widevine-partner/provisioning_sdk_source
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
provisioning_sdk_source/common/keybox_client_cert.cc
KongQun Yang 69d813f0f1 Update to support OEMCrypto v16 with ODK
2020-09-21 15:54:27 -07:00

59 lines
2.3 KiB
C++
Raw Permalink Blame History

////////////////////////////////////////////////////////////////////////////////
// Copyright 2019 Google LLC.
//
// This software is licensed under the terms defined in the Widevine Master
// License Agreement. For a copy of this agreement, please contact
// widevine-licensing@google.com.
////////////////////////////////////////////////////////////////////////////////
#include "common/keybox_client_cert.h"
#include "glog/logging.h"
#include "common/crypto_util.h"
#include "common/error_space.h"
#include "common/sha_util.h"
#include "common/signing_key_util.h"
#include "common/wvm_token_handler.h"
#include "protos/public/errors.pb.h"
namespace widevine {
Status KeyboxClientCert::Initialize(const std::string& keybox_token) {
system_id_ = WvmTokenHandler::GetSystemId(keybox_token);
serial_number_ = WvmTokenHandler::GetEncryptedUniqueId(keybox_token);
bool insecure_keybox = false;
Status status = WvmTokenHandler::DecryptDeviceKey(keybox_token, &device_key_,
nullptr, &insecure_keybox);
if (!status.ok()) {
Errors new_code = status.error_code() == error::NOT_FOUND
? MISSING_PRE_PROV_KEY
: KEYBOX_DECRYPT_ERROR;
return Status(error_space, new_code, status.error_message());
}
return OkStatus();
}
// |hash_algorithm| is needed for function inheritance.
// For KeyBoxClientCert, we always use HMAC-SHA256 in signature verification.
Status KeyboxClientCert::VerifySignature(
const std::string& message, HashAlgorithm hash_algorithm,
const std::string& signature, ProtocolVersion protocol_version) const {
DCHECK(!signing_key_.empty());
using crypto_util::VerifySignatureHmacSha256;
if (!VerifySignatureHmacSha256(
GetClientSigningKey(signing_key_, protocol_version), signature,
message)) {
return Status(error_space, INVALID_SIGNATURE, "invalid-keybox-mac");
}
return OkStatus();
}
void KeyboxClientCert::GenerateSigningKey(const std::string& message,
ProtocolVersion protocol_version) {
signing_key_ = crypto_util::DeriveKey(
key(), crypto_util::kSigningKeyLabel,
protocol_version < VERSION_2_2 ? message : Sha512_Hash(message),
SigningKeyMaterialSizeBits(protocol_version));
}
} // namespace widevine
Reference in New Issue View Git Blame Copy Permalink