Cdm: Add support for Signatures by OEM Crypto API v16

OEM Crypto API v16 changed slightly how the Signature algorithm was calculated. The `oemcrypto_core_message` field is now basically prefixed to the full license message for the signature.

This fixes support for devices like Roku OS 11.5.0, among others.
This commit is contained in:
rlaphoenix 2022-11-01 01:40:44 +00:00
parent 37d466b9a8
commit 7996a3d91c

View File

@ -413,11 +413,14 @@ class Cdm:
key=self.__decrypter.decrypt(license_message.session_key)
)
# explicitly use the original `license_message.msg` instead of a re-serializing from `licence`
# as some differences may end up in the output due to differences in the proto
# 1. Explicitly use the original `license_message.msg` instead of a re-serializing from `licence`
# as some differences may end up in the output due to differences in the proto schema
# 2. The oemcrypto_core_message (unknown purpose) is part of the signature algorithm starting with
# OEM Crypto API v16 and if available, must be prefixed when HMAC'ing a signature.
computed_signature = HMAC. \
new(mac_key_server, digestmod=SHA256). \
update(license_message.oemcrypto_core_message or b""). \
update(license_message.msg). \
digest()