widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use InstallRootKeyCertificate for keybox and cert

Browse Source 
Merge from Widevine repo of http://go/wvgerrit/55461

This CL allows provisioning 3.0 devices to install their OEM certs
from an initialization partition.  This method is already used for
keyboxes on Android -- we are just adding the ability to use it for
OEM certs, also.

Also, for v15, we require OEMCrypto to report a valid certificate in
the unit tests.

bug: 111725154
test: unit tests
Change-Id: I142c84a1a67bdb4cee943cfd12a632421901eb24
This commit is contained in:
Fred Gylys-Colwell
2018-09-02 13:22:53 -07:00
parent 3a2d291dc5
commit 562c14b5f1
6 changed files with 298 additions and 278 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libwvdrmengine/cdm/core/include/oemcrypto_adapter.h
View File

@@ -20,7 +20,7 @@ OEMCryptoResult OEMCrypto_CopyBuffer(
OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
size_t keyBoxLength,
SecurityLevel level);
OEMCryptoResult OEMCrypto_IsKeyboxValid(SecurityLevel level);
OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(SecurityLevel level);
OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID, size_t* idLength,
SecurityLevel level);
OEMCryptoResult OEMCrypto_GetKeyData(uint8_t* keyData, size_t* keyDataLength,

339
libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
View File

@@ -131,12 +131,12 @@ typedef OEMCryptoResult (*L1_WrapKeybox_t)(const uint8_t* keybox,
size_t* wrappedKeyBoxLength,
const uint8_t* transportKey,
size_t transportKeyLength);
typedef OEMCryptoResult (*L1_InstallKeybox_t)(const uint8_t* keybox,
typedef OEMCryptoResult (*L1_InstallKeyboxOrOEMCert_t)(const uint8_t* keybox,
size_t keyBoxLength);
typedef OEMCryptoResult (*L1_LoadTestKeybox_t)(const uint8_t *buffer,
size_t length);
typedef OEMCryptoResult (*L1_LoadTestKeybox_V13_t)();
typedef OEMCryptoResult (*L1_IsKeyboxValid_t)();
typedef OEMCryptoResult (*L1_IsKeyboxOrOEMCertValid_t)();
typedef OEMCryptoResult (*L1_GetDeviceID_t)(uint8_t* deviceID,
size_t* idLength);
typedef OEMCryptoResult (*L1_GetKeyData_t)(uint8_t* keyData,
@@ -282,9 +282,9 @@ struct FunctionPointers {
L1_DecryptCENC_t DecryptCENC;
L1_CopyBuffer_t CopyBuffer;
L1_WrapKeybox_t WrapKeybox;
L1_InstallKeybox_t InstallKeybox;
L1_InstallKeyboxOrOEMCert_t InstallKeyboxOrOEMCert;
L1_LoadTestKeybox_t LoadTestKeybox;
L1_IsKeyboxValid_t IsKeyboxValid;
L1_IsKeyboxOrOEMCertValid_t IsKeyboxOrOEMCertValid;
L1_GetDeviceID_t GetDeviceID;
L1_GetKeyData_t GetKeyData;
L1_GetRandom_t GetRandom;
@@ -637,107 +637,94 @@ class Adapter {
}
// clang-format off
LOOKUP_ALL( 8, CloseSession, OEMCrypto_CloseSession);
LOOKUP_ALL(10, CopyBuffer, OEMCrypto_CopyBuffer);
LOOKUP_ALL(13, CopyOldUsageEntry, OEMCrypto_CopyOldUsageEntry);
LOOKUP_ALL(13, CreateNewUsageEntry, OEMCrypto_CreateNewUsageEntry);
LOOKUP_ALL(13, CreateOldUsageEntry, OEMCrypto_CreateOldUsageEntry);
LOOKUP_ALL(13, CreateUsageTableHeader, OEMCrypto_CreateUsageTableHeader);
LOOKUP( 9, 12, DeactivateUsageEntry_V12, OEMCrypto_DeactivateUsageEntry_V12);
LOOKUP_ALL(13, DeactivateUsageEntry, OEMCrypto_DeactivateUsageEntry);
LOOKUP( 8, 10, DecryptCTR_V10, OEMCrypto_DecryptCTR_V10);
LOOKUP_ALL(11, DecryptCENC, OEMCrypto_DecryptCENC);
LOOKUP_ALL( 9, DeleteOldUsageTable, OEMCrypto_DeleteOldUsageTable);
LOOKUP( 9, 12, DeleteUsageEntry, OEMCrypto_DeleteUsageEntry);
LOOKUP_ALL( 8, DeriveKeysFromSessionKey, OEMCrypto_DeriveKeysFromSessionKey);
LOOKUP(10, 12, ForceDeleteUsageEntry, OEMCrypto_ForceDeleteUsageEntry);
LOOKUP_ALL( 8, GenerateDerivedKeys, OEMCrypto_GenerateDerivedKeys);
LOOKUP_ALL( 8, GenerateNonce, OEMCrypto_GenerateNonce);
LOOKUP( 8, 8, GenerateRSASignature_V8, OEMCrypto_GenerateRSASignature_V8);
LOOKUP_ALL( 9, GenerateRSASignature, OEMCrypto_GenerateRSASignature);
LOOKUP_ALL( 8, GenerateSignature, OEMCrypto_GenerateSignature);
LOOKUP_ALL( 8, Generic_Decrypt, OEMCrypto_Generic_Decrypt);
LOOKUP_ALL( 8, Generic_Encrypt, OEMCrypto_Generic_Encrypt);
LOOKUP_ALL( 8, Generic_Sign, OEMCrypto_Generic_Sign);
LOOKUP_ALL( 8, Generic_Verify, OEMCrypto_Generic_Verify);
LOOKUP_ALL(13, GetCurrentSRMVersion, OEMCrypto_GetCurrentSRMVersion);
LOOKUP_ALL( 8, GetDeviceID, OEMCrypto_GetDeviceID);
LOOKUP( 9, 9, GetHDCPCapability_V9, OEMCrypto_GetHDCPCapability_V9);
LOOKUP_ALL(10, GetHDCPCapability, OEMCrypto_GetHDCPCapability);
LOOKUP_ALL(14, GetAnalogOutputFlags, OEMCrypto_GetAnalogOutputFlags);
LOOKUP_ALL( 8, GetKeyData, OEMCrypto_GetKeyData);
LOOKUP_ALL(10, GetMaxNumberOfSessions, OEMCrypto_GetMaxNumberOfSessions);
LOOKUP_ALL(10, GetNumberOfOpenSessions, OEMCrypto_GetNumberOfOpenSessions);
LOOKUP_ALL(12, GetOEMPublicCertificate, OEMCrypto_GetOEMPublicCertificate);
LOOKUP_ALL(12, GetProvisioningMethod, OEMCrypto_GetProvisioningMethod);
LOOKUP_ALL( 8, GetRandom, OEMCrypto_GetRandom);
LOOKUP_ALL( 8, InstallKeybox, OEMCrypto_InstallKeybox);
LOOKUP_ALL(10, IsAntiRollbackHwPresent, OEMCrypto_IsAntiRollbackHwPresent);
LOOKUP_ALL( 8, IsKeyboxValid, OEMCrypto_IsKeyboxValid);
LOOKUP_ALL(13, IsSRMUpdateSupported, OEMCrypto_IsSRMUpdateSupported);
LOOKUP_ALL( 8, LoadDeviceRSAKey, OEMCrypto_LoadDeviceRSAKey);
LOOKUP( 8, 8, LoadKeys_V8, OEMCrypto_LoadKeys_V8);
LOOKUP( 9, 10, LoadKeys_V9_or_V10, OEMCrypto_LoadKeys_V9_or_V10);
LOOKUP(11, 12, LoadKeys_V11_or_V12, OEMCrypto_LoadKeys_V11_or_V12);
LOOKUP(13, 13, LoadKeys_V13, OEMCrypto_LoadKeys_V13);
LOOKUP_ALL(14, LoadKeys, OEMCrypto_LoadKeys);
LOOKUP_ALL(14, LoadEntitledContentKeys, OEMCrypto_LoadEntitledContentKeys);
LOOKUP_ALL(13, LoadSRM, OEMCrypto_LoadSRM);
LOOKUP(10, 13, LoadTestKeybox_V13, OEMCrypto_LoadTestKeybox_V13);
LOOKUP_ALL(14, LoadTestKeybox, OEMCrypto_LoadTestKeybox);
LOOKUP_ALL(10, LoadTestRSAKey, OEMCrypto_LoadTestRSAKey);
LOOKUP_ALL(13, LoadUsageEntry, OEMCrypto_LoadUsageEntry);
LOOKUP_ALL(13, LoadUsageTableHeader, OEMCrypto_LoadUsageTableHeader);
LOOKUP_ALL(13, MoveEntry, OEMCrypto_MoveEntry);
LOOKUP_ALL( 8, OpenSession, OEMCrypto_OpenSession);
LOOKUP_ALL(10, QueryKeyControl, OEMCrypto_QueryKeyControl);
LOOKUP_ALL( 8, RefreshKeys, OEMCrypto_RefreshKeys);
LOOKUP_ALL(13, RemoveSRM, OEMCrypto_RemoveSRM);
LOOKUP_ALL( 9, ReportUsage, OEMCrypto_ReportUsage);
LOOKUP_ALL( 8, RewrapDeviceRSAKey, OEMCrypto_RewrapDeviceRSAKey);
LOOKUP_ALL(12, RewrapDeviceRSAKey30, OEMCrypto_RewrapDeviceRSAKey30);
LOOKUP_ALL( 8, SecurityLevel, OEMCrypto_SecurityLevel);
LOOKUP_ALL(11, SecurityPatchLevel, OEMCrypto_Security_Patch_Level);
LOOKUP( 8, 13, SelectKey_V13, OEMCrypto_SelectKey_V13);
LOOKUP_ALL(14, SelectKey, OEMCrypto_SelectKey);
LOOKUP_ALL(13, ShrinkUsageTableHeader, OEMCrypto_ShrinkUsageTableHeader);
LOOKUP_ALL(13, SupportedCertificates, OEMCrypto_SupportedCertificates);
LOOKUP_ALL( 9, SupportsUsageTable, OEMCrypto_SupportsUsageTable);
LOOKUP_ALL(13, UpdateUsageEntry, OEMCrypto_UpdateUsageEntry);
LOOKUP( 9, 12, UpdateUsageTable, OEMCrypto_UpdateUsageTable);
LOOKUP_ALL( 8, WrapKeybox, OEMCrypto_WrapKeybox);
LOOKUP_ALL( 8, CloseSession, OEMCrypto_CloseSession);
LOOKUP_ALL(10, CopyBuffer, OEMCrypto_CopyBuffer);
LOOKUP_ALL(13, CopyOldUsageEntry, OEMCrypto_CopyOldUsageEntry);
LOOKUP_ALL(13, CreateNewUsageEntry, OEMCrypto_CreateNewUsageEntry);
LOOKUP_ALL(13, CreateOldUsageEntry, OEMCrypto_CreateOldUsageEntry);
LOOKUP_ALL(13, CreateUsageTableHeader, OEMCrypto_CreateUsageTableHeader);
LOOKUP( 9, 12, DeactivateUsageEntry_V12, OEMCrypto_DeactivateUsageEntry_V12);
LOOKUP_ALL(13, DeactivateUsageEntry, OEMCrypto_DeactivateUsageEntry);
LOOKUP( 8, 10, DecryptCTR_V10, OEMCrypto_DecryptCTR_V10);
LOOKUP_ALL(11, DecryptCENC, OEMCrypto_DecryptCENC);
LOOKUP_ALL( 9, DeleteOldUsageTable, OEMCrypto_DeleteOldUsageTable);
LOOKUP( 9, 12, DeleteUsageEntry, OEMCrypto_DeleteUsageEntry);
LOOKUP_ALL( 8, DeriveKeysFromSessionKey, OEMCrypto_DeriveKeysFromSessionKey);
LOOKUP(10, 12, ForceDeleteUsageEntry, OEMCrypto_ForceDeleteUsageEntry);
LOOKUP_ALL( 8, GenerateDerivedKeys, OEMCrypto_GenerateDerivedKeys);
LOOKUP_ALL( 8, GenerateNonce, OEMCrypto_GenerateNonce);
LOOKUP( 8, 8, GenerateRSASignature_V8, OEMCrypto_GenerateRSASignature_V8);
LOOKUP_ALL( 9, GenerateRSASignature, OEMCrypto_GenerateRSASignature);
LOOKUP_ALL( 8, GenerateSignature, OEMCrypto_GenerateSignature);
LOOKUP_ALL( 8, Generic_Decrypt, OEMCrypto_Generic_Decrypt);
LOOKUP_ALL( 8, Generic_Encrypt, OEMCrypto_Generic_Encrypt);
LOOKUP_ALL( 8, Generic_Sign, OEMCrypto_Generic_Sign);
LOOKUP_ALL( 8, Generic_Verify, OEMCrypto_Generic_Verify);
LOOKUP_ALL(13, GetCurrentSRMVersion, OEMCrypto_GetCurrentSRMVersion);
LOOKUP_ALL( 8, GetDeviceID, OEMCrypto_GetDeviceID);
LOOKUP( 9, 9, GetHDCPCapability_V9, OEMCrypto_GetHDCPCapability_V9);
LOOKUP_ALL(10, GetHDCPCapability, OEMCrypto_GetHDCPCapability);
LOOKUP_ALL(14, GetAnalogOutputFlags, OEMCrypto_GetAnalogOutputFlags);
LOOKUP_ALL( 8, GetKeyData, OEMCrypto_GetKeyData);
LOOKUP_ALL(10, GetMaxNumberOfSessions, OEMCrypto_GetMaxNumberOfSessions);
LOOKUP_ALL(10, GetNumberOfOpenSessions, OEMCrypto_GetNumberOfOpenSessions);
LOOKUP_ALL(12, GetOEMPublicCertificate, OEMCrypto_GetOEMPublicCertificate);
LOOKUP_ALL(12, GetProvisioningMethod, OEMCrypto_GetProvisioningMethod);
LOOKUP_ALL( 8, GetRandom, OEMCrypto_GetRandom);
LOOKUP_ALL( 8, InstallKeyboxOrOEMCert, OEMCrypto_InstallKeyboxOrOEMCert);
LOOKUP_ALL(10, IsAntiRollbackHwPresent, OEMCrypto_IsAntiRollbackHwPresent);
LOOKUP_ALL( 8, IsKeyboxOrOEMCertValid, OEMCrypto_IsKeyboxOrOEMCertValid);
LOOKUP_ALL(13, IsSRMUpdateSupported, OEMCrypto_IsSRMUpdateSupported);
LOOKUP_ALL( 8, LoadDeviceRSAKey, OEMCrypto_LoadDeviceRSAKey);
LOOKUP( 8, 8, LoadKeys_V8, OEMCrypto_LoadKeys_V8);
LOOKUP( 9, 10, LoadKeys_V9_or_V10, OEMCrypto_LoadKeys_V9_or_V10);
LOOKUP(11, 12, LoadKeys_V11_or_V12, OEMCrypto_LoadKeys_V11_or_V12);
LOOKUP(13, 13, LoadKeys_V13, OEMCrypto_LoadKeys_V13);
LOOKUP_ALL(14, LoadKeys, OEMCrypto_LoadKeys);
LOOKUP_ALL(14, LoadEntitledContentKeys, OEMCrypto_LoadEntitledContentKeys);
LOOKUP_ALL(13, LoadSRM, OEMCrypto_LoadSRM);
LOOKUP(10, 13, LoadTestKeybox_V13, OEMCrypto_LoadTestKeybox_V13);
LOOKUP_ALL(14, LoadTestKeybox, OEMCrypto_LoadTestKeybox);
LOOKUP_ALL(10, LoadTestRSAKey, OEMCrypto_LoadTestRSAKey);
LOOKUP_ALL(13, LoadUsageEntry, OEMCrypto_LoadUsageEntry);
LOOKUP_ALL(13, LoadUsageTableHeader, OEMCrypto_LoadUsageTableHeader);
LOOKUP_ALL(13, MoveEntry, OEMCrypto_MoveEntry);
LOOKUP_ALL( 8, OpenSession, OEMCrypto_OpenSession);
LOOKUP_ALL(10, QueryKeyControl, OEMCrypto_QueryKeyControl);
LOOKUP_ALL( 8, RefreshKeys, OEMCrypto_RefreshKeys);
LOOKUP_ALL(13, RemoveSRM, OEMCrypto_RemoveSRM);
LOOKUP_ALL( 9, ReportUsage, OEMCrypto_ReportUsage);
LOOKUP_ALL( 8, RewrapDeviceRSAKey, OEMCrypto_RewrapDeviceRSAKey);
LOOKUP_ALL(12, RewrapDeviceRSAKey30, OEMCrypto_RewrapDeviceRSAKey30);
LOOKUP_ALL( 8, SecurityLevel, OEMCrypto_SecurityLevel);
LOOKUP_ALL(11, SecurityPatchLevel, OEMCrypto_Security_Patch_Level);
LOOKUP( 8, 13, SelectKey_V13, OEMCrypto_SelectKey_V13);
LOOKUP_ALL(14, SelectKey, OEMCrypto_SelectKey);
LOOKUP_ALL(13, ShrinkUsageTableHeader, OEMCrypto_ShrinkUsageTableHeader);
LOOKUP_ALL(13, SupportedCertificates, OEMCrypto_SupportedCertificates);
LOOKUP_ALL( 9, SupportsUsageTable, OEMCrypto_SupportsUsageTable);
LOOKUP_ALL(13, UpdateUsageEntry, OEMCrypto_UpdateUsageEntry);
LOOKUP( 9, 12, UpdateUsageTable, OEMCrypto_UpdateUsageTable);
LOOKUP_ALL( 8, WrapKeybox, OEMCrypto_WrapKeybox);
// clang-format on
// If we have a valid keybox, initialization is done. We're good.
if (OEMCrypto_SUCCESS == level1_.IsKeyboxValid()) {
// If the keybox or oem certificate is valid, we are done.
OEMCryptoResult root_valid = level1_.IsKeyboxOrOEMCertValid();
OEMCrypto_ProvisioningMethod provisioning_method =
level1_.GetProvisioningMethod();
if (root_valid == OEMCrypto_SUCCESS) {
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_WITH_KEYBOX);
return true;
}
// If we use provisioning 3.0, initialization is done. We may not
// be good, but there's no reason to try loading a keybox. Any errors
// will have to be caught in the future when provisioning fails.
if (level1_.version > 11 &&
(level1_.GetProvisioningMethod() == OEMCrypto_OEMCertificate)) {
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_WITH_PROVISIONING_3_0);
return true;
}
uint8_t buffer[1];
size_t buffer_size = 0;
if (OEMCrypto_ERROR_NOT_IMPLEMENTED == level1_.GetKeyData(buffer,
&buffer_size)){
// If GetKeyData is not implemented, then the device should only use a
// baked in certificate as identification. We will assume that a device
// with a bad keybox returns a different error code.
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_WITH_CERTIFICATE);
(provisioning_method == OEMCrypto_Keybox)
? wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_WITH_KEYBOX
: wvcdm::metrics::
OEMCrypto_INITIALIZED_USING_L1_WITH_PROVISIONING_3_0);
return true;
}
wvcdm::FileSystem file_system;
std::string filename;
if (!wvcdm::Properties::GetFactoryKeyboxPath(&filename)) {
LOGW("Bad Level 1 Keybox. Falling Back to L3.");
LOGW("Bad Level 1 Root of Trust. Falling Back to L3.");
level1_.Terminate();
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L3_BAD_KEYBOX);
@@ -761,11 +748,12 @@ class Adapter {
OEMCrypto_INITIALIZED_USING_L3_COULD_NOT_OPEN_FACTORY_KEYBOX);
return false;
}
std::vector<uint8_t> keybox(size);
ssize_t size_read = file->Read(reinterpret_cast<char*>(&keybox[0]), size);
std::vector<uint8_t> root_key(size);
ssize_t size_read = file->Read(reinterpret_cast<char*>(&root_key[0]), size);
file->Close();
if (level1_.InstallKeybox(&keybox[0], size_read) != OEMCrypto_SUCCESS) {
LOGE("Could NOT install keybox from %s. Falling Back to L3.",
if (level1_.InstallKeyboxOrOEMCert(&root_key[0], size_read) !=
OEMCrypto_SUCCESS) {
LOGE("Could NOT install root key from %s. Falling Back to L3.",
filename.c_str());
level1_.Terminate();
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
@@ -773,7 +761,16 @@ class Adapter {
OEMCrypto_INITIALIZED_USING_L3_COULD_NOT_INSTALL_KEYBOX);
return false;
}
LOGI("Installed keybox from %s", filename.c_str());
if (level1_.IsKeyboxOrOEMCertValid() != OEMCrypto_SUCCESS) {
LOGE("Installed bad key from %s. Falling Back to L3.",
filename.c_str());
level1_.Terminate();
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
wvcdm::metrics::
OEMCrypto_INITIALIZED_USING_L3_COULD_NOT_INSTALL_KEYBOX);
return false;
}
LOGI("Installed root key from %s", filename.c_str());
metrics->OemCryptoDynamicAdapterMetrics::SetInitializationMode(
wvcdm::metrics::OEMCrypto_INITIALIZED_USING_L1_INSTALLED_KEYBOX);
return true;
@@ -781,64 +778,64 @@ class Adapter {
void LoadLevel3() {
// clang-format off
level3_.Terminate = Level3_Terminate;
level3_.OpenSession = Level3_OpenSession;
level3_.CloseSession = Level3_CloseSession;
level3_.GenerateDerivedKeys = Level3_GenerateDerivedKeys;
level3_.GenerateNonce = Level3_GenerateNonce;
level3_.GenerateSignature = Level3_GenerateSignature;
level3_.LoadKeys = Level3_LoadKeys;
level3_.LoadEntitledContentKeys = Level3_LoadEntitledContentKeys;
level3_.RefreshKeys = Level3_RefreshKeys;
level3_.QueryKeyControl = Level3_QueryKeyControl;
level3_.SelectKey = Level3_SelectKey;
level3_.DecryptCENC = Level3_DecryptCENC;
level3_.CopyBuffer = Level3_CopyBuffer;
level3_.WrapKeybox = Level3_WrapKeybox;
level3_.InstallKeybox = Level3_InstallKeybox;
level3_.LoadTestKeybox = Level3_LoadTestKeybox;
level3_.IsKeyboxValid = Level3_IsKeyboxValid;
level3_.GetDeviceID = Level3_GetDeviceID;
level3_.GetKeyData = Level3_GetKeyData;
level3_.GetRandom = Level3_GetRandom;
level3_.RewrapDeviceRSAKey = Level3_RewrapDeviceRSAKey;
level3_.LoadDeviceRSAKey = Level3_LoadDeviceRSAKey;
level3_.LoadTestRSAKey = Level3_LoadTestRSAKey;
level3_.GenerateRSASignature = Level3_GenerateRSASignature;
level3_.DeriveKeysFromSessionKey = Level3_DeriveKeysFromSessionKey;
level3_.APIVersion = Level3_APIVersion;
level3_.SecurityPatchLevel = Level3_SecurityPatchLevel;
level3_.SecurityLevel = Level3_SecurityLevel;
level3_.GetHDCPCapability = Level3_GetHDCPCapability;
level3_.GetAnalogOutputFlags = Level3_GetAnalogOutputFlags;
level3_.SupportsUsageTable = Level3_SupportsUsageTable;
level3_.IsAntiRollbackHwPresent = Level3_IsAntiRollbackHwPresent;
level3_.GetNumberOfOpenSessions = Level3_GetNumberOfOpenSessions;
level3_.GetMaxNumberOfSessions = Level3_GetMaxNumberOfSessions;
level3_.Generic_Decrypt = Level3_Generic_Decrypt;
level3_.Generic_Encrypt = Level3_Generic_Encrypt;
level3_.Generic_Sign = Level3_Generic_Sign;
level3_.Generic_Verify = Level3_Generic_Verify;
level3_.DeactivateUsageEntry = Level3_DeactivateUsageEntry;
level3_.ReportUsage = Level3_ReportUsage;
level3_.DeleteOldUsageTable = Level3_DeleteOldUsageTable;
level3_.GetProvisioningMethod = Level3_GetProvisioningMethod;
level3_.GetOEMPublicCertificate = Level3_GetOEMPublicCertificate;
level3_.RewrapDeviceRSAKey30 = Level3_RewrapDeviceRSAKey30;
level3_.SupportedCertificates = Level3_SupportedCertificates;
level3_.IsSRMUpdateSupported = Level3_IsSRMUpdateSupported;
level3_.GetCurrentSRMVersion = Level3_GetCurrentSRMVersion;
level3_.LoadSRM = Level3_LoadSRM;
level3_.RemoveSRM = Level3_RemoveSRM;
level3_.CreateUsageTableHeader = Level3_CreateUsageTableHeader;
level3_.LoadUsageTableHeader = Level3_LoadUsageTableHeader;
level3_.CreateNewUsageEntry = Level3_CreateNewUsageEntry;
level3_.LoadUsageEntry = Level3_LoadUsageEntry;
level3_.UpdateUsageEntry = Level3_UpdateUsageEntry;
level3_.ShrinkUsageTableHeader = Level3_ShrinkUsageTableHeader;
level3_.MoveEntry = Level3_MoveEntry;
level3_.CopyOldUsageEntry = Level3_CopyOldUsageEntry;
level3_.CreateOldUsageEntry = Level3_CreateOldUsageEntry;
level3_.Terminate = Level3_Terminate;
level3_.OpenSession = Level3_OpenSession;
level3_.CloseSession = Level3_CloseSession;
level3_.GenerateDerivedKeys = Level3_GenerateDerivedKeys;
level3_.GenerateNonce = Level3_GenerateNonce;
level3_.GenerateSignature = Level3_GenerateSignature;
level3_.LoadKeys = Level3_LoadKeys;
level3_.LoadEntitledContentKeys = Level3_LoadEntitledContentKeys;
level3_.RefreshKeys = Level3_RefreshKeys;
level3_.QueryKeyControl = Level3_QueryKeyControl;
level3_.SelectKey = Level3_SelectKey;
level3_.DecryptCENC = Level3_DecryptCENC;
level3_.CopyBuffer = Level3_CopyBuffer;
level3_.WrapKeybox = Level3_WrapKeybox;
level3_.InstallKeyboxOrOEMCert = Level3_InstallKeybox;
level3_.LoadTestKeybox = Level3_LoadTestKeybox;
level3_.IsKeyboxOrOEMCertValid = Level3_IsKeyboxValid;
level3_.GetDeviceID = Level3_GetDeviceID;
level3_.GetKeyData = Level3_GetKeyData;
level3_.GetRandom = Level3_GetRandom;
level3_.RewrapDeviceRSAKey = Level3_RewrapDeviceRSAKey;
level3_.LoadDeviceRSAKey = Level3_LoadDeviceRSAKey;
level3_.LoadTestRSAKey = Level3_LoadTestRSAKey;
level3_.GenerateRSASignature = Level3_GenerateRSASignature;
level3_.DeriveKeysFromSessionKey = Level3_DeriveKeysFromSessionKey;
level3_.APIVersion = Level3_APIVersion;
level3_.SecurityPatchLevel = Level3_SecurityPatchLevel;
level3_.SecurityLevel = Level3_SecurityLevel;
level3_.GetHDCPCapability = Level3_GetHDCPCapability;
level3_.GetAnalogOutputFlags = Level3_GetAnalogOutputFlags;
level3_.SupportsUsageTable = Level3_SupportsUsageTable;
level3_.IsAntiRollbackHwPresent = Level3_IsAntiRollbackHwPresent;
level3_.GetNumberOfOpenSessions = Level3_GetNumberOfOpenSessions;
level3_.GetMaxNumberOfSessions = Level3_GetMaxNumberOfSessions;
level3_.Generic_Decrypt = Level3_Generic_Decrypt;
level3_.Generic_Encrypt = Level3_Generic_Encrypt;
level3_.Generic_Sign = Level3_Generic_Sign;
level3_.Generic_Verify = Level3_Generic_Verify;
level3_.DeactivateUsageEntry = Level3_DeactivateUsageEntry;
level3_.ReportUsage = Level3_ReportUsage;
level3_.DeleteOldUsageTable = Level3_DeleteOldUsageTable;
level3_.GetProvisioningMethod = Level3_GetProvisioningMethod;
level3_.GetOEMPublicCertificate = Level3_GetOEMPublicCertificate;
level3_.RewrapDeviceRSAKey30 = Level3_RewrapDeviceRSAKey30;
level3_.SupportedCertificates = Level3_SupportedCertificates;
level3_.IsSRMUpdateSupported = Level3_IsSRMUpdateSupported;
level3_.GetCurrentSRMVersion = Level3_GetCurrentSRMVersion;
level3_.LoadSRM = Level3_LoadSRM;
level3_.RemoveSRM = Level3_RemoveSRM;
level3_.CreateUsageTableHeader = Level3_CreateUsageTableHeader;
level3_.LoadUsageTableHeader = Level3_LoadUsageTableHeader;
level3_.CreateNewUsageEntry = Level3_CreateNewUsageEntry;
level3_.LoadUsageEntry = Level3_LoadUsageEntry;
level3_.UpdateUsageEntry = Level3_UpdateUsageEntry;
level3_.ShrinkUsageTableHeader = Level3_ShrinkUsageTableHeader;
level3_.MoveEntry = Level3_MoveEntry;
level3_.CopyOldUsageEntry = Level3_CopyOldUsageEntry;
level3_.CreateOldUsageEntry = Level3_CreateOldUsageEntry;
// clang-format on
level3_.version = Level3_APIVersion();
@@ -954,14 +951,15 @@ OEMCryptoResult OEMCrypto_CopyBuffer(
return fcn->CopyBuffer(data_addr, data_length, out_buffer, subsample_flags);
}
OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(const uint8_t* keybox,
size_t keyBoxLength,
SecurityLevel level) {
if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
const FunctionPointers* fcn = kAdapter->get(level);
if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION;
if (fcn->InstallKeybox == NULL) return OEMCrypto_ERROR_NOT_IMPLEMENTED;
return fcn->InstallKeybox(keybox, keyBoxLength);
if (fcn->InstallKeyboxOrOEMCert == NULL)
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
return fcn->InstallKeyboxOrOEMCert(keybox, keyBoxLength);
}
OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod(
@@ -974,12 +972,13 @@ OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod(
return fcn->GetProvisioningMethod();
}
OEMCryptoResult OEMCrypto_IsKeyboxValid(SecurityLevel level) {
OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(SecurityLevel level) {
if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
const FunctionPointers* fcn = kAdapter->get(level);
if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION;
if (fcn->IsKeyboxValid == NULL) return OEMCrypto_ERROR_NOT_IMPLEMENTED;
return fcn->IsKeyboxValid();
if (fcn->IsKeyboxOrOEMCertValid == NULL)
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
return fcn->IsKeyboxOrOEMCertValid();
}
OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID, size_t* idLength,
@@ -1501,9 +1500,9 @@ extern "C" OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox,
wrappedKeyBoxLength, transportKey, transportKeyLength);
}
extern "C" OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
extern "C" OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(const uint8_t* keybox,
size_t keyBoxLength) {
return OEMCrypto_InstallKeybox(keybox, keyBoxLength, kLevelDefault);
return OEMCrypto_InstallKeyboxOrOEMCert(keybox, keyBoxLength, kLevelDefault);
}
extern "C" OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t* buffer,
@@ -1520,8 +1519,8 @@ extern "C" OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t* buffer,
return fcn->LoadTestKeybox(buffer, length);
}
extern "C" OEMCryptoResult OEMCrypto_IsKeyboxValid() {
return OEMCrypto_IsKeyboxValid(kLevelDefault);
extern "C" OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid() {
return OEMCrypto_IsKeyboxOrOEMCertValid(kLevelDefault);
}
extern "C" OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod() {