License server SDK between [v16.3.3, v16.4.3] strips 16 bytes from
wrapped content keys unconditionally when generating the OEMCrypto
core message even when the padding is not present, which happens
when license protocol version 2.2 is used. As a result, both key
data offset and key data length would be zero in the license
response OEMCrypto core message.
This CL workaround the problem by assuming deterministic in order
serialization of the protobuf fields and deriving the key data offset
from the previous field key_data_iv offset.
Entitlement keys and generic crypto keys are not handled in this CL
intentionally to reduce the implementation complexity.
Renewal signing keys do not need to be handled as the paddings are not
stripped from the signing keys.
The workaround is defined under flag WORKAROUND_STRIP_PADDING_BUG.
Also disabled HAS_PROVIDER_KEYS temporarily.
Bug: 280521253
- Add a flag ENABLE_LICENSE_PROTOCOL_2_2, when the flag is enabled
- Hash the license request in WB_License_ProcessLicenseResponse, i.e.
the request used for the key derivation, which ensures the key
derivation message to be a string of constant size 64 bytes.
- Hash the license request in WB_License_SignLicenseRequest. Note that
the function takes license request (or hashed) + odk message as
parameter for odk v17 or above.
- Enable the flag just for Chrome and ChromeOS for now.
We may change the implementation to hash inside the white-box in the
future.
Also included a few other misc changes, e.g. updating the DEPS of
boringssl and googletest which are already in the white-box directory,
adding a test main etc.
This updates the partner repo to match the internal version, including
the following changes:
- Adds a WB_RESULT_NOT_IMPLEMENTED error code
- Add a flag to control new features (e.g. entitlement support).
- Updates tests to match new expectations
Includes change to WB_License_Create() so that it includes a separate
parameter that specifies the init data used for Provider Keys.
This updates the repo to match the internal repo at commit:
8c1c4338906a32eed83eb63702690d1f02ff7cd0
In this code drop we update the reference implementation and tests to
use 1024 bit RSA keys (as per the plans for RSA V2).
Since RSA V2 also changes to support single-key and dual-key modes,
the benchmarking tests have been updated to use both so that we can
test the difference in performance.
This brings the partner repo in sync with the interal repo at commit
566966d75d552ba1654e3f43fdb37aa812f7fb8c.
In order to support both single-key and dual-key RSA implementations
where single-key will use key 0 for both sign and encryption and where
dual-key will use key 0 for sign and key 1 for encryption.
Additional changes in this code drop:
- Added VMP / RA override enabled tests
- Added VMP / RA override disabled tests
This brings the partner repo in sync with the internal repo at
commit 71760b6da1ec546c65b56e2f86b39b73b53f6734.
The two major changes in this code drop are:
1. The introduction of WB_License_QueryKeyStatus(). This function
makes it possible for the White-box to skip keys in the license and
report the usefulness of the key to the CDM.
2. The restructuring of the repo, making it easier to share test
BUILD files and set the foundation for the new code drop structure.
This change brings the partner repo in sync with the internal repo
at commit f3b472a541262ca4d425d2b294de39a99385a3d2.
In order to reproduce the issue in the white-box and VMP+RA, padding
must be used in the license. This change updates the VMP+RA test
to run every test with and without padding. The expected test
outcomes should not different between padding and no padding.
This change brings the partner repo in sync with the internal repo
at commit abcc1f9bebf1f36a108a84155ae821b8764ec4ad.
Before the VMP/RA tests only tested that decryption was successful
(checking the return code) but did not test the actual success of the
decryption (checking the decrypted plaintext against golden
plaintext).
This brings this repo in sync with the internal repo's commit
58d85cf6b19ecfb932f8edc2eaa8e907a1d21489.
It is possible for the key security level to be omitted from the
key container. When this happens, SW_SECURE_CRYPTO should be used
as the key's security level (as per the protobuf definition).
This only matters when reading the security level from the key
container since the security level must appear in the key control
block.
This change adds a test that will purposely omit the key security
level from the key container.
We were missing break-statements when parsing the security levels
from the key control block.
To confirm this, the key control block tests were updated to attempt
decrypting so that we will try using the keys. The test that used
the KCB was failing since they key security level was "hardware".
This brings this repo in sync with the internal repo at commit
499bfbbb5beb6842071e47125842aedb12b1a8e0.
This change updates the external copy of the reference to match the
internal copy at commit cda42fa07b533f8aad3183cd7eb99ce553949f88 which
introduces the tests (and fix) to handle an encrypted key block.
Rather than having init data for the license white-box be passed in
via WB_License_Create, this changes it so that it is assumed that
the private key is compiled into the white-box code.
Minor changes in this code drop include:
- Updating the git attributes to avoid line-ending conflicts between
different operating systems
- Resolving a linking issue seen on Windows
- Removing default parameter for padding in conformance tests
To make it easier to have separate implementations, we have
structured the repo so that there are three Bazel workspaces:
- The API (and reference)
- The vendor implementation for dev
- The vendor implementation for prod
This allows the vendor implementation to be separated from
the API, while it makes little difference in this repo. While
it makes little difference for this repo, it makes managing versions
much easier internally. We do it here to better reflect our internal
structure to partners.
A vendor implementation has been stubbed in (BUILD file and directory
structure) to provide vendors with some scaffolding to organize their
implementation.
In this code update we add a test to ensure that the White-box API
implementation handle seeing multiple renewal keys correctly. Since
there should be no more than one renewal key in a license response, upon
seeing a second renewal key, the implementation should return a
WB_RESULT_INVALID_PARAMETER code.
Due to changes in how Chrome manages CHECKS and DCHECKS, this code has
been updated to use the new headers.
In this code drop we introduce the ODK dependency. The reference
implementation has been updated to make use of the ODK and the related
tests have been included.
In addition, we have included an example of how a shared libraries can
be created. This will allow make it easier to test and verify different
implementations of the API.
Most other changes introduce by this code drop were made to clean-up the
reference implementation and limit dependencies.
In this code drop we introduce the benchmarking tests that allow us to
compare the performance of different implementations. Like the other
tests, any implementation can link with them to create their own
binary.
There are two types of benchmarks:
1 - Throughput, which measures the speed that a function can process
information (bits per second). These are used for AEAD decrypt
and license white-box decrypt functions.
2 - Samples, which measures the min, 25% percentile, median, 75%
percentile, and max observed values. These is used for all other
functions as a way to measure the execute duration of a call.
The other change in this code drop is the update to the unmasking
function to only unmask a subset of the bytes in the masked buffer.
This was added to better align with the decoder behaviour in the CDM.
In this update we have:
- Added the verified platform tests. These tests show how some
platforms, when verified are allowed to by pass the normal policy
restrictions. This is done with ChromeOS, thus the name of the
tests use "chrome_os".
- Removed WB_RESULT_INVALID_PADDING. This error was when we the
non-license APIs exposed a AES function with padding. However,
those functions have been removed from the API and this error is
no longer used by the API.
- Tests have been updated to avoid signed-vs-unsigned comparison
and to use the Chromium path to gTest (which is mocked in this
library).
- Tests have been updated to use a new test base and golden data
system to make them easier to read.
This is the second code drop for the white-box api reference
implementation and tests. This corrects the errors in the license
white-box reference implementation and implements the remaining
test cases.
It should be noted that there is one test case missing, the test case
for handling ChromeOS's unique policy settings.
In order to make the tests easier to create and read, a license
builder class was created and golden content and keys were wrapped in
their own classes.
How key errors are communicated was changed in the API.
WB_RESULT_NO_SUCH_KEY and WB_RESULT_WRONG_KEY_TYPE were merged into
WB_RESULT_KEY_UNAVAILABLE.
This is the initial code drop of the reference implementation and
test cases for the Widevine Whitebox API.
In this drop, the full reference implementation for the AEAD
white-box is provided and all test cases verifying the top-level
behave have are enabled. Since the implementations can vary so much
the testing is mostly left to verifying the return codes for specific
parameter conditions.
A full reference implementation for the license white-box is provided,
however not all tests are implemented or enabled. A number of tests
have been disabled as they required a loaded license and test licenses
are still being worked on.
The two license white-box API functions that are the further from
competition are ProcessLicenseResponse() and MaskedDecryt().
ProcessLicenseResponse() is still being worked on and MaskedDecrypt()
is waiting on Decrypt() to be fully functional.
Most tests focus on verifying return code for specific parameter
conditions, but as test licenses are created, tests looking to test
the internal behaviour of license management will be added to
ProcessLicenseResponse(), Decrypt(), and MaskedDecrypt().
