Source release 18.6.0
This commit is contained in:
Alex Dale
@@ -107,7 +107,8 @@ class CryptoSession {
|
||||
RequestedSecurityLevel requested_security_level, std::string* oem_cert);
|
||||
// Retrieves the embedded public certificate from OEMCrypto.
|
||||
// Only valid for L3 devices with embedded (baked-in) certificates.
|
||||
virtual CdmResponseType GetTokenFromEmbeddedCertificate(std::string* token);
|
||||
virtual CdmResponseType GetTokenFromEmbeddedCertificate(
|
||||
RequestedSecurityLevel requested_security_level, std::string* token);
|
||||
|
||||
// The overloaded methods with |requested_level| may be called
|
||||
// without a preceding call to Open. The other method must call Open first.
|
||||
@@ -146,6 +147,7 @@ class CryptoSession {
|
||||
|
||||
virtual CdmResponseType Open() { return Open(kLevelDefault); }
|
||||
virtual CdmResponseType Open(RequestedSecurityLevel requested_security_level);
|
||||
virtual CdmResponseType MarkOfflineSession();
|
||||
virtual void Close();
|
||||
|
||||
virtual bool IsOpen() { return open_; }
|
||||
|
||||
@@ -37,7 +37,10 @@ class AesCbcKey {
|
||||
~AesCbcKey();
|
||||
|
||||
bool Init(const std::string& key);
|
||||
bool Encrypt(const std::string& in, const std::string& iv, std::string* out);
|
||||
bool Encrypt(const std::string& in, const std::string& iv, std::string* out,
|
||||
bool has_padding = true);
|
||||
bool Decrypt(const std::string& in, const std::string& iv, std::string* out,
|
||||
bool has_padding = true);
|
||||
|
||||
private:
|
||||
std::string key_;
|
||||
@@ -82,6 +85,7 @@ bool ExtractExtensionValueFromCertificate(const std::string& cert,
|
||||
size_t cert_index, uint32_t* value);
|
||||
|
||||
std::string Md5Hash(const std::string& data);
|
||||
std::string Sha1Hash(const std::string& data);
|
||||
std::string Sha256Hash(const std::string& data);
|
||||
|
||||
} // namespace wvcdm
|
||||
|
||||
@@ -12,6 +12,7 @@ namespace wvutil {
|
||||
class FileSystem;
|
||||
} // namespace wvutil
|
||||
namespace wvcdm {
|
||||
// Forward declarations.
|
||||
class CryptoSession;
|
||||
class DeviceFiles;
|
||||
|
||||
@@ -20,6 +21,22 @@ class DeviceFiles;
|
||||
// different place.
|
||||
class SystemIdExtractor {
|
||||
public:
|
||||
// The constructor should be provided all the parameters necessary
|
||||
// to find the system ID. Although certain provisioning methods
|
||||
// may not use all parameters, this class must behave in a way which
|
||||
// makes it as easy as possible to obtain the system ID, all
|
||||
// parameters are required.
|
||||
//
|
||||
// Parameters:
|
||||
// |security_level|
|
||||
// - Requested security level, uses the |crypto_session| handle
|
||||
// to convert to a concrete security level.
|
||||
// |crypto_sesssion|
|
||||
// - Handle into the OEMCrypto platform. If handle is open,
|
||||
// then the session's real security level should match
|
||||
// |security_level|.
|
||||
// |fs|
|
||||
// - File system handle to the global file system.
|
||||
SystemIdExtractor(RequestedSecurityLevel security_level,
|
||||
CryptoSession* crypto_session, wvutil::FileSystem* fs);
|
||||
virtual ~SystemIdExtractor() {}
|
||||
@@ -30,12 +47,17 @@ class SystemIdExtractor {
|
||||
SystemIdExtractor& operator=(const SystemIdExtractor&) = delete;
|
||||
SystemIdExtractor& operator=(SystemIdExtractor&&) = delete;
|
||||
|
||||
// Extracts the system ID from the appropriate source.
|
||||
virtual bool ExtractSystemId(uint32_t* system_id);
|
||||
|
||||
// Extracts the system ID from a keybox key data (aka CA token).
|
||||
static bool ExtractSystemIdFromKeyboxData(const std::string& key_data,
|
||||
uint32_t* system_id);
|
||||
// Extracts the system ID from a serialized OEM certificate.
|
||||
// System ID is expected to be in the manufacturer's intermediate
|
||||
// X.509 certificate from the Widevine-defined X.509 v3
|
||||
// Extension found in the TBSCertificate "extensions" attribute.
|
||||
// See RFC 5280 for X.509 certificate structure.
|
||||
static bool ExtractSystemIdFromOemCert(const std::string& oem_cert,
|
||||
uint32_t* system_id);
|
||||
|
||||
@@ -44,13 +66,15 @@ class SystemIdExtractor {
|
||||
}
|
||||
|
||||
private:
|
||||
// Note: All the internal ExtractSystemId*() methods assume
|
||||
// |system_id| is not null.
|
||||
|
||||
// Extracts the system ID from keybox-based OEMCrypto implementations.
|
||||
// System ID is expected to be found in the keybox data. Devices
|
||||
// which require OTA keybox provisioning will return a null system ID.
|
||||
bool ExtractSystemIdProv20(uint32_t* system_id);
|
||||
// Extracts the system ID from OEM certificate-based OEMCrypto
|
||||
// implementations. System ID is expected to be in the manufacturers
|
||||
// intermediate X.509 certificate.
|
||||
// implementations.
|
||||
bool ExtractSystemIdProv30(uint32_t* system_id);
|
||||
// Extracts the system ID from BCC-based OEMCrypto implementations.
|
||||
// System ID is expected to be found in the stored OEM certificate
|
||||
@@ -59,9 +83,20 @@ class SystemIdExtractor {
|
||||
// a null system ID.
|
||||
bool ExtractSystemIdProv40(uint32_t* system_id);
|
||||
|
||||
// Add future extraction methods here.
|
||||
|
||||
// Verifies that if |crypto_session_| is opened, that the
|
||||
// security level is matches the instances |security_level_|.
|
||||
// If unopened, verifies that |security_level_| is a defined
|
||||
// value.
|
||||
// Returns true if security level is valid, false otherwise.
|
||||
bool VerifySecurityLevelExpectations();
|
||||
|
||||
RequestedSecurityLevel security_level_ = kLevelDefault;
|
||||
CryptoSession* crypto_session_ = nullptr;
|
||||
wvutil::FileSystem* fs_ = nullptr;
|
||||
// Test only handle to DeviceFiles. When not null, |fs_| will be
|
||||
// ignored.
|
||||
DeviceFiles* test_device_files_ = nullptr;
|
||||
};
|
||||
} // namespace wvcdm
|
||||
|
||||
Reference in New Issue
Block a user