widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Part of Qualcomm L1 OEMCrypto integration

Browse Source 
Upgrade to version 2.1 of license protocol in OEMCrypto.

related-to-bug: 8621521

Merge of https://widevine-internal-review.googlesource.com/#/c/4952/
from Widevine CDM repository to android repository.

Change-Id: I0d85dae1981b7525ab17aec5f21cf668d078bf47
This commit is contained in:
Fred Gylys-Colwell
2013-04-22 13:07:34 -07:00
committed by Jeff Tinker
parent bb0c62768a
commit 39ea1df671
14 changed files with 2036 additions and 1389 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
View File

@@ -16,9 +16,9 @@
extern "C" {
#endif
#define OEMCRYPTO_VERSION "7.0"
#define OEMCRYPTO_VERSION "8.0"
static const char oec_version[] = OEMCRYPTO_VERSION;
static const uint32_t oec_latest_version = 7;
static const uint32_t oec_latest_version = 8;
typedef uint32_t OEMCrypto_SESSION;
@@ -187,6 +187,12 @@ typedef enum OEMCrypto_Algorithm {
OEMCrypto_HMAC_SHA256 = 1,
} OEMCrypto_Algorithm;
/*
* Flags indicating data endpoints in OEMCrypto_DecryptCTR.
*/
#define OEMCrypto_FirstSubsample 1
#define OEMCrypto_LastSubsample 2
/* Obfuscation Renames. */
#define OEMCrypto_Initialize _oecc01
#define OEMCrypto_Terminate _oecc02
@@ -214,7 +220,7 @@ typedef enum OEMCrypto_Algorithm {
#define OEMCrypto_Generic_Encrypt _oecc24
#define OEMCrypto_Generic_Decrypt _oecc25
#define OEMCrypto_Generic_Sign _oecc26
#define OEMCrypto_Generic_Virify _oecc27
#define OEMCrypto_Generic_Verify _oecc27
/*
* OEMCrypto_Initialize
@@ -313,16 +319,17 @@ OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session);
* OEMCrypto_GenerateDerivedKeys
*
* Description:
* Generates a pair of secondary keys, mac_key and encrypt_key, for handling
* signing and content key decryption under the license server protocol
* for AES CTR mode.
* Generates three secondary keys -- mac_key_server, mac_key_client, and
* encrypt_key -- for handling signing and content key decryption under the
* license server protocol for AES CTR mode.
*
* Refer to document "OEMCrypto Changes for V2 License Protocol" for details.
* This function computes the AES-128-CMAC of the enc_key_context and stores
* it in secure memory as the encrypt_key.
* It then computes two cycles of AES-128-CMAC of the mac_key_context and
* stores it in the mac_key. These two keys will be stored until the next
* call to LoadKeys.
* Refer to document "Widevine Modular DRM Security Integration Guide for
* CENC" for details. This function computes the AES-128-CMAC of the
* enc_key_context and stores it in secure memory as the encrypt_key. It
* then computes four cycles of AES-128-CMAC of the mac_key_context and
* stores it in the mac_keys. The first two cycles are used for
* mac_key_server and the second two cycles are used for mac_key_client.
* These three keys will be stored until the next call to LoadKeys.
*
* Parameters:
* session (in) - crypto session identifier.
@@ -334,7 +341,8 @@ OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session);
* enc_key_context_length (in) - length of the encryption key context data.
*
* Results:
* mac_key: the 256 bit mac key is generated and stored in secure memory.
* mac_key_server: the 256 bit mac key is generated and stored in secure memory.
* mac_key_client: the 256 bit mac key is generated and stored in secure memory.
* enc_key: the 128 bit encryption key is generated and stored in secure memory.
*
* Threading:
@@ -349,7 +357,7 @@ OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session);
* OEMCrypto_ERROR_INVALID_CONTEXT
*
* Version:
* This method changed in API version 5.
* This method changed in API version 8.
*/
OEMCryptoResult OEMCrypto_GenerateDerivedKeys(
OEMCrypto_SESSION session,
@@ -366,8 +374,8 @@ OEMCryptoResult OEMCrypto_GenerateDerivedKeys(
* control block. The nonce is stored in secure memory and will be used
* for the next call to LoadKeys.
*
* Refer to documents "OEMCrypto Changes for V2 License Protocol" and "Key
* Control Block Definition" for details.
* Refer to documents "Widevine Modular DRM Security Integration Guide for
* CENC".
*
* Parameters:
* session (in) - crypto session identifier.
@@ -399,12 +407,13 @@ OEMCryptoResult OEMCrypto_GenerateNonce(
*
* Description:
* Generates a HMAC-SHA256 signature for license request signing under the
* license server protocol for AES CTR mode.
* license server protocol for AES CTR mode. This uses the key mac_key_client.
*
* NOTE: OEMCrypto_GenerateDerivedKeys() must be called first to establish the
* mac_key
* NOTE: OEMCrypto_GenerateDerivedKeys() must be called first to establish the
* mac_key_client.
*
* Refer to document "OEMCrypto Changes for V2 License Protocol" for details.
* Refer to document "Widevine Modular DRM Security Integration Guide for
* CENC" for details.
*
* Parameters:
* session (in) - crypto session identifier.
@@ -444,10 +453,10 @@ OEMCryptoResult OEMCrypto_GenerateSignature(
*
* The relevant fields have been extracted from the License Response protocol
* message, but the entire message and associated signature are provided so
* the message can be verified (using HMAC-SHA256 with the derived mac_key).
* If the signature verification fails, ignore all other arguments and return
* OEMCrypto_ERROR_SIGNATURE_FAILURE. Otherwise, add the keys to the session
* context.
* the message can be verified (using HMAC-SHA256 with the derived
* mac_key_server). If the signature verification fails, ignore all other
* arguments and return OEMCrypto_ERROR_SIGNATURE_FAILURE. Otherwise, add the
* keys to the session context.
*
* The keys will be decrypted using the current encrypt_key (AES-128-CBC) and
* the IV given in the KeyObject. Each key control block will be decrypted
@@ -461,20 +470,21 @@ OEMCryptoResult OEMCrypto_GenerateSignature(
* block is different from the current nonce, return
* OEMCrypto_ERROR_INVALID_NONCE. In that case, do not install any keys.
*
* The new mac_key is decrypted with the current encrypt_key and the offered
* IV. It replaces the current mac_key.
* The new mac_keys are decrypted with the current encrypt_key and the offered
* IV. They replace the current mac_keys.
*
* The mac_key and encrypt_key were generated and stored by the previous call
* The mac_keys and encrypt_key were generated and stored by the previous call
* to OEMCrypto_GenerateDerivedKeys(). The nonce was generated and stored by
* the previous call to OEMCrypto_GenerateNonce().
*
* This sessions elapsed time clock is started at 0. The clock will be used
* in OEMCrypto_DecryptCTR.
*
* NOTE: OEMCrypto_GenerateDerivedKeys() must be called first to establish the
* mac_key and encrypt_key.
* NOTE: OEMCrypto_GenerateDerivedKeys() must be called first to establish
* the mac_keys and encrypt_key.
*
* Refer to document "OEMCrypto Changes for V2 License Protocol" for details.
* Refer to document "Widevine Modular DRM Security Integration Guide for
* CENC" for details.
*
* Parameters:
* session (in) - crypto session identifier.
@@ -482,9 +492,9 @@ OEMCryptoResult OEMCrypto_GenerateSignature(
* message_length (in) - length of the message.
* signature (in) - pointer to memory containing the signature.
* signature_length (in) - length of the signature.
* enc_mac_key_iv (in) - IV for decrypting new mac_key. Size is 128 bits.
* enc_mac_key (in) - encrypted mac_key for generating new mac_key. Size is
* 256 bits.
* enc_mac_keys_iv (in) - IV for decrypting new mac_key. Size is 128 bits.
* enc_mac_keys (in) - encrypted mac_keys for generating new mac_keys. Size is
* 512 bits.
* num_keys (in) - number of keys present.
* key_array (in) - set of keys to be installed.
*
@@ -503,15 +513,15 @@ OEMCryptoResult OEMCrypto_GenerateSignature(
* OEMCrypto_ERROR_TOO_MANY_KEYS
*
* Version:
* This method changed in API version 5.
* This method changed in API version 8.
*/
OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
const uint8_t* signature,
size_t signature_length,
const uint8_t* enc_mac_key_iv,
const uint8_t* enc_mac_key,
const uint8_t* enc_mac_keys_iv,
const uint8_t* enc_mac_keys,
size_t num_keys,
const OEMCrypto_KeyObject* key_array);
@@ -524,15 +534,16 @@ OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,
*
* The relevant fields have been extracted from the Renewal Response protocol
* message, but the entire message and associated signature are provided so
* the message can be verified (using HMAC-SHA256 with the current mac_key).
* If the signature verification fails, ignore all other arguments and return
* OEMCrypto_ERROR_SIGNATURE_FAILURE. Otherwise, add the keys to the session
* context.
* the message can be verified (using HMAC-SHA256 with the current
* mac_key_server). If the signature verification fails, ignore all other
* arguments and return OEMCrypto_ERROR_SIGNATURE_FAILURE. Otherwise, add
* the keys to the session context.
*
* NOTE: OEMCrypto_GenerateDerivedKeys() or OEMCrypto_LoadKeys() must be called
* first to establish the mac_key
* NOTE: OEMCrypto_GenerateDerivedKeys() or OEMCrypto_LoadKeys() must be
* called first to establish the mac_keys.
*
* Refer to document OEMCrypto Changes for V2 License Protocol for details.
* Refer to document "Widevine Modular DRM Security Integration Guide for
* CENC" for details.
*
* Parameters:
* session (in) - crypto session identifier.
@@ -557,7 +568,7 @@ OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,
* OEMCrypto_ERROR_SIGNATURE_FAILURE
*
* Version:
* This method changed in API version 5.
* This method changed in API version 8.
*/
OEMCryptoResult
OEMCrypto_RefreshKeys(OEMCrypto_SESSION session,
@@ -614,7 +625,7 @@ OEMCrypto_RefreshKeys(OEMCrypto_SESSION session,
* OEMCrypto_ERROR_KEYBOX_INVALID cannot decrypt and read from Keybox
*
* Version:
* This method changed in API version 5.
* This method changed in API version 8.
*/
OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
const uint8_t* key_id,
@@ -649,6 +660,10 @@ OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
* out_buffer (in) - A caller-owned descriptor that specifies the
* handling of the decrypted byte stream. See OEMCrypto_DestbufferDesc
* for details.
* subsample_flags (in) - bitwise flags indicating if this is the first,
* middle, or last subsample in a chunk of data. 1 = first subsample,
* 2 = last subsample, 3 = both first and last subsample, 0 = neither
* first nor last subsample.
*
* AES CTR is a stream cipher. The stream may be composed of arbitrary-
* length clear and encrypted segments. The encrypted portions of a sample
@@ -678,6 +693,15 @@ OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
* zero when it reaches its maximum value (0xFFFFFFFFFFFFFFFF).
* The upper 64 bits (byte 0-7) of the IV do not change.
*
* This method may be called several times before the decrypted data is used.
* For this reason, the parameter subsample_flags may be used to optimize
* decryption. The first buffer in a chunk of data will have the
* OEMCrypto_FirstSubsample bit set in subsample_flags. The last buffer in a
* chunk of data will have the OEMCrypto_LastSubsample bit set in
* subsample_flags. The decrypted data will not be used until after
* OEMCrypto_LastSubsample has been set. If an implementation decrypts data
* immediately, it may ignore subsample_flags.
*
* Threading:
* This function may be called simultaneously with functions on other sessions,
* but not with other functions on this session.
@@ -699,7 +723,8 @@ OEMCryptoResult OEMCrypto_DecryptCTR(OEMCrypto_SESSION session,
bool is_encrypted,
const uint8_t *iv,
size_t block_offset,
const OEMCrypto_DestBufferDesc* out_buffer);
const OEMCrypto_DestBufferDesc* out_buffer,
uint8_t subsample_flags);
/*
* OEMCrypto_InstallKeybox
@@ -886,7 +911,8 @@ OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t *keybox,
* private key is decrypted and stored in secure memory. The RSA key is then
* re-encrypted for storage on the filesystem. The OEM may either encrypt it
* with the private key from the Widevine Keybox, or with an OEM specific
* device key.
* device key. The signature of the message is verified with the
* mac_key_server.
*
* Parameters:
* session (in) - crypto session identifier.
@@ -894,13 +920,13 @@ OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t *keybox,
* - verified.
* message_length (in) - length of the message, in bytes.
* signature (in) - pointer to memory containing the HMAC-SHA256
* - signature for
* - message, received from the provisioning server.
* - signature for message, received from the
* - provisioning server.
* signature_length (in) - length of the signature, in bytes.
* nonce (in) - The nonce provided in the provisioning response.
* enc_rsa_key (in) - Encrypted device private RSA key received from
* - the provisioning server. Format is PKCS#1, binary
* - DER encoded, and encrypted with the derived
* - the provisioning server. Format is PKCS#8
* - PrivateKeyInfo, encrypted with the derived
* - encryption key, using AES-128-CBC with PKCS#5
* - padding.
* enc_rsa_key_length (in) - length of the encrypted RSA key, in bytes.
@@ -909,8 +935,6 @@ OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t *keybox,
* - should be stored. May be null on the first call
* - in order to find required buffer size.
* wrapped_rsa_key_length (in/out) - length of the encrypted RSA key, in bytes.
* wrapped_rsa_key_iv (out) - IV for encrypting/decrypting the RSA private key.
* - Size is 128 bits.
*
* Returns:
* OEMCrypto_SUCCESS success
@@ -923,7 +947,7 @@ OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t *keybox,
* OEMCrypto_ERROR_SHORT_BUFFER
*
* Version:
* This method changed in API versions 6.
* This method changed in API versions 8.
*/
OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey(OEMCrypto_SESSION session,
@@ -950,7 +974,7 @@ OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey(OEMCrypto_SESSION session,
* Parameters:
* session (in) - crypto session identifier.
* wrapped_rsa_key (in) - wrapped device RSA key stored on the device.
* - Format is PKCS#1, binary DER encoded, and
* - Format is PKCS#8 PrivateKeyInfo, and
* - encrypted with a key internal to the OEMCrypto
* - instance, using AES-128-CBC with PKCS#5
* - padding. This is the wrapped key generated
@@ -1016,16 +1040,16 @@ OEMCryptoResult OEMCrypto_GenerateRSASignature(OEMCrypto_SESSION session,
* OEMCrypto_DeriveKeysFromSessionKey
*
* Description:
* Generates a pair of secondary keys, mac_key and encrypt_key, for handling
* signing and content key decryption under the license server protocol for
* AES CTR mode.
* Generates three secondary keys -- mac_key_server, mac_key_client, and
* encrypt_key -- for handling signing and content key decryption under the
* license server protocol for AES CTR mode.
*
* This function is similar to OEMCrypto_GenerateDerivedKeys, except that it
* uses a session key to generate the secondary keys instead of the Widevine
* Keybox device key. These two keys will be stored in secure memory until
* the next call to LoadKeys. The session key is passed in encrypted by the
* device RSA public key, and must be decrypted with the RSA private key
* before use. Once the enc_key and mac_key have been generated, all calls
* before use. Once the enc_key and mac_keys have been generated, all calls
* to LoadKeys and RefreshKeys proceed in the same manner for license
* requests using RSA or using a Widevine keybox token.
*
@@ -1050,7 +1074,7 @@ OEMCryptoResult OEMCrypto_GenerateRSASignature(OEMCrypto_SESSION session,
* OEMCrypto_ERROR_INVALID_CONTEXT
*
* Version:
* This method changed in API version 6.
* This method changed in API version 8.
*/
OEMCryptoResult OEMCrypto_DeriveKeysFromSessionKey(OEMCrypto_SESSION session,
const uint8_t* enc_session_key,