Update to support OEMCrypto v16 with ODK

common/dual_certificate_client_cert.cc

@@ -0,0 +1,113 @@
+////////////////////////////////////////////////////////////////////////////////
+// Copyright 2020 Google LLC.
+//
+// This software is licensed under the terms defined in the Widevine Master
+// License Agreement. For a copy of this agreement, please contact
+// widevine-licensing@google.com.
+////////////////////////////////////////////////////////////////////////////////
+
+#include "common/dual_certificate_client_cert.h"
+
+#include "common/error_space.h"
+#include "common/status.h"
+#include "protos/public/errors.pb.h"
+
+namespace widevine {
+
+Status DualCertificateClientCert::Initialize(
+    const DrmRootCertificate* root_certificate,
+    const std::string& serialized_signing_certificate,
+    const std::string& serialized_encryption_certificate) {
+  Status status = signing_certificate_.Initialize(
+      root_certificate, serialized_signing_certificate);
+  if (!status.ok()) {
+    return status;
+  }
+  status = encryption_certificate_.Initialize(
+      root_certificate, serialized_encryption_certificate);
+  if (!status.ok()) {
+    return status;
+  }
+  if (encryption_certificate_.signer_serial_number() !=
+      signing_certificate_.signer_serial_number()) {
+    return Status(error_space, INVALID_DRM_CERTIFICATE,
+                  "certificate_signer_mismatch");
+  }
+  if ((encryption_certificate_.system_id() !=
+       signing_certificate_.system_id()) ||
+      (encryption_certificate_.service_id() !=
+       signing_certificate_.service_id()) ||
+      (encryption_certificate_.signer_creation_time_seconds() !=
+       signing_certificate_.signer_creation_time_seconds()) ||
+      (encryption_certificate_.signed_by_provisioner() !=
+       signing_certificate_.signed_by_provisioner())) {
+    return Status(error_space, INVALID_DRM_CERTIFICATE,
+                  "invalid_certificate_pair");
+  }
+  return OkStatus();
+}
+
+Status DualCertificateClientCert::VerifySignature(
+    const std::string& message, HashAlgorithm hash_algorithm,
+    const std::string& signature, ProtocolVersion protocol_version) const {
+  return signing_certificate_.VerifySignature(message, hash_algorithm,
+                                              signature, protocol_version);
+}
+
+void DualCertificateClientCert::GenerateSigningKey(
+    const std::string& message, ProtocolVersion protocol_version) {
+  encryption_certificate_.GenerateSigningKey(message, protocol_version);
+}
+
+const std::string& DualCertificateClientCert::encrypted_key() const {
+  return encryption_certificate_.encrypted_key();
+}
+
+const std::string& DualCertificateClientCert::key() const {
+  return encryption_certificate_.key();
+}
+
+SignedMessage::SessionKeyType DualCertificateClientCert::key_type() const {
+  return encryption_certificate_.key_type();
+}
+
+// TODO(b/155979840): Support revocation check for the encryption certificate.
+const std::string& DualCertificateClientCert::serial_number() const {
+  return signing_certificate_.serial_number();
+}
+
+const std::string& DualCertificateClientCert::service_id() const {
+  return signing_certificate_.service_id();
+}
+
+const std::string& DualCertificateClientCert::signing_key() const {
+  return encryption_certificate_.signing_key();
+}
+
+const std::string& DualCertificateClientCert::signer_serial_number() const {
+  return signing_certificate_.signer_serial_number();
+}
+
+uint32_t DualCertificateClientCert::signer_creation_time_seconds() const {
+  return signing_certificate_.signer_creation_time_seconds();
+}
+
+bool DualCertificateClientCert::signed_by_provisioner() const {
+  return signing_certificate_.signed_by_provisioner();
+}
+
+uint32_t DualCertificateClientCert::system_id() const {
+  return signing_certificate_.system_id();
+}
+
+// TODO(b/155979840): Support revocation check for the encryption certificate.
+const std::string& DualCertificateClientCert::encrypted_unique_id() const {
+  return signing_certificate_.encrypted_unique_id();
+}
+
+// TODO(b/155979840): Support revocation check for the encryption certificate.
+const std::string& DualCertificateClientCert::unique_id_hash() const {
+  return signing_certificate_.unique_id_hash();
+}
+
+}  // namespace widevine