Add AES-ECB as a supported encryption mode in ECMG
This commit is contained in:
Lu Chen
@@ -101,6 +101,7 @@ cc_library(
|
|||||||
":error_space",
|
":error_space",
|
||||||
":hash_algorithm",
|
":hash_algorithm",
|
||||||
":hash_algorithm_util",
|
":hash_algorithm_util",
|
||||||
|
":output_protection_util",
|
||||||
":rsa_key",
|
":rsa_key",
|
||||||
":status",
|
":status",
|
||||||
"//base",
|
"//base",
|
||||||
@@ -127,6 +128,7 @@ cc_test(
|
|||||||
":error_space",
|
":error_space",
|
||||||
":hash_algorithm",
|
":hash_algorithm",
|
||||||
":hash_algorithm_util",
|
":hash_algorithm_util",
|
||||||
|
":output_protection_util",
|
||||||
":rsa_key",
|
":rsa_key",
|
||||||
":rsa_test_keys",
|
":rsa_test_keys",
|
||||||
":security_profile_list",
|
":security_profile_list",
|
||||||
@@ -431,7 +433,6 @@ cc_library(
|
|||||||
":rsa_util",
|
":rsa_util",
|
||||||
":sha_util",
|
":sha_util",
|
||||||
"//base",
|
"//base",
|
||||||
"@abseil_repo//absl/base:core_headers",
|
|
||||||
"//external:openssl",
|
"//external:openssl",
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
@@ -870,6 +871,7 @@ cc_library(
|
|||||||
":drm_service_certificate",
|
":drm_service_certificate",
|
||||||
":error_space",
|
":error_space",
|
||||||
":rsa_key",
|
":rsa_key",
|
||||||
|
":rsa_util",
|
||||||
":status",
|
":status",
|
||||||
":x509_cert",
|
":x509_cert",
|
||||||
"//base",
|
"//base",
|
||||||
|
|||||||
@@ -95,7 +95,12 @@ std::string CreateSignatureHmac(const EVP_MD* hash_algorithm,
|
|||||||
bool VerifySignatureHmacSha256(absl::string_view key,
|
bool VerifySignatureHmacSha256(absl::string_view key,
|
||||||
absl::string_view signature,
|
absl::string_view signature,
|
||||||
absl::string_view message) {
|
absl::string_view message) {
|
||||||
return CreateSignatureHmacSha256(key, message) == signature;
|
std::string actual_signature = CreateSignatureHmacSha256(key, message);
|
||||||
|
bool result = actual_signature == signature;
|
||||||
|
if (!result) {
|
||||||
|
VLOG(1) << "Invalid signature. actual signature: " << actual_signature;
|
||||||
|
}
|
||||||
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Compares the SHA-384 HMAC against the provided signature.
|
// Compares the SHA-384 HMAC against the provided signature.
|
||||||
|
|||||||
@@ -145,13 +145,11 @@ class ECPublicKey {
|
|||||||
// Returns true on success and false on error.
|
// Returns true on success and false on error.
|
||||||
virtual bool GetRawPublicKey(std::string* raw_public_key) const;
|
virtual bool GetRawPublicKey(std::string* raw_public_key) const;
|
||||||
|
|
||||||
private:
|
|
||||||
friend class ECPrivateKey;
|
|
||||||
|
|
||||||
ECPublicKey& operator=(const ECPublicKey&) = delete;
|
|
||||||
|
|
||||||
const EC_KEY* key() const { return key_.get(); }
|
const EC_KEY* key() const { return key_.get(); }
|
||||||
|
|
||||||
|
private:
|
||||||
|
ECPublicKey& operator=(const ECPublicKey&) = delete;
|
||||||
|
|
||||||
ScopedECKEY key_;
|
ScopedECKEY key_;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -363,6 +363,18 @@ bool RsaPublicKey::MatchesPublicKey(const RsaPublicKey& public_key) const {
|
|||||||
|
|
||||||
uint32_t RsaPublicKey::KeySize() const { return RSA_size(key_); }
|
uint32_t RsaPublicKey::KeySize() const { return RSA_size(key_); }
|
||||||
|
|
||||||
|
bool RsaPublicKey::SerializedKey(std::string* serialized_key) const {
|
||||||
|
if (serialized_key == nullptr) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
std::string tmp_serialized_key;
|
||||||
|
if (!rsa_util::SerializeRsaPublicKey(key(), &tmp_serialized_key)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
*serialized_key = tmp_serialized_key;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
RsaKeyFactory::RsaKeyFactory() {}
|
RsaKeyFactory::RsaKeyFactory() {}
|
||||||
|
|
||||||
RsaKeyFactory::~RsaKeyFactory() {}
|
RsaKeyFactory::~RsaKeyFactory() {}
|
||||||
|
|||||||
@@ -125,6 +125,9 @@ class RsaPublicKey {
|
|||||||
// Returns the RSA key size (modulus) in bytes.
|
// Returns the RSA key size (modulus) in bytes.
|
||||||
virtual uint32_t KeySize() const;
|
virtual uint32_t KeySize() const;
|
||||||
|
|
||||||
|
// Returns true if the key is successfully serialized into |serialized_key|.
|
||||||
|
virtual bool SerializedKey(std::string* serialized_key) const;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
friend class RsaPrivateKey;
|
friend class RsaPrivateKey;
|
||||||
friend class X509CertificateBuilder; // TODO(user): Get rid of this.
|
friend class X509CertificateBuilder; // TODO(user): Get rid of this.
|
||||||
|
|||||||
@@ -18,6 +18,7 @@
|
|||||||
|
|
||||||
#include "absl/synchronization/mutex.h"
|
#include "absl/synchronization/mutex.h"
|
||||||
#include "common/hash_algorithm.h"
|
#include "common/hash_algorithm.h"
|
||||||
|
#include "common/output_protection_util.h"
|
||||||
#include "common/status.h"
|
#include "common/status.h"
|
||||||
#include "protos/public/client_identification.pb.h"
|
#include "protos/public/client_identification.pb.h"
|
||||||
#include "protos/public/device_security_profile_data.pb.h"
|
#include "protos/public/device_security_profile_data.pb.h"
|
||||||
@@ -26,6 +27,7 @@
|
|||||||
#include "protos/public/security_profile.pb.h"
|
#include "protos/public/security_profile.pb.h"
|
||||||
|
|
||||||
namespace widevine {
|
namespace widevine {
|
||||||
|
|
||||||
using ClientCapabilities = ClientIdentification::ClientCapabilities;
|
using ClientCapabilities = ClientIdentification::ClientCapabilities;
|
||||||
|
|
||||||
const char kDefaultProfileOwnerName[] = "Widevine";
|
const char kDefaultProfileOwnerName[] = "Widevine";
|
||||||
@@ -56,13 +58,16 @@ class SecurityProfileList {
|
|||||||
const std::vector<std::string>& profiles_to_check,
|
const std::vector<std::string>& profiles_to_check,
|
||||||
const std::string& owner, const ClientIdentification& client_id,
|
const std::string& owner, const ClientIdentification& client_id,
|
||||||
const ProvisionedDeviceInfo& device_info,
|
const ProvisionedDeviceInfo& device_info,
|
||||||
|
PlatformVerificationStatus device_vmp_status,
|
||||||
std::vector<std::string>* qualified_profiles) const;
|
std::vector<std::string>* qualified_profiles) const;
|
||||||
|
|
||||||
// Populates |profiles_to_allow| with a list of profiles that meet the
|
// Populates |profiles_to_allow| with a list of profiles that meet the
|
||||||
// requirements for the this device. The number of profiles is returned.
|
// requirements for the this device. The number of profiles is returned.
|
||||||
virtual int GetQualifiedProfiles(
|
virtual int GetQualifiedProfiles(
|
||||||
const ClientIdentification& client_id,
|
const ClientIdentification& client_id,
|
||||||
const ProvisionedDeviceInfo& device_info, const std::string& owner,
|
const ProvisionedDeviceInfo& device_info,
|
||||||
|
const PlatformVerificationStatus device_vmp_status,
|
||||||
|
const std::string& owner,
|
||||||
std::vector<std::string>* qualified_profiles) const;
|
std::vector<std::string>* qualified_profiles) const;
|
||||||
|
|
||||||
// Return true if a profile exist matching the specified parameters {|name|,
|
// Return true if a profile exist matching the specified parameters {|name|,
|
||||||
@@ -121,6 +126,8 @@ class SecurityProfileList {
|
|||||||
void ClearAllProfiles();
|
void ClearAllProfiles();
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
friend class SecurityProfileListTest;
|
||||||
|
|
||||||
// Add Widevine default profiles into profile_list. The number of added
|
// Add Widevine default profiles into profile_list. The number of added
|
||||||
// default profiles will be returned.
|
// default profiles will be returned.
|
||||||
virtual int AddDefaultProfiles();
|
virtual int AddDefaultProfiles();
|
||||||
@@ -133,7 +140,8 @@ class SecurityProfileList {
|
|||||||
|
|
||||||
bool DoesProfileQualify(const SecurityProfile& profile,
|
bool DoesProfileQualify(const SecurityProfile& profile,
|
||||||
const ClientIdentification& client_id,
|
const ClientIdentification& client_id,
|
||||||
const ProvisionedDeviceInfo& device_info) const;
|
const ProvisionedDeviceInfo& device_info,
|
||||||
|
PlatformVerificationStatus device_vmp_status) const;
|
||||||
|
|
||||||
int64_t GetCurrentTimeSeconds() const;
|
int64_t GetCurrentTimeSeconds() const;
|
||||||
|
|
||||||
@@ -149,6 +157,10 @@ class SecurityProfileList {
|
|||||||
|
|
||||||
void ClearAllDefaultProfilesLocked() ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
|
void ClearAllDefaultProfilesLocked() ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
|
||||||
void ClearAllCustomProfilesLocked() ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
|
void ClearAllCustomProfilesLocked() ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
|
||||||
|
|
||||||
|
// Return true is the client is a Chrome browser.
|
||||||
|
virtual bool IsChromeBrowser(const std::string& device_model) const;
|
||||||
|
|
||||||
mutable absl::Mutex mutex_;
|
mutable absl::Mutex mutex_;
|
||||||
// Security profiles
|
// Security profiles
|
||||||
std::string profile_namespace_;
|
std::string profile_namespace_;
|
||||||
|
|||||||
@@ -136,6 +136,8 @@ EcmMetaData::CipherMode ConvertCryptoModeToProtoCipherMode(
|
|||||||
return EcmMetaData::AES_OFB;
|
return EcmMetaData::AES_OFB;
|
||||||
case CryptoMode::kAesScte:
|
case CryptoMode::kAesScte:
|
||||||
return EcmMetaData::AES_SCTE52;
|
return EcmMetaData::AES_SCTE52;
|
||||||
|
case CryptoMode::kAesEcb:
|
||||||
|
return EcmMetaData::AES_ECB;
|
||||||
case CryptoMode::kInvalid:
|
case CryptoMode::kInvalid:
|
||||||
default:
|
default:
|
||||||
LOG(ERROR) << "Unknown crypto mode.";
|
LOG(ERROR) << "Unknown crypto mode.";
|
||||||
|
|||||||
@@ -274,7 +274,8 @@ INSTANTIATE_TEST_SUITE_P(
|
|||||||
std::make_tuple(CryptoMode::kDvbCsa2, EcmMetaData::DVB_CSA2),
|
std::make_tuple(CryptoMode::kDvbCsa2, EcmMetaData::DVB_CSA2),
|
||||||
std::make_tuple(CryptoMode::kDvbCsa3, EcmMetaData::DVB_CSA3),
|
std::make_tuple(CryptoMode::kDvbCsa3, EcmMetaData::DVB_CSA3),
|
||||||
std::make_tuple(CryptoMode::kAesOfb, EcmMetaData::AES_OFB),
|
std::make_tuple(CryptoMode::kAesOfb, EcmMetaData::AES_OFB),
|
||||||
std::make_tuple(CryptoMode::kAesScte, EcmMetaData::AES_SCTE52)));
|
std::make_tuple(CryptoMode::kAesScte, EcmMetaData::AES_SCTE52),
|
||||||
|
std::make_tuple(CryptoMode::kAesEcb, EcmMetaData::AES_ECB)));
|
||||||
|
|
||||||
TEST_F(EcmSerializerV3Test, SerializeEcmDoubleKey8ByteIvs) {
|
TEST_F(EcmSerializerV3Test, SerializeEcmDoubleKey8ByteIvs) {
|
||||||
EcmSerializerV3 ecm_serializer;
|
EcmSerializerV3 ecm_serializer;
|
||||||
|
|||||||
@@ -30,6 +30,7 @@ enum class CryptoMode : int {
|
|||||||
kDvbCsa3 = 3,
|
kDvbCsa3 = 3,
|
||||||
kAesOfb = 4,
|
kAesOfb = 4,
|
||||||
kAesScte = 5,
|
kAesScte = 5,
|
||||||
|
kAesEcb = 6,
|
||||||
};
|
};
|
||||||
|
|
||||||
enum class ScramblingLevel : int { kPES = 0, kTS = 1 };
|
enum class ScramblingLevel : int { kPES = 0, kTS = 1 };
|
||||||
|
|||||||
@@ -71,6 +71,7 @@ message EcmMetaData {
|
|||||||
DVB_CSA3 = 4;
|
DVB_CSA3 = 4;
|
||||||
AES_OFB = 5;
|
AES_OFB = 5;
|
||||||
AES_SCTE52 = 6;
|
AES_SCTE52 = 6;
|
||||||
|
AES_ECB = 7;
|
||||||
}
|
}
|
||||||
// Required. The cipher mode used to encrypt/decrypt the content.
|
// Required. The cipher mode used to encrypt/decrypt the content.
|
||||||
optional CipherMode cipher_mode = 1;
|
optional CipherMode cipher_mode = 1;
|
||||||
|
|||||||
@@ -61,6 +61,7 @@ message CasEncryptionResponse {
|
|||||||
// Optional label used for the key.
|
// Optional label used for the key.
|
||||||
optional string track_type = 3;
|
optional string track_type = 3;
|
||||||
optional KeySlot key_slot = 4;
|
optional KeySlot key_slot = 4;
|
||||||
|
optional uint32 period_index = 5;
|
||||||
}
|
}
|
||||||
optional Status status = 1;
|
optional Status status = 1;
|
||||||
optional string status_message = 2;
|
optional string status_message = 2;
|
||||||
|
|||||||
Reference in New Issue
Block a user