Threading Contract and Error Messages

I added a few error codes for out-of-resource type conditions. I added comments explain which functions may be called simultaneously. Basically, info only functions, like getDeviceId, may be called anytime after initialization. Functions that have a session parameter may be called at the same time as other functions for a different session, but not for the same session. Functions that create or delete sessions may not be called as the same time as any each other, or at the same time as any session functions. The CDM is required to honor these conventions. If the OEM can only decrypt for one session at a time, it is the OEM's responsibility to hold a lock. Change-Id: If4b11afd70b5b2e67d78802ea0057fb25271ae90
2012-12-04 12:57:56 -08:00
parent 03d43a5d2d
commit d5aa1e41d3
1 changed files with 155 additions and 62 deletions
--- a/libwvdrmengine/oemcrypto/include/OEMCryptoDASH.h
+++ b/libwvdrmengine/oemcrypto/include/OEMCryptoDASH.h
@@ -16,42 +16,47 @@ extern "C" {
 #define OEMCRYPTO_VERSION "4.0"
 static const char oec_version[] = OEMCRYPTO_VERSION;
 #include<stdint.h>
 typedef uint32_t OEMCrypto_SESSION;
 typedef uint8_t  OEMCrypto_KeyID[16];
 typedef enum OEMCryptoResult {
-    OEMCrypto_SUCCESS = 0,
+    OEMCrypto_SUCCESS                            = 0,
-    OEMCrypto_ERROR_INIT_FAILED,
+    OEMCrypto_ERROR_INIT_FAILED                  = 1,
-    OEMCrypto_ERROR_TERMINATE_FAILED,
+    OEMCrypto_ERROR_TERMINATE_FAILED             = 2,
-    OEMCrypto_ERROR_OPEN_FAILURE,
+    OEMCrypto_ERROR_OPEN_FAILURE                 = 3,
-    OEMCrypto_ERROR_CLOSE_FAILURE,
+    OEMCrypto_ERROR_CLOSE_FAILURE                = 4,
-    OEMCrypto_ERROR_ENTER_SECURE_PLAYBACK_FAILED,
+    OEMCrypto_ERROR_ENTER_SECURE_PLAYBACK_FAILED = 5,
-    OEMCrypto_ERROR_EXIT_SECURE_PLAYBACK_FAILED,
+    OEMCrypto_ERROR_EXIT_SECURE_PLAYBACK_FAILED  = 6,
-    OEMCrypto_ERROR_SHORT_BUFFER,
+    OEMCrypto_ERROR_SHORT_BUFFER                 = 7,
-    OEMCrypto_ERROR_NO_DEVICE_KEY,
+    OEMCrypto_ERROR_NO_DEVICE_KEY                = 8,
-    OEMCrypto_ERROR_NO_ASSET_KEY,
+    OEMCrypto_ERROR_NO_ASSET_KEY                 = 9,
-    OEMCrypto_ERROR_KEYBOX_INVALID,
+    OEMCrypto_ERROR_KEYBOX_INVALID               = 10,
-    OEMCrypto_ERROR_NO_KEYDATA,
+    OEMCrypto_ERROR_NO_KEYDATA                   = 11,
-    OEMCrypto_ERROR_NO_CW,
+    OEMCrypto_ERROR_NO_CW                        = 12,
-    OEMCrypto_ERROR_DECRYPT_FAILED,
+    OEMCrypto_ERROR_DECRYPT_FAILED               = 13,
-    OEMCrypto_ERROR_WRITE_KEYBOX,
+    OEMCrypto_ERROR_WRITE_KEYBOX                 = 14,
-    OEMCrypto_ERROR_WRAP_KEYBOX,
+    OEMCrypto_ERROR_WRAP_KEYBOX                  = 15,
-    OEMCrypto_ERROR_BAD_MAGIC,
+    OEMCrypto_ERROR_BAD_MAGIC                    = 16,
-    OEMCrypto_ERROR_BAD_CRC,
+    OEMCrypto_ERROR_BAD_CRC                      = 17,
-    OEMCrypto_ERROR_NO_DEVICEID,
+    OEMCrypto_ERROR_NO_DEVICEID                  = 18,
-    OEMCrypto_ERROR_RNG_FAILED,
+    OEMCrypto_ERROR_RNG_FAILED                   = 19,
-    OEMCrypto_ERROR_RNG_NOT_SUPPORTED,
+    OEMCrypto_ERROR_RNG_NOT_SUPPORTED            = 20,
-    OEMCrypto_ERROR_SETUP,
+    OEMCrypto_ERROR_SETUP                        = 21,
-    OEMCrypto_ERROR_OPEN_SESSION_FAILED,
+    OEMCrypto_ERROR_OPEN_SESSION_FAILED          = 22,
-    OEMCrypto_ERROR_CLOSE_SESSION_FAILED,
+    OEMCrypto_ERROR_CLOSE_SESSION_FAILED         = 23,
-    OEMCrypto_ERROR_INVALID_SESSION,
+    OEMCrypto_ERROR_INVALID_SESSION              = 24,
-    OEMCrypto_ERROR_NOT_IMPLEMENTED,
+    OEMCrypto_ERROR_NOT_IMPLEMENTED              = 25,
-    OEMCrypto_ERROR_NO_CONTENT_KEY,
+    OEMCrypto_ERROR_NO_CONTENT_KEY               = 26,
-    OEMCrypto_ERROR_CONTROL_INVALID,
+    OEMCrypto_ERROR_CONTROL_INVALID              = 27,
-    OEMCrypto_ERROR_UNKNOWN_FAILURE,
+    OEMCrypto_ERROR_UNKNOWN_FAILURE              = 28,
-    OEMCrypto_ERROR_INVALID_CONTEXT,
+    OEMCrypto_ERROR_INVALID_CONTEXT              = 29,
-    OEMCrypto_ERROR_SIGNATURE_FAILURE
+    OEMCrypto_ERROR_SIGNATURE_FAILURE            = 30,
    OEMCrypto_ERROR_TOO_MANY_SESSIONS            = 31,
    OEMCrypto_ERROR_INVALID_NONCE                = 32,
    OEMCrypto_ERROR_TOO_MANY_KEYS                = 33
 } OEMCryptoResult;
 /*
@@ -133,7 +138,7 @@ typedef struct {
 *  by the caller of OEMCrypto_LoadKeys().
 */
 typedef struct {
-    const uint8_t* key_id;
+    const OEMCrypto_KeyID* key_id;
    const uint8_t* key_data_iv;
    const uint8_t* key_data;
    const uint8_t* key_control_iv;
@@ -160,7 +165,7 @@ typedef struct {
 *  by the caller of OEMCrypto_RefreshKeys().
 */
 typedef struct {
-    const uint8_t* key_id;
+    const OEMCrypto_KeyID* key_id;
    const uint8_t* key_control_iv;
    const uint8_t* key_control;
 } OEMCrypto_KeyRefreshObject;
@@ -200,6 +205,10 @@ typedef struct {
 * Parameters:
 *   N/A
 *
 * Threading:
 *   No other function calls will be made while this function is running. This
 *   function will not be called again before OEMCrypto_Terminate.
 *
 * Returns:
 *   OEMCrypto_SUCCESS success
 *   OEMCrypto_ERROR_INIT_FAILED failed to initialize crypto hardware
@@ -215,6 +224,11 @@ OEMCryptoResult OEMCrypto_Initialize(void);
 * Parameters:
 *   N/A
 *
 * Threading:
 *   No other OEMCrypto calls are made while this function is running.  After
 *   this function is called, no other OEMCrypto calls will be made until another
 *   call to OEMCrypto_Initialize is made.
 *
 * Returns:
 *   OEMCrypto_SUCCESS success
 *   OEMCrypto_ERROR_TERMINATE_FAILED failed to de-initialize crypto hardware
@@ -230,8 +244,14 @@ OEMCryptoResult OEMCrypto_Terminate(void);
 * Parameters:
 *   session (out) - pointer to crypto session identifier.
 *
 * Threading:
 *   No other Open/Close session calls will be made while this function is
 *   running. Functions on existing sessions may be called while this function
 *   is active.
 *
 * Returns:
 *   OEMCrypto_SUCCESS success
 *   OEMCrypto_ERROR_TOO_MANY_SESSIONS failed because too many sessions are open
 *   OEMCrypto_ERROR_OPEN_SESSION_FAILED failed to initialize the crypto session
 */
 OEMCryptoResult OEMCrypto_OpenSession(OEMCrypto_SESSION *session);
@@ -245,8 +265,14 @@ OEMCryptoResult OEMCrypto_OpenSession(OEMCrypto_SESSION *session);
 * Parameters:
 *   session (in) - crypto session identifier.
 *
 * Threading:
 *   No other Open/Close session calls will be made while this function is
 *   running. Functions on existing sessions may be called while this function
 *   is active.
 *
 * Returns:
 *   OEMCrypto_SUCCESS success
 *   OEMCrypto_ERROR_INVALID_SESSION no open session with that id.
 *   OEMCrypto_ERROR_CLOSE_SESSION_FAILED failed to terminate the crypto session
 */
 OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session);
@@ -259,13 +285,25 @@ OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session);
 *   signing and content key decryption under the license server protocol
 *   for AES CTR mode.
 *
- *   Refer to document "OEMCrypto Changes for V2 License Protocol" for details
+ *   Refer to document "OEMCrypto Changes for V2 License Protocol" for details.
 *   This function computes the AES-128-CMAC of the enc_key_context and stores
 *   it in secure memory as the encrypt_key, and the first half of the mac_key.
 *   It then computes the AES-128-CMAC of the mac_key_context and stores it in
 *   the second half of the mac_key.  These two keys will be stored until the
 *   next call to LoadKeys.
 *
 * Parameters:
 *   session (in) - crypto session identifier.
- *   context (in) - pointer to memory containing context data for computing the
+ *   mac_key_context (in) - pointer to memory containing context data for
- *                  secondary keys.
+ *                          computing the HMAC generation key.
- *   context_length (in) - length of the context data.
+ *   mac_key_context_length (in) - length of the HMAC key context data.
 *   enc_key_context (in) - pointer to memory containing context data for
 *                          computing the encryption key.
 *   enc_key_context_length (in) - length of the encryption key context data.
 *
 * Threading:
 *   This function may be called simultaneously with functions on other sessions,
 *   but not with other functions on this session.
 *
 * Returns:
 *   OEMCrypto_SUCCESS success
@@ -276,8 +314,10 @@ OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session);
 */
 OEMCryptoResult OEMCrypto_GenerateDerivedKeys(
                            OEMCrypto_SESSION session,
-                            const uint8_t *context,
+                            const uint8_t *mac_key_context,
-                            size_t context_length);
+                            uint32_t mac_key_context_length,
                            const uint8_t *enc_key_context,
                            uint32_t enc_key_context_length);
 /*
 * OEMCrypto_GenerateNonce
@@ -289,6 +329,11 @@ OEMCryptoResult OEMCrypto_GenerateDerivedKeys(
 * Refer to documents "OEMCrypto Changes for V2 License Protocol" and "Key
 * Control Block Definition" for details.
 *
 * XXX TODO: Verify design needs more than one nonce per session.  If not,
 * I will add a comment saying only once nonce is stored.  If so, I will add
 * a comment saying how many nonces needed.  Nancy needs nine nonces, and Ned
 * never needs any.
 *
 * Parameters:
 *   session (in) - crypto session identifier.
 *   message (in) - pointer to memory containing message to be signed.
@@ -297,6 +342,10 @@ OEMCryptoResult OEMCrypto_GenerateDerivedKeys(
 *   signature_length (in/out) - (in) length of the signature buffer.
 *                               (out) actual length of the signature
 *
 * Threading:
 *   This function may be called simultaneously with functions on other sessions,
 *   but not with other functions on this session.
 *
 * Returns:
 *   OEMCrypto_SUCCESS success
 *   OEMCrypto_ERROR_NO_DEVICE_KEY
@@ -328,6 +377,10 @@ OEMCryptoResult OEMCrypto_GenerateNonce(
 *   signature_length (in/out) - (in) length of the signature buffer.
 *                               (out) actual length of the signature
 *
 * Threading:
 *   This function may be called simultaneously with functions on other sessions,
 *   but not with other functions on this session.
 *
 * Returns:
 *   OEMCrypto_SUCCESS success
 *   OEMCrypto_ERROR_NO_DEVICE_KEY
@@ -355,11 +408,27 @@ OEMCryptoResult OEMCrypto_GenerateSignature(
 *   OEMCrypto_ERROR_SIGNATURE_FAILURE.  Otherwise, add the keys to the session
 *   context.
 *
- *   The mac_key is encrypted with the current encrypt_key and the offered IV.
+ *   The keys will be decrypted using the current encrypt_key (AES-128-CBC) and
- *   It replaces the mac_key created by OEMCrypto_GenerateDerivedkeys().
+ *   the IV given in the KeyObject.  Each key control block will be decrypted
 *   using the corresponding content key (AES-128-CBC) and the IV given in the
 *   KeyObject.
 *
 *   If any key's control block does have valid verification fields, return
 *   OEMCrypto_ERROR_INVALID_CONTEXT and do not install any keys.
 *
 *   If any key's control block requires a nonce, and the nonce in the control
 *   block is different from the current nonce, return
 *   OEMCrypto_ERROR_INVALID_NONCE.  In that case, do not install any keys.
 *
 *   The new mac_key is decrypted with the current encrypt_key and the offered
 *   IV.  It replaces the current mac_key.
 *
 *   The mac_key and encrypt_key were generated and stored by the previous call
 *   to OEMCrypto_GenerateDerivedKeys().  The nonce was generated and stored by
 *   the previous call to OEMCrypto_GenerateNonce().
 *
 * NOTE: OEMCrypto_GenerateDerivedKeys() must be called first to establish the
- *       mac_key
+ *       mac_key and encrypt_key.
 *
 * Refer to document "OEMCrypto Changes for V2 License Protocol" for details.
 *
@@ -375,6 +444,10 @@ OEMCryptoResult OEMCrypto_GenerateSignature(
 *   num_keys (in) - number of keys present.
 *   key_array (in) - set of keys to be installed.
 *
 * Threading:
 *   This function may be called simultaneously with functions on other sessions,
 *   but not with other functions on this session.
 *
 * Returns:
 *   OEMCrypto_SUCCESS success
 *   OEMCrypto_ERROR_NO_DEVICE_KEY
@@ -382,6 +455,8 @@ OEMCryptoResult OEMCrypto_GenerateSignature(
 *   OEMCrypto_ERROR_UNKNOWN_FAILURE
 *   OEMCrypto_ERROR_INVALID_CONTEXT
 *   OEMCrypto_ERROR_SIGNATURE_FAILURE
 *   OEMCrypto_ERROR_INVALID_NONCE
 *   OEMCrypto_ERROR_TOO_MANY_KEYS
 */
 OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,
                                   const uint8_t* message,
@@ -407,8 +482,8 @@ OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,
 *   OEMCrypto_ERROR_SIGNATURE_FAILURE.  Otherwise, add the keys to the session
 *   context.
 *
- * NOTE: OEMCrypto_GenerateDerivedKeys() must be called first to establish
+ * NOTE: OEMCrypto_GenerateDerivedKeys() or OEMCrypto_LoadKeys() must be called
- *       the mac_key
+ *       first to establish the mac_key
 *
 * Refer to document OEMCrypto Changes for V2 License Protocol for details.
 *
@@ -421,6 +496,10 @@ OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,
 *   num_keys (in) - number of keys present.
 *   key_array (in) - set of keys to be installed.
 *
 * Threading:
 *   This function may be called simultaneously with functions on other sessions,
 *   but not with other functions on this session.
 *
 * Returns:
 *   OEMCrypto_SUCCESS success
 *   OEMCrypto_ERROR_NO_DEVICE_KEY
@@ -443,11 +522,9 @@ OEMCrypto_RefreshKeys(OEMCrypto_SESSION session,
 *
 * Description:
 *   Select a content key and install it in the hardware key ladder for
- *   subsequent decryption operations (OEMCrypto_DecryptCTR()).
+ *   subsequent decryption operations (OEMCrypto_DecryptCTR()) for this session.
- *
+ *   The specified key must have been previously "installed" via
- *   This operation is supported only while performing CTR mode decryption
+ *   OEMCrypto_LoadKeys() or OEMCrypto_RefreshKeys().
 *   (see OEMCrypto_DecryptCTR).  The specified key must have been previously
 *   "installed" via OEMCrypto_LoadKeys() or OEMCrypto_RefreshKeys().
 *
 *   A key control block is associated with the key and the session, and is used
 *   to configure the session context.  The Key Control data is documented in
@@ -457,17 +534,10 @@ OEMCrypto_RefreshKeys(OEMCrypto_SESSION session,
 *           includes the key value, the content key IV, the key control
 *           block, and the key control block IV.
 *
- *   Step 2: Lookup the encrypt_key (derived key).  Latch the result in the
+ *   Step 2: Latch the content key into the hardware key ladder.  Set
- *           hardware key ladder.
+ *           permission flags and timers based on the key's control block.
 *
- *   Step 3: use the encrypt_key to decrypt (AES-128-CBC) the content key data,
+ *   Step 3: use the latched content key to decrypt (AES-128-CTR)
 *           using the content key IV. Latch result in the hardware key ladder.
 *
 *   Step 4: use the latched content key to decrypt (AES-128-CBC) the key
 *           control block using the key control block IV. Verify the key
 *           control block and apply it to the current session.
 *
 *   Step 5: use the latched content key to decrypt (AES-128-CTR)
 *           to decrypt buffers passed in via OEMCrypto_DecryptCTR().  Continue
 *           to use this key until OEMCrypto_SelectKey() is called again, or
 *           until OEMCrypto_CloseSession() is called.
@@ -477,6 +547,10 @@ OEMCrypto_RefreshKeys(OEMCrypto_SESSION session,
 *    key_id (in) - pointer to the Key ID
 *    key_id_length (in) - length of the Key ID in bytes
 *
 * Threading:
 *   This function may be called simultaneously with functions on other sessions,
 *   but not with other functions on this session.
 *
 * Returns:
 *    OEMCrypto_SUCCESS success
 *    OEMCrypto_ERROR_INVALID_SESSION crypto session ID invalid or not open
@@ -486,8 +560,7 @@ OEMCrypto_RefreshKeys(OEMCrypto_SESSION session,
 *    OEMCrypto_ERROR_KEYBOX_INVALID cannot decrypt and read from Keybox
 */
 OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
-                                    const uint8_t* key_id,
+                                    const OEMCrypto_KeyID* key_id);
                                    const size_t key_id_length);
 /*
 * OEMCrypto_DecryptCTR
@@ -545,6 +618,10 @@ OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
 *   zero when it reaches its maximum value (0xFFFFFFFFFFFFFFFF).
 *   The upper 64 bits (byte 0-7) of the IV do not change.
 *
 * Threading:
 *   This function may be called simultaneously with functions on other sessions,
 *   but not with other functions on this session.
 *
 * Returns:
 *   OEMCrypto_SUCCESS
 *   OEMCrypto_ERROR_NO_DEVICE_KEY
@@ -578,6 +655,9 @@ OEMCrypto_DecryptCTR(OEMCrypto_SESSION session,
 *                 wrapped with OEMCrypto_WrapKeybox.
 *   keyboxLength (in) - Length of the keybox data in bytes.
 *
 * Threading:
 *   This function is not called simultaneously with any other functions.
 *
 * Returns:
 *   OEMCrypto_SUCCESS success
 *   OEMCrypto_ERROR_WRITE_KEYBOX failed to handle and store Keybox
@@ -600,6 +680,9 @@ OEMCryptoResult OEMCrypto_InstallKeybox(uint8_t *keybox,
 * Parameters:
 *   none
 *
 * Threading:
 *   This function may be called simultaneously with any session functions.
 *
 * Returns:
 *   OEMCrypto_SUCCESS
 *   OEMCrypto_ERROR_BAD_MAGIC
@@ -618,6 +701,9 @@ OEMCryptoResult OEMCrypto_IsKeyboxValid(void);
 *   idLength (in/out) - on input, size of the caller's device ID buffer.
 *        On output, the number of bytes written into the buffer.
 *
 * Threading:
 *   This function may be called simultaneously with any session functions.
 *
 * Returns:
 *   OEMCrypto_SUCCESS success
 *   OEMCrypto_ERROR_SHORT_BUFFER buffer is too small to return the device ID
@@ -644,6 +730,9 @@ OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID,
 *   dataLength (in/out) - on input, the allocated buffer size.  On output,
 *                   the number of bytes in KeyData.
 *
 * Threading:
 *   This function may be called simultaneously with any session functions.
 *
 * Returns:
 *   OEMCrypto_SUCCESS success
 *   OEMCrypto_ERROR_SHORT_BUFFER the buffer is too small to return the KeyData
@@ -664,6 +753,9 @@ OEMCryptoResult OEMCrypto_GetKeyData(uint8_t* keyData,
 *                      random data.
 *   dataLength (in)  - Length of the random data buffer in bytes.
 *
 * Threading:
 *   This function may be called simultaneously with any session functions.
 *
 * Returns:
 *   OEMCrypto_SUCCESS success
 *   OEMCrypto_ERROR_RNG_FAILED failed to generate random number
@@ -680,7 +772,7 @@ OEMCryptoResult OEMCrypto_GetRandom(uint8_t* randomData,
 *   is not NULL, the input keybox is encrypted with transportKey.  If so,
 *   decrypt the input keybox before wrapping it, using transportKey in AES-CBC
 *   mode with an IV of all zeroes.  This function is only needed if the
- *   if the provisioning method involves saving the keybox to the file system.
+ *   provisioning method involves saving the keybox to the file system.
 *
 * Parameters:
 *   keybox (in) - Pointer to keybox data.
@@ -696,6 +788,7 @@ OEMCryptoResult OEMCrypto_GetRandom(uint8_t* randomData,
 * Returns:
 *   OEMCrypto_SUCCESS success
 *   OEMCrypto_ERROR_WRAP_KEYBOX failed to wrap Keybox
 *   OEMCrypto_ERROR_NOT_IMPLEMENTED
 */
 OEMCryptoResult OEMCrypto_WrapKeybox(uint8_t *keybox,
                                     size_t keyBoxLength,