From 562c14b5f1bee5bd4e5aabc05252f90f09608617 Mon Sep 17 00:00:00 2001 From: Fred Gylys-Colwell Date: Sun, 2 Sep 2018 13:22:53 -0700 Subject: [PATCH] Use InstallRootKeyCertificate for keybox and cert Merge from Widevine repo of http://go/wvgerrit/55461 This CL allows provisioning 3.0 devices to install their OEM certs from an initialization partition. This method is already used for keyboxes on Android -- we are just adding the ability to use it for OEM certs, also. Also, for v15, we require OEMCrypto to report a valid certificate in the unit tests. bug: 111725154 test: unit tests Change-Id: I142c84a1a67bdb4cee943cfd12a632421901eb24 --- .../cdm/core/include/oemcrypto_adapter.h | 2 +- .../core/src/oemcrypto_adapter_dynamic.cpp | 339 +++++++++--------- .../oemcrypto/include/OEMCryptoCENC.h | 178 ++++----- .../oemcrypto/ref/src/oemcrypto_ref.cpp | 51 +-- .../oemcrypto/test/oec_device_features.cpp | 1 + .../oemcrypto/test/oemcrypto_test.cpp | 5 + 6 files changed, 298 insertions(+), 278 deletions(-) diff --git a/libwvdrmengine/cdm/core/include/oemcrypto_adapter.h b/libwvdrmengine/cdm/core/include/oemcrypto_adapter.h index a73a54d4..3d21291e 100644 --- a/libwvdrmengine/cdm/core/include/oemcrypto_adapter.h +++ b/libwvdrmengine/cdm/core/include/oemcrypto_adapter.h @@ -20,7 +20,7 @@ OEMCryptoResult OEMCrypto_CopyBuffer( OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox, size_t keyBoxLength, SecurityLevel level); -OEMCryptoResult OEMCrypto_IsKeyboxValid(SecurityLevel level); +OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(SecurityLevel level); OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID, size_t* idLength, SecurityLevel level); OEMCryptoResult OEMCrypto_GetKeyData(uint8_t* keyData, size_t* keyDataLength, diff --git a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp index c96ef9cd..cce67f42 100644 --- a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp +++ b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp @@ -131,12 +131,12 @@ typedef OEMCryptoResult (*L1_WrapKeybox_t)(const uint8_t* keybox, size_t* wrappedKeyBoxLength, const uint8_t* transportKey, size_t transportKeyLength); -typedef OEMCryptoResult (*L1_InstallKeybox_t)(const uint8_t* keybox, +typedef OEMCryptoResult (*L1_InstallKeyboxOrOEMCert_t)(const uint8_t* keybox, size_t keyBoxLength); typedef OEMCryptoResult (*L1_LoadTestKeybox_t)(const uint8_t *buffer, size_t length); typedef OEMCryptoResult (*L1_LoadTestKeybox_V13_t)(); -typedef OEMCryptoResult (*L1_IsKeyboxValid_t)(); +typedef OEMCryptoResult (*L1_IsKeyboxOrOEMCertValid_t)(); typedef OEMCryptoResult (*L1_GetDeviceID_t)(uint8_t* deviceID, size_t* idLength); typedef OEMCryptoResult (*L1_GetKeyData_t)(uint8_t* keyData, @@ -282,9 +282,9 @@ struct FunctionPointers { L1_DecryptCENC_t DecryptCENC; L1_CopyBuffer_t CopyBuffer; L1_WrapKeybox_t WrapKeybox; - L1_InstallKeybox_t InstallKeybox; + L1_InstallKeyboxOrOEMCert_t InstallKeyboxOrOEMCert; L1_LoadTestKeybox_t LoadTestKeybox; - L1_IsKeyboxValid_t IsKeyboxValid; + L1_IsKeyboxOrOEMCertValid_t IsKeyboxOrOEMCertValid; L1_GetDeviceID_t GetDeviceID; L1_GetKeyData_t GetKeyData; L1_GetRandom_t GetRandom; @@ -637,107 +637,94 @@ class Adapter { } // clang-format off - LOOKUP_ALL( 8, CloseSession, OEMCrypto_CloseSession); - LOOKUP_ALL(10, CopyBuffer, OEMCrypto_CopyBuffer); - LOOKUP_ALL(13, CopyOldUsageEntry, OEMCrypto_CopyOldUsageEntry); - LOOKUP_ALL(13, CreateNewUsageEntry, OEMCrypto_CreateNewUsageEntry); - LOOKUP_ALL(13, CreateOldUsageEntry, OEMCrypto_CreateOldUsageEntry); - LOOKUP_ALL(13, CreateUsageTableHeader, OEMCrypto_CreateUsageTableHeader); - LOOKUP( 9, 12, DeactivateUsageEntry_V12, OEMCrypto_DeactivateUsageEntry_V12); - LOOKUP_ALL(13, DeactivateUsageEntry, OEMCrypto_DeactivateUsageEntry); - LOOKUP( 8, 10, DecryptCTR_V10, OEMCrypto_DecryptCTR_V10); - LOOKUP_ALL(11, DecryptCENC, OEMCrypto_DecryptCENC); - LOOKUP_ALL( 9, DeleteOldUsageTable, OEMCrypto_DeleteOldUsageTable); - LOOKUP( 9, 12, DeleteUsageEntry, OEMCrypto_DeleteUsageEntry); - LOOKUP_ALL( 8, DeriveKeysFromSessionKey, OEMCrypto_DeriveKeysFromSessionKey); - LOOKUP(10, 12, ForceDeleteUsageEntry, OEMCrypto_ForceDeleteUsageEntry); - LOOKUP_ALL( 8, GenerateDerivedKeys, OEMCrypto_GenerateDerivedKeys); - LOOKUP_ALL( 8, GenerateNonce, OEMCrypto_GenerateNonce); - LOOKUP( 8, 8, GenerateRSASignature_V8, OEMCrypto_GenerateRSASignature_V8); - LOOKUP_ALL( 9, GenerateRSASignature, OEMCrypto_GenerateRSASignature); - LOOKUP_ALL( 8, GenerateSignature, OEMCrypto_GenerateSignature); - LOOKUP_ALL( 8, Generic_Decrypt, OEMCrypto_Generic_Decrypt); - LOOKUP_ALL( 8, Generic_Encrypt, OEMCrypto_Generic_Encrypt); - LOOKUP_ALL( 8, Generic_Sign, OEMCrypto_Generic_Sign); - LOOKUP_ALL( 8, Generic_Verify, OEMCrypto_Generic_Verify); - LOOKUP_ALL(13, GetCurrentSRMVersion, OEMCrypto_GetCurrentSRMVersion); - LOOKUP_ALL( 8, GetDeviceID, OEMCrypto_GetDeviceID); - LOOKUP( 9, 9, GetHDCPCapability_V9, OEMCrypto_GetHDCPCapability_V9); - LOOKUP_ALL(10, GetHDCPCapability, OEMCrypto_GetHDCPCapability); - LOOKUP_ALL(14, GetAnalogOutputFlags, OEMCrypto_GetAnalogOutputFlags); - LOOKUP_ALL( 8, GetKeyData, OEMCrypto_GetKeyData); - LOOKUP_ALL(10, GetMaxNumberOfSessions, OEMCrypto_GetMaxNumberOfSessions); - LOOKUP_ALL(10, GetNumberOfOpenSessions, OEMCrypto_GetNumberOfOpenSessions); - LOOKUP_ALL(12, GetOEMPublicCertificate, OEMCrypto_GetOEMPublicCertificate); - LOOKUP_ALL(12, GetProvisioningMethod, OEMCrypto_GetProvisioningMethod); - LOOKUP_ALL( 8, GetRandom, OEMCrypto_GetRandom); - LOOKUP_ALL( 8, InstallKeybox, OEMCrypto_InstallKeybox); - LOOKUP_ALL(10, IsAntiRollbackHwPresent, OEMCrypto_IsAntiRollbackHwPresent); - LOOKUP_ALL( 8, IsKeyboxValid, OEMCrypto_IsKeyboxValid); - LOOKUP_ALL(13, IsSRMUpdateSupported, OEMCrypto_IsSRMUpdateSupported); - LOOKUP_ALL( 8, LoadDeviceRSAKey, OEMCrypto_LoadDeviceRSAKey); - LOOKUP( 8, 8, LoadKeys_V8, OEMCrypto_LoadKeys_V8); - LOOKUP( 9, 10, LoadKeys_V9_or_V10, OEMCrypto_LoadKeys_V9_or_V10); - LOOKUP(11, 12, LoadKeys_V11_or_V12, OEMCrypto_LoadKeys_V11_or_V12); - LOOKUP(13, 13, LoadKeys_V13, OEMCrypto_LoadKeys_V13); - LOOKUP_ALL(14, LoadKeys, OEMCrypto_LoadKeys); - LOOKUP_ALL(14, LoadEntitledContentKeys, OEMCrypto_LoadEntitledContentKeys); - LOOKUP_ALL(13, LoadSRM, OEMCrypto_LoadSRM); - LOOKUP(10, 13, LoadTestKeybox_V13, OEMCrypto_LoadTestKeybox_V13); - LOOKUP_ALL(14, LoadTestKeybox, OEMCrypto_LoadTestKeybox); - LOOKUP_ALL(10, LoadTestRSAKey, OEMCrypto_LoadTestRSAKey); - LOOKUP_ALL(13, LoadUsageEntry, OEMCrypto_LoadUsageEntry); - LOOKUP_ALL(13, LoadUsageTableHeader, OEMCrypto_LoadUsageTableHeader); - LOOKUP_ALL(13, MoveEntry, OEMCrypto_MoveEntry); - LOOKUP_ALL( 8, OpenSession, OEMCrypto_OpenSession); - LOOKUP_ALL(10, QueryKeyControl, OEMCrypto_QueryKeyControl); - LOOKUP_ALL( 8, RefreshKeys, OEMCrypto_RefreshKeys); - LOOKUP_ALL(13, RemoveSRM, OEMCrypto_RemoveSRM); - LOOKUP_ALL( 9, ReportUsage, OEMCrypto_ReportUsage); - LOOKUP_ALL( 8, RewrapDeviceRSAKey, OEMCrypto_RewrapDeviceRSAKey); - LOOKUP_ALL(12, RewrapDeviceRSAKey30, OEMCrypto_RewrapDeviceRSAKey30); - LOOKUP_ALL( 8, SecurityLevel, OEMCrypto_SecurityLevel); - LOOKUP_ALL(11, SecurityPatchLevel, OEMCrypto_Security_Patch_Level); - LOOKUP( 8, 13, SelectKey_V13, OEMCrypto_SelectKey_V13); - LOOKUP_ALL(14, SelectKey, OEMCrypto_SelectKey); - LOOKUP_ALL(13, ShrinkUsageTableHeader, OEMCrypto_ShrinkUsageTableHeader); - LOOKUP_ALL(13, SupportedCertificates, OEMCrypto_SupportedCertificates); - LOOKUP_ALL( 9, SupportsUsageTable, OEMCrypto_SupportsUsageTable); - LOOKUP_ALL(13, UpdateUsageEntry, OEMCrypto_UpdateUsageEntry); - LOOKUP( 9, 12, UpdateUsageTable, OEMCrypto_UpdateUsageTable); - LOOKUP_ALL( 8, WrapKeybox, OEMCrypto_WrapKeybox); + LOOKUP_ALL( 8, CloseSession, OEMCrypto_CloseSession); + LOOKUP_ALL(10, CopyBuffer, OEMCrypto_CopyBuffer); + LOOKUP_ALL(13, CopyOldUsageEntry, OEMCrypto_CopyOldUsageEntry); + LOOKUP_ALL(13, CreateNewUsageEntry, OEMCrypto_CreateNewUsageEntry); + LOOKUP_ALL(13, CreateOldUsageEntry, OEMCrypto_CreateOldUsageEntry); + LOOKUP_ALL(13, CreateUsageTableHeader, OEMCrypto_CreateUsageTableHeader); + LOOKUP( 9, 12, DeactivateUsageEntry_V12, OEMCrypto_DeactivateUsageEntry_V12); + LOOKUP_ALL(13, DeactivateUsageEntry, OEMCrypto_DeactivateUsageEntry); + LOOKUP( 8, 10, DecryptCTR_V10, OEMCrypto_DecryptCTR_V10); + LOOKUP_ALL(11, DecryptCENC, OEMCrypto_DecryptCENC); + LOOKUP_ALL( 9, DeleteOldUsageTable, OEMCrypto_DeleteOldUsageTable); + LOOKUP( 9, 12, DeleteUsageEntry, OEMCrypto_DeleteUsageEntry); + LOOKUP_ALL( 8, DeriveKeysFromSessionKey, OEMCrypto_DeriveKeysFromSessionKey); + LOOKUP(10, 12, ForceDeleteUsageEntry, OEMCrypto_ForceDeleteUsageEntry); + LOOKUP_ALL( 8, GenerateDerivedKeys, OEMCrypto_GenerateDerivedKeys); + LOOKUP_ALL( 8, GenerateNonce, OEMCrypto_GenerateNonce); + LOOKUP( 8, 8, GenerateRSASignature_V8, OEMCrypto_GenerateRSASignature_V8); + LOOKUP_ALL( 9, GenerateRSASignature, OEMCrypto_GenerateRSASignature); + LOOKUP_ALL( 8, GenerateSignature, OEMCrypto_GenerateSignature); + LOOKUP_ALL( 8, Generic_Decrypt, OEMCrypto_Generic_Decrypt); + LOOKUP_ALL( 8, Generic_Encrypt, OEMCrypto_Generic_Encrypt); + LOOKUP_ALL( 8, Generic_Sign, OEMCrypto_Generic_Sign); + LOOKUP_ALL( 8, Generic_Verify, OEMCrypto_Generic_Verify); + LOOKUP_ALL(13, GetCurrentSRMVersion, OEMCrypto_GetCurrentSRMVersion); + LOOKUP_ALL( 8, GetDeviceID, OEMCrypto_GetDeviceID); + LOOKUP( 9, 9, GetHDCPCapability_V9, OEMCrypto_GetHDCPCapability_V9); + LOOKUP_ALL(10, GetHDCPCapability, OEMCrypto_GetHDCPCapability); + LOOKUP_ALL(14, GetAnalogOutputFlags, OEMCrypto_GetAnalogOutputFlags); + LOOKUP_ALL( 8, GetKeyData, OEMCrypto_GetKeyData); + LOOKUP_ALL(10, GetMaxNumberOfSessions, OEMCrypto_GetMaxNumberOfSessions); + LOOKUP_ALL(10, GetNumberOfOpenSessions, OEMCrypto_GetNumberOfOpenSessions); + LOOKUP_ALL(12, GetOEMPublicCertificate, OEMCrypto_GetOEMPublicCertificate); + LOOKUP_ALL(12, GetProvisioningMethod, OEMCrypto_GetProvisioningMethod); + LOOKUP_ALL( 8, GetRandom, OEMCrypto_GetRandom); + LOOKUP_ALL( 8, InstallKeyboxOrOEMCert, OEMCrypto_InstallKeyboxOrOEMCert); + LOOKUP_ALL(10, IsAntiRollbackHwPresent, OEMCrypto_IsAntiRollbackHwPresent); + LOOKUP_ALL( 8, IsKeyboxOrOEMCertValid, OEMCrypto_IsKeyboxOrOEMCertValid); + LOOKUP_ALL(13, IsSRMUpdateSupported, OEMCrypto_IsSRMUpdateSupported); + LOOKUP_ALL( 8, LoadDeviceRSAKey, OEMCrypto_LoadDeviceRSAKey); + LOOKUP( 8, 8, LoadKeys_V8, OEMCrypto_LoadKeys_V8); + LOOKUP( 9, 10, LoadKeys_V9_or_V10, OEMCrypto_LoadKeys_V9_or_V10); + LOOKUP(11, 12, LoadKeys_V11_or_V12, OEMCrypto_LoadKeys_V11_or_V12); + LOOKUP(13, 13, LoadKeys_V13, OEMCrypto_LoadKeys_V13); + LOOKUP_ALL(14, LoadKeys, OEMCrypto_LoadKeys); + LOOKUP_ALL(14, LoadEntitledContentKeys, OEMCrypto_LoadEntitledContentKeys); + LOOKUP_ALL(13, LoadSRM, OEMCrypto_LoadSRM); + LOOKUP(10, 13, LoadTestKeybox_V13, OEMCrypto_LoadTestKeybox_V13); + LOOKUP_ALL(14, LoadTestKeybox, OEMCrypto_LoadTestKeybox); + LOOKUP_ALL(10, LoadTestRSAKey, OEMCrypto_LoadTestRSAKey); + LOOKUP_ALL(13, LoadUsageEntry, OEMCrypto_LoadUsageEntry); + LOOKUP_ALL(13, LoadUsageTableHeader, OEMCrypto_LoadUsageTableHeader); + LOOKUP_ALL(13, MoveEntry, OEMCrypto_MoveEntry); + LOOKUP_ALL( 8, OpenSession, OEMCrypto_OpenSession); + LOOKUP_ALL(10, QueryKeyControl, OEMCrypto_QueryKeyControl); + LOOKUP_ALL( 8, RefreshKeys, OEMCrypto_RefreshKeys); + LOOKUP_ALL(13, RemoveSRM, OEMCrypto_RemoveSRM); + LOOKUP_ALL( 9, ReportUsage, OEMCrypto_ReportUsage); + LOOKUP_ALL( 8, RewrapDeviceRSAKey, OEMCrypto_RewrapDeviceRSAKey); + LOOKUP_ALL(12, RewrapDeviceRSAKey30, OEMCrypto_RewrapDeviceRSAKey30); + LOOKUP_ALL( 8, SecurityLevel, OEMCrypto_SecurityLevel); + LOOKUP_ALL(11, SecurityPatchLevel, OEMCrypto_Security_Patch_Level); + LOOKUP( 8, 13, SelectKey_V13, OEMCrypto_SelectKey_V13); + LOOKUP_ALL(14, SelectKey, OEMCrypto_SelectKey); + LOOKUP_ALL(13, ShrinkUsageTableHeader, OEMCrypto_ShrinkUsageTableHeader); + LOOKUP_ALL(13, SupportedCertificates, OEMCrypto_SupportedCertificates); + LOOKUP_ALL( 9, SupportsUsageTable, OEMCrypto_SupportsUsageTable); + LOOKUP_ALL(13, UpdateUsageEntry, OEMCrypto_UpdateUsageEntry); + LOOKUP( 9, 12, UpdateUsageTable, OEMCrypto_UpdateUsageTable); + LOOKUP_ALL( 8, WrapKeybox, OEMCrypto_WrapKeybox); // clang-format on - // If we have a valid keybox, initialization is done. We're good. - if (OEMCrypto_SUCCESS == level1_.IsKeyboxValid()) { + // If the keybox or oem certificate is valid, we are done. + OEMCryptoResult root_valid = level1_.IsKeyboxOrOEMCertValid(); + OEMCrypto_ProvisioningMethod provisioning_method = + level1_.GetProvisioningMethod(); + if (root_valid == OEMCrypto_SUCCESS) { metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode( - wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_WITH_KEYBOX); - return true; - } - // If we use provisioning 3.0, initialization is done. We may not - // be good, but there's no reason to try loading a keybox. Any errors - // will have to be caught in the future when provisioning fails. - if (level1_.version > 11 && - (level1_.GetProvisioningMethod() == OEMCrypto_OEMCertificate)) { - metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode( - wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_WITH_PROVISIONING_3_0); - return true; - } - uint8_t buffer[1]; - size_t buffer_size = 0; - if (OEMCrypto_ERROR_NOT_IMPLEMENTED == level1_.GetKeyData(buffer, - &buffer_size)){ - // If GetKeyData is not implemented, then the device should only use a - // baked in certificate as identification. We will assume that a device - // with a bad keybox returns a different error code. - metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode( - wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_WITH_CERTIFICATE); + (provisioning_method == OEMCrypto_Keybox) + ? wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_WITH_KEYBOX + : wvcdm::metrics:: + OEMCrypto_INITIALIZED_USING_L1_WITH_PROVISIONING_3_0); return true; } + wvcdm::FileSystem file_system; std::string filename; if (!wvcdm::Properties::GetFactoryKeyboxPath(&filename)) { - LOGW("Bad Level 1 Keybox. Falling Back to L3."); + LOGW("Bad Level 1 Root of Trust. Falling Back to L3."); level1_.Terminate(); metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode( wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L3_BAD_KEYBOX); @@ -761,11 +748,12 @@ class Adapter { OEMCrypto_INITIALIZED_USING_L3_COULD_NOT_OPEN_FACTORY_KEYBOX); return false; } - std::vector keybox(size); - ssize_t size_read = file->Read(reinterpret_cast(&keybox[0]), size); + std::vector root_key(size); + ssize_t size_read = file->Read(reinterpret_cast(&root_key[0]), size); file->Close(); - if (level1_.InstallKeybox(&keybox[0], size_read) != OEMCrypto_SUCCESS) { - LOGE("Could NOT install keybox from %s. Falling Back to L3.", + if (level1_.InstallKeyboxOrOEMCert(&root_key[0], size_read) != + OEMCrypto_SUCCESS) { + LOGE("Could NOT install root key from %s. Falling Back to L3.", filename.c_str()); level1_.Terminate(); metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode( @@ -773,7 +761,16 @@ class Adapter { OEMCrypto_INITIALIZED_USING_L3_COULD_NOT_INSTALL_KEYBOX); return false; } - LOGI("Installed keybox from %s", filename.c_str()); + if (level1_.IsKeyboxOrOEMCertValid() != OEMCrypto_SUCCESS) { + LOGE("Installed bad key from %s. Falling Back to L3.", + filename.c_str()); + level1_.Terminate(); + metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode( + wvcdm::metrics:: + OEMCrypto_INITIALIZED_USING_L3_COULD_NOT_INSTALL_KEYBOX); + return false; + } + LOGI("Installed root key from %s", filename.c_str()); metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode( wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_INSTALLED_KEYBOX); return true; @@ -781,64 +778,64 @@ class Adapter { void LoadLevel3() { // clang-format off - level3_.Terminate = Level3_Terminate; - level3_.OpenSession = Level3_OpenSession; - level3_.CloseSession = Level3_CloseSession; - level3_.GenerateDerivedKeys = Level3_GenerateDerivedKeys; - level3_.GenerateNonce = Level3_GenerateNonce; - level3_.GenerateSignature = Level3_GenerateSignature; - level3_.LoadKeys = Level3_LoadKeys; - level3_.LoadEntitledContentKeys = Level3_LoadEntitledContentKeys; - level3_.RefreshKeys = Level3_RefreshKeys; - level3_.QueryKeyControl = Level3_QueryKeyControl; - level3_.SelectKey = Level3_SelectKey; - level3_.DecryptCENC = Level3_DecryptCENC; - level3_.CopyBuffer = Level3_CopyBuffer; - level3_.WrapKeybox = Level3_WrapKeybox; - level3_.InstallKeybox = Level3_InstallKeybox; - level3_.LoadTestKeybox = Level3_LoadTestKeybox; - level3_.IsKeyboxValid = Level3_IsKeyboxValid; - level3_.GetDeviceID = Level3_GetDeviceID; - level3_.GetKeyData = Level3_GetKeyData; - level3_.GetRandom = Level3_GetRandom; - level3_.RewrapDeviceRSAKey = Level3_RewrapDeviceRSAKey; - level3_.LoadDeviceRSAKey = Level3_LoadDeviceRSAKey; - level3_.LoadTestRSAKey = Level3_LoadTestRSAKey; - level3_.GenerateRSASignature = Level3_GenerateRSASignature; - level3_.DeriveKeysFromSessionKey = Level3_DeriveKeysFromSessionKey; - level3_.APIVersion = Level3_APIVersion; - level3_.SecurityPatchLevel = Level3_SecurityPatchLevel; - level3_.SecurityLevel = Level3_SecurityLevel; - level3_.GetHDCPCapability = Level3_GetHDCPCapability; - level3_.GetAnalogOutputFlags = Level3_GetAnalogOutputFlags; - level3_.SupportsUsageTable = Level3_SupportsUsageTable; - level3_.IsAntiRollbackHwPresent = Level3_IsAntiRollbackHwPresent; - level3_.GetNumberOfOpenSessions = Level3_GetNumberOfOpenSessions; - level3_.GetMaxNumberOfSessions = Level3_GetMaxNumberOfSessions; - level3_.Generic_Decrypt = Level3_Generic_Decrypt; - level3_.Generic_Encrypt = Level3_Generic_Encrypt; - level3_.Generic_Sign = Level3_Generic_Sign; - level3_.Generic_Verify = Level3_Generic_Verify; - level3_.DeactivateUsageEntry = Level3_DeactivateUsageEntry; - level3_.ReportUsage = Level3_ReportUsage; - level3_.DeleteOldUsageTable = Level3_DeleteOldUsageTable; - level3_.GetProvisioningMethod = Level3_GetProvisioningMethod; - level3_.GetOEMPublicCertificate = Level3_GetOEMPublicCertificate; - level3_.RewrapDeviceRSAKey30 = Level3_RewrapDeviceRSAKey30; - level3_.SupportedCertificates = Level3_SupportedCertificates; - level3_.IsSRMUpdateSupported = Level3_IsSRMUpdateSupported; - level3_.GetCurrentSRMVersion = Level3_GetCurrentSRMVersion; - level3_.LoadSRM = Level3_LoadSRM; - level3_.RemoveSRM = Level3_RemoveSRM; - level3_.CreateUsageTableHeader = Level3_CreateUsageTableHeader; - level3_.LoadUsageTableHeader = Level3_LoadUsageTableHeader; - level3_.CreateNewUsageEntry = Level3_CreateNewUsageEntry; - level3_.LoadUsageEntry = Level3_LoadUsageEntry; - level3_.UpdateUsageEntry = Level3_UpdateUsageEntry; - level3_.ShrinkUsageTableHeader = Level3_ShrinkUsageTableHeader; - level3_.MoveEntry = Level3_MoveEntry; - level3_.CopyOldUsageEntry = Level3_CopyOldUsageEntry; - level3_.CreateOldUsageEntry = Level3_CreateOldUsageEntry; + level3_.Terminate = Level3_Terminate; + level3_.OpenSession = Level3_OpenSession; + level3_.CloseSession = Level3_CloseSession; + level3_.GenerateDerivedKeys = Level3_GenerateDerivedKeys; + level3_.GenerateNonce = Level3_GenerateNonce; + level3_.GenerateSignature = Level3_GenerateSignature; + level3_.LoadKeys = Level3_LoadKeys; + level3_.LoadEntitledContentKeys = Level3_LoadEntitledContentKeys; + level3_.RefreshKeys = Level3_RefreshKeys; + level3_.QueryKeyControl = Level3_QueryKeyControl; + level3_.SelectKey = Level3_SelectKey; + level3_.DecryptCENC = Level3_DecryptCENC; + level3_.CopyBuffer = Level3_CopyBuffer; + level3_.WrapKeybox = Level3_WrapKeybox; + level3_.InstallKeyboxOrOEMCert = Level3_InstallKeybox; + level3_.LoadTestKeybox = Level3_LoadTestKeybox; + level3_.IsKeyboxOrOEMCertValid = Level3_IsKeyboxValid; + level3_.GetDeviceID = Level3_GetDeviceID; + level3_.GetKeyData = Level3_GetKeyData; + level3_.GetRandom = Level3_GetRandom; + level3_.RewrapDeviceRSAKey = Level3_RewrapDeviceRSAKey; + level3_.LoadDeviceRSAKey = Level3_LoadDeviceRSAKey; + level3_.LoadTestRSAKey = Level3_LoadTestRSAKey; + level3_.GenerateRSASignature = Level3_GenerateRSASignature; + level3_.DeriveKeysFromSessionKey = Level3_DeriveKeysFromSessionKey; + level3_.APIVersion = Level3_APIVersion; + level3_.SecurityPatchLevel = Level3_SecurityPatchLevel; + level3_.SecurityLevel = Level3_SecurityLevel; + level3_.GetHDCPCapability = Level3_GetHDCPCapability; + level3_.GetAnalogOutputFlags = Level3_GetAnalogOutputFlags; + level3_.SupportsUsageTable = Level3_SupportsUsageTable; + level3_.IsAntiRollbackHwPresent = Level3_IsAntiRollbackHwPresent; + level3_.GetNumberOfOpenSessions = Level3_GetNumberOfOpenSessions; + level3_.GetMaxNumberOfSessions = Level3_GetMaxNumberOfSessions; + level3_.Generic_Decrypt = Level3_Generic_Decrypt; + level3_.Generic_Encrypt = Level3_Generic_Encrypt; + level3_.Generic_Sign = Level3_Generic_Sign; + level3_.Generic_Verify = Level3_Generic_Verify; + level3_.DeactivateUsageEntry = Level3_DeactivateUsageEntry; + level3_.ReportUsage = Level3_ReportUsage; + level3_.DeleteOldUsageTable = Level3_DeleteOldUsageTable; + level3_.GetProvisioningMethod = Level3_GetProvisioningMethod; + level3_.GetOEMPublicCertificate = Level3_GetOEMPublicCertificate; + level3_.RewrapDeviceRSAKey30 = Level3_RewrapDeviceRSAKey30; + level3_.SupportedCertificates = Level3_SupportedCertificates; + level3_.IsSRMUpdateSupported = Level3_IsSRMUpdateSupported; + level3_.GetCurrentSRMVersion = Level3_GetCurrentSRMVersion; + level3_.LoadSRM = Level3_LoadSRM; + level3_.RemoveSRM = Level3_RemoveSRM; + level3_.CreateUsageTableHeader = Level3_CreateUsageTableHeader; + level3_.LoadUsageTableHeader = Level3_LoadUsageTableHeader; + level3_.CreateNewUsageEntry = Level3_CreateNewUsageEntry; + level3_.LoadUsageEntry = Level3_LoadUsageEntry; + level3_.UpdateUsageEntry = Level3_UpdateUsageEntry; + level3_.ShrinkUsageTableHeader = Level3_ShrinkUsageTableHeader; + level3_.MoveEntry = Level3_MoveEntry; + level3_.CopyOldUsageEntry = Level3_CopyOldUsageEntry; + level3_.CreateOldUsageEntry = Level3_CreateOldUsageEntry; // clang-format on level3_.version = Level3_APIVersion(); @@ -954,14 +951,15 @@ OEMCryptoResult OEMCrypto_CopyBuffer( return fcn->CopyBuffer(data_addr, data_length, out_buffer, subsample_flags); } -OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox, +OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(const uint8_t* keybox, size_t keyBoxLength, SecurityLevel level) { if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; const FunctionPointers* fcn = kAdapter->get(level); if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION; - if (fcn->InstallKeybox == NULL) return OEMCrypto_ERROR_NOT_IMPLEMENTED; - return fcn->InstallKeybox(keybox, keyBoxLength); + if (fcn->InstallKeyboxOrOEMCert == NULL) + return OEMCrypto_ERROR_NOT_IMPLEMENTED; + return fcn->InstallKeyboxOrOEMCert(keybox, keyBoxLength); } OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod( @@ -974,12 +972,13 @@ OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod( return fcn->GetProvisioningMethod(); } -OEMCryptoResult OEMCrypto_IsKeyboxValid(SecurityLevel level) { +OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(SecurityLevel level) { if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; const FunctionPointers* fcn = kAdapter->get(level); if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION; - if (fcn->IsKeyboxValid == NULL) return OEMCrypto_ERROR_NOT_IMPLEMENTED; - return fcn->IsKeyboxValid(); + if (fcn->IsKeyboxOrOEMCertValid == NULL) + return OEMCrypto_ERROR_NOT_IMPLEMENTED; + return fcn->IsKeyboxOrOEMCertValid(); } OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID, size_t* idLength, @@ -1501,9 +1500,9 @@ extern "C" OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox, wrappedKeyBoxLength, transportKey, transportKeyLength); } -extern "C" OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox, +extern "C" OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(const uint8_t* keybox, size_t keyBoxLength) { - return OEMCrypto_InstallKeybox(keybox, keyBoxLength, kLevelDefault); + return OEMCrypto_InstallKeyboxOrOEMCert(keybox, keyBoxLength, kLevelDefault); } extern "C" OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t* buffer, @@ -1520,8 +1519,8 @@ extern "C" OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t* buffer, return fcn->LoadTestKeybox(buffer, length); } -extern "C" OEMCryptoResult OEMCrypto_IsKeyboxValid() { - return OEMCrypto_IsKeyboxValid(kLevelDefault); +extern "C" OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid() { + return OEMCrypto_IsKeyboxOrOEMCertValid(kLevelDefault); } extern "C" OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod() { diff --git a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h index 85cbcdb2..d6fd79a6 100644 --- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h +++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h @@ -370,81 +370,87 @@ typedef enum OEMCrypto_ProvisioningMethod { /* * Obfuscation Renames. */ -#define OEMCrypto_Initialize _oecc01 -#define OEMCrypto_Terminate _oecc02 -#define OEMCrypto_InstallKeybox _oecc03 -#define OEMCrypto_InstallRootKeyCertificate _oecc03 -#define OEMCrypto_GetKeyData _oecc04 -#define OEMCrypto_IsKeyboxValid _oecc05 -#define OEMCrypto_IsRootKeyCertificateValid _oecc05 -#define OEMCrypto_GetRandom _oecc06 -#define OEMCrypto_GetDeviceID _oecc07 -#define OEMCrypto_WrapKeybox _oecc08 -#define OEMCrypto_WrapRootKeyCertificate _oecc08 -#define OEMCrypto_OpenSession _oecc09 -#define OEMCrypto_CloseSession _oecc10 -#define OEMCrypto_DecryptCTR_V10 _oecc11 -#define OEMCrypto_GenerateDerivedKeys _oecc12 -#define OEMCrypto_GenerateSignature _oecc13 -#define OEMCrypto_GenerateNonce _oecc14 -#define OEMCrypto_LoadKeys_V8 _oecc15 -#define OEMCrypto_RefreshKeys _oecc16 -#define OEMCrypto_SelectKey_V13 _oecc17 -#define OEMCrypto_RewrapDeviceRSAKey _oecc18 -#define OEMCrypto_LoadDeviceRSAKey _oecc19 -#define OEMCrypto_GenerateRSASignature_V8 _oecc20 -#define OEMCrypto_DeriveKeysFromSessionKey _oecc21 -#define OEMCrypto_APIVersion _oecc22 -#define OEMCrypto_SecurityLevel _oecc23 -#define OEMCrypto_Generic_Encrypt _oecc24 -#define OEMCrypto_Generic_Decrypt _oecc25 -#define OEMCrypto_Generic_Sign _oecc26 -#define OEMCrypto_Generic_Verify _oecc27 -#define OEMCrypto_GetHDCPCapability_V9 _oecc28 -#define OEMCrypto_SupportsUsageTable _oecc29 -#define OEMCrypto_UpdateUsageTable _oecc30 -#define OEMCrypto_DeactivateUsageEntry_V12 _oecc31 -#define OEMCrypto_ReportUsage _oecc32 -#define OEMCrypto_DeleteUsageEntry _oecc33 -#define OEMCrypto_DeleteOldUsageTable _oecc34 -#define OEMCrypto_LoadKeys_V9_or_V10 _oecc35 -#define OEMCrypto_GenerateRSASignature _oecc36 -#define OEMCrypto_GetMaxNumberOfSessions _oecc37 -#define OEMCrypto_GetNumberOfOpenSessions _oecc38 -#define OEMCrypto_IsAntiRollbackHwPresent _oecc39 -#define OEMCrypto_CopyBuffer _oecc40 -#define OEMCrypto_QueryKeyControl _oecc41 -#define OEMCrypto_LoadTestKeybox_V13 _oecc42 -#define OEMCrypto_ForceDeleteUsageEntry _oecc43 -#define OEMCrypto_GetHDCPCapability _oecc44 -#define OEMCrypto_LoadTestRSAKey _oecc45 -#define OEMCrypto_Security_Patch_Level _oecc46 -#define OEMCrypto_LoadKeys_V11_or_V12 _oecc47 -#define OEMCrypto_DecryptCENC _oecc48 -#define OEMCrypto_GetProvisioningMethod _oecc49 -#define OEMCrypto_GetOEMPublicCertificate _oecc50 -#define OEMCrypto_RewrapDeviceRSAKey30 _oecc51 -#define OEMCrypto_SupportedCertificates _oecc52 -#define OEMCrypto_IsSRMUpdateSupported _oecc53 -#define OEMCrypto_GetCurrentSRMVersion _oecc54 -#define OEMCrypto_LoadSRM _oecc55 -#define OEMCrypto_LoadKeys_V13 _oecc56 -#define OEMCrypto_RemoveSRM _oecc57 -#define OEMCrypto_CreateUsageTableHeader _oecc61 -#define OEMCrypto_LoadUsageTableHeader _oecc62 -#define OEMCrypto_CreateNewUsageEntry _oecc63 -#define OEMCrypto_LoadUsageEntry _oecc64 -#define OEMCrypto_UpdateUsageEntry _oecc65 -#define OEMCrypto_DeactivateUsageEntry _oecc66 -#define OEMCrypto_ShrinkUsageTableHeader _oecc67 -#define OEMCrypto_MoveEntry _oecc68 -#define OEMCrypto_CopyOldUsageEntry _oecc69 -#define OEMCrypto_CreateOldUsageEntry _oecc70 -#define OEMCrypto_GetAnalogOutputFlags _oecc71 -#define OEMCrypto_LoadTestKeybox _oecc78 -#define OEMCrypto_LoadEntitledContentKeys _oecc79 -#define OEMCrypto_SelectKey _oecc81 -#define OEMCrypto_LoadKeys _oecc82 +#define OEMCrypto_Initialize _oecc01 +#define OEMCrypto_Terminate _oecc02 +#define OEMCrypto_InstallKeybox _oecc03 +// Rename InstallKeybox to InstallKeyboxOrOEMCert. +#define OEMCrypto_InstallRootKeyCertificate _oecc03 +#define OEMCrypto_InstallKeyboxOrOEMCert _oecc03 +#define OEMCrypto_GetKeyData _oecc04 +#define OEMCrypto_IsKeyboxValid _oecc05 +// Rename IsKeyboxValid to IsKeyboxOrOEMCertValid. +#define OEMCrypto_IsRootKeyCertificateValid _oecc05 +#define OEMCrypto_IsKeyboxOrOEMCertValid _oecc05 +#define OEMCrypto_GetRandom _oecc06 +#define OEMCrypto_GetDeviceID _oecc07 +#define OEMCrypto_WrapKeybox _oecc08 +// Rename WrapKeybox to WrapKeyboxOrOEMCert +#define OEMCrypto_WrapRootKeyCertificate _oecc08 +#define OEMCrypto_WrapKeyboxOrOEMCert _oecc08 +#define OEMCrypto_OpenSession _oecc09 +#define OEMCrypto_CloseSession _oecc10 +#define OEMCrypto_DecryptCTR_V10 _oecc11 +#define OEMCrypto_GenerateDerivedKeys _oecc12 +#define OEMCrypto_GenerateSignature _oecc13 +#define OEMCrypto_GenerateNonce _oecc14 +#define OEMCrypto_LoadKeys_V8 _oecc15 +#define OEMCrypto_RefreshKeys _oecc16 +#define OEMCrypto_SelectKey_V13 _oecc17 +#define OEMCrypto_RewrapDeviceRSAKey _oecc18 +#define OEMCrypto_LoadDeviceRSAKey _oecc19 +#define OEMCrypto_GenerateRSASignature_V8 _oecc20 +#define OEMCrypto_DeriveKeysFromSessionKey _oecc21 +#define OEMCrypto_APIVersion _oecc22 +#define OEMCrypto_SecurityLevel _oecc23 +#define OEMCrypto_Generic_Encrypt _oecc24 +#define OEMCrypto_Generic_Decrypt _oecc25 +#define OEMCrypto_Generic_Sign _oecc26 +#define OEMCrypto_Generic_Verify _oecc27 +#define OEMCrypto_GetHDCPCapability_V9 _oecc28 +#define OEMCrypto_SupportsUsageTable _oecc29 +#define OEMCrypto_UpdateUsageTable _oecc30 +#define OEMCrypto_DeactivateUsageEntry_V12 _oecc31 +#define OEMCrypto_ReportUsage _oecc32 +#define OEMCrypto_DeleteUsageEntry _oecc33 +#define OEMCrypto_DeleteOldUsageTable _oecc34 +#define OEMCrypto_LoadKeys_V9_or_V10 _oecc35 +#define OEMCrypto_GenerateRSASignature _oecc36 +#define OEMCrypto_GetMaxNumberOfSessions _oecc37 +#define OEMCrypto_GetNumberOfOpenSessions _oecc38 +#define OEMCrypto_IsAntiRollbackHwPresent _oecc39 +#define OEMCrypto_CopyBuffer _oecc40 +#define OEMCrypto_QueryKeyControl _oecc41 +#define OEMCrypto_LoadTestKeybox_V13 _oecc42 +#define OEMCrypto_ForceDeleteUsageEntry _oecc43 +#define OEMCrypto_GetHDCPCapability _oecc44 +#define OEMCrypto_LoadTestRSAKey _oecc45 +#define OEMCrypto_Security_Patch_Level _oecc46 +#define OEMCrypto_LoadKeys_V11_or_V12 _oecc47 +#define OEMCrypto_DecryptCENC _oecc48 +#define OEMCrypto_GetProvisioningMethod _oecc49 +#define OEMCrypto_GetOEMPublicCertificate _oecc50 +#define OEMCrypto_RewrapDeviceRSAKey30 _oecc51 +#define OEMCrypto_SupportedCertificates _oecc52 +#define OEMCrypto_IsSRMUpdateSupported _oecc53 +#define OEMCrypto_GetCurrentSRMVersion _oecc54 +#define OEMCrypto_LoadSRM _oecc55 +#define OEMCrypto_LoadKeys_V13 _oecc56 +#define OEMCrypto_RemoveSRM _oecc57 +#define OEMCrypto_CreateUsageTableHeader _oecc61 +#define OEMCrypto_LoadUsageTableHeader _oecc62 +#define OEMCrypto_CreateNewUsageEntry _oecc63 +#define OEMCrypto_LoadUsageEntry _oecc64 +#define OEMCrypto_UpdateUsageEntry _oecc65 +#define OEMCrypto_DeactivateUsageEntry _oecc66 +#define OEMCrypto_ShrinkUsageTableHeader _oecc67 +#define OEMCrypto_MoveEntry _oecc68 +#define OEMCrypto_CopyOldUsageEntry _oecc69 +#define OEMCrypto_CreateOldUsageEntry _oecc70 +#define OEMCrypto_GetAnalogOutputFlags _oecc71 +#define OEMCrypto_LoadTestKeybox _oecc78 +#define OEMCrypto_LoadEntitledContentKeys _oecc79 +#define OEMCrypto_SelectKey _oecc81 +#define OEMCrypto_LoadKeys _oecc82 /* * OEMCrypto_Initialize @@ -1498,7 +1504,7 @@ OEMCryptoResult OEMCrypto_CopyBuffer(const uint8_t* data_addr, uint8_t subsample_flags); /* - * OEMCrypto_WrapRootKeyCertificate + * OEMCrypto_WrapKeyboxOrOEMCert * * Description: * @@ -1507,13 +1513,13 @@ OEMCryptoResult OEMCrypto_CopyBuffer(const uint8_t* data_addr, * manufacturing, the root of trust should be encrypted with the OEM root key * and stored on the file system in a region that will not be erased during * factory reset. This function may be used by legacy systems that use the - * two-step WrapRootKeyCertificate/InstallRootKeyCertificate approach. When + * two-step WrapKeyboxOrOEMCert/InstallKeyboxOrOEMCert approach. When * the Widevine DRM plugin initializes, it will look for a wrapped root of * trust in the file /factory/wv.keys and install it into the security - * processor by calling OEMCrypto_InstallRootKeyCertificate(). + * processor by calling OEMCrypto_InstallKeyboxOrOEMCert(). * - * OEMCrypto_WrapRootKeyCertificate() is used to generate an OEM-encrypted - * root of trust that may be passed to OEMCrypto_InstallRootKeyCertificate() + * OEMCrypto_WrapKeyboxOrOEMCert() is used to generate an OEM-encrypted + * root of trust that may be passed to OEMCrypto_InstallKeyboxOrOEMCert() * for provisioning. The root of trust may be either passed in the clear or * previously encrypted with a transport key. If a transport key is supplied, * the keybox is first decrypted with the transport key before being wrapped @@ -1548,14 +1554,14 @@ OEMCryptoResult OEMCrypto_CopyBuffer(const uint8_t* data_addr, * Version: * This method is supported by all API versions. */ -OEMCryptoResult OEMCrypto_WrapRootKeyCertificate(const uint8_t* rot, size_t rotLength, +OEMCryptoResult OEMCrypto_WrapKeyboxOrOEMCert(const uint8_t* rot, size_t rotLength, uint8_t* wrappedRot, size_t* wrappedRotLength, const uint8_t* transportKey, size_t transportKeyLength); /* - * OEMCrypto_InstallRootKeyCertificate + * OEMCrypto_InstallKeyboxOrOEMCert * * Description: * @@ -1564,7 +1570,7 @@ OEMCryptoResult OEMCrypto_WrapRootKeyCertificate(const uint8_t* rot, size_t rotL * function is called from the Widevine DRM plugin at initialization time if * there is no valid root of trust installed. It looks for wrapped data in * the file /factory/wv.keys and if it is present, will read the file and call - * OEMCrypto_InstallRootKeyCertificate() with the contents of the file. This + * OEMCrypto_InstallKeyboxOrOEMCert() with the contents of the file. This * function is only needed if the factory provisioning method involves saving * the keybox to the file system. * @@ -1585,7 +1591,7 @@ OEMCryptoResult OEMCrypto_WrapRootKeyCertificate(const uint8_t* rot, size_t rotL * Version: * This method is supported in all API versions. */ -OEMCryptoResult OEMCrypto_InstallRootKeyCertificate(const uint8_t* rot, +OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(const uint8_t* rot, size_t rotLength); /* @@ -1681,7 +1687,7 @@ OEMCryptoResult OEMCrypto_GetOEMPublicCertificate(OEMCrypto_SESSION session, OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t *buffer, size_t length); /* - * OEMCrypto_IsRootKeyCertificateValid + * OEMCrypto_IsKeyboxOrOEMCertValid * * Description: * @@ -1713,7 +1719,7 @@ OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t *buffer, size_t length); * Version: * This method is supported by all API versions. */ -OEMCryptoResult OEMCrypto_IsRootKeyCertificateValid(void); +OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(void); /* * OEMCrypto_GetDeviceID diff --git a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_ref.cpp b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_ref.cpp index f620371d..3b5ee058 100644 --- a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_ref.cpp +++ b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_ref.cpp @@ -548,12 +548,10 @@ extern "C" OEMCryptoResult OEMCrypto_CopyBuffer( return crypto_engine->PushDestination(out_buffer, subsample_flags); } -extern "C" OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox, - size_t keyBoxLength, - uint8_t* wrappedKeybox, - size_t* wrappedKeyBoxLength, - const uint8_t* transportKey, - size_t transportKeyLength) { +extern "C" OEMCryptoResult OEMCrypto_WrapKeyboxOrOEMCert( + const uint8_t* keybox, size_t keyBoxLength, uint8_t* wrappedKeybox, + size_t* wrappedKeyBoxLength, const uint8_t* transportKey, + size_t transportKeyLength) { if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) { return OEMCrypto_ERROR_NOT_IMPLEMENTED; } @@ -567,10 +565,10 @@ extern "C" OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox, return OEMCrypto_SUCCESS; } -extern "C" OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox, - size_t keyBoxLength) { +extern "C" OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert( + const uint8_t* keybox, size_t keyBoxLength) { if (!crypto_engine) { - LOGE("OEMCrypto_InstallKeybox: OEMCrypto Not Initialized."); + LOGE("OEMCrypto_InstallKeyboxOrOEMCert: OEMCrypto Not Initialized."); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) { @@ -595,23 +593,34 @@ extern "C" OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t* buffer, return OEMCrypto_SUCCESS; } -extern "C" OEMCryptoResult OEMCrypto_IsKeyboxValid(void) { +extern "C" OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(void) { if (!crypto_engine) { - LOGE("OEMCrypto_IsKeyboxValid: OEMCrypto Not Initialized."); + LOGE("OEMCrypto_IsKeyboxOrOEMCertValid: OEMCrypto Not Initialized."); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } - if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) { - return OEMCrypto_ERROR_NOT_IMPLEMENTED; - } - switch (crypto_engine->ValidateKeybox()) { - case NO_ERROR: + switch (crypto_engine->config_provisioning_method()) { + case OEMCrypto_DrmCertificate: return OEMCrypto_SUCCESS; - case BAD_CRC: - return OEMCrypto_ERROR_BAD_CRC; - case BAD_MAGIC: - return OEMCrypto_ERROR_BAD_MAGIC; + case OEMCrypto_Keybox: + switch (crypto_engine->ValidateKeybox()) { + case NO_ERROR: + return OEMCrypto_SUCCESS; + case BAD_CRC: + return OEMCrypto_ERROR_BAD_CRC; + case BAD_MAGIC: + return OEMCrypto_ERROR_BAD_MAGIC; + default: + case OTHER_ERROR: + return OEMCrypto_ERROR_UNKNOWN_FAILURE; + } + break; + case OEMCrypto_OEMCertificate: + // TODO(fredgc): verify that the certificate exists and is valid. + return OEMCrypto_SUCCESS; + break; default: - case OTHER_ERROR: + LOGE("Invalid provisioning method: %d.", + crypto_engine->config_provisioning_method()); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } } diff --git a/libwvdrmengine/oemcrypto/test/oec_device_features.cpp b/libwvdrmengine/oemcrypto/test/oec_device_features.cpp index 9bd95a69..802a1069 100644 --- a/libwvdrmengine/oemcrypto/test/oec_device_features.cpp +++ b/libwvdrmengine/oemcrypto/test/oec_device_features.cpp @@ -143,6 +143,7 @@ std::string DeviceFeatures::RestrictFilter(const std::string& initial_filter) { if (api_version < 12) FilterOut(&filter, "*API12*"); if (api_version < 13) FilterOut(&filter, "*API13*"); if (api_version < 14) FilterOut(&filter, "*API14*"); + if (api_version < 15) FilterOut(&filter, "*API15*"); // Some tests may require root access. If user is not root, filter these tests // out. if (getuid()) { diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp index c5c6bd8e..0f77d08a 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp @@ -538,6 +538,11 @@ TEST_F(OEMCryptoProv30Test, DeviceClaimsOEMCertificate) { ASSERT_EQ(OEMCrypto_OEMCertificate, OEMCrypto_GetProvisioningMethod()); } +// The OEM certificate must be valid. +TEST_F(OEMCryptoProv30Test, CertValidAPI15) { + ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_IsKeyboxOrOEMCertValid()); +} + TEST_F(OEMCryptoProv30Test, OEMCertValid) { Session s; ASSERT_NO_FATAL_FAILURE(s.open());