widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OEMCrypto Version 9 API (KLP Modular Version)

Browse Source 
This CL changes the header file and documentation for OEMCrypto
version 9.

It is a cherry pick of Change-Id: I1a43a686ef5d345132affc672bc1c6acf7b3f661

I modified the reference implementation and the calling functions just
enough that existing unit tests still pass.  Acutal implementation of this
API will be in future CLs.

Comments on the documentation can be made in the Google Doc here:
    https://docs.google.com/a/google.com/document/d/1pHSJ2IKL0axmQz2gmDZ7olxPWb_ZcULaJrYwDZAeS7k/edit?usp=sharing

Merge of https://widevine-internal-review.googlesource.com/#/c/9170/
from the widevine cdm repo.

Change-Id: I0197b1dfadedd6cc85710c7408e739cedeb45dce
This commit is contained in:
Jeff Tinker
2014-03-10 10:29:50 -07:00
parent adfd599175
commit b2af1e6303
8 changed files with 1136 additions and 400 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libwvdrmengine/cdm/core/src/crypto_session.cpp
View File

@@ -382,7 +382,7 @@ CdmResponseType CryptoSession::LoadKeys(const std::string& message,
OEMCryptoResult sts = OEMCrypto_LoadKeys(
oec_session_id_, msg, message.size(),
reinterpret_cast<const uint8_t*>(signature.data()), signature.size(),
enc_mac_key_iv, enc_mac_key, num_keys, &load_key_array[0]);
enc_mac_key_iv, enc_mac_key, num_keys, &load_key_array[0], NULL, 0);
if (OEMCrypto_SUCCESS == sts) {
return KEY_ADDED;
@@ -514,7 +514,7 @@ bool CryptoSession::GenerateSignature(const std::string& message, bool use_rsa,
if (use_rsa) {
sts = OEMCrypto_GenerateRSASignature(
oec_session_id_, reinterpret_cast<const uint8_t*>(message.data()),
message.size(), NULL, &length);
message.size(), NULL, &length, kSign_RSASSA_PSS);
if (OEMCrypto_ERROR_SHORT_BUFFER != sts) {
LOGD("GenerateSignature: OEMCrypto_GenerateRSASignature err=%d", sts);
return false;
@@ -537,7 +537,7 @@ bool CryptoSession::GenerateSignature(const std::string& message, bool use_rsa,
oec_session_id_, reinterpret_cast<const uint8_t*>(message.data()),
message.size(),
reinterpret_cast<uint8_t*>(const_cast<char*>(signature->data())),
&length);
&length, kSign_RSASSA_PSS);
} else {
sts = OEMCrypto_GenerateSignature(
oec_session_id_, reinterpret_cast<const uint8_t*>(message.data()),

20
libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
View File

@@ -48,7 +48,8 @@ typedef OEMCryptoResult (*L1_LoadKeys_t)(
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
const uint8_t* signature, size_t signature_length,
const uint8_t* enc_mac_key_iv, const uint8_t* enc_mac_key, size_t num_keys,
const OEMCrypto_KeyObject* key_array);
const OEMCrypto_KeyObject* key_array,
const uint8_t* pst, size_t pst_length);
typedef OEMCryptoResult (*L1_RefreshKeys_t)(
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
const uint8_t* signature, size_t signature_length, size_t num_keys,
@@ -88,7 +89,8 @@ typedef OEMCryptoResult (*L1_GenerateRSASignature_t)(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
uint8_t* signature,
size_t* signature_length);
size_t* signature_length,
RSA_Padding_Scheme algorithm);
typedef OEMCryptoResult (*L1_DeriveKeysFromSessionKey_t)(
OEMCrypto_SESSION session, const uint8_t* enc_session_key,
size_t enc_session_key_length, const uint8_t* mac_key_context,
@@ -239,9 +241,10 @@ class Adapter {
return false;
}
uint32_t level1_version = level1_.APIVersion();
if (level1_version != oec_latest_version) {
uint32_t minimum_version = 8; // TODO(fredgc): allow version 8 and 9?
if (level1_version < minimum_version) {
LOGW("liboemcrypto.so is version %d, not %d. Falling Back to L3.",
level1_version, oec_latest_version);
level1_version, minimum_version);
return false;
}
if (OEMCrypto_SUCCESS == level1_.IsKeyboxValid()) {
@@ -439,13 +442,14 @@ extern "C" OEMCryptoResult OEMCrypto_LoadKeys(
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
const uint8_t* signature, size_t signature_length,
const uint8_t* enc_mac_key_iv, const uint8_t* enc_mac_key, size_t num_keys,
const OEMCrypto_KeyObject* key_array) {
const OEMCrypto_KeyObject* key_array,
const uint8_t* pst, size_t pst_length) {
if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
LevelSession pair = kAdapter->get(session);
if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION;
return pair.fcn->LoadKeys(pair.session, message, message_length, signature,
signature_length, enc_mac_key_iv, enc_mac_key,
num_keys, key_array);
num_keys, key_array, pst, pst_length);
}
extern "C" OEMCryptoResult OEMCrypto_RefreshKeys(
@@ -579,12 +583,12 @@ extern "C" OEMCryptoResult OEMCrypto_LoadDeviceRSAKey(
extern "C" OEMCryptoResult OEMCrypto_GenerateRSASignature(
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
uint8_t* signature, size_t* signature_length) {
uint8_t* signature, size_t* signature_length, RSA_Padding_Scheme algorithm) {
if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
LevelSession pair = kAdapter->get(session);
if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION;
return pair.fcn->GenerateRSASignature(pair.session, message, message_length,
signature, signature_length);
signature, signature_length, algorithm);
}
extern "C" OEMCryptoResult OEMCrypto_DeriveKeysFromSessionKey(

BIN
libwvdrmengine/docs/WidevineModularDRMSecurityIntegrationGuideforCENC.pdf
View File

Binary file not shown.

BIN
libwvdrmengine/docs/WidevineSecurityIntegrationGuideforCENCAndroidSupplement.pdf
View File

Binary file not shown.

1405
libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
View File

File diff suppressed because it is too large Load Diff

7
libwvdrmengine/oemcrypto/include/level3.h
View File

@@ -70,7 +70,9 @@ OEMCryptoResult Level3_LoadKeys(OEMCrypto_SESSION session,
const uint8_t* enc_mac_key_iv,
const uint8_t* enc_mac_key,
size_t num_keys,
const OEMCrypto_KeyObject* key_array);
const OEMCrypto_KeyObject* key_array,
const uint8_t* pst,
size_t pst_length);
OEMCryptoResult Level3_RefreshKeys(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
@@ -122,7 +124,8 @@ OEMCryptoResult Level3_GenerateRSASignature(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
uint8_t* signature,
size_t *signature_length);
size_t *signature_length,
RSA_Padding_Scheme algorithm);
OEMCryptoResult Level3_DeriveKeysFromSessionKey(OEMCrypto_SESSION session,
const uint8_t* enc_session_key,
size_t enc_session_key_length,

64
libwvdrmengine/oemcrypto/mock/src/oemcrypto_mock.cpp
View File

@@ -263,7 +263,9 @@ OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,
const uint8_t* enc_mac_key_iv,
const uint8_t* enc_mac_keys,
size_t num_keys,
const OEMCrypto_KeyObject* key_array) {
const OEMCrypto_KeyObject* key_array,
const uint8_t* pst,
size_t pst_length) {
if (trace_all_calls) {
printf("-- OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,\n");
dump_hex("message", message, message_length);
@@ -892,7 +894,8 @@ OEMCryptoResult OEMCrypto_GenerateRSASignature(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
uint8_t* signature,
size_t* signature_length) {
size_t* signature_length,
RSA_Padding_Scheme algorithm) {
if (trace_all_calls) {
printf("-- OEMCryptoResult OEMCrypto_GenerateRSASignature()\n");
dump_hex("message", message, message_length);
@@ -925,6 +928,11 @@ OEMCryptoResult OEMCrypto_GenerateRSASignature(OEMCrypto_SESSION session,
return OEMCrypto_ERROR_INVALID_CONTEXT;
}
if (algorithm != kSign_RSASSA_PSS) {
LOGE("[OEMCrypto_GenerateRSASignature(): OEMCrypto_ERROR_NOT_IMPLEMENTED]");
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
if (session_ctx->GenerateRSASignature(message,
message_length,
signature,
@@ -987,7 +995,7 @@ OEMCryptoResult OEMCrypto_DeriveKeysFromSessionKey(
extern "C"
uint32_t OEMCrypto_APIVersion() {
return oec_latest_version;
return 9;
}
extern "C"
@@ -995,6 +1003,16 @@ const char* OEMCrypto_SecurityLevel() {
return "L3";
}
extern "C"
OEMCryptoResult OEMCrypto_GetHDCPCapability(OEMCrypto_HDCP_Capability *current,
OEMCrypto_HDCP_Capability *maximum) {
if (current == NULL) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
if (maximum == NULL) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
*current = 0;
*maximum = 0;
return OEMCrypto_SUCCESS;
}
extern "C"
OEMCryptoResult OEMCrypto_Generic_Encrypt(OEMCrypto_SESSION session,
const uint8_t* in_buffer,
@@ -1114,4 +1132,44 @@ OEMCryptoResult OEMCrypto_Generic_Verify(OEMCrypto_SESSION session,
return OEMCrypto_SUCCESS;
}
extern "C"
bool OEMCrypto_SupportsUsageTable() {
return false;
}
extern "C"
OEMCryptoResult OEMCrypto_UpdateUsageTable() {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
extern "C"
OEMCryptoResult OEMCrypto_DeactivateUsageEntry(const uint8_t *pst,
size_t pst_length) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
extern "C"
OEMCryptoResult OEMCrypto_ReportUsage(OEMCrypto_SESSION session,
const uint8_t *pst,
size_t pst_length,
OEMCrypto_PST_Report *buffer,
size_t *buffer_length) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
extern "C"
OEMCryptoResult OEMCrypto_DeleteUsageEntry(OEMCrypto_SESSION session,
const uint8_t* pst,
size_t pst_length,
const uint8_t *message,
size_t message_length,
const uint8_t *signature,
size_t signature_length) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
extern "C"
OEMCryptoResult OEMCrypto_DeleteUsageTable() {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
}; // namespace wvoec_mock

34
libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
View File

@@ -951,7 +951,7 @@ class Session {
OEMCrypto_LoadKeys(session_id(), message_ptr, sizeof(encrypted),
&signature[0], signature.size(),
encrypted.mac_key_iv, encrypted.mac_keys,
kNumKeys, key_array));
kNumKeys, key_array, NULL, 0));
// Update new generated keys.
memcpy(&mac_key_server_[0], data.mac_keys, wvcdm::MAC_KEY_SIZE);
memcpy(&mac_key_client_[0], data.mac_keys+wvcdm::MAC_KEY_SIZE,
@@ -1496,7 +1496,7 @@ TEST_F(OEMCryptoClientTest, VersionNumber) {
cout << " OEMCrypto Security Level is "<< level << endl;
uint32_t version = OEMCrypto_APIVersion();
cout << " OEMCrypto API version is " << version << endl;
ASSERT_EQ(oec_latest_version, version);
ASSERT_EQ(9, version);
testTearDown();
}
@@ -1952,7 +1952,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithNoMAC) {
message_ptr, sizeof(encrypted),
&signature[0], signature.size(),
NULL, NULL,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
s.close();
testTearDown();
@@ -1987,7 +1987,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange1) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
&mac_keys[0], // Not pointing into buffer.
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
s.close();
testTearDown();
@@ -2019,7 +2019,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange2) {
&signature[0], signature.size(),
&mac_key_iv[0], // bad.
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
s.close();
testTearDown();
@@ -2053,7 +2053,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange3) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
s.close();
testTearDown();
@@ -2087,7 +2087,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange4) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
s.close();
testTearDown();
@@ -2121,7 +2121,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange5) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
s.close();
testTearDown();
@@ -2155,7 +2155,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange6) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
s.close();
testTearDown();
@@ -2189,7 +2189,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadRange7) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
s.close();
testTearDown();
@@ -2220,7 +2220,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadNonce) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
@@ -2254,7 +2254,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeyWithBadVerification) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
@@ -2289,7 +2289,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeysBadSignature) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
@@ -2322,7 +2322,7 @@ TEST_F(DISABLED_TestKeybox, LoadKeysWithNoDerivedKeys) {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_NE(OEMCrypto_SUCCESS, sts);
@@ -3131,7 +3131,7 @@ TEST_F(DISABLED_TestKeybox, RSASignature) {
sts = OEMCrypto_GenerateRSASignature(s.session_id(), &licenseRequest[0],
licenseRequest.size(), NULL,
&signature_length);
&signature_length, kSign_RSASSA_PSS);
ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, sts);
ASSERT_NE(static_cast<size_t>(0), signature_length);
@@ -3140,7 +3140,7 @@ TEST_F(DISABLED_TestKeybox, RSASignature) {
sts = OEMCrypto_GenerateRSASignature(s.session_id(), &licenseRequest[0],
licenseRequest.size(), signature,
&signature_length);
&signature_length, kSign_RSASSA_PSS);
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
// In the real world, the signature above would just have been used to contact
@@ -3270,7 +3270,7 @@ class DISABLED_GenericDRMTest : public DISABLED_TestKeybox {
&signature[0], signature.size(),
encrypted.mac_key_iv,
encrypted.mac_keys,
kNumKeys, key_array);
kNumKeys, key_array, NULL, 0);
ASSERT_EQ(OEMCrypto_SUCCESS, sts);
}