OEMCrypto v16.2
Merge from Widevine repo of http://go/wvgerrit/93404 This is the unit tests, reference code, and documentation for OEMCrypto v16.2. Backwards compatibility should work for a v15 OEMCrypto. Some review comments will be addressed in future CLs. Bug: 141247171 Test: Unit tests Test: Media GTS tests on bonito Change-Id: I9d427c07580e180c0a4cfdc4a68f538d351c0ddd
This commit is contained in:
Fred Gylys-Colwell
@@ -65,7 +65,7 @@ extern "C" {
|
||||
* [out] timer_limits: the session's timer limits.
|
||||
* [out] clock_values: the session's clock values.
|
||||
* [out] nonce_values: the session's ODK nonce values.
|
||||
* [in] api_version: the API version of OEMCrypto.
|
||||
* [in] api_major_version: the API version of OEMCrypto.
|
||||
* [in] session_id: the session id of the newly created session.
|
||||
*
|
||||
* Returns:
|
||||
@@ -78,7 +78,7 @@ extern "C" {
|
||||
OEMCryptoResult ODK_InitializeSessionValues(ODK_TimerLimits* timer_limits,
|
||||
ODK_ClockValues* clock_values,
|
||||
ODK_NonceValues* nonce_values,
|
||||
uint32_t api_version,
|
||||
uint32_t api_major_version,
|
||||
uint32_t session_id);
|
||||
|
||||
/*
|
||||
@@ -127,7 +127,9 @@ OEMCryptoResult ODK_InitializeClockValues(ODK_ClockValues* clock_values,
|
||||
*
|
||||
* Description:
|
||||
* This function sets the values in the clock_values structure. It shall be
|
||||
* called from OEMCrypto_LoadUsageEntry.
|
||||
* called from OEMCrypto_LoadUsageEntry. When a usage entry from a v15 or
|
||||
* earlier license is loaded, the value time_of_license_loaded shall be used
|
||||
* in place of time_of_license_signed.
|
||||
*
|
||||
* Parameters:
|
||||
* [in/out] clock_values: the session's clock data.
|
||||
@@ -231,7 +233,7 @@ OEMCryptoResult ODK_UpdateLastPlaybackTime(uint64_t system_time_seconds,
|
||||
*
|
||||
* Description:
|
||||
* This function modifies the session's clock values to indicate that the
|
||||
* license has been deactiviated. It shall be called from
|
||||
* license has been deactivated. It shall be called from
|
||||
* OEMCrypto_DeactivateUsageEntry
|
||||
*
|
||||
* Parameters:
|
||||
@@ -256,8 +258,8 @@ OEMCryptoResult ODK_DeactivateUsageEntry(ODK_ClockValues* clock_values);
|
||||
*
|
||||
* This shall be called by OEMCrypto from OEMCrypto_PrepAndSignLicenseRequest.
|
||||
*
|
||||
* NOTE: if message pointer is null and/or input core_message_size is zero,
|
||||
* this function returns OEMCrypto_ERROR_SHORT_BUFFER and sets output
|
||||
* NOTE: if the message pointer is null and/or input core_message_size is
|
||||
* zero, this function returns OEMCrypto_ERROR_SHORT_BUFFER and sets output
|
||||
* core_message_size to the size needed.
|
||||
*
|
||||
* Parameters:
|
||||
@@ -271,7 +273,7 @@ OEMCryptoResult ODK_DeactivateUsageEntry(ODK_ClockValues* clock_values);
|
||||
*
|
||||
* Returns:
|
||||
* OEMCrypto_SUCCESS
|
||||
* OEMCrypto_ERROR_SHORT_BUFFER if core_message_size is too small
|
||||
* OEMCrypto_ERROR_SHORT_BUFFER: core_message_size is too small
|
||||
* OEMCrypto_ERROR_INVALID_CONTEXT
|
||||
*
|
||||
* Version:
|
||||
@@ -292,8 +294,14 @@ OEMCryptoResult ODK_PrepareCoreLicenseRequest(
|
||||
*
|
||||
* This shall be called by OEMCrypto from OEMCrypto_PrepAndSignRenewalRequest.
|
||||
*
|
||||
* NOTE: if message pointer is null and/or input core_message_size is zero,
|
||||
* this function returns OEMCrypto_ERROR_SHORT_BUFFER and sets output
|
||||
* If status in clock_values indicates that a license has not been loaded,
|
||||
* then this is a license release. The ODK library will change the value of
|
||||
* nonce_values.api_major_version to 15. This will make
|
||||
* OEMCrypto_PrepAndSignRenewalRequest sign just the message body, as it does
|
||||
* for all legacy licenses.
|
||||
*
|
||||
* NOTE: if the message pointer is null and/or input core_message_size is
|
||||
* zero, this function returns OEMCrypto_ERROR_SHORT_BUFFER and sets output
|
||||
* core_message_size to the size needed.
|
||||
*
|
||||
* Parameters:
|
||||
@@ -303,31 +311,33 @@ OEMCryptoResult ODK_PrepareCoreLicenseRequest(
|
||||
* [in/out] core_message_size: length of the core message at the beginning of
|
||||
* the message. (in) size of buffer reserved for the core message, in
|
||||
* bytes. (out) actual length of the core message, in bytes.
|
||||
* [in] nonce_values: pointer to the session's nonce data.
|
||||
* [in] clock_values: the session's clock values.
|
||||
* [in/out] nonce_values: pointer to the session's nonce data.
|
||||
* [in/out] clock_values: the session's clock values.
|
||||
* [in] system_time_seconds: the current time on OEMCrypto's clock, in
|
||||
* seconds.
|
||||
*
|
||||
* Returns:
|
||||
* OEMCrypto_SUCCESS
|
||||
* OEMCrypto_ERROR_SHORT_BUFFER if core_message_size is too small
|
||||
* OEMCrypto_ERROR_SHORT_BUFFER: core_message_size is too small
|
||||
* OEMCrypto_ERROR_INVALID_CONTEXT
|
||||
*
|
||||
* Version:
|
||||
* This method is new in version 16 of the API.
|
||||
*/
|
||||
OEMCryptoResult ODK_PrepareCoreRenewalRequest(
|
||||
uint8_t* message, size_t message_length, size_t* core_message_size,
|
||||
const ODK_NonceValues* nonce_values, ODK_ClockValues* clock_values,
|
||||
uint64_t system_time_seconds);
|
||||
OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message,
|
||||
size_t message_length,
|
||||
size_t* core_message_size,
|
||||
ODK_NonceValues* nonce_values,
|
||||
ODK_ClockValues* clock_values,
|
||||
uint64_t system_time_seconds);
|
||||
|
||||
/*
|
||||
* ODK_PrepareCoreProvisioningRequest
|
||||
*
|
||||
* Description:
|
||||
* Modifies the message to include a core provisioning request at the
|
||||
* beginning of the message buffer. The values in nonce_values, clock_values
|
||||
* and system_time_seconds are used to populate the message.
|
||||
* beginning of the message buffer. The values in nonce_values are used to
|
||||
* populate the message.
|
||||
*
|
||||
* This shall be called by OEMCrypto from
|
||||
* OEMCrypto_PrepAndSignProvisioningRequest.
|
||||
@@ -336,8 +346,8 @@ OEMCryptoResult ODK_PrepareCoreRenewalRequest(
|
||||
* OEMCrypto_GetDeviceID. The device ID shall be unique to the device, and
|
||||
* stable across reboots and factory resets for an L1 device.
|
||||
*
|
||||
* NOTE: if message pointer is null and/or input core_message_size is zero,
|
||||
* this function returns OEMCrypto_ERROR_SHORT_BUFFER and sets output
|
||||
* NOTE: if the message pointer is null and/or input core_message_size is
|
||||
* zero, this function returns OEMCrypto_ERROR_SHORT_BUFFER and sets output
|
||||
* core_message_size to the size needed.
|
||||
*
|
||||
* Parameters:
|
||||
@@ -356,7 +366,7 @@ OEMCryptoResult ODK_PrepareCoreRenewalRequest(
|
||||
*
|
||||
* Returns:
|
||||
* OEMCrypto_SUCCESS
|
||||
* OEMCrypto_ERROR_SHORT_BUFFER if core_message_size is too small
|
||||
* OEMCrypto_ERROR_SHORT_BUFFER: core_message_size is too small
|
||||
* OEMCrypto_ERROR_INVALID_CONTEXT
|
||||
*
|
||||
* Version:
|
||||
@@ -373,7 +383,7 @@ OEMCryptoResult ODK_PrepareCoreProvisioningRequest(
|
||||
* Description:
|
||||
* This function sets all limits in the timer_limits struct to the
|
||||
* key_duration and initializes the other values. The field
|
||||
* nonce_values.api_level will be set to 15. It shall be called from
|
||||
* nonce_values.api_major_version will be set to 15. It shall be called from
|
||||
* OEMCrypto_LoadKeys when loading a legacy license.
|
||||
*
|
||||
* Parameters:
|
||||
@@ -403,8 +413,12 @@ OEMCryptoResult ODK_InitializeV15Values(ODK_TimerLimits* timer_limits,
|
||||
* ODK_RefreshV15Values
|
||||
*
|
||||
* Description:
|
||||
* This function updates the clock_values as needed if the renewal is
|
||||
* accepted. The field nonce_values.api_level is verified to be 15.
|
||||
* This function updates the clock_values as needed if a v15 renewal is
|
||||
* accepted. The field nonce_values.api_major_version is verified to be 15.
|
||||
*
|
||||
* This is called from OEMCrypto_RefreshKeys for a valid license renewal.
|
||||
* OEMCrypto shall pass in the current system time, and the key duration from
|
||||
* the first object in the OEMCrypto_KeyRefreshObject.
|
||||
*
|
||||
* Parameters:
|
||||
* [in] timer_limits: The session's timer limits.
|
||||
@@ -412,6 +426,8 @@ OEMCryptoResult ODK_InitializeV15Values(ODK_TimerLimits* timer_limits,
|
||||
* [in] nonce_values: The session's ODK nonce values.
|
||||
* [in] system_time_seconds: The current time on the system clock, as
|
||||
* described in the document "License Duration and Renewal".
|
||||
* [in] new_key_duration: The duration from the first
|
||||
* OEMCrypto_KeyRefreshObject in key_array.
|
||||
* [out] timer_value: set to the new timer value. Only used if the return
|
||||
* value is ODK_SET_TIMER. This must be non-null if OEMCrypto uses a
|
||||
* hardware timer.
|
||||
@@ -432,27 +448,43 @@ OEMCryptoResult ODK_RefreshV15Values(const ODK_TimerLimits* timer_limits,
|
||||
ODK_ClockValues* clock_values,
|
||||
const ODK_NonceValues* nonce_values,
|
||||
uint64_t system_time_seconds,
|
||||
uint32_t new_key_duration,
|
||||
uint64_t* timer_value);
|
||||
|
||||
/*
|
||||
* ODK_ParseLicense
|
||||
*
|
||||
* Description:
|
||||
* The function ODK_ParseLicense will parse the message and verify
|
||||
*
|
||||
* 1. Either the nonce matches the one passed in or the license does not
|
||||
* require a nonce.
|
||||
* 2. The API version of the message matches.
|
||||
* 3. The session id matches.
|
||||
* The function ODK_ParseLicense will parse the message and set each
|
||||
* substring pointer to point to a location in the message body. The message
|
||||
* body is the buffer starting at message + core_message_length with size
|
||||
* message_length - core_message_length.
|
||||
* The function ODK_ParseLicense will parse the message and verify fields in
|
||||
* the message.
|
||||
*
|
||||
* If the message does not parse correctly, ODK_VerifyAndParseLicense will
|
||||
* return ODK_ERROR_CORE_MESSAGE that OEMCrypto should return to the CDM
|
||||
* layer above. If the api in the message is larger than 16, then
|
||||
* ODK_UNSUPPORTED_API is returned.
|
||||
* layer above.
|
||||
*
|
||||
* If the API in the message is not 16, then ODK_UNSUPPORTED_API is returned.
|
||||
*
|
||||
* If initial_license_load is true, and nonce_required in the license is
|
||||
* true, then the ODK library shall verify that nonce_values->nonce and
|
||||
* nonce_values->session_id are the same as those in the message. If
|
||||
* verification fails, then it shall return OEMCrypto_ERROR_INVALID_NONCE.
|
||||
*
|
||||
* If initial_license_load is false, and nonce_required is true, then
|
||||
* ODK_ParseLicense will set the values in nonce_values from those in the
|
||||
* message.
|
||||
*
|
||||
* The function ODK_ParseLicense will verify that each substring points to a
|
||||
* location in the message body. The message body is the buffer starting at
|
||||
* message + core_message_length with size message_length -
|
||||
* core_message_length.
|
||||
*
|
||||
* If initial_license_load is true, then ODK_ParseLicense shall verify that
|
||||
* the parameter request_hash matches request_hash in the parsed license. If
|
||||
* verification fails, then it shall return ODK_ERROR_CORE_MESSAGE. This was
|
||||
* computed by OEMCrypto when the license was requested.
|
||||
*
|
||||
* If usage_entry_present is true, then ODK_ParseLicense shall verify that
|
||||
* the pst in the license has a nonzero length.
|
||||
*
|
||||
* Parameters:
|
||||
* [in] message: pointer to the message buffer.
|
||||
@@ -463,6 +495,8 @@ OEMCryptoResult ODK_RefreshV15Values(const ODK_TimerLimits* timer_limits,
|
||||
* false when called for OEMCrypto_ReloadLicense.
|
||||
* [in] usage_entry_present: true if the session has a new usage entry
|
||||
* associated with it created via OEMCrypto_CreateNewUsageEntry.
|
||||
* [in] request_hash: the hash of the license request core message. This was
|
||||
* computed by OEMCrypto when the license request was signed.
|
||||
* [in/out] timer_limits: The session's timer limits. These will be updated.
|
||||
* [in/out] clock_values: The session's clock values. These will be updated.
|
||||
* [in/out] nonce_values: The session's nonce values. These will be updated.
|
||||
@@ -470,7 +504,7 @@ OEMCryptoResult ODK_RefreshV15Values(const ODK_TimerLimits* timer_limits,
|
||||
*
|
||||
* Returns:
|
||||
* OEMCrypto_SUCCESS
|
||||
* ODK_ERROR_CORE_MESSAGE if the message did not parse correctly, or there
|
||||
* ODK_ERROR_CORE_MESSAGE: if the message did not parse correctly, or there
|
||||
* were other incorrect values. An error should be returned to the CDM
|
||||
* layer.
|
||||
* ODK_UNSUPPORTED_API
|
||||
@@ -490,9 +524,12 @@ OEMCryptoResult ODK_ParseLicense(
|
||||
* ODK_ParseRenewal
|
||||
*
|
||||
* Description:
|
||||
* The function ODK_ParseRenewal will parse the message and verify that the
|
||||
* nonce values match those in the license. If the message does not parse
|
||||
* correctly, an error of ODK_ERROR_CORE_MESSAGE is returned.
|
||||
* The function ODK_ParseRenewal will parse the message and verify its
|
||||
* contents. If the message does not parse correctly, an error of
|
||||
* ODK_ERROR_CORE_MESSAGE is returned.
|
||||
*
|
||||
* ODK_ParseRenewal shall verify that all fields in nonce_values match those
|
||||
* in the license. Otherwise it shall return OEMCrypto_ERROR_INVALID_NONCE.
|
||||
*
|
||||
* After parsing the message, this function updates the clock_values based on
|
||||
* the timer_limits and the current system time. If playback may not
|
||||
@@ -504,8 +541,8 @@ OEMCryptoResult ODK_ParseLicense(
|
||||
* ODK_DISABLE_TIMER, then playback time is not limited.
|
||||
*
|
||||
* If OEMCrypto uses a hardware timer, and this function returns
|
||||
* ODK_SET_TIMER, then the timer should be set to the value pointed to by
|
||||
* timer_value.
|
||||
* ODK_SET_TIMER, then OEMCrypto shall set the timer to the value pointed to
|
||||
* by timer_value.
|
||||
*
|
||||
* Parameters:
|
||||
* [in] message: pointer to the message buffer.
|
||||
@@ -522,15 +559,16 @@ OEMCryptoResult ODK_ParseLicense(
|
||||
* hardware timer.
|
||||
*
|
||||
* Returns:
|
||||
* ODK_ERROR_CORE_MESSAGE if the message did not parse correctly, or there
|
||||
* were other incorrect values. An error should be returned to the CDM
|
||||
* layer.
|
||||
* ODK_ERROR_CORE_MESSAGE: the message did not parse correctly, or there were
|
||||
* other incorrect values. An error should be returned to the CDM layer.
|
||||
* ODK_SET_TIMER: Success. The timer should be reset to the specified timer
|
||||
* value.
|
||||
* ODK_DISABLE_TIMER: Success, but disable timer. Unlimited playback is
|
||||
* allowed.
|
||||
* ODK_TIMER_EXPIRED: Set timer as disabled. Playback is not allowed.
|
||||
* ODK_UNSUPPORTED_API
|
||||
* ODK_STALE_RENEWAL: This renewal is not the most recently signed. It is
|
||||
* rejected.
|
||||
* OEMCrypto_ERROR_INVALID_NONCE
|
||||
*
|
||||
* Version:
|
||||
@@ -551,14 +589,21 @@ OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
|
||||
* The function ODK_ParseProvisioning will parse the message and verify the
|
||||
* nonce values match those in the license.
|
||||
*
|
||||
* The function ODK_ParseProvisioning will parse the message and set each
|
||||
* substring pointer to point to a location in the message body. The message
|
||||
* body is the buffer starting at message + core_message_length with size
|
||||
* message_length - core_message_length.
|
||||
*
|
||||
* If the message does not parse correctly, ODK_ParseProvisioning will return
|
||||
* an error that OEMCrypto should return to the CDM layer above.
|
||||
*
|
||||
* If the API in the message is larger than 16, then ODK_UNSUPPORTED_API is
|
||||
* returned.
|
||||
*
|
||||
* ODK_ParseProvisioning shall verify that nonce_values->nonce and
|
||||
* nonce_values->session_id are the same as those in the message. Otherwise
|
||||
* it shall return OEMCrypto_ERROR_INVALID_NONCE.
|
||||
*
|
||||
* The function ODK_ParseProvisioning will verify that each substring points
|
||||
* to a location in the message body. The message body is the buffer starting
|
||||
* at message + core_message_length with size message_length -
|
||||
* core_message_length.
|
||||
*
|
||||
* Parameters:
|
||||
* [in] message: pointer to the message buffer.
|
||||
* [in] message_length: length of the entire message buffer.
|
||||
@@ -572,9 +617,8 @@ OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
|
||||
*
|
||||
* Returns:
|
||||
* OEMCrypto_SUCCESS
|
||||
* ODK_ERROR_CORE_MESSAGE if the message did not parse correctly, or there
|
||||
* were other incorrect values. An error should be returned to the CDM
|
||||
* layer.
|
||||
* ODK_ERROR_CORE_MESSAGE: the message did not parse correctly, or there were
|
||||
* other incorrect values. An error should be returned to the CDM layer.
|
||||
* ODK_UNSUPPORTED_API
|
||||
* OEMCrypto_ERROR_INVALID_NONCE
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user