widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Document lacking signature of Prov 3.0 message

Browse Source 
Merge from Widevine repo of http://go/wvgerrit/169039

Bug: 243734378
Merged from https://widevine-internal-review.googlesource.com/166458

Change-Id: I3eae16d09cf42e554d450f746390744ef580ac03
This commit is contained in:
Fred Gylys-Colwell
2023-03-27 19:37:09 -07:00
parent b3a57e7375
commit 9e7877a95d
1 changed files with 29 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
View File

@@ -3862,11 +3862,14 @@ OEMCryptoResult OEMCrypto_GetSignatureHashAlgorithm(
* key and signing key generated using an algorithm at least as strong as * key and signing key generated using an algorithm at least as strong as
* that in GenerateDerivedKeys. * that in GenerateDerivedKeys.
* *
* First, OEMCrypto shall verify the signature of the message using * First, OEMCrypto shall verify the signature of the message using the correct
* HMAC-SHA256 with the derived mac_key[server]. The signature verification * algorithm depending on if the device supports Provisioning 2.0, 3.0 or 4.0.
* shall use a constant-time algorithm (a signature mismatch will always take *
* the same time as a successful comparison). The signature is over the * For Provisioning 2.0, OEMCrypto shall verify the signature of the message
* entire message buffer starting at message with length message_length. If * using HMAC-SHA256 with the derived mac_key[server]. The signature
* verification shall use a constant-time algorithm (a signature mismatch will
* always take the same time as a successful comparison). The signature is over
* the entire message buffer starting at message with length message_length. If
* the signature verification fails, ignore all other arguments and return * the signature verification fails, ignore all other arguments and return
* OEMCrypto_ERROR_SIGNATURE_FAILURE. * OEMCrypto_ERROR_SIGNATURE_FAILURE.
* *
@@ -3874,7 +3877,10 @@ OEMCryptoResult OEMCrypto_GetSignatureHashAlgorithm(
* and encrypt_key with a call to OEMCrypto_DeriveKeysFromSessionKey() or * and encrypt_key with a call to OEMCrypto_DeriveKeysFromSessionKey() or
* OEMCrypto_GenerateDerivedKeys(). * OEMCrypto_GenerateDerivedKeys().
* *
* The function ODK_ParseProvisioning is called to parse the message. If it * For Provisioning 3.0 and 4.0, the signature is not verified.
*
* After the signature is verified,
* the function ODK_ParseProvisioning is called to parse the message. If it
* returns an error, OEMCrypto shall return that error to the CDM layer. The * returns an error, OEMCrypto shall return that error to the CDM layer. The
* function ODK_ParseProvisioning is described in the document "Widevine Core * function ODK_ParseProvisioning is described in the document "Widevine Core
* Message Serialization". * Message Serialization".
@@ -4151,22 +4157,31 @@ OEMCryptoResult OEMCrypto_GenerateRSASignature(
RSA_Padding_Scheme padding_scheme); RSA_Padding_Scheme padding_scheme);
/** /**
* OEMCrypto will use OEMCrypto_PrepAndSignProvisioningRequest(), as described * OEMCrypto will use ODK_PrepareCoreProvisioningRequest() or
* in the document "Widevine Core Message Serialization", to prepare the core * ODK_PrepareCoreProvisioning40Request(), as described in the document
* message. If it returns an error, the error should be returned by OEMCrypto * "Widevine Core Message Serialization", to prepare the core message.
* to the CDM layer. If it returns OEMCrypto_SUCCESS, then OEMCrypto shall * ODK_PrepareCoreProvisioningRequest() for Provisioning 2 or 3, and
* compute the signature of the entire message. The entire message is the * ODK_PrepareCoreProvisioning40Request() for Provisioning 4. If the ODK
* buffer starting at message with length message_length. * function returns an error, the error should be returned by OEMCrypto to the
* CDM layer. If it returns OEMCrypto_SUCCESS, then OEMCrypto shall compute the
* signature of the entire message. The entire message is the buffer starting at
* message with length message_length.
* *
* For a device that has a keybox, i.e. Provisioning 2.0, OEMCrypto will sign * For a device that has a keybox, i.e. Provisioning 2.0, OEMCrypto will sign
* the request with the session's derived client mac key from the previous * the request with the session's derived client mac key from the previous
* call to OEMCrypto_GenerateDerivedKeys(). * call to OEMCrypto_GenerateDerivedKeys().
* *
* For a device that has an OEM Certificate, i.e. Provisioning 3.0, OEMCrypto * For Provisioning 3.0, i.e. a device that has a baked in OEM Certificate,
* will sign the request with the private key associated with the OEM * OEMCrypto will sign the request with the private key associated with the OEM
* Certificate. The key shall have been loaded by a previous call to * Certificate. The key shall have been loaded by a previous call to
* OEMCrypto_LoadDRMPrivateKey(). * OEMCrypto_LoadDRMPrivateKey().
* *
* For Provisioning 4.0, i.e. a device that uses a Boot Chain Certificate to
* request and OEM cert, a request for an OEM cert is signed by the OEM private
* key. A request for a DRM cert is signed by the DRM private key. The DRM cert
* that was generated on the device in OEMCrypto_GenerateCertificateKeyPair() is
* signed by the OEM cert private key.
*
* Refer to the Signing Messages Sent to a Server section above for more * Refer to the Signing Messages Sent to a Server section above for more
* details. * details.
* *