Add DecryptCTR to OEMCrypto Mock
This is a software only implementation of the OEMCrypto library for testing the rest of the DRM code. It currently implements the OEMCrypto_DecrtyptCTR function using a clear key. I've included the license request code so the rest of the group can play with it, but I have only tested part of it. This patch also has some makefiles and an integration testing. You should be able to generate the shared library libclearkeydrmengine.so with cd vendor/widevine/libclearkeydrmengine; mm You can create some unit test and integration test programs from the directories: vendor/widevine/libwvdrmengine/oemcrypto/test vendor/widevine/libclearkeydrmengine/test vendor/widevine/libclearkeydrmengine/inttest vendor/widevine/libclearkeydrmengine/crypto/test This change also addresses some comments about comments in OEMCryptoDASH.h which were made in https://googleplex-android-review.googlesource.com/257323 Change-Id: Id6899b9f8d2f09e09be2ea493baa83a6b929073b
This commit is contained in:
Fred Gylys-Colwell
committed by
Jeff Tinker
Jeff Tinker
parent
04bfbb0198
commit
fede3bffdd
@@ -9,18 +9,39 @@
|
||||
#ifndef OEMCRYPTO_DASH_H_
|
||||
#define OEMCRYPTO_DASH_H_
|
||||
|
||||
#include<stdint.h>
|
||||
|
||||
// 12/20/2012 - changes from 4.3 to 4.4:
|
||||
// 1. Added key id length.
|
||||
// 2. Renamed fields in DestBufferDesc.
|
||||
// 12/11/2012 - changes from 4.2 to 4.3:
|
||||
// 1. Include stdint.h. Change base types.
|
||||
// 2. Allow NULL for mac_key in OEMCrypto_LoadKeys() (doc-only change).
|
||||
// 3. Allow NULL for key_control_block in OEMCrypto_RefreshKeys() (doc-only
|
||||
// change).
|
||||
// 12/05/2012 - changes from 4.1 to 4.2:
|
||||
// 1. Change OEMCrypto_GenerateDerivedkeys() to pass in two context strings
|
||||
// for the derived key computation - one for the mac key and one for the
|
||||
// encryption key.
|
||||
// 12/04/2012 - changes from 4.0 to 4.1:
|
||||
// 1. Change 'unsigned long' back to 'unsigned int'.
|
||||
// 2. Add struct OEMCrypto_DestBufferDesc for OEMCrypto_DecryptCTR()
|
||||
// output param.
|
||||
// 3. Change OEMCrypto_KeyObject to use 'const OEMCrypto_UINT8*'
|
||||
// 4. Change OEMCrypto_KeyRefreshObject to use 'const OEMCrypto_UINT8*'
|
||||
// 5. Change enc_mac params of OEMCrypto_LoadKeys() to
|
||||
// to use const OEMCrypto_UINT8*'.
|
||||
// 6. Add OEMCrypto_SelectKey().
|
||||
// 7. Add OEMCrypto_DestBufferDesc param to OEMCrypto_DecryptCTR().
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define OEMCRYPTO_VERSION "4.0"
|
||||
#define OEMCRYPTO_VERSION "4.4"
|
||||
static const char oec_version[] = OEMCRYPTO_VERSION;
|
||||
|
||||
|
||||
#include<stdint.h>
|
||||
|
||||
typedef uint32_t OEMCrypto_SESSION;
|
||||
typedef uint8_t OEMCrypto_KeyID[16];
|
||||
|
||||
typedef enum OEMCryptoResult {
|
||||
OEMCrypto_SUCCESS = 0,
|
||||
@@ -138,7 +159,8 @@ typedef struct {
|
||||
* by the caller of OEMCrypto_LoadKeys().
|
||||
*/
|
||||
typedef struct {
|
||||
const OEMCrypto_KeyID* key_id;
|
||||
const uint8_t* key_id;
|
||||
size_t key_id_length;
|
||||
const uint8_t* key_data_iv;
|
||||
const uint8_t* key_data;
|
||||
const uint8_t* key_control_iv;
|
||||
@@ -165,7 +187,8 @@ typedef struct {
|
||||
* by the caller of OEMCrypto_RefreshKeys().
|
||||
*/
|
||||
typedef struct {
|
||||
const OEMCrypto_KeyID* key_id;
|
||||
const uint8_t* key_id;
|
||||
size_t key_id_length;
|
||||
const uint8_t* key_control_iv;
|
||||
const uint8_t* key_control;
|
||||
} OEMCrypto_KeyRefreshObject;
|
||||
@@ -287,10 +310,10 @@ OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session);
|
||||
*
|
||||
* Refer to document "OEMCrypto Changes for V2 License Protocol" for details.
|
||||
* This function computes the AES-128-CMAC of the enc_key_context and stores
|
||||
* it in secure memory as the encrypt_key, and the first half of the mac_key.
|
||||
* It then computes the AES-128-CMAC of the mac_key_context and stores it in
|
||||
* the second half of the mac_key. These two keys will be stored until the
|
||||
* next call to LoadKeys.
|
||||
* it in secure memory as the encrypt_key.
|
||||
* It then computes two cycles of AES-128-CMAC of the mac_key_context and
|
||||
* stores it in the mac_key. These two keys will be stored until the next
|
||||
* call to LoadKeys.
|
||||
*
|
||||
* Parameters:
|
||||
* session (in) - crypto session identifier.
|
||||
@@ -301,6 +324,10 @@ OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session);
|
||||
* computing the encryption key.
|
||||
* enc_key_context_length (in) - length of the encryption key context data.
|
||||
*
|
||||
* Results:
|
||||
* mac_key: the 256 bit mac key is generated and stored in secure memory.
|
||||
* enc_key: the 128 bit encryption key is generated and stored in secure memory.
|
||||
*
|
||||
* Threading:
|
||||
* This function may be called simultaneously with functions on other sessions,
|
||||
* but not with other functions on this session.
|
||||
@@ -324,23 +351,18 @@ OEMCryptoResult OEMCrypto_GenerateDerivedKeys(
|
||||
*
|
||||
* Description:
|
||||
* Generates a 32-bit nonce to detect possible replay attack on the key
|
||||
* control block.
|
||||
* control block. The nonce is stored in secure memory and will be used
|
||||
* for the next call to LoadKeys.
|
||||
*
|
||||
* Refer to documents "OEMCrypto Changes for V2 License Protocol" and "Key
|
||||
* Control Block Definition" for details.
|
||||
*
|
||||
* XXX TODO: Verify design needs more than one nonce per session. If not,
|
||||
* I will add a comment saying only once nonce is stored. If so, I will add
|
||||
* a comment saying how many nonces needed. Nancy needs nine nonces, and Ned
|
||||
* never needs any.
|
||||
*
|
||||
* Parameters:
|
||||
* session (in) - crypto session identifier.
|
||||
* message (in) - pointer to memory containing message to be signed.
|
||||
* message_length (in) - length of the message.
|
||||
* signature (out) - pointer to memory to received the computed signature.
|
||||
* signature_length (in/out) - (in) length of the signature buffer.
|
||||
* (out) actual length of the signature
|
||||
* nonce (out) - pointer to memory to received the computed nonce.
|
||||
*
|
||||
* Results:
|
||||
* nonce: the nonce is also stored in secure memory.
|
||||
*
|
||||
* Threading:
|
||||
* This function may be called simultaneously with functions on other sessions,
|
||||
@@ -413,7 +435,7 @@ OEMCryptoResult OEMCrypto_GenerateSignature(
|
||||
* using the corresponding content key (AES-128-CBC) and the IV given in the
|
||||
* KeyObject.
|
||||
*
|
||||
* If any key's control block does have valid verification fields, return
|
||||
* If any key's control block does not have valid verification fields, return
|
||||
* OEMCrypto_ERROR_INVALID_CONTEXT and do not install any keys.
|
||||
*
|
||||
* If any key's control block requires a nonce, and the nonce in the control
|
||||
@@ -440,7 +462,7 @@ OEMCryptoResult OEMCrypto_GenerateSignature(
|
||||
* signature_length (in) - length of the signature.
|
||||
* enc_mac_key_iv (in) - IV for decrypting new mac_key. Size is 128 bits.
|
||||
* enc_mac_key (in) - encrypted mac_key for generating new mac_key. Size is
|
||||
* 128 bits.
|
||||
* 256 bits.
|
||||
* num_keys (in) - number of keys present.
|
||||
* key_array (in) - set of keys to be installed.
|
||||
*
|
||||
@@ -560,7 +582,8 @@ OEMCrypto_RefreshKeys(OEMCrypto_SESSION session,
|
||||
* OEMCrypto_ERROR_KEYBOX_INVALID cannot decrypt and read from Keybox
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
|
||||
const OEMCrypto_KeyID* key_id);
|
||||
const uint8_t* key_id,
|
||||
size_t key_id_length);
|
||||
|
||||
/*
|
||||
* OEMCrypto_DecryptCTR
|
||||
|
||||
Reference in New Issue
Block a user