Merge Changes from CDM repository

This CL merges the following changes from the Widevine repository: Avoid CdmSession reinitialization https://widevine-internal-review.googlesource.com/#/c/10530/ Fix timer-related unit tests. https://widevine-internal-review.googlesource.com/#/c/10510/ Correct return statement bug: 15590802 https://widevine-internal-review.googlesource.com/#/c/10553/ Usage reporting fixes bug/15388863 https://widevine-internal-review.googlesource.com/#/c/10460/ Make public methods virtual https://widevine-internal-review.googlesource.com/#/c/10500/ Fix the SetTimer contract in the CDM. https://widevine-internal-review.googlesource.com/#/c/10493/ Move inline CDM methods, add OVERRIDE. https://widevine-internal-review.googlesource.com/#/c/10475/ Simplify storage APIs related cleanup. https://widevine-internal-review.googlesource.com/#/c/10473/ Duration values are not correctly reported when queried b/15592374 https://widevine-internal-review.googlesource.com/#/c/10437/ Propagate IsKeyValid() through ContentDecryptionModule. https://widevine-internal-review.googlesource.com/#/c/10483/ Minor clean up in config_test_env. https://widevine-internal-review.googlesource.com/#/c/10440/ General clean up. https://widevine-internal-review.googlesource.com/#/c/10441/ Refactor HttpSocket and simplify UrlRequest interface. https://widevine-internal-review.googlesource.com/#/c/10410/ Install good keybox at end of unit tests b/15385981 https://widevine-internal-review.googlesource.com/#/c/10374/ Privacy crypto fixes b/15475012 https://widevine-internal-review.googlesource.com/#/c/10383/ Incorporate header files to resolve build issued based on customers feedback. https://widevine-internal-review.googlesource.com/#/c/10420/ Support unprovisioning b/12247651 https://widevine-internal-review.googlesource.com/#/c/10356/ Correct usage of Host::Allocate and Cdm::Decrypt. https://widevine-internal-review.googlesource.com/#/c/10378/ Fix logging bug, arguments in wrong order. https://widevine-internal-review.googlesource.com/#/c/10380/ Rename types that look like constants. https://widevine-internal-review.googlesource.com/#/c/10379/ Fix offline test failures b/13909635 https://widevine-internal-review.googlesource.com/#/c/10348/ Add -DUNIT_TEST to the unit test makefile for Android https://widevine-internal-review.googlesource.com/#/c/10375/ Refactor privacy-crypto and add dummy version. https://widevine-internal-review.googlesource.com/#/c/10353/ Remove References to Apiary https://widevine-internal-review.googlesource.com/#/c/9924/ Delete oldest entry in usage table when full bug: 15184824 https://widevine-internal-review.googlesource.com/#/c/10295/ Port DeviceFiles to iOS. https://widevine-internal-review.googlesource.com/#/c/10355/ Make testing functions in DeviceFiles private. https://widevine-internal-review.googlesource.com/#/c/10354/ Add RSA encryption to haystack https://widevine-internal-review.googlesource.com/#/c/10280/ Add string and vector includes to CDM header. https://widevine-internal-review.googlesource.com/#/c/10352/ First version of oemcrypto logging https://widevine-internal-review.googlesource.com/#/c/10252/ Update Names of Secure Stop Methods bug: 11987015 https://widevine-internal-review.googlesource.com/#/c/10152/ Adjust timing on the Usage Table unit test https://widevine-internal-review.googlesource.com/#/c/10307/ Fix all compiler warnings in CDM source release. https://widevine-internal-review.googlesource.com/#/c/10293/ Fix memset bug: args in wrong order https://widevine-internal-review.googlesource.com/#/c/10292/ Partial revert of 'Remove refs to test prov server, Level3 support...' https://widevine-internal-review.googlesource.com/#/c/10281/ Pack structure OEMCrypto_PST_Report https://widevine-internal-review.googlesource.com/#/c/10243/ Remove refs to test prov server, Level3 support; remove dead code https://widevine-internal-review.googlesource.com/#/c/10220/ Partial revert of 'Document data strings; clean up license server parameters.' https://widevine-internal-review.googlesource.com/#/c/10188/ Document data strings; clean up license server parameters. https://widevine-internal-review.googlesource.com/#/c/10120/ Fix broken build after partner branch merge. https://widevine-internal-review.googlesource.com/#/c/10181/ TODO Cleanup - core/src, core/include https://widevine-internal-review.googlesource.com/#/c/9965/ TODO Cleanup - cdm, chromium, core/test. https://widevine-internal-review.googlesource.com/#/c/9419/ Remove unneeded properties. https://widevine-internal-review.googlesource.com/#/c/10162/ Change-Id: If2bb9d743a562a3875bebb91933c0aaadea286b2
2014-06-25 13:02:54 -07:00
parent 8a8feb747c
commit b5e8b87fed
66 changed files with 2927 additions and 1998 deletions
--- a/libwvdrmengine/cdm/core/src/privacy_crypto.cpp
+++ b/libwvdrmengine/cdm/core/src/privacy_crypto.cpp
@@ -7,38 +7,60 @@

 #include "privacy_crypto.h"

+#include <openssl/aes.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/rsa.h>
+#include <openssl/sha.h>
+
 #include "log.h"
-#include "openssl/aes.h"
-#include "openssl/bio.h"
-#include "openssl/err.h"
-#include "openssl/pem.h"
-#include "openssl/sha.h"

 namespace {
 const int kPssSaltLength = 20;
 const int kRsaPkcs1OaepPaddingLength = 41;
+
+RSA* GetKey(const std::string& serialized_key) {
+  BIO* bio = BIO_new_mem_buf(const_cast<char*>(serialized_key.data()),
+                             serialized_key.size());
+  if (bio == NULL) {
+    LOGE("GetKey: BIO_new_mem_buf returned NULL");
+    return NULL;
+  }
+  RSA* key = d2i_RSAPublicKey_bio(bio, NULL);
+  BIO_free(bio);
+
+  if (key == NULL) {
+    LOGE("GetKey: RSA key deserialization failure: %s",
+         ERR_error_string(ERR_get_error(), NULL));
+    return NULL;
+  }
+
+  return key;
+}
+
+void FreeKey(RSA* key) {
+  if (key != NULL) {
+    RSA_free(key);
+  }
+}
+
 }  // namespace

 namespace wvcdm {

+AesCbcKey::AesCbcKey() {}
+
+AesCbcKey::~AesCbcKey() {}
+
 bool AesCbcKey::Init(const std::string& key) {
-  if (key.empty()) {
-    LOGE("AesCbcKey::Init: no key provided");
-    return false;
-  }
  if (key.size() != AES_BLOCK_SIZE) {
    LOGE("AesCbcKey::Init: unexpected key size: %d", key.size());
    return false;
  }

-  EVP_CIPHER_CTX_init(&ctx_);
-  if (EVP_EncryptInit(&ctx_, EVP_aes_128_cbc(),
-                      reinterpret_cast<const uint8_t*>(&key[0]), NULL) == 0) {
-    LOGE("AesCbcKey::Init: AES CBC key setup failure: %s",
-         ERR_error_string(ERR_get_error(), NULL));
-    return false;
-  }
-  initialized_ = true;
+  key_ = key;
  return true;
 }

@@ -60,14 +82,16 @@ bool AesCbcKey::Encrypt(const std::string& in, std::string* out,
    LOGE("AesCbcKey::Encrypt: crypttext destination not provided");
    return false;
  }
-  if (!initialized_) {
+  if (key_.empty()) {
    LOGE("AesCbcKey::Encrypt: AES key not initialized");
    return false;
  }

-  if (EVP_EncryptInit(&ctx_, NULL, NULL,
-                      reinterpret_cast<const uint8_t*>(iv->data())) == 0) {
-    LOGE("AesCbcKey::Encrypt: AES CBC iv setup failure: %s",
+  EVP_CIPHER_CTX ctx;
+  if (EVP_EncryptInit(&ctx, EVP_aes_128_cbc(),
+                      reinterpret_cast<uint8_t*>(&key_[0]),
+                      reinterpret_cast<uint8_t*>(&(*iv)[0])) == 0) {
+    LOGE("AesCbcKey::Encrypt: AES CBC setup failure: %s",
         ERR_error_string(ERR_get_error(), NULL));
    return false;
  }
@@ -75,7 +99,7 @@ bool AesCbcKey::Encrypt(const std::string& in, std::string* out,
  out->resize(in.size() + AES_BLOCK_SIZE);
  int out_length = out->size();
  if (EVP_EncryptUpdate(
-          &ctx_, reinterpret_cast<uint8_t*>(&(*out)[0]), &out_length,
+          &ctx, reinterpret_cast<uint8_t*>(&(*out)[0]), &out_length,
          reinterpret_cast<uint8_t*>(const_cast<char*>(in.data())),
          in.size()) == 0) {
    LOGE("AesCbcKey::Encrypt: encryption failure: %s",
@@ -84,7 +108,7 @@ bool AesCbcKey::Encrypt(const std::string& in, std::string* out,
  }

  int padding = 0;
-  if (EVP_EncryptFinal(&ctx_, reinterpret_cast<uint8_t*>(&(*out)[out_length]),
+  if (EVP_EncryptFinal(&ctx, reinterpret_cast<uint8_t*>(&(*out)[out_length]),
                       &padding) == 0) {
    LOGE("AesCbcKey::Encrypt: PKCS7 padding failure: %s",
         ERR_error_string(ERR_get_error(), NULL));
@@ -95,34 +119,17 @@ bool AesCbcKey::Encrypt(const std::string& in, std::string* out,
  return true;
 }

-RsaPublicKey::~RsaPublicKey() {
-  if (key_ != NULL) {
-    RSA_free(key_);
-  }
-}
+RsaPublicKey::RsaPublicKey() {}
+
+RsaPublicKey::~RsaPublicKey() {}

 bool RsaPublicKey::Init(const std::string& serialized_key) {
-
  if (serialized_key.empty()) {
    LOGE("RsaPublicKey::Init: no serialized key provided");
    return false;
  }

-  BIO* bio = BIO_new_mem_buf(const_cast<char*>(serialized_key.data()),
-                             serialized_key.size());
-  if (bio == NULL) {
-    LOGE("RsaPublicKey::Init: BIO_new_mem_buf returned NULL");
-    return false;
-  }
-  key_ = d2i_RSAPublicKey_bio(bio, NULL);
-  BIO_free(bio);
-
-  if (key_ == NULL) {
-    LOGE("RsaPublicKey::Init: RSA key deserialization failure: %s",
-         ERR_error_string(ERR_get_error(), NULL));
-    return false;
-  }
-
+  serialized_key_ = serialized_key;
  return true;
 }

@@ -136,36 +143,46 @@ bool RsaPublicKey::Encrypt(const std::string& clear_message,
    LOGE("RsaPublicKey::Encrypt: no encrypt message buffer provided");
    return false;
  }
-  if (key_ == NULL) {
+  if (serialized_key_.empty()) {
    LOGE("RsaPublicKey::Encrypt: RSA key not initialized");
    return false;
  }

-  int rsa_size = RSA_size(key_);
+  RSA* key = GetKey(serialized_key_);
+  if (key == NULL) {
+    // Error already logged by GetKey.
+    return false;
+  }
+
+  int rsa_size = RSA_size(key);
  if (static_cast<int>(clear_message.size()) >
      rsa_size - kRsaPkcs1OaepPaddingLength) {
    LOGE("RsaPublicKey::Encrypt: message too large to be encrypted (actual %d",
         " max allowed %d)", clear_message.size(),
         rsa_size - kRsaPkcs1OaepPaddingLength);
+    FreeKey(key);
    return false;
  }
+
  encrypted_message->assign(rsa_size, 0);
  if (RSA_public_encrypt(
          clear_message.size(),
          const_cast<unsigned char*>(
              reinterpret_cast<const unsigned char*>(clear_message.data())),
-          reinterpret_cast<unsigned char*>(&(*encrypted_message)[0]), key_,
+          reinterpret_cast<unsigned char*>(&(*encrypted_message)[0]), key,
          RSA_PKCS1_OAEP_PADDING) != rsa_size) {
    LOGE("RsaPublicKey::Encrypt: encrypt failure: %s",
         ERR_error_string(ERR_get_error(), NULL));
+    FreeKey(key);
    return false;
  }
+
  return true;
 }

 bool RsaPublicKey::VerifySignature(const std::string& message,
                                   const std::string& signature) {
-  if (key_ == NULL) {
+  if (serialized_key_.empty()) {
    LOGE("RsaPublicKey::VerifySignature: RSA key not initialized");
    return false;
  }
@@ -173,25 +190,33 @@ bool RsaPublicKey::VerifySignature(const std::string& message,
    LOGE("RsaPublicKey::VerifySignature: signed message is empty");
    return false;
  }
+  RSA* key = GetKey(serialized_key_);
+  if (key == NULL) {
+    // Error already logged by GetKey.
+    return false;
+  }

-  int rsa_size = RSA_size(key_);
+  int rsa_size = RSA_size(key);
  if (static_cast<int>(signature.size()) != rsa_size) {
    LOGE(
        "RsaPublicKey::VerifySignature: message signature is of the wrong "
        "size (expected %d, actual %d)",
        rsa_size, signature.size());
+    FreeKey(key);
    return false;
  }
+
  // Decrypt the signature.
  std::string padded_digest(signature.size(), 0);
  if (RSA_public_decrypt(
          signature.size(),
          const_cast<unsigned char*>(
              reinterpret_cast<const unsigned char*>(signature.data())),
-          reinterpret_cast<unsigned char*>(&padded_digest[0]), key_,
+          reinterpret_cast<unsigned char*>(&padded_digest[0]), key,
          RSA_NO_PADDING) != rsa_size) {
    LOGE("RsaPublicKey::VerifySignature: RSA public decrypt failure: %s",
         ERR_error_string(ERR_get_error(), NULL));
+    FreeKey(key);
    return false;
  }

@@ -202,12 +227,13 @@ bool RsaPublicKey::VerifySignature(const std::string& message,

  // Verify PSS padding.
  if (RSA_verify_PKCS1_PSS(
-          key_, reinterpret_cast<const unsigned char*>(message_digest.data()),
+          key, reinterpret_cast<const unsigned char*>(message_digest.data()),
          EVP_sha1(),
          reinterpret_cast<const unsigned char*>(padded_digest.data()),
          kPssSaltLength) == 0) {
    LOGE("RsaPublicKey::VerifySignature: RSA verify failure: %s",
         ERR_error_string(ERR_get_error(), NULL));
+    FreeKey(key);
    return false;
  }