Update Changelog for v1.5.2

Bump to v1.5.2
Cdm: Add support for Signatures by OEM Crypto API v16
2022-11-10 18:20:06 +00:00 · 2022-11-10 18:19:55 +00:00 · 2022-11-01 11:04:11 +00:00
4 changed files with 15 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+## [1.5.2] - 2022-10-11
+
+### Fixed
+
+- Fixed license signature calculation for newer Widevine Server licenses on OEM Crypto v16.0.0 or newer.
+  The `oemcrypto_core_message` data needed to be part of the HMAC ingest if available.
+
 ## [1.5.1] - 2022-10-23

 ### Added
@@ -325,6 +332,7 @@ This release is primarily a maintenance release for `serve` functionality but so

 Initial Release.

+[1.5.2]: https://github.com/rlaphoenix/pywidevine/releases/tag/v1.5.2
 [1.5.1]: https://github.com/rlaphoenix/pywidevine/releases/tag/v1.5.1
 [1.5.0]: https://github.com/rlaphoenix/pywidevine/releases/tag/v1.5.0
 [1.4.4]: https://github.com/rlaphoenix/pywidevine/releases/tag/v1.4.4
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "poetry.core.masonry.api"

 [tool.poetry]
 name = "pywidevine"
-version = "1.5.1"
+version = "1.5.2"
 description = "Widevine CDM (Content Decryption Module) implementation in Python."
 authors = ["rlaphoenix <rlaphoenix@pm.me>"]
 license = "GPL-3.0-only"
--- a/pywidevine/init.py
+++ b/pywidevine/init.py
@@ -6,4 +6,4 @@ from .remotecdm import *
 from .session import *


-__version__ = "1.5.1"
+__version__ = "1.5.2"
--- a/pywidevine/cdm.py
+++ b/pywidevine/cdm.py
@@ -413,11 +413,14 @@ class Cdm:
            key=self.__decrypter.decrypt(license_message.session_key)
        )

-        # explicitly use the original `license_message.msg` instead of a re-serializing from `licence`
-        # as some differences may end up in the output due to differences in the proto
+        # 1. Explicitly use the original `license_message.msg` instead of a re-serializing from `licence`
+        #    as some differences may end up in the output due to differences in the proto schema
+        # 2. The oemcrypto_core_message (unknown purpose) is part of the signature algorithm starting with
+        #    OEM Crypto API v16 and if available, must be prefixed when HMAC'ing a signature.

        computed_signature = HMAC. \
            new(mac_key_server, digestmod=SHA256). \
+            update(license_message.oemcrypto_core_message or b""). \
            update(license_message.msg). \
            digest()
Author	SHA1	Message	Date
rlaphoenix	8146e055e6	Update Changelog for v1.5.2	2022-11-10 18:20:06 +00:00
rlaphoenix	58208ab68f	Bump to v1.5.2	2022-11-10 18:19:55 +00:00
rlaphoenix	7996a3d91c	Cdm: Add support for Signatures by OEM Crypto API v16 OEM Crypto API v16 changed slightly how the Signature algorithm was calculated. The `oemcrypto_core_message` field is now basically prefixed to the full license message for the signature. This fixes support for devices like Roku OS 11.5.0, among others.	2022-11-01 11:04:11 +00:00