af2ffca5fa
[ Merge of http://go/wvgerrit/192010 ] Updates the CDM to add support for DRM reprovisioning request creation. - Load the baked-in certificate for use as the client token. - Add functions to build and sign a drm reprovisioning request. - Update the Rikers L3 OEMCrypto implementation to support signing provisioning requests and getting embedded certificate. - Update client id token to handle DRM reprovisioning. - Add OEMCrypto function to load the baked-in device certificate in Rikers CDMs and stubs for non-Rikers CDMs. - Add dynamic adapter support for getting embedded device certificate only on L3. Bug: 305093063 Test: WVTS Change-Id: I9a0ecf95e27213b046f03baa0781fb164179323b
627 lines
32 KiB
C++
627 lines
32 KiB
C++
// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
|
|
// source code may only be used and distributed under the Widevine
|
|
// License Agreement.
|
|
|
|
/*********************************************************************
|
|
* level3.h
|
|
*
|
|
* Reference APIs needed to support Widevine's crypto algorithms.
|
|
*********************************************************************/
|
|
|
|
#ifndef LEVEL3_OEMCRYPTO_H_
|
|
#define LEVEL3_OEMCRYPTO_H_
|
|
|
|
#include <stddef.h>
|
|
#include <stdint.h>
|
|
|
|
#include "OEMCryptoCENC.h"
|
|
#include "level3_file_system.h"
|
|
|
|
// clang-format off
|
|
#ifdef DYNAMIC_ADAPTER
|
|
#define Level3_IsInApp _lcc00
|
|
#define Level3_Initialize _lcc01
|
|
#define Level3_Terminate _lcc02
|
|
#define Level3_InstallKeyboxOrOEMCert _lcc03
|
|
#define Level3_GetKeyData _lcc04
|
|
#define Level3_IsKeyboxOrOEMCertValid _lcc05
|
|
#define Level3_GetDeviceID _lcc07
|
|
#define Level3_WrapKeyboxOrOEMCert _lcc08
|
|
#define Level3_OpenSession _lcc09
|
|
#define Level3_CloseSession _lcc10
|
|
#define Level3_GenerateSignature _lcc13
|
|
#define Level3_GenerateNonce _lcc14
|
|
#define Level3_RewrapDeviceRSAKey _lcc18
|
|
#define Level3_LoadDeviceRSAKey _lcc19
|
|
#define Level3_DeriveKeysFromSessionKey _lcc21
|
|
#define Level3_APIVersion _lcc22
|
|
#define Level3_Generic_Encrypt_V17 _lcc24
|
|
#define Level3_Generic_Decrypt_V17 _lcc25
|
|
#define Level3_Generic_Sign_V17 _lcc26
|
|
#define Level3_Generic_Verify_V17 _lcc27
|
|
#define Level3_SupportsUsageTable _lcc29
|
|
#define Level3_ReportUsage _lcc32
|
|
#define Level3_GetMaxNumberOfSessions _lcc37
|
|
#define Level3_GetNumberOfOpenSessions _lcc38
|
|
#define Level3_IsAntiRollbackHwPresent _lcc39
|
|
#define Level3_QueryKeyControl _lcc41
|
|
#define Level3_GetHDCPCapability _lcc44
|
|
#define Level3_LoadTestRSAKey _lcc45
|
|
#define Level3_SecurityPatchLevel _lcc46
|
|
#define Level3_GetProvisioningMethod _lcc49
|
|
#define Level3_RewrapDeviceRSAKey30 _lcc51
|
|
#define Level3_SupportedCertificates _lcc52
|
|
#define Level3_IsSRMUpdateSupported _lcc53
|
|
#define Level3_GetCurrentSRMVersion _lcc54
|
|
#define Level3_LoadSRM _lcc55
|
|
#define Level3_RemoveSRM _lcc57
|
|
#define Level3_CreateUsageTableHeader _lcc61
|
|
#define Level3_LoadUsageTableHeader _lcc62
|
|
#define Level3_CreateNewUsageEntry _lcc63
|
|
#define Level3_LoadUsageEntry _lcc64
|
|
#define Level3_UpdateUsageEntry _lcc65
|
|
#define Level3_ShrinkUsageTableHeader _lcc67
|
|
#define Level3_MoveEntry _lcc68
|
|
#define Level3_GetAnalogOutputFlags _lcc71
|
|
#define Level3_LoadTestKeybox _lcc78
|
|
#define Level3_SelectKey _lcc81
|
|
#define Level3_LoadKeys _lcc83
|
|
#define Level3_SetSandbox _lcc84
|
|
#define Level3_ResourceRatingTier _lcc85
|
|
#define Level3_SupportsDecryptHash _lcc86
|
|
#define Level3_SetDecryptHash_V18 _lcc88
|
|
#define Level3_GetHashErrorCode _lcc89
|
|
#define Level3_RefreshKeys _lcc91
|
|
#define Level3_LoadEntitledContentKeys_V16 _lcc92
|
|
#define Level3_CopyBuffer _lcc93
|
|
#define Level3_MaximumUsageTableHeaderSize _lcc94
|
|
#define Level3_GenerateDerivedKeys _lcc95
|
|
#define Level3_PrepAndSignLicenseRequest _lcc96
|
|
#define Level3_PrepAndSignRenewalRequest _lcc97
|
|
#define Level3_PrepAndSignProvisioningRequest _lcc98
|
|
#define Level3_LoadLicense_V18 _lcc99
|
|
#define Level3_LoadRenewal _lcc101
|
|
#define Level3_LoadProvisioning_V18 _lcc102
|
|
#define Level3_LoadOEMPrivateKey _lcc103
|
|
#define Level3_GetOEMPublicCertificate _lcc104
|
|
#define Level3_DecryptCENC_V17 _lcc105
|
|
#define Level3_LoadDRMPrivateKey _lcc107
|
|
#define Level3_MinorAPIVersion _lcc108
|
|
#define Level3_AllocateSecureBuffer _lcc109
|
|
#define Level3_FreeSecureBuffer _lcc110
|
|
#define Level3_CreateEntitledKeySession _lcc111
|
|
#define Level3_RemoveEntitledKeySession _lcc112
|
|
#define Level3_GetBootCertificateChain _lcc116
|
|
#define Level3_GenerateCertificateKeyPair _lcc117
|
|
#define Level3_InstallOemPrivateKey _lcc118
|
|
#define Level3_ReassociateEntitledKeySession _lcc119
|
|
#define Level3_LoadCasECMKeys _lcc120
|
|
#define Level3_LoadEntitledContentKeys _lcc121 // place holder for v17.
|
|
#define Level3_ProductionReady _lcc122
|
|
#define Level3_Idle _lcc123
|
|
#define Level3_Wake _lcc124
|
|
#define Level3_BuildInformation _lcc125
|
|
#define Level3_SecurityLevel _lcc126
|
|
#define Level3_ReuseUsageEntry _lcc127
|
|
#define Level3_GetDTCP2Capability _lcc128
|
|
#define Level3_GetWatermarkingSupport _lcc129
|
|
#define Level3_GetOEMKeyToken _lcc130
|
|
#define Level3_GetDeviceInformation _lcc131
|
|
#define Level3_SetMaxAPIVersion _lcc132
|
|
#define Level3_GetKeyHandle _lcc133
|
|
#define Level3_DecryptCENC _lcc134
|
|
#define Level3_Generic_Encrypt _lcc135
|
|
#define Level3_Generic_Decrypt _lcc136
|
|
#define Level3_Generic_Sign _lcc137
|
|
#define Level3_Generic_Verify _lcc138
|
|
#define Level3_GetSignatureHashAlgorithm _lcc139
|
|
#define Level3_EnterTestMode _lcc140
|
|
#define Level3_GetDeviceSignedCsrPayload _lcc141
|
|
#define Level3_SetDecryptHash _lcc143
|
|
#define Level3_LoadLicense _lcc144
|
|
#define Level3_LoadProvisioning _lcc145
|
|
#define Level3_LoadProvisioningCast _lcc146
|
|
#define Level3_PrepAndSignReleaseRequest _lcc147
|
|
#define Level3_GetUsageEntryInfo _lcc148
|
|
#define Level3_GetBCCType _lcc149
|
|
#define Level3_LoadRelease _lcc150
|
|
#define Level3_GetEmbeddedDrmCertificate _lcc151
|
|
#else
|
|
#define Level3_Initialize _oecc01
|
|
#define Level3_Terminate _oecc02
|
|
#define Level3_InstallKeyboxOrOEMCert _oecc03
|
|
#define Level3_GetKeyData _oecc04
|
|
#define Level3_IsKeyboxOrOEMCertValid _oecc05
|
|
#define Level3_GetDeviceID _oecc07
|
|
#define Level3_WrapKeyboxOrOEMCert _oecc08
|
|
#define Level3_OpenSession _oecc09
|
|
#define Level3_CloseSession _oecc10
|
|
#define Level3_GenerateSignature _oecc13
|
|
#define Level3_GenerateNonce _oecc14
|
|
#define Level3_RewrapDeviceRSAKey _oecc18
|
|
#define Level3_LoadDeviceRSAKey _oecc19
|
|
#define Level3_DeriveKeysFromSessionKey _oecc21
|
|
#define Level3_APIVersion _oecc22
|
|
#define Level3_Generic_Encrypt_V17 _oecc24
|
|
#define Level3_Generic_Decrypt_V17 _oecc25
|
|
#define Level3_Generic_Sign_V17 _oecc26
|
|
#define Level3_Generic_Verify_V17 _oecc27
|
|
#define Level3_SupportsUsageTable _oecc29
|
|
#define Level3_ReportUsage _oecc32
|
|
#define Level3_GenerateRSASignature _oecc36
|
|
#define Level3_GetMaxNumberOfSessions _oecc37
|
|
#define Level3_GetNumberOfOpenSessions _oecc38
|
|
#define Level3_IsAntiRollbackHwPresent _oecc39
|
|
#define Level3_QueryKeyControl _oecc41
|
|
#define Level3_GetHDCPCapability _oecc44
|
|
#define Level3_LoadTestRSAKey _oecc45
|
|
#define Level3_SecurityPatchLevel _oecc46
|
|
#define Level3_GetProvisioningMethod _oecc49
|
|
#define Level3_RewrapDeviceRSAKey30 _oecc51
|
|
#define Level3_SupportedCertificates _oecc52
|
|
#define Level3_IsSRMUpdateSupported _oecc53
|
|
#define Level3_GetCurrentSRMVersion _oecc54
|
|
#define Level3_LoadSRM _oecc55
|
|
#define Level3_RemoveSRM _oecc57
|
|
#define Level3_CreateUsageTableHeader _oecc61
|
|
#define Level3_LoadUsageTableHeader _oecc62
|
|
#define Level3_CreateNewUsageEntry _oecc63
|
|
#define Level3_LoadUsageEntry _oecc64
|
|
#define Level3_UpdateUsageEntry _oecc65
|
|
#define Level3_DeactivateUsageEntry _oecc66
|
|
#define Level3_ShrinkUsageTableHeader _oecc67
|
|
#define Level3_MoveEntry _oecc68
|
|
#define Level3_GetAnalogOutputFlags _oecc71
|
|
#define Level3_LoadTestKeybox _oecc78
|
|
#define Level3_SelectKey _oecc81
|
|
#define Level3_LoadKeys _oecc83
|
|
#define Level3_SetSandbox _oecc84
|
|
#define Level3_ResourceRatingTier _oecc85
|
|
#define Level3_SupportsDecryptHash _oecc86
|
|
#define Level3_SetDecryptHash_V18 _oecc88
|
|
#define Level3_GetHashErrorCode _oecc89
|
|
#define Level3_RefreshKeys _oecc91
|
|
#define Level3_LoadEntitledContentKeys_V16 _oecc92
|
|
#define Level3_CopyBuffer _oecc93
|
|
#define Level3_MaximumUsageTableHeaderSize _oecc94
|
|
#define Level3_GenerateDerivedKeys _oecc95
|
|
#define Level3_PrepAndSignLicenseRequest _oecc96
|
|
#define Level3_PrepAndSignRenewalRequest _oecc97
|
|
#define Level3_PrepAndSignProvisioningRequest _oecc98
|
|
#define Level3_LoadLicense_V18 _oecc99
|
|
#define Level3_LoadRenewal _oecc101
|
|
#define Level3_LoadProvisioning_V18 _oecc102
|
|
#define Level3_LoadOEMPrivateKey _oecc103
|
|
#define Level3_GetOEMPublicCertificate _oecc104
|
|
#define Level3_DecryptCENC_V17 _oecc105
|
|
#define Level3_LoadDRMPrivateKey _oecc107
|
|
#define Level3_MinorAPIVersion _oecc108
|
|
#define Level3_AllocateSecureBuffer _oecc109
|
|
#define Level3_FreeSecureBuffer _oecc110
|
|
#define Level3_CreateEntitledKeySession _oecc111
|
|
#define Level3_RemoveEntitledKeySession _oecc112
|
|
#define Level3_GetBootCertificateChain _oecc116
|
|
#define Level3_GenerateCertificateKeyPair _oecc117
|
|
#define Level3_InstallOemPrivateKey _oecc118
|
|
#define Level3_ReassociateEntitledKeySession _oecc119
|
|
#define Level3_LoadCasECMKeys _oecc120
|
|
#define Level3_LoadEntitledContentKeys _oecc121 // place holder for v17.
|
|
#define Level3_ProductionReady _oecc122
|
|
#define Level3_Idle _oecc123
|
|
#define Level3_Wake _oecc124
|
|
#define Level3_BuildInformation _oecc125
|
|
#define Level3_SecurityLevel _oecc126
|
|
#define Level3_ReuseUsageEntry _oecc127
|
|
#define Level3_GetDTCP2Capability _oecc128
|
|
#define Level3_GetWatermarkingSupport _oecc129
|
|
#define Level3_GetOEMKeyToken _oecc130
|
|
#define Level3_GetDeviceInformation _oecc131
|
|
#define Level3_SetMaxAPIVersion _oecc132
|
|
#define Level3_GetKeyHandle _oecc133
|
|
#define Level3_DecryptCENC _oecc134
|
|
#define Level3_Generic_Encrypt _oecc135
|
|
#define Level3_Generic_Decrypt _oecc136
|
|
#define Level3_Generic_Sign _oecc137
|
|
#define Level3_Generic_Verify _oecc138
|
|
#define Level3_GetSignatureHashAlgorithm _oecc139
|
|
#define Level3_EnterTestMode _oecc140
|
|
#define Level3_GetDeviceSignedCsrPayload _oecc141
|
|
#define Level3_SetDecryptHash _oecc143
|
|
#define Level3_LoadLicense _oecc144
|
|
#define Level3_LoadProvisioning _oecc145
|
|
#define Level3_LoadProvisioningCast _oecc146
|
|
#define Level3_PrepAndSignReleaseRequest _oecc147
|
|
#define Level3_GetUsageEntryInfo _oecc148
|
|
#define Level3_GetBCCType _oecc149
|
|
#define Level3_LoadRelease _oecc150
|
|
// Internal-only.
|
|
#define Level3_GetEmbeddedDrmCertificate _oecc151
|
|
#endif
|
|
|
|
#define Level3_GetInitializationState _oecl3o01
|
|
// clang-format on
|
|
|
|
extern "C" {
|
|
|
|
bool Level3_IsInApp();
|
|
OEMCryptoResult Level3_Initialize(void);
|
|
OEMCryptoResult Level3_Terminate(void);
|
|
OEMCryptoResult Level3_OpenSession(OEMCrypto_SESSION* session);
|
|
OEMCryptoResult Level3_CloseSession(OEMCrypto_SESSION session);
|
|
OEMCryptoResult Level3_GenerateDerivedKeys(OEMCrypto_SESSION session,
|
|
const uint8_t* mac_key_context,
|
|
size_t mac_key_context_length,
|
|
const uint8_t* enc_key_context,
|
|
size_t enc_key_context_length);
|
|
OEMCryptoResult Level3_GenerateNonce(OEMCrypto_SESSION session,
|
|
uint32_t* nonce);
|
|
OEMCryptoResult Level3_QueryKeyControl(OEMCrypto_SESSION session,
|
|
const uint8_t* key_id,
|
|
size_t key_id_length,
|
|
uint8_t* key_control_block,
|
|
size_t* key_control_block_length);
|
|
OEMCryptoResult Level3_DecryptCENC_V17(
|
|
OEMCrypto_SESSION session, const OEMCrypto_SampleDescription* samples,
|
|
size_t samples_length, const OEMCrypto_CENCEncryptPatternDesc* pattern);
|
|
OEMCryptoResult Level3_InstallKeyboxOrOEMCert(const uint8_t* rot,
|
|
size_t rotLength);
|
|
OEMCryptoResult Level3_IsKeyboxOrOEMCertValid(void);
|
|
OEMCryptoResult Level3_WrapKeyboxOrOEMCert(const uint8_t* rot, size_t rotLength,
|
|
uint8_t* wrappedRot,
|
|
size_t* wrappedRotLength,
|
|
const uint8_t* transportKey,
|
|
size_t transportKeyLength);
|
|
OEMCrypto_ProvisioningMethod Level3_GetProvisioningMethod();
|
|
OEMCryptoResult Level3_GetOEMPublicCertificate(uint8_t* public_cert,
|
|
size_t* public_cert_length);
|
|
OEMCryptoResult Level3_GetDeviceID(uint8_t* deviceID, size_t* idLength);
|
|
OEMCryptoResult Level3_GetKeyData(uint8_t* keyData, size_t* keyDataLength);
|
|
OEMCryptoResult Level3_LoadOEMPrivateKey(OEMCrypto_SESSION session);
|
|
OEMCryptoResult Level3_LoadDRMPrivateKey(OEMCrypto_SESSION session,
|
|
OEMCrypto_PrivateKeyType key_type,
|
|
const uint8_t* wrapped_rsa_key,
|
|
size_t wrapped_rsa_key_length);
|
|
OEMCryptoResult Level3_LoadProvisioning_V18(
|
|
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
|
|
size_t core_message_length, const uint8_t* signature,
|
|
size_t signature_length, uint8_t* wrapped_private_key,
|
|
size_t* wrapped_private_key_length);
|
|
OEMCryptoResult Level3_RewrapDeviceRSAKey(
|
|
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
|
|
const uint8_t* signature, size_t signature_length, const uint32_t* nonce,
|
|
const uint8_t* enc_rsa_key, size_t enc_rsa_key_length,
|
|
const uint8_t* enc_rsa_key_iv, uint8_t* wrapped_rsa_key,
|
|
size_t* wrapped_rsa_key_length);
|
|
OEMCryptoResult Level3_LoadTestRSAKey();
|
|
OEMCryptoResult Level3_GenerateRSASignature(OEMCrypto_SESSION session,
|
|
const uint8_t* message,
|
|
size_t message_length,
|
|
uint8_t* signature,
|
|
size_t* signature_length,
|
|
RSA_Padding_Scheme padding_scheme);
|
|
OEMCryptoResult Level3_DeriveKeysFromSessionKey(OEMCrypto_SESSION session,
|
|
const uint8_t* enc_session_key,
|
|
size_t enc_session_key_length,
|
|
const uint8_t* mac_key_context,
|
|
size_t mac_key_context_length,
|
|
const uint8_t* enc_key_context,
|
|
size_t enc_key_context_length);
|
|
uint32_t Level3_APIVersion();
|
|
uint32_t Level3_MinorAPIVersion();
|
|
uint8_t Level3_SecurityPatchLevel();
|
|
OEMCrypto_Security_Level Level3_SecurityLevel();
|
|
OEMCryptoResult Level3_GetHDCPCapability(OEMCrypto_HDCP_Capability* current,
|
|
OEMCrypto_HDCP_Capability* maximum);
|
|
bool Level3_SupportsUsageTable();
|
|
bool Level3_IsAntiRollbackHwPresent();
|
|
OEMCryptoResult Level3_GetNumberOfOpenSessions(size_t* count);
|
|
OEMCryptoResult Level3_GetMaxNumberOfSessions(size_t* maximum);
|
|
uint32_t Level3_SupportedCertificates();
|
|
OEMCryptoResult Level3_Generic_Encrypt_V17(
|
|
OEMCrypto_SESSION session, const uint8_t* in_buffer, size_t buffer_length,
|
|
const uint8_t* iv, OEMCrypto_Algorithm algorithm, uint8_t* out_buffer);
|
|
OEMCryptoResult Level3_Generic_Decrypt_V17(
|
|
OEMCrypto_SESSION session, const uint8_t* in_buffer, size_t buffer_length,
|
|
const uint8_t* iv, OEMCrypto_Algorithm algorithm, uint8_t* out_buffer);
|
|
OEMCryptoResult Level3_Generic_Sign_V17(OEMCrypto_SESSION session,
|
|
const uint8_t* in_buffer,
|
|
size_t buffer_length,
|
|
OEMCrypto_Algorithm algorithm,
|
|
uint8_t* signature,
|
|
size_t* signature_length);
|
|
OEMCryptoResult Level3_Generic_Verify_V17(OEMCrypto_SESSION session,
|
|
const uint8_t* in_buffer,
|
|
size_t buffer_length,
|
|
OEMCrypto_Algorithm algorithm,
|
|
const uint8_t* signature,
|
|
size_t signature_length);
|
|
OEMCryptoResult Level3_DeactivateUsageEntry(OEMCrypto_SESSION session,
|
|
const uint8_t* pst,
|
|
size_t pst_length);
|
|
OEMCryptoResult Level3_ReportUsage(OEMCrypto_SESSION session,
|
|
const uint8_t* pst, size_t pst_length,
|
|
uint8_t* buffer, size_t* buffer_length);
|
|
bool Level3_IsSRMUpdateSupported();
|
|
OEMCryptoResult Level3_GetCurrentSRMVersion(uint16_t* version);
|
|
OEMCryptoResult Level3_LoadSRM(const uint8_t* buffer, size_t buffer_length);
|
|
OEMCryptoResult Level3_RemoveSRM();
|
|
OEMCryptoResult Level3_CreateUsageTableHeader(uint8_t* header_buffer,
|
|
size_t* header_buffer_length);
|
|
OEMCryptoResult Level3_LoadUsageTableHeader(const uint8_t* buffer,
|
|
size_t buffer_length);
|
|
OEMCryptoResult Level3_CreateNewUsageEntry(OEMCrypto_SESSION session,
|
|
uint32_t* usage_entry_number);
|
|
OEMCryptoResult Level3_LoadUsageEntry(OEMCrypto_SESSION session, uint32_t index,
|
|
const uint8_t* buffer,
|
|
size_t buffer_size);
|
|
OEMCryptoResult Level3_UpdateUsageEntry(OEMCrypto_SESSION session,
|
|
uint8_t* header_buffer,
|
|
size_t* header_buffer_length,
|
|
uint8_t* entry_buffer,
|
|
size_t* entry_buffer_length);
|
|
OEMCryptoResult Level3_ShrinkUsageTableHeader(uint32_t new_table_size,
|
|
uint8_t* header_buffer,
|
|
size_t* header_buffer_length);
|
|
OEMCryptoResult Level3_MoveEntry(OEMCrypto_SESSION session, uint32_t new_index);
|
|
uint32_t Level3_GetAnalogOutputFlags();
|
|
OEMCryptoResult Level3_LoadTestKeybox(const uint8_t* buffer, size_t length);
|
|
OEMCryptoResult Level3_SelectKey(const OEMCrypto_SESSION session,
|
|
const uint8_t* key_id, size_t key_id_length,
|
|
OEMCryptoCipherMode cipher_mode);
|
|
OEMCryptoResult Level3_LoadLicense_V18(OEMCrypto_SESSION session,
|
|
const uint8_t* message,
|
|
size_t message_length,
|
|
size_t core_message_length,
|
|
const uint8_t* signature,
|
|
size_t signature_length);
|
|
OEMCryptoResult Level3_LoadKeys(
|
|
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
|
|
const uint8_t* signature, size_t signature_length,
|
|
OEMCrypto_Substring enc_mac_keys_iv, OEMCrypto_Substring enc_mac_keys,
|
|
size_t num_keys, const OEMCrypto_KeyObject* key_array,
|
|
OEMCrypto_Substring pst, OEMCrypto_Substring srm_restriction_data,
|
|
OEMCrypto_LicenseType license_type);
|
|
OEMCryptoResult Level3_SetSandbox(const uint8_t* sandbox_id,
|
|
size_t sandbox_id_length);
|
|
uint32_t Level3_ResourceRatingTier();
|
|
uint32_t Level3_SupportsDecryptHash();
|
|
|
|
OEMCryptoResult Level3_SetDecryptHash(OEMCrypto_SESSION session,
|
|
uint32_t frame_number, uint32_t crc32);
|
|
OEMCryptoResult Level3_SetDecryptHash_V18(OEMCrypto_SESSION session,
|
|
uint32_t frame_number,
|
|
const uint8_t* hash,
|
|
size_t hash_length);
|
|
OEMCryptoResult Level3_GetHashErrorCode(OEMCrypto_SESSION session,
|
|
uint32_t* failed_frame_number);
|
|
OEMCryptoResult Level3_BuildInformation(char* buffer, size_t* buffer_length);
|
|
OEMCryptoResult Level3_LoadRenewal(OEMCrypto_SESSION session,
|
|
const uint8_t* message,
|
|
size_t message_length,
|
|
size_t core_message_length,
|
|
const uint8_t* signature,
|
|
size_t signature_length);
|
|
OEMCryptoResult Level3_RefreshKeys(OEMCrypto_SESSION session,
|
|
const uint8_t* message,
|
|
size_t message_length,
|
|
const uint8_t* signature,
|
|
size_t signature_length, size_t num_keys,
|
|
const OEMCrypto_KeyRefreshObject* key_array);
|
|
OEMCryptoResult Level3_LoadEntitledContentKeys(
|
|
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
|
|
size_t num_keys, const OEMCrypto_EntitledContentKeyObject* key_array);
|
|
OEMCryptoResult Level3_CopyBuffer(
|
|
OEMCrypto_SESSION session, const uint8_t* data_addr, size_t data_length,
|
|
const OEMCrypto_DestBufferDesc* out_buffer_descriptor,
|
|
uint8_t subsample_flags);
|
|
OEMCryptoResult Level3_PrepAndSignProvisioningRequest(
|
|
OEMCrypto_SESSION session, uint8_t* message, size_t message_length,
|
|
size_t* core_message_length, uint8_t* signature, size_t* signature_length);
|
|
OEMCryptoResult Level3_PrepAndSignLicenseRequest(
|
|
OEMCrypto_SESSION session, uint8_t* message, size_t message_length,
|
|
size_t* core_message_length, uint8_t* signature, size_t* signature_length);
|
|
OEMCryptoResult Level3_PrepAndSignRenewalRequest(
|
|
OEMCrypto_SESSION session, uint8_t* message, size_t message_length,
|
|
size_t* core_message_length, uint8_t* signature, size_t* signature_length);
|
|
size_t Level3_MaximumUsageTableHeaderSize();
|
|
OEMCryptoResult Level3_AllocateSecureBuffer(
|
|
OEMCrypto_SESSION session, size_t buffer_size,
|
|
OEMCrypto_DestBufferDesc* output_descriptor, int* secure_fd);
|
|
OEMCryptoResult Level3_FreeSecureBuffer(
|
|
OEMCrypto_SESSION session, OEMCrypto_DestBufferDesc* output_descriptor,
|
|
int secure_fd);
|
|
OEMCryptoResult Level3_CreateEntitledKeySession(OEMCrypto_SESSION oec_session,
|
|
OEMCrypto_SESSION* key_session);
|
|
OEMCryptoResult Level3_RemoveEntitledKeySession(OEMCrypto_SESSION key_session);
|
|
OEMCryptoResult Level3_GetBootCertificateChain(
|
|
uint8_t* bcc, size_t* bcc_size, uint8_t* additional_signature,
|
|
size_t* additional_signature_size);
|
|
OEMCryptoResult Level3_GenerateCertificateKeyPair(
|
|
OEMCrypto_SESSION session, uint8_t* public_key, size_t* public_key_size,
|
|
uint8_t* public_key_signature, size_t* public_key_signature_size,
|
|
uint8_t* wrapped_private_key, size_t* wrapped_private_key_size,
|
|
OEMCrypto_PrivateKeyType* key_type);
|
|
OEMCryptoResult Level3_InstallOemPrivateKey(OEMCrypto_SESSION session,
|
|
OEMCrypto_PrivateKeyType key_type,
|
|
const uint8_t* wrapped_private_key,
|
|
size_t wrapped_private_key_length);
|
|
OEMCryptoResult Level3_ReassociateEntitledKeySession(
|
|
OEMCrypto_SESSION key_session, OEMCrypto_SESSION oec_session);
|
|
OEMCryptoResult Level3_LoadCasECMKeys(
|
|
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
|
|
const OEMCrypto_EntitledContentKeyObject* even_key,
|
|
const OEMCrypto_EntitledContentKeyObject* odd_key);
|
|
OEMCryptoResult Level3_ProductionReady();
|
|
OEMCryptoResult Level3_Idle(OEMCrypto_IdleState state,
|
|
uint32_t os_specific_code);
|
|
OEMCryptoResult Level3_Wake();
|
|
OEMCryptoResult Level3_ReuseUsageEntry(OEMCrypto_SESSION session,
|
|
uint32_t usage_entry_number);
|
|
OEMCryptoResult Level3_GetDTCP2Capability(
|
|
OEMCrypto_DTCP2_Capability* capability);
|
|
OEMCrypto_WatermarkingSupport Level3_GetWatermarkingSupport();
|
|
OEMCryptoResult Level3_GetOEMKeyToken(OEMCrypto_SESSION key_session,
|
|
uint8_t* key_token,
|
|
size_t* key_token_length);
|
|
OEMCryptoResult Level3_GetDeviceInformation(uint8_t* device_info,
|
|
size_t* device_info_length);
|
|
OEMCryptoResult Level3_GetDeviceSignedCsrPayload(
|
|
const uint8_t* challenge, size_t challenge_length,
|
|
const uint8_t* encoded_device_info, size_t encoded_device_info_length,
|
|
uint8_t* signed_csr_payload, size_t* signed_csr_payload_length);
|
|
OEMCryptoResult Level3_SetMaxAPIVersion(uint32_t max_version);
|
|
OEMCryptoResult Level3_GetKeyHandle(OEMCrypto_SESSION session,
|
|
const uint8_t* content_key_id,
|
|
size_t content_key_id_length,
|
|
OEMCryptoCipherMode cipher_mode,
|
|
uint8_t* key_handle,
|
|
size_t* key_handle_length);
|
|
OEMCryptoResult Level3_DecryptCENC(
|
|
const uint8_t* key_handle, size_t key_handle_length,
|
|
const OEMCrypto_SampleDescription* samples, size_t samples_length,
|
|
const OEMCrypto_CENCEncryptPatternDesc* pattern);
|
|
OEMCryptoResult Level3_Generic_Encrypt(const uint8_t* key_handle,
|
|
size_t key_handle_length,
|
|
const OEMCrypto_SharedMemory* in_buffer,
|
|
size_t in_buffer_length,
|
|
const uint8_t* iv,
|
|
OEMCrypto_Algorithm algorithm,
|
|
OEMCrypto_SharedMemory* out_buffer);
|
|
OEMCryptoResult Level3_Generic_Decrypt(const uint8_t* key_handle,
|
|
size_t key_handle_length,
|
|
const OEMCrypto_SharedMemory* in_buffer,
|
|
size_t in_buffer_length,
|
|
const uint8_t* iv,
|
|
OEMCrypto_Algorithm algorithm,
|
|
OEMCrypto_SharedMemory* out_buffer);
|
|
OEMCryptoResult Level3_Generic_Sign(const uint8_t* key_handle,
|
|
size_t key_handle_length,
|
|
const OEMCrypto_SharedMemory* buffer,
|
|
size_t buffer_length,
|
|
OEMCrypto_Algorithm algorithm,
|
|
OEMCrypto_SharedMemory* signature,
|
|
size_t* signature_length);
|
|
OEMCryptoResult Level3_Generic_Verify(const uint8_t* key_handle,
|
|
size_t key_handle_length,
|
|
const OEMCrypto_SharedMemory* buffer,
|
|
size_t buffer_length,
|
|
OEMCrypto_Algorithm algorithm,
|
|
const OEMCrypto_SharedMemory* signature,
|
|
size_t signature_length);
|
|
OEMCryptoResult Level3_GetSignatureHashAlgorithm(
|
|
OEMCrypto_SESSION session, OEMCrypto_SignatureHashAlgorithm* algorithm);
|
|
OEMCryptoResult Level3_EnterTestMode(void);
|
|
OEMCryptoResult Level3_LoadLicense(
|
|
OEMCrypto_SESSION session, const uint8_t* context, size_t context_length,
|
|
const uint8_t* derivation_key, size_t derivation_key_length,
|
|
const uint8_t* message, size_t message_length, size_t core_message_length,
|
|
const uint8_t* signature, size_t signature_length);
|
|
OEMCryptoResult Level3_LoadProvisioning(
|
|
OEMCrypto_SESSION session, const uint8_t* provision_request,
|
|
size_t provision_request_length, const uint8_t* message,
|
|
size_t message_length, size_t core_message_length, const uint8_t* signature,
|
|
size_t signature_length, uint8_t* wrapped_private_key,
|
|
size_t* wrapped_private_key_length);
|
|
OEMCryptoResult Level3_LoadProvisioningCast(
|
|
OEMCrypto_SESSION session, const uint8_t* derivation_key,
|
|
size_t derivation_key_length, const uint8_t* provision_request,
|
|
size_t provision_request_length, const uint8_t* message,
|
|
size_t message_length, size_t core_message_length, const uint8_t* signature,
|
|
size_t signature_length, uint8_t* wrapped_private_key,
|
|
size_t* wrapped_private_key_length);
|
|
OEMCryptoResult Level3_GetBCCType(OEMCrypto_BCCType* bcc_type);
|
|
OEMCryptoResult Level3_GetEmbeddedDrmCertificate(uint8_t* public_cert,
|
|
size_t* public_cert_length);
|
|
|
|
// The following are specific to Google's Level 3 implementation and are not
|
|
// required.
|
|
|
|
enum Level3InitializationState {
|
|
LEVEL3_INITIALIZATION_SUCCESS = 0,
|
|
LEVEL3_INITIALIZATION_UNKNOWN_FAILURE = 1,
|
|
LEVEL3_SEED_FAILURE = 2,
|
|
LEVEL3_SAVE_DEVICE_KEYS_FAILURE = 3,
|
|
LEVEL3_READ_DEVICE_KEYS_FAILURE = 4,
|
|
LEVEL3_VERIFY_DEVICE_KEYS_FAILURE = 5,
|
|
};
|
|
|
|
/*
|
|
* Level3_GetInitializationState
|
|
*
|
|
* Description:
|
|
* Return any warning or error condition which occurred during
|
|
* initialization. On some platforms, this value will be logged and metrics
|
|
* will be gathered on production devices. This is an optional feature, and
|
|
* OEMCrypto may always return 0, even if Level3_Initialize failed. This
|
|
* function may be called whether Level3_Initialize succeeded or not.
|
|
*
|
|
* Parameters:
|
|
* N/A
|
|
*
|
|
* Threading:
|
|
* No other function calls will be made while this function is running.
|
|
*
|
|
* Returns:
|
|
* LEVEL3_INITIALIZATION_SUCCESS - no warnings or errors during initialization
|
|
* LEVEL3_SEED_FAILURE - error in seeding the software RNG
|
|
* LEVEL3_SAVE_DEVICE_KEYS_FAILURE - failed to save device keys to file system
|
|
* LEVEL3_READ_DEVICE_KEYS_FAILURE - failed to read device keys from file
|
|
* system
|
|
* LEVEL3_VERIFY_DEVICE_KEYS_FAILURE - failed to verify decrypted device keys
|
|
*
|
|
* Version:
|
|
* This method is new in API version 14.
|
|
*/
|
|
Level3InitializationState Level3_GetInitializationState(void);
|
|
|
|
/*
|
|
* Level3_OutputErrorLogs
|
|
*
|
|
* Description:
|
|
* Call to output any errors in the Level 3 execution if the Level 3 has
|
|
* failed. This method should only be called if the Level 3 has failed in
|
|
* an unrecoverable state, and needs to be reinitialized.
|
|
*
|
|
* Parameters:
|
|
* N/A
|
|
*
|
|
* Threading:
|
|
* No other function calls will be made while this function is running.
|
|
*
|
|
* Returns:
|
|
* N/A
|
|
*
|
|
* Version:
|
|
* This method is new in API version 15.
|
|
*/
|
|
void Level3_OutputErrorLogs();
|
|
|
|
} // extern "C"
|
|
|
|
namespace wvoec3 {
|
|
|
|
// The following are interfaces needed for Google's Level 3 OEMCrypto
|
|
// specifically, which partners are expected to implement.
|
|
|
|
// Returns a stable, unique identifier for the device. This could be a
|
|
// serial number or any other character sequence representing that device.
|
|
// The parameter |len| needs to be changed to reflect the length of the
|
|
// unique identifier.
|
|
const char* getUniqueID(size_t* len);
|
|
|
|
// Returns a 64-bit unsigned integer to be used as a random seed for RNG.
|
|
// If the operation is unsuccessful, this function returns 0.
|
|
// We provide a sample implementation under the name generate_entropy_linux.cpp
|
|
// which partners should use if they can.
|
|
uint64_t generate_entropy();
|
|
|
|
// Creates and returns an OEMCrypto_Level3FileSystem implementation.
|
|
OEMCrypto_Level3FileSystem* createLevel3FileSystem();
|
|
|
|
// Deletes the pointer retrieved by the function above.
|
|
void deleteLevel3FileSystem(OEMCrypto_Level3FileSystem* file_system);
|
|
|
|
} // namespace wvoec3
|
|
|
|
#endif // LEVEL3_OEMCRYPTO_H_
|