115 lines
4.5 KiB
C++
115 lines
4.5 KiB
C++
////////////////////////////////////////////////////////////////////////////////
|
|
// Copyright 2019 Google LLC.
|
|
//
|
|
// This software is licensed under the terms defined in the Widevine Master
|
|
// License Agreement. For a copy of this agreement, please contact
|
|
// widevine-licensing@google.com.
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
#ifndef COMMON_CERTIFICATE_CLIENT_CERT_H_
|
|
#define COMMON_CERTIFICATE_CLIENT_CERT_H_
|
|
|
|
#include "common/client_cert.h"
|
|
#include "common/hash_algorithm.h"
|
|
#include "protos/public/drm_certificate.pb.h"
|
|
|
|
namespace widevine {
|
|
|
|
class ClientCertAlgorithm {
|
|
public:
|
|
ClientCertAlgorithm() = default;
|
|
virtual ~ClientCertAlgorithm() = default;
|
|
ClientCertAlgorithm(const ClientCertAlgorithm&) = delete;
|
|
ClientCertAlgorithm& operator=(const ClientCertAlgorithm&) = delete;
|
|
|
|
// Initialize the algorithm module using the |public_key| from the drm
|
|
// certificate. The |algorithm| value provides additional information needed
|
|
// by the ECC implementation of this interface.
|
|
virtual Status Initialize(const std::string& public_key,
|
|
DrmCertificate::Algorithm algorithm) = 0;
|
|
|
|
// Verify the |signature| of an incoming request |message| using the public
|
|
// key from the drm certificate.
|
|
virtual Status VerifySignature(const std::string& message,
|
|
HashAlgorithm hash_algorithm,
|
|
const std::string& signature) const = 0;
|
|
|
|
// Returns the key to be used in key derivation of the license
|
|
// protocol.
|
|
virtual const std::string& session_key() const = 0;
|
|
|
|
// Returns a byte std::string to be included in the SignedMessage::session_key
|
|
// field of a license response. This key may be either an encrypted aes key,
|
|
// or the bytes of an ephemeral public key.
|
|
virtual const std::string& wrapped_session_key() const = 0;
|
|
|
|
// Returns information on the type session key used in this format. This value
|
|
// is intended to be included in the SignedMessage::session_key_type field of
|
|
// a license response.
|
|
virtual SignedMessage::SessionKeyType session_key_type() const = 0;
|
|
};
|
|
|
|
class CertificateClientCert : public ClientCert {
|
|
public:
|
|
CertificateClientCert() {}
|
|
~CertificateClientCert() override {}
|
|
CertificateClientCert(const CertificateClientCert&) = delete;
|
|
CertificateClientCert& operator=(const CertificateClientCert&) = delete;
|
|
Status Initialize(const DrmRootCertificate* root_certificate,
|
|
const std::string& serialized_certificate);
|
|
|
|
Status VerifySignature(const std::string& message,
|
|
HashAlgorithm hash_algorithm,
|
|
const std::string& signature,
|
|
ProtocolVersion protocol_version) const override;
|
|
|
|
void GenerateSigningKey(const std::string& message,
|
|
ProtocolVersion protocol_version) override;
|
|
|
|
const std::string& encrypted_key() const override {
|
|
return algorithm_->wrapped_session_key();
|
|
}
|
|
const std::string& key() const override { return algorithm_->session_key(); }
|
|
SignedMessage::SessionKeyType key_type() const override {
|
|
return algorithm_->session_key_type();
|
|
}
|
|
bool using_dual_certificate() const override { return false; }
|
|
const std::string& serial_number() const override {
|
|
return device_cert_.serial_number();
|
|
}
|
|
const std::string& service_id() const override {
|
|
return provisioner_certificate_.provider_id();
|
|
}
|
|
const std::string& signing_key() const override { return signing_key_; }
|
|
const std::string& signer_serial_number() const override {
|
|
return model_certificate_.serial_number();
|
|
}
|
|
uint32_t signer_creation_time_seconds() const override {
|
|
return model_certificate_.creation_time_seconds();
|
|
}
|
|
bool signed_by_provisioner() const override { return signed_by_provisioner_; }
|
|
uint32_t system_id() const override { return model_certificate_.system_id(); }
|
|
widevine::ClientIdentification::TokenType type() const override {
|
|
return ClientIdentification::DRM_DEVICE_CERTIFICATE;
|
|
}
|
|
const std::string& encrypted_unique_id() const override {
|
|
return device_cert_.rot_id().encrypted_unique_id();
|
|
}
|
|
const std::string& unique_id_hash() const override {
|
|
return device_cert_.rot_id().unique_id_hash();
|
|
}
|
|
|
|
private:
|
|
std::unique_ptr<ClientCertAlgorithm> algorithm_;
|
|
bool signed_by_provisioner_ = false;
|
|
std::string signing_key_;
|
|
DrmCertificate model_certificate_;
|
|
DrmCertificate device_cert_;
|
|
DrmCertificate provisioner_certificate_;
|
|
bool is_initialized_ = false;
|
|
};
|
|
|
|
} // namespace widevine
|
|
|
|
#endif // COMMON_CERTIFICATE_CLIENT_CERT_H_
|