Source release 18.6.0

oemcrypto/include/OEMCryptoCENC.h

@@ -3,7 +3,7 @@
 // License Agreement.
 
 /**
- * @mainpage OEMCrypto API v18.5
+ * @mainpage OEMCrypto API v18.6
  *
  * OEMCrypto is the low level library implemented by the OEM to provide key and
  * content protection, usually in a separate secure memory or process space. The
@@ -719,6 +719,8 @@ typedef enum OEMCrypto_SignatureHashAlgorithm {
 #define OEMCrypto_FactoryInstallBCCSignature  _oecc142
 #define OEMCrypto_GetEmbeddedDrmCertificate   _oecc143
 #define OEMCrypto_UseSecondaryKey             _oecc144
+#define OEMCrypto_MarkOfflineSession          _oecc153
+#define OEMCrypto_WrapClearPrivateKey         _oecc154
 // clang-format on
 
 /// @addtogroup initcontrol
@@ -3140,6 +3142,51 @@ OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(void);
 OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* device_id,
                                       size_t* device_id_length);
 
+/**
+ * Encrypts a clear device RSA/ECC key with an internal key (such as the OEM
+ * key or Widevine Keybox key) and a generated IV using AES-128-CBC with PKCS#5
+ * padding.
+ *
+ * Copies the wrapped key to the buffer specified by |wrapped_private_key| and
+ * sets the size of the wrapped key to |wrapped_private_key_length|.
+ *
+ * The clear private key is encoded in PKCS#8 binary DER format. The OEMCrypto
+ * library shall verify that this RSA key is valid.
+ *
+ * The clear key should be encrypted using the same device specific key used in
+ * OEMCrypto_LoadProvisioning. The wrapped private key will be unwrapped in the
+ * function OEMCrypto_LoadDRMPrivateKey.
+ *
+ * This function should only be implemented for factory builds.
+ *
+ * @param[in] clear_private_key_bytes: pointer to memory containing the
+ *     unencrypted private key data.
+ * @param[in] clear_private_key_length: the length of the private key data.
+ * @param[out] wrapped_private_key: pointer to buffer in which the encrypted
+ *     private key should be stored. May be null on the first call in order to
+ *     find required buffer size.
+ * @param[in,out] wrapped_private_key_length: (in) length of the encrypted
+ *     private key, in bytes. (out) actual length of the encrypted private key,
+ *     or required length if provided length is too small.
+ *
+ * @retval OEMCrypto_SUCCESS on success
+ * @retval OEMCrypto_ERROR_INVALID_CONTEXT clear_private_key_bytes is NULL, or
+ *         clear private key fails to parse as PKCS#8
+ * @retval OEMCrypto_ERROR_SHORT_BUFFER wrapped_private_key_length is too small,
+ *         or wrapped_private_key is NULL
+ *
+ * @threading
+ *   This is an "Initialization and Termination Function" and will not be
+ *   called simultaneously with any other function, as if the CDM holds a write
+ *   lock on the OEMCrypto system.
+ *
+ * @version
+ *   This method is new in API version 18.6.
+ */
+OEMCryptoResult OEMCrypto_WrapClearPrivateKey(
+    const uint8_t* clear_private_key_bytes, size_t clear_private_key_length,
+    uint8_t* wrapped_private_key, size_t* wrapped_private_key_length);
+
 /// @}
 
 /// @addtogroup keybox
@@ -5871,11 +5918,28 @@ OEMCryptoResult OEMCrypto_GetEmbeddedDrmCertificate(uint8_t* public_cert,
  *
  * @ignore
  * @retval OEMCrypto_SUCCESS on success
+ * @retval OEMCrypto_ERROR_INVALID_SESSION
+ * @retval OEMCrypto_ERROR_SESSION_STATE_LOST
+ * @retval OEMCrypto_ERROR_SYSTEM_INVALIDATED
  * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
  */
 OEMCryptoResult OEMCrypto_UseSecondaryKey(OEMCrypto_SESSION session_id,
                                           bool dual_key);
 
+/**
+ * Marks the given session as being used for existing offline licenses.
+ *
+ * @param[in] session: session id for operation.
+ *
+ * @ignore
+ * @retval OEMCrypto_SUCCESS on success
+ * @retval OEMCrypto_ERROR_INVALID_SESSION
+ * @retval OEMCrypto_ERROR_SESSION_STATE_LOST
+ * @retval OEMCrypto_ERROR_SYSTEM_INVALIDATED
+ * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
+ */
+OEMCryptoResult OEMCrypto_MarkOfflineSession(OEMCrypto_SESSION session);
+
 #ifdef __cplusplus
 }
 #endif