Allow Apps to Voluntarily Downgrade to L3 Crypto
This merges the following changes from the Widevine CDM repository: 564f4cc Add CdmClientPropertySet to CDM Adds an interface to the CDM that allows it to query its client for certain properties. In this case, this includes the ability to specify what security level is desired, as well as support for service ceritifcate privacy mode. 9cfbd3e Force Level 3 fallback Adds support for voluntarily invoking L3 crypto to the OEMCrypto wrapper. 95d12c1 Add pointer to CdmClientPropertySet class to OpenSession. Adds support for storing the property set on a session-by-session basis and choosing the appropriate crypto level. 17de442 Add Settable Properties for Clank to Android Adds support for setting the aforementioned properties to the DrmEngine bbe704d Fixes to force fallback to level three security Corrections to invoke provisioning, OEMCrypto API with configured security level rather than the default. Unit tests were also revised. Note that some parts of this are also support for the ability to use a service certificate-based privacy mode. The remaining code for supporting this mode is still forthcoming. Bug: 10109249 Change-Id: I2755e4dea1de3e8a56cff237360298f7b7f1bddc
This commit is contained in:
Rahul Frias
77
libwvdrmengine/cdm/core/include/privacy_crypto.h
Normal file
77
libwvdrmengine/cdm/core/include/privacy_crypto.h
Normal file
@@ -0,0 +1,77 @@
|
||||
// Copyright 2013 Google Inc. All Rights Reserved.
|
||||
//
|
||||
// RsaPublicKey based on //depot/google3/video/widevine/common/rsa_key.h by
|
||||
// tinskip@google.com.
|
||||
//
|
||||
// Description:
|
||||
// Declaration of classes representing AES and RSA public keys used
|
||||
// for signature verification and encryption.
|
||||
//
|
||||
// AES encryption details:
|
||||
// Algorithm: AES-CBC
|
||||
//
|
||||
// RSA signature details:
|
||||
// Algorithm: RSASSA-PSS
|
||||
// Hash algorithm: SHA1
|
||||
// Mask generation function: mgf1SHA1
|
||||
// Salt length: 20 bytes
|
||||
// Trailer field: 0xbc
|
||||
//
|
||||
// RSA encryption details:
|
||||
// Algorithm: RSA-OAEP
|
||||
// Mask generation function: mgf1SHA1
|
||||
// Label (encoding paramter): empty string
|
||||
|
||||
#ifndef CDM_BASE_PRIVACY_CRYPTO_H_
|
||||
#define CDM_BASE_PRIVACY_CRYPTO_H_
|
||||
|
||||
#include <string>
|
||||
|
||||
#include "openssl/aes.h"
|
||||
#include "openssl/rsa.h"
|
||||
#include "wv_cdm_types.h"
|
||||
|
||||
namespace wvcdm {
|
||||
|
||||
class AesCbcKey {
|
||||
public:
|
||||
AesCbcKey() : initialized_(false) {};
|
||||
~AesCbcKey() {};
|
||||
|
||||
bool Init(const std::string& key);
|
||||
bool Encrypt(const std::string& in, std::string* out, std::string* iv);
|
||||
|
||||
private:
|
||||
AES_KEY key_;
|
||||
bool initialized_;
|
||||
|
||||
CORE_DISALLOW_COPY_AND_ASSIGN(AesCbcKey);
|
||||
};
|
||||
|
||||
class RsaPublicKey {
|
||||
public:
|
||||
RsaPublicKey() : key_(NULL) {}
|
||||
~RsaPublicKey();
|
||||
|
||||
// Initializes an RsaPublicKey object using a DER encoded PKCS#1 RSAPublicKey
|
||||
bool Init(const std::string& serialized_key);
|
||||
|
||||
// Encrypt a message using RSA-OAEP. Caller retains ownership of all
|
||||
// parameters. Returns true if successful, false otherwise.
|
||||
bool Encrypt(const std::string& clear_message,
|
||||
std::string* encrypted_message);
|
||||
|
||||
// Verify RSSASSA-PSS signature. Caller retains ownership of all parameters.
|
||||
// Returns true if validation succeeds, false otherwise.
|
||||
bool VerifySignature(const std::string& message,
|
||||
const std::string& signature);
|
||||
|
||||
private:
|
||||
RSA* key_;
|
||||
|
||||
CORE_DISALLOW_COPY_AND_ASSIGN(RsaPublicKey);
|
||||
};
|
||||
|
||||
} // namespace wvcdm
|
||||
|
||||
#endif // CDM_BASE_PRIVACY_CRYPTO_H_
|
||||
Reference in New Issue
Block a user