Source release 19.6.0

GitOrigin-RevId: 13a33e34413c19da1bfe76abcc66be519c9ac9d1

oemcrypto/include/OEMCryptoCENC.h

@@ -3,7 +3,7 @@
 // License Agreement.
 
 /**
- * @mainpage OEMCrypto API v19.5
+ * @mainpage OEMCrypto API v19.6
  *
  * OEMCrypto is the low level library implemented by the OEM to provide key and
  * content protection, usually in a separate secure memory or process space. The
@@ -766,6 +766,8 @@ typedef enum OEMCrypto_SignatureHashAlgorithm {
 #define OEMCrypto_GetBCCSignatureType         _oecc156
 #define OEMCrypto_GetPVRKey                   _oecc157
 #define OEMCrypto_LoadPVRKey                  _oecc158
+#define OEMCrypto_LoadLicenseData             _oecc159
+#define OEMCrypto_SaveLicenseData             _oecc160
 // clang-format on
 
 /// @addtogroup initcontrol
@@ -1027,7 +1029,10 @@ OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session);
  * state, an error of OEMCrypto_ERROR_INVALID_CONTEXT is returned.
  *
  * @param[in] session: handle for the session to be used.
- * @param[out] nonce: pointer to memory to receive the computed nonce.
+ * @param[out] nonce pointer to memory to receive the computed nonce. The nonce
+ *    will only be stored into this memory location if the function returns
+ *    OEMCrypto_SUCCESS. If any other OEMCryptoResult is returned, the contents
+ *    of the memory pointed to by nonce will remain unchanged.
  *
  * Results:
  *   nonce: the nonce is also stored in secure memory.
@@ -3639,7 +3644,9 @@ uint32_t OEMCrypto_MinorAPIVersion(void);
  *   defined
  *
  * While not required, another optional top level struct can be added to the
- * build information string to provide information about liboemcrypto.so:
+ * build information string to provide information about liboemcrypto.so. The
+ * fields within this struct are not required, but if they are included they
+ * must match the listed data type:
  * - "ree" {
  *     - "liboemcrypto_ver" [string]: liboemcrypto.so version in string format
  *       eg "2.15.0+tag". Note that this is separate from the "ta_ver" field
@@ -4314,8 +4321,8 @@ OEMCryptoResult OEMCrypto_LoadProvisioning(
  * Receiver certificates may refuse to load these keys and return an error of
  * OEMCrypto_ERROR_NOT_IMPLEMENTED. The main use case for these alternative
  * signing algorithms is to support devices that use X509 certificates for
- * authentication when acting as a ChromeCast receiver.  This is not needed for
- * devices that wish to send data to a ChromeCast. Keys loaded from this
+ * authentication when acting as a Google Cast receiver.  This is not needed for
+ * devices that wish to send data to a Google Cast. Keys loaded from this
  * function may not be used with OEMCrypto_PrepAndSignLicenseRequest().
  *
  * First, OEMCrypto should generate three secondary keys, mac_key[server],
@@ -4388,8 +4395,8 @@ OEMCryptoResult OEMCrypto_LoadProvisioning(
  *      algorithms may refuse to load these keys and return an error of
  *      OEMCrypto_ERROR_NOT_IMPLEMENTED.  The main use case for these
  *      alternative signing algorithms is to support devices that use X.509
- *      certificates for authentication when acting as a ChromeCast receiver.
- *      This is not needed for devices that wish to send data to a ChromeCast.
+ *      certificates for authentication when acting as a Google Cast receiver.
+ *      This is not needed for devices that wish to send data to a Google Cast.
  *   7. After possibly skipping past the first 8 bytes signifying the allowed
  *      signing algorithm, the rest of the buffer private_key contains an ECC
  *      private key or an RSA private key in PKCS#8 binary DER encoded
@@ -4562,7 +4569,7 @@ OEMCryptoResult OEMCrypto_LoadTestRSAKey(void);
  *
  * The second padding scheme is for devices that use X509 certificates for
  * authentication. The main example is devices that work as a Cast receiver,
- * like a ChromeCast, not for devices that wish to send to the Cast device,
+ * like a Google Cast, not for devices that wish to send to the Cast device,
  * such as almost all Android devices. OEMs that do not support X509
  * certificate authentication need not implement this function and can return
  * OEMCrypto_ERROR_NOT_IMPLEMENTED.
@@ -6398,6 +6405,44 @@ OEMCryptoResult OEMCrypto_UseSecondaryKey(OEMCrypto_SESSION session_id,
  */
 OEMCryptoResult OEMCrypto_MarkOfflineSession(OEMCrypto_SESSION session);
 
+/**
+ * Loads the license data into the given session.
+ *
+ * @param[in] session: session id for operation.
+ * @param[in] data: the buffer to import.
+ * @param[in] data_length: the number of bytes in |data|.
+ *
+ * @ignore
+ * @retval OEMCrypto_SUCCESS on success
+ * @retval OEMCrypto_ERROR_INVALID_SESSION
+ * @retval OEMCrypto_ERROR_INVALID_CONTEXT
+ * @retval OEMCrypto_ERROR_SESSION_STATE_LOST
+ * @retval OEMCrypto_ERROR_SYSTEM_INVALIDATED
+ * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
+ */
+OEMCryptoResult OEMCrypto_LoadLicenseData(OEMCrypto_SESSION session,
+                                          const uint8_t* data,
+                                          size_t data_length);
+
+/**
+ * Saves the license data for the given session.
+ *
+ * @param[in] session: session id for operation.
+ * @param[out] data: the buffer to export into.
+ * @param[in,out] data_length: (in) length of the data buffer, in bytes.
+ *     (out) actual length of the data, in bytes.
+ *
+ * @ignore
+ * @retval OEMCrypto_SUCCESS on success
+ * @retval OEMCrypto_ERROR_INVALID_SESSION
+ * @retval OEMCrypto_ERROR_INVALID_CONTEXT
+ * @retval OEMCrypto_ERROR_SESSION_STATE_LOST
+ * @retval OEMCrypto_ERROR_SYSTEM_INVALIDATED
+ * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
+ */
+OEMCryptoResult OEMCrypto_SaveLicenseData(OEMCrypto_SESSION session,
+                                          uint8_t* data, size_t* data_length);
+
 #ifdef __cplusplus
 }
 #endif