Import updates to the Widevine CENC DRM Plugin
This change incorporates the following CLs from the Widevine
cdm repository:
Update the java request/response test app to match Drm API changes
Don't build the mock liboemcrypto.so by default
Do not build CDM tests by default
Fix Build Break in DrmEngine Unit Tests
Fix Build Break in WVDrmPlugin
Initial version of roadmap for CDM projects.
Implement License Query
Implement Generic DRM in OEMCrypto Reference Implementation
Add key_data_length field when calling OEMCrypto_LoadKeys
Policy engine unittests
Generalized DRM API for OEMCrypto
Fixes proto buf libraries build.
Add Version Number to OEMCrypto API
Test key control block duration field in OEMCrypto
Add fix for missing crypto offset.
Fixed android/media*/test builds and added proto files for Cert. provisioning
Refactor and clean up callback code in CDM.
Add "device_id" name-value pair to LicenseRequest::ClientIdentification
Separate unit and end-to-end tests from the top level makefie.
Includes changes for 'fall back to l3 oemcrypto lib' in top level makefile.
Fall Back to Level 3 if Level 1 Fails
Fix compilation error in wvcdm_unittest.
Fix Android build break due to Decrypt() signature change in cdm_engine.h.
Wire up callbacks and errors in the Steel proxy.
Fix lock assert if there is no keybox on the device.
RSA Certificate Unit Test
Change Generic_Verify signature to constant.
Change-Id: I2e42db9d0b4f8d4e833675ae81d0714509bbfd2c
This commit is contained in:
Jeff Tinker
@@ -16,8 +16,9 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define OEMCRYPTO_VERSION "5.0"
|
||||
#define OEMCRYPTO_VERSION "7.0"
|
||||
static const char oec_version[] = OEMCRYPTO_VERSION;
|
||||
static const uint32_t oec_latest_version = 7;
|
||||
|
||||
typedef uint32_t OEMCrypto_SESSION;
|
||||
|
||||
@@ -144,6 +145,7 @@ typedef struct {
|
||||
size_t key_id_length;
|
||||
const uint8_t* key_data_iv;
|
||||
const uint8_t* key_data;
|
||||
size_t key_data_length;
|
||||
const uint8_t* key_control_iv;
|
||||
const uint8_t* key_control;
|
||||
} OEMCrypto_KeyObject;
|
||||
@@ -153,12 +155,12 @@ typedef struct {
|
||||
* Points to the relevant fields for renewing a content key. The fields are
|
||||
* extracted from the License Renewal Response message offered to
|
||||
* OEMCrypto_RefreshKeys(). Each field points to one of the components of
|
||||
* the key. All fields are 128 bits (16 bytes):
|
||||
* the key.
|
||||
* key_id - the unique id of this key.
|
||||
* key_control_iv - the IV for performing AES-128-CBC decryption of the
|
||||
* key_control field.
|
||||
* key_control field. 16 bytes.
|
||||
* key_control - the key control block. It is encrypted (AES-128-CBC) with
|
||||
* the content key from the key_data field.
|
||||
* the content key from the key_data field. 16 bytes.
|
||||
*
|
||||
* The key_data is unchanged from the original OEMCrypto_LoadKeys() call. Some
|
||||
* Key Control Block fields, especially those related to key lifetime, may
|
||||
@@ -174,6 +176,17 @@ typedef struct {
|
||||
const uint8_t* key_control;
|
||||
} OEMCrypto_KeyRefreshObject;
|
||||
|
||||
/*
|
||||
* OEMCrypto_Algorithm
|
||||
* This is a list of valid algorithms for OEMCrypto_Generic_* functions.
|
||||
* Some are valid for encryption/decryption, and some for signing/verifying.
|
||||
*/
|
||||
typedef enum OEMCrypto_Algorithm {
|
||||
OEMCrypto_AES_CBC_128_NO_PADDING = 0,
|
||||
OEMCrypto_HMAC_SHA256 = 1,
|
||||
} OEMCrypto_Algorithm;
|
||||
|
||||
/* Obfuscation Renames. */
|
||||
#define OEMCrypto_Initialize _oecc01
|
||||
#define OEMCrypto_Terminate _oecc02
|
||||
#define OEMCrypto_InstallKeybox _oecc03
|
||||
@@ -195,6 +208,12 @@ typedef struct {
|
||||
#define OEMCrypto_LoadDeviceRSAKey _oecc19
|
||||
#define OEMCrypto_GenerateRSASignature _oecc20
|
||||
#define OEMCrypto_DeriveKeysFromSessionKey _oecc21
|
||||
#define OEMCrypto_APIVersion _oecc22
|
||||
#define OEMCrypto_SecurityLevel _oecc23
|
||||
#define OEMCrypto_Generic_Encrypt _oecc24
|
||||
#define OEMCrypto_Generic_Decrypt _oecc25
|
||||
#define OEMCrypto_Generic_Sign _oecc26
|
||||
#define OEMCrypto_Generic_Virify _oecc27
|
||||
|
||||
/*
|
||||
* OEMCrypto_Initialize
|
||||
@@ -212,6 +231,9 @@ typedef struct {
|
||||
* Returns:
|
||||
* OEMCrypto_SUCCESS success
|
||||
* OEMCrypto_ERROR_INIT_FAILED failed to initialize crypto hardware
|
||||
*
|
||||
* Version:
|
||||
* This method is supported by all API versions.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_Initialize(void);
|
||||
|
||||
@@ -232,6 +254,9 @@ OEMCryptoResult OEMCrypto_Initialize(void);
|
||||
* Returns:
|
||||
* OEMCrypto_SUCCESS success
|
||||
* OEMCrypto_ERROR_TERMINATE_FAILED failed to de-initialize crypto hardware
|
||||
*
|
||||
* Version:
|
||||
* This method is all API versions.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_Terminate(void);
|
||||
|
||||
@@ -253,6 +278,9 @@ OEMCryptoResult OEMCrypto_Terminate(void);
|
||||
* OEMCrypto_SUCCESS success
|
||||
* OEMCrypto_ERROR_TOO_MANY_SESSIONS failed because too many sessions are open
|
||||
* OEMCrypto_ERROR_OPEN_SESSION_FAILED failed to initialize the crypto session
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 5.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_OpenSession(OEMCrypto_SESSION *session);
|
||||
|
||||
@@ -274,6 +302,9 @@ OEMCryptoResult OEMCrypto_OpenSession(OEMCrypto_SESSION *session);
|
||||
* OEMCrypto_SUCCESS success
|
||||
* OEMCrypto_ERROR_INVALID_SESSION no open session with that id.
|
||||
* OEMCrypto_ERROR_CLOSE_SESSION_FAILED failed to terminate the crypto session
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 5.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session);
|
||||
|
||||
@@ -315,6 +346,9 @@ OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session);
|
||||
* OEMCrypto_ERROR_INVALID_SESSION
|
||||
* OEMCrypto_ERROR_UNKNOWN_FAILURE
|
||||
* OEMCrypto_ERROR_INVALID_CONTEXT
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 5.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_GenerateDerivedKeys(
|
||||
OEMCrypto_SESSION session,
|
||||
@@ -351,6 +385,9 @@ OEMCryptoResult OEMCrypto_GenerateDerivedKeys(
|
||||
* OEMCrypto_ERROR_INVALID_SESSION
|
||||
* OEMCrypto_ERROR_UNKNOWN_FAILURE
|
||||
* OEMCrypto_ERROR_INVALID_CONTEXT
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 5.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_GenerateNonce(
|
||||
OEMCrypto_SESSION session,
|
||||
@@ -384,8 +421,12 @@ OEMCryptoResult OEMCrypto_GenerateNonce(
|
||||
* OEMCrypto_SUCCESS success
|
||||
* OEMCrypto_ERROR_NO_DEVICE_KEY
|
||||
* OEMCrypto_ERROR_INVALID_SESSION
|
||||
* OEMCrypto_ERROR_SHORT_BUFFER
|
||||
* OEMCrypto_ERROR_UNKNOWN_FAILURE
|
||||
* OEMCrypto_ERROR_INVALID_CONTEXT
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 5.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_GenerateSignature(
|
||||
OEMCrypto_SESSION session,
|
||||
@@ -459,6 +500,9 @@ OEMCryptoResult OEMCrypto_GenerateSignature(
|
||||
* OEMCrypto_ERROR_SIGNATURE_FAILURE
|
||||
* OEMCrypto_ERROR_INVALID_NONCE
|
||||
* OEMCrypto_ERROR_TOO_MANY_KEYS
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 5.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,
|
||||
const uint8_t* message,
|
||||
@@ -510,6 +554,9 @@ OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,
|
||||
* OEMCrypto_ERROR_INVALID_CONTEXT
|
||||
* OEMCrypto_ERROR_INVALID_NONCE
|
||||
* OEMCrypto_ERROR_SIGNATURE_FAILURE
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 5.
|
||||
*/
|
||||
OEMCryptoResult
|
||||
OEMCrypto_RefreshKeys(OEMCrypto_SESSION session,
|
||||
@@ -564,6 +611,9 @@ OEMCrypto_RefreshKeys(OEMCrypto_SESSION session,
|
||||
* OEMCrypto_ERROR_NO_CONTENT_KEY failed to decrypt content key
|
||||
* OEMCrypto_ERROR_CONTROL_INVALID invalid or unsupported control input
|
||||
* OEMCrypto_ERROR_KEYBOX_INVALID cannot decrypt and read from Keybox
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 5.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
|
||||
const uint8_t* key_id,
|
||||
@@ -636,6 +686,9 @@ OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
|
||||
* OEMCrypto_ERROR_UNKNOWN_FAILURE
|
||||
* OEMCrypto_ERROR_INVALID_CONTEXT
|
||||
* OEMCrypto_ERROR_DECRYPT_FAILED
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 5.
|
||||
*/
|
||||
OEMCryptoResult
|
||||
OEMCrypto_DecryptCTR(OEMCrypto_SESSION session,
|
||||
@@ -667,6 +720,9 @@ OEMCrypto_DecryptCTR(OEMCrypto_SESSION session,
|
||||
* Returns:
|
||||
* OEMCrypto_SUCCESS success
|
||||
* OEMCrypto_ERROR_WRITE_KEYBOX failed to handle and store Keybox
|
||||
*
|
||||
* Version:
|
||||
* This method is all API versions.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t *keybox,
|
||||
size_t keyBoxLength);
|
||||
@@ -693,6 +749,9 @@ OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t *keybox,
|
||||
* OEMCrypto_SUCCESS
|
||||
* OEMCrypto_ERROR_BAD_MAGIC
|
||||
* OEMCrypto_ERROR_BAD_CRC
|
||||
*
|
||||
* Version:
|
||||
* This method is supported by all API versions.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_IsKeyboxValid(void);
|
||||
|
||||
@@ -714,6 +773,9 @@ OEMCryptoResult OEMCrypto_IsKeyboxValid(void);
|
||||
* OEMCrypto_SUCCESS success
|
||||
* OEMCrypto_ERROR_SHORT_BUFFER buffer is too small to return the device ID
|
||||
* OEMCrypto_ERROR_NO_DEVICEID failed to return Device Id
|
||||
*
|
||||
* Version:
|
||||
* This method is supported by all API versions.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID,
|
||||
size_t *idLength);
|
||||
@@ -743,6 +805,9 @@ OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID,
|
||||
* OEMCrypto_SUCCESS success
|
||||
* OEMCrypto_ERROR_SHORT_BUFFER the buffer is too small to return the KeyData
|
||||
* OEMCrypto_ERROR_NO_KEYDATA failed to return KeyData
|
||||
*
|
||||
* Version:
|
||||
* This method is supported by all API versions.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_GetKeyData(uint8_t* keyData,
|
||||
size_t *keyDataLength);
|
||||
@@ -766,6 +831,9 @@ OEMCryptoResult OEMCrypto_GetKeyData(uint8_t* keyData,
|
||||
* OEMCrypto_SUCCESS success
|
||||
* OEMCrypto_ERROR_RNG_FAILED failed to generate random number
|
||||
* OEMCrypto_ERROR_RNG_NOT_SUPPORTED function not supported
|
||||
*
|
||||
* Version:
|
||||
* This method is supported by all API versions.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_GetRandom(uint8_t* randomData,
|
||||
size_t dataLength);
|
||||
@@ -795,6 +863,9 @@ OEMCryptoResult OEMCrypto_GetRandom(uint8_t* randomData,
|
||||
* OEMCrypto_SUCCESS success
|
||||
* OEMCrypto_ERROR_WRAP_KEYBOX failed to wrap Keybox
|
||||
* OEMCrypto_ERROR_NOT_IMPLEMENTED
|
||||
*
|
||||
* Version:
|
||||
* This method is supported by all API versions.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t *keybox,
|
||||
size_t keyBoxLength,
|
||||
@@ -848,6 +919,9 @@ OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t *keybox,
|
||||
* OEMCrypto_ERROR_SIGNATURE_FAILURE
|
||||
* OEMCrypto_ERROR_INVALID_NONCE
|
||||
* OEMCrypto_ERROR_SHORT_BUFFER
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API versions 6.
|
||||
*/
|
||||
|
||||
OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey(OEMCrypto_SESSION session,
|
||||
@@ -855,7 +929,7 @@ OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey(OEMCrypto_SESSION session,
|
||||
size_t message_length,
|
||||
const uint8_t* signature,
|
||||
size_t signature_length,
|
||||
uint32_t *nonce,
|
||||
const uint32_t *nonce,
|
||||
const uint8_t* enc_rsa_key,
|
||||
size_t enc_rsa_key_length,
|
||||
const uint8_t* enc_rsa_key_iv,
|
||||
@@ -889,6 +963,9 @@ OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey(OEMCrypto_SESSION session,
|
||||
* OEMCrypto_ERROR_INVALID_SESSION
|
||||
* OEMCrypto_ERROR_UNKNOWN_FAILURE
|
||||
* OEMCrypto_ERROR_INVALID_RSA_KEY
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 6.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_LoadDeviceRSAKey(OEMCrypto_SESSION session,
|
||||
const uint8_t* wrapped_rsa_key,
|
||||
@@ -923,6 +1000,9 @@ OEMCryptoResult OEMCrypto_LoadDeviceRSAKey(OEMCrypto_SESSION session,
|
||||
* OEMCrypto_ERROR_SHORT_BUFFER if the signature buffer is too small.
|
||||
* OEMCrypto_ERROR_CLOSE_SESSION_FAILED illegal/unrecognized handle or the
|
||||
* security engine is not properly initialized.
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 6.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_GenerateRSASignature(OEMCrypto_SESSION session,
|
||||
const uint8_t* message,
|
||||
@@ -966,6 +1046,9 @@ OEMCryptoResult OEMCrypto_GenerateRSASignature(OEMCrypto_SESSION session,
|
||||
* OEMCrypto_ERROR_INVALID_SESSION
|
||||
* OEMCrypto_ERROR_UNKNOWN_FAILURE
|
||||
* OEMCrypto_ERROR_INVALID_CONTEXT
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 6.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_DeriveKeysFromSessionKey(OEMCrypto_SESSION session,
|
||||
const uint8_t* enc_session_key,
|
||||
@@ -975,6 +1058,218 @@ OEMCryptoResult OEMCrypto_DeriveKeysFromSessionKey(OEMCrypto_SESSION session,
|
||||
const uint8_t *enc_key_context,
|
||||
size_t enc_key_context_length);
|
||||
|
||||
|
||||
/*
|
||||
* OEMCrypto_APIVersion()
|
||||
*
|
||||
* Description:
|
||||
* This function returns the current API version number. Because this
|
||||
* API is part of a shared library, the version number allows the calling
|
||||
* application to avoid version mis-match errors.
|
||||
*
|
||||
* There is a possibility that some API methods will be backwards compatible,
|
||||
* or backwards compatible at a reduced security level.
|
||||
*
|
||||
* There is no plan to introduce forward-compatibility. I.e. applications
|
||||
* will reject a library with a newer version of the API.
|
||||
*
|
||||
* Returns:
|
||||
* The current version number.
|
||||
*
|
||||
* Version:
|
||||
* This method should change in all API versions.
|
||||
*/
|
||||
uint32_t OEMCrypto_APIVersion();
|
||||
|
||||
/*
|
||||
* OEMCrypto_SecurityLevel()
|
||||
*
|
||||
* Description:
|
||||
* This function returns the security level of the OEMCrypto library.
|
||||
*
|
||||
* Since this function is spoofable, it is not relied on for security
|
||||
* purposes. It is for information only.
|
||||
*
|
||||
* Returns:
|
||||
* A null terminated string. Useful values are "L1", "L2" or "L3".
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 6.
|
||||
*/
|
||||
const char* OEMCrypto_SecurityLevel();
|
||||
|
||||
/*
|
||||
* OEMCryptoResult OEMCrypto_Generic_Encrypt
|
||||
*
|
||||
* This function encrypts a generic buffer of data using the current key.
|
||||
*
|
||||
* Verification:
|
||||
* The following checks should be performed. If any check fails, an error is
|
||||
* returned, and the data is not encrypted.
|
||||
*
|
||||
* The control bit for the current key shall have the Allow_Encrypt set. If
|
||||
* not, return OEMCrypto_ERROR_UNKNOWN_FAILURE.
|
||||
*
|
||||
* Parameters:
|
||||
* [in] session: crypto session identifier.
|
||||
* [in] in_buffer: pointer to memory containing data to be encrypted.
|
||||
* [in] buffer_length: length of the buffer, in bytes.
|
||||
* [in] iv: IV for encrypting data. Size is specified by the algorithm.
|
||||
* [in] algorithm: Specifies which encryption algorithm to use. See
|
||||
* OEMCrypto_Algorithm for valid values.
|
||||
* [out] out_buffer: pointer to buffer in which encrypted data should be stored.
|
||||
*
|
||||
* Returns:
|
||||
* OEMCrypto_SUCCESS success
|
||||
* OEMCrypto_ERROR_NO_DEVICE_KEY
|
||||
* OEMCrypto_ERROR_INVALID_SESSION
|
||||
* OEMCrypto_ERROR_UNKNOWN_FAILURE
|
||||
*
|
||||
* Threading:
|
||||
* This function may be called simultaneously with functions on other sessions,
|
||||
* but not with other functions on this session.
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 7.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_Generic_Encrypt(OEMCrypto_SESSION session,
|
||||
const uint8_t* in_buffer,
|
||||
size_t buffer_length,
|
||||
const uint8_t* iv,
|
||||
OEMCrypto_Algorithm algorithm,
|
||||
uint8_t* out_buffer);
|
||||
|
||||
/*
|
||||
* OEMCrypto_Generic_Decrypt
|
||||
*
|
||||
* This function decrypts a generic buffer of data using the current key.
|
||||
*
|
||||
* Verification:
|
||||
* The following checks should be performed. If any check fails, an error is
|
||||
* returned, and the data is not decrypted.
|
||||
*
|
||||
* The control bit for the current key shall have the Allow_Decrypt set. If
|
||||
* not, return OEMCrypto_ERROR_DECRYPT_FAILED.
|
||||
* If the current key’s control block has the Data_Path_Type bit set, then
|
||||
* return OEMCrypto_ERROR_DECRYPT_FAILED.
|
||||
* If the current key’s control block has the HDCP bit set, then return
|
||||
* OEMCrypto_ERROR_DECRYPT_FAILED.
|
||||
*
|
||||
* Parameters:
|
||||
* [in] session: crypto session identifier.
|
||||
* [in] in_buffer: pointer to memory containing data to be encrypted.
|
||||
* [in] buffer_length: length of the buffer, in bytes.
|
||||
* [in] iv: IV for encrypting data. Size depends on the algorithm.
|
||||
* [in] algorithm: Specifies which encryption algorithm to use. See
|
||||
* OEMCrypto_Algorithm for valid values.
|
||||
* [out] out_buffer: pointer to buffer in which decrypted data should be stored.
|
||||
*
|
||||
* Returns:
|
||||
* OEMCrypto_SUCCESS success
|
||||
* OEMCrypto_ERROR_NO_DEVICE_KEY
|
||||
* OEMCrypto_ERROR_INVALID_SESSION
|
||||
* OEMCrypto_ERROR_UNKNOWN_FAILURE
|
||||
*
|
||||
* Threading:
|
||||
* This function may be called simultaneously with functions on other sessions,
|
||||
* but not with other functions on this session.
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 7.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_Generic_Decrypt(OEMCrypto_SESSION session,
|
||||
const uint8_t* in_buffer,
|
||||
size_t buffer_length,
|
||||
const uint8_t* iv,
|
||||
OEMCrypto_Algorithm algorithm,
|
||||
uint8_t* out_buffer);
|
||||
|
||||
/*
|
||||
* OEMCrypto_Generic_Sign
|
||||
*
|
||||
* This function signs a generic buffer of data using the current key.
|
||||
*
|
||||
* Verification
|
||||
* The following checks should be performed. If any check fails,
|
||||
* an error is returned, and the signature is not generated.
|
||||
*
|
||||
* The control bit for the current key shall have the Allow_Sign set.
|
||||
*
|
||||
* Parameters
|
||||
* [in] session: crypto session identifier.
|
||||
* [in] in_buffer: pointer to memory containing data to be encrypted.
|
||||
* [in] buffer_length: length of the buffer, in bytes.
|
||||
* [in] algorithm: Specifies which algorithm to use. See
|
||||
* OEMCrypto_Algorithm for valid values.
|
||||
* [out] signature: pointer to buffer in which signature should be stored.
|
||||
* [in/out] signature_length: (in) length of the signature buffer, in bytes.
|
||||
* (out) actual length of the signature
|
||||
*
|
||||
* Returns
|
||||
* OEMCrypto_SUCCESS success
|
||||
* OEMCrypto_ERROR_SHORT_BUFFER if signature buffer is not large enough to hold
|
||||
* buffer.
|
||||
* OEMCrypto_ERROR_NO_DEVICE_KEY
|
||||
* OEMCrypto_ERROR_INVALID_SESSION
|
||||
* OEMCrypto_ERROR_UNKNOWN_FAILURE
|
||||
* Threading
|
||||
* This function may be called simultaneously with functions on other sessions,
|
||||
* but not with other functions on this session.
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 7.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_Generic_Sign(OEMCrypto_SESSION session,
|
||||
const uint8_t* in_buffer,
|
||||
size_t buffer_length,
|
||||
OEMCrypto_Algorithm algorithm,
|
||||
uint8_t* signature,
|
||||
size_t* signature_length);
|
||||
|
||||
/*
|
||||
* OEMCrypto_Generic_Verify
|
||||
* This function verfies the signature of a generic buffer of data using the
|
||||
* current key.
|
||||
*
|
||||
* Verification
|
||||
* The following checks should be performed. If any check fails, an error is
|
||||
* returned, and the data is not signed.
|
||||
*
|
||||
* The control bit for the current key shall have the Allow_Verify set.
|
||||
* The signature of the message shall be computed, and the API shall verify the
|
||||
* computed signature matches the signature passed in. If not, return
|
||||
* OEMCrypto_ERROR_SIGNATURE_FAILURE
|
||||
*
|
||||
* Parameters
|
||||
* [in] session: crypto session identifier.
|
||||
* [in] in_buffer: pointer to memory containing data to be encrypted.
|
||||
* [in] buffer_length: length of the buffer, in bytes.
|
||||
* [in] algorithm: Specifies which algorithm to use. Current valid value is
|
||||
* HMAC_SHA256.
|
||||
* [in] signature: pointer to signature buffer.
|
||||
* [in] signature_length: length of the signature buffer, in bytes.
|
||||
*
|
||||
* Returns:
|
||||
* OEMCrypto_SUCCESS success
|
||||
* OEMCrypto_ERROR_SIGNATURE_FAILURE
|
||||
* OEMCrypto_ERROR_NO_DEVICE_KEY
|
||||
* OEMCrypto_ERROR_INVALID_SESSION
|
||||
* OEMCrypto_ERROR_UNKNOWN_FAILURE
|
||||
*
|
||||
* Threading:
|
||||
* This function may be called simultaneously with functions on other sessions,
|
||||
* but not with other functions on this session.
|
||||
*
|
||||
* Version:
|
||||
* This method changed in API version 7.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_Generic_Verify(OEMCrypto_SESSION session,
|
||||
const uint8_t* in_buffer,
|
||||
size_t buffer_length,
|
||||
OEMCrypto_Algorithm algorithm,
|
||||
const uint8_t* signature,
|
||||
size_t signature_length);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user