41e86ecab9
In this update we have:
- Added the verified platform tests. These tests show how some
platforms, when verified are allowed to by pass the normal policy
restrictions. This is done with ChromeOS, thus the name of the
tests use "chrome_os".
- Removed WB_RESULT_INVALID_PADDING. This error was when we the
non-license APIs exposed a AES function with padding. However,
those functions have been removed from the API and this error is
no longer used by the API.
- Tests have been updated to avoid signed-vs-unsigned comparison
and to use the Chromium path to gTest (which is mocked in this
library).
- Tests have been updated to use a new test base and golden data
system to make them easier to read.
87 lines
2.6 KiB
C++
87 lines
2.6 KiB
C++
// Copyright 2020 Google LLC. All Rights Reserved.
|
|
|
|
#ifndef WHITEBOX_API_LICENSE_BUILDER_H_
|
|
#define WHITEBOX_API_LICENSE_BUILDER_H_
|
|
|
|
#include <stdint.h>
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include "cdm/protos/license_protocol.pb.h"
|
|
#include "crypto_utils/rsa_key.h"
|
|
|
|
namespace widevine {
|
|
|
|
struct License {
|
|
std::vector<uint8_t> request;
|
|
std::vector<uint8_t> message;
|
|
std::vector<uint8_t> signature;
|
|
|
|
// |session_key_| encrypted using the public key. The white-box expects the
|
|
// session key to be encrypted, so we use the name "session_key_" (even if it
|
|
// is encrypted), we omit the term "encrypted" to match the naming in the API.
|
|
std::vector<uint8_t> session_key;
|
|
};
|
|
|
|
class TestLicenseBuilder {
|
|
public:
|
|
enum class RemoteAttestation {
|
|
kUnavailable,
|
|
kVerified,
|
|
kUnverified,
|
|
};
|
|
|
|
enum class VerificationStatus {
|
|
kUnavailable,
|
|
kHardwareVerified,
|
|
kOther,
|
|
};
|
|
|
|
// Returns padding data the can be used as |padding| when calling
|
|
// AddSigningKey() or AddContentKey().
|
|
static std::vector<uint8_t> NoPadding();
|
|
static std::vector<uint8_t> PKSC8Padding();
|
|
|
|
// Returns a default signing key that can be used with AddSigningKey().
|
|
static std::vector<uint8_t> DefaultSigningKey();
|
|
|
|
TestLicenseBuilder();
|
|
|
|
void AddSigningKey(const std::vector<uint8_t>& key,
|
|
const std::vector<uint8_t>& padding = NoPadding());
|
|
|
|
// Add a content key so that there is some key in the license. This should not
|
|
// be used with AddContentKey().
|
|
void AddStubbedContentKey();
|
|
|
|
void AddContentKey(video_widevine::License_KeyContainer_SecurityLevel level,
|
|
const std::vector<uint8_t>& key_id,
|
|
const std::vector<uint8_t>& key,
|
|
const std::vector<uint8_t>& padding = NoPadding());
|
|
|
|
// The key id will matter as we will need to reference it, but the key won't
|
|
// matter since we are only using it as a means to verify that a non-content
|
|
// key can't be used as a content key.
|
|
void AddOperatorSessionKey(const std::vector<uint8_t>& key_id);
|
|
|
|
void SetRemoteAttestation(RemoteAttestation setting);
|
|
|
|
void SetVerificationStatus(VerificationStatus setting);
|
|
|
|
// Gets the serialized license request and response (in components) that would
|
|
// have been used in the license exchange.
|
|
void Build(const RsaPublicKey& public_key, License* license) const;
|
|
|
|
private:
|
|
const std::string session_key_ = "0123456789ABCDEF";
|
|
|
|
video_widevine::LicenseRequest request_;
|
|
video_widevine::License response_;
|
|
std::string serialized_request_;
|
|
std::string container_key_;
|
|
};
|
|
|
|
} // namespace widevine
|
|
|
|
#endif // WHITEBOX_API_LICENSE_BUILDER_H_
|