widevine-partner/media_cas_packager_sdk_source
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ed5a1d5db1c573b75dfbfb0b9845c216f932443a
media_cas_packager_sdk_source/common/rot_id_util.h
Lu Chen ac564bb46f Update includes and BUILD
2020-02-05 11:21:51 -08:00

60 lines
2.2 KiB
C++
Raw Blame History

////////////////////////////////////////////////////////////////////////////////
// Copyright 2019 Google LLC.
//
// This software is licensed under the terms defined in the Widevine Master
// License Agreement. For a copy of this agreement, please contact
// widevine-licensing@google.com.
////////////////////////////////////////////////////////////////////////////////
//
// Description:
// Helper methods for the Root of Trust Id.
#ifndef COMMON_ROT_ID_UTIL_H_
#define COMMON_ROT_ID_UTIL_H_
#include <memory>
#include <vector>
#include <cstdint>
#include "common/ec_key.h"
#include "common/local_ec_key_source.h"
namespace widevine {
// Helper function that generates the hash for the ROT id from the
// |unique_id_hash|, the |system_id| and the |salt|. |salt| is typically an
// encrypted unique id. Since we use an ephemeral eliptic curve key as part of
// the encrypted unique id, the value is effectively random can be used as a
// salt.
// Returns the hash value on success.
// If |salt| or |unique_id_hash| are empty, this will return an empty
// string.
std::string GenerateRotIdHash(const std::string& salt, uint32_t system_id,
const std::string& unique_id_hash);
// Helper function that compares the |rot_id_hash| to a hash of each of the
// |revoked_ids|. The |revoked_ids| are the unique id hash (aka inner hash)
// values as defined in the spec at go/wv-kb-id. The |encrypted_unique_id| and
// |system_id| are used to compute the hash of each of the |revoked_ids|.
// Returns true if any of the revoked_ids match.
template <typename V>
bool IsRotIdRevoked(const std::string& encrypted_unique_id, uint32_t system_id,
const std::string& rot_id_hash, const V& revoked_ids) {
// This could conceivably happen for legacy DRM certificates without a ROT id.
// No need to match if there's nothing to match against.
if (encrypted_unique_id.empty() || rot_id_hash.empty()) {
return false;
}
for (const auto& revoked_id : revoked_ids) {
if (GenerateRotIdHash(encrypted_unique_id, system_id, revoked_id) ==
rot_id_hash) {
return true;
}
}
return false;
}
} // namespace widevine
#endif // COMMON_ROT_ID_UTIL_H_
Reference in New Issue View Git Blame Copy Permalink