Revert "Cherry pick 18.4 changes to udc-widevine-dev"
This reverts commit 7186433edf.
Reason for revert: Build breakage - b/323194350
Change-Id: Ibba4f5289b8f0d5e835dfba9ceb1e601784af634
This commit is contained in:
Kensuke Miyagi
committed by
Android (Google) Code Review
Android (Google) Code Review
parent
7186433edf
commit
540c8dfd50
@@ -3,7 +3,7 @@
|
||||
// License Agreement.
|
||||
|
||||
/**
|
||||
* @mainpage OEMCrypto API v18.4
|
||||
* @mainpage OEMCrypto API v18.3
|
||||
*
|
||||
* OEMCrypto is the low level library implemented by the OEM to provide key and
|
||||
* content protection, usually in a separate secure memory or process space. The
|
||||
@@ -136,7 +136,6 @@
|
||||
* license to be reloaded.
|
||||
*
|
||||
* @defgroup entitled Entitlement License API
|
||||
* Functions that are needed for entitled and entitlement licenses.
|
||||
*
|
||||
* [Entitlement licensing](../../index#entitlement) is a way to provide access
|
||||
* to content keys that may be stored elsewhere, such as in the content itself.
|
||||
@@ -1200,8 +1199,6 @@ OEMCryptoResult OEMCrypto_GenerateNonce(OEMCrypto_SESSION session,
|
||||
* @retval OEMCrypto_ERROR_BUFFER_TOO_LARGE
|
||||
* @retval OEMCrypto_ERROR_SESSION_LOST_STATE
|
||||
* @retval OEMCrypto_ERROR_SYSTEM_INVALIDATED
|
||||
* @retval OEMCrypto_ERROR_INVALID_KEY if the session's private key is not a
|
||||
* DRM key.
|
||||
*
|
||||
* @buffer_size
|
||||
* OEMCrypto shall support message sizes as described in the section
|
||||
@@ -3358,8 +3355,6 @@ uint32_t OEMCrypto_MinorAPIVersion(void);
|
||||
* different TA builds.
|
||||
* - "build_timestamp" [string]: ISO 8601 formatted timestamp of the time the
|
||||
* TA was compiled, eg "YYYY-MM-DDTHH:MM:SS"
|
||||
* - "is_factory_mode" [bool]: Whether this was built with FACTORY_MODE_ONLY
|
||||
* defined
|
||||
*
|
||||
* While not required, another optional top level struct can be added to the
|
||||
* build information string to provide information about liboemcrypto.so:
|
||||
@@ -4978,9 +4973,7 @@ OEMCryptoResult OEMCrypto_GenerateCertificateKeyPair(
|
||||
OEMCrypto_PrivateKeyType* key_type);
|
||||
|
||||
/**
|
||||
* Get the serialized device information in CBOR map format. This is for devices
|
||||
* that use Provisioning 4.0, with the device key uploading option in the
|
||||
* factory.
|
||||
* Get the serialized device information in CBOR map format.
|
||||
*
|
||||
* The device
|
||||
* information may contain, for example, device make and model, "fused" status,
|
||||
@@ -4989,9 +4982,7 @@ OEMCryptoResult OEMCrypto_GenerateCertificateKeyPair(
|
||||
* provisioning request is coming from the expected device in the fields, based
|
||||
* on the values previously uploaded and registered.
|
||||
*
|
||||
* Devices that do not support Provisioning 4.0, or do not support
|
||||
* Provisioning 4.0 Uploading Option should return
|
||||
* OEMCrypto_ERROR_NOT_IMPLEMENTED.
|
||||
* This method is used by provisioning 4 only.
|
||||
*
|
||||
* @param[out] device_info: pointer to the buffer that receives the serialized
|
||||
* device information in CBOR map format.
|
||||
@@ -5017,87 +5008,24 @@ OEMCryptoResult OEMCrypto_GetDeviceInformation(uint8_t* device_info,
|
||||
size_t* device_info_length);
|
||||
|
||||
/**
|
||||
* Get the serialized signed Certificate Signing Request (CSR) payload in
|
||||
* COSE_Sign1 format. This is for devices that use Provisioning 4.0, with the
|
||||
* device key uploading option in the factory.
|
||||
* Get the serialized signed Certificate Signing Request (Csr) payload in
|
||||
* COSE_Sign1 format.
|
||||
*
|
||||
* With the uploading option, the RKP factory extraction tool provided by Google
|
||||
* makes a call to this function to collect the signed CSR payload for
|
||||
* generating the CSR to be uploaded to the device database. The CSR payload is
|
||||
* signed by the leaf cert of the Boot Certificate Chain.
|
||||
* The signed CSR payload contains challenge and device information. It is
|
||||
* signed by the leaf cert of the boot certificate chain (BCC). It is only used
|
||||
* in the factory, uploaded and validated during device registration.
|
||||
*
|
||||
* The format of a CSR payload before COSE_Sign1 is a CBOR array described in
|
||||
* Android IRemotelyProvisionedComponent.aidl (under "CsrPayload"):
|
||||
*
|
||||
* ~~~
|
||||
* CsrPayload = [ ; CBOR Array defining the payload for CSR.
|
||||
* version: 3, ; The CsrPayload CDDL Schema version.
|
||||
* CertificateType: "widevine" ; The type of certificate being requested.
|
||||
* DeviceInfo, ; Defined in Android DeviceInfo.aidl
|
||||
* KeysToSign: [] ; Empty list
|
||||
* ]
|
||||
* ~~~
|
||||
*
|
||||
* The type of CertificateType is tstr and the value should always be
|
||||
* "widevine". The type of KeysToSign is CBOR array and the value is not used,
|
||||
* which should be left as an empty list. Note that the DeviceInfo above is a
|
||||
* CBOR map structure defined in DeviceInfo.aidl, which can be constructed from
|
||||
* the input |encoded_device_info|. DeviceInfo must be canonicalized according
|
||||
* to the specification in RFC 7049. The required fields from DeviceInfo.aidl
|
||||
* are: brand, manufacturer, product, model, device, vb_state, bootloader_state,
|
||||
* vbmeta_digest, security_level.
|
||||
*
|
||||
* Once CsrPayload is prepared, together with |challenge| it is signed by the
|
||||
* leaf cert of BCC, in the format of:
|
||||
*
|
||||
* ~~~
|
||||
* |signed_csr_payload| = SignedData<[
|
||||
* challenge: bstr .size (0..64),
|
||||
* bstr .cbor CsrPayload,
|
||||
* ]>
|
||||
* ~~~
|
||||
*
|
||||
* This function should output |signed_csr_payload| in the format of
|
||||
* SignedData<Data>, which is a COSE_Sign1 CBOR and is defined in Android
|
||||
* IRemotelyProvisionedComponent.aidl (under "SignedData<Data>"):
|
||||
*
|
||||
* ~~~
|
||||
* SignedData<Data> = [
|
||||
* protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 /
|
||||
* AlgorithmES384 },
|
||||
* unprotected: {},
|
||||
* payload: bstr .cbor Data / nil,
|
||||
* signature: bstr ; PureEd25519(priv_key, Sig_structure) /
|
||||
* ; ECDSA(priv_key, Sig_structure)
|
||||
* ]
|
||||
* ~~~
|
||||
*
|
||||
* Also see OEMCrypto_GenerateCertificateKeyPair() for more details of
|
||||
* SignedData<Data> and Sig_structure.
|
||||
*
|
||||
* Data in the payload field of SignedData<Data> is a CBOR array:
|
||||
*
|
||||
* ~~~
|
||||
* Data = [
|
||||
* challenge: bstr .size (0..64),
|
||||
* bstr .cbor CsrPayload,
|
||||
* ]
|
||||
* ~~~
|
||||
*
|
||||
* Devices that do not support Provisioning 4.0, or do not support
|
||||
* Provisioning 4.0 Uploading Option should return
|
||||
* OEMCrypto_ERROR_NOT_IMPLEMENTED.
|
||||
* This method is used by provisioning 4 only.
|
||||
*
|
||||
* @param[in] challenge: pointer to the buffer containing a byte string to be
|
||||
* signed. It is generated by the RKP factory extraction tool.
|
||||
* signed.
|
||||
* @param[in] challenge_length: size of the challenge buffer.
|
||||
* @param[in] encoded_device_info: pointer to the buffer containing the
|
||||
* serialized device information in CBOR map format. It should be returned as
|
||||
* `device_info` in a call to the function `OEMCrypto_GetDeviceInformation()`.
|
||||
* serialized device information in CBOR map format.
|
||||
* @param[in] encoded_device_info_length: size of the encoded_device_info
|
||||
* buffer.
|
||||
* @param[out] signed_csr_payload: pointer to the buffer that receives the
|
||||
* serialized signed CSR payload in COSE_Sign1 format.
|
||||
* serialized CSR payload in COSE_Sign1 format.
|
||||
* @param[in,out] signed_csr_payload_length: on input, size of the caller's
|
||||
* signed_csr_payload buffer. On output, the number of bytes written into the
|
||||
* buffer.
|
||||
|
||||
Reference in New Issue
Block a user