Reorder OEMCrypto definitions according to OEMCryptoCENC.h
Merged from Widevine CDM repo: https://widevine-internal-review.googlesource.com/#/c/13510/ Change-Id: I0ce612a5ff2167704a87e3b3b650beaddf095c61
This commit is contained in:
KongQun Yang
@@ -93,19 +93,35 @@ OEMCryptoResult Level3_RefreshKeys(OEMCrypto_SESSION session,
|
||||
size_t signature_length,
|
||||
size_t num_keys,
|
||||
const OEMCrypto_KeyRefreshObject* key_array);
|
||||
OEMCryptoResult Level3_QueryKeyControl(OEMCrypto_SESSION session,
|
||||
const uint8_t* key_id,
|
||||
size_t key_id_length,
|
||||
uint8_t* key_control_block,
|
||||
size_t* key_control_block_length);
|
||||
OEMCryptoResult Level3_SelectKey(const OEMCrypto_SESSION session,
|
||||
const uint8_t* key_id,
|
||||
size_t key_id_length);
|
||||
OEMCryptoResult Level3_DecryptCTR(OEMCrypto_SESSION session,
|
||||
const uint8_t *data_addr,
|
||||
size_t data_length,
|
||||
bool is_encrypted,
|
||||
const uint8_t *iv,
|
||||
size_t block_offset,
|
||||
const OEMCrypto_DestBufferDesc* out_buffer,
|
||||
uint8_t subsample_flags);
|
||||
const uint8_t *data_addr,
|
||||
size_t data_length,
|
||||
bool is_encrypted,
|
||||
const uint8_t *iv,
|
||||
size_t block_offset,
|
||||
const OEMCrypto_DestBufferDesc* out_buffer,
|
||||
uint8_t subsample_flags);
|
||||
OEMCryptoResult Level3_CopyBuffer(const uint8_t *data_addr,
|
||||
size_t data_length,
|
||||
OEMCrypto_DestBufferDesc* out_buffer,
|
||||
uint8_t subsample_flags);
|
||||
OEMCryptoResult Level3_WrapKeybox(const uint8_t *keybox,
|
||||
size_t keyBoxLength,
|
||||
uint8_t *wrappedKeybox,
|
||||
size_t *wrappedKeyBoxLength,
|
||||
const uint8_t *transportKey,
|
||||
size_t transportKeyLength);
|
||||
OEMCryptoResult Level3_InstallKeybox(const uint8_t *keybox,
|
||||
size_t keyBoxLength);
|
||||
OEMCryptoResult Level3_LoadTestKeybox();
|
||||
OEMCryptoResult Level3_IsKeyboxValid(void);
|
||||
OEMCryptoResult Level3_GetDeviceID(uint8_t* deviceID,
|
||||
size_t *idLength);
|
||||
@@ -113,12 +129,6 @@ OEMCryptoResult Level3_GetKeyData(uint8_t* keyData,
|
||||
size_t *keyDataLength);
|
||||
OEMCryptoResult Level3_GetRandom(uint8_t* randomData,
|
||||
size_t dataLength);
|
||||
OEMCryptoResult Level3_WrapKeybox(const uint8_t *keybox,
|
||||
size_t keyBoxLength,
|
||||
uint8_t *wrappedKeybox,
|
||||
size_t *wrappedKeyBoxLength,
|
||||
const uint8_t *transportKey,
|
||||
size_t transportKeyLength);
|
||||
OEMCryptoResult Level3_RewrapDeviceRSAKey(OEMCrypto_SESSION session,
|
||||
const uint8_t* message,
|
||||
size_t message_length,
|
||||
@@ -148,6 +158,11 @@ OEMCryptoResult Level3_DeriveKeysFromSessionKey(OEMCrypto_SESSION session,
|
||||
size_t enc_key_context_length);
|
||||
uint32_t Level3_APIVersion();
|
||||
const char* Level3_SecurityLevel();
|
||||
OEMCryptoResult Level3_GetHDCPCapability(OEMCrypto_HDCP_Capability* current,
|
||||
OEMCrypto_HDCP_Capability* maximum);
|
||||
bool Level3_SupportsUsageTable();
|
||||
OEMCryptoResult Level3_GetNumberOfOpenSessions(size_t* count);
|
||||
OEMCryptoResult Level3_GetMaxNumberOfSessions(size_t* maximum);
|
||||
OEMCryptoResult Level3_Generic_Encrypt(OEMCrypto_SESSION session,
|
||||
const uint8_t* in_buffer,
|
||||
size_t buffer_length,
|
||||
@@ -172,9 +187,6 @@ OEMCryptoResult Level3_Generic_Verify(OEMCrypto_SESSION session,
|
||||
OEMCrypto_Algorithm algorithm,
|
||||
const uint8_t* signature,
|
||||
size_t signature_length);
|
||||
OEMCryptoResult Level3_GetHDCPCapability(OEMCrypto_HDCP_Capability *current,
|
||||
OEMCrypto_HDCP_Capability *maximum);
|
||||
bool Level3_SupportsUsageTable();
|
||||
OEMCryptoResult Level3_UpdateUsageTable();
|
||||
OEMCryptoResult Level3_DeactivateUsageEntry(const uint8_t *pst,
|
||||
size_t pst_length);
|
||||
@@ -190,21 +202,11 @@ OEMCryptoResult Level3_DeleteUsageEntry(OEMCrypto_SESSION session,
|
||||
size_t message_length,
|
||||
const uint8_t *signature,
|
||||
size_t signature_length);
|
||||
OEMCryptoResult Level3_DeleteUsageTable();
|
||||
OEMCryptoResult Level3_GetMaxNumberOfSessions(size_t *maximum);
|
||||
OEMCryptoResult Level3_GetCurrentNumberOfSessions(size_t *count);
|
||||
OEMCryptoResult Level3_LoadTestKeybox();
|
||||
OEMCryptoResult Level3_CopyBuffer(const uint8_t *data_addr,
|
||||
size_t data_length,
|
||||
OEMCrypto_DestBufferDesc* out_buffer,
|
||||
uint8_t subsample_flags);
|
||||
OEMCryptoResult Level3_QueryKeyControl(OEMCrypto_SESSION session,
|
||||
const uint8_t* key_id,
|
||||
size_t key_id_length,
|
||||
uint8_t* key_control_block,
|
||||
size_t* key_control_block_length);
|
||||
OEMCryptoResult Level3_ForceDeleteUsageEntry(const uint8_t* pst,
|
||||
size_t pst_length);
|
||||
};
|
||||
}
|
||||
OEMCryptoResult Level3_DeleteUsageTable();
|
||||
|
||||
} // extern "C"
|
||||
} // namespace wvoec3
|
||||
|
||||
#endif // LEVEL3_OEMCRYPTO_H_
|
||||
|
||||
@@ -107,50 +107,6 @@ OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session) {
|
||||
}
|
||||
}
|
||||
|
||||
extern "C"
|
||||
OEMCryptoResult OEMCrypto_GenerateNonce(OEMCrypto_SESSION session,
|
||||
uint32_t* nonce) {
|
||||
if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
|
||||
LOGI("-- OEMCryptoResult OEMCrypto_GenerateNonce"
|
||||
"(OEMCrypto_SESSION session,\n");
|
||||
}
|
||||
SessionContext* session_ctx = crypto_engine->FindSession(session);
|
||||
if (!session_ctx || !session_ctx->isValid()) {
|
||||
LOGE("[OEMCrypto_GenerateNonce(): ERROR_INVALID_SESSION]");
|
||||
return OEMCrypto_ERROR_INVALID_SESSION;
|
||||
}
|
||||
|
||||
// Prevent nonce flood.
|
||||
static time_t last_nonce_time = 0;
|
||||
static int nonce_count = 0;
|
||||
time_t now = time(NULL);
|
||||
if (now == last_nonce_time) {
|
||||
nonce_count++;
|
||||
if (nonce_count > 20) {
|
||||
LOGE("[OEMCrypto_GenerateNonce(): Nonce Flood detected]");
|
||||
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||
}
|
||||
} else {
|
||||
nonce_count = 1;
|
||||
last_nonce_time = now;
|
||||
}
|
||||
|
||||
uint32_t nonce_value;
|
||||
uint8_t* nonce_string = reinterpret_cast<uint8_t*>(&nonce_value);
|
||||
|
||||
// Generate 4 bytes of random data
|
||||
if (!RAND_bytes(nonce_string, 4)) {
|
||||
LOGE("[OEMCrypto_GenerateNonce(): Random bytes failure]");
|
||||
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||
}
|
||||
session_ctx->AddNonce(nonce_value);
|
||||
*nonce = nonce_value;
|
||||
if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
|
||||
LOGI("nonce = %08x\n", nonce_value);
|
||||
}
|
||||
return OEMCrypto_SUCCESS;
|
||||
}
|
||||
|
||||
extern "C"
|
||||
OEMCryptoResult OEMCrypto_GenerateDerivedKeys(OEMCrypto_SESSION session,
|
||||
const uint8_t* mac_key_context,
|
||||
@@ -200,6 +156,50 @@ OEMCryptoResult OEMCrypto_GenerateDerivedKeys(OEMCrypto_SESSION session,
|
||||
return OEMCrypto_SUCCESS;
|
||||
}
|
||||
|
||||
extern "C"
|
||||
OEMCryptoResult OEMCrypto_GenerateNonce(OEMCrypto_SESSION session,
|
||||
uint32_t* nonce) {
|
||||
if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
|
||||
LOGI("-- OEMCryptoResult OEMCrypto_GenerateNonce"
|
||||
"(OEMCrypto_SESSION session,\n");
|
||||
}
|
||||
SessionContext* session_ctx = crypto_engine->FindSession(session);
|
||||
if (!session_ctx || !session_ctx->isValid()) {
|
||||
LOGE("[OEMCrypto_GenerateNonce(): ERROR_INVALID_SESSION]");
|
||||
return OEMCrypto_ERROR_INVALID_SESSION;
|
||||
}
|
||||
|
||||
// Prevent nonce flood.
|
||||
static time_t last_nonce_time = 0;
|
||||
static int nonce_count = 0;
|
||||
time_t now = time(NULL);
|
||||
if (now == last_nonce_time) {
|
||||
nonce_count++;
|
||||
if (nonce_count > 20) {
|
||||
LOGE("[OEMCrypto_GenerateNonce(): Nonce Flood detected]");
|
||||
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||
}
|
||||
} else {
|
||||
nonce_count = 1;
|
||||
last_nonce_time = now;
|
||||
}
|
||||
|
||||
uint32_t nonce_value;
|
||||
uint8_t* nonce_string = reinterpret_cast<uint8_t*>(&nonce_value);
|
||||
|
||||
// Generate 4 bytes of random data
|
||||
if (!RAND_bytes(nonce_string, 4)) {
|
||||
LOGE("[OEMCrypto_GenerateNonce(): Random bytes failure]");
|
||||
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||
}
|
||||
session_ctx->AddNonce(nonce_value);
|
||||
*nonce = nonce_value;
|
||||
if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
|
||||
LOGI("nonce = %08x\n", nonce_value);
|
||||
}
|
||||
return OEMCrypto_SUCCESS;
|
||||
}
|
||||
|
||||
extern "C"
|
||||
OEMCryptoResult OEMCrypto_GenerateSignature(
|
||||
OEMCrypto_SESSION session,
|
||||
@@ -298,8 +298,6 @@ OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (NO_ERROR != crypto_engine->ValidateKeybox()) {
|
||||
LOGE("[OEMCrypto_LoadKeys(): ERROR_KEYBOX_INVALID]");
|
||||
return OEMCrypto_ERROR_KEYBOX_INVALID;
|
||||
@@ -546,6 +544,26 @@ OEMCryptoResult OEMCrypto_DecryptCTR(OEMCrypto_SESSION session,
|
||||
is_encrypted, destination, buffer_type);
|
||||
}
|
||||
|
||||
extern "C"
|
||||
OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox,
|
||||
size_t keyBoxLength,
|
||||
uint8_t* wrappedKeybox,
|
||||
size_t* wrappedKeyBoxLength,
|
||||
const uint8_t* transportKey,
|
||||
size_t transportKeyLength) {
|
||||
if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
|
||||
LOGI("-- OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t *keybox,\n");
|
||||
}
|
||||
if (!keybox || !wrappedKeybox || !wrappedKeyBoxLength
|
||||
|| (keyBoxLength != *wrappedKeyBoxLength)) {
|
||||
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||
}
|
||||
// This implementation ignores the transport key. For test keys, we
|
||||
// don't need to encrypt the keybox.
|
||||
memcpy(wrappedKeybox, keybox, keyBoxLength);
|
||||
return OEMCrypto_SUCCESS;
|
||||
}
|
||||
|
||||
extern "C"
|
||||
OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
|
||||
size_t keyBoxLength) {
|
||||
@@ -635,26 +653,6 @@ OEMCryptoResult OEMCrypto_GetRandom(uint8_t* randomData, size_t dataLength) {
|
||||
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||
}
|
||||
|
||||
extern "C"
|
||||
OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox,
|
||||
size_t keyBoxLength,
|
||||
uint8_t* wrappedKeybox,
|
||||
size_t* wrappedKeyBoxLength,
|
||||
const uint8_t* transportKey,
|
||||
size_t transportKeyLength) {
|
||||
if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
|
||||
LOGI("-- OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t *keybox,\n");
|
||||
}
|
||||
if (!keybox || !wrappedKeybox || !wrappedKeyBoxLength
|
||||
|| (keyBoxLength != *wrappedKeyBoxLength)) {
|
||||
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||
}
|
||||
// This implementation ignores the transport key. For test keys, we
|
||||
// don't need to encrypt the keybox.
|
||||
memcpy(wrappedKeybox, keybox, keyBoxLength);
|
||||
return OEMCrypto_SUCCESS;
|
||||
}
|
||||
|
||||
extern "C"
|
||||
OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey(OEMCrypto_SESSION session,
|
||||
const uint8_t* message,
|
||||
@@ -1016,6 +1014,27 @@ OEMCryptoResult OEMCrypto_GetHDCPCapability(
|
||||
return OEMCrypto_SUCCESS;
|
||||
}
|
||||
|
||||
extern "C"
|
||||
bool OEMCrypto_SupportsUsageTable() {
|
||||
bool supports_usage = crypto_engine->supports_storage();
|
||||
if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
|
||||
LOGI("-- bool OEMCrypto_SupportsUsageTable(); // returns %s.\n",
|
||||
(supports_usage ? "true" : "false"));
|
||||
}
|
||||
return supports_usage;
|
||||
}
|
||||
|
||||
extern "C"
|
||||
OEMCryptoResult OEMCrypto_GetMaxNumberOfSessions(size_t* maximum) {
|
||||
if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
|
||||
LOGI("-- OEMCryptoResult OEMCrypto_GetMaxNumberOfSessions(%p)\n", maximum);
|
||||
}
|
||||
if (maximum == NULL) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||
const size_t kMaxSupportedOEMCryptoSessions = 64;
|
||||
*maximum = kMaxSupportedOEMCryptoSessions;
|
||||
return OEMCrypto_SUCCESS;
|
||||
}
|
||||
|
||||
extern "C"
|
||||
OEMCryptoResult OEMCrypto_Generic_Encrypt(OEMCrypto_SESSION session,
|
||||
const uint8_t* in_buffer,
|
||||
@@ -1173,16 +1192,6 @@ OEMCryptoResult OEMCrypto_Generic_Verify(OEMCrypto_SESSION session,
|
||||
signature, signature_length);
|
||||
}
|
||||
|
||||
extern "C"
|
||||
bool OEMCrypto_SupportsUsageTable() {
|
||||
bool supports_usage = crypto_engine->supports_storage();
|
||||
if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
|
||||
LOGI("-- bool OEMCrypto_SupportsUsageTable(); // returns %s.\n",
|
||||
(supports_usage ? "true" : "false"));
|
||||
}
|
||||
return supports_usage;
|
||||
}
|
||||
|
||||
extern "C"
|
||||
OEMCryptoResult OEMCrypto_UpdateUsageTable() {
|
||||
if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
|
||||
@@ -1291,15 +1300,4 @@ OEMCryptoResult OEMCrypto_DeleteUsageTable() {
|
||||
return OEMCrypto_SUCCESS;
|
||||
}
|
||||
|
||||
extern "C"
|
||||
OEMCryptoResult OEMCrypto_GetMaxNumberOfSessions(size_t *maximum) {
|
||||
if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
|
||||
LOGI("-- OEMCryptoResult OEMCrypto_GetMaxNumberOfSessions(%p)\n", maximum);
|
||||
}
|
||||
if (maximum == NULL) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
|
||||
const size_t kMaxSupportedOEMCryptoSessions = 64;
|
||||
*maximum = kMaxSupportedOEMCryptoSessions;
|
||||
return OEMCrypto_SUCCESS;
|
||||
}
|
||||
|
||||
} // namespace wvoec_mock
|
||||
|
||||
Reference in New Issue
Block a user