Source release 19.4.0
This commit is contained in:
Vicky Min
@@ -3,7 +3,7 @@
|
||||
// License Agreement.
|
||||
|
||||
/**
|
||||
* @mainpage OEMCrypto API v19.3
|
||||
* @mainpage OEMCrypto API v19.4
|
||||
*
|
||||
* OEMCrypto is the low level library implemented by the OEM to provide key and
|
||||
* content protection, usually in a separate secure memory or process space. The
|
||||
@@ -527,6 +527,7 @@ typedef enum OEMCrypto_ProvisioningMethod {
|
||||
|
||||
/**
|
||||
Return value for OEMCrypto_GetBCCType().
|
||||
Provisioning 4.0 only.
|
||||
*/
|
||||
typedef enum OEMCrypto_BCCType {
|
||||
// Boot certificate chain in CBOR format.
|
||||
@@ -535,6 +536,21 @@ typedef enum OEMCrypto_BCCType {
|
||||
OEMCrypto_X509 = 1,
|
||||
} OEMCrypto_BCCType;
|
||||
|
||||
/**
|
||||
Return value for OEMCrypto_GetBCCSignatureType().
|
||||
Provisioning 4.0 only.
|
||||
*/
|
||||
typedef enum OEMCrypto_BCCSignatureType {
|
||||
// BCC signature is not supported.
|
||||
OEMCrypto_BCCSigType_Unknown = 0,
|
||||
// CBOR format used by the Provisioning 4.0 phase 3 uploading model.
|
||||
OEMCrypto_BCCSigType_CBOR = 1,
|
||||
// PKCS7 format, used by signing model.
|
||||
OEMCrypto_BCCSigType_PKCS7 = 2,
|
||||
// Signature generated by Keybox, reserved.
|
||||
OEMCrypto_BCCSigType_Keybox = 3,
|
||||
} OEMCrypto_BCCSignatureType;
|
||||
|
||||
/**
|
||||
Return value for OEMCrypto_GetWatermarkingSupport().
|
||||
*/
|
||||
@@ -747,6 +763,7 @@ typedef enum OEMCrypto_SignatureHashAlgorithm {
|
||||
#define OEMCrypto_MarkOfflineSession _oecc153
|
||||
#define OEMCrypto_WrapClearPrivateKey _oecc154
|
||||
#define OEMCrypto_SetSessionUsage _oecc155
|
||||
#define OEMCrypto_GetBCCSignatureType _oecc156
|
||||
// clang-format on
|
||||
|
||||
/// @addtogroup initcontrol
|
||||
@@ -3256,9 +3273,77 @@ OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* device_id,
|
||||
* This method is new in API version 19.2.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_WrapClearPrivateKey(
|
||||
const uint8_t* clear_private_key_bytes, size_t clear_private_key_length,
|
||||
const uint8_t* clear_private_key, size_t clear_private_key_length,
|
||||
uint8_t* wrapped_private_key, size_t* wrapped_private_key_length);
|
||||
|
||||
/**
|
||||
* This function is for OEMCrypto to tell the layer above what type of BCC
|
||||
* signature it uses. This function is for Provisioning 4.0 signing model, or
|
||||
* Provisioning 4.0 uploading model with Phase 3 enabled.
|
||||
*
|
||||
* The returned bcc_signature_type corresponds to the
|
||||
* additional_signature parameter in the OEMCrypto_GetBootCertificateChain()
|
||||
* function and specifies the type of signature returned by that function.
|
||||
*
|
||||
* Valid values for OEMCrypto_BCCSignatureType are:
|
||||
*
|
||||
* OEMCrypto_BCCSigType_CBOR, required by Android Remote Key Provisioning
|
||||
* phase 3. The signature is CBOR encoded, which shall follow the IETF CBOR Web
|
||||
* Token (CWT) specification. The format is described in Android
|
||||
* generateCertificateRequestV2.cddl:
|
||||
* UdsCerts = {
|
||||
* * SignerName => UdsCertChain
|
||||
* }
|
||||
*
|
||||
* SignerName = tstr
|
||||
*
|
||||
* UdsCertChain = [
|
||||
* + X509Certificate ; Root -> ... -> Leaf.
|
||||
* ; "Root" is the vendor self-signed cert,
|
||||
* ; "Leaf" contains Unique Device Secret public key.
|
||||
* ; It's recommended to have at least 3 certificates
|
||||
* ; in the chain. The Root certificate is recommended
|
||||
* ; to be generated in an air-gapped, HSM-based secure
|
||||
* ; environment.
|
||||
* ]
|
||||
*
|
||||
* ; A bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or
|
||||
* ; EdDSA)
|
||||
* X509Certificate = bstr
|
||||
*
|
||||
* OEMCrypto_BCCSigType_PKCS7, the signature is a PKCS#7 format containing a
|
||||
* chain of X.509 certificates encoded with DER. The leaf certificate of the
|
||||
* chain contains the Unique Device Secret public key (UDS_Pub). The signature
|
||||
* shall be generated off-device for enhanced security.
|
||||
*
|
||||
* OEMCrypto_BCCSigType_Keybox, the signature is generated using Keybox on the
|
||||
* device. Please work with your Widevine Partner Engineer to ensure the
|
||||
* signature format meets the required specifications.
|
||||
*
|
||||
* OEMCrypto_BCCSigTypeUnknown, the signature is not supported.
|
||||
*
|
||||
* @param[out] bcc_signature_type: the type of the boot certificate chain.
|
||||
*
|
||||
* @retval OEMCrypto_SUCCESS
|
||||
* @retval OEMCrypto_ERROR_INVALID_CONTEXT if any pointer is NULL.
|
||||
* @retval OEMCrypto_ERROR_NOT_IMPLEMENTED: if the provisioning method is not
|
||||
* Provisioning 4.0 or Provisioning 4.0 Phase 3 is not supported. The
|
||||
* output bcc_signature_type may be set to OEMCrypto_BCCSigTypeUnknown
|
||||
* in this case.
|
||||
* @retval OEMCrypto_ERROR_UNKNOWN_FAILURE any other failure.
|
||||
*
|
||||
* @threading
|
||||
* This is a "Property Function" and may be called simultaneously with any
|
||||
* other property function or session function, but not any initialization or
|
||||
* usage table function, as if the CDM holds a read lock on the OEMCrypto
|
||||
* system.
|
||||
*
|
||||
* @version
|
||||
* This method is new API version 19.4.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_GetBCCSignatureType(
|
||||
OEMCrypto_BCCSignatureType* bcc_signature_type);
|
||||
|
||||
/// @}
|
||||
|
||||
/// @addtogroup keybox
|
||||
|
||||
Reference in New Issue
Block a user