widevine-partner/whitebox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ODK and Shared Libraries

Browse Source 
In this code drop we introduce the ODK dependency. The reference
implementation has been updated to make use of the ODK and the related
tests have been included.

In addition, we have included an example of how a shared libraries can
be created. This will allow make it easier to test and verify different
implementations of the API.

Most other changes introduce by this code drop were made to clean-up the
reference implementation and limit dependencies.
This commit is contained in:
Aaron Vaage
2020-07-23 16:13:28 -07:00
parent 5d90e8d89b
commit 789377fed2
37 changed files with 1160 additions and 1127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

150
api/license_whitebox.h
View File

@@ -6,6 +6,7 @@
#include <stddef.h>
#include <stdint.h>
#include "api/export.h"
#include "api/result.h"
#ifdef __cplusplus
@@ -38,9 +39,9 @@ typedef enum {
// WB_RESULT_INVALID_PARAMETER if |whitebox_init_data| was null or invalid.
//
// WB_RESULT_OUT_OF_MEMORY if the necessary memory could not be allocated.
WB_Result WB_License_Create(const uint8_t* whitebox_init_data,
size_t whitebox_init_data_size,
WB_License_Whitebox** whitebox);
WB_API WB_Result WB_License_Create(const uint8_t* whitebox_init_data,
size_t whitebox_init_data_size,
WB_License_Whitebox** whitebox);
// Releases all resources used by the white-box instance pointed to by
// |whitebox|.
@@ -48,7 +49,7 @@ WB_Result WB_License_Create(const uint8_t* whitebox_init_data,
// Args:
// whitebox (in) : A pointer to a white-box instance. Passing in null will
// result in a no-op.
void WB_License_Delete(WB_License_Whitebox* whitebox);
WB_API void WB_License_Delete(WB_License_Whitebox* whitebox);
// Signs a license request using the CDM's private signing key.
//
@@ -74,11 +75,12 @@ void WB_License_Delete(WB_License_Whitebox* whitebox);
//
// WB_RESULT_BUFFER_TOO_SMALL if |signature_size| (as input) was less than the
// required size.
WB_Result WB_License_SignLicenseRequest(const WB_License_Whitebox* whitebox,
const uint8_t* license_request,
size_t license_request_size,
uint8_t* signature,
size_t* signature_size);
WB_API WB_Result
WB_License_SignLicenseRequest(const WB_License_Whitebox* whitebox,
const uint8_t* license_request,
size_t license_request_size,
uint8_t* signature,
size_t* signature_size);
// Verifies a license response using HMAC and the server signing key.
//
@@ -93,6 +95,13 @@ WB_Result WB_License_SignLicenseRequest(const WB_License_Whitebox* whitebox,
// Args:
// whitebox (in/out) : The white-box instance that will load the keys.
//
// core_message (in) : Serialized information communicating the structure of
// |message|. Signature verification should be done on |core_message| +
// |message|.
//
// core_message_size (in) : The number of bytes in |core_message|. If this is
// zero, it means that there was no meta message provided for the message.
//
// message (in) : The message field of the license response.
//
// message_size (in) : The number of bytes in |message|.
@@ -114,26 +123,30 @@ WB_Result WB_License_SignLicenseRequest(const WB_License_Whitebox* whitebox,
// WB_RESULT_OK if the response was verified and the keys were loaded into
// |whitebox|.
//
// WB_RESULT_INVALID_PARAMETER if |whitebox| was null, if |message| was null,
// if |message_size| was zero, if |message| did not conform to the expected
// format, if |signature| was null, if |signature_size| was incorrect, if
// |session_key| was null, if |session_key_size| was incorrect, if
// |session_key| could not be unwrapped correctly, if |license_request| was
// null, or if |license_request_size| was zero.
// WB_RESULT_INVALID_PARAMETER if |whitebox| was null, if |core_message| was
// null, if |message| was null, if |message_size| was zero, if |message| did
// not conform to the expected format, if |signature| was null, if
// |signature_size| was incorrect, if |session_key| was null, if
// |session_key_size| was incorrect, if |session_key| could not be unwrapped
// correctly, if |license_request| was null, or if |license_request_size| was
// zero.
//
// WB_RESULT_INVALID_SIGNATURE if |message|'s signature does not match
// |signature|.
//
// WB_RESULT_INVALID_STATE if a license has already been loaded.
WB_Result WB_License_ProcessLicenseResponse(WB_License_Whitebox* whitebox,
const uint8_t* message,
size_t message_size,
const uint8_t* signature,
size_t signature_size,
const uint8_t* session_key,
size_t session_key_size,
const uint8_t* license_request,
size_t license_request_size);
WB_API WB_Result
WB_License_ProcessLicenseResponse(WB_License_Whitebox* whitebox,
const uint8_t* core_message,
size_t core_message_size,
const uint8_t* message,
size_t message_size,
const uint8_t* signature,
size_t signature_size,
const uint8_t* session_key,
size_t session_key_size,
const uint8_t* license_request,
size_t license_request_size);
// Signs |message| and return the signature via |signature| using HMAC and the
// client renewal signing key
@@ -162,11 +175,12 @@ WB_Result WB_License_ProcessLicenseResponse(WB_License_Whitebox* whitebox,
// required size.
//
// WB_RESULT_INVALID_STATE if |whitebox| had no signing keys.
WB_Result WB_License_SignRenewalRequest(const WB_License_Whitebox* whitebox,
const uint8_t* message,
size_t message_size,
uint8_t* signature,
size_t* signature_size);
WB_API WB_Result
WB_License_SignRenewalRequest(const WB_License_Whitebox* whitebox,
const uint8_t* message,
size_t message_size,
uint8_t* signature,
size_t* signature_size);
// Verifies the renewal response using HMAC and the server signing key.
//
@@ -192,11 +206,12 @@ WB_Result WB_License_SignRenewalRequest(const WB_License_Whitebox* whitebox,
// |signature|.
//
// WB_RESULT_INVALID_STATE if |whitebox| had not loaded a license.
WB_Result WB_License_VerifyRenewalResponse(const WB_License_Whitebox* whitebox,
const uint8_t* message,
size_t message_size,
const uint8_t* signature,
size_t signature_size);
WB_API WB_Result
WB_License_VerifyRenewalResponse(const WB_License_Whitebox* whitebox,
const uint8_t* message,
size_t message_size,
const uint8_t* signature,
size_t signature_size);
// Gets the secret string needed by WB_License_Unmask() in order to unmask the
// masked decrypted content returned by WB_License_MaskedDecrypt().
@@ -240,12 +255,12 @@ WB_Result WB_License_VerifyRenewalResponse(const WB_License_Whitebox* whitebox,
// the required size.
//
// WB_RESULT_INVALID_STATE if |whitebox| had not loaded a license.
WB_Result WB_License_GetSecretString(const WB_License_Whitebox* whitebox,
WB_CipherMode mode,
const uint8_t* key_id,
size_t key_id_size,
uint8_t* secret_string,
size_t* secret_string_size);
WB_API WB_Result WB_License_GetSecretString(const WB_License_Whitebox* whitebox,
WB_CipherMode mode,
const uint8_t* key_id,
size_t key_id_size,
uint8_t* secret_string,
size_t* secret_string_size);
// Decrypts |input_data| and writes the plaintext to |output_data|.
//
@@ -295,16 +310,16 @@ WB_Result WB_License_GetSecretString(const WB_License_Whitebox* whitebox,
// the required size.
//
// WB_RESULT_INVALID_STATE if |whitebox| had not loaded a license.
WB_Result WB_License_Decrypt(const WB_License_Whitebox* whitebox,
WB_CipherMode mode,
const uint8_t* key_id,
size_t key_id_size,
const uint8_t* input_data,
size_t input_data_size,
const uint8_t* iv,
size_t iv_size,
uint8_t* output_data,
size_t* output_data_size);
WB_API WB_Result WB_License_Decrypt(const WB_License_Whitebox* whitebox,
WB_CipherMode mode,
const uint8_t* key_id,
size_t key_id_size,
const uint8_t* input_data,
size_t input_data_size,
const uint8_t* iv,
size_t iv_size,
uint8_t* output_data,
size_t* output_data_size);
// Decrypts |input_data| and write the obfuscated plaintext to
// |masked_output_data|. The obfuscated plaintext can be deobfuscated using
@@ -359,16 +374,16 @@ WB_Result WB_License_Decrypt(const WB_License_Whitebox* whitebox,
// than the required size.
//
// WB_RESULT_INVALID_STATE if |whitebox| had not loaded a license.
WB_Result WB_License_MaskedDecrypt(const WB_License_Whitebox* whitebox,
WB_CipherMode mode,
const uint8_t* key_id,
size_t key_id_size,
const uint8_t* input_data,
size_t input_data_size,
const uint8_t* iv,
size_t iv_size,
uint8_t* masked_output_data,
size_t* masked_output_data_size);
WB_API WB_Result WB_License_MaskedDecrypt(const WB_License_Whitebox* whitebox,
WB_CipherMode mode,
const uint8_t* key_id,
size_t key_id_size,
const uint8_t* input_data,
size_t input_data_size,
const uint8_t* iv,
size_t iv_size,
uint8_t* masked_output_data,
size_t* masked_output_data_size);
// Unmasks a subset of the data in |masked_data| using |secret_string| and
// writes it to |unmasked_data|.
@@ -380,6 +395,9 @@ WB_Result WB_License_MaskedDecrypt(const WB_License_Whitebox* whitebox,
// It is assumed that indexes between 0 and |size - 1| (inclusive) are all valid
// indexes into |unmasked_data|.
//
// The memory range used for |masked_data| must not overlap with
// |unmasked_data|.
//
// Args:
// masked_data (in) : The masked data to read from.
//
@@ -393,12 +411,12 @@ WB_Result WB_License_MaskedDecrypt(const WB_License_Whitebox* whitebox,
// secret_string_size (in) : The number of bytes in |secret_string|.
//
// unmasked_data (out) : The output buffer to write the unmasked data to.
void WB_License_Unmask(const uint8_t* masked_data,
size_t offset,
size_t size,
const uint8_t* secret_string,
size_t secret_string_size,
uint8_t* unmasked_data);
WB_API void WB_License_Unmask(const uint8_t* masked_data,
size_t offset,
size_t size,
const uint8_t* secret_string,
size_t secret_string_size,
uint8_t* unmasked_data);
#ifdef __cplusplus
}