diff --git a/libwvdrmengine/cdm/core/include/wv_cdm_constants.h b/libwvdrmengine/cdm/core/include/wv_cdm_constants.h index a66f3eb3..2e1a1d5d 100644 --- a/libwvdrmengine/cdm/core/include/wv_cdm_constants.h +++ b/libwvdrmengine/cdm/core/include/wv_cdm_constants.h @@ -15,6 +15,7 @@ static const size_t KEY_PAD_SIZE = 16; static const size_t CONTENT_KEY_SIZE = 16; static const size_t SERVICE_KEY_SIZE = 16; static const size_t MAC_KEY_SIZE = 32; +static const size_t ENTITLEMENT_KEY_SIZE = 32; static const size_t KEYBOX_KEY_DATA_SIZE = 72; static const size_t SRM_REQUIREMENT_SIZE = 12; diff --git a/libwvdrmengine/cdm/core/src/license.cpp b/libwvdrmengine/cdm/core/src/license.cpp index 6ecd3413..5e8d477c 100644 --- a/libwvdrmengine/cdm/core/src/license.cpp +++ b/libwvdrmengine/cdm/core/src/license.cpp @@ -55,17 +55,19 @@ std::vector ExtractEntitlementKeys(const License& license) { for (int i = 0; i < license.key_size(); ++i) { CryptoKey key; - size_t length = 0; switch (license.key(i).type()) { case License_KeyContainer::ENTITLEMENT: { - // Strip off PKCS#5 padding - since we know the key is 32 or 48 bytes, - // the padding will always be 16 bytes. - if (license.key(i).key().size() > 32) { - length = license.key(i).key().size() - 16; - } else { - length = 0; + // We always take the first ENTITLEMENT_KEY_SIZE bytes and ignore the + // rest in order to ignore any padding. + if (license.key(i).key().size() < ENTITLEMENT_KEY_SIZE) { + LOGE( + "Skipping key %s because it is too small. Expected: %zu vs. " + "Actual: %zu", + license.key(i).id().c_str(), ENTITLEMENT_KEY_SIZE, + license.key(i).key().size()); + continue; } - key.set_key_data(license.key(i).key().substr(0, length)); + key.set_key_data(license.key(i).key().substr(0, ENTITLEMENT_KEY_SIZE)); key.set_key_data_iv(license.key(i).iv()); key.set_key_id(license.key(i).id()); key.set_track_label(license.key(i).track_label()); @@ -111,20 +113,21 @@ std::vector ExtractContentKeys(const License& license) { // Extract content key(s) for (int i = 0; i < license.key_size(); ++i) { CryptoKey key; - size_t length; switch (license.key(i).type()) { case License_KeyContainer::CONTENT: case License_KeyContainer::OPERATOR_SESSION: { key.set_key_id(license.key(i).id()); - // Strip off PKCS#5 padding - since we know the key is 16 or 32 bytes, - // the padding will always be 16 bytes. - // TODO(b/111069024): remove this! - if (license.key(i).key().size() > 16) { - length = license.key(i).key().size() - 16; - } else { - length = 0; + // We always take the first CONTENT_KEY_SIZE bytes and ignore the rest + // in order to ignore any padding. + if (license.key(i).key().size() < CONTENT_KEY_SIZE) { + LOGE( + "Skipping key %s because it is too small. Expected: %zu vs. " + "Actual: %zu", + license.key(i).id().c_str(), CONTENT_KEY_SIZE, + license.key(i).key().size()); + continue; } - key.set_key_data(license.key(i).key().substr(0, length)); + key.set_key_data(license.key(i).key().substr(0, CONTENT_KEY_SIZE)); key.set_key_data_iv(license.key(i).iv()); if (license.key(i).has_key_control()) { key.set_key_control(license.key(i).key_control().key_control_block());