Implement provisioning 3.0 functionality in oemcrypto mock
Merge from widevine repo of http://go/wvgerrit/21684 This CL adds provisioning 3.0 functionality to the OEMCrypto reference implementation. Change-Id: I60c1fd88f246d443e0ae59ad56862c2ea9d95445
This commit is contained in:
Fred Gylys-Colwell
@@ -12,11 +12,11 @@
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
|
||||
#include "OEMCryptoCENC.h" // Needed for enums only.
|
||||
#include "file_store.h"
|
||||
#include "lock.h"
|
||||
#include "oemcrypto_key_mock.h"
|
||||
#include "oemcrypto_keybox_mock.h"
|
||||
#include "OEMCryptoCENC.h" // Needed for enums only.
|
||||
#include "wv_cdm_types.h"
|
||||
|
||||
namespace wvoec_mock {
|
||||
@@ -61,6 +61,7 @@ class NonceTable {
|
||||
void AddNonce(uint32_t nonce);
|
||||
bool CheckNonce(uint32_t nonce);
|
||||
void Flush();
|
||||
|
||||
private:
|
||||
enum NonceTableState {
|
||||
kNTStateInvalid,
|
||||
@@ -72,12 +73,34 @@ class NonceTable {
|
||||
uint32_t nonces_[kTableSize];
|
||||
};
|
||||
|
||||
// Shared pointer with specialized destructor. This pointer is only shared
|
||||
// from a CryptoEngine to a Session -- so we don't have to use full reference
|
||||
// counting.
|
||||
class RSA_shared_ptr {
|
||||
public:
|
||||
RSA_shared_ptr() : rsa_key_(NULL), key_owned_(false) {}
|
||||
~RSA_shared_ptr() { reset(); };
|
||||
// Explicitly allow copy as share.
|
||||
explicit RSA_shared_ptr(const RSA_shared_ptr& other) :
|
||||
rsa_key_(other.rsa_key_), key_owned_(false) {}
|
||||
RSA* get() { return rsa_key_; }
|
||||
void reset();
|
||||
bool LoadPkcs8RsaKey(const uint8_t* buffer, size_t length);
|
||||
|
||||
private:
|
||||
void operator=(const RSA_shared_ptr); // disallow assign.
|
||||
|
||||
RSA* rsa_key_;
|
||||
bool key_owned_;
|
||||
};
|
||||
|
||||
class SessionContext {
|
||||
private:
|
||||
SessionContext() {}
|
||||
|
||||
public:
|
||||
explicit SessionContext(CryptoEngine* ce, SessionId sid, RSA* rsa_key)
|
||||
SessionContext(CryptoEngine* ce, SessionId sid,
|
||||
const RSA_shared_ptr& rsa_key)
|
||||
: valid_(true),
|
||||
ce_(ce),
|
||||
id_(sid),
|
||||
@@ -132,7 +155,7 @@ class SessionContext {
|
||||
const uint8_t* signature,
|
||||
size_t signature_length);
|
||||
void StartTimer();
|
||||
uint32_t CurrentTimer(); // (seconds).
|
||||
uint32_t CurrentTimer(); // (seconds).
|
||||
OEMCryptoResult LoadKeys(const uint8_t* message, size_t message_length,
|
||||
const uint8_t* signature, size_t signature_length,
|
||||
const uint8_t* enc_mac_key_iv,
|
||||
@@ -146,6 +169,8 @@ class SessionContext {
|
||||
const std::vector<uint8_t>& key_control_iv,
|
||||
const std::vector<uint8_t>& pst,
|
||||
bool ctr_mode);
|
||||
bool InstallRSAEncryptedKey(const uint8_t *encrypted_message_key,
|
||||
size_t encrypted_message_key_length);
|
||||
bool DecryptRSAKey(const uint8_t* enc_rsa_key,
|
||||
size_t enc_rsa_key_length,
|
||||
const uint8_t* wrapped_rsa_key_iv,
|
||||
@@ -154,12 +179,8 @@ class SessionContext {
|
||||
size_t enc_rsa_key_length,
|
||||
const uint8_t* enc_rsa_key_iv,
|
||||
uint8_t* enc_rsa_key);
|
||||
bool LoadRSAKey(uint8_t* pkcs8_rsa_key,
|
||||
size_t rsa_key_length,
|
||||
const uint8_t* message,
|
||||
size_t message_length,
|
||||
const uint8_t* signature,
|
||||
size_t signature_length);
|
||||
bool LoadRSAKey(const uint8_t* pkcs8_rsa_key,
|
||||
size_t rsa_key_length);
|
||||
OEMCryptoResult RefreshKey(const KeyId& key_id,
|
||||
const std::vector<uint8_t>& key_control,
|
||||
const std::vector<uint8_t>& key_control_iv);
|
||||
@@ -212,6 +233,8 @@ class SessionContext {
|
||||
size_t block_offset, const uint8_t* cipher_data,
|
||||
size_t cipher_data_length, uint8_t* clear_data);
|
||||
|
||||
RSA* rsa_key() { return rsa_key_.get(); }
|
||||
|
||||
bool valid_;
|
||||
CryptoEngine* ce_;
|
||||
SessionId id_;
|
||||
@@ -222,7 +245,7 @@ class SessionContext {
|
||||
const Key* current_content_key_;
|
||||
SessionKeyTable session_keys_;
|
||||
NonceTable nonce_table_;
|
||||
RSA* rsa_key_;
|
||||
RSA_shared_ptr rsa_key_;
|
||||
uint32_t allowed_schemes_; // for RSA signatures.
|
||||
time_t timer_start_;
|
||||
UsageTableEntry* usage_entry_;
|
||||
@@ -243,7 +266,7 @@ class CryptoEngine {
|
||||
WvKeybox& keybox() { return use_test_keybox_ ? test_keybox_ : keybox_; }
|
||||
WvKeybox& real_keybox() { return keybox_; }
|
||||
void UseTestKeybox() { use_test_keybox_ = true; }
|
||||
RSA* rsa_key() { return rsa_key_; }
|
||||
RSA* rsa_key() { return rsa_key_.get(); }
|
||||
bool LoadTestRSAKey();
|
||||
|
||||
SessionId CreateSession();
|
||||
@@ -260,10 +283,6 @@ class CryptoEngine {
|
||||
return kMaxSupportedOEMCryptoSessions;
|
||||
}
|
||||
|
||||
void set_current_session_(SessionContext* current) {
|
||||
current_session_ = current;
|
||||
}
|
||||
|
||||
OEMCrypto_HDCP_Capability current_hdcp_capability();
|
||||
OEMCrypto_HDCP_Capability maximum_hdcp_capability();
|
||||
|
||||
@@ -273,14 +292,15 @@ class CryptoEngine {
|
||||
bool closed_platform();
|
||||
bool supports_storage();
|
||||
bool supports_keybox();
|
||||
OEMCrypto_ProvisioningMethod provisioning_method();
|
||||
OEMCryptoResult get_oem_certificate(SessionContext* session,
|
||||
uint8_t* public_cert,
|
||||
size_t* public_cert_length);
|
||||
bool is_anti_rollback_hw_present();
|
||||
const char* security_level();
|
||||
uint8_t security_patch_level();
|
||||
|
||||
private:
|
||||
bool LoadPkcs8RsaKey(const uint8_t* buffer, size_t length);
|
||||
|
||||
SessionContext* current_session_;
|
||||
ActiveSessions sessions_;
|
||||
WvKeybox keybox_;
|
||||
WvTestKeybox test_keybox_;
|
||||
@@ -288,7 +308,7 @@ class CryptoEngine {
|
||||
wvcdm::Lock session_table_lock_;
|
||||
wvcdm::FileSystem* file_system_;
|
||||
UsageTable* usage_table_;
|
||||
RSA* rsa_key_; // If no keybox, this is baked in certificate.
|
||||
RSA_shared_ptr rsa_key_; // If no keybox, this is baked in certificate.
|
||||
|
||||
CORE_DISALLOW_COPY_AND_ASSIGN(CryptoEngine);
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user