86 lines
2.7 KiB
C++
86 lines
2.7 KiB
C++
// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
|
|
// source code may only be used and distributed under the Widevine License
|
|
// Agreement.
|
|
//
|
|
// Description:
|
|
// Declaration of classes representing AES and RSA public keys used
|
|
// for signature verification and encryption.
|
|
//
|
|
// AES encryption details:
|
|
// Algorithm: AES-CBC
|
|
//
|
|
// RSA signature details:
|
|
// Algorithm: RSASSA-PSS
|
|
// Hash algorithm: SHA1
|
|
// Mask generation function: mgf1SHA1
|
|
// Salt length: 20 bytes
|
|
// Trailer field: 0xbc
|
|
//
|
|
// RSA encryption details:
|
|
// Algorithm: RSA-OAEP
|
|
// Mask generation function: mgf1SHA1
|
|
// Label (encoding paramter): empty string
|
|
//
|
|
#ifndef WIDEVINE_CAS_PRIVACY_CRYPTO_H_
|
|
#define WIDEVINE_CAS_PRIVACY_CRYPTO_H_
|
|
|
|
#include <cstdint>
|
|
#include <string>
|
|
|
|
namespace wvcas {
|
|
|
|
class AesCbcKey {
|
|
public:
|
|
AesCbcKey();
|
|
~AesCbcKey();
|
|
|
|
bool Init(const std::string& key);
|
|
bool Encrypt(const std::string& in, const std::string& iv, std::string* out,
|
|
bool has_padding = true);
|
|
bool Decrypt(const std::string& in, const std::string& iv, std::string* out,
|
|
bool has_padding = true);
|
|
|
|
private:
|
|
std::string key_;
|
|
}; // class AesCbcKey
|
|
|
|
class RsaPublicKey {
|
|
public:
|
|
RsaPublicKey();
|
|
~RsaPublicKey();
|
|
|
|
// Initializes an RsaPublicKey object using a DER encoded PKCS#1 RSAPublicKey
|
|
bool Init(const std::string& serialized_key);
|
|
|
|
// Encrypt a message using RSA-OAEP. Caller retains ownership of all
|
|
// parameters. Returns true if successful, false otherwise.
|
|
bool Encrypt(const std::string& plaintext, std::string* ciphertext);
|
|
|
|
// Verify RSASSA-PSS signature. Caller retains ownership of all parameters.
|
|
// Returns true if validation succeeds, false otherwise.
|
|
bool VerifySignature(const std::string& message,
|
|
const std::string& signature);
|
|
|
|
private:
|
|
std::string serialized_key_;
|
|
}; // class RsaPublicKey
|
|
|
|
/**
|
|
* Extracts an integer value from the extensions in a certificate.
|
|
* @param cert A PKCS7 encoded X.509 certificate chain.
|
|
* @param extension_oid The ID of the extension to get.
|
|
* @param cert_index The zero-based index of the certificate in the chain to
|
|
* fetch from.
|
|
* @param value [OUT] Will contain the extracted value.
|
|
* @return True on success, false on error.
|
|
*/
|
|
bool ExtractExtensionValueFromCertificate(const std::string& cert,
|
|
const std::string& extension_oid,
|
|
size_t cert_index, uint32_t* value);
|
|
|
|
std::string Md5Hash(const std::string& data);
|
|
std::string Sha1Hash(const std::string& data);
|
|
std::string Sha256Hash(const std::string& data);
|
|
std::string Sha512Hash(const std::string& data);
|
|
} // namespace wvcas
|
|
#endif // WIDEVINE_CAS_PRIVACY_CRYPTO_H_
|