widevine-partner/whitebox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update zlib to version 1.3

Browse Source
This commit is contained in:
Drew Shao
2023-09-05 16:54:39 +00:00
parent cc6fd4ed71
commit 9a1d1460fe
10 changed files with 55 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
whitebox-impl/WORKSPACE
View File

@@ -57,9 +57,9 @@ git_repository(
http_archive( http_archive(
name = "zlib", name = "zlib",
build_file = "@com_google_protobuf//:third_party/zlib.BUILD", build_file = "@com_google_protobuf//:third_party/zlib.BUILD",
sha256 = "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30", sha256 = "ff0ba4c292013dbc27530b3a81e1f9a813cd39de01ca5e0f8bf355702efa593e",
strip_prefix = "zlib-1.2.13", strip_prefix = "zlib-1.3",
urls = ["https://zlib.net/zlib-1.2.13.tar.gz"], urls = ["https://zlib.net/zlib-1.3.tar.gz"],
) )
# ODK # ODK

6
whitebox/WORKSPACE
View File

@@ -56,9 +56,9 @@ git_repository(
http_archive( http_archive(
name = "zlib", name = "zlib",
build_file = "@com_google_protobuf//:third_party/zlib.BUILD", build_file = "@com_google_protobuf//:third_party/zlib.BUILD",
sha256 = "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30", sha256 = "ff0ba4c292013dbc27530b3a81e1f9a813cd39de01ca5e0f8bf355702efa593e",
strip_prefix = "zlib-1.2.13", strip_prefix = "zlib-1.3",
urls = ["https://zlib.net/zlib-1.2.13.tar.gz"], urls = ["https://zlib.net/zlib-1.3.tar.gz"],
) )
# ODK # ODK

15
whitebox/api/license_whitebox_entitlement_content_key_test.cc
View File

@@ -14,13 +14,16 @@
namespace widevine { namespace widevine {
class LicenseWhiteboxEntitlementContentKeyTest class LicenseWhiteboxEntitlementContentKeyTest
: public LicenseWhiteboxTestBase { : public LicenseWhiteboxTestBase,
public ::testing::WithParamInterface<size_t> {
protected: protected:
void SetUp() { void SetUp() {
LicenseWhiteboxTestBase::SetUp(); LicenseWhiteboxTestBase::SetUp();
server_ = TestServer::CreateDualKey(); server_ = TestServer::CreateDualKey();
TestLicenseBuilder builder; TestLicenseBuilder builder;
// provider keys do not apply to entitlement keys, so the license
// does not need to be built with provider key id set.
builder.GetSettings().odk_version = TestLicenseBuilder::OdkVersion::k16_5; builder.GetSettings().odk_version = TestLicenseBuilder::OdkVersion::k16_5;
builder.AddSigningKey(TestLicenseBuilder::DefaultSigningKey()); builder.AddSigningKey(TestLicenseBuilder::DefaultSigningKey());
builder.AddEntitlementKey( builder.AddEntitlementKey(
@@ -32,13 +35,13 @@ class LicenseWhiteboxEntitlementContentKeyTest
License license_; License license_;
}; };
TEST_F(LicenseWhiteboxEntitlementContentKeyTest, Decrypt) { TEST_P(LicenseWhiteboxEntitlementContentKeyTest, Decrypt) {
auto result = WB_License_ProcessLicenseResponse( auto result = WB_License_ProcessLicenseResponse(
whitebox_, WB_LICENSE_KEY_MODE_DUAL_KEY, license_.core_message.data(), whitebox_, WB_LICENSE_KEY_MODE_DUAL_KEY, license_.core_message.data(),
license_.core_message.size(), license_.message.data(), license_.core_message.size(), license_.message.data(),
license_.message.size(), license_.signature.data(), license_.message.size(), license_.signature.data(),
license_.signature.size(), license_.session_key.data(), license_.signature.size(), license_.session_key.data(),
license_.session_key.size(), kNoProviderKeyId, license_.request.data(), license_.session_key.size(), GetParam(), license_.request.data(),
license_.request.size()); license_.request.size());
#ifndef HAS_ENTITLEMENT #ifndef HAS_ENTITLEMENT
if (result == WB_RESULT_NOT_IMPLEMENTED) if (result == WB_RESULT_NOT_IMPLEMENTED)
@@ -104,7 +107,7 @@ TEST_F(LicenseWhiteboxEntitlementContentKeyTest, Remove) {
#endif #endif
ASSERT_EQ(result, WB_RESULT_OK); ASSERT_EQ(result, WB_RESULT_OK);
ASSERT_EQ(WB_License_RemoveEntitledContentKey(whitebox_,key_id.data(), ASSERT_EQ(WB_License_RemoveEntitledContentKey(whitebox_, key_id.data(),
key_id.size()), key_id.size()),
WB_RESULT_OK); WB_RESULT_OK);
@@ -124,4 +127,8 @@ TEST_F(LicenseWhiteboxEntitlementContentKeyTest, Remove) {
WB_RESULT_KEY_UNAVAILABLE); WB_RESULT_KEY_UNAVAILABLE);
} }
INSTANTIATE_TEST_SUITE_P(
WithAndWithoutProviderKeyId,
LicenseWhiteboxEntitlementContentKeyTest,
::testing::Values(kNoProviderKeyId, kProviderKeyId));
} // namespace widevine } // namespace widevine

1
whitebox/api/test_license_builder.h
View File

@@ -15,6 +15,7 @@
namespace widevine { namespace widevine {
constexpr size_t kNoProviderKeyId = 0; constexpr size_t kNoProviderKeyId = 0;
constexpr size_t kProviderKeyId = 1;
struct License { struct License {
std::vector<uint8_t> request; std::vector<uint8_t> request;

15
whitebox/crypto_utils/rsa_util.h
View File

@@ -18,6 +18,21 @@
#include "third_party/boringssl/src/include/openssl/rsa.h" #include "third_party/boringssl/src/include/openssl/rsa.h"
#if BORINGSSL_API_VERSION <= 9
inline const BIGNUM* RSA_get0_p(const RSA* r) {
return r->p;
}
inline const BIGNUM* RSA_get0_q(const RSA* r) {
return r->q;
}
inline const BIGNUM* RSA_get0_e(const RSA* r) {
return r->e;
}
inline const BIGNUM* RSA_get0_n(const RSA* r) {
return r->n;
}
#endif
namespace widevine { namespace widevine {
namespace rsa_util { namespace rsa_util {

11
whitebox/reference/impl/license_parser.cc
View File

@@ -31,14 +31,17 @@ bool LicenseParser::Decrypt(const std::string& key,
} }
bool LicenseParser::UnwrapKey( bool LicenseParser::UnwrapKey(
KeyType key_type,
const std::string& wrapped_key, const std::string& wrapped_key,
const std::vector<ProviderKey>& provider_keys, const std::vector<ProviderKey>& provider_keys,
size_t provider_key_id, size_t provider_key_id,
const std::string& key_decryption_key, const std::string& key_decryption_key,
const std::string& key_decryption_key_iv, const std::string& key_decryption_key_iv,
std::string* unwrapped_key) { std::string* unwrapped_key) {
// provider keys are only applied on content keys.
const bool provider_key_id_valid = const bool provider_key_id_valid =
(provider_key_id >= 1 && provider_key_id <= provider_keys.size()); (provider_key_id >= 1 && provider_key_id <= provider_keys.size() &&
key_type == KeyType::kContentKey);
// If |provider_key_id| is used and valid, then start by unmasking it. // If |provider_key_id| is used and valid, then start by unmasking it.
std::string key = wrapped_key; std::string key = wrapped_key;
@@ -109,13 +112,17 @@ InternalKey LicenseParser::CreateInternalKey(
InternalKey internal_key; InternalKey internal_key;
internal_key.type = key_type; internal_key.type = key_type;
if (key_type == KeyType::kGenericCryptoKey)
internal_key.status = WB_KEY_STATUS_CONTENT_KEY_VALID;
else
internal_key.status = GetKeyStatus(level, is_hw_verified); internal_key.status = GetKeyStatus(level, is_hw_verified);
internal_key.kcb_flags = kcb_flags; internal_key.kcb_flags = kcb_flags;
// Unless we are going to use the key, we don't want to save this key as it // Unless we are going to use the key, we don't want to save this key as it
// will only risk exposing it. We only have an entry for it so we can handle // will only risk exposing it. We only have an entry for it so we can handle
// errors correctly. // errors correctly.
if (internal_key.can_decrypt() || internal_key.can_masked_decrypt()) { if (key_type == KeyType::kGenericCryptoKey || internal_key.can_decrypt() ||
internal_key.can_masked_decrypt()) {
CHECK_LE(key.size(), internal_key.key.size()); CHECK_LE(key.size(), internal_key.key.size());
std::copy(key.begin(), key.end(), internal_key.key.begin()); std::copy(key.begin(), key.end(), internal_key.key.begin());
} }

5
whitebox/reference/impl/license_parser.h
View File

@@ -50,10 +50,11 @@ class LicenseParser {
const std::string& encrypted, const std::string& encrypted,
std::string* decrypted); std::string* decrypted);
// Unwrap key |wrapped_key| using |provider_key_id| and // Unwrap key |wrapped_key| using |key_type|, |provider_key_id| and
// |key_decryption_key|, as necessary. Returns true and // |key_decryption_key|, as necessary. Returns true and
// |unwrapped_content_key| is updated on success, false otherwise. // |unwrapped_content_key| is updated on success, false otherwise.
static bool UnwrapKey(const std::string& wrapped_key, static bool UnwrapKey(KeyType key_type,
const std::string& wrapped_key,
const std::vector<ProviderKey>& provider_keys, const std::vector<ProviderKey>& provider_keys,
size_t provider_key_id, size_t provider_key_id,
const std::string& key_decryption_key, const std::string& key_decryption_key,

9
whitebox/reference/impl/odk.cc
View File

@@ -28,7 +28,7 @@ WB_Result GetODKContext(const std::string& combined_message,
// By using initial_license_load==false, ODK won't validate the nonce. // By using initial_license_load==false, ODK won't validate the nonce.
#if ODK_MAJOR_VERSION == 16 #if ODK_MAJOR_VERSION == 16
uint8_t request_hash[16]; uint8_t request_hash[16];
#elif ODK_MAJOR_VERSION == 18 #elif ODK_MAJOR_VERSION >= 18
uint64_t clock_value = 0; uint64_t clock_value = 0;
#endif #endif
for (bool usage_entry_present : {false, true}) { for (bool usage_entry_present : {false, true}) {
@@ -42,17 +42,18 @@ WB_Result GetODKContext(const std::string& combined_message,
/* initial_license_load= */ false, usage_entry_present, /* initial_license_load= */ false, usage_entry_present,
#if ODK_MAJOR_VERSION == 16 #if ODK_MAJOR_VERSION == 16
request_hash, request_hash,
#elif ODK_MAJOR_VERSION == 18 #elif ODK_MAJOR_VERSION >= 18
clock_value, clock_value,
#endif #endif
&timer, &clock, &nonce, &context->license &timer, &clock, &nonce, &context->license
#if ODK_MAJOR_VERSION == 18 #if ODK_MAJOR_VERSION >= 18
, &clock_value , &clock_value
#endif #endif
); );
if (result != ODK_ERROR_CORE_MESSAGE) break; if (result != ODK_ERROR_CORE_MESSAGE) break;
} }
if (result != OEMCrypto_SUCCESS) { if (result != OEMCrypto_SUCCESS && result != ODK_SET_TIMER &&
result != ODK_DISABLE_TIMER) {
DVLOG(1) << "Error parsing license response: " << result; DVLOG(1) << "Error parsing license response: " << result;
return WB_RESULT_INVALID_PARAMETER; return WB_RESULT_INVALID_PARAMETER;
} }

4
whitebox/reference/impl/odk_license_parser.cc
View File

@@ -257,8 +257,8 @@ InternalKey OdkLicenseParser::ParseInternalKey(
} }
std::string unwrapped_key; std::string unwrapped_key;
if (!UnwrapKey(wrapped_key, provider_keys, provider_key_id, decryption_key, if (!UnwrapKey(key_type, wrapped_key, provider_keys, provider_key_id,
iv, &unwrapped_key)) { decryption_key, iv, &unwrapped_key)) {
VLOG(3) << "Failed to decrypt key."; VLOG(3) << "Failed to decrypt key.";
return InternalKey(); return InternalKey();
} }

4
whitebox/reference/impl/protobuf_license_parser.cc
View File

@@ -225,8 +225,8 @@ InternalKey ProtobufLicenseParser::ParseInternalKey(
std::string wrapped_key = key.key().substr(0, key_size_without_padding); std::string wrapped_key = key.key().substr(0, key_size_without_padding);
std::string unwrapped_key; std::string unwrapped_key;
if (!UnwrapKey(wrapped_key, provider_keys, provider_key_id, decryption_key, if (!UnwrapKey(key_type, wrapped_key, provider_keys, provider_key_id,
key.iv(), &unwrapped_key)) { decryption_key, key.iv(), &unwrapped_key)) {
VLOG(3) << "Failed to decrypt content key."; VLOG(3) << "Failed to decrypt content key.";
return InternalKey(); return InternalKey();
} }