session_impl.cc
@@ -12,6 +12,9 @@

 #include "glog/logging.h"
 #include "common/aes_cbc_util.h"
+#include "common/core_message_util.h"
+#include "common/hash_algorithm.h"
+#include "common/hash_algorithm_util.h"
 #include "common/random_util.h"
 #include "common/rsa_key.h"
 #include "common/sha_util.h"
@@ -21,7 +24,8 @@
 #define LOG_EVERY_N_WITH_PROTO(message, proto)     \
  LOG_EVERY_N(WARNING, FLAGS_prov_sdk_log_every_n) \
      << (message) << " [proto: " << (proto).ShortDebugString() << "]"
-
+// TODO(user): Use instantiate_test_suite_p to reorg the test case to cover
+// with or withoutcore_message.
 namespace widevine {

 Provisioning30SessionImpl::Provisioning30SessionImpl(
@@ -66,12 +70,14 @@ ProvisioningStatus Provisioning30SessionImpl::ProcessMessage(
    LOG_EVERY_N_WITH_PROTO("Invalid token", client_id);
    return INVALID_REQUEST_MESSAGE;
  }
-  if (!cert_public_key->VerifySignature(signed_request.message(),
-                                        signed_request.signature())) {
+  const HashAlgorithm hash_algorithm =
+      HashAlgorithmProtoToEnum(signed_request.hash_algorithm());
+  if (!cert_public_key->VerifySignature(
+          signed_request.oemcrypto_core_message() + signed_request.message(),
+          hash_algorithm, signed_request.signature())) {
    LOG_EVERY_N_WITH_PROTO("Signature verification failed", client_id);
    return INVALID_REQUEST_MESSAGE;
  }
-
  // Save device_info for query later.
  device_info_ = engine_.GetDeviceInfo(system_id);

@@ -81,8 +87,8 @@ ProvisioningStatus Provisioning30SessionImpl::ProcessMessage(
  } else {
    // Generate stable serial number.
    const std::string stable_data(client_id.token() + request.stable_id() +
-                             request.provider_id() +
-                             engine_.secret_spoid_sauce());
+                                  request.provider_id() +
+                                  engine_.secret_spoid_sauce());
    const std::string hash = Sha256_Hash(stable_data);
    const size_t RootCertificateSerialNumberSize = 16;
    certificate_serial_number = hash.substr(0, RootCertificateSerialNumberSize);
@@ -102,8 +108,25 @@ ProvisioningStatus Provisioning30SessionImpl::ProcessMessage(
    LOG(WARNING) << "Error serializing ProvisioningResponse.";
    return INTERNAL_ERROR;
  }
+  if (signed_request.has_oemcrypto_core_message() &&
+      !signed_request.oemcrypto_core_message().empty()) {
+    if (!core_message_util::GetCoreProvisioningResponse(
+            signed_message.message(), signed_request.oemcrypto_core_message(),
+            signed_message.mutable_oemcrypto_core_message())) {
+      LOG(WARNING) << "Failed to get signed core message, response: "
+                   << signed_message.ShortDebugString();
+      return INTERNAL_ERROR;
+    }
+    if (signed_message.oemcrypto_core_message().empty()) {
+      LOG(WARNING) << "Failed to get signed core message, response: "
+                   << signed_message.ShortDebugString();
+      return INTERNAL_ERROR;
+    }
+  }
+  signed_message.set_hash_algorithm(HashAlgorithmEnumToProto(hash_algorithm));
  if (!service_private_key_.GenerateSignature(
-          signed_message.message(), signed_message.mutable_signature())) {
+          signed_message.oemcrypto_core_message() + signed_message.message(),
+          hash_algorithm, signed_message.mutable_signature())) {
    LOG(WARNING) << "Failed to sign ProvisioningResponse.";
    return INTERNAL_ERROR;
  }
@@ -111,7 +134,6 @@ ProvisioningStatus Provisioning30SessionImpl::ProcessMessage(
    LOG(WARNING) << "Error serializing SignedProvisioningMessage.";
    return INTERNAL_ERROR;
  }
-
  *done = true;
  return OK;
 }
@@ -197,7 +219,8 @@ bool Provisioning30SessionImpl::DecryptClientIdentification(

 ProvisioningStatus Provisioning30SessionImpl::GenerateProvisioningResponse(
    uint32_t system_id, const std::string& oem_ca_serial_number,
-    const std::string& provider_id, const std::string& certificate_serial_number,
+    const std::string& provider_id,
+    const std::string& certificate_serial_number,
    const RsaPublicKey& cert_public_key, ProvisioningResponse* response) {
  ProvisioningStatus status = engine_.GenerateProviderDeviceDrmCertificate(
      system_id, oem_ca_serial_number, provider_id, device_drm_public_key_,