Initial v17 Release

Headers and Unit tests have been updated to match the v17 spec. Documentation can be found here: https://developers.devsite.corp.google.com/widevine/drm/client/oemcrypto/v17
2021-12-04 01:13:15 +00:00
parent 8e55868e8a
commit 044a89ef55
131 changed files with 6072 additions and 9038 deletions
--- a/oem_certificate_generator/oem_certificate.py
+++ b/oem_certificate_generator/oem_certificate.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
 # Copyright 2017 Google LLC. All Rights Reserved.

 """OEM certificate generation tool.
@@ -110,7 +111,7 @@ class X509CertificateChain(object):

    x509_stack = pkcs7.d.sign.cert
    certificates = []
-    for i in xrange(backend._lib.sk_X509_num(x509_stack)):
+    for i in range(backend._lib.sk_X509_num(x509_stack)):
      x509_value = backend._ffi.gc(
          backend._lib.X509_dup(backend._lib.sk_X509_value(x509_stack, i)),
          backend._lib.X509_free)
@@ -134,6 +135,10 @@ class X509CertificateChain(object):
    return backend._read_mem_bio(bio)


+# Type for argparse to accept byte buffers on the command line
+def utf8_bytes(utf8_str):
+  return utf8_str.encode('utf-8')
+
 def _multiple_of_1024(key_size_str):
  """argparse custom type function for key size."""
  key_size = int(key_size_str)
@@ -299,9 +304,9 @@ def generate_leaf_certificate(args):
 def secure_erase(args):
  """Subparser handler for secure erasing of a file."""
  length = args.file.tell()
-  for _ in xrange(args.passes):
+  for _ in range(args.passes):
    args.file.seek(0)
-    for _ in xrange(length):
+    for _ in range(length):
      args.file.write(os.urandom(1))
  args.file.close()
  os.remove(args.file.name)
@@ -403,6 +408,7 @@ def create_parser():
      '--output_private_key_file', type=argparse.FileType('wb'), required=True)
  parser_csr.add_argument(
      '--passphrase',
+      type=utf8_bytes,
      help=('specify an optional passphrase to encrypt the private key. The '
            'private key is not encrypted if omitted.'))
  parser_csr.set_defaults(func=generate_csr)
@@ -429,7 +435,7 @@ def create_parser():
      '--root_certificate_file', type=argparse.FileType('rb'), required=True)
  parser_intermediate_cert.add_argument(
      '--root_private_key_file', type=argparse.FileType('rb'), required=True)
-  parser_intermediate_cert.add_argument('--root_private_key_passphrase')
+  parser_intermediate_cert.add_argument('--root_private_key_passphrase', type=utf8_bytes)
  parser_intermediate_cert.add_argument(
      '--output_certificate_file', type=argparse.FileType('wb'), required=True)
  parser_intermediate_cert.set_defaults(func=generate_intermediate_certificate)
@@ -460,13 +466,14 @@ def create_parser():
      '--intermediate_private_key_file',
      type=argparse.FileType('rb'),
      required=True)
-  parser_leaf_cert.add_argument('--intermediate_private_key_passphrase')
+  parser_leaf_cert.add_argument('--intermediate_private_key_passphrase', type=utf8_bytes)
  parser_leaf_cert.add_argument(
      '--output_certificate_file', type=argparse.FileType('wb'), required=True)
  parser_leaf_cert.add_argument(
      '--output_private_key_file', type=argparse.FileType('wb'), required=True)
  parser_leaf_cert.add_argument(
      '--passphrase',
+      type=utf8_bytes,
      help=('specify an optional passphrase to encrypt the private key. The '
            'private key is not encrypted if omitted.'))
  parser_leaf_cert.set_defaults(func=generate_leaf_certificate)
@@ -497,7 +504,7 @@ def main():
  args = sys.argv[1:]
  config_file_name = 'oem_certificate.cfg'
  if os.path.isfile(config_file_name):
-    print 'Load from args default configuration file: ', config_file_name
+    print('Load from args default configuration file: ', config_file_name)
    args.append('@' + config_file_name)
  parser_args = create_parser().parse_args(args)
  parser_args.func(parser_args)
--- a/oem_certificate_generator/oem_certificate_test_helper.py
+++ b/oem_certificate_generator/oem_certificate_test_helper.py
@@ -1,9 +1,10 @@
+#!/usr/bin/python3
 # Copyright 2017 Google LLC. All Rights Reserved.

 """Common test utility functions for OEM certificate generation."""

 import datetime
-import StringIO
+import io

 from cryptography import x509
 from cryptography.hazmat import backends
@@ -24,7 +25,7 @@ _NOT_VALID_BEFORE = datetime.datetime(2001, 8, 9)
 _VALID_DURATION = 100
 _LEAF_CERT_VALID_DURATION = 8000
 _SYSTEM_ID = 2001
-_ROOT_PRIVATE_KEY_PASSPHRASE = 'root_passphrase'
+_ROOT_PRIVATE_KEY_PASSPHRASE = b'root_passphrase'


 class ArgParseObject(object):
@@ -67,11 +68,11 @@ def setup_csr_args(country_name=_COUNTRY_NAME,
  if output_csr_file:
    args.output_csr_file = output_csr_file
  else:
-    args.output_csr_file = StringIO.StringIO()
+    args.output_csr_file = io.BytesIO()
  if output_private_key_file:
    args.output_private_key_file = output_private_key_file
  else:
-    args.output_private_key_file = StringIO.StringIO()
+    args.output_private_key_file = io.BytesIO()
  args.passphrase = passphrase
  return args

@@ -86,12 +87,12 @@ def setup_intermediate_cert_args(
  args.not_valid_before = not_valid_before
  args.valid_duration = valid_duration
  args.system_id = system_id
-  args.csr_file = StringIO.StringIO(csr_bytes)
+  args.csr_file = io.BytesIO(csr_bytes)
  args.root_private_key_passphrase = root_private_key_passphrase
  if output_certificate_file:
    args.output_certificate_file = output_certificate_file
  else:
-    args.output_certificate_file = StringIO.StringIO()
+    args.output_certificate_file = io.BytesIO()

  serialized_private_key = root_key.private_bytes(
      serialization.Encoding.DER,
@@ -100,8 +101,8 @@ def setup_intermediate_cert_args(
          args.root_private_key_passphrase))
  serialized_certificate = root_certificate.public_bytes(
      serialization.Encoding.DER)
-  args.root_certificate_file = StringIO.StringIO(serialized_certificate)
-  args.root_private_key_file = StringIO.StringIO(serialized_private_key)
+  args.root_certificate_file = io.BytesIO(serialized_certificate)
+  args.root_private_key_file = io.BytesIO(serialized_private_key)
  return args


@@ -122,16 +123,16 @@ def setup_leaf_cert_args(intermediate_key_bytes,
  if output_certificate_file:
    args.output_certificate_file = output_certificate_file
  else:
-    args.output_certificate_file = StringIO.StringIO()
+    args.output_certificate_file = io.BytesIO()
  if output_private_key_file:
    args.output_private_key_file = output_private_key_file
  else:
-    args.output_private_key_file = StringIO.StringIO()
+    args.output_private_key_file = io.BytesIO()
  args.passphrase = passphrase

-  args.intermediate_private_key_file = StringIO.StringIO(
+  args.intermediate_private_key_file = io.BytesIO(
      intermediate_key_bytes)
-  args.intermediate_certificate_file = StringIO.StringIO(
+  args.intermediate_certificate_file = io.BytesIO(
      intermediate_certificate_bytes)
  return args