OEMCrypto Version 9 API (KLP Modular Version)

This CL changes the header file and documentation for OEMCrypto version 9. It is a cherry pick of Change-Id: I1a43a686ef5d345132affc672bc1c6acf7b3f661 I modified the reference implementation and the calling functions just enough that existing unit tests still pass. Acutal implementation of this API will be in future CLs. Comments on the documentation can be made in the Google Doc here: https://docs.google.com/a/google.com/document/d/1pHSJ2IKL0axmQz2gmDZ7olxPWb_ZcULaJrYwDZAeS7k/edit?usp=sharing Merge of https://widevine-internal-review.googlesource.com/#/c/9170/ from the widevine cdm repo. Change-Id: I0197b1dfadedd6cc85710c7408e739cedeb45dce
2014-03-10 10:29:50 -07:00
parent adfd599175
commit b2af1e6303
8 changed files with 1136 additions and 400 deletions
--- a/libwvdrmengine/cdm/core/src/crypto_session.cpp
+++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp
@@ -382,7 +382,7 @@ CdmResponseType CryptoSession::LoadKeys(const std::string& message,
  OEMCryptoResult sts = OEMCrypto_LoadKeys(
      oec_session_id_, msg, message.size(),
      reinterpret_cast<const uint8_t*>(signature.data()), signature.size(),
-      enc_mac_key_iv, enc_mac_key, num_keys, &load_key_array[0]);
+      enc_mac_key_iv, enc_mac_key, num_keys, &load_key_array[0], NULL, 0);

  if (OEMCrypto_SUCCESS == sts) {
    return KEY_ADDED;
@@ -514,7 +514,7 @@ bool CryptoSession::GenerateSignature(const std::string& message, bool use_rsa,
  if (use_rsa) {
    sts = OEMCrypto_GenerateRSASignature(
        oec_session_id_, reinterpret_cast<const uint8_t*>(message.data()),
-        message.size(), NULL, &length);
+        message.size(), NULL, &length, kSign_RSASSA_PSS);
    if (OEMCrypto_ERROR_SHORT_BUFFER != sts) {
      LOGD("GenerateSignature: OEMCrypto_GenerateRSASignature err=%d", sts);
      return false;
@@ -537,7 +537,7 @@ bool CryptoSession::GenerateSignature(const std::string& message, bool use_rsa,
        oec_session_id_, reinterpret_cast<const uint8_t*>(message.data()),
        message.size(),
        reinterpret_cast<uint8_t*>(const_cast<char*>(signature->data())),
-        &length);
+        &length, kSign_RSASSA_PSS);
  } else {
    sts = OEMCrypto_GenerateSignature(
        oec_session_id_, reinterpret_cast<const uint8_t*>(message.data()),
--- a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
+++ b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
@@ -48,7 +48,8 @@ typedef OEMCryptoResult (*L1_LoadKeys_t)(
    OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
    const uint8_t* signature, size_t signature_length,
    const uint8_t* enc_mac_key_iv, const uint8_t* enc_mac_key, size_t num_keys,
-    const OEMCrypto_KeyObject* key_array);
+    const OEMCrypto_KeyObject* key_array,
+    const uint8_t* pst, size_t pst_length);
 typedef OEMCryptoResult (*L1_RefreshKeys_t)(
    OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
    const uint8_t* signature, size_t signature_length, size_t num_keys,
@@ -88,7 +89,8 @@ typedef OEMCryptoResult (*L1_GenerateRSASignature_t)(OEMCrypto_SESSION session,
                                                     const uint8_t* message,
                                                     size_t message_length,
                                                     uint8_t* signature,
-                                                     size_t* signature_length);
+                                                     size_t* signature_length,
+                                                     RSA_Padding_Scheme algorithm);
 typedef OEMCryptoResult (*L1_DeriveKeysFromSessionKey_t)(
    OEMCrypto_SESSION session, const uint8_t* enc_session_key,
    size_t enc_session_key_length, const uint8_t* mac_key_context,
@@ -239,9 +241,10 @@ class Adapter {
      return false;
    }
    uint32_t level1_version = level1_.APIVersion();
-    if (level1_version != oec_latest_version) {
+    uint32_t minimum_version = 8;  // TODO(fredgc): allow version 8 and 9?
+    if (level1_version < minimum_version) {
      LOGW("liboemcrypto.so is version %d, not %d. Falling Back to L3.",
-           level1_version, oec_latest_version);
+           level1_version, minimum_version);
      return false;
    }
    if (OEMCrypto_SUCCESS == level1_.IsKeyboxValid()) {
@@ -439,13 +442,14 @@ extern "C" OEMCryptoResult OEMCrypto_LoadKeys(
    OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
    const uint8_t* signature, size_t signature_length,
    const uint8_t* enc_mac_key_iv, const uint8_t* enc_mac_key, size_t num_keys,
-    const OEMCrypto_KeyObject* key_array) {
+    const OEMCrypto_KeyObject* key_array,
+    const uint8_t* pst, size_t pst_length) {
  if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
  LevelSession pair = kAdapter->get(session);
  if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION;
  return pair.fcn->LoadKeys(pair.session, message, message_length, signature,
                            signature_length, enc_mac_key_iv, enc_mac_key,
-                            num_keys, key_array);
+                            num_keys, key_array, pst, pst_length);
 }

 extern "C" OEMCryptoResult OEMCrypto_RefreshKeys(
@@ -579,12 +583,12 @@ extern "C" OEMCryptoResult OEMCrypto_LoadDeviceRSAKey(

 extern "C" OEMCryptoResult OEMCrypto_GenerateRSASignature(
    OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
-    uint8_t* signature, size_t* signature_length) {
+    uint8_t* signature, size_t* signature_length, RSA_Padding_Scheme algorithm) {
  if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
  LevelSession pair = kAdapter->get(session);
  if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION;
  return pair.fcn->GenerateRSASignature(pair.session, message, message_length,
-                                        signature, signature_length);
+                                        signature, signature_length, algorithm);
 }

 extern "C" OEMCryptoResult OEMCrypto_DeriveKeysFromSessionKey(