2feec02df2
Changes include: 1. Fix refreshkeys when handling renewal response. 2. Change ECM start detect method. 3. Fix signing key truncation. 4. Reformat C++ code. 5. Return license_id in LICENSE_CAS_READY payload. 6. Expose OEMCrypto API version in the license request. 7. Add support for newly added widevine cas ids. 8. Store content iv and encryption mode info to entitled key. 9. Upgrade ODK library to 16.4.
159 lines
7.5 KiB
C++
159 lines
7.5 KiB
C++
// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
|
|
// source code may only be used and distributed under the Widevine Master
|
|
// License Agreement.
|
|
|
|
#ifndef OEMCRYPTO_INTERFACE_H
|
|
#define OEMCRYPTO_INTERFACE_H
|
|
|
|
#include <memory>
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include "OEMCryptoCAS.h"
|
|
#include "crypto_key.h"
|
|
|
|
namespace wvcas {
|
|
|
|
// LoadKeysParams mirrors the parameters in the OEMCrypto API. It's purpose is
|
|
// to allow OEMCrypto_LoadKeys to be mocked. OEMCrypto_LoadKeys takes 13
|
|
// parameters as of API V14. GoogleMock allows a maximum of 10.
|
|
struct LoadKeysParams {
|
|
OEMCrypto_SESSION session = 0;
|
|
const uint8_t* message = nullptr;
|
|
size_t message_length = 0;
|
|
const uint8_t* signature = nullptr;
|
|
size_t signature_length = 0;
|
|
OEMCrypto_Substring enc_mac_keys_iv = {};
|
|
OEMCrypto_Substring enc_mac_keys = {};
|
|
size_t num_keys = 0;
|
|
const OEMCrypto_KeyObject* key_array = nullptr;
|
|
OEMCrypto_Substring pst = {};
|
|
OEMCrypto_Substring srm_requirement = {};
|
|
OEMCrypto_LicenseType license_type = OEMCrypto_ContentLicense;
|
|
};
|
|
|
|
// InputStreamParams mirrors the parameters in OEMCrypto API. The
|
|
// purpose is to allow OEMCrypto_Descramble to be mocked. OEMCrypto_Descramble
|
|
// takes 11 parameters as of API V15. GoogleMock allows a maximum of 10.
|
|
struct InputStreamParams {
|
|
const uint8_t* data_addr;
|
|
size_t data_length;
|
|
bool is_encrypted;
|
|
|
|
InputStreamParams(){};
|
|
InputStreamParams(const uint8_t* data_addr, size_t data_length,
|
|
bool is_encrypted)
|
|
: data_addr(data_addr),
|
|
data_length(data_length),
|
|
is_encrypted(is_encrypted) {}
|
|
};
|
|
|
|
// Calls to oemcrypto are called via this object. The purpose of this object is
|
|
// to allow OEMCrypto to be mocked. The implementation of this object only wraps
|
|
// OEMCrypto methods adding limited additional functionality. Added
|
|
// functionality is limited to adapt the input parameters to the oemcrypto api.
|
|
// Method signatures in this class can only have a maximum of 10 parameters to
|
|
// maintain compatibility with googlemock.
|
|
class OEMCryptoInterface {
|
|
public:
|
|
OEMCryptoInterface();
|
|
virtual ~OEMCryptoInterface();
|
|
|
|
virtual OEMCryptoResult OEMCrypto_Initialize(void);
|
|
virtual OEMCryptoResult OEMCrypto_Terminate(void);
|
|
virtual OEMCryptoResult OEMCrypto_OpenSession(
|
|
OEMCrypto_SESSION* session) const;
|
|
virtual OEMCryptoResult OEMCrypto_CloseSession(
|
|
OEMCrypto_SESSION session) const;
|
|
virtual OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod() const;
|
|
virtual OEMCryptoResult OEMCrypto_GetKeyData(uint8_t* keyData,
|
|
size_t* keyDataLength) const;
|
|
virtual uint32_t OEMCrypto_SupportedCertificates() const;
|
|
virtual OEMCryptoResult OEMCrypto_GenerateNonce(OEMCrypto_SESSION session,
|
|
uint32_t* nonce) const;
|
|
virtual OEMCryptoResult OEMCrypto_GenerateDerivedKeys(
|
|
OEMCrypto_SESSION session, const uint8_t* mac_key_context,
|
|
uint32_t mac_key_context_length, const uint8_t* enc_key_context,
|
|
uint32_t enc_key_context_length) const;
|
|
virtual OEMCryptoResult OEMCrypto_PrepAndSignLicenseRequest(
|
|
OEMCrypto_SESSION session, uint8_t* message, size_t message_length,
|
|
size_t* core_message_size, uint8_t* signature,
|
|
size_t* signature_length) const;
|
|
virtual OEMCryptoResult OEMCrypto_PrepAndSignRenewalRequest(
|
|
OEMCrypto_SESSION session, uint8_t* message, size_t message_length,
|
|
size_t* core_message_size, uint8_t* signature,
|
|
size_t* signature_length) const;
|
|
virtual OEMCryptoResult OEMCrypto_PrepAndSignProvisioningRequest(
|
|
OEMCrypto_SESSION session, uint8_t* message, size_t message_length,
|
|
size_t* core_message_size, uint8_t* signature,
|
|
size_t* signature_length) const;
|
|
virtual OEMCryptoResult OEMCrypto_LoadProvisioning(
|
|
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
|
|
size_t core_message_length, const uint8_t* signature,
|
|
size_t signature_length, uint8_t* wrapped_private_key,
|
|
size_t* wrapped_private_key_length) const;
|
|
virtual OEMCryptoResult OEMCrypto_GetOEMPublicCertificate(
|
|
OEMCrypto_SESSION session, uint8_t* public_cert,
|
|
size_t* public_cert_length) const;
|
|
virtual OEMCryptoResult OEMCrypto_LoadDRMPrivateKey(
|
|
OEMCrypto_SESSION session, OEMCrypto_PrivateKeyType key_type,
|
|
const uint8_t* wrapped_rsa_key, size_t wrapped_rsa_key_length) const;
|
|
virtual OEMCryptoResult OEMCrypto_GenerateRSASignature(
|
|
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
|
|
uint8_t* signature, size_t* signature_length,
|
|
RSA_Padding_Scheme padding_scheme) const;
|
|
virtual OEMCryptoResult OEMCrypto_DeriveKeysFromSessionKey(
|
|
OEMCrypto_SESSION session, const uint8_t* enc_session_key,
|
|
size_t enc_session_key_length, const uint8_t* mac_key_context,
|
|
size_t mac_key_context_length, const uint8_t* enc_key_context,
|
|
size_t enc_key_context_length) const;
|
|
virtual OEMCryptoResult OEMCrypto_LoadKeys(
|
|
const LoadKeysParams& load_key_params) const;
|
|
virtual OEMCryptoResult OEMCrypto_LoadLicense(OEMCrypto_SESSION session,
|
|
const uint8_t* message,
|
|
size_t message_length,
|
|
size_t core_message_length,
|
|
const uint8_t* signature,
|
|
size_t signature_length) const;
|
|
virtual OEMCryptoResult OEMCrypto_LoadRenewal(OEMCrypto_SESSION session,
|
|
const uint8_t* message,
|
|
size_t message_length,
|
|
size_t core_message_length,
|
|
const uint8_t* signature,
|
|
size_t signature_length) const;
|
|
virtual OEMCryptoResult OEMCrypto_LoadCasECMKeys(
|
|
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
|
|
const OEMCrypto_EntitledCasKeyObject* even_key,
|
|
const OEMCrypto_EntitledCasKeyObject* odd_key) const;
|
|
virtual OEMCryptoResult OEMCrypto_SelectKey(
|
|
OEMCrypto_SESSION session, const uint8_t* content_key_id,
|
|
size_t content_key_id_length, OEMCryptoCipherMode cipher_mode) const;
|
|
virtual OEMCryptoResult OEMCrypto_GetHDCPCapability(
|
|
OEMCrypto_HDCP_Capability* current, OEMCrypto_HDCP_Capability* max) const;
|
|
virtual OEMCryptoResult OEMCrypto_RefreshKeys(
|
|
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
|
|
const uint8_t* signature, size_t signature_length, size_t num_keys,
|
|
const OEMCrypto_KeyRefreshObject* key_array);
|
|
virtual OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID,
|
|
size_t* idLength);
|
|
virtual OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t* buffer,
|
|
size_t length);
|
|
virtual const char* OEMCrypto_SecurityLevel() const;
|
|
virtual OEMCryptoResult OEMCrypto_CreateEntitledKeySession(
|
|
OEMCrypto_SESSION oec_session, OEMCrypto_SESSION* key_session);
|
|
virtual OEMCryptoResult OEMCrypto_RemoveEntitledKeySession(
|
|
OEMCrypto_SESSION key_session);
|
|
virtual uint32_t OEMCrypto_APIVersion() const;
|
|
|
|
OEMCryptoInterface(const OEMCryptoInterface&) = delete;
|
|
OEMCryptoInterface& operator=(const OEMCryptoInterface&) = delete;
|
|
|
|
private:
|
|
class Impl;
|
|
std::unique_ptr<Impl> impl_;
|
|
};
|
|
|
|
} // namespace wvcas
|
|
|
|
#endif // OEMCRYPTO_INTERFACE_H
|