widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0ddbdd0fe5b3b00b0e77ea8a8dcacda9afe7b334
android/libwvdrmengine/oemcrypto/ref/src/oemcrypto_auth_ref.h
Alex Dale 06b637ed95 [DO NOT MERGE] Revert "Restructed reference root of trust (2/3 DRM Cert)" 
This reverts commit f6f5099604.

Reason for revert: Feature missed deadline

Bug: 135283522
Change-Id: Ic86930ee3444c5a6aa1d78ae3a12a9030c29ef92
2021-06-02 17:41:53 +00:00

162 lines
5.7 KiB
C++
Raw Blame History

// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine
// License Agreement.
//
// Reference implementation of OEMCrypto APIs
//
#ifndef OEMCRYPTO_AUTH_REF_H_
#define OEMCRYPTO_AUTH_REF_H_
#include <stdint.h>
#include <memory>
#include <vector>
#include <openssl/rsa.h>
#include "OEMCryptoCENC.h" // Needed for enums only.
#include "disallow_copy_and_assign.h"
#include "oemcrypto_key_ref.h"
#include "oemcrypto_keybox_ref.h"
#include "oemcrypto_rsa_key_shared.h"
#include "oemcrypto_types.h"
namespace wvoec_ref {
// The AuthenticationRoot class contains the OEMCrypto information
// which makes up the "root of trust" of a device.
class AuthenticationRoot {
public:
AuthenticationRoot() {}
~AuthenticationRoot() {}
// Initializes the root of authentication for the provided
// |method|. This will clear any previously initialied data.
bool Initialize(OEMCrypto_ProvisioningMethod method);
// General root of trust API.
// Checks that the auth root has been properly initialized and can
// be used by the rest of OEMCrypto for the current provisioning
// method.
bool IsValid() const;
// Checks the validity of the underlying Keybox or OEM Certificate
// depending on the provisioning method.
// Similar to the expected behavior of OEMCrypto_IsKeyboxOrOEMCertValid().
OEMCryptoResult IsKeyboxOrOemCertValid() const;
// Gets the device ID from the root of trust.
// Similar to the expected behavior of OEMCrypto_GetDeviceID().
OEMCryptoResult GetDeviceId(uint8_t* device_id,
size_t* device_id_length) const;
// Returns the device ID from the root of trust. Intended to be used
// for core message generation.
std::vector<uint8_t> DeviceId() const;
// Returns the device key from the root of trust. For keybox-based
// devices, this is the device key from the keybox (or test keybox
// if installed). For devices that use a non-keybox provisioning
// method, this will be a device specific key.
std::vector<uint8_t> DeviceKey() const;
// Check for the existence of a device key.
bool HasDeviceKey() const;
// Clears any test data inside this root of trust.
void Clear();
// DRM Certificate-based root of trust API.
// Returns the shared RSA private key from the built-in DRM
// Certificate.
RSA_shared_ptr& SharedRsaKey() {
return test_rsa_key_.get() != nullptr ? test_rsa_key_ : rsa_key_;
}
RSA* rsa_key() {
return test_rsa_key_.get() != nullptr ? test_rsa_key_.get()
: rsa_key_.get();
}
// Loads the system's built-in RSA key. Only implemented for
// devices that are that pre-provisioned with a built-in DRM
// Certificate,
// This method implements the expected behavior of
// OEMCrypto_LoadTestRSAKey().
OEMCryptoResult LoadTestRsaKey();
// Removes any installed test RSA key.
void RemoveTestRsaKey() { test_rsa_key_.reset(); }
// Keybox-based root of trust API.
// Returns the currently installed keybox (or test keybox) if any
// present. The test keybox takes priority over the standard.
WvKeybox* keybox() const {
return test_keybox_ ? test_keybox_.get() : keybox_.get();
}
// Checks the validity of the keybox regardless of the provisioning
// method.
OEMCryptoResult IsKeyboxValid() const;
// Installs a clear WV keybox as the root of trust.
// A keybox can only be installed once, however, the provisioning
// method stated at initialization remains the same.
//
// This method is similar to the expected behavior of
// OEMCrypto_InstallKeyboxOrOEMCert() for keybox devices except
// that the keybox provided here must be decrypted before installing.
OEMCryptoResult InstallKeybox(const uint8_t* keybox_data,
size_t keybox_length);
// Installs a clear test WV keybox. Only settable for devices that
// uses a keybox for provisioning.
//
// This method is similar to the expected behavior of
// OEMCrypto_LoadTestKeybox() for keybox devices except that
// the keybox provided here must be decrypted before installing.
OEMCryptoResult InstallTestKeybox(const uint8_t* keybox_data,
size_t keybox_length);
// Removes any installed test keybox.
void RemoveTestKeybox() { test_keybox_.reset(); }
// Gets the keybox key data.
// Implements the expected behavior of OEMCrypto_GetKeyData().
OEMCryptoResult GetKeyData(uint8_t* key_data, size_t* key_data_length) const;
// OEM Certificate-base root of trust API.
// For OEM Cert-based devices, returns the OEM Public Certificate
// component of the OEM Certificate.
// This method implements the expected behavior of
// OEMCrypto_GetOEMPublicCertificate().
OEMCryptoResult GetOemPublicCertificate(uint8_t* public_cert,
size_t* public_cert_length) const;
// Returns the OEM private key. Intended to be used when loading
// the OEM private key into a session.
// Should only be called for devices that use OEM Certificates
// for provisioning.
const std::vector<uint8_t>& GetOemPrivateKey() const;
private:
OEMCrypto_ProvisioningMethod prov_method_ = OEMCrypto_ProvisioningError;
// DRM certificate.
// TODO(b/168544740): Remove |rsa_key_set_| when RSA_shared_ptr has
// been replaced with scoped RsaPrivateKey.
bool rsa_key_set_ = false;
RSA_shared_ptr rsa_key_; // If no keybox, this is baked in certificate.
RSA_shared_ptr test_rsa_key_;
// Keybox data.
std::unique_ptr<WvKeybox> keybox_;
std::unique_ptr<WvKeybox> test_keybox_;
CORE_DISALLOW_COPY_AND_ASSIGN(AuthenticationRoot);
};
} // namespace wvoec_ref
#endif // OEMCRYPTO_AUTH_REF_H_
Reference in New Issue View Git Blame Copy Permalink