77f7ef98c0
This is the initial code drop of the reference implementation and test cases for the Widevine Whitebox API. In this drop, the full reference implementation for the AEAD white-box is provided and all test cases verifying the top-level behave have are enabled. Since the implementations can vary so much the testing is mostly left to verifying the return codes for specific parameter conditions. A full reference implementation for the license white-box is provided, however not all tests are implemented or enabled. A number of tests have been disabled as they required a loaded license and test licenses are still being worked on. The two license white-box API functions that are the further from competition are ProcessLicenseResponse() and MaskedDecryt(). ProcessLicenseResponse() is still being worked on and MaskedDecrypt() is waiting on Decrypt() to be fully functional. Most tests focus on verifying return code for specific parameter conditions, but as test licenses are created, tests looking to test the internal behaviour of license management will be added to ProcessLicenseResponse(), Decrypt(), and MaskedDecrypt().
95 lines
3.8 KiB
C++
95 lines
3.8 KiB
C++
////////////////////////////////////////////////////////////////////////////////
|
|
// Copyright 2016 Google LLC.
|
|
//
|
|
// This software is licensed under the terms defined in the Widevine Master
|
|
// License Agreement. For a copy of this agreement, please contact
|
|
// widevine-licensing@google.com.
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
// Contains common crypto routines for widevine protocols. These routines are
|
|
// used as part of licensing and provisioning request handling.
|
|
|
|
#ifndef WHITEBOX_CRYPTO_UTILS_CRYPTO_UTIL_H_
|
|
#define WHITEBOX_CRYPTO_UTILS_CRYPTO_UTIL_H_
|
|
|
|
#include <string>
|
|
|
|
#include "absl/strings/string_view.h"
|
|
|
|
namespace widevine {
|
|
namespace crypto_util {
|
|
|
|
// Default constants used for key derivation for encryption and signing.
|
|
// TODO(user): These are duplicated in session.cc in the sdk. de-dup.
|
|
extern const char kWrappingKeyLabel[];
|
|
extern const int kWrappingKeySizeBits;
|
|
extern const char kSigningKeyLabel[];
|
|
extern const int kSigningKeySizeBits;
|
|
extern const size_t kSigningKeySizeBytes;
|
|
extern const char kIvMasterKey[];
|
|
extern const char kIvLabel[];
|
|
extern const int kIvSizeBits;
|
|
extern const int kAes128KeySizeBits;
|
|
extern const int kAes128KeySizeBytes;
|
|
extern const char kKeyboxV3Label[];
|
|
|
|
extern const uint32_t kCENCSchemeID; // 'cenc' (AES-CTR): 0x63656E63
|
|
extern const uint32_t kCBC1SchemeID; // 'cbc1' (AES-CBC): 0x63626331
|
|
extern const uint32_t kCENSSchemeID; // 'cens' (AES-CTR subsample): 0x63656E73
|
|
extern const uint32_t kCBCSSchemeID; // 'cbcs' (AES-CBC subsample): 0x63626373
|
|
|
|
// DeriveKey uses the NIST 800-108 KDF recommendation, using AES-CMAC PRF.
|
|
// NIST 800-108:
|
|
// http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
|
|
// AES-CMAC:
|
|
// http://tools.ietf.org/html/rfc4493
|
|
std::string DeriveKey(absl::string_view key,
|
|
absl::string_view label,
|
|
absl::string_view context,
|
|
const uint32_t size_bits);
|
|
|
|
// Derives an IV from the provided |context|.
|
|
std::string DeriveIv(absl::string_view context);
|
|
|
|
// Derives a key ID from the provided |context|.
|
|
std::string DeriveKeyId(absl::string_view context);
|
|
|
|
// Helper function to derive a key using the group master key and context.
|
|
std::string DeriveGroupSessionKey(absl::string_view context,
|
|
const uint32_t size_bits);
|
|
|
|
// Helper function to derive a signing key for from the signing context.
|
|
std::string DeriveSigningKey(absl::string_view key,
|
|
absl::string_view context,
|
|
const uint32_t size_bits);
|
|
|
|
// Helper function to create a SHA-256 HMAC signature for the given message.
|
|
std::string CreateSignatureHmacSha256(absl::string_view key,
|
|
absl::string_view message);
|
|
|
|
// Helper function which compares the SHA-256 HMAC against the provided
|
|
// signature.
|
|
bool VerifySignatureHmacSha256(absl::string_view key,
|
|
absl::string_view signature,
|
|
absl::string_view message);
|
|
|
|
// Helper function to create a SHA-1 HMAC signature for the given message.
|
|
std::string CreateSignatureHmacSha1(absl::string_view key,
|
|
absl::string_view message);
|
|
|
|
// Helper function which compares the SHA-1 HMAC against the provided
|
|
// signature.
|
|
bool VerifySignatureHmacSha1(absl::string_view key,
|
|
absl::string_view signature,
|
|
absl::string_view message);
|
|
|
|
// Converts a requested 4CC encryption scheme ID from a std::string to a
|
|
// uint32_t and verifies it is a correct value.
|
|
bool FourCCEncryptionSchemeIDFromString(const std::string& requested,
|
|
uint32_t* four_cc_code);
|
|
|
|
} // namespace crypto_util
|
|
} // namespace widevine
|
|
|
|
#endif // WHITEBOX_CRYPTO_UTILS_CRYPTO_UTIL_H_
|