Update BoringSSL API and add ODK v18 support
This commit is contained in:
Jacob Trimble
@@ -65,7 +65,7 @@ http_archive(
|
|||||||
new_git_repository(
|
new_git_repository(
|
||||||
name = "odk_repo",
|
name = "odk_repo",
|
||||||
build_file = "//external:odk.BUILD",
|
build_file = "//external:odk.BUILD",
|
||||||
commit = "2bfd670424232fbff4e38f25d06cb28ee4c88b61", # 17.1
|
commit = "74178f968f2188db27b6f56adcae60f377049f72", # 18.3
|
||||||
remote = "https://widevine-partner.googlesource.com/oemcrypto_core_message.git",
|
remote = "https://widevine-partner.googlesource.com/oemcrypto_core_message.git",
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@@ -17,7 +17,7 @@ cc_library(
|
|||||||
"//:is_old_api": [],
|
"//:is_old_api": [],
|
||||||
"//:is_old_vmpra": [],
|
"//:is_old_vmpra": [],
|
||||||
"//conditions:default": [ # Chrome
|
"//conditions:default": [ # Chrome
|
||||||
# "HAS_PROVIDER_KEYS",
|
"HAS_PROVIDER_KEYS",
|
||||||
"ENABLE_LICENSE_PROTOCOL_2_2",
|
"ENABLE_LICENSE_PROTOCOL_2_2",
|
||||||
# Needed when talking to server SDKs [v16.3.3, v16.4.3] with license
|
# Needed when talking to server SDKs [v16.3.3, v16.4.3] with license
|
||||||
# protocol v2.2 enabled (b/177271059).
|
# protocol v2.2 enabled (b/177271059).
|
||||||
|
|||||||
@@ -82,7 +82,8 @@ INSTANTIATE_TEST_SUITE_P(
|
|||||||
::testing::Combine(
|
::testing::Combine(
|
||||||
::testing::Values(kNoSigningKey, Padding::kNone, Padding::kPKSC8),
|
::testing::Values(kNoSigningKey, Padding::kNone, Padding::kPKSC8),
|
||||||
::testing::Values(OdkVersion::kNone, OdkVersion::k16_3,
|
::testing::Values(OdkVersion::kNone, OdkVersion::k16_3,
|
||||||
OdkVersion::k16_5, OdkVersion::k17_1)));
|
OdkVersion::k16_5, OdkVersion::k17_1,
|
||||||
|
OdkVersion::k18_3)));
|
||||||
|
|
||||||
// Failure tests
|
// Failure tests
|
||||||
|
|
||||||
|
|||||||
@@ -198,13 +198,15 @@ std::string GenerateCoreMessage(const std::string& serialized_request,
|
|||||||
constexpr uint32_t nonce = 0xdeadbeef;
|
constexpr uint32_t nonce = 0xdeadbeef;
|
||||||
ODK_NonceValues nonce_values{api_minor_version, api_major_version, nonce,
|
ODK_NonceValues nonce_values{api_minor_version, api_major_version, nonce,
|
||||||
session_id};
|
session_id};
|
||||||
|
ODK_MessageCounterInfo counters{};
|
||||||
|
|
||||||
// Start by making a call to determine how big the core_message for the
|
// Start by making a call to determine how big the core_message for the
|
||||||
// request needs to be.
|
// request needs to be.
|
||||||
size_t core_message_length = 0;
|
size_t core_message_length = 0;
|
||||||
auto odk_result = ODK_PrepareCoreLicenseRequest(
|
auto odk_result = ODK_PrepareCoreLicenseRequest(
|
||||||
reinterpret_cast<uint8_t*>(const_cast<char*>(serialized_request.data())),
|
reinterpret_cast<uint8_t*>(const_cast<char*>(serialized_request.data())),
|
||||||
serialized_request.size(), &core_message_length, &nonce_values);
|
serialized_request.size(), &core_message_length, &nonce_values,
|
||||||
|
&counters);
|
||||||
CHECK_EQ(odk_result, OEMCrypto_ERROR_SHORT_BUFFER);
|
CHECK_EQ(odk_result, OEMCrypto_ERROR_SHORT_BUFFER);
|
||||||
|
|
||||||
// Now that we know the size, create |combined_request_message| with room
|
// Now that we know the size, create |combined_request_message| with room
|
||||||
@@ -216,7 +218,8 @@ std::string GenerateCoreMessage(const std::string& serialized_request,
|
|||||||
odk_result = ODK_PrepareCoreLicenseRequest(
|
odk_result = ODK_PrepareCoreLicenseRequest(
|
||||||
reinterpret_cast<uint8_t*>(
|
reinterpret_cast<uint8_t*>(
|
||||||
const_cast<char*>(combined_request_message.data())),
|
const_cast<char*>(combined_request_message.data())),
|
||||||
combined_request_message.size(), &core_message_length, &nonce_values);
|
combined_request_message.size(), &core_message_length, &nonce_values,
|
||||||
|
&counters);
|
||||||
CHECK_EQ(odk_result, OEMCrypto_SUCCESS);
|
CHECK_EQ(odk_result, OEMCrypto_SUCCESS);
|
||||||
|
|
||||||
// As the core_message is the first part of |combined_request_message|,
|
// As the core_message is the first part of |combined_request_message|,
|
||||||
@@ -513,6 +516,8 @@ uint16_t GetOdkMajorVersion(TestLicenseBuilder::OdkVersion odk_version) {
|
|||||||
return 16;
|
return 16;
|
||||||
case TestLicenseBuilder::OdkVersion::k17_1:
|
case TestLicenseBuilder::OdkVersion::k17_1:
|
||||||
return 17;
|
return 17;
|
||||||
|
case TestLicenseBuilder::OdkVersion::k18_3:
|
||||||
|
return 18;
|
||||||
case TestLicenseBuilder::OdkVersion::kNone:
|
case TestLicenseBuilder::OdkVersion::kNone:
|
||||||
DCHECK(false);
|
DCHECK(false);
|
||||||
return 0;
|
return 0;
|
||||||
@@ -525,6 +530,7 @@ uint16_t GetOdkMajorVersion(TestLicenseBuilder::OdkVersion odk_version) {
|
|||||||
uint16_t GetOdkMinorVersion(TestLicenseBuilder::OdkVersion odk_version) {
|
uint16_t GetOdkMinorVersion(TestLicenseBuilder::OdkVersion odk_version) {
|
||||||
switch (odk_version) {
|
switch (odk_version) {
|
||||||
case TestLicenseBuilder::OdkVersion::k16_3:
|
case TestLicenseBuilder::OdkVersion::k16_3:
|
||||||
|
case TestLicenseBuilder::OdkVersion::k18_3:
|
||||||
case TestLicenseBuilder::OdkVersion::k99:
|
case TestLicenseBuilder::OdkVersion::k99:
|
||||||
return 3;
|
return 3;
|
||||||
case TestLicenseBuilder::OdkVersion::k16_5:
|
case TestLicenseBuilder::OdkVersion::k16_5:
|
||||||
|
|||||||
@@ -57,6 +57,7 @@ class TestLicenseBuilder {
|
|||||||
k16_3, // ODK version 16.3
|
k16_3, // ODK version 16.3
|
||||||
k16_5, // ODK version 16.5
|
k16_5, // ODK version 16.5
|
||||||
k17_1, // ODK version 17.1
|
k17_1, // ODK version 17.1
|
||||||
|
k18_3, // ODK version 18.3
|
||||||
|
|
||||||
k99, // ODK 16.3, but with the version set to 99 (an arbitrary value).
|
k99, // ODK 16.3, but with the version set to 99 (an arbitrary value).
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -44,7 +44,7 @@ namespace {
|
|||||||
bool RsaKeyMatch(const RSA* key1, const RSA* key2) {
|
bool RsaKeyMatch(const RSA* key1, const RSA* key2) {
|
||||||
if (!key1 || !key2)
|
if (!key1 || !key2)
|
||||||
return false;
|
return false;
|
||||||
return BN_cmp(key1->n, key2->n) == 0;
|
return BN_cmp(RSA_get0_n(key1), RSA_get0_n(key2)) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
std::string OpenSSLErrorString(uint32_t error) {
|
std::string OpenSSLErrorString(uint32_t error) {
|
||||||
|
|||||||
@@ -407,12 +407,12 @@ bool ConvertToCarmichaelTotient(RSA* rsa) {
|
|||||||
bssl::UniquePtr<BIGNUM> d(BN_new());
|
bssl::UniquePtr<BIGNUM> d(BN_new());
|
||||||
// This calculates d = e^-1 (mod lcm(p-1, q-1)).
|
// This calculates d = e^-1 (mod lcm(p-1, q-1)).
|
||||||
// This is equivalent to what is used in RSA_generate_key in BoringSSL.
|
// This is equivalent to what is used in RSA_generate_key in BoringSSL.
|
||||||
if (!BN_sub(pm1.get(), rsa->p, BN_value_one()) ||
|
if (!BN_sub(pm1.get(), RSA_get0_p(rsa), BN_value_one()) ||
|
||||||
!BN_sub(qm1.get(), rsa->q, BN_value_one()) ||
|
!BN_sub(qm1.get(), RSA_get0_q(rsa), BN_value_one()) ||
|
||||||
!BN_mul(totient.get(), pm1.get(), qm1.get(), ctx.get()) ||
|
!BN_mul(totient.get(), pm1.get(), qm1.get(), ctx.get()) ||
|
||||||
!BN_gcd(gcd.get(), pm1.get(), qm1.get(), ctx.get()) ||
|
!BN_gcd(gcd.get(), pm1.get(), qm1.get(), ctx.get()) ||
|
||||||
!BN_div(totient.get(), nullptr, totient.get(), gcd.get(), ctx.get()) ||
|
!BN_div(totient.get(), nullptr, totient.get(), gcd.get(), ctx.get()) ||
|
||||||
!BN_mod_inverse(d.get(), rsa->e, totient.get(), ctx.get())) {
|
!BN_mod_inverse(d.get(), RSA_get0_e(rsa), totient.get(), ctx.get())) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -423,11 +423,10 @@ bool ConvertToCarmichaelTotient(RSA* rsa) {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO(user): Replace this with |RSA_set0_key| once BoringSSL has
|
if (!RSA_set0_key(rsa, BN_dup(RSA_get0_n(rsa)), BN_dup(RSA_get0_e(rsa)),
|
||||||
// finished transitioning to the OpenSSL 1.1.0 API.
|
d.release())) {
|
||||||
BN_free(rsa->d);
|
return false;
|
||||||
rsa->d = d.release();
|
}
|
||||||
|
|
||||||
if (!RSA_check_key(rsa)) {
|
if (!RSA_check_key(rsa)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -28,6 +28,8 @@ WB_Result GetODKContext(const std::string& combined_message,
|
|||||||
// By using initial_license_load==false, ODK won't validate the nonce.
|
// By using initial_license_load==false, ODK won't validate the nonce.
|
||||||
#if ODK_MAJOR_VERSION == 16
|
#if ODK_MAJOR_VERSION == 16
|
||||||
uint8_t request_hash[16];
|
uint8_t request_hash[16];
|
||||||
|
#elif ODK_MAJOR_VERSION == 18
|
||||||
|
uint64_t clock_value = 0;
|
||||||
#endif
|
#endif
|
||||||
for (bool usage_entry_present : {false, true}) {
|
for (bool usage_entry_present : {false, true}) {
|
||||||
// Parse using both values for |usage_entry_present|, it needs to match the
|
// Parse using both values for |usage_entry_present|, it needs to match the
|
||||||
@@ -40,8 +42,14 @@ WB_Result GetODKContext(const std::string& combined_message,
|
|||||||
/* initial_license_load= */ false, usage_entry_present,
|
/* initial_license_load= */ false, usage_entry_present,
|
||||||
#if ODK_MAJOR_VERSION == 16
|
#if ODK_MAJOR_VERSION == 16
|
||||||
request_hash,
|
request_hash,
|
||||||
|
#elif ODK_MAJOR_VERSION == 18
|
||||||
|
clock_value,
|
||||||
#endif
|
#endif
|
||||||
&timer, &clock, &nonce, &context->license);
|
&timer, &clock, &nonce, &context->license
|
||||||
|
#if ODK_MAJOR_VERSION == 18
|
||||||
|
, &clock_value
|
||||||
|
#endif
|
||||||
|
);
|
||||||
if (result != ODK_ERROR_CORE_MESSAGE) break;
|
if (result != ODK_ERROR_CORE_MESSAGE) break;
|
||||||
}
|
}
|
||||||
if (result != OEMCrypto_SUCCESS) {
|
if (result != OEMCrypto_SUCCESS) {
|
||||||
|
|||||||
Reference in New Issue
Block a user