widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enable certificate based licensing

Browse Source 
Includes fixes for provisioning and license renewal signature generation.

bug: 8620943

Merge of:
  https://widevine-internal-review.googlesource.com/#/c/5231/
  https://widevine-internal-review.googlesource.com/#/c/5200/

from the Widevine CDM repository.

Change-Id: I2928c9d59ad5337ca34b4ef7ed58272d34755d2d
This commit is contained in:
Jeff Tinker
2013-04-24 12:12:43 -07:00
parent 4b0963de96
commit b7debfe2a1
7 changed files with 95 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
libwvdrmengine/cdm/core/src/crypto_session.cpp
View File

@@ -16,7 +16,6 @@
#include "wv_cdm_constants.h"
namespace {
const uint32_t kMaxSignatureBufLength = 256;
// Encode unsigned integer into a big endian formatted string
std::string EncodeUint32(unsigned int u) {
std::string s;
@@ -106,7 +105,8 @@ void CryptoSession::GenerateRequestId(std::string& req_id_str) {
}
bool CryptoSession::PrepareRequest(const std::string& message,
std::string* signature) {
std::string* signature,
bool is_provisioning) {
LOGV("CryptoSession::PrepareRequest: Lock");
CryptoEngine* crypto_engine = CryptoEngine::GetInstance();
AutoLock auto_lock(crypto_engine->crypto_lock_);
@@ -116,16 +116,16 @@ bool CryptoSession::PrepareRequest(const std::string& message,
return false;
}
OEMCryptoResult sts;
if (!Properties::use_certificates_as_identification()) {
if (!GenerateDerivedKeys(message)) {
if (!Properties::use_certificates_as_identification() || is_provisioning) {
if (!GenerateDerivedKeys(message))
return false;
}
}
if (!GenerateSignature(message, signature)) {
return false;
if (!GenerateSignature(message, signature, false))
return false;
}
else {
if (!GenerateSignature(message, signature, true))
return false;
}
return true;
@@ -142,7 +142,7 @@ bool CryptoSession::PrepareRenewalRequest(const std::string& message,
return false;
}
if (!GenerateSignature(message, signature)) {
if (!GenerateSignature(message, signature, false)) {
return false;
}
@@ -356,17 +356,20 @@ bool CryptoSession::GenerateDerivedKeys(const std::string& message,
}
bool CryptoSession::GenerateSignature(const std::string& message,
std::string* signature) {
std::string* signature,
bool use_rsa) {
LOGV("GenerateSignature: id=%ld", (uint32_t) oec_session_id_);
uint8_t signature_buf[kMaxSignatureBufLength];
size_t length = kMaxSignatureBufLength;
if (!signature)
return false;
size_t length = 0;
OEMCryptoResult sts;
if (Properties::use_certificates_as_identification()) {
if (use_rsa) {
sts = OEMCrypto_GenerateRSASignature(
oec_session_id_,
reinterpret_cast<const uint8_t*>(message.data()),
message.size(),
signature_buf,
NULL,
&length);
}
else {
@@ -374,7 +377,31 @@ bool CryptoSession::GenerateSignature(const std::string& message,
oec_session_id_,
reinterpret_cast<const uint8_t*>(message.data()),
message.size(),
signature_buf,
NULL,
&length);
}
if (OEMCrypto_ERROR_SHORT_BUFFER != sts) {
LOGD("GenerateSignature: OEMCrypto_GenerateSignature err=%d", sts);
return false;
}
signature->resize(length);
if (use_rsa) {
sts = OEMCrypto_GenerateRSASignature(
oec_session_id_,
reinterpret_cast<const uint8_t*>(message.data()),
message.size(),
reinterpret_cast<uint8_t*>(const_cast<char*>(signature->data())),
&length);
}
else {
sts = OEMCrypto_GenerateSignature(
oec_session_id_,
reinterpret_cast<const uint8_t*>(message.data()),
message.size(),
reinterpret_cast<uint8_t*>(const_cast<char*>(signature->data())),
&length);
}
@@ -383,7 +410,6 @@ bool CryptoSession::GenerateSignature(const std::string& message,
return false;
}
signature->assign(reinterpret_cast<const char*>(signature_buf), length);
return true;
}
@@ -481,8 +507,7 @@ bool CryptoSession::RewrapDeviceRSAKey(const std::string& message,
const std::string& enc_rsa_key,
size_t enc_rsa_key_length,
const std::string& rsa_key_iv,
uint8_t* wrapped_rsa_key,
size_t* wrapped_rsa_key_length) {
std::string* wrapped_rsa_key) {
LOGV("CryptoSession::RewrapDeviceRSAKey: Lock+++");
CryptoEngine* crypto_engine = CryptoEngine::GetInstance();
AutoLock auto_lock(crypto_engine->crypto_lock_);
@@ -496,9 +521,13 @@ bool CryptoSession::RewrapDeviceRSAKey(const std::string& message,
if (enc_rsa_key.size() >= MAC_KEY_SIZE && rsa_key_iv.size() >= KEY_IV_SIZE) {
msg_rsa_key = signed_msg + GetOffset(message, enc_rsa_key);
msg_rsa_key_iv = signed_msg + GetOffset(message, rsa_key_iv);
msg_nonce = reinterpret_cast<const uint32_t*>(signed_msg + GetOffset(message, nonce));
msg_nonce = reinterpret_cast<const uint32_t*>(
signed_msg + GetOffset(message, nonce));
}
// Gets wrapped_rsa_key_length by passing NULL as uint8_t* wrapped_rsa_key
// and 0 as wrapped_rsa_key_length.
size_t wrapped_rsa_key_length = 0;
OEMCryptoResult status = OEMCrypto_RewrapDeviceRSAKey(
oec_session_id_,
signed_msg, message.size(),
@@ -506,13 +535,32 @@ bool CryptoSession::RewrapDeviceRSAKey(const std::string& message,
msg_nonce,
msg_rsa_key, enc_rsa_key_length,
msg_rsa_key_iv,
wrapped_rsa_key,
wrapped_rsa_key_length);
NULL,
&wrapped_rsa_key_length);
if (status != OEMCrypto_ERROR_SHORT_BUFFER) {
LOGE("OEMCrypto_RewrapDeviceRSAKey fails to get wrapped_rsa_key_length");
return false;
}
wrapped_rsa_key->resize(wrapped_rsa_key_length);
status = OEMCrypto_RewrapDeviceRSAKey(
oec_session_id_,
signed_msg,
message.size(),
reinterpret_cast<const uint8_t*>(signature.data()),
signature.size(),
msg_nonce,
msg_rsa_key,
enc_rsa_key_length,
msg_rsa_key_iv,
reinterpret_cast<uint8_t*>(const_cast<char*>(wrapped_rsa_key->data())),
&wrapped_rsa_key_length);
if (OEMCrypto_SUCCESS != status) {
LOGE("OEMCrypto_RewrapDeviceRSAKey fails with %d", status);
return false;
}
return true;
}