widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5d690be108d2f8f180c36e7d42f7e70820302fa3
android/libwvdrmengine/cdm/core/include/service_certificate.h
Rahul Frias 5d690be108 Merges to android Pi release (part 11) 
These are a set of CLs merged from the wv cdm repo to the android repo.

* Get System ID From OEM Cert

  Author: John W. Bruce <juce@google.com>

  [ Merge of http://go/wvgerrit/37940 ]

  (This is a merge of http://go/wvgerrit/30220 .  However, it has been
  significantly modified in the merge due to needing to support both
  OpenSSL and BoringSSL.)

  Previously, extracting the system ID was only supported on Keybox-based
  systems. This patch adds support for extracting the system ID from the
  OEM Certificate chain on Provisioning 3.0 devices. This is done by
  getting the Widevine intermediate cert from the chain, finding the
  Widevine System ID extension in that cert, and extracting the value.

  The code that does the extraction is separate from any code that calls
  OEMCrypto so that it can be unit-tested in isolation. This patch adds a
  crypto_session_unittest test to do this unit-testing.

  Bug: 34776194
  Test: crypto_session_unittest
  Test: widevine_ce_cdm_unittest

* Remove unique_ptr from oemcrypto mod mock

  Author: Fred Gylys-Colwell <fredgc@google.com>

  [ Merge of http://go/wvgerrit/38500 ]

  Because we can't have C++11.

  Bug: 69935608

* Update CHANGELOG.md

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/38460 ]

   - Add items about adapter support.
   - Add mention of SRM support.

  Merged from cdm_partner_3.5
  (Change-Id: I6d891e157edc3afb2797bf281ef3f06bdb8fe474)

* Add Adapter for OEMCrypto v13 to v12.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/38440 ]

  Also fix OEMCrypto_LoadKeys() definition broken by wvcl/38160
  (srm_requirement param).

* Allow certain warnings in protobuf build.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/38424 ]

  maybe-uninitialized is triggered in release build. Allow it.

* Enable -fPIC for jsmc.c build.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/38423 ]

  -fPIC was removed for common c/c++ build rules. Add it back.

* Missing OEMCrypto_LoadKeys param in static adapter.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/38422 ]

  srm_requirement param was omitted in v11 static adapter.

* Remove OEMCrypto v12 specification.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/38421 ]

* Update documentation for v3.5.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/38420 ]

* Added padded preprov key for 7880

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/36924 ]

  Bug: 68765915

* Change overrides in CE L3FileSystem

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/38380 ]

  The 'override's are changed to the macro defined in override.h to
  be gnu++98 compliant.

* Use source android level3 + add cache_flush call

  Author: Srujan Gaddam <srujzs@google.com>

  [ Merge of http://go/wvgerrit/37900 ]

  I put both changes in this CL since I have to generate Level3 libraries
  for both anyways. The first change involves shifting from using a
  prebuilt static library to using an obfuscated source library output
  from the Haystack tool on google3. The second change is from here:
  https://critique.corp.google.com/#review/176536782, and addresses
  b/69387416. Since the cache_flush function wasn't being used, the
  execution on Angler gave inconsistent segfaults, which this CL fixes.

  Verified on Angler, Sailfish, and Linux.

  11/27/17: Added mips and mips64 libraries.

* Make CDM result codes constexprs

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/38280 ]

  The values in the enumeration list of CdmResponseType error codes
  were earlier implicit. Comments were added to denote the actual
  values. This changes to make it fixed values, which makes it slightly
  more error prone, but cleaner when errors are retired.

* Change watchdog timer to 2 minutes

  [ Merge of http://go/wvgerrit/36340 ]

  This relaxes the watchdog timer around the level 3 oemcrypto
  initialization to 120 seconds.  There are also a couple of new log
  messages at the end of initialization and at termination.

  Library for arm updated:
  level3/arm/libwvlevel3.a       Level3 Library 4445 Oct  4 2017 17:06:25

  Bug: 65379279

  Merged from https://widevine-internal-review.googlesource.com/35480

* Add test to get service certificate from server.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/37780 ]

  This was extracted from Ic38dd27d06dc7528ae4cd995da4261fe6c34ad55

* Add watch dog timer to OEMCrypto L3

commit ec624ea483cbf8fb3d4e8f393bc25c90a0e29d4b
  Author: Fred Gylys-Colwell <fredgc@google.com>

  [ Merge of http://go/wvgerrit/34260 ]

  This code adds a watchdog timer to the level 3 initialization.  If
  initialization does not finish within 5 seconds, the process
  will abort, printing a small amount of debugging information.

  arm/libwvlevel3.a Level3 Library 4445 Sep 11 2017 14:05:15

  Test: unit tests on bullhead. Video on Play Movies.
  GTS tests run on loop overnight.

  Bug: 65379279
  Merged from https://widevine-internal-review.googlesource.com/33540

* Remove libwidevinehidl_utils dependency

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/37822 ]

  libwvdrmcryptoplugin_hidl has a dependency on libwidevinehidl_utils
  which was introduced due to an out of order merge from oc-mr1-dev
  to master.

  Bug: 69573113

* Automatically generate log location information

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/36563 ]

  Currently class and method names are manually added to each log message
  in the CDM on android and some other platforms. This change prepends
  log messages with file name, line number and function name automatically.

  The code is platform specific so it can be enabled and the precise
  format configured on a per-platform basis.

  As an example, here is a log on android before the change,

  11-01 02:48:48.658 D/WVCdm   (32198): CryptoSession::Open:
  Lock: requested_security_level: Default

  and after,

  11-01 02:48:48.658 D/WVCdm   (32198): [crypto_session.cpp(1108):Open]
  Lock: requested_security_level: Default

  A follow on CL will remove the manually added class/method information.

  Bug: 9261010

* Fix BoringSSL Compatibility of oec_session_util.cpp

  Author: John W. Bruce <juce@google.com>

  [ Merge of http://go/wvgerrit/37121 ]

  A previous change inadvertantly used APIs from OpenSSL that do not exist
  in BoringSSL in oec_session_util.cpp. As a temporary fix until we can
  move all targets to BoringSSL, this patch switches that file to use
  conditional compilation to choose the correct API depending on the
  library in use. It does not otherwise change the behavior of the file.

  Bug: 67908123
  Test: wv_ce_cdm_unittest on x86-64
  Test: linux_unit_tests

* Create local shared_ptr implementation

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/37600 ]

  Derived from protobuf version, which came from google3.
  Removed locking (not thread-safe) and removed weak pointers (not
  needed for usages in CDM).

  Locking can easily be added if needed.

* Revert C++11 usage - back to gnu++98

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/37440 ]

  These changes roll back C++11-specific constructs:
    std::unique_ptr -> std::auto_ptr
    container initializers
    nullptr -> NULL
    std::shared_ptr to local shared_ptr
    compiler flags (-std=c++11 -> -sdt=gnu++98)

  NOTE: the "local" shared_ptr implementation is temporarily
  a direct reference to the shared_ptr implementation in
  third_party/protobuf. This has been fixed (implementation
  extracted and moved to core/include) in CL 37600.

BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
  commit in the chain.

Change-Id: Ie09ecb970aa06fe9301ac255375ca7d8e7ead8bc
2018-01-16 19:33:36 -08:00

86 lines
3.2 KiB
C++
Raw Blame History

// Copyright 2017 Google Inc. All Rights Reserved.
//
#ifndef WVCDM_CORE_SERVICE_CERTIFICATE_H_
#define WVCDM_CORE_SERVICE_CERTIFICATE_H_
// Service Certificates are used to encrypt the ClientIdentification message
// that is part of Device Provisioning, License, Renewal, and Release requests.
// It also supplies a provider_id setting used in device provisioning.
// Service Certificates are typically supplied by the application. If one
// is not supplied and privacy mode is enabled, the CDM will send a Service
// Certificate Request to the target server to get one. Once the Service
// Certificate is established for the session, it should not change.
#include <memory>
#include "license_protocol.pb.h"
#include "privacy_crypto.h"
#include "wv_cdm_types.h"
namespace wvcdm {
class CryptoSession;
class ServiceCertificate {
public:
ServiceCertificate() : has_certificate_(false) {}
virtual ~ServiceCertificate() {}
// Set up a new service certificate.
// Accept a serialized video_widevine::SignedDrmDeviceCertificate message.
virtual CdmResponseType Init(const std::string& signed_certificate);
bool has_certificate() const { return has_certificate_; }
const std::string certificate() const { return certificate_; }
const std::string& provider_id() const { return provider_id_; }
// Verify the signature for a message.
virtual CdmResponseType VerifySignedMessage(const std::string& message,
const std::string& signature);
// Encrypt the ClientIdentification message for a provisioning or
// licensing request. Encryption is performed using the current
// service certificate. Return a failure if the service certificate is
// not present, not valid, or if some other error occurs.
// The routine should not be called if privacy mode is off or if the
// certificate is empty.
virtual CdmResponseType EncryptClientId(
CryptoSession* crypto_session,
const video_widevine::ClientIdentification* clear_client_id,
video_widevine::EncryptedClientIdentification* encrypted_client_id);
// Helper methods
static bool GetRequest(CdmKeyMessage* request);
static CdmResponseType ParseResponse(const std::string& response,
std::string* signed_certificate);
private:
// Encrypt data using RSA with OAEP padding.
// |plaintext| is the data to be encrypted. |ciphertext| is a pointer to a
// string to contain the decrypted data on return, and may not be null.
// returns NO_ERROR if successful or an appropriate error code otherwise.
virtual CdmResponseType EncryptRsaOaep(const std::string& plaintext,
std::string* ciphertext);
// Track whether object holds valid certificate
bool has_certificate_;
// Certificate, verified and extracted from signed message.
std::string certificate_;
// Certificate serial number.
std::string serial_number_;
// Provider ID, extracted from certificate message.
std::string provider_id_;
// Public key.
std::auto_ptr<RsaPublicKey> public_key_;
CORE_DISALLOW_COPY_AND_ASSIGN(ServiceCertificate);
};
} // namespace wvcdm
#endif // WVCDM_CORE_SERVICE_CERTIFICATE_H_
Reference in New Issue View Git Blame Copy Permalink