widevine-partner/whitebox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2 Commits 1 Branch 0 Tags
ab70a5e358800bc57b2c3bea1c82b09fc70d3dd6
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Aaron Vaage ab70a5e358 Code Drop Two (Update One) 
This is the second code drop for the white-box api reference
implementation and tests. This corrects the errors in the license
white-box reference implementation and implements the remaining
test cases.

It should be noted that there is one test case missing, the test case
for handling ChromeOS's unique policy settings.

In order to make the tests easier to create and read, a license
builder class was created and golden content and keys were wrapped in
their own classes.

How key errors are communicated was changed in the API.
WB_RESULT_NO_SUCH_KEY and WB_RESULT_WRONG_KEY_TYPE were merged into
WB_RESULT_KEY_UNAVAILABLE.
2020-05-26 19:46:26 -07:00
api
Code Drop Two (Update One)
2020-05-26 19:46:26 -07:00
chromium_deps
Initial Code Drop
2020-05-18 19:45:53 -07:00
crypto_utils
Initial Code Drop
2020-05-18 19:45:53 -07:00
impl/reference
Code Drop Two (Update One)
2020-05-26 19:46:26 -07:00
.clang-format
Initial Code Drop
2020-05-18 19:45:53 -07:00
.gitignore
Initial Code Drop
2020-05-18 19:45:53 -07:00
README.md
Initial Code Drop
2020-05-18 19:45:53 -07:00
WORKSPACE
Initial Code Drop
2020-05-18 19:45:53 -07:00

README.md

White-box API

Summary

This repo contains the Widevine white-box API and reference implementation, allowing for all CDMs to share a single white-box implementation abstracted behind an API tailored for Widevine's use-cases.

This repo focuses on implementing the Widevine API, dependencies on any actual white-box implementations should be treated as an external dependency and not stored in this repo (e.g. any source or libraries should not be checked into this repo).

Building and Dependencies

In this repo we use Bazel. This was done as Bazel is open-source and widely available, making it easier for us to collaborate with external partners, and develop independent of any final integration. It is not expected nor required that integrators use Bazel.

The Bazel workspace is set to pull in any and all external dependencies, making the project as self-contained as possible. To make the reference implementation easy to integrate into our first target (Alcatraz) paths to dependencies have been aliased to match Chromium paths.

To build the full repo and run all tests, from within or below the repo root (the directory containing the WORKSPACE file), run:

bazel build "//..."
bazel test "//..."

API

The API is defined in the //api directory. There are two white-box APIs defined, each focused on different use-cases.

License White-box

The license white-box is designed to handle content keys. It is designed to consume a Widevine license, extract the context keys, load them into the underlying white-box, and only use them when the content policy allows (e.g. SW_SECURE_DECODE can only be used by WB_License_MaskedDecrypt()).

Aead White-box

The Aead white-box is designed to encrypt/decrypt local data using authenticated encryption, allowing for offline licenses to be locked-per-device and avoid sensitive data from sitting exposed in runtime memory.

Testing

Each white-box comes with a collection of conformance tests used to verify an implementation's adherence to the API. The tests are defined in //api and are designed so that by providing an implementation for //api/test_data.h, the tests can be shared across multiple implementations. See "Creating A Custom Implementation" for more information on how to do this.

Reference Implementation

A reference implementation has been provided in //impl/reference. It uses boringssl to implement all the crypto operations and uses Protocol Buffers to parse the license request and license response.

This reference implementation was created for the sole purpose of developing the conformance tests and to act as a mock in test. It should only be used in test/debug scenarios.

Creating A Custom Implementation

To create a custom implementation, create a new directory in //impl. Create a BUILD file and define these two targets:

cc_library(
    name = "aead_whitebox",
    srcs = [],
    visibility = ["//visibility:public"],
    deps = [
        "//api:aead_whitebox",
        "//api:result",
    ],
)

cc_library(
    name = "license_whitebox",
    srcs = [],
    visibility = ["//visibility:public"],
    deps = [
        "//api:license_whitebox",
        "//api:result",
    ],
)

You'll need to update the aead_whitebox and license_whitebox targets with the source files you use (srcs) and the targets your depend on (deps).

To build your implementation, from within or below the repo root (the directory containing the WORKSPACE file), run:

bazel build "//impl/your-implementation"

To link the conformance tests against your implementation, you'll need to implement //api/test_data.h and define the following targets in your BUILD file:

cc_library(
    name = "test_data",
    src = [
        "test_data.cc",
    ],
    deps = [
        "//api:test_data",
    ],
)

cc_test(
    name = "aead_whitebox_test",
    size = "small",
    deps = [
        ":aead_whitebox",
        ":test_data",
        "//api:aead_whitebox_test",
    ],
)

cc_test(
    name = "license_whitebox_test",
    size = "small",
    deps = [
        ":license_whitebox",
        ":test_data",
        "//api:license_whitebox_test",
    ],
)

To run the tests, from within or below the repo root (the directory containing the WORKSPACE file), run:

bazel test "//impl/your-implementation"
Description
No description provided
Readme 604 KiB