diff --git a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h index d6fd79a6..f08a1b24 100644 --- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h +++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h @@ -8,9 +8,9 @@ * Reference APIs needed to support Widevine's crypto algorithms. * * See the document "WV Modular DRM Security Integration Guide for Common - * Encryption (CENC) -- version 14" for a description of this API. You + * Encryption (CENC) -- version 15" for a description of this API. You * can find this document in the widevine repository as - * docs/WidevineModularDRMSecurityIntegrationGuideforCENC_v14.pdf + * docs/WidevineModularDRMSecurityIntegrationGuideforCENC_v15.pdf * Changes between different versions of this API are documented in the files * docs/Widevine_Modular_DRM_Version_*_Delta.pdf * @@ -83,6 +83,10 @@ typedef enum OEMCryptoResult { OEMCrypto_ERROR_USAGE_TABLE_UNRECOVERABLE = 50, // Reserved. Do not use. OEMCrypto_KEY_NOT_LOADED = 51, OEMCrypto_KEY_NOT_ENTITLED = 52, + OEMCrypto_ERROR_BAD_HASH = 53, + OEMCrypto_ERROR_OUTPUT_TOO_LARGE = 54, + OEMCrypto_ERROR_SESSION_LOST_STATE = 55, + OEMCrypto_ERROR_SYSTEM_INVALIDATED = 56, } OEMCryptoResult; /* @@ -164,6 +168,18 @@ typedef enum OEMCrypto_LicenseType { OEMCrypto_EntitlementLicense = 1 } OEMCrypto_LicenseType; +/* + * OEMCrypto_Substring + * + * Used to indicate a substring of a signed message in OEMCrypto_LoadKeys and + * other functions which must verify that a parameter is contained within a + * signed message. + */ +typedef struct { + size_t offset; + size_t length; +} OEMCrypto_Substring; + /* * OEMCrypto_KeyObject * Points to the relevant fields for a content key. The fields are extracted @@ -186,6 +202,10 @@ typedef enum OEMCrypto_LicenseType { * The memory for the OEMCrypto_KeyObject fields is allocated and freed * by the caller of OEMCrypto_LoadKeys(). */ +#if 1 +// TODO(b/115874964, srujzs): For this and the ones below struct and function +// using Substring, rename the the old structure to *_V14 and move to the +// dynamic adapter for backwards compatiblity. typedef struct { const uint8_t* key_id; size_t key_id_length; @@ -195,6 +215,25 @@ typedef struct { const uint8_t* key_control_iv; const uint8_t* key_control; } OEMCrypto_KeyObject; +#else +typedef struct { + OEMCrypto_Substring key_id; + OEMCrypto_Substring key_data_iv; + OEMCrypto_Substring key_data; + OEMCrypto_Substring key_control_iv; + OEMCrypto_Substring key_control; +} OEMCrypto_KeyObject; +#endif + +/* + * SRM_Restriction_Data + * + * Structure passed into LoadKeys to specify required SRM version. + */ +typedef struct { + uint8_t verification[8]; // must be “HDCPDATA” + uint32_t minimum_srm_version; // version number in network byte order. +} SRM_Restriction_Data; /* * OEMCrypto_EntitledContentKeyObject @@ -209,6 +248,7 @@ typedef struct { * key_data - encrypted content key data. * key_data_length - length of key_data - 16 or 32 depending on intended use. */ +#if 1 // TODO(b/115874964, srujzs): rename and move. typedef struct { const uint8_t* entitlement_key_id; size_t entitlement_key_id_length; @@ -218,6 +258,14 @@ typedef struct { const uint8_t* content_key_data; size_t content_key_data_length; } OEMCrypto_EntitledContentKeyObject; +#else +typedef struct { + OEMCrypto_Substring entitlement_key_id; + OEMCrypto_Substring content_key_id; + OEMCrypto_Substring content_key_data_iv; + OEMCrypto_Substring content_key_data; +} OEMCrypto_EntitledContentKeyObject; +#endif /* * OEMCrypto_KeyRefreshObject @@ -238,12 +286,21 @@ typedef struct { * The memory for the OEMCrypto_KeyRefreshObject fields is allocated and freed * by the caller of OEMCrypto_RefreshKeys(). */ +#if 1 // TODO(b/115874964, srujzs): rename and move. typedef struct { const uint8_t* key_id; size_t key_id_length; const uint8_t* key_control_iv; const uint8_t* key_control; } OEMCrypto_KeyRefreshObject; +#else +typedef struct { + OEMCrypto_Substring key_id; + OEMCrypto_Substring key_control_iv; + OEMCrypto_Substring key_control; +} OEMCrypto_KeyRefreshObject; +#endif + /* * OEMCrypto_Algorithm @@ -317,10 +374,11 @@ typedef enum OEMCrypto_Clock_Security_Level { kHardwareSecureClock = 3 } OEMCrypto_Clock_Security_Level; -typedef enum RSA_Padding_Scheme { - kSign_RSASSA_PSS = 0x1, // RSASSA-PSS with SHA1. - kSign_PKCS1_Block1 = 0x2, // PKCS1 with block type 1 padding (only). -} RSA_Padding_Scheme; +typedef uint8_t RSA_Padding_Scheme; +// RSASSA-PSS with SHA1. +const RSA_Padding_Scheme kSign_RSASSA_PSS = 0x1; +// PKCS1 with block type 1 padding (only). +const RSA_Padding_Scheme kSign_PKCS1_Block1 = 0x2; /* * OEMCrypto_HDCP_Capability is used in the key control block to enforce HDCP @@ -332,6 +390,7 @@ typedef enum OEMCrypto_HDCP_Capability { HDCP_V2 = 2, // HDCP version 2.0 Type 1. HDCP_V2_1 = 3, // HDCP version 2.1 Type 1. HDCP_V2_2 = 4, // HDCP version 2.2 Type 1. + HDCP_V2_3 = 5, // HDCP version 2.3 Type 1. HDCP_NO_DIGITAL_OUTPUT = 0xff // No digital output. } OEMCrypto_HDCP_Capability; @@ -354,8 +413,9 @@ typedef enum OEMCrypto_ProvisioningMethod { /* * Flags indicating full decrypt path hash supported. */ -#define OEMCrypto_Hash_Not_Supported 0 -#define OEMCrypto_HMAC_Clear_Buffer 1 +const uint32_t OEMCrypto_Hash_Not_Supported = 0; +const uint32_t OEMCrypto_CRC_Clear_Buffer = 1; +const uint32_t OEMCrypto_Partner_Defined_Hash = 2; /* * Return values from OEMCrypto_GetAnalogOutputFlags. @@ -370,87 +430,137 @@ typedef enum OEMCrypto_ProvisioningMethod { /* * Obfuscation Renames. */ -#define OEMCrypto_Initialize _oecc01 -#define OEMCrypto_Terminate _oecc02 -#define OEMCrypto_InstallKeybox _oecc03 +#define OEMCrypto_Initialize _oecc01 +#define OEMCrypto_Terminate _oecc02 +#define OEMCrypto_InstallKeybox _oecc03 // Rename InstallKeybox to InstallKeyboxOrOEMCert. -#define OEMCrypto_InstallRootKeyCertificate _oecc03 -#define OEMCrypto_InstallKeyboxOrOEMCert _oecc03 -#define OEMCrypto_GetKeyData _oecc04 -#define OEMCrypto_IsKeyboxValid _oecc05 +#define OEMCrypto_InstallRootKeyCertificate _oecc03 +#define OEMCrypto_InstallKeyboxOrOEMCert _oecc03 +#define OEMCrypto_GetKeyData _oecc04 +#define OEMCrypto_IsKeyboxValid _oecc05 // Rename IsKeyboxValid to IsKeyboxOrOEMCertValid. -#define OEMCrypto_IsRootKeyCertificateValid _oecc05 -#define OEMCrypto_IsKeyboxOrOEMCertValid _oecc05 -#define OEMCrypto_GetRandom _oecc06 -#define OEMCrypto_GetDeviceID _oecc07 -#define OEMCrypto_WrapKeybox _oecc08 +#define OEMCrypto_IsRootKeyCertificateValid _oecc05 +#define OEMCrypto_IsKeyboxOrOEMCertValid _oecc05 +#define OEMCrypto_GetRandom _oecc06 +#define OEMCrypto_GetDeviceID _oecc07 +#define OEMCrypto_WrapKeybox _oecc08 // Rename WrapKeybox to WrapKeyboxOrOEMCert -#define OEMCrypto_WrapRootKeyCertificate _oecc08 -#define OEMCrypto_WrapKeyboxOrOEMCert _oecc08 -#define OEMCrypto_OpenSession _oecc09 -#define OEMCrypto_CloseSession _oecc10 -#define OEMCrypto_DecryptCTR_V10 _oecc11 -#define OEMCrypto_GenerateDerivedKeys _oecc12 -#define OEMCrypto_GenerateSignature _oecc13 -#define OEMCrypto_GenerateNonce _oecc14 -#define OEMCrypto_LoadKeys_V8 _oecc15 -#define OEMCrypto_RefreshKeys _oecc16 -#define OEMCrypto_SelectKey_V13 _oecc17 -#define OEMCrypto_RewrapDeviceRSAKey _oecc18 -#define OEMCrypto_LoadDeviceRSAKey _oecc19 -#define OEMCrypto_GenerateRSASignature_V8 _oecc20 -#define OEMCrypto_DeriveKeysFromSessionKey _oecc21 -#define OEMCrypto_APIVersion _oecc22 -#define OEMCrypto_SecurityLevel _oecc23 -#define OEMCrypto_Generic_Encrypt _oecc24 -#define OEMCrypto_Generic_Decrypt _oecc25 -#define OEMCrypto_Generic_Sign _oecc26 -#define OEMCrypto_Generic_Verify _oecc27 -#define OEMCrypto_GetHDCPCapability_V9 _oecc28 -#define OEMCrypto_SupportsUsageTable _oecc29 -#define OEMCrypto_UpdateUsageTable _oecc30 -#define OEMCrypto_DeactivateUsageEntry_V12 _oecc31 -#define OEMCrypto_ReportUsage _oecc32 -#define OEMCrypto_DeleteUsageEntry _oecc33 -#define OEMCrypto_DeleteOldUsageTable _oecc34 -#define OEMCrypto_LoadKeys_V9_or_V10 _oecc35 -#define OEMCrypto_GenerateRSASignature _oecc36 -#define OEMCrypto_GetMaxNumberOfSessions _oecc37 -#define OEMCrypto_GetNumberOfOpenSessions _oecc38 -#define OEMCrypto_IsAntiRollbackHwPresent _oecc39 -#define OEMCrypto_CopyBuffer _oecc40 -#define OEMCrypto_QueryKeyControl _oecc41 -#define OEMCrypto_LoadTestKeybox_V13 _oecc42 -#define OEMCrypto_ForceDeleteUsageEntry _oecc43 -#define OEMCrypto_GetHDCPCapability _oecc44 -#define OEMCrypto_LoadTestRSAKey _oecc45 -#define OEMCrypto_Security_Patch_Level _oecc46 -#define OEMCrypto_LoadKeys_V11_or_V12 _oecc47 -#define OEMCrypto_DecryptCENC _oecc48 -#define OEMCrypto_GetProvisioningMethod _oecc49 -#define OEMCrypto_GetOEMPublicCertificate _oecc50 -#define OEMCrypto_RewrapDeviceRSAKey30 _oecc51 -#define OEMCrypto_SupportedCertificates _oecc52 -#define OEMCrypto_IsSRMUpdateSupported _oecc53 -#define OEMCrypto_GetCurrentSRMVersion _oecc54 -#define OEMCrypto_LoadSRM _oecc55 -#define OEMCrypto_LoadKeys_V13 _oecc56 -#define OEMCrypto_RemoveSRM _oecc57 -#define OEMCrypto_CreateUsageTableHeader _oecc61 -#define OEMCrypto_LoadUsageTableHeader _oecc62 -#define OEMCrypto_CreateNewUsageEntry _oecc63 -#define OEMCrypto_LoadUsageEntry _oecc64 -#define OEMCrypto_UpdateUsageEntry _oecc65 -#define OEMCrypto_DeactivateUsageEntry _oecc66 -#define OEMCrypto_ShrinkUsageTableHeader _oecc67 -#define OEMCrypto_MoveEntry _oecc68 -#define OEMCrypto_CopyOldUsageEntry _oecc69 -#define OEMCrypto_CreateOldUsageEntry _oecc70 -#define OEMCrypto_GetAnalogOutputFlags _oecc71 -#define OEMCrypto_LoadTestKeybox _oecc78 -#define OEMCrypto_LoadEntitledContentKeys _oecc79 -#define OEMCrypto_SelectKey _oecc81 -#define OEMCrypto_LoadKeys _oecc82 +#define OEMCrypto_WrapRootKeyCertificate _oecc08 +#define OEMCrypto_WrapKeyboxOrOEMCert _oecc08 +#define OEMCrypto_OpenSession _oecc09 +#define OEMCrypto_CloseSession _oecc10 +#define OEMCrypto_DecryptCTR_V10 _oecc11 +#define OEMCrypto_GenerateDerivedKeys _oecc12 +#define OEMCrypto_GenerateSignature _oecc13 +#define OEMCrypto_GenerateNonce _oecc14 +#define OEMCrypto_LoadKeys_V8 _oecc15 +#define OEMCrypto_RefreshKeys_V14 _oecc16 +#define OEMCrypto_SelectKey_V13 _oecc17 +#define OEMCrypto_RewrapDeviceRSAKey _oecc18 +#define OEMCrypto_LoadDeviceRSAKey _oecc19 +#define OEMCrypto_GenerateRSASignature_V8 _oecc20 +#define OEMCrypto_DeriveKeysFromSessionKey _oecc21 +#define OEMCrypto_APIVersion _oecc22 +#define OEMCrypto_SecurityLevel _oecc23 +#define OEMCrypto_Generic_Encrypt _oecc24 +#define OEMCrypto_Generic_Decrypt _oecc25 +#define OEMCrypto_Generic_Sign _oecc26 +#define OEMCrypto_Generic_Verify _oecc27 +#define OEMCrypto_GetHDCPCapability_V9 _oecc28 +#define OEMCrypto_SupportsUsageTable _oecc29 +#define OEMCrypto_UpdateUsageTable _oecc30 +#define OEMCrypto_DeactivateUsageEntry_V12 _oecc31 +#define OEMCrypto_ReportUsage _oecc32 +#define OEMCrypto_DeleteUsageEntry _oecc33 +#define OEMCrypto_DeleteOldUsageTable _oecc34 +#define OEMCrypto_LoadKeys_V9_or_V10 _oecc35 +#define OEMCrypto_GenerateRSASignature _oecc36 +#define OEMCrypto_GetMaxNumberOfSessions _oecc37 +#define OEMCrypto_GetNumberOfOpenSessions _oecc38 +#define OEMCrypto_IsAntiRollbackHwPresent _oecc39 +#define OEMCrypto_CopyBuffer _oecc40 +#define OEMCrypto_QueryKeyControl _oecc41 +#define OEMCrypto_LoadTestKeybox_V13 _oecc42 +#define OEMCrypto_ForceDeleteUsageEntry _oecc43 +#define OEMCrypto_GetHDCPCapability _oecc44 +#define OEMCrypto_LoadTestRSAKey _oecc45 +#define OEMCrypto_Security_Patch_Level _oecc46 +#define OEMCrypto_LoadKeys_V11_or_V12 _oecc47 +#define OEMCrypto_DecryptCENC _oecc48 +#define OEMCrypto_GetProvisioningMethod _oecc49 +#define OEMCrypto_GetOEMPublicCertificate _oecc50 +#define OEMCrypto_RewrapDeviceRSAKey30 _oecc51 +#define OEMCrypto_SupportedCertificates _oecc52 +#define OEMCrypto_IsSRMUpdateSupported _oecc53 +#define OEMCrypto_GetCurrentSRMVersion _oecc54 +#define OEMCrypto_LoadSRM _oecc55 +#define OEMCrypto_LoadKeys_V13 _oecc56 +#define OEMCrypto_RemoveSRM _oecc57 +#define OEMCrypto_CreateUsageTableHeader _oecc61 +#define OEMCrypto_LoadUsageTableHeader _oecc62 +#define OEMCrypto_CreateNewUsageEntry _oecc63 +#define OEMCrypto_LoadUsageEntry _oecc64 +#define OEMCrypto_UpdateUsageEntry _oecc65 +#define OEMCrypto_DeactivateUsageEntry _oecc66 +#define OEMCrypto_ShrinkUsageTableHeader _oecc67 +#define OEMCrypto_MoveEntry _oecc68 +#define OEMCrypto_CopyOldUsageEntry _oecc69 +#define OEMCrypto_CreateOldUsageEntry _oecc70 +#define OEMCrypto_GetAnalogOutputFlags _oecc71 +#define OEMCrypto_LoadTestKeybox _oecc78 +#define OEMCrypto_LoadEntitledContentKeys_V14 _oecc79 +#define OEMCrypto_SelectKey _oecc81 +#define OEMCrypto_LoadKeys_V14 _oecc82 +#define OEMCrypto_LoadKeys _oecc83 +#define OEMCrypto_SetSandbox _oecc84 +#define OEMCrypto_ResourceRatingTier _oecc85 +#define OEMCrypto_SupportsDecryptHash _oecc86 +#define OEMCrypto_InitializeDecryptHash _oecc87 +#define OEMCrypto_SetDecryptHash _oecc88 +#define OEMCrypto_GetHashErrorCode _oecc89 +#define OEMCrypto_BuildInformation _oecc90 +#define OEMCrypto_RefreshKeys _oecc91 +#define OEMCrypto_LoadEntitledContentKeys _oecc92 + +/* + * OEMCrypto_SetSandbox + * + * Description: + * This tells OEMCrypto which sandbox the current process belongs to. Any + * persistent memory used to store the generation number should be associated + * with this sandbox id. OEMCrypto can assume that this sandbox will be tied + * to the current process or VM until OEMCrypto_Terminate is called. See the + * section “VM and Sandbox Support” above for more details. + * + * If OEMCrypto does not support sandboxes, it will return + * OEMCrypto_ERROR_NOT_IMPLEMENTED. On most platforms, this function will just + * return OEMCrypto_ERROR_NOT_IMPLEMENTED. If OEMCrypto supports sandboxes, + * this function returns OEMCrypto_SUCCESS on success, and + * OEMCrypto_ERROR_UNKNOWN_FAILURE on failure. + * + * The CDM layer will call OEMCrypto_SetSandbox once before + * OEMCrypto_Initialize. After this function is called and returns success, it + * will be OEMCrypto’s responsibility to keep calls to usage table functions + * separate, and to accept a call to OEMCrypto_Terminate for each sandbox. + * + * Parameters: + * [in] sandbox_id: a short string unique to the current sandbox. + * [in] sandobx_id_length: length of sandbox_id. + * + * Returns: + * OEMCrypto_SUCCESS success + * OEMCrypto_ERROR_INIT_FAILED failed to initialize crypto hardware + * OEMCrypto_ERROR_NOT_IMPLEMENTED - sandbox functionality not supported + * + * Threading: + * No other function calls will be made while this function is running. This + * function will be called once, just before OEMCrypto_Initialize. + * + * Version: + * This method is new in version 15 of the API. + */ +OEMCryptoResult OEMCrypto_SetSandbox(const uint8_t* sandbox_id, + size_t sandbox_id_length); /* * OEMCrypto_Initialize @@ -901,6 +1011,7 @@ OEMCryptoResult OEMCrypto_GenerateSignature(OEMCrypto_SESSION session, * Version: * This method changed in API version 14. */ +#if 1 // TODO(b/115874964, srujzs): rename and move. OEMCryptoResult OEMCrypto_LoadKeys( OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, const uint8_t* signature, size_t signature_length, @@ -908,7 +1019,15 @@ OEMCryptoResult OEMCrypto_LoadKeys( size_t num_keys, const OEMCrypto_KeyObject* key_array, const uint8_t* pst, size_t pst_length, const uint8_t* srm_requirement, OEMCrypto_LicenseType license_type); - +#else +OEMCryptoResult OEMCrypto_LoadKeys( + OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, + const uint8_t* signature, size_t signature_length, + OEMCrypto_Substring enc_mac_keys_iv, OEMCrypto_Substring enc_mac_keys, + size_t num_keys, const OEMCrypto_KeyObject* key_array, + OEMCrypto_Substring pst, OEMCrypto_Substring srm_restriction_data, + OEMCrypto_LicenseType license_type); +#endif /* * OEMCrypto_LoadEntitledContentKeys @@ -964,10 +1083,17 @@ OEMCryptoResult OEMCrypto_LoadKeys( * Version * This method is new in API version 14. */ +#if 1 // TODO(b/115874964, srujzs): rename and move. OEMCryptoResult OEMCrypto_LoadEntitledContentKeys( OEMCrypto_SESSION session, size_t num_keys, const OEMCrypto_EntitledContentKeyObject* key_array); +#else +// DOUBLE TODO(jfore,srujzs,fredgc): Do we really have a message for this? +OEMCryptoResult OEMCrypto_LoadEntitledContentKeys( + OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, + size_t num_keys, const OEMCrypto_EntitledContentKeyObject* key_array); +#endif /* * OEMCrypto_RefreshKeys @@ -1077,10 +1203,17 @@ OEMCryptoResult OEMCrypto_LoadEntitledContentKeys( * Version: * This method changed in API version 8. */ +#if 1 // TODO(b/115874964, srujzs): rename and move. OEMCryptoResult OEMCrypto_RefreshKeys( OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, const uint8_t* signature, size_t signature_length, size_t num_keys, const OEMCrypto_KeyRefreshObject* key_array); +#else +OEMCryptoResult OEMCrypto_RefreshKeys( + OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, + const uint8_t* signature, size_t signature_length, size_t num_keys, + const OEMCrypto_KeyRefreshObject* key_array); +#endif /* * OEMCrypto_QueryKeyControl @@ -1424,7 +1557,8 @@ OEMCryptoResult OEMCrypto_SelectKey(OEMCrypto_SESSION session, */ OEMCryptoResult OEMCrypto_DecryptCENC( OEMCrypto_SESSION session, const uint8_t* data_addr, size_t data_length, - bool is_encrypted, const uint8_t* iv, size_t block_offset, + bool is_encrypted, const uint8_t* iv, + size_t block_offset, // used for CTR mode only. OEMCrypto_DestBufferDesc* out_buffer, const OEMCrypto_CENCEncryptPatternDesc* pattern, uint8_t subsample_flags); @@ -2329,6 +2463,41 @@ OEMCryptoResult OEMCrypto_DeriveKeysFromSessionKey( */ uint32_t OEMCrypto_APIVersion(); +/* + * OEMCrypto_BuildInformation + * + * Description: + * Report the build information of the OEMCrypto library as a short null + * terminated C string. The string should be at most 128 characters long. This + * string should be updated with each release or OEMCrypto build. + * + * Some SOC vendors deliver a binary OEMCrypto library to a device + * manufacturer. This means the OEMCrypto version may not be exactly in sync + * with the system’s versions. This string can be used to help track which + * version is installed on a device. + * + * It may be used for logging or bug tracking and may be bubbled up to the app + * so that it may track metrics on errors. + * + * Since the OEMCrypto API also changes its minor version number when there + * are minor corrections, it would be useful to include the API version number + * in this string, e.g. “15.1” or “15.2” if those minor versions are released. + * + * + * Parameters: + * none + * + * Returns: + * A printable null terminated C string, suitable for a single line in a log. + * + * Threading: + * This function may be called simultaneously with any other functions. + * + * Version: + * This method changed in each API version. + */ +const char* OEMCrypto_BuildInformation(); + /** * OEMCrypto_Security_Patch_Level() * @@ -3264,9 +3433,9 @@ OEMCryptoResult OEMCrypto_CreateNewUsageEntry(OEMCrypto_SESSION session, * This method is new in API version 13. */ OEMCryptoResult OEMCrypto_LoadUsageEntry(OEMCrypto_SESSION session, - uint32_t index, + uint32_t usage_entry_number, const uint8_t* buffer, - size_t buffer_size); + size_t buffer_length); /* * OEMCrypto_UpdateUsageEntry @@ -3480,6 +3649,216 @@ OEMCryptoResult OEMCrypto_CopyOldUsageEntry(OEMCrypto_SESSION session, */ uint32_t OEMCrypto_GetAnalogOutputFlags(); +/* + * OEMCrypto_ResourceRatingTier + * + * Description: + * This function returns a positive number indicating which resource rating it + * supports. This value will bubble up to the application level as a property + * in much the same way security level does. This will allow applications to + * estimate what resolution and bandwidth the device expects to support. + * + * OEMCrypto unit tests and Android GTS tests will verify that devices do + * support the resource values specified in the table below at the tier + * claimed by the device. If a device claims to be a low end device, the + * OEMCrypto unit tests will only verify the low end performance values. + * + * OEMCrypto implementers should consider the numbers below to be minimum + * values. + * + * These performance parameters are for OEMCrypto only. In particular, + * bandwidth and codec resolution are determined by the platform. + * + * Some parameters need more explanation. The Sample size is typically the + * size of one encoded frame. Converting this to resolution depends on the + * Codec, which is not specified by OEMCrypto. Some content has the sample + * broken into several subsamples. The “number of subsamples” restriction + * requires that any content can be broken into at least that many subsamples. + * However, this number may be larger if DecryptCENC returns + * OEMCrypto_ERROR_BUFFER_TOO_LARGE. In that case, the layer above OEMCrypto + * will break the sample into subsamples of size “Decrypt Buffer Size” as + * specified in the table below. The “Decrypt Buffer Size” means the size of + * one subsample that may be passed into DecryptCENC or CopyBuffer without + * returning error OEMCrypto_ERROR_BUFFER_TOO_LARGE. + * + * The number of keys per session is an indication of how many different track + * types there can be for a piece of content. Typically, content will have + * several keys corresponding to audio and video at different resolutions. If + * the content uses key rotation, there could be three keys -- previous + * interval, current interval, and next interval -- for each resolution. + * + * Concurrent playback sessions versus concurrent sessions: some applications + * will preload multiple licenses before the user picks which content to play. + * Each of these licenses corresponds to an open session. Once playback + * starts, some platforms support picture-in-picture or multiple displays. + * Each of these pictures would correspond to a separate playback session with + * active decryption. + * + * Decrypted frames per second -- strictly speaking, OEMCrypto only controls + * the decryption part of playback and cannot control the decoding and display + * part. However, devices that support the higher resource tiers should also + * support a higher frame rate. Platforms may enforce these values. For + * example Android will enforce a frame rate via a GTS test. + * + * Resource Rating Tier + * + * Parameters: + * none. + * + * Returns: + * Returns an integer indicating which resource tier the device supports. + * + * Threading: + * This function may be called simultaneously with any other functions. + * + * Version: + * This method is new in API version 15. + */ +int32_t OEMCrypto_ResourceRatingTier(); + +/* + * OEMCrypto_SupportsDecryptHash + * + * Description: + * Returns the type of hash function supported for Full Decrypt Path Testing. + * A hash type of 0 means this feature is not supported. OEMCrypto is not + * required by Google to support this feature, but support will greatly + * improve automated testing. A hash type of 1 means the device will be able + * to compute the CRC32 checksum of the decrypted content in the secure buffer + * after a call to OEMCrypto_DecryptCENC. Google intends to provide test + * applications on some platforms, such as Android, that will automate + * decryption testing using the CRC 32 checksum of all frames in some test + * content. + * + * If an SOC vendor cannot support CRC 32 checksums of decrypted output, but + * can support some other hash or checksum, then the function should return + * OEMCrypto_Partner_Defined_Hash and those partners should provide files + * containing hashes of test content. An application that computes the CRC 32 + * hashes of test content and builds a hash file in the correct format will be + * provided by Widevine. The source of this application will be provided so + * that partners may modify it to compute their own hash format and generate + * their own hash files. + * + * + * Version: + * This method is new in API version 15. + */ +uint32_t OEMCrypto_SupportsDecryptHash(); + +/* + * OEMCrypto_InitializeDecryptHash + * + * Description: + * This function is called before the first subsample is passed to + * OEMCrypto_DecryptCENC, when the subsample_flag has the bit + * OEMCrytpo_FirstSubsample set. OEMCrypto should expect to compute a hash + * over the whole sample. + * + * This function returns OEMCrypto_ERROR_UNKNOWN_FAILURE if the current key + * does not have the bit Allow_Hash_Verification set in its key control block. + * + * + * Parameters: + * [in] session: session id for current decrypt operation + * + * Returns: + * OEMCrypto_SUCCESS - if the hash was set + * OEMCrypto_ERROR_NOT_IMPLEMENTED - function not implemented + * OEMCrypto_ERROR_INVALID_SESSION - session not open + * OEMCrypto_ERROR_UNKNOWN_FAILURE - other error + * OEMCrypto_ERROR_SESSION_LOST_STATE + * OEMCrypto_ERROR_SYSTEM_INVALIDATED + * + * Version: + * This method is new in API version 15. + */ +OEMCryptoResult OEMCrypto_InitializeDecryptHash(OEMCrypto_SESSION session); + +/* + * OEMCrypto_SetDecryptHash + * + * Description: + * Set the hash value for the frame that was just decrypted. The hash is + * over all of the frame: encrypted and clear subsamples concatenated + * together. If hashing the output is not supported, then this will return + * OEMCrypto_ERROR_NOT_IMPLEMENTED. If the hash is ill formed or there are + * other error conditions, this could return + * OEMCrypto_ERROR_UNKNOWN_FAILURE. The length of the hash will be at most + * 128 bytes. This function is called just after the last subsample in the + * frame, when the subsample_flag has the bit OEMCrypto_LastSubsample set. + * The hash only applies to the previous frame. + * + * This function returns OEMCrypto_ERROR_UNKNOWN_FAILURE if the current key + * does not have the bit Allow_Hash_Verification set in its key control + * block. + * + * OEMCrypto should compute the hash of the frame and then compare it with + * the correct value. If the values differ, then OEMCrypto should latch in + * an error and save the frame number of the bad hash. It is allowed for + * OEMCrypto to postpone computation of the hash until the frame is + * displayed. This might happen if the actual decryption operation is + * carried out by a later step in the video pipeline, or if you are using a + * partner specified hash of the decoded frame. For this reason, an error + * state must be saved until the call to OEMCrypto_GetHashErrorCode is made. + * + * + * Parameters: + * [in] session: session id for current decrypt operation + * [in] frame_number: frame number for the recent DecryptCENC sample. + * [in] hash: hash or CRC of previously decrypted frame. + * [in] hash_length: length of hash, in bytes. + * + * Returns: + * OEMCrypto_SUCCESS - if the hash was set + * OEMCrypto_ERROR_NOT_IMPLEMENTED - function not implemented + * OEMCrypto_ERROR_INVALID_SESSION - session not open + * OEMCrypto_ERROR_SHORT_BUFFER - hash_length too short for supported hash + * type OEMCrypto_ERROR_BUFFER_TOO_LARGE - hash_length too long for + * supported hash type OEMCrypto_ERROR_UNKNOWN_FAILURE - other error + * OEMCrypto_ERROR_SESSION_LOST_STATE + * OEMCrypto_ERROR_SYSTEM_INVALIDATED + * + * Version: + * This method is new in API version 15. + */ +OEMCryptoResult OEMCrypto_SetDecryptHash(OEMCrypto_SESSION session, + uint32_t frame_number, + const uint8_t* hash, + size_t hash_length); + +/* + * OEMCrypto_GetHashErrorCode + * + * Description: + * If the hash set in OEMCrypto_SetDecryptHash did not match the computed + * hash, then an error code was saved internally. This function returns that + * error and the frame number of the bad hash. This will be called + * periodically, but not exactly in sync with the decrypt loop. OEMCrypto + * shall not reset the error state to “no error” once a frame has failed + * verification. It should be initialized to “no error” when the session is + * first opened. If there is more than one bad frame, it is the implementer’s + * choice if it is more useful to return the number of the first bad frame, or + * the most recent bad frame. + * + * + * Parameters: + * [in] session: session id for operation. + * [out] failed_frame_number: frame number for sample with incorrect hash. + * + * Returns: + * OEMCrypto_SUCCESS - if all frames have had a correct hash + * OEMCrypto_ERROR_NOT_IMPLEMENTED + * OEMCrypto_ERROR_BAD_HASH - if any frame had an incorrect hash + * OEMCrypto_ERROR_UNKNOWN_FAILURE - if the hash could not be computed + * OEMCrypto_ERROR_SESSION_LOST_STATE + * OEMCrypto_ERROR_SYSTEM_INVALIDATED + * + * Version: + * This method is new in API version 15. + */ +OEMCryptoResult OEMCrypto_GetHashErrorCode(OEMCrypto_SESSION session, + uint32_t* failed_frame_number); + #ifdef __cplusplus } #endif