Replace hardcoded parameters

common/rot_id_generator.h

@@ -0,0 +1,91 @@
+////////////////////////////////////////////////////////////////////////////////
+// Copyright 2019 Google LLC.
+//
+// This software is licensed under the terms defined in the Widevine Master
+// License Agreement. For a copy of this agreement, please contact
+// widevine-licensing@google.com.
+////////////////////////////////////////////////////////////////////////////////
+//
+// Description:
+//   Classes for generating and decrypting the root of trust id which is
+//   included in generated DRM Certificates.
+
+#ifndef COMMON_ROT_ID_GENERATOR_H_
+#define COMMON_ROT_ID_GENERATOR_H_
+
+#include <memory>
+#include <utility>
+
+#include <cstdint>
+#include "common/ecies_crypto.h"
+#include "common/rot_id_util.h"
+#include "common/status.h"
+#include "protos/public/drm_certificate.pb.h"
+
+namespace widevine {
+
+// The RootOfTrustIdGenerator is used to create a root of trust id that is
+// associated with the keybox or OEM X.509 certificate that was used as
+// authentication during provisioning.
+class RootOfTrustIdGenerator {
+ public:
+  // The constructor for creating the RootOfTrustIdGenerator. |ecies_encryptor|
+  // is used to encrypt the unique identifier. It must not be null.  The
+  // |wv_shared_salt| is a secret salt used in creating the hash
+  // component of the Root of Trust Id. The secret salt is stored securely. The
+  // same value is used as part of generating all Root of Trust Ids.
+  // The |wv_shared_salt| is also used for creating the unique id hash
+  // values. The unique id hash values identify revoked devices and are
+  // published in the DCSL and consumed by the License SDK.
+  RootOfTrustIdGenerator(std::unique_ptr<EciesEncryptor> ecies_encryptor,
+                         std::string wv_shared_salt)
+      : ecies_encryptor_(std::move(ecies_encryptor)),
+        wv_shared_salt_(std::move(wv_shared_salt)) {}
+
+  virtual ~RootOfTrustIdGenerator() {}
+
+  // Creates the root of trust identifier. This fills the fields of the
+  // |root_of_trust_id|. The fields are generated per the spec at go/wv-kb-id.
+  // The |system_id| is required and must match the system id to which the
+  // |unique_id| belongs.
+  // Returns INVALID_ARGUMENT if |system_id| is 0, |unique_id| is empty.
+  // |roof_of_trust_id| is owned by the caller and must not be null.
+  virtual Status Generate(uint32_t system_id, const std::string& unique_id,
+                          RootOfTrustId* root_of_trust_id) const;
+
+  // Generates the hash of the |unique_id| per the spec in go/wv-kb-id. This
+  // unique id hash (aka inner hash) is the identifier used when revoking an
+  // individual device.  The result of this hash is one of the values used to
+  // generate Root of Trust Id Hash.
+  // |unique_id| should not be empty. If it is, an empty hash
+  // is returned.
+  std::string GenerateUniqueIdHash(const std::string& unique_id) const;
+
+ private:
+  std::unique_ptr<EciesEncryptor> ecies_encryptor_;
+  std::string wv_shared_salt_;
+};
+
+// The RootOfTrustIdDecryptor is used to decrypt the root of trust id. It
+// requires an |ecies_decryptor| which must use the private key that matches
+// the public key used with the RootOfTrustIdGenerator. |ecies_decryptor|
+// must not be null. The RootOfTrustIdDecryptor will take ownership.
+class RootOfTrustIdDecryptor {
+ public:
+  explicit RootOfTrustIdDecryptor(
+      std::unique_ptr<EciesDecryptor> ecies_decryptor)
+      : ecies_decryptor_(std::move(ecies_decryptor)) {}
+
+  // Decrypts the |rot_encrypted_id| using the |system_id| as part of the
+  // context. |unique_id| contains the decrypted value on success.
+  // |rot_encrypted_id| must not be empty. |unique_id| must not be null.
+  // Returns true on success, false on failure.
+  Status DecryptUniqueId(uint32_t system_id, const std::string& rot_encrypted_id,
+                         std::string* unique_id) const;
+
+ private:
+  std::unique_ptr<EciesDecryptor> ecies_decryptor_;
+};
+
+}  // namespace widevine
+#endif  // COMMON_ROT_ID_GENERATOR_H_