widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First-stage Provisioning 4.0 client ID encryption

Browse Source 
(This is a merge of http://go/wvgerrit/150131 to the Android repo.)

This patch changes the code path in the CDM so that the first-stage
provisioning request for Provisioning 4.0 is always encrypted with the
Widevine service certificate instead of the client-set service
certificate, reflecting that the first-stage provisioning is always
handled by Widevine.

This patch also makes several methods on the ServiceCertificate class
const. This has no impact on their behavior.

Bug: 221443151
Test: prov40 tests
Change-Id: Ide4c3927afadcd45ae7fb629b99e2f55cc29d56e
This commit is contained in:
John "Juce" Bruce
2022-04-20 14:10:20 -07:00
parent 47ebc28f6a
commit c823a85e7d
4 changed files with 34 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libwvdrmengine/cdm/core/include/service_certificate.h
View File

@@ -38,8 +38,8 @@ class ServiceCertificate {
const std::string& provider_id() const { return provider_id_; }
// Verify the signature for a message.
virtual CdmResponseType VerifySignedMessage(const std::string& message,
const std::string& signature);
virtual CdmResponseType VerifySignedMessage(
const std::string& message, const std::string& signature) const;
// Encrypt the ClientIdentification message for a provisioning or
// licensing request. Encryption is performed using the current
@@ -50,7 +50,7 @@ class ServiceCertificate {
virtual CdmResponseType EncryptClientId(
CryptoSession* crypto_session,
const video_widevine::ClientIdentification* clear_client_id,
video_widevine::EncryptedClientIdentification* encrypted_client_id);
video_widevine::EncryptedClientIdentification* encrypted_client_id) const;
// Helper methods
static bool GetRequest(CdmKeyMessage* request);
@@ -63,7 +63,7 @@ class ServiceCertificate {
// string to contain the decrypted data on return, and may not be null.
// returns NO_ERROR if successful or an appropriate error code otherwise.
virtual CdmResponseType EncryptRsaOaep(const std::string& plaintext,
std::string* ciphertext);
std::string* ciphertext) const;
// Track whether object holds valid certificate
bool has_certificate_;