widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merges to android Pi release (part: 1)

Browse Source 
Below are a set of CLs being merged from the wv cdm repo to the android repo.

* Fix handling of OEM Cert public key.

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/27921 ]

  This is a potential fix for b/36656190. Set aside public
  key on first call to get the public key, and use it afterwards.
  This gets rid of extra calls to OEMCrypto_GetOEMPublicCertificate(),
  which has side-effect of staging the OEM private key.

  This also fixes a problem where the public cert string was
  not being trimmed to match the size returned by
  OEMCrypto_GetOEMPublicCertificate().

* Complete provisioning request/response for Provisioning 3.0

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/27780 ]

  Fix bug on provisioning request path where GenerateDerivedKeys()
  was being called when preparing to generate the signature.

  Add message signature verification, and call correct OEMCrypto
  routine to rewrap the private key (OEMCrypto_RewrapDeviceRSAKey30).

* Implement Cdm::deleteAllUsageRecords()

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/27780 ]

  Delete all usage records for current origin.  Removes usage
  records from file system and retains the PSTs.  The deletes
  any usage entries matching those PSTs held by OEMCrypto.

  BUG: 35319024

* Remove stringencoders library from third_party.

  Author: Jacob Trimble <modmaker@google.com>

  [ Merge of http://go/wvgerrit/27585 ]

  We have a fork of the stringencoders library that we use for base64
  encoding.  This reimplements base64 encoding to remove the extra
  dependency and to reduce the amount of code.

* Add Cdm::deleteUsageRecord() based on key_set_id.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/27605 ]

  Delete specified usage record from file system usage info and
  from OEMCrypto.

  BUG: 35319024

* Modifiable OEMCrypto

  Author: Fred Gylys-Colwell <fredgc@google.com>

  [ Merge of http://go/wvgerrit/24729 ]

  This CL adds a new variant of the OEMCrypto mock code that adjusts its
  behavior based on a configuration file.  This is intended for
  testing.

  For example, a tester can set current_hdcp to 2 in the options.txt
  file, push it to the device, and verify that a license is granted for
  HDCP 2.0.  Then the tester can edit the value of current_hdcp to 1 and
  push the file to the device.  Playback should stop because the license
  is no longer valid.

  This variant uses a real level 1 liboemcrypto.so to push data to a
  secure buffer.  That means we can test playback for a license that
  requires secure buffers on an Android device with real secure buffers.

  BUG: 35141278
  BUG: 37353534

BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
      commit in the chain.

Change-Id: I58443c510919e992bb455192e70373490a00e2b6
This commit is contained in:
Rahul Frias
2018-01-05 17:05:18 -08:00
parent e34f83cdce
commit 0419b55222
120 changed files with 5402 additions and 6827 deletions
Download Patch File Download Diff File Expand all files Collapse all files

166
libwvdrmengine/cdm/core/src/string_conversions.cpp
View File

@@ -10,14 +10,28 @@
#include <iostream>
#include <vector>
#include <modp_b64.h>
#include <modp_b64w.h>
#include "log.h"
namespace wvcdm {
static bool CharToDigit(char ch, unsigned char* digit) {
static const char kBase64Codes[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
// Gets the low |n| bits of |in|.
#define GET_LOW_BITS(in, n) ((in) & ((1 << (n)) - 1))
// Gets the given (zero-indexed) bits [a, b) of |in|.
#define GET_BITS(in, a, b) GET_LOW_BITS((in) >> (a), (b) - (a))
// Calculates a/b using round-up division (only works for positive numbers).
#define CEIL_DIVIDE(a, b) ((((a) - 1) / (b)) + 1)
int DecodeBase64Char(char c) {
const char* it = strchr(kBase64Codes, c);
if (it == NULL)
return -1;
return it - kBase64Codes;
}
bool DecodeHexChar(char ch, unsigned char* digit) {
if (ch >= '0' && ch <= '9') {
*digit = ch - '0';
} else {
@@ -43,8 +57,8 @@ std::vector<uint8_t> a2b_hex(const std::string& byte) {
for (unsigned int i = 0; i < count / 2; ++i) {
unsigned char msb = 0; // most significant 4 bits
unsigned char lsb = 0; // least significant 4 bits
if (!CharToDigit(byte[i * 2], &msb) ||
!CharToDigit(byte[i * 2 + 1], &lsb)) {
if (!DecodeHexChar(byte[i * 2], &msb) ||
!DecodeHexChar(byte[i * 2 + 1], &lsb)) {
LOGE("Invalid hex value %c%c at index %d", byte[i * 2], byte[i * 2 + 1],
i);
return array;
@@ -80,23 +94,50 @@ std::string b2a_hex(const std::string& byte) {
}
// Encode for standard base64 encoding (RFC4648).
// https://en.wikipedia.org/wiki/Base64
// Text | M | a | n |
// ASCI | 77 (0x4d) | 97 (0x61) | 110 (0x6e) |
// Bits | 0 1 0 0 1 1 0 1 0 1 1 0 0 0 0 1 0 1 1 0 1 1 1 0 |
// Index | 19 | 22 | 5 | 46 |
// Base64 | T | W | F | u |
// | <----------------- 24-bits -----------------> |
std::string Base64Encode(const std::vector<uint8_t>& bin_input) {
if (bin_input.empty()) {
return std::string();
}
int in_size = bin_input.size();
std::string b64_output(modp_b64_encode_len(in_size), 0);
// |temp| stores a 24-bit block that is treated as an array where insertions
// occur from high to low.
uint32_t temp = 0;
size_t out_index = 0;
const size_t out_size = CEIL_DIVIDE(bin_input.size(), 3) * 4;
std::string result(out_size, '\0');
for (size_t i = 0; i < bin_input.size(); i++) {
// "insert" 8-bits of data
temp |= (bin_input[i] << ((2 - (i % 3)) * 8));
int out_size = modp_b64_encode(
&b64_output[0], reinterpret_cast<const char*>(&bin_input[0]), in_size);
if (out_size == -1) {
LOGE("Base64Encode failed");
return std::string();
if (i % 3 == 2) {
result[out_index++] = kBase64Codes[GET_BITS(temp, 18, 24)];
result[out_index++] = kBase64Codes[GET_BITS(temp, 12, 18)];
result[out_index++] = kBase64Codes[GET_BITS(temp, 6, 12)];
result[out_index++] = kBase64Codes[GET_BITS(temp, 0, 6)];
temp = 0;
}
}
b64_output.resize(out_size);
return b64_output;
if (bin_input.size() % 3 == 1) {
result[out_index++] = kBase64Codes[GET_BITS(temp, 18, 24)];
result[out_index++] = kBase64Codes[GET_BITS(temp, 12, 18)];
result[out_index++] = '=';
result[out_index++] = '=';
} else if (bin_input.size() % 3 == 2) {
result[out_index++] = kBase64Codes[GET_BITS(temp, 18, 24)];
result[out_index++] = kBase64Codes[GET_BITS(temp, 12, 18)];
result[out_index++] = kBase64Codes[GET_BITS(temp, 6, 12)];
result[out_index++] = '=';
}
return result;
}
// Filename-friendly base64 encoding (RFC4648), commonly referred to
@@ -111,18 +152,14 @@ std::string Base64SafeEncode(const std::vector<uint8_t>& bin_input) {
return std::string();
}
int in_size = bin_input.size();
std::string b64_output(modp_b64w_encode_len(in_size), 0);
int out_size = modp_b64w_encode(
&b64_output[0], reinterpret_cast<const char*>(&bin_input[0]), in_size);
if (out_size == -1) {
LOGE("Base64SafeEncode failed");
return std::string();
std::string ret = Base64Encode(bin_input);
for (size_t i = 0; i < ret.size(); i++) {
if (ret[i] == '+')
ret[i] = '-';
else if (ret[i] == '/')
ret[i] = '_';
}
b64_output.resize(out_size);
return b64_output;
return ret;
}
std::string Base64SafeEncodeNoPad(const std::vector<uint8_t>& bin_input) {
@@ -138,17 +175,57 @@ std::vector<uint8_t> Base64Decode(const std::string& b64_input) {
return std::vector<uint8_t>();
}
int in_size = b64_input.size();
std::vector<uint8_t> bin_output(modp_b64_decode_len(in_size), 0);
int out_size = modp_b64_decode(reinterpret_cast<char*>(&bin_output[0]),
b64_input.data(), in_size);
if (out_size == -1) {
LOGE("Base64Decode failed");
return std::vector<uint8_t>(0);
const size_t out_size_max = CEIL_DIVIDE(b64_input.size() * 3, 4);
std::vector<uint8_t> result(out_size_max, '\0');
// |temp| stores 24-bits of data that is treated as an array where insertions
// occur from high to low.
uint32_t temp = 0;
size_t out_index = 0;
size_t i;
for (i = 0; i < b64_input.size(); i++) {
if (b64_input[i] == '=') {
// Verify an '=' only appears at the end. We want i to remain at the
// first '=', so we need an inner loop.
for (size_t j = i; j < b64_input.size(); j++) {
if (b64_input[j] != '=') {
LOGE("base64Decode failed");
return std::vector<uint8_t>();
}
}
break;
}
const int decoded = DecodeBase64Char(b64_input[i]);
if (decoded < 0) {
LOGE("base64Decode failed");
return std::vector<uint8_t>();
}
// "insert" 6-bits of data
temp |= (decoded << ((3 - (i % 4)) * 6));
if (i % 4 == 3) {
result[out_index++] = GET_BITS(temp, 16, 24);
result[out_index++] = GET_BITS(temp, 8, 16);
result[out_index++] = GET_BITS(temp, 0, 8);
temp = 0;
}
}
bin_output.resize(out_size);
return bin_output;
switch (i % 4) {
case 1:
LOGE("base64Decode failed");
return std::vector<uint8_t>();
case 2:
result[out_index++] = GET_BITS(temp, 16, 24);
break;
case 3:
result[out_index++] = GET_BITS(temp, 16, 24);
result[out_index++] = GET_BITS(temp, 8, 16);
break;
}
result.resize(out_index);
return result;
}
// Decode for Filename-friendly base64 encoding (RFC4648), commonly referred
@@ -158,17 +235,16 @@ std::vector<uint8_t> Base64SafeDecode(const std::string& b64_input) {
return std::vector<uint8_t>();
}
int in_size = b64_input.size();
std::vector<uint8_t> bin_output(modp_b64w_decode_len(in_size), 0);
int out_size = modp_b64w_decode(reinterpret_cast<char*>(&bin_output[0]),
b64_input.data(), in_size);
if (out_size == -1) {
LOGE("Base64SafeDecode failed");
return std::vector<uint8_t>(0);
// Make a copy so we can modify it to replace the web-safe special characters
// with the normal ones.
std::string input_copy = b64_input;
for (size_t i = 0; i < input_copy.size(); i++) {
if (input_copy[i] == '-')
input_copy[i] = '+';
else if (input_copy[i] == '_')
input_copy[i] = '/';
}
bin_output.resize(out_size);
return bin_output;
return Base64Decode(input_copy);
}
std::string HexEncode(const uint8_t* in_buffer, unsigned int size) {