68 lines
2.5 KiB
C++
68 lines
2.5 KiB
C++
////////////////////////////////////////////////////////////////////////////////
|
|
// Copyright 2019 Google LLC.
|
|
//
|
|
// This software is licensed under the terms defined in the Widevine Master
|
|
// License Agreement. For a copy of this agreement, please contact
|
|
// widevine-licensing@google.com.
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Description:
|
|
// Helper methods for the Root of Trust Id.
|
|
|
|
#ifndef COMMON_ROT_ID_UTIL_H_
|
|
#define COMMON_ROT_ID_UTIL_H_
|
|
|
|
#include <memory>
|
|
#include <vector>
|
|
|
|
#include <cstdint>
|
|
#include "common/ec_key.h"
|
|
#include "common/local_ec_key_source.h"
|
|
|
|
namespace widevine {
|
|
|
|
// Helper function that generates the unique id hash from the |unique_id| and
|
|
// the |salt|. |salt| is an internal secret.
|
|
//
|
|
// Returns the hash value on success.
|
|
// If |salt| or |unique_id| are empty, this will return an empty string.
|
|
std::string GenerateUniqueIdHash(const std::string& unique_id,
|
|
const std::string& salt);
|
|
|
|
// Helper function that generates the hash for the ROT id from the
|
|
// |unique_id_hash|, the |system_id| and the |salt|. |salt| is typically an
|
|
// encrypted unique id. Since we use an ephemeral eliptic curve key as part of
|
|
// the encrypted unique id, the value is effectively random can be used as a
|
|
// salt.
|
|
// Returns the hash value on success.
|
|
// If |salt| or |unique_id_hash| are empty, this will return an empty
|
|
// string.
|
|
std::string GenerateRotIdHash(const std::string& salt, uint32_t system_id,
|
|
const std::string& unique_id_hash);
|
|
|
|
// Helper function that compares the |rot_id_hash| to a hash of each of the
|
|
// |revoked_ids|. The |revoked_ids| are the unique id hash (aka inner hash)
|
|
// values as defined in the spec at go/wv-kb-id. The |encrypted_unique_id| and
|
|
// |system_id| are used to compute the hash of each of the |revoked_ids|.
|
|
// Returns true if any of the revoked_ids match.
|
|
template <typename V>
|
|
bool IsRotIdRevoked(const std::string& encrypted_unique_id, uint32_t system_id,
|
|
const std::string& rot_id_hash, const V& revoked_ids) {
|
|
// This could conceivably happen for legacy DRM certificates without a ROT id.
|
|
// No need to match if there's nothing to match against.
|
|
if (encrypted_unique_id.empty() || rot_id_hash.empty()) {
|
|
return false;
|
|
}
|
|
|
|
for (const auto& revoked_id : revoked_ids) {
|
|
if (GenerateRotIdHash(encrypted_unique_id, system_id, revoked_id) ==
|
|
rot_id_hash) {
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
} // namespace widevine
|
|
#endif // COMMON_ROT_ID_UTIL_H_
|