widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3c42b91471c6436ec80f8a750ba6059d2620b7ba
android/libwvdrmengine/cdm/core/include/service_certificate.h
Fred Gylys-Colwell 4af5aaf18a Add test base that catches nonce flood 
Merge from Widevine repo of http://go/wvgerrit/56520

This CL adds a test base that installs a test keybox and catches nonce
flood errors for all CDM tests.

In order to do this, a new class is added called a
CryptoSessionFactory.  The default factory just creates a new
CryptoSession.  All places in the code that create a new CryptoSession
now call the static method MakeCryptoSession, which uses the current
factory to create a CryptoSession.  If MakeCryptoSession is called and
there is no current factory, a default factory is created.

The CryptoSession constructor is now private, so that we do not
accidentally try to create one without using the factory.

For the new test base, we first create a special test
CryptoSessionFactory that creates a TestCryptoSession.  The test
factory catches the first call to MakeCryptoSession and injects an
installation of the test keybox after OEMCrypto_Initialize is called.

The TestCryptoSession injects a sleep statement and a retry whenever
it detects a nonce flood.

Test: current unit tests still pass.
bug: 72354901 Fix Generic Crypto tests.
bug: 111361440 Remove #ifdef from unit tests
Change-Id: I248e7f3c53721c04d2af412ef835e19bb4d15d9a
2018-09-18 16:33:11 -07:00

90 lines
3.3 KiB
C++
Raw Blame History

// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine Master
// License Agreement.
//
#ifndef WVCDM_CORE_SERVICE_CERTIFICATE_H_
#define WVCDM_CORE_SERVICE_CERTIFICATE_H_
// Service Certificates are used to encrypt the ClientIdentification message
// that is part of Device Provisioning, License, Renewal, and Release requests.
// It also supplies a provider_id setting used in device provisioning.
// Service Certificates are typically supplied by the application. If one
// is not supplied and privacy mode is enabled, the CDM will send a Service
// Certificate Request to the target server to get one. Once the Service
// Certificate is established for the session, it should not change.
#include <memory>
#include "disallow_copy_and_assign.h"
#include "license_protocol.pb.h"
#include "privacy_crypto.h"
#include "scoped_ptr.h"
#include "wv_cdm_types.h"
namespace wvcdm {
class CryptoSession;
class ServiceCertificate {
public:
ServiceCertificate() : has_certificate_(false) {}
virtual ~ServiceCertificate() {}
// Set up a new service certificate.
// Accept a serialized video_widevine::SignedDrmDeviceCertificate message.
virtual CdmResponseType Init(const std::string& signed_certificate);
bool has_certificate() const { return has_certificate_; }
const std::string certificate() const { return certificate_; }
const std::string& provider_id() const { return provider_id_; }
// Verify the signature for a message.
virtual CdmResponseType VerifySignedMessage(const std::string& message,
const std::string& signature);
// Encrypt the ClientIdentification message for a provisioning or
// licensing request. Encryption is performed using the current
// service certificate. Return a failure if the service certificate is
// not present, not valid, or if some other error occurs.
// The routine should not be called if privacy mode is off or if the
// certificate is empty.
virtual CdmResponseType EncryptClientId(
CryptoSession* crypto_session,
const video_widevine::ClientIdentification* clear_client_id,
video_widevine::EncryptedClientIdentification* encrypted_client_id);
// Helper methods
static bool GetRequest(CdmKeyMessage* request);
static CdmResponseType ParseResponse(const std::string& response,
std::string* signed_certificate);
private:
// Encrypt data using RSA with OAEP padding.
// |plaintext| is the data to be encrypted. |ciphertext| is a pointer to a
// string to contain the decrypted data on return, and may not be null.
// returns NO_ERROR if successful or an appropriate error code otherwise.
virtual CdmResponseType EncryptRsaOaep(const std::string& plaintext,
std::string* ciphertext);
// Track whether object holds valid certificate
bool has_certificate_;
// Certificate, verified and extracted from signed message.
std::string certificate_;
// Certificate serial number.
std::string serial_number_;
// Provider ID, extracted from certificate message.
std::string provider_id_;
// Public key.
scoped_ptr<RsaPublicKey> public_key_;
CORE_DISALLOW_COPY_AND_ASSIGN(ServiceCertificate);
};
} // namespace wvcdm
#endif // WVCDM_CORE_SERVICE_CERTIFICATE_H_
Reference in New Issue View Git Blame Copy Permalink