Cherry pick cdm udc-widevine-release changes to udc-widevine-dev to be in sync with 18.3 release

Merged from go/wvgerrit/178231 Bug: 290252845 Test: WVTS tests seem to be running and passing Change-Id: Ifff9123a73e173e835a6e89ba7c2760e1cd500fd (cherry picked from commit 6889845d2e7e24f22c00b333335c34259b3fc96e)
2023-07-12 18:59:13 +00:00
parent 42a5f26c5a
commit bc20b9dac9
460 changed files with 16767 additions and 3215 deletions
--- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
+++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
@@ -3,7 +3,7 @@
 // License Agreement.

 /**
- * @mainpage OEMCrypto API v18.1
+ * @mainpage OEMCrypto API v18.3
 *
 * OEMCrypto is the low level library implemented by the OEM to provide key and
 * content protection, usually in a separate secure memory or process space. The
@@ -712,6 +712,7 @@ typedef enum OEMCrypto_SignatureHashAlgorithm {
 #define OEMCrypto_GetSignatureHashAlgorithm   _oecc139
 #define OEMCrypto_EnterTestMode               _oecc140
 #define OEMCrypto_GetDeviceSignedCsrPayload   _oecc141
+#define OEMCrypto_FactoryInstallBCCSignature  _oecc142
 // clang-format on

 /// @addtogroup initcontrol
@@ -2996,6 +2997,41 @@ OEMCryptoResult OEMCrypto_WrapKeyboxOrOEMCert(
 OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(const uint8_t* keybox_or_cert,
                                                 size_t keybox_or_cert_length);

+/**
+ * Install a factory generated signature for the BCC. This is for devices that
+ * use Provisioning 4.0, with the signing option in the factory. With the
+ * signing option, the BCC is extracted from the device in the factory. Instead
+ * of being uploaded to the Widevine server, the BCC is signed by a certificate
+ * that the manufacturer shares with Widevine. The signature is then installed
+ * on the device is a secure location. The signature must not be erased during
+ * factory reset.
+ *
+ * This signature should be returned as `addition_signature` in a call to the
+ * function `OEMCrypto_GetBootCertificateChain()`.
+ *
+ * Devices that do not support Provisioning 4.0, or only support Provisioning
+ * 4.0 Option 1 should return OEMCrypto_ERROR_NOT_IMPLEMENTED.
+ *
+ *
+ * @param[in] signature: pointer to data as input
+ * @param[in] signature_length: length of the data in bytes
+ *
+ * @retval OEMCrypto_SUCCESS success
+ * @retval OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
+ * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
+ * @retval OEMCrypto_ERROR_SYSTEM_INVALIDATED
+ *
+ * @threading
+ *   This is an "Initialization and Termination Function" and will not be
+ *   called simultaneously with any other function, as if the CDM holds a write
+ *   lock on the OEMCrypto system.
+ *
+ * @version
+ *   This method is new in API version 18.3.
+ */
+OEMCryptoResult OEMCrypto_FactoryInstallBCCSignature(const uint8_t* signature,
+                                                     size_t signature_length);
+
 /**
 * This function is for OEMCrypto to tell the layer above what provisioning
 * method it uses: keybox or OEM certificate.
@@ -3314,6 +3350,22 @@ uint32_t OEMCrypto_MinorAPIVersion(void);
 * While not required, the following top level fields are recommended:
 * - "implementer" [string]: Name of company or entity that provides OEMCrypto.
 *   Important if not SOC vendor.
+ * - "git_commit" [string]: Git commit hash of the code repository that
+ *   produced the TA build. Useful for implementers to distinguish the state of
+ *   different TA builds.
+ * - "build_timestamp" [string]: ISO 8601 formatted timestamp of the time the
+ *   TA was compiled, eg "YYYY-MM-DDTHH:MM:SS"
+ *
+ * While not required, another optional top level struct can be added to the
+ * build information string to provide information about liboemcrypto.so:
+ * - "ree" {
+ *     - "liboemcrypto_ver" [string]: liboemcrypto.so version in string format
+ *       eg "2.15.0+tag". Note that this is separate from the "ta_ver" field
+ *       above, since this section is specific to the liboemcrypto.so binary.
+ *     - "git_commit" [string]: git hash of code that compiled liboemcrypto.so
+ *     - "build_timestamp" [string]: ISO 8601 timestamp for when
+ *       liboemcrypto.so was built
+ *   }
 *
 * The JSON string can contain other values, structs, arrays, etc in addition to
 * the above, if desired.
@@ -4812,11 +4864,71 @@ OEMCryptoResult OEMCrypto_GetBootCertificateChain(
 * key is supposed to be certified by the server. The private key is wrapped
 * with the encryption key so it can be stored in the file system.
 *
- * If an OEM private key is unavailable, the request is assumed for OEM
+ * The |public_key_signature| output is formatted differently depending
+ * on whether or not an OEM private key has been loaded.
+ *
+ * If an OEM private key is unavailable, the request is assumed to be for OEM
 * certificate provisioning. In this case, the public key is signed by the
- * device private key. If an OEM private key is available, the request is
- * assumed for DRM certificate provisioning and the public key is signed by the
- * OEM private key.
+ * device private key. The format of |public_key_signature| in this case is a
+ * COSE_Sign1 CBOR array. The format is described in RFC 8152 Section 4.2 and
+ * 4.4, as well as Android IRemotelyProvisionedComponent.aidl (under
+ * "SignedData<Data>")
+ *
+ * ~~~
+ *   |public_key_signature|: COSE_Sign1 CBOR array
+ *   [
+ *     protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 /
+ *                                 AlgorithmES384 },
+ *     unprotected: {},
+ *     payload: bstr .cbor Data / nil,
+ *     signature: bstr      ; PureEd25519(priv_key, Sig_structure) /
+ *                          ; ECDSA(priv_key, Sig_structure)
+ *   ]
+ * ~~~
+ *
+ * Notes:
+ *   1. The payload field in the COSE_Sign1 struct is the public key generated
+ *      by OEMCrypto_GenerateCertificateKeyPair
+ *   2. The signature field in the COSE_Sign1 struct is the concatenation of the
+ *      (R,S) values from the EC/Ed signature. If either R or S is smaller than
+ *      the key size, it is left-padded with 0 to match the key size as
+ *      described in RFC 8152. This signature is not DER encoded.
+ *   3. The signature is generated by calling the selected EC signing function
+ *      (PureEd25519 or one of the supported ECDSA algorithms) on
+ *      `Sig_structure`, which is a CBOR array described below. The payload
+ *      field in Sig_structure is the same as the payload in the above
+ *      COSE_Sign1 CBOR array.
+ *
+ * ~~~
+ *   Sig_structure: CBOR array
+ *   [
+ *     context: "Signature1",
+ *     protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 /
+ *                                 AlgorithmES384 },
+ *     external_aad: bstr .size 0,
+ *     payload: bstr .cbor Data / nil,
+ *   ]
+ * ~~~
+ *
+ * If an OEM private key is available, the request is assumed to be for DRM
+ * certificate provisioning and the public key is signed by the OEM private key.
+ * If the OEM private key is an RSA key, then |public_key_signature| is the raw
+ * output of the RSA sign operation with RSASSA-PSS padding. If the OEM private
+ * key is an ECC key, then |public_key_signature| is the ASN.1 DER-encoded (R,S)
+ * signature as specified in RFC 3279 2.2.3.
+ *
+ * After this function completes successfully, the session will hold a private
+ * key and will be ready for a call to
+ * OEMCrypto_PrepAndSignProvisioningRequest().  In particular, when this
+ * function is used to generate a DRM Certificate key pair, the session will be
+ * ready to sign a provisioning request with the DRM Cert private key. When this
+ * function is used to generate an OEM Certificate key pair, the session will be
+ * ready to sign a provisioning request with the OEM Cert private key.
+ *
+ * The public key shall be an ASN.1 DER-encoded SubjectPublicKeyInfo as
+ * specified in RFC 5280. Widevine recommends ECC keys for Provisioning 4.0, but
+ * an RSA key may also be used. If the key is an RSA key, then the encoding
+ * should use "rsaEncryption" (OID 1.2.840.113549.1.1.1), and not RSASSA-PSS.
 *
 * @param[in] session: session id.
 * @param[out] public_key: pointer to the buffer that receives the public key
@@ -4825,11 +4937,8 @@ OEMCryptoResult OEMCrypto_GetBootCertificateChain(
 * @param[in,out] public_key_length: on input, size of the caller's public_key
 *    buffer. On output, the number of bytes written into the buffer.
 * @param[out] public_key_signature: pointer to the buffer that receives the
- *    signature of the public key.
- *    If an OEM private key is unavailable: it is signed by the device private
- *    key. The signature must be in COSE_SIGN1 format as specified in RFC 8152.
- *    If an OEM private key is available: it is signed by the OEM private key.
- *    The signature must be raw signature bytes.
+ *    signature of the public key. The format depends on whether an OEM private
+ *    key has been loaded.
 * @param[in,out] public_key_signature_length: on input, size of the caller's
 *    public_key_signature buffer. On output, the number of bytes written into
 *    the buffer.