Add AES signing support to packager_main app

Add two new command line arguments: --aes_signing_key for AES signing
key (in hex) and --aes_signing_iv for AES signing iv (in hex). Also
change --signing_key_path to --rsa_signing_key_path.

Bug: 13582970

Change-Id: I66ba330a1a05e0f5def7987ac41d396dc92005ae

app/packager_main.cc

@@ -45,19 +45,35 @@ void DumpStreamInfo(const std::vector<MediaStream*>& streams) {
 scoped_ptr<EncryptorSource> CreateEncryptorSource() {
   scoped_ptr<EncryptorSource> encryptor_source;
   if (FLAGS_enable_widevine_encryption) {
-    std::string rsa_private_key;
+    scoped_ptr<RequestSigner> signer;
-    if (!File::ReadFileToString(FLAGS_signing_key_path.c_str(),
+    DCHECK(!FLAGS_aes_signing_key.empty() ||
-                                &rsa_private_key)) {
+           !FLAGS_rsa_signing_key_path.empty());
-      LOG(ERROR) << "Failed to read from '" << FLAGS_signing_key_path << "'.";
+    if (!FLAGS_aes_signing_key.empty()) {
-      return scoped_ptr<EncryptorSource>();
+      signer.reset(
-    }
+          AesRequestSigner::CreateSigner(FLAGS_signer, FLAGS_aes_signing_key,
+                                         FLAGS_aes_signing_iv));
+      if (!signer) {
+        LOG(ERROR) << "Cannot create an AES signer object from '"
+                   << FLAGS_aes_signing_key << "':'" << FLAGS_aes_signing_iv
+                   << "'.";
+        return scoped_ptr<EncryptorSource>();
+      }
+    } else if (!FLAGS_rsa_signing_key_path.empty()) {
+      std::string rsa_private_key;
+      if (!File::ReadFileToString(FLAGS_rsa_signing_key_path.c_str(),
+                                  &rsa_private_key)) {
+        LOG(ERROR) << "Failed to read from '" << FLAGS_rsa_signing_key_path
+                   << "'.";
+        return scoped_ptr<EncryptorSource>();
+      }
 
-    scoped_ptr<RequestSigner> signer(
+      signer.reset(
-        RsaRequestSigner::CreateSigner(FLAGS_signer, rsa_private_key));
+          RsaRequestSigner::CreateSigner(FLAGS_signer, rsa_private_key));
-    if (!signer) {
+      if (!signer) {
-      LOG(ERROR) << "Cannot create signer object from '"
+        LOG(ERROR) << "Cannot create a RSA signer object from '"
-                 << FLAGS_signing_key_path << "'.";
+                   << FLAGS_rsa_signing_key_path << "'.";
-      return scoped_ptr<EncryptorSource>();
+        return scoped_ptr<EncryptorSource>();
+      }
     }
 
     WidevineEncryptorSource::TrackType track_type =

app/widevine_encryption_flags.h

@@ -11,22 +11,62 @@
 
 #include <gflags/gflags.h>
 
+#include "base/strings/string_number_conversions.h"
+
 DEFINE_bool(enable_widevine_encryption,
             false,
-            "Enable encryption with Widevine license server/proxy.");
+            "Enable encryption with Widevine license server/proxy. User should "
+            "provide either AES signing key (--aes_signing_key, "
+            "--aes_signing_iv) or RSA signing key (--rsa_signing_key_path).");
 DEFINE_string(server_url, "", "License server url.");
 DEFINE_string(content_id, "", "Content Id.");
 DEFINE_string(track_type, "SD", "Track type: HD, SD or AUDIO.");
 DEFINE_string(signer, "", "The name of the signer.");
-DEFINE_string(signing_key_path,
+DEFINE_string(aes_signing_key,
               "",
-              "Stores PKCS#1 RSA private key for request signing.");
+              "AES signing key in hex string. --aes_signing_iv is required. "
+              "Exclusive with --rsa_signing_key_path.");
+DEFINE_string(aes_signing_iv,
+              "",
+              "AES signing iv in hex string.");
+DEFINE_string(rsa_signing_key_path,
+              "",
+              "Stores PKCS#1 RSA private key for request signing. Exclusive "
+              "with --aes_signing_key.");
 
 static bool IsNotEmptyWithWidevineEncryption(const char* flag_name,
                                              const std::string& flag_value) {
   return FLAGS_enable_widevine_encryption ? !flag_value.empty() : true;
 }
 
+static bool VerifyAesRsaKey(const char* flag_name,
+                            const std::string& flag_value) {
+  if (!FLAGS_enable_widevine_encryption)
+    return true;
+  const std::string flag_name_str = flag_name;
+  if (flag_name_str == "aes_signing_iv") {
+    if (!FLAGS_aes_signing_key.empty() && flag_value.empty()) {
+      fprintf(stderr,
+              "ERROR: --aes_signing_iv is required for --aes_signing_key.\n");
+      return false;
+    }
+  } else if (flag_name_str == "rsa_signing_key_path") {
+    if (FLAGS_aes_signing_key.empty() && flag_value.empty()) {
+      fprintf(stderr,
+              "ERROR: --aes_signing_key or --rsa_signing_key_path is "
+              "required.\n");
+      return false;
+    }
+    if (!FLAGS_aes_signing_key.empty() && !flag_value.empty()) {
+      fprintf(stderr,
+              "ERROR: --aes_signing_key and --rsa_signing_key_path are "
+              "exclusive.\n");
+      return false;
+    }
+  }
+  return true;
+}
+
 static bool dummy_server_url_validator =
     google::RegisterFlagValidator(&FLAGS_server_url,
                                   &IsNotEmptyWithWidevineEncryption);
@@ -39,8 +79,10 @@ static bool dummy_track_type_validator =
 static bool dummy_signer_validator =
     google::RegisterFlagValidator(&FLAGS_signer,
                                   &IsNotEmptyWithWidevineEncryption);
+static bool dummy_aes_iv_validator =
+    google::RegisterFlagValidator(&FLAGS_aes_signing_iv,
+                                  &VerifyAesRsaKey);
 static bool dummy_rsa_key_file_validator =
-    google::RegisterFlagValidator(&FLAGS_signing_key_path,
+    google::RegisterFlagValidator(&FLAGS_rsa_signing_key_path,
-                                  &IsNotEmptyWithWidevineEncryption);
+                                  &VerifyAesRsaKey);
-
 #endif  // APP_WIDEVINE_ENCRYPTION_FLAGS_H_