widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Widevine CENC drm engine update

Browse Source 
bug: 8601053

This import syncs to the widevine git repository change
commit 6a99ad1b59ad39495f62954b3065ddc22b78da49

It includes the following changes from the widevine git
repository, which complete the jb-mr2 features

    Fix Unit Test Makefile
    Adds support for device certificate provisioning.
    Support application parameters
    Certificate based licensing
    Proto for client files
    Implement Property Query API
    Add Device Query For Unique ID
    Implement Generic Crypto in DrmEngine
    Do not validate Key IDs on clear playback
    Allow OEMCrypto_DecryptCTR with clear content and no key
    Add a case to the MediaDrm API test to repro b/8594163
    Implement requiresSecureDecoderComponent
    Implement Eventing API
    Add end-to-end decryption test with vectors
    Refactoring of properties class
    Refactor OEMCrypto unittest.
    Fix for b/8567853: License renewal doesn't renew license.
    Add KEY_ERROR callback to WvContentDecryptionModule() ctor.
    Merged certificate_provisioning.proto and
      client_identification.proto to license_protocol.proto.
    Fix nonce check failure after a malformed key in OEC Mock.
    asynchronize decryption
    Allow querying of control information
    make debugging AddKey & Decrypt statuses easier
    Revert "Revert "Send KEY_ERROR event to app on license
      expiration or failure""
    Revert "Send KEY_ERROR event to app on license expiration
      or failure"
    Send KEY_ERROR event to app on license expiration or failure
    remove extra session id copy
    use KeyError constants directly
    replace variable-length arrays with std::vector and fixed-sized array
    pass session ids as const references
    refactor key extraction and update keys on renewal
    Updates to enable renewals and signaling license expiration.
    fix error constant in OEMCrypto_DecryptCTR

Change-Id: I5f7236c7bdff1d5ece6115fd2893f8a1e1e07c50
This commit is contained in:
Jeff Tinker
2013-04-12 14:12:16 -07:00
parent 2f980d7d7e
commit e6b1fedc4c
63 changed files with 2885 additions and 1134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
libwvdrmengine/oemcrypto/include/L3CryptoCENC.h
View File

@@ -1,109 +0,0 @@
/*********************************************************************
* L3CryptoCENC.h
*
* (c) Copyright 2013 Google, Inc.
*
* Reference APIs needed to support Widevine's crypto algorithms.
*********************************************************************/
#ifndef L3CRYPTO_CENC_H_
#define L3CRYPTO_CENC_H_
#include "OEMCryptoCENC.h"
#ifdef __cplusplus
extern "C" {
#endif
#define L3CRYPTO_VERSION "5.0"
static const char l3c_version[] = L3CRYPTO_VERSION;
typedef uint32_t OEMCrypto_SESSION;
#define L3Crypto_Initialize _l3cc01
#define L3Crypto_Terminate _l3cc02
#define L3Crypto_InstallKeybox _l3cc03
#define L3Crypto_GetKeyData _l3cc04
#define L3Crypto_IsKeyboxValid _l3cc05
#define L3Crypto_GetRandom _l3cc06
#define L3Crypto_GetDeviceID _l3cc07
#define L3Crypto_WrapKeybox _l3cc08
#define L3Crypto_OpenSession _l3cc09
#define L3Crypto_CloseSession _l3cc10
#define L3Crypto_DecryptCTR _l3cc11
#define L3Crypto_GenerateDerivedKeys _l3cc12
#define L3Crypto_GenerateSignature _l3cc13
#define L3Crypto_GenerateNonce _l3cc14
#define L3Crypto_LoadKeys _l3cc15
#define L3Crypto_RefreshKeys _l3cc16
#define L3Crypto_SelectKey _l3cc17
OEMCryptoResult L3Crypto_Initialize(void);
OEMCryptoResult L3Crypto_Terminate(void);
OEMCryptoResult L3Crypto_OpenSession(OEMCrypto_SESSION *session);
OEMCryptoResult L3Crypto_CloseSession(OEMCrypto_SESSION session);
OEMCryptoResult L3Crypto_GenerateDerivedKeys(
OEMCrypto_SESSION session,
const uint8_t *mac_key_context,
uint32_t mac_key_context_length,
const uint8_t *enc_key_context,
uint32_t enc_key_context_length);
OEMCryptoResult L3Crypto_GenerateNonce(
OEMCrypto_SESSION session,
uint32_t* nonce);
OEMCryptoResult L3Crypto_GenerateSignature(
OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
uint8_t* signature,
size_t* signature_length);
OEMCryptoResult L3Crypto_LoadKeys(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
const uint8_t* signature,
size_t signature_length,
const uint8_t* enc_mac_key_iv,
const uint8_t* enc_mac_key,
size_t num_keys,
const OEMCrypto_KeyObject* key_array);
OEMCryptoResult
L3Crypto_RefreshKeys(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
const uint8_t* signature,
size_t signature_length,
size_t num_keys,
const OEMCrypto_KeyRefreshObject* key_array);
OEMCryptoResult L3Crypto_SelectKey(const OEMCrypto_SESSION session,
const uint8_t* key_id,
size_t key_id_length);
OEMCryptoResult
L3Crypto_DecryptCTR(OEMCrypto_SESSION session,
const uint8_t *data_addr,
size_t data_length,
bool is_encrypted,
const uint8_t *iv,
size_t offset,
const OEMCrypto_DestBufferDesc* out_buffer);
OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t *keybox,
size_t keyBoxLength);
OEMCryptoResult L3Crypto_IsKeyboxValid(void);
OEMCryptoResult L3Crypto_GetDeviceID(uint8_t* deviceID,
size_t *idLength);
OEMCryptoResult L3Crypto_GetKeyData(uint8_t* keyData,
size_t *keyDataLength);
OEMCryptoResult L3Crypto_GetRandom(uint8_t* randomData,
size_t dataLength);
OEMCryptoResult L3Crypto_WrapKeybox(const uint8_t *keybox,
size_t keyBoxLength,
uint8_t *wrappedKeybox,
size_t *wrappedKeyBoxLength,
const uint8_t *transportKey,
size_t transportKeyLength);
#ifdef __cplusplus
}
#endif
#endif // L3CRYPTO_CENC_H_

20
libwvdrmengine/oemcrypto/mock/src/lock.cpp
View File

@@ -17,7 +17,6 @@ Lock::Lock() : impl_(new Lock::Impl()) {
Lock::~Lock() {
delete impl_;
impl_ = NULL;
}
void Lock::Acquire() {
@@ -32,23 +31,4 @@ bool Lock::Try() {
return (impl_->lock_.tryLock() == 0);
}
class AutoLock::Impl {
public:
android::Mutex::Autolock* autolock_;
};
AutoLock::AutoLock(Lock& lock) : impl_(new AutoLock::Impl()) {
impl_->autolock_ = new android::Mutex::Autolock(lock.impl_->lock_);
}
AutoLock::AutoLock(Lock* lock) : impl_(new AutoLock::Impl()) {
impl_->autolock_ = new android::Mutex::Autolock(lock->impl_->lock_);
}
AutoLock::~AutoLock() {
delete impl_->autolock_;
delete impl_;
impl_ = NULL;
}
}; // namespace wvcdm

21
libwvdrmengine/oemcrypto/mock/src/lock.h
View File

@@ -29,22 +29,29 @@ class Lock {
private:
class Impl;
Impl* impl_;
Impl *impl_;
CORE_DISALLOW_COPY_AND_ASSIGN(Lock);
};
// Manages the lock automatically. It will be locked when AutoLock
// is constructed and release when AutoLock goes out of scope
// is constructed and release when AutoLock goes out of scope.
class AutoLock {
public:
explicit AutoLock(Lock& lock);
explicit AutoLock(Lock* lock);
~AutoLock();
explicit AutoLock(Lock& lock) : lock_(&lock) {
lock_->Acquire();
}
explicit AutoLock(Lock* lock) : lock_(lock) {
lock_->Acquire();
}
~AutoLock() {
lock_->Release();
}
private:
class Impl;
Impl* impl_;
Lock *lock_;
CORE_DISALLOW_COPY_AND_ASSIGN(AutoLock);
};

34
libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.cpp
View File

@@ -285,8 +285,8 @@ bool SessionContext::GenerateRSASignature(const uint8_t* message,
}
// Add PSS padding.
uint8_t padded_digest[*signature_length];
int status = RSA_padding_add_PKCS1_PSS(rsa_key_, padded_digest, hash,
std::vector<uint8_t> padded_digest(*signature_length);
int status = RSA_padding_add_PKCS1_PSS(rsa_key_, &padded_digest[0], hash,
EVP_sha1(), kPssSaltLength);
if (status == -1) {
LOGE("[GeneratRSASignature(): error padding hash.]");
@@ -295,7 +295,7 @@ bool SessionContext::GenerateRSASignature(const uint8_t* message,
}
// Encrypt PSS padded digest.
status = RSA_private_encrypt(*signature_length, padded_digest, signature,
status = RSA_private_encrypt(*signature_length, &padded_digest[0], signature,
rsa_key_, RSA_NO_PADDING);
if (status == -1) {
LOGE("[GeneratRSASignature(): error in private encrypt.]");
@@ -314,7 +314,7 @@ bool SessionContext::ValidateMessage(const uint8_t* given_message,
if (signature_length != SHA256_DIGEST_LENGTH) {
return false;
}
uint8_t computed_signature[signature_length];
uint8_t computed_signature[SHA256_DIGEST_LENGTH];
if (! GenerateSignature(given_message, message_length,
computed_signature, &signature_length)) {
return false;
@@ -408,7 +408,7 @@ bool SessionContext::InstallKey(const KeyId& key_id,
std::cout << " InstallKey: content_key = "
<< wvcdm::b2a_hex(content_key) << std::endl;
std::cout << " InstallKey: key_control = "
<< wvcdm::b2a_hex(content_key) << std::endl;
<< wvcdm::b2a_hex(key_control_str) << std::endl;
#endif
// Key control must be supplied by license server
@@ -762,6 +762,12 @@ bool SessionContext::UpdateMacKey(const std::vector<uint8_t>& enc_mac_key,
bool SessionContext::SelectContentKey(const KeyId& key_id) {
const Key* content_key = session_keys_.Find(key_id);
#if 0
std::cout << " Select Key: key_id = "
<< wvcdm::b2a_hex(key_id) << std::endl;
std::cout << " Select Key: key = "
<< wvcdm::b2a_hex(content_key->value()) << std::endl;
#endif
if (NULL == content_key) {
LOGE("[SelectContentKey(): No key matches key id]");
return false;
@@ -849,16 +855,18 @@ bool CryptoEngine::DecryptMessage(SessionContext* session,
}
bool CryptoEngine::DecryptCTR(SessionContext* session,
const std::vector<uint8_t>& iv,
const uint8_t* iv,
size_t byte_offset,
const std::vector<uint8_t>& cipher_data,
const uint8_t* cipher_data,
size_t cipher_data_length,
bool is_encrypted,
void* clear_data,
BufferType buffer_type) {
if (! is_encrypted) {
// If the data is clear, we do not need a current key selected.
if (!is_encrypted) {
memcpy(reinterpret_cast<uint8_t*>(clear_data),
&cipher_data[0], cipher_data.size());
cipher_data, cipher_data_length);
return true;
}
@@ -910,10 +918,6 @@ bool CryptoEngine::DecryptCTR(SessionContext* session,
// Local copy (will be modified).
uint8_t aes_iv[AES_BLOCK_SIZE];
if (static_cast<int>(iv.size()) != AES_BLOCK_SIZE) {
LOGE("[DecryptCTR(): FAILURE: iv has wrong length]");
return false;
}
memcpy(aes_iv, &iv[0], AES_BLOCK_SIZE);
// Encrypt the IV.
@@ -927,9 +931,9 @@ bool CryptoEngine::DecryptCTR(SessionContext* session,
// Decryption.
unsigned int byte_offset_cur = byte_offset;
AES_ctr128_encrypt(
&cipher_data[0], reinterpret_cast<uint8_t*>(clear_data), cipher_data.size(),
cipher_data, reinterpret_cast<uint8_t*>(clear_data), cipher_data_length,
&aes_key, aes_iv, ecount_buf, &byte_offset_cur);
if (byte_offset_cur != ((byte_offset + cipher_data.size()) % AES_BLOCK_SIZE)) {
if (byte_offset_cur != ((byte_offset + cipher_data_length) % AES_BLOCK_SIZE)) {
LOGE("[DecryptCTR(): FAILURE: byte offset wrong.]");
return false;
}

5
libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.h
View File

@@ -233,9 +233,10 @@ class CryptoEngine {
std::vector<uint8_t>* decrypted);
bool DecryptCTR(SessionContext* session,
const std::vector<uint8_t>& iv,
const uint8_t* iv,
size_t byte_offset,
const std::vector<uint8_t>& cipher_data,
const uint8_t* cipher_data,
size_t cipher_data_length,
bool is_encrypted,
void* clear_data,
BufferType buffer_type);

34
libwvdrmengine/oemcrypto/mock/src/oemcrypto_mock.cpp
View File

@@ -75,6 +75,8 @@ OEMCryptoResult OEMCrypto_Initialize(void) {
return OEMCrypto_ERROR_INIT_FAILED;
}
LOGD("[OEMCrypto_Initialize(): success]");
LOGW("WARNING -- this is the reference implementation of OEMCrypto.");
printf("WARNING -- you are using the reference implementation of OEMCrypto.\n");
return OEMCrypto_SUCCESS;
}
@@ -331,6 +333,7 @@ OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,
// Decrypt and install keys in key object
// Each key will have a key control block. They will all have the same nonce.
bool status = true;
std::vector<uint8_t> key_id;
std::vector<uint8_t> enc_key_data;
std::vector<uint8_t> key_data_iv;
@@ -344,7 +347,8 @@ OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,
key_data_iv.assign(key_array[i].key_data_iv,
key_array[i].key_data_iv + wvcdm::KEY_IV_SIZE);
if (key_array[i].key_control == NULL) {
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
status = false;
break;
}
key_control.assign(key_array[i].key_control,
key_array[i].key_control + wvcdm::KEY_CONTROL_SIZE);
@@ -353,12 +357,13 @@ OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,
if (!session_ctx->InstallKey(key_id, enc_key_data, key_data_iv, key_control,
key_control_iv)) {
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
status = false;
break;
}
}
// All keys processed. Flush nonce table
session_ctx->FlushNonces();
if (!status) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
// enc_mac_key can be NULL if license renewal is not supported
if (enc_mac_key == NULL) return OEMCrypto_SUCCESS;
@@ -425,6 +430,7 @@ OEMCryptoResult OEMCrypto_RefreshKeys(OEMCrypto_SESSION session,
}
// Decrypt and refresh keys in key refresh object
bool status = true;
std::vector<uint8_t> key_id;
std::vector<uint8_t> key_control;
std::vector<uint8_t> key_control_iv;
@@ -447,9 +453,14 @@ OEMCryptoResult OEMCrypto_RefreshKeys(OEMCrypto_SESSION session,
}
if (!session_ctx->RefreshKey(key_id, key_control, key_control_iv)) {
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
status = false;
break;
}
}
session_ctx->FlushNonces();
if (!status) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
session_ctx->StartTimer();
return OEMCrypto_SUCCESS;
}
@@ -462,10 +473,12 @@ OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
printf("-- OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,\n");
dump_hex("key_id", key_id, key_id_length);
}
#ifndef NDEBUG
if (NO_ERROR != crypto_engine->ValidateKeybox()) {
LOGE("[OEMCrypto_SelectKey(): ERROR_KEYBOX_INVALID]");
return OEMCrypto_ERROR_KEYBOX_INVALID;
}
#endif
SessionContext* session_ctx = crypto_engine->FindSession(session);
if (!session_ctx || !session_ctx->isValid()) {
@@ -519,10 +532,12 @@ OEMCryptoResult OEMCrypto_DecryptCTR(OEMCrypto_SESSION session,
return OEMCrypto_ERROR_SHORT_BUFFER;
}
#ifndef NDEBUG
if (NO_ERROR != crypto_engine->ValidateKeybox()) {
LOGE("[OEMCrypto_DecryptCTR(): ERROR_KEYBOX_INVALID]");
return OEMCrypto_ERROR_KEYBOX_INVALID;
}
#endif
SessionContext* session_ctx = crypto_engine->FindSession(session);
if (!session_ctx || !session_ctx->isValid()) {
@@ -536,14 +551,11 @@ OEMCryptoResult OEMCrypto_DecryptCTR(OEMCrypto_SESSION session,
return OEMCrypto_ERROR_INVALID_CONTEXT;
}
std::vector<uint8_t> iv_v(iv, iv + 16);
std::vector<uint8_t> content(data_addr, data_addr + data_length);
if (!crypto_engine->DecryptCTR(session_ctx, iv_v, (int)offset,
content, is_encrypted,
if (!crypto_engine->DecryptCTR(session_ctx, iv, (int)offset,
data_addr, data_length, is_encrypted,
destination, buffer_type)) {
LOGE("[OEMCrypto_DecryptCTR(): OEMCrypto_ERROR_INVALID_CONTEXT]");
return OEMCrypto_ERROR_INVALID_CONTEXT;
LOGE("[OEMCrypto_DecryptCTR(): OEMCrypto_ERROR_DECRYPT_FAILED]");
return OEMCrypto_ERROR_DECRYPT_FAILED;
}
return OEMCrypto_SUCCESS;

45
libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
View File

@@ -2119,6 +2119,47 @@ TEST_F(OEMCryptoClientTest, DecryptUnencrypted) {
testTearDown();
}
TEST_F(OEMCryptoClientTest, DecryptUnencryptedNoKey) {
OEMCryptoResult sts;
testSetUp();
InstallKeybox(kDefaultKeybox);
Session& s = createSession("NOKEY");
s.open();
// CLear data should be copied even if there is no key selected.
// Set up our expected input and output
vector<uint8_t> unencryptedData = wvcdm::a2b_hex(
"1558497b6d994be343ed1c6d6313e0537b843e9a9c0836d1e83fe33154191ce9"
"a14d8d95bebaddc03bd471827170f527c0a166b9068b273d1bc57fbb13975ee4"
"f6b9a31743da6c447acbb712e81b13eddfd4e96c76010ac9b8aa1b6b3152b0fc"
"39ad33e5719656069f9ede9ebba7a77dd2e2074eec5c1b7ffc427a6f1be168f0"
"b5857713a44623862c903284bc53417e23c65602b52c1cb699e8352453eb9698"
"0b31459b90c26c907b549c1ab293725e414d4e45f5b30af7a55f95499a7dc89f"
"7d13ba90b34aef6b49484b0701bf96ea8b660c24bb4e92a2d1c43beb434fa386"
"1071380388799ac31d79285f5817687ed3e2eeb73a30744e77b757686c9ba5ad");
vector<uint8_t> encryptionIv = wvcdm::a2b_hex(
"49fc3efaaf614ed81d595847b928edd0");
// Describe the output
uint8_t outputBuffer[256];
OEMCrypto_DestBufferDesc destBuffer;
destBuffer.type = OEMCrypto_BufferType_Clear;
destBuffer.buffer.clear.address = outputBuffer;
destBuffer.buffer.clear.max_length = sizeof(outputBuffer);
// Decrypt the data
sts = OEMCrypto_DecryptCTR(s.session_id(), &unencryptedData[0],
unencryptedData.size(), false, &encryptionIv[0], 0,
&destBuffer);
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
ASSERT_EQ(0, memcmp(&unencryptedData[0], outputBuffer,
unencryptedData.size()));
s.close();
testTearDown();
}
TEST_F(OEMCryptoClientTest, DecryptSecureToClear) {
OEMCryptoResult sts;
testSetUp();
@@ -2728,9 +2769,9 @@ TEST_F(OEMCryptoClientTest, VersionNumber) {
const char* level = OEMCrypto_SecurityLevel();
ASSERT_NE((char *)NULL, level);
ASSERT_EQ('L', level[0]);
cout << "OEMCrypto Security Level is "<< level << endl;
cout << " OEMCrypto Security Level is "<< level << endl;
uint32_t version = OEMCrypto_APIVersion();
cout << "OEMCrypto API version is " << version << endl;
cout << " OEMCrypto API version is " << version << endl;
ASSERT_LT((uint32_t)5, version);
testTearDown();