Source release 17.1.2

2023-06-23 15:37:42 -07:00
parent a10f13a2dc
commit 2baa7c6e2b
353 changed files with 12903 additions and 2305 deletions
--- a/oemcrypto/include/OEMCryptoCENC.h
+++ b/oemcrypto/include/OEMCryptoCENC.h
@@ -121,7 +121,7 @@
 * application or the license server.
 *
 * @defgroup drm_cert DRM Certificate Provisioning API
- * This section of functions are used to provision the device with an DRM
+ * This section of functions are used to provision the device with a DRM
 * certificate.  This certificate is obtained by a device in the field from a
 * Google/Widevine provisioning server, or from a third party server running the
 * Google/Widevine provisioning server SDK.  Since the DRM certificate may be
@@ -574,6 +574,13 @@ typedef enum OEMCrypto_WatermarkingSupport {

 /**
 * Obfuscation Renames.
+ *
+ * The function signatures of each oecc obfuscated name should remain static
+ * across multiple versions. When we want to change the function signature of a
+ * function, we will give the new signature a new oecc number and keep the
+ * original oecc name with the original function signature. This allows us to
+ * maintain backwards compatibility when the CDM loads an older version of
+ * liboemcrypto.so using dlopen.
 */
 // clang-format off
 #define OEMCrypto_Initialize                  _oecc01
@@ -702,6 +709,7 @@ typedef enum OEMCrypto_WatermarkingSupport {
 #define OEMCrypto_ReuseUsageEntry             _oecc127
 #define OEMCrypto_GetDTCP2Capability          _oecc128
 #define OEMCrypto_GetWatermarkingSupport      _oecc129
+#define OEMCrypto_GetOEMKeyToken              _oecc130
 // clang-format on

 /// @addtogroup initcontrol
@@ -917,6 +925,9 @@ OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session);

 /**
 * This method creates an entitled key session.
+ * OEMCrypto is required to support at least one entitled key session per
+ * license. For CAS support, we also require that OEMCrypto support at least
+ * six entitled key sessions per license.
 *
 * @param[in] oec_session: handle for the OEMCrypto session to be associated
 *    with the created entitled key session.
@@ -925,6 +936,14 @@ OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session);
 * @retval OEMCrypto_SUCCESS success
 * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
 * @retval OEMCrypto_ERROR_INVALID_SESSION
+ * @retval OEMCrypto_ERROR_TOO_MANY_SESSIONS
+ *
+ * @threading
+ *   This is a "Session Function" and may be called simultaneously with session
+ *   functions for other sessions but not simultaneously with other functions
+ *   for this oec_session. It will not be called simultaneously with
+ *   initialization or usage table functions. It is as if the CDM holds a write
+ *   lock for this session, and a read lock on the OEMCrypto system.
 *
 * @version
 *   This method is new in API version 17.
@@ -942,6 +961,13 @@ OEMCryptoResult OEMCrypto_CreateEntitledKeySession(
 * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
 * @retval OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION
 *
+ * @threading
+ *   This is a "Session Function" and may be called simultaneously with session
+ *   functions for other sessions but not simultaneously with other functions
+ *   for this session. It will not be called simultaneously with initialization
+ *   or usage table functions. It is as if the CDM holds a write lock for this
+ *   session, and a read lock on the OEMCrypto system.
+ *
 * @version
 *   This method is new in API version 17.
 */
@@ -1796,18 +1822,18 @@ OEMCryptoResult OEMCrypto_LoadLicense(OEMCrypto_SESSION session,
                                      size_t signature_length);

 /**
- * Load content keys into a session which already has entitlement keys
- * loaded. This function will only be called for a session after a call to
- * OEMCrypto_LoadKeys() with the parameter type license_type equal to
- * OEMCrypto_EntitlementLicense. This function may be called multiple times
+ * Load content keys into an entitled session which is associated with an
+ * entitlement sessions. This function will only be called for an entitled
+ * session after a call to OEMCrypto_LoadLicense() has been called on the
+ * associated entitlement session. This function may be called multiple times
 * for the same session.
 *
- * If the session does not have license_type equal to
- * OEMCrypto_EntitlementLicense, return OEMCrypto_ERROR_INVALID_CONTEXT and
- * perform no work.
+ * If the session is not an entitled session, return
+ * OEMCrypto_ERROR_INVALID_CONTEXT and perform no work.
 *
 * For each key object in key_array, OEMCrypto shall look up the entry in the
- * key table with the corresponding entitlement_key_id.
+ * key table for the entitlement session with the corresponding
+ * entitlement_key_id.
 *
 *   1. If no entry is found, return OEMCrypto_KEY_NOT_ENTITLED.
 *   2. If the entry already has a content_key_id and content_key_data, that
@@ -1841,12 +1867,19 @@ OEMCryptoResult OEMCrypto_LoadLicense(OEMCrypto_SESSION session,
 * @retval OEMCrypto_ERROR_SYSTEM_INVALIDATED
 * @retval OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION
 *
+ * @buffer_size
+ *   OEMCrypto shall support message sizes as described in the section
+ *   OEMCrypto_ResourceRatingTier().
+ *   OEMCrypto shall return OEMCrypto_ERROR_BUFFER_TOO_LARGE if the buffer is
+ *   larger than the supported size.
+ *
 * @threading
 *   This is a "Session Function" and may be called simultaneously with session
 *   functions for other sessions but not simultaneously with other functions
- *   for this session. It will not be called simultaneously with initialization
- *   or usage table functions. It is as if the CDM holds a write lock for this
- *   session, and a read lock on the OEMCrypto system.
+ *   for this session, or its entitlement session. It will not be called
+ *   simultaneously with initialization or usage table functions. It is as if
+ *   the CDM holds a write lock for this session, and a read lock on the
+ *   OEMCrypto system.
 *
 * @version
 *   This method changed in API version 17.
@@ -3868,11 +3901,14 @@ OEMCrypto_WatermarkingSupport OEMCrypto_GetWatermarkingSupport(void);
 * key and signing key generated using an algorithm at least as strong as
 * that in GenerateDerivedKeys.
 *
- * First, OEMCrypto shall verify the signature of the message using
- * HMAC-SHA256 with the derived mac_key[server]. The signature verification
- * shall use a constant-time algorithm (a signature mismatch will always take
- * the same time as a successful comparison). The signature is over the
- * entire message buffer starting at message with length message_length. If
+ * First, OEMCrypto shall verify the signature of the message using the correct
+ * algorithm depending on if the device supports Provisioning 2.0, 3.0 or 4.0.
+ *
+ * For Provisioning 2.0, OEMCrypto shall verify the signature of the message
+ * using HMAC-SHA256 with the derived mac_key[server]. The signature
+ * verification shall use a constant-time algorithm (a signature mismatch will
+ * always take the same time as a successful comparison). The signature is over
+ * the entire message buffer starting at message with length message_length. If
 * the signature verification fails, ignore all other arguments and return
 * OEMCrypto_ERROR_SIGNATURE_FAILURE.
 *
@@ -3880,7 +3916,10 @@ OEMCrypto_WatermarkingSupport OEMCrypto_GetWatermarkingSupport(void);
 * and encrypt_key with a call to OEMCrypto_DeriveKeysFromSessionKey() or
 * OEMCrypto_GenerateDerivedKeys().
 *
- * The function ODK_ParseProvisioning is called to parse the message. If it
+ * For Provisioning 3.0 and 4.0, the signature is not verified.
+ *
+ * After the signature is verified,
+ * the function ODK_ParseProvisioning is called to parse the message. If it
 * returns an error, OEMCrypto shall return that error to the CDM layer. The
 * function ODK_ParseProvisioning is described in the document "Widevine Core
 * Message Serialization".
@@ -4157,7 +4196,7 @@ OEMCryptoResult OEMCrypto_GenerateRSASignature(
    RSA_Padding_Scheme padding_scheme);

 /**
- * OEMCrypto will use OEMCrypto_PrepAndSignProvisioningRequest(), as described
+ * OEMCrypto will use ODK_PrepareCoreProvisioningRequest(), as described
 * in the document "Widevine Core Message Serialization", to prepare the core
 * message. If it returns an error, the error should be returned by OEMCrypto
 * to the CDM layer. If it returns OEMCrypto_SUCCESS, then OEMCrypto shall
@@ -4168,11 +4207,17 @@ OEMCryptoResult OEMCrypto_GenerateRSASignature(
 * the request with the session's derived client mac key from the previous
 * call to OEMCrypto_GenerateDerivedKeys().
 *
- * For a device that has an OEM Certificate, i.e. Provisioning 3.0, OEMCrypto
- * will sign the request with the private key associated with the OEM
+ * For Provisioning 3.0, i.e. a device that has a baked in OEM Certificate,
+ * OEMCrypto will sign the request with the private key associated with the OEM
 * Certificate. The key shall have been loaded by a previous call to
 * OEMCrypto_LoadDRMPrivateKey().
 *
+ * For Provisioning 4.0, i.e. a device that uses a Boot Chain Certificate to
+ * request and OEM cert, a request for an OEM cert is signed by the OEM private
+ * key. A request for a DRM cert is signed by the DRM private key. The DRM cert
+ * that was generated on the device in OEMCrypto_GenerateCertificateKeyPair() is
+ * signed by the OEM cert private key.
+ *
 * Refer to the Signing Messages Sent to a Server section above for more
 * details.
 *
@@ -4799,11 +4844,54 @@ OEMCryptoResult OEMCrypto_GetBootCertificateChain(
 * key is supposed to be certified by the server. The private key is wrapped
 * with the encryption key so it can be stored in the file system.
 *
- * If an OEM private key is unavailable, the request is assumed for OEM
+ * The |public_key_signature| output is formatted differently depending
+ * on whether or not an OEM private key has been loaded.
+ *
+ * If an OEM private key is unavailable, the request is assumed to be for OEM
 * certificate provisioning. In this case, the public key is signed by the
- * device private key. If an OEM private key is available, the request is
- * assumed for DRM certificate provisioning and the public key is signed by the
- * OEM private key.
+ * device private key. The format of |public_key_signature| in this case is a
+ * COSE_Sign1 CBOR array. The format is described in RFC 8152 Section 4.2 and
+ * 4.4, as well as Android IRemotelyProvisionedComponent.aidl (under
+ * "SignedData<Data>")
+ *
+ *   |public_key_signature|: COSE_Sign1 CBOR array
+ *   [
+ *     protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 /
+ *                                 AlgorithmES384 },
+ *     unprotected: {},
+ *     payload: bstr .cbor Data / nil,
+ *     signature: bstr      ; PureEd25519(priv_key, Sig_structure) /
+ *                          ; ECDSA(priv_key, Sig_structure)
+ *   ]
+ *
+ * Notes:
+ *   1. The payload field in the COSE_Sign1 struct is the public key generated
+ *      by OEMCrypto_GenerateCertificateKeyPair
+ *   2. The signature field in the COSE_Sign1 struct is the concatenation of the
+ *      (R,S) values from the EC/Ed signature. If either R or S is smaller than
+ *      the key size, it is left-padded with 0 to match the key size as
+ *      described in RFC 8152. This signature is not DER encoded.
+ *   3. The signature is generated by calling the selected EC signing function
+ *      (PureEd25519 or one of the supported ECDSA algorithms) on
+ *      `Sig_structure`, which is a CBOR array described below. The payload
+ *      field in Sig_structure is the same as the payload in the above
+ *      COSE_Sign1 CBOR array.
+ *
+ *   Sig_structure: CBOR array
+ *   [
+ *     context: "Signature1",
+ *     protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 /
+ *                                 AlgorithmES384 },
+ *     external_aad: bstr .size 0,
+ *     payload: bstr .cbor Data / nil,
+ *   ]
+ *
+ * If an OEM private key is available, the request is assumed to be for DRM
+ * certificate provisioning and the public key is signed by the OEM private key.
+ * If the OEM private key is an RSA key, then |public_key_signature| is the raw
+ * output of the RSA sign operation with RSASSA-PSS padding. If the OEM private
+ * key is an ECC key, then |public_key_signature| is the ASN.1 DER-encoded (R,S)
+ * signature as specified in RFC 3279 2.2.3.
 *
 * @param[in] session: session id.
 * @param[out] public_key: pointer to the buffer that receives the public key
@@ -4812,11 +4900,8 @@ OEMCryptoResult OEMCrypto_GetBootCertificateChain(
 * @param[in,out] public_key_length: on input, size of the caller's public_key
 *    buffer. On output, the number of bytes written into the buffer.
 * @param[out] public_key_signature: pointer to the buffer that receives the
- *    signature of the public key.
- *    If an OEM private key is unavailable: it is signed by the device private
- *    key. The signature must be in COSE_SIGN1 format as specified in RFC 8152.
- *    If an OEM private key is available: it is signed by the OEM private key.
- *    The signature must be raw signature bytes.
+ *    signature of the public key. The format depends on whether an OEM private
+ *    key has been loaded.
 * @param[in,out] public_key_signature_length: on input, size of the caller's
 *    public_key_signature buffer. On output, the number of bytes written into
 *    the buffer.
@@ -5114,11 +5199,9 @@ OEMCryptoResult OEMCrypto_InstallOemPrivateKey(
 * @retval OEMCrypto_ERROR_INVALID_SESSION
 *
 * @threading
- *   This is a "Session Function" and may be called simultaneously with session
- *   functions for other sessions but not simultaneously with other functions
- *   for this session. It will not be called simultaneously with initialization
- *   or usage table functions. It is as if the CDM holds a write lock for this
- *   session, and a read lock on the OEMCrypto system.
+ *   This is a "Session Initialization Function" and will not be called
+ *   simultaneously with any other function, as if the CDM holds a write lock
+ *   on the OEMCrypto system.
 *
 * @version
 *   This method is new in API version 17.
@@ -5306,6 +5389,31 @@ OEMCryptoResult OEMCrypto_ProcessOTAKeybox(OEMCrypto_SESSION session,
                                           const uint8_t* buffer,
                                           size_t buffer_length,
                                           uint32_t use_test_key);
+/**
+ * Retrieves the key token associated with the input entitled key session. This
+ * method is currently used only by CAS, where key token is a means to share
+ * vendor specific crypto info with other frameworks (e.g. Descrambler in
+ * Android TunerHAL) that are also under control of the vendor.
+ *
+ * @param[in] key_session: handle for the entitled key session to be used.
+ * @param[out] key_token: where the key token is stored.
+ * @param[in,out] key_token_length: length of the key token, in bytes.
+ *
+ * @retval OEMCrypto_SUCCESS on success
+ * @retval OEMCrypto_ERROR_SHORT_BUFFER if buffer_length is too small.
+ * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
+ *
+ * @threading
+ *   This is an "Initialization and Termination Function" and will not be called
+ *   simultaneously with any other function, as if the CDM holds a write lock on
+ *   the OEMCrypto system.
+ *
+ * @version
+ *   This method is new in API version 17.
+ */
+OEMCryptoResult OEMCrypto_GetOEMKeyToken(OEMCrypto_SESSION key_session,
+                                         uint8_t* key_token,
+                                         size_t* key_token_length);

 /****************************************************************************/
 /****************************************************************************/