From 178496c8b40c1a9070323a5580575ac52a5edc56 Mon Sep 17 00:00:00 2001 From: Jacob Trimble Date: Mon, 12 Dec 2022 16:53:41 -0800 Subject: [PATCH] Update ODK to v17.1 and add tests --- whitebox/WORKSPACE | 4 +- whitebox/api/BUILD | 4 +- ...cess_license_response_core_message_test.cc | 164 ++++---------- whitebox/api/test_license_builder.cc | 39 +++- whitebox/api/test_license_builder.h | 3 + whitebox/chromium_deps/cdm/protos/BUILD | 28 ++- .../{defs => }/certificate_provisioning.proto | 0 .../{defs => }/client_identification.proto | 0 whitebox/chromium_deps/cdm/protos/defs/BUILD | 41 ---- .../cdm/protos/drm_certificate.proto | 102 +++++++++ .../chromium_deps/cdm/protos/dtcp_usage.proto | 156 +++++++++++++ .../cdm/protos/hash_algorithm.proto | 18 ++ .../cdm/protos/license_protocol.pb.h | 10 - .../protos/{defs => }/license_protocol.proto | 205 +++++++++++++++--- .../{defs => }/remote_attestation.proto | 2 +- .../cdm/protos/root_of_trust_id.proto | 44 ++++ whitebox/external/odk.BUILD | 2 + whitebox/odk_deps/BUILD | 3 +- whitebox/odk_deps/license_protocol.pb.h | 4 +- whitebox/reference/impl/BUILD | 8 +- 20 files changed, 615 insertions(+), 222 deletions(-) rename whitebox/chromium_deps/cdm/protos/{defs => }/certificate_provisioning.proto (100%) rename whitebox/chromium_deps/cdm/protos/{defs => }/client_identification.proto (100%) delete mode 100644 whitebox/chromium_deps/cdm/protos/defs/BUILD create mode 100644 whitebox/chromium_deps/cdm/protos/drm_certificate.proto create mode 100644 whitebox/chromium_deps/cdm/protos/dtcp_usage.proto create mode 100644 whitebox/chromium_deps/cdm/protos/hash_algorithm.proto delete mode 100644 whitebox/chromium_deps/cdm/protos/license_protocol.pb.h rename whitebox/chromium_deps/cdm/protos/{defs => }/license_protocol.proto (68%) rename whitebox/chromium_deps/cdm/protos/{defs => }/remote_attestation.proto (91%) create mode 100644 whitebox/chromium_deps/cdm/protos/root_of_trust_id.proto diff --git a/whitebox/WORKSPACE b/whitebox/WORKSPACE index 942c524..8db5d33 100644 --- a/whitebox/WORKSPACE +++ b/whitebox/WORKSPACE @@ -65,8 +65,8 @@ http_archive( new_git_repository( name = "odk_repo", build_file = "//external:odk.BUILD", - commit = "c1401c6a1cc6a4378b6aa3d1c3d3f1f58278616e", - remote = "https://widevine-partner.googlesource.com/oemcrypto_core_message.git", + commit = "5232c51e33dc2b61d8b8a7414063696e8aaac49b", # v17.1 + remote = "https://widevine-partner.googlesource.com/oemcrypto", ) bind( diff --git a/whitebox/api/BUILD b/whitebox/api/BUILD index 6fa4388..6a75f8e 100644 --- a/whitebox/api/BUILD +++ b/whitebox/api/BUILD @@ -164,7 +164,7 @@ cc_library( ":license_whitebox", ":shared_settings", ":test_key_types", - "//chromium_deps/cdm/protos:license_protocol_proto", + "//chromium_deps/cdm/protos", ], ) @@ -191,7 +191,7 @@ cc_library( ":test_license_provider_keys", ":test_server", "//chromium_deps/cdm/keys:dev_certs", - "//chromium_deps/cdm/protos:license_protocol_proto", + "//chromium_deps/cdm/protos", "//crypto_utils:aes_cbc_encryptor", "//crypto_utils:crypto_util", "//external:odk", diff --git a/whitebox/api/license_whitebox_process_license_response_core_message_test.cc b/whitebox/api/license_whitebox_process_license_response_core_message_test.cc index a41c0f6..e67b38a 100644 --- a/whitebox/api/license_whitebox_process_license_response_core_message_test.cc +++ b/whitebox/api/license_whitebox_process_license_response_core_message_test.cc @@ -2,6 +2,7 @@ #include "api/license_whitebox.h" +#include #include #include "api/license_whitebox_test_base.h" @@ -11,6 +12,9 @@ namespace widevine { using OdkVersion = TestLicenseBuilder::OdkVersion; +using Padding = TestLicenseBuilder::Padding; + +constexpr const Padding kNoSigningKey = static_cast(0xff); class LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest : public LicenseWhiteboxTestBase { @@ -42,9 +46,18 @@ class LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest // Success tests below test with and without the ODK. -TEST_F(LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest, - SuccessWithoutOdkAndWithoutSigningKey) { - UseLicenseWithoutSigningKey(OdkVersion::kNone); +class LicenseWhiteboxProcessLicenseResponseWithCoreMessageGenericTest + : public LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest, + public testing::WithParamInterface> {}; + +TEST_P(LicenseWhiteboxProcessLicenseResponseWithCoreMessageGenericTest, + Success) { + if (std::get<0>(GetParam()) == kNoSigningKey) { + UseLicenseWithoutSigningKey(std::get<1>(GetParam())); + } else { + UseLicenseWithSigningKey(std::get<0>(GetParam()), std::get<1>(GetParam())); + } + ASSERT_EQ( WB_License_ProcessLicenseResponse( whitebox_, WB_LICENSE_KEY_MODE_DUAL_KEY, license_.core_message.data(), @@ -54,125 +67,24 @@ TEST_F(LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest, license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.request.size()), WB_RESULT_OK); + + auto& key = golden_data_.CBCContent().software_crypto_key; + WB_KeyStatus status; + ASSERT_EQ(WB_License_QueryKeyStatus( + whitebox_, WB_KEY_QUERY_TYPE_CONTENT_KEY, key.id.data(), + key.id.size(), &status), + WB_RESULT_OK); } -TEST_F(LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest, - SuccessWithOdk16_3AndWithoutSigningKey) { - UseLicenseWithoutSigningKey(OdkVersion::k16_3); - ASSERT_EQ( - WB_License_ProcessLicenseResponse( - whitebox_, WB_LICENSE_KEY_MODE_DUAL_KEY, license_.core_message.data(), - license_.core_message.size(), license_.message.data(), - license_.message.size(), license_.signature.data(), - license_.signature.size(), license_.session_key.data(), - license_.session_key.size(), kNoProviderKeyId, - license_.request.data(), license_.request.size()), - WB_RESULT_OK); -} +INSTANTIATE_TEST_SUITE_P( + Success, + LicenseWhiteboxProcessLicenseResponseWithCoreMessageGenericTest, + ::testing::Combine( + ::testing::Values(kNoSigningKey, Padding::kNone, Padding::kPKSC8), + ::testing::Values(OdkVersion::kNone, OdkVersion::k16_3, + OdkVersion::k16_5, OdkVersion::k17_1))); -TEST_F(LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest, - SuccessWithOdk16_5AndWithoutSigningKey) { - UseLicenseWithoutSigningKey(OdkVersion::k16_5); - ASSERT_EQ( - WB_License_ProcessLicenseResponse( - whitebox_, WB_LICENSE_KEY_MODE_DUAL_KEY, license_.core_message.data(), - license_.core_message.size(), license_.message.data(), - license_.message.size(), license_.signature.data(), - license_.signature.size(), license_.session_key.data(), - license_.session_key.size(), kNoProviderKeyId, - license_.request.data(), license_.request.size()), - WB_RESULT_OK); -} - -TEST_F(LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest, - SuccessWithoutOdkAndWithSigningKeyNoPadding) { - UseLicenseWithSigningKey(TestLicenseBuilder::Padding::kNone, - OdkVersion::kNone); - ASSERT_EQ( - WB_License_ProcessLicenseResponse( - whitebox_, WB_LICENSE_KEY_MODE_DUAL_KEY, license_.core_message.data(), - license_.core_message.size(), license_.message.data(), - license_.message.size(), license_.signature.data(), - license_.signature.size(), license_.session_key.data(), - license_.session_key.size(), kNoProviderKeyId, - license_.request.data(), license_.request.size()), - WB_RESULT_OK); -} - -TEST_F(LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest, - SuccessWithOdk16_3AndWithSigningKeyNoPadding) { - UseLicenseWithSigningKey(TestLicenseBuilder::Padding::kNone, - OdkVersion::k16_3); - ASSERT_EQ( - WB_License_ProcessLicenseResponse( - whitebox_, WB_LICENSE_KEY_MODE_DUAL_KEY, license_.core_message.data(), - license_.core_message.size(), license_.message.data(), - license_.message.size(), license_.signature.data(), - license_.signature.size(), license_.session_key.data(), - license_.session_key.size(), kNoProviderKeyId, - license_.request.data(), license_.request.size()), - WB_RESULT_OK); -} - -TEST_F(LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest, - SuccessWithOdk16_5AndWithSigningKeyNoPadding) { - UseLicenseWithSigningKey(TestLicenseBuilder::Padding::kNone, - OdkVersion::k16_5); - ASSERT_EQ( - WB_License_ProcessLicenseResponse( - whitebox_, WB_LICENSE_KEY_MODE_DUAL_KEY, license_.core_message.data(), - license_.core_message.size(), license_.message.data(), - license_.message.size(), license_.signature.data(), - license_.signature.size(), license_.session_key.data(), - license_.session_key.size(), kNoProviderKeyId, - license_.request.data(), license_.request.size()), - WB_RESULT_OK); -} - -TEST_F(LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest, - SuccessWithoutOdkAndWithSigningKeyPKSC8Padding) { - UseLicenseWithSigningKey(TestLicenseBuilder::Padding::kPKSC8, - OdkVersion::kNone); - ASSERT_EQ( - WB_License_ProcessLicenseResponse( - whitebox_, WB_LICENSE_KEY_MODE_DUAL_KEY, license_.core_message.data(), - license_.core_message.size(), license_.message.data(), - license_.message.size(), license_.signature.data(), - license_.signature.size(), license_.session_key.data(), - license_.session_key.size(), kNoProviderKeyId, - license_.request.data(), license_.request.size()), - WB_RESULT_OK); -} - -TEST_F(LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest, - SuccessWithOdk16_3AndWithSigningKeyPKSC8Padding) { - UseLicenseWithSigningKey(TestLicenseBuilder::Padding::kPKSC8, - OdkVersion::k16_3); - ASSERT_EQ( - WB_License_ProcessLicenseResponse( - whitebox_, WB_LICENSE_KEY_MODE_DUAL_KEY, license_.core_message.data(), - license_.core_message.size(), license_.message.data(), - license_.message.size(), license_.signature.data(), - license_.signature.size(), license_.session_key.data(), - license_.session_key.size(), kNoProviderKeyId, - license_.request.data(), license_.request.size()), - WB_RESULT_OK); -} - -TEST_F(LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest, - SuccessWithOdk16_5AndWithSigningKeyPKSC8Padding) { - UseLicenseWithSigningKey(TestLicenseBuilder::Padding::kPKSC8, - OdkVersion::k16_5); - ASSERT_EQ( - WB_License_ProcessLicenseResponse( - whitebox_, WB_LICENSE_KEY_MODE_DUAL_KEY, license_.core_message.data(), - license_.core_message.size(), license_.message.data(), - license_.message.size(), license_.signature.data(), - license_.signature.size(), license_.session_key.data(), - license_.session_key.size(), kNoProviderKeyId, - license_.request.data(), license_.request.size()), - WB_RESULT_OK); -} +// Failure tests TEST_F(LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest, InvalidParameterForNullCoreMessage) { @@ -188,6 +100,20 @@ TEST_F(LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest, WB_RESULT_INVALID_PARAMETER); } +TEST_F(LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest, + InvalidParameterForInvalidVersionNumber) { + UseLicenseWithoutSigningKey(OdkVersion::k99); + ASSERT_EQ( + WB_License_ProcessLicenseResponse( + whitebox_, WB_LICENSE_KEY_MODE_DUAL_KEY, license_.core_message.data(), + license_.core_message.size(), license_.message.data(), + license_.message.size(), license_.signature.data(), + license_.signature.size(), license_.session_key.data(), + license_.session_key.size(), kNoProviderKeyId, + license_.request.data(), license_.request.size()), + WB_RESULT_INVALID_PARAMETER); +} + TEST_F(LicenseWhiteboxProcessLicenseResponseWithCoreMessageTest, InvalidSignatureWithZeroCoreMessageSize) { UseLicenseWithoutSigningKey(OdkVersion::k16_5); diff --git a/whitebox/api/test_license_builder.cc b/whitebox/api/test_license_builder.cc index 5f83439..4f03944 100644 --- a/whitebox/api/test_license_builder.cc +++ b/whitebox/api/test_license_builder.cc @@ -182,7 +182,9 @@ std::string GenerateCoreMessage(const std::string& serialized_request, uint16_t api_major_version, uint16_t api_minor_version, bool use_padding) { - DCHECK_EQ(api_major_version, ODK_MAJOR_VERSION) + DCHECK_GE(api_major_version, ODK_FIRST_VERSION) + << "Verify ODK library is compatible."; + DCHECK_LE(api_major_version, ODK_MAJOR_VERSION) << "Verify ODK library is compatible."; constexpr uint32_t session_id = 0xcafebabe; constexpr uint32_t nonce = 0xdeadbeef; @@ -219,9 +221,14 @@ std::string GenerateCoreMessage(const std::string& serialized_request, CHECK(oemcrypto_core_message::deserialize::CoreLicenseRequestFromMessage( request_core_message, &core_request)); + oemcrypto_core_message::features::CoreMessageFeatures features = + oemcrypto_core_message::features::CoreMessageFeatures::kDefaultFeatures; + features.maximum_major_version = api_major_version; + features.maximum_minor_version = api_minor_version; + std::string oemcrypto_core_message; CHECK(oemcrypto_core_message::serialize::CreateCoreLicenseResponseFromProto( - serialized_license_response, core_request, core_message_hash, + features, serialized_license_response, core_request, core_message_hash, /* nonce_required= */ true, use_padding, &oemcrypto_core_message)); return oemcrypto_core_message; } @@ -466,12 +473,32 @@ void AddOperatorSessionKeyToContainer( container->set_id(key_id.data(), key_id.size()); } +uint16_t GetOdkMajorVersion(TestLicenseBuilder::OdkVersion odk_version) { + switch (odk_version) { + case TestLicenseBuilder::OdkVersion::k16_3: + case TestLicenseBuilder::OdkVersion::k16_5: + case TestLicenseBuilder::OdkVersion::k99: + return 16; + case TestLicenseBuilder::OdkVersion::k17_1: + return 17; + case TestLicenseBuilder::OdkVersion::kNone: + DCHECK(false); + return 0; + default: + CHECK(false) << "Unknown ODK Version"; + return 0; + } +} + uint16_t GetOdkMinorVersion(TestLicenseBuilder::OdkVersion odk_version) { switch (odk_version) { case TestLicenseBuilder::OdkVersion::k16_3: + case TestLicenseBuilder::OdkVersion::k99: return 3; case TestLicenseBuilder::OdkVersion::k16_5: return 5; + case TestLicenseBuilder::OdkVersion::k17_1: + return 1; case TestLicenseBuilder::OdkVersion::kNone: DCHECK(false); return 0; @@ -607,11 +634,17 @@ void TestLicenseBuilder::Build(const TestServer& server, std::string oemcrypto_core_message; if (settings_.odk_version != OdkVersion::kNone) { - uint16_t api_major_version = 16; + uint16_t api_major_version = GetOdkMajorVersion(settings_.odk_version);; uint16_t api_minor_version = GetOdkMinorVersion(settings_.odk_version); oemcrypto_core_message = GenerateCoreMessage( serialized_request_, message_str, api_major_version, api_minor_version, settings_.padding != Padding::kNone); + + if (settings_.odk_version == OdkVersion::k99) { + // Change the api_major_version field to be too large (invalid) + CHECK_EQ(oemcrypto_core_message[11], 16); + oemcrypto_core_message[11] = 99; + } } // If |odk_version| is kNone, |oemcrypto_core_message| will be empty. diff --git a/whitebox/api/test_license_builder.h b/whitebox/api/test_license_builder.h index 3a7a4f9..334acd2 100644 --- a/whitebox/api/test_license_builder.h +++ b/whitebox/api/test_license_builder.h @@ -56,6 +56,9 @@ class TestLicenseBuilder { kNone, // No `core_message` k16_3, // ODK version 16.3 k16_5, // ODK version 16.5 + k17_1, // ODK version 17.1 + + k99, // ODK 16.3, but with the version set to 99 (an arbitrary value). }; enum class KeyControlBlock { diff --git a/whitebox/chromium_deps/cdm/protos/BUILD b/whitebox/chromium_deps/cdm/protos/BUILD index fe6d1c6..6dcc830 100644 --- a/whitebox/chromium_deps/cdm/protos/BUILD +++ b/whitebox/chromium_deps/cdm/protos/BUILD @@ -1,13 +1,23 @@ # Copyright 2020 Google LLC. All Rights Reserved. -# Protobuf generated code doesn't like it when include prefixes are -# stripped off. So this is a stub to mimic the protobuf C++ header. -cc_library( - name = "license_protocol_proto", - hdrs = ["license_protocol.pb.h"], - strip_include_prefix = "//chromium_deps/cdm/protos", - visibility = ["//visibility:public"], - deps = [ - "//chromium_deps/cdm/protos/defs:license_protocol_proto", +# Protocol buffer definitions for Widevine Services. +package(default_visibility = ["//visibility:public"]) + +load("@com_google_protobuf//:protobuf.bzl", "cc_proto_library") + +cc_proto_library( + name = "protos", + srcs = [ + "certificate_provisioning.proto", + "client_identification.proto", + "drm_certificate.proto", + "dtcp_usage.proto", + "hash_algorithm.proto", + "license_protocol.proto", + "remote_attestation.proto", + "root_of_trust_id.proto", ], + include = ".", + default_runtime = "@com_google_protobuf//:protobuf", + protoc = "@com_google_protobuf//:protoc", ) diff --git a/whitebox/chromium_deps/cdm/protos/defs/certificate_provisioning.proto b/whitebox/chromium_deps/cdm/protos/certificate_provisioning.proto similarity index 100% rename from whitebox/chromium_deps/cdm/protos/defs/certificate_provisioning.proto rename to whitebox/chromium_deps/cdm/protos/certificate_provisioning.proto diff --git a/whitebox/chromium_deps/cdm/protos/defs/client_identification.proto b/whitebox/chromium_deps/cdm/protos/client_identification.proto similarity index 100% rename from whitebox/chromium_deps/cdm/protos/defs/client_identification.proto rename to whitebox/chromium_deps/cdm/protos/client_identification.proto diff --git a/whitebox/chromium_deps/cdm/protos/defs/BUILD b/whitebox/chromium_deps/cdm/protos/defs/BUILD deleted file mode 100644 index 1519f59..0000000 --- a/whitebox/chromium_deps/cdm/protos/defs/BUILD +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 2020 Google LLC. All Rights Reserved. - -# Protocol buffer definitions for Widevine Services. -package(default_visibility = ["//visibility:public"]) - -load("@com_google_protobuf//:protobuf.bzl", "cc_proto_library") - -cc_proto_library( - name = "certificate_provisioning_proto", - srcs = ["certificate_provisioning.proto"], - default_runtime = "@com_google_protobuf//:protobuf", - protoc = "@com_google_protobuf//:protoc", -) - -cc_proto_library( - name = "client_identification_proto", - srcs = ["client_identification.proto"], - default_runtime = "@com_google_protobuf//:protobuf", - protoc = "@com_google_protobuf//:protoc", -) - -cc_proto_library( - name = "license_protocol_proto", - srcs = ["license_protocol.proto"], - default_runtime = "@com_google_protobuf//:protobuf", - protoc = "@com_google_protobuf//:protoc", - deps = [ - ":client_identification_proto", - ":remote_attestation_proto", - ], -) - -cc_proto_library( - name = "remote_attestation_proto", - srcs = ["remote_attestation.proto"], - default_runtime = "@com_google_protobuf//:protobuf", - protoc = "@com_google_protobuf//:protoc", - deps = [ - ":client_identification_proto", - ], -) diff --git a/whitebox/chromium_deps/cdm/protos/drm_certificate.proto b/whitebox/chromium_deps/cdm/protos/drm_certificate.proto new file mode 100644 index 0000000..a447d99 --- /dev/null +++ b/whitebox/chromium_deps/cdm/protos/drm_certificate.proto @@ -0,0 +1,102 @@ +// Copyright 2017 Google LLC. All rights reserved. + +// Author: tinskip@google.com (Thomas Inskip) +// +// Description: +// DRM certificate object definition. + +syntax = "proto2"; + +package video_widevine; + +import "root_of_trust_id.proto"; + +option optimize_for = LITE_RUNTIME; + +// DRM certificate definition for user devices, intermediate, service, and root +// certificates. +// Next id: 13 +message DrmCertificate { + enum Type { + ROOT = 0; + DEVICE_MODEL = 1; + DEVICE = 2; + SERVICE = 3; + PROVISIONER = 4; + } + enum ServiceType { + UNKNOWN_SERVICE_TYPE = 0; + LICENSE_SERVER_SDK = 1; + LICENSE_SERVER_PROXY_SDK = 2; + PROVISIONING_SDK = 3; + CAS_PROXY_SDK = 4; + } + enum Algorithm { + UNKNOWN_ALGORITHM = 0; + RSA = 1; + ECC_SECP256R1 = 2; + ECC_SECP384R1 = 3; + ECC_SECP521R1 = 4; + } + + message EncryptionKey { + // |public_key| is required. + // If the |algorithm| is RSA, |public_key| is a PKCS#1 ASN.1 DER-encoded. + // If the |algorithm| is ECC, |public_key_ is encoded as an ASN.1 + // DER-encoded SubjectPublicKeyInfo as defined in RFC 5280. + optional bytes public_key = 1; + // Required. The algorithm field contains the curve used to create the + // |public_key| if algorithm is one of the ECC types. + // The |algorithm| is used for both to determine the if the certificate is + // ECC or RSA. The |algorithm| also specifies the parameters that were used + // to create |public_key| and are used to create an ephemeral session key. + optional Algorithm algorithm = 2 [default = RSA]; + } + + // Type of certificate. Required. + optional Type type = 1; + // 128-bit globally unique serial number of certificate. + // Value is 0 for root certificate. Required. + optional bytes serial_number = 2; + // POSIX time, in seconds, when the certificate was created. Required. + optional uint32 creation_time_seconds = 3; + // POSIX time, in seconds, when the certificate should expire. Value of zero + // denotes indefinite expiry time. For more information on limited lifespan + // DRM certificates see (go/limited-lifespan-drm-certificates). + optional uint32 expiration_time_seconds = 12; + // |public_key| is required. + // If the |algorithm| is RSA, |public_key| is a PKCS#1 ASN.1 DER-encoded. + // If the |algorithm| is ECC, |public_key| is encoded as an ASN.1 DER-encoded + // SubjectPublicKeyInfo as defined in RFC 5280. + optional bytes public_key = 4; + // Widevine system ID for the device. Required for intermediate and + // user device certificates. + optional uint32 system_id = 5; + // Deprecated field, which used to indicate whether the device was a test + // (non-production) device. The test_device field in ProvisionedDeviceInfo + // below should be observed instead. + optional bool test_device_deprecated = 6 [deprecated = true]; + // Service identifier (web origin) for the provider which owns the + // certificate. Required for service and provisioner certificates. + optional string provider_id = 7; + // This field is used only when type = SERVICE to specify which SDK uses + // service certificate. This repeated field is treated as a set. A certificate + // may be used for the specified service SDK if the appropriate ServiceType + // is specified in this field. + repeated ServiceType service_types = 8; + // Required. The algorithm field contains the curve used to create the + // |public_key| if algorithm is one of the ECC types. + // The |algorithm| is used for both to determine the if the certificate is ECC + // or RSA. The |algorithm| also specifies the parameters that were used to + // create |public_key| and are used to create an ephemeral session key. + optional Algorithm algorithm = 9 [default = RSA]; + // Optional. May be present in DEVICE certificate types. This is the root + // of trust identifier that holds an encrypted value that identifies the + // keybox or other root of trust that was used to provision a DEVICE drm + // certificate. + optional RootOfTrustId rot_id = 10; + // Optional. May be present in devices that explicitly support dual keys. When + // present the |public_key| is used for verification of received license + // request messages. + optional EncryptionKey encryption_key = 11; +} diff --git a/whitebox/chromium_deps/cdm/protos/dtcp_usage.proto b/whitebox/chromium_deps/cdm/protos/dtcp_usage.proto new file mode 100644 index 0000000..55b644a --- /dev/null +++ b/whitebox/chromium_deps/cdm/protos/dtcp_usage.proto @@ -0,0 +1,156 @@ +// Copyright 2021 Google LLC. All rights reserved. +// Description: +// Definitions of the protocol buffer message used for DTCP2 usage rules. + +syntax = "proto2"; + +package video_widevine; + +option optimize_for = LITE_RUNTIME; + +// LINT.IfChange +// DTCP2 usage rules used in the license policy. +message DTCPUsageRules { + // This field indicates the value of Retention_State. + enum RetentionState { + // (-- api-linter: core::0126::unspecified=disabled + // aip.dev/not-precedent: name and values are defined in the DTCP + // specification. --) + // Forever + RETENTION_STATE_FOREVER = 0; + // 1 week + RETENTION_STATE_1_WEEK = 1; + // 2 day + RETENTION_STATE_2_DAYS = 2; + // 1 day + RETENTION_STATE_1_DAY = 3; + // 12 hours + RETENTION_STATE_12_HOURS = 4; + // 6 hours + RETENTION_STATE_6_HOURS = 5; + // 3 hours + RETENTION_STATE_3_HOURS = 6; + // 90 minutes + RETENTION_STATE_90_MINUTES = 7; + } + + // This field indicates Copy Control Information (CCI). + enum CopyControlInfo { + // Copy freely + COPY_FREE = 0; + // No more copies + COPY_NO_MORE = 1; + // One time copy + COPY_ONE = 2; + // Copy not allowed + COPY_NEVER = 3; + } + + // This field indicates Analog Protection System (APS) used to block + // recording devices. + enum AnalogProtectionSystem { + // Copy freely, APS is off + APS_OFF = 0; + // APS is on, Type 1 (AGC) + APS_TYPE1 = 1; + // APS is on, Type 2 (AGC + 2L Colorstripe) + APS_TYPE2 = 2; + // APS is on, Type 3 (AGC + 4L Colorstripe) + APS_TYPE3 = 3; + } + + // This field indicates the value of the Image Constraint Token (ICT) that + // controls downsampling of high-definition video. + enum ImageConstraintToken { + // HD analog output, Constrained Image + ICT_CONSTRAINED = 0; + // HD analog out + ICT_HD_ANALOG = 1; + } + + // This field indicates the value of Analog Sunset Token (AST) used to limit + // playback to standard definition (SD) only + enum AnalogSunsetToken { + // Asserted + AST_ASSERTED = 0; + // Unasserted + AST_UNASERTED = 1; + } + + // This field indicates the value of Digital Only Token (DOT) used to restrict + // output to digital only. + enum DigitalOnlyToken { + // Asserted + DOT_ASSERTED = 0; + // Unasserted + DOT_UNASSERTED = 1; + } + + // This field indicates the value of Audio Enhanced Token (AET). + enum AudioEnhancedToken { + // Asserted + AET_ASSERTED = 0; + // Unasserted + AET_UNASSERTED = 1; + } + + // This field indicates the value of Standard Digital Output (SDO) token. + enum StandardDigitalOutputToken { + // Unasserted + SDO_UNASSEERTED = 0; + // Asserted, L2 protection is permitted + SDO_ASSEERTED = 1; + } + + // This field indicates the value of High Dynamic Rnage (HDR) token. + enum HighDynamicRangeToken { + // Unasserted, SDR conversion is permitted + HDR_UNASSERTED = 0; + // Unasserted, SDR conversion is not permitted + HDR_ASSERTED = 1; + } + + // This field indicates the value of the L2 Protection Only token. + enum L2ProtectionOnlyToken { + // Unasserted + L2_ONLY_UNASSERTED = 0; + // Aasserted (L2 protection onl) + L2_ONLY_ASSERTED = 1; + } + + // This field indicates the value of the Enhanced Image (EI) token + enum EnhancedImageToken { + // Unasserted, Non-Enhanced Image + EI_UNASSERTED = 0; + // Asserted, Enhanced Image + EI_ASSERTED = 1; + } + + // This field indicates whether a further Bound Copy can be made from a + // Bound Copy retained in accordance with the RetentionStatefield. + enum FurtherBoundCopy { + // Furthur Bound Copy Prohibited + FBC_PROHIBITED = 0; + // Furthur Bound Copy Permitted + FBC_PERMITTED = 1; + } + + // Indicates if Digital Transmission Control Protection 2 (DTCP2) is required. + optional bool require_dtcp2 = 1 [default = false]; + optional CopyControlInfo copy_control = 2; + optional bool encryption_plus = 3; + optional RetentionState retention_state = 4; + optional AnalogProtectionSystem analog_protection_system = 5; + optional ImageConstraintToken image_constraint_token = 6; + optional AnalogSunsetToken analog_sunset_token = 7; + optional DigitalOnlyToken digital_only_token = 8; + optional AudioEnhancedToken audio_enhanced_token = 9; + optional uint32 copy_count = 10; + optional StandardDigitalOutputToken standard_digital_token = 11; + optional HighDynamicRangeToken high_dynamic_token = 12; + optional L2ProtectionOnlyToken l2_only_token = 13; + optional EnhancedImageToken enhaned_image_token = 14; + optional uint32 retention_time = 15; + optional FurtherBoundCopy further_copy = 16; +} +// LINT.ThenChange(//depot/google3/google/chrome/widevine/licensedata/v1/license_policy.proto) diff --git a/whitebox/chromium_deps/cdm/protos/hash_algorithm.proto b/whitebox/chromium_deps/cdm/protos/hash_algorithm.proto new file mode 100644 index 0000000..50248d9 --- /dev/null +++ b/whitebox/chromium_deps/cdm/protos/hash_algorithm.proto @@ -0,0 +1,18 @@ +// Copyright 2020 Google LLC. All rights reserved. + +syntax = "proto3"; + +package video_widevine; + +option optimize_for = LITE_RUNTIME; + +// LINT.IfChange +enum HashAlgorithmProto { + // Unspecified hash algorithm: SHA_256 shall be used for ECC based algorithms + // and SHA_1 shall be used otherwise. + HASH_ALGORITHM_UNSPECIFIED = 0; + HASH_ALGORITHM_SHA_1 = 1; + HASH_ALGORITHM_SHA_256 = 2; + HASH_ALGORITHM_SHA_384 = 3; +} +// LINT.ThenChange(//depot/google3/google/chrome/widevine/contentpartners/v1beta1/device_security_profiles.proto) diff --git a/whitebox/chromium_deps/cdm/protos/license_protocol.pb.h b/whitebox/chromium_deps/cdm/protos/license_protocol.pb.h deleted file mode 100644 index 378b364..0000000 --- a/whitebox/chromium_deps/cdm/protos/license_protocol.pb.h +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2020 Google LLC. All Rights Reserved. - -#ifndef CDM_PROTOS_LICENSE_PROTOCOL_PB_H_ -#define CDM_PROTOS_LICENSE_PROTOCOL_PB_H_ - -// Protobuf generated code doesn't like it when include prefixes are stripped -// off. So simply including the actual generated protobuf C++ header. -#include "chromium_deps/cdm/protos/defs/license_protocol.pb.h" - -#endif // CDM_PROTOS_LICENSE_PROTOCOL_PB_H_ diff --git a/whitebox/chromium_deps/cdm/protos/defs/license_protocol.proto b/whitebox/chromium_deps/cdm/protos/license_protocol.proto similarity index 68% rename from whitebox/chromium_deps/cdm/protos/defs/license_protocol.proto rename to whitebox/chromium_deps/cdm/protos/license_protocol.proto index 8dff7ea..6ede7ac 100644 --- a/whitebox/chromium_deps/cdm/protos/defs/license_protocol.proto +++ b/whitebox/chromium_deps/cdm/protos/license_protocol.proto @@ -3,24 +3,24 @@ // Description: // Definitions of the protocol buffer messages used in the Widevine license // exchange protocol, described in Widevine license exchange protocol document -// TODO(yawenyu): find out a right way to strip out all the doc link. -// MOE:begin_strip -// Design doc at: -// http://doc/1cng6cDnchbDQDymLEd5MxMc_laS3EDv6IsoW3IzpgwQ -// MOE:end_strip syntax = "proto2"; package video_widevine; -import "chromium_deps/cdm/protos/defs/client_identification.proto"; -import "chromium_deps/cdm/protos/defs/remote_attestation.proto"; +import "client_identification.proto"; +import "drm_certificate.proto"; +import "dtcp_usage.proto"; +import "hash_algorithm.proto"; +import "remote_attestation.proto"; option optimize_for = LITE_RUNTIME; enum LicenseType { STREAMING = 1; OFFLINE = 2; + // License type decision is left to provider. + AUTOMATIC = 3; } enum PlatformVerificationStatus { @@ -48,11 +48,89 @@ message LicenseIdentification { optional LicenseType type = 4; optional int32 version = 5; optional bytes provider_session_token = 6; + // Set by the SDK representing the rental duration from the initial license. + optional int64 original_rental_duration_seconds = 7; + // Set by the SDK representing the playback duration from the initial license. + optional int64 original_playback_duration_seconds = 8; + // Set by the SDK representing the start time of the initial license in + // seconds (UTC). This is from the original license's license_start_time, + // which is from the LicenseRequest.request_time when set, or set by the + // server to be the time that the original license was processed. + optional int64 original_start_time_seconds = 9; + // Set by the SDK representing the renewal recovery duration from the initial + // license. + optional int64 original_renewal_recovery_duration_seconds = 10; + // Set by the SDK representing the renewal delay seconds from the original + // license. + optional int64 original_renewal_delay_seconds = 11; +} + +// This message is used to indicate the license cateogry spec for a license as +// a part of initial license issuance. +// LINT.IfChange +message LicenseCategorySpec { + // Possible license categories. + enum LicenseCategory { + // By default, License is used for single content. + SINGLE_CONTENT_LICENSE_DEFAULT = 0; + // License is used for multiple contents (could be a combination of + // single contents and groups of contents). + MULTI_CONTENT_LICENSE = 1; + // License is used for contents logically grouped. + GROUP_LICENSE = 2; + } + // Optional. License category indicates if license is used for single + // content, multiple contents (could be a combination of + // single contents and groups of contents) or a group of contents. + optional LicenseCategory license_category = 1; + // Optional. Content or group ID covered by the license. + oneof content_or_group_id { + // Content_id would be present if it is a license for single content. + bytes content_id = 2; + // Group_id would be present if the license is a multi_content_license or + // group_license. Group Id could be the name of a group of contents, + // defined by licensor. + bytes group_id = 3; + } +} +// LINT.ThenChange(//depot/google3/google/chrome/widevine/licensedata/v1/session_init.proto) + +message ProxyInfo { + // Indicates SDK type(Including UNKNOWN_SERVICE_TYPE, LICENSE_PROXY_SDK, + // CAS_PROXY_SDK). + optional DrmCertificate.ServiceType sdk_type = 1; + // Indicates the version of SDK. + optional string sdk_version = 2; } message License { // LINT.IfChange message Policy { + // Client-side watermarking restrictions for the license. + enum WatermarkingControl { + // Watermarking may or may not be used, provider does not care. + WATERMARKING_CONTROL_UNSPECIFIED = 0; + // Watermarking must not be used. The device must disable watermarking + // if it supports it. + WATERMARKING_FORBIDDEN = 1; + // Watermarking is required if the device supports it. + WATERMARKING_REQUIRED = 2; + } + + // The base for (delayed) timers, i.e. the time from which the delayed timer + // starts. + enum TimerDelayBase { + // Not specified + TIMER_DELAY_BASE_UNSPECIFIED = 0; + // The timer delay is based on `license_start_time`. + LICENSE_START = 1; + // The timer delay is based on the time the license is received by the + // CDM. Playback window begins at license load time. + LICENSE_LOAD = 2; + // The timer delay is based on the time of first decryption. + FIRST_DECRYPT = 3; + } + // Indicates that playback of the content is allowed. optional bool can_play = 1 [default = false]; @@ -88,8 +166,10 @@ message License { // specified URL. optional string renewal_server_url = 8; - // How many seconds after license_start_time, before renewal is first - // attempted. + // How many seconds after |license_start_time| before renewal is first + // attempted. If |renew_with_usage| is true in a new license, then this is + // the optional number of seconds after first playback, before renewal is + // first attempted. optional int64 renewal_delay_seconds = 9 [default = 0]; // Specifies the delay in seconds between subsequent license @@ -97,7 +177,8 @@ message License { optional int64 renewal_retry_interval_seconds = 10 [default = 0]; // Indicates that the license shall be sent for renewal when usage is - // started. + // started, i.e. on first playback. This should only be used for a new + // license. The client shall ignore this if set in a renewal. optional bool renew_with_usage = 11 [default = false]; // Indicates to client that license renewal and release requests ought to @@ -106,10 +187,11 @@ message License { // Duration of grace period before playback_duration_seconds (short window) // goes into effect. Optional. + // Deprecated in V16. optional int64 play_start_grace_period_seconds = 13 [default = 0]; // Enables "soft enforcement" of playback_duration_seconds, letting the user - // finish playback even if short window expires. Optional. + // finish playback even if playback window expires. Optional. optional bool soft_enforce_playback_duration = 14 [default = false]; // Enables "soft enforcement" of rental_duration_seconds. Initial playback @@ -118,17 +200,39 @@ message License { // soft_enforce_playback_duration must be true. Otherwise, subsequent // playbacks will not be allowed once rental duration expires. Optional. optional bool soft_enforce_rental_duration = 15 [default = true]; + + // Optional requirement to indicate watermarking is allowed. + optional WatermarkingControl watermarking_control = 16 + [default = WATERMARKING_CONTROL_UNSPECIFIED]; + + // Optional DTCP2 requirements. Default is to not allow dtcp2. + optional DTCPUsageRules dtcp2 = 17; + + // The base for `renewal_delay_seconds` for a new license. This should only + // be set for a new license. For renewal licenses this field will be ignored + // and `renewal_delay_seconds` should always be based on + // `license_start_time`. When `initial_renewal_delay_base` is FIRST_DECRYPT, + // the delay of `renewal_delay_seconds` is optional for backward + // compatibility with old clients. + optional TimerDelayBase initial_renewal_delay_base = 18 + [default = TIMER_DELAY_BASE_UNSPECIFIED]; } // LINT.ThenChange(//depot/google3/google/chrome/widevine/licensedata/v1/license_policy.proto) + // LINT.IfChange message KeyContainer { enum KeyType { - SIGNING = 1; // Exactly one key of this type must appear. + SIGNING = 1; // No more than one signing key may appear. CONTENT = 2; // Content key. KEY_CONTROL = 3; // Key control block for license renewals. No key. OPERATOR_SESSION = 4; // wrapped keys for auxiliary crypto operations. ENTITLEMENT = 5; // Entitlement keys. OEM_CONTENT = 6; // Partner-specific content key. + // Public signing key provided by content providers. Currently used by CAS + // for verifying the received ECM/EMM signature. Only EC key is supported + // for now. + PROVIDER_ECM_VERIFIER_PUBLIC_KEY = 7; + OEM_ENTITLEMENT = 8; // Partner-specific entitlement key. } // The SecurityLevel enumeration allows the server to communicate the level @@ -154,11 +258,15 @@ message License { HW_SECURE_ALL = 5; } + // The EncryptionScheme to be used for the content keys. This is applicable + // only to Moho API. + enum EncryptionScheme { + ENCRYPTION_SCHEME_UNSPECIFIED = 0; + AES128_CTR = 1; + AES128_CBC = 2; + } + message KeyControl { - // MOE:begin_strip - // |key_control| is documented here: - // http://doc/1pHSJ2IKL0axmQz2gmDZ7olxPWb_ZcULaJrYwDZAeS7k/edit#heading=h.pua7563f80h6 - // MOE:end_strip // If present, the key control must be communicated to the secure // environment prior to any usage. This message is automatically generated // by the Widevine License Server SDK. @@ -199,11 +307,15 @@ message License { // allow use of the key anyway. CURRENT_SRM = 1; } + optional HdcpSrmRule hdcp_srm_rule = 3 [default = HDCP_SRM_RULE_NONE]; // Optional requirement to indicate analog output is not allowed. optional bool disable_analog_output = 4 [default = false]; // Optional requirement to indicate digital output is not allowed. optional bool disable_digital_output = 5 [default = false]; + // Optional. If set, it indicates digital video recording (DVR) is + // allowed. + optional bool allow_record = 6 [default = false]; } message VideoResolutionConstraint { @@ -224,6 +336,28 @@ message License { optional bool allow_signature_verify = 4 [default = false]; } + // KeyCategorySpec message is used to identify if current key is generated + // for a single content or a group of contents. Currently it is only used in + // CAS request. + message KeyCategorySpec { + // Represents what kind of content a key is used for. + enum KeyCategory { + // By default, key is created for single content. + SINGLE_CONTENT_KEY_DEFAULT = 0; + // Key is created for a group of contents. + GROUP_KEY = 1; + } + // Indicate if the current key is created for single content or for group + // use. + optional KeyCategory key_category = 1; + // Id for key category. If it is a key for single content, this id + // represents the content_id. Otherwise, it represents a group_id. + oneof content_or_group_id { + bytes content_id = 2; + bytes group_id = 3; + } + } + optional bytes id = 1; optional bytes iv = 2; optional bytes key = 3; @@ -241,7 +375,8 @@ message License { // be reported. // NOTE: Use of this feature is not recommended, as it is only supported on // a small number of platforms. - repeated VideoResolutionConstraint video_resolution_constraints = 10; + repeated VideoResolutionConstraint video_resolution_constraints = 10 + [deprecated = true]; // Optional flag to indicate the key must only be used if the client // supports anti rollback of the user table. Content provider can query the // client capabilities to determine if the client support this feature. @@ -249,6 +384,14 @@ message License { // Optional not limited to commonly known track types such as SD, HD. // It can be some provider defined label to identify the track. optional string track_label = 12; + // Optional. It is used to identify if current key is generated for a + // single content or a group of contents. Currently it is only used in CAS + // request. + optional KeyCategorySpec key_category_spec = 13; + // Optional. Used by Moho API for Content key encryption. If unspecified, + // the Moho code uses the encryption scheme of type AES128_CTR. + optional EncryptionScheme encryption_scheme = 14 + [default = ENCRYPTION_SCHEME_UNSPECIFIED]; } // LINT.ThenChange(//depot/google3/google/chrome/widevine/licensedata/v1/key_container.proto) @@ -259,7 +402,7 @@ message License { // LicenseRequest.request_time. If this time is not set in the request, // the local time at the license service is used in this field. optional int64 license_start_time = 4; - // TODO(b/65054419): Deprecate remote_attestation_verified in favor of + // Deprecate remote_attestation_verified in favor of // platform_verification_status, below. optional bool remote_attestation_verified = 5 [default = false]; // Client token generated by the content provider. Optional. @@ -270,10 +413,6 @@ message License { // 8 byte verification field "HDCPDATA" followed by unsigned 32 bit minimum // HDCP SRM version (whether the version is for HDCP1 SRM or HDCP2 SRM // depends on client max_hdcp_version). - // MOE:begin_strip - // Additional details at: - // http://doc/1MYwkQjcdeP7eMAZGeYCvjlXMO0MqRKTUYk2SlsoSXXc/#heading=h.8l3xqpa3rvfi. - // MOE:end_strip optional bytes srm_requirement = 8; // If present this contains a signed SRM file (either HDCP1 SRM or HDCP2 SRM // depending on client max_hdcp_version) that should be installed on the @@ -285,6 +424,10 @@ message License { [default = PLATFORM_NO_VERIFICATION]; // IDs of the groups for which keys are delivered in this license, if any. repeated bytes group_ids = 11; + // Optional. LicenseCategorySpec is used to indicate the license cateogry for + // a license. It could be used as a part of initial license issuance or shown + // as a part of license in license response. + optional LicenseCategorySpec license_category_spec = 12; // Optional: The provider key id indicates which provider key was used // during provider key encryption. optional uint32 provider_key_id = 13; @@ -361,6 +504,9 @@ message LicenseRequest { optional uint32 key_control_nonce = 7; // Encrypted ClientIdentification message, used for privacy purposes. optional EncryptedClientIdentification encrypted_client_id = 8; + // The version of the client implementation. This field is optional and + // informational only. + optional string client_version = 9; } message LicenseError { @@ -373,6 +519,8 @@ message LicenseError { // The service is currently unavailable due to the backend being down // or similar circumstances. SERVICE_UNAVAILABLE = 3; + // The device credentials are expired. The device must re-provision. + EXPIRED_DRM_DEVICE_CERTIFICATE = 4; } optional Error error_code = 1; } @@ -425,8 +573,9 @@ message SignedMessage { enum SessionKeyType { UNDEFINED = 0; WRAPPED_AES_KEY = 1; - EPHERMERAL_ECC_PUBLIC_KEY = 2; + EPHEMERAL_ECC_PUBLIC_KEY = 2; } + optional MessageType type = 1; optional bytes msg = 2; // Required field that contains the signature of the bytes of msg. @@ -445,10 +594,6 @@ message SignedMessage { // request for ChromeOS client devices operating in verified mode. Remote // attestation challenge data is |msg| field above. Optional. optional RemoteAttestation remote_attestation = 5; - // MOE:begin_strip - // Design doc at: - // http://doc/1LqEzxw1v2CVBx_zv5lVX55FcGKjx6JLnFdXjEUbNTOQ - // MOE:end_strip repeated MetricData metric_data = 6; // Version information from the SDK and license service. This information is @@ -460,4 +605,10 @@ message SignedMessage { // The core message is the simple serialization of fields used by OEMCrypto. // This field was introduced in OEMCrypto API v16. optional bytes oemcrypto_core_message = 9; + // Optional field that indicates the hash algorithm used in signature scheme. + optional HashAlgorithmProto hash_algorithm = 10; + // If true it indicates that a LICENSE message session key was based on an + // alternate key provided by the client credentials. + optional bool using_secondary_key = 11; } + diff --git a/whitebox/chromium_deps/cdm/protos/defs/remote_attestation.proto b/whitebox/chromium_deps/cdm/protos/remote_attestation.proto similarity index 91% rename from whitebox/chromium_deps/cdm/protos/defs/remote_attestation.proto rename to whitebox/chromium_deps/cdm/protos/remote_attestation.proto index e41a481..8e773ec 100644 --- a/whitebox/chromium_deps/cdm/protos/defs/remote_attestation.proto +++ b/whitebox/chromium_deps/cdm/protos/remote_attestation.proto @@ -8,7 +8,7 @@ syntax = "proto2"; package video_widevine; -import "chromium_deps/cdm/protos/defs/client_identification.proto"; +import "client_identification.proto"; option optimize_for = LITE_RUNTIME; diff --git a/whitebox/chromium_deps/cdm/protos/root_of_trust_id.proto b/whitebox/chromium_deps/cdm/protos/root_of_trust_id.proto new file mode 100644 index 0000000..a09e177 --- /dev/null +++ b/whitebox/chromium_deps/cdm/protos/root_of_trust_id.proto @@ -0,0 +1,44 @@ +// Copyright 2021 Google LLC. All rights reserved. + +syntax = "proto2"; + +package video_widevine; + +option optimize_for = LITE_RUNTIME; + +// Definition of the root of trust identifier proto. The proto message contains +// the EC-IES encrypted identifier (e.g. keybox unique id) for a device and +// an associated hash. These can be used by Widevine to identify the root of +// trust that was used to acquire a DRM certificate. +// +// In addition to the encrypted part and the hash, the proto contains the +// version of the root of trust id which implies the EC key algorithm that was +// used. +// Next id: 5 +message RootOfTrustId { + // The version specifies the EC algorithm that was used to generate the + // root of trust id. + enum RootOfTrustIdVersion { + // Should not be used. + ROOT_OF_TRUST_ID_VERSION_UNSPECIFIED = 0; + // Version 1 of the ID uses EC-IES with SECP256R1 curve. + ROOT_OF_TRUST_ID_VERSION_1 = 1; + } + optional RootOfTrustIdVersion version = 1; + // The key_id is used for key rotation. It indicates which key was used to + // generate the root of trust id. + optional uint32 key_id = 2; + + // The EC-IES encrypted message containing the unique_id. The bytes are + // a concatenation of + // 1) The ephemeral public key. Uncompressed keypoint format per X9.62. + // 2) The plaintext encrypted with the derived AES key using AES CBC, + // PKCS7 padding and a zerio iv. + // 3) The HMAC SHA256 of the cipher text. + optional bytes encrypted_unique_id = 3; + + // The hash of encrypted unique id and other values. + // unique_id_hash = SHA256( + // encrypted_unique_id || system_id || SHA256(unique_id || secret_sauce)). + optional bytes unique_id_hash = 4; +} diff --git a/whitebox/external/odk.BUILD b/whitebox/external/odk.BUILD index 97a5ad5..a7b350a 100644 --- a/whitebox/external/odk.BUILD +++ b/whitebox/external/odk.BUILD @@ -29,6 +29,7 @@ cc_library( ":odk_common_hdrs", ], hdrs = [ + "oemcrypto/odk/include/core_message_features.h", "oemcrypto/odk/include/OEMCryptoCENCCommon.h", "oemcrypto/odk/include/odk.h", "oemcrypto/odk/include/odk_attributes.h", @@ -46,6 +47,7 @@ cc_library( name = "serialization", srcs = [ "oemcrypto/odk/src/core_message_deserialize.cpp", + "oemcrypto/odk/src/core_message_features.cpp", "oemcrypto/odk/src/core_message_serialize.cpp", "oemcrypto/odk/src/core_message_serialize_proto.cpp", ":odk_common_hdrs", diff --git a/whitebox/odk_deps/BUILD b/whitebox/odk_deps/BUILD index 7bfd643..c4307ee 100644 --- a/whitebox/odk_deps/BUILD +++ b/whitebox/odk_deps/BUILD @@ -7,7 +7,6 @@ cc_library( hdrs = ["license_protocol.pb.h"], strip_include_prefix = "//odk_deps/", deps = [ - "//chromium_deps/cdm/protos/defs:certificate_provisioning_proto", - "//chromium_deps/cdm/protos/defs:license_protocol_proto", + "//chromium_deps/cdm/protos", ], ) diff --git a/whitebox/odk_deps/license_protocol.pb.h b/whitebox/odk_deps/license_protocol.pb.h index 0e87af3..fc04074 100644 --- a/whitebox/odk_deps/license_protocol.pb.h +++ b/whitebox/odk_deps/license_protocol.pb.h @@ -5,7 +5,7 @@ // Because the Android repo combines the two protobufs, we need to include both // of them in this header so that the ODK code can find it. -#include "chromium_deps/cdm/protos/defs/certificate_provisioning.pb.h" -#include "chromium_deps/cdm/protos/defs/license_protocol.pb.h" +#include "chromium_deps/cdm/protos/certificate_provisioning.pb.h" +#include "chromium_deps/cdm/protos/license_protocol.pb.h" #endif // ODK_DEPS_LICENSE_PROTOCOL_PB_H_ diff --git a/whitebox/reference/impl/BUILD b/whitebox/reference/impl/BUILD index e730f2d..8079545 100644 --- a/whitebox/reference/impl/BUILD +++ b/whitebox/reference/impl/BUILD @@ -47,7 +47,7 @@ cc_library( deps = [ "//api:license_whitebox", "//api:shared_settings", - "//chromium_deps/cdm/protos:license_protocol_proto", + "//chromium_deps/cdm/protos", ], ) @@ -69,7 +69,7 @@ cc_library( ":renewal_key", "//api:result", "//api:shared_settings", - "//chromium_deps/cdm/protos:license_protocol_proto", + "//chromium_deps/cdm/protos", "//crypto_utils:aes_cbc_decryptor", "//crypto_utils:crypto_util", ], @@ -95,7 +95,7 @@ cc_library( ":license_parser", "//api:shared_settings", "//chromium_deps/base:glog", - "//chromium_deps/cdm/protos:license_protocol_proto", + "//chromium_deps/cdm/protos", "//crypto_utils:crypto_util", ], ) @@ -172,7 +172,7 @@ cc_library( "//api:result", "//api:shared_settings", "//chromium_deps/cdm/keys:dev_certs", - "//chromium_deps/cdm/protos:license_protocol_proto", + "//chromium_deps/cdm/protos", "//crypto_utils:aes_cbc_decryptor", "//crypto_utils:aes_cbc_encryptor", "//crypto_utils:aes_ctr_encryptor",