41e86ecab9
In this update we have:
- Added the verified platform tests. These tests show how some
platforms, when verified are allowed to by pass the normal policy
restrictions. This is done with ChromeOS, thus the name of the
tests use "chrome_os".
- Removed WB_RESULT_INVALID_PADDING. This error was when we the
non-license APIs exposed a AES function with padding. However,
those functions have been removed from the API and this error is
no longer used by the API.
- Tests have been updated to avoid signed-vs-unsigned comparison
and to use the Chromium path to gTest (which is mocked in this
library).
- Tests have been updated to use a new test base and golden data
system to make them easier to read.
98 lines
3.9 KiB
C++
98 lines
3.9 KiB
C++
////////////////////////////////////////////////////////////////////////////////
|
|
// Copyright 2016 Google LLC.
|
|
//
|
|
// This software is licensed under the terms defined in the Widevine Master
|
|
// License Agreement. For a copy of this agreement, please contact
|
|
// widevine-licensing@google.com.
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
// Contains common crypto routines for widevine protocols. These routines are
|
|
// used as part of licensing and provisioning request handling.
|
|
|
|
#ifndef WHITEBOX_CRYPTO_UTILS_CRYPTO_UTIL_H_
|
|
#define WHITEBOX_CRYPTO_UTILS_CRYPTO_UTIL_H_
|
|
|
|
#include <string>
|
|
|
|
namespace widevine {
|
|
// Sub in the string view so that we can more easily use this file with code
|
|
// that does not have access to absl.
|
|
namespace absl {
|
|
using string_view = const std::string&;
|
|
}
|
|
|
|
namespace crypto_util {
|
|
// Default constants used for key derivation for encryption and signing.
|
|
// TODO(user): These are duplicated in session.cc in the sdk. de-dup.
|
|
extern const char kWrappingKeyLabel[];
|
|
extern const int kWrappingKeySizeBits;
|
|
extern const char kSigningKeyLabel[];
|
|
extern const int kSigningKeySizeBits;
|
|
extern const size_t kSigningKeySizeBytes;
|
|
extern const char kIvMasterKey[];
|
|
extern const char kIvLabel[];
|
|
extern const int kIvSizeBits;
|
|
extern const int kAes128KeySizeBits;
|
|
extern const int kAes128KeySizeBytes;
|
|
extern const char kKeyboxV3Label[];
|
|
|
|
extern const uint32_t kCENCSchemeID; // 'cenc' (AES-CTR): 0x63656E63
|
|
extern const uint32_t kCBC1SchemeID; // 'cbc1' (AES-CBC): 0x63626331
|
|
extern const uint32_t kCENSSchemeID; // 'cens' (AES-CTR subsample): 0x63656E73
|
|
extern const uint32_t kCBCSSchemeID; // 'cbcs' (AES-CBC subsample): 0x63626373
|
|
|
|
// DeriveKey uses the NIST 800-108 KDF recommendation, using AES-CMAC PRF.
|
|
// NIST 800-108:
|
|
// http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
|
|
// AES-CMAC:
|
|
// http://tools.ietf.org/html/rfc4493
|
|
std::string DeriveKey(absl::string_view key,
|
|
absl::string_view label,
|
|
absl::string_view context,
|
|
const uint32_t size_bits);
|
|
|
|
// Derives an IV from the provided |context|.
|
|
std::string DeriveIv(absl::string_view context);
|
|
|
|
// Derives a key ID from the provided |context|.
|
|
std::string DeriveKeyId(absl::string_view context);
|
|
|
|
// Helper function to derive a key using the group master key and context.
|
|
std::string DeriveGroupSessionKey(absl::string_view context,
|
|
const uint32_t size_bits);
|
|
|
|
// Helper function to derive a signing key for from the signing context.
|
|
std::string DeriveSigningKey(absl::string_view key,
|
|
absl::string_view context,
|
|
const uint32_t size_bits);
|
|
|
|
// Helper function to create a SHA-256 HMAC signature for the given message.
|
|
std::string CreateSignatureHmacSha256(absl::string_view key,
|
|
absl::string_view message);
|
|
|
|
// Helper function which compares the SHA-256 HMAC against the provided
|
|
// signature.
|
|
bool VerifySignatureHmacSha256(absl::string_view key,
|
|
absl::string_view signature,
|
|
absl::string_view message);
|
|
|
|
// Helper function to create a SHA-1 HMAC signature for the given message.
|
|
std::string CreateSignatureHmacSha1(absl::string_view key,
|
|
absl::string_view message);
|
|
|
|
// Helper function which compares the SHA-1 HMAC against the provided
|
|
// signature.
|
|
bool VerifySignatureHmacSha1(absl::string_view key,
|
|
absl::string_view signature,
|
|
absl::string_view message);
|
|
|
|
// Converts a requested 4CC encryption scheme ID from a std::string to a
|
|
// uint32_t and verifies it is a correct value.
|
|
bool FourCCEncryptionSchemeIDFromString(const std::string& requested,
|
|
uint32_t* four_cc_code);
|
|
|
|
} // namespace crypto_util
|
|
} // namespace widevine
|
|
|
|
#endif // WHITEBOX_CRYPTO_UTILS_CRYPTO_UTIL_H_
|