Source release 18.1.0

2023-06-23 15:45:08 -07:00
parent 2baa7c6e2b
commit b2c35151ad
2074 changed files with 196004 additions and 427059 deletions
--- a/oemcrypto/util/include/oemcrypto_key_handle.h
+++ b/oemcrypto/util/include/oemcrypto_key_handle.h
@@ -0,0 +1,63 @@
+// Copyright 2022 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine License
+// Agreement.
+//
+// Implements utility functions for serializing and deserializing the fake key
+// handles used by the Ref and Testbed.
+//
+#ifndef WVOEC_UTIL_KEY_HANDLE_H_
+#define WVOEC_UTIL_KEY_HANDLE_H_
+
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "OEMCryptoCENC.h"
+#include "log.h"
+
+namespace wvoec {
+namespace util {
+// Size of a key handle, which for this implementation is just a session ID.
+constexpr size_t kKeyHandleSize = sizeof(OEMCrypto_SESSION);
+
+OEMCryptoResult SerializeSessionToKeyHandle(OEMCrypto_SESSION session,
+                                            uint8_t* key_handle,
+                                            size_t* key_handle_length) {
+  if (key_handle_length == nullptr) {
+    LOGE("Null key handle length");
+    return OEMCrypto_ERROR_INVALID_CONTEXT;
+  }
+
+  if (key_handle == nullptr || *key_handle_length < kKeyHandleSize) {
+    *key_handle_length = kKeyHandleSize;
+    return OEMCrypto_ERROR_SHORT_BUFFER;
+  }
+
+  *key_handle_length = kKeyHandleSize;
+  memcpy(key_handle, &session, kKeyHandleSize);
+  return OEMCrypto_SUCCESS;
+}
+
+OEMCryptoResult DeserializeKeyHandleToSession(const uint8_t* key_handle,
+                                              size_t key_handle_length,
+                                              OEMCrypto_SESSION* session) {
+  if (key_handle == nullptr) {
+    LOGE("Null key handle");
+    return OEMCrypto_ERROR_INVALID_CONTEXT;
+  }
+  if (session == nullptr) {
+    LOGE("Null session");
+    return OEMCrypto_ERROR_INVALID_CONTEXT;
+  }
+
+  if (key_handle_length != kKeyHandleSize) {
+    LOGE("Invalid key handle length");
+    return OEMCrypto_ERROR_INVALID_CONTEXT;
+  }
+
+  memcpy(session, key_handle, kKeyHandleSize);
+  return OEMCrypto_SUCCESS;
+}
+}  // namespace util
+}  // namespace wvoec
+#endif  // WVOEC_UTIL_KEY_HANDLE_H_
--- a/oemcrypto/util/include/oemcrypto_rsa_key.h
+++ b/oemcrypto/util/include/oemcrypto_rsa_key.h
@@ -122,6 +122,8 @@ class RsaPublicKey {
  // private equivalent of this public key.
  // The signature algorithm can be specified via the |algorithm| field.
  // See RsaSignatureAlgorithm for details on each algorithm.
+  // For RSASSA-PSS, the hash algorithm can be specified via |hash_algorithm|.
+  // This parameter is ignored for other signature algorithms.
  //
  // Returns:
  //    OEMCrypto_SUCCESS if signature is valid
@@ -129,15 +131,17 @@ class RsaPublicKey {
  //    OEMCrypto_ERROR_UNKNOWN_FAILURE if any error occurs
  OEMCryptoResult VerifySignature(
      const uint8_t* message, size_t message_length, const uint8_t* signature,
-      size_t signature_length,
-      RsaSignatureAlgorithm algorithm = kRsaPssDefault) const;
+      size_t signature_length, RsaSignatureAlgorithm algorithm = kRsaPssDefault,
+      OEMCrypto_SignatureHashAlgorithm hash_algorithm = OEMCrypto_SHA1) const;
  OEMCryptoResult VerifySignature(
      const std::string& message, const std::string& signature,
-      RsaSignatureAlgorithm algorithm = kRsaPssDefault) const;
+      RsaSignatureAlgorithm algorithm = kRsaPssDefault,
+      OEMCrypto_SignatureHashAlgorithm hash_algorithm = OEMCrypto_SHA1) const;
  OEMCryptoResult VerifySignature(
      const std::vector<uint8_t>& message,
      const std::vector<uint8_t>& signature,
-      RsaSignatureAlgorithm algorithm = kRsaPssDefault) const;
+      RsaSignatureAlgorithm algorithm = kRsaPssDefault,
+      OEMCrypto_SignatureHashAlgorithm hash_algorithm = OEMCrypto_SHA1) const;

  // Encrypts the OEMCrypto session key used for deriving other keys.
  // On success, |enc_session_key_size| is populated with the number
@@ -195,10 +199,10 @@ class RsaPublicKey {
  bool InitFromSslHandle(const RSA* rsa_handle, uint32_t allowed_schemes);

  // Signature specialization functions.
-  OEMCryptoResult VerifySignaturePss(const uint8_t* message,
-                                     size_t message_length,
-                                     const uint8_t* signature,
-                                     size_t signature_length) const;
+  OEMCryptoResult VerifySignaturePss(
+      const uint8_t* message, size_t message_length, const uint8_t* signature,
+      size_t signature_length,
+      OEMCrypto_SignatureHashAlgorithm hash_algorithm) const;
  OEMCryptoResult VerifySignaturePkcs1Cast(const uint8_t* message,
                                           size_t message_length,
                                           const uint8_t* signature,