Source release 14.1.0

oemcrypto/include/OEMCryptoCENC.h

@@ -1,4 +1,6 @@
-// Copyright 2013 Google Inc. All Rights Reserved.
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
 
 /*********************************************************************
  * OEMCryptoCENC.h
@@ -287,6 +289,8 @@ typedef enum OEMCrypto_Usage_Entry_Status {
  * Platforms that have compilers that support packed structures, may use the
  * following definition.  Other platforms may use the header pst_report.h which
  * defines a wrapper class.
+ *
+ * All fields are in network byte order.
  */
 #if 0  // If your compiler supports __attribute__((packed)).
 typedef struct {
@@ -369,11 +373,14 @@ typedef enum OEMCrypto_ProvisioningMethod {
 #define OEMCrypto_Initialize               _oecc01
 #define OEMCrypto_Terminate                _oecc02
 #define OEMCrypto_InstallKeybox            _oecc03
+#define OEMCrypto_InstallRootKeyCertificate _oecc03
 #define OEMCrypto_GetKeyData               _oecc04
 #define OEMCrypto_IsKeyboxValid            _oecc05
+#define OEMCrypto_IsRootKeyCertificateValid _oecc05
 #define OEMCrypto_GetRandom                _oecc06
 #define OEMCrypto_GetDeviceID              _oecc07
 #define OEMCrypto_WrapKeybox               _oecc08
+#define OEMCrypto_WrapRootKeyCertificate   _oecc08
 #define OEMCrypto_OpenSession              _oecc09
 #define OEMCrypto_CloseSession             _oecc10
 #define OEMCrypto_DecryptCTR_V10           _oecc11
@@ -1491,36 +1498,38 @@ OEMCryptoResult OEMCrypto_CopyBuffer(const uint8_t* data_addr,
                                      uint8_t subsample_flags);
 
 /*
- * OEMCrypto_WrapKeybox
+ * OEMCrypto_WrapRootKeyCertificate
  *
  * Description:
- *   During manufacturing, the keybox should be encrypted with the OEM root key
- *   and stored on the file system in a region that will not be erased during
- *   factory reset. As described in section 5.5.4, the keybox may be directly
- *   encrypted and stored on the device in a single step, or it may use the
- *   two-step WrapKeybox/InstallKeybox approach. When the Widevine DRM plugin
- *   initializes, it will look for a wrapped keybox in the file
- *   /factory/wv.keys and install it into the security processor by calling
- *   OEMCrypto_InstallKeybox().
  *
- *   OEMCrypto_WrapKeybox() is used to generate an OEM-encrypted keybox that
- *   may be passed to OEMCrypto_InstallKeybox() for provisioning. The keybox
- *   may be either passed in the clear or previously encrypted with a transport
- *   key. If a transport key is supplied, the keybox is first decrypted with
- *   the transport key before being wrapped with the OEM root key. This
- *   function is only needed if the provisioning method involves saving the
- *   keybox to the file system.
+ *   A device should be provisioned at the factory with either an OEM
+ *   Certificate or a keybox.  We will call this data the root of trust.  During
+ *   manufacturing, the root of trust should be encrypted with the OEM root key
+ *   and stored on the file system in a region that will not be erased during
+ *   factory reset.  This function may be used by legacy systems that use the
+ *   two-step WrapRootKeyCertificate/InstallRootKeyCertificate approach.  When
+ *   the Widevine DRM plugin initializes, it will look for a wrapped root of
+ *   trust in the file /factory/wv.keys and install it into the security
+ *   processor by calling OEMCrypto_InstallRootKeyCertificate().
+ *
+ *   OEMCrypto_WrapRootKeyCertificate() is used to generate an OEM-encrypted
+ *   root of trust that may be passed to OEMCrypto_InstallRootKeyCertificate()
+ *   for provisioning.  The root of trust may be either passed in the clear or
+ *   previously encrypted with a transport key.  If a transport key is supplied,
+ *   the keybox is first decrypted with the transport key before being wrapped
+ *   with the OEM root key.  This function is only needed if the root of trust
+ *   provisioning method involves saving the keybox to the file system.
  *
  * Parameters:
- *   keybox (in) - pointer to Keybox data to encrypt. May be NULL on the first
- *       call to test size of wrapped keybox. The keybox may either be clear or
- *       previously encrypted.
- *   keyboxLength (in) - length the keybox data in bytes
- *   wrappedKeybox (out) – Pointer to wrapped keybox
- *   wrappedKeyboxLength (out) – Pointer to the length of the wrapped keybox in
+ *   rot (in) - pointer to root of trust data to encrypt. May be NULL on the
+ *       first call to test size of wrapped keybox. The keybox may either be
+ *       clear or previously encrypted.
+ *   rotLength (in) - length the rot data in bytes
+ *   wrappedRot (out) – Pointer to wrapped rot
+ *   wrappedRotLength (out) – Pointer to the length of the wrapped keybox in
  *       bytes
- *   transportKey (in) – Optional. AES transport key. If provided, the keybox
- *       parameter was previously encrypted with this key. The keybox will be
+ *   transportKey (in) – Optional. AES transport key. If provided, the rot
+ *       parameter was previously encrypted with this key. The rot will be
  *       decrypted with the transport key using AES-CBC and a null IV.
  *   transportKeyLength (in) – Optional. Number of bytes in the transportKey, if
  *       used.
@@ -1539,26 +1548,29 @@ OEMCryptoResult OEMCrypto_CopyBuffer(const uint8_t* data_addr,
  * Version:
  *   This method is supported by all API versions.
  */
-OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox, size_t keyBoxLength,
-                                     uint8_t* wrappedKeybox,
-                                     size_t* wrappedKeyBoxLength,
-                                     const uint8_t* transportKey,
-                                     size_t transportKeyLength);
+OEMCryptoResult OEMCrypto_WrapRootKeyCertificate(const uint8_t* rot, size_t rotLength,
+                                                 uint8_t* wrappedRot,
+                                                 size_t* wrappedRotLength,
+                                                 const uint8_t* transportKey,
+                                                 size_t transportKeyLength);
 
 /*
- * OEMCrypto_InstallKeybox
+ * OEMCrypto_InstallRootKeyCertificate
  *
  * Description:
- *   Decrypts a wrapped keybox and installs it in the security processor. The
- *   keybox is unwrapped then encrypted with the OEM root key. This function is
- *   called from the Widevine DRM plugin at initialization time if there is no
- *   valid keybox installed. It looks for a wrapped keybox in the file
- *   /factory/wv.keys and if it is present, will read the file and call
- *   OEMCrypto_InstallKeybox() with the contents of the file.
+ *
+ *   Decrypts a wrapped root of trust and installs it in the security processor.
+ *   The root of trust is unwrapped then encrypted with the OEM root key.  This
+ *   function is called from the Widevine DRM plugin at initialization time if
+ *   there is no valid root of trust installed.  It looks for wrapped data in
+ *   the file /factory/wv.keys and if it is present, will read the file and call
+ *   OEMCrypto_InstallRootKeyCertificate() with the contents of the file.  This
+ *   function is only needed if the factory provisioning method involves saving
+ *   the keybox to the file system.
  *
  * Parameters:
- *   keybox  (in) - pointer to encrypted Keybox data as input
- *   keyboxLength  (in) - length of the keybox data in bytes
+ *   rot  (in) - pointer to encrypted data as input
+ *   rotLength  (in) - length of the data in bytes
  *
  * Threading:
  *   This function is not called simultaneously with any other functions.
@@ -1573,8 +1585,8 @@ OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox, size_t keyBoxLength,
  * Version:
  *   This method is supported in all API versions.
  */
-OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
-                                        size_t keyBoxLength);
+OEMCryptoResult OEMCrypto_InstallRootKeyCertificate(const uint8_t* rot,
+                                                    size_t rotLength);
 
 /*
  * OEMCrypto_GetProvisioningMethod
@@ -1669,10 +1681,12 @@ OEMCryptoResult OEMCrypto_GetOEMPublicCertificate(OEMCrypto_SESSION session,
 OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t *buffer, size_t length);
 
 /*
- * OEMCrypto_IsKeyboxValid
+ * OEMCrypto_IsRootKeyCertificateValid
  *
  * Description:
- *   Validate the Widevine Keybox stored on the device.
+ *
+ * If the device has a keybox, this validates the Widevine Keybox loaded into
+ * the security processor device.
  *
  * The API performs two verification steps on the Keybox. It first verifies
  * the MAGIC field contains a valid signature (must be 'kbox'). The API then
@@ -1680,6 +1694,9 @@ OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t *buffer, size_t length);
  * checksum to the CRC stored in the Keybox. The CRC is computed over the
  * entire Keybox excluding the 4 CRC bytes (i.e. Keybox[0..123]).
  *
+ * If the device has an OEM Certificate, this validates the certificate private
+ * key.
+ *
  * Parameters:
  *   none
  *
@@ -1690,11 +1707,13 @@ OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t *buffer, size_t length);
  *   OEMCrypto_SUCCESS
  *   OEMCrypto_ERROR_BAD_MAGIC
  *   OEMCrypto_ERROR_BAD_CRC
+ *   OEMCrypto_ERROR_KEYBOX_INVALID
+ *   OEMCrypto_ERROR_NOT_IMPLEMENTED
  *
  * Version:
  *   This method is supported by all API versions.
  */
-OEMCryptoResult OEMCrypto_IsKeyboxValid(void);
+OEMCryptoResult OEMCrypto_IsRootKeyCertificateValid(void);
 
 /*
  * OEMCrypto_GetDeviceID

oemcrypto/include/level3_file_system.h

@@ -1,29 +0,0 @@
-// Copyright 2017 Google Inc. All Rights Reserved
-
-/*********************************************************************
- * level3_file_system.h
- *
- * File system for OEMCrypto Level3 file operations.
- *********************************************************************/
-
-#ifndef LEVEL3_FILE_SYSTEM_H_
-#define LEVEL3_FILE_SYSTEM_H_
-
-#include <stdlib.h>
-
-namespace wvoec3 {
-
-class OEMCrypto_Level3FileSystem {
- public:
-  virtual ~OEMCrypto_Level3FileSystem() {}
-  virtual ssize_t Read(const char *filename, void *buffer, size_t size) = 0;
-  virtual ssize_t Write(const char *filename, const void *buffer,
-                        size_t size) = 0;
-  virtual bool Exists(const char *filename) = 0;
-  virtual ssize_t FileSize(const char *filename) = 0;
-  virtual bool Remove(const char *filename) = 0;
-};
-
-}  // namespace wvoec3
-
-#endif

oemcrypto/include/oemcrypto_logging.h

@@ -1,65 +0,0 @@
-// Copyright 2014 Google Inc. All Rights Reserved.
-
-#ifndef WVOEC_OEMCRYPTO_LOGGING_H_
-#define WVOEC_OEMCRYPTO_LOGGING_H_
-
-#include <iostream>
-#include <string>
-
-#include "OEMCryptoCENC.h"
-#include "log.h"
-
-namespace wvoec_mock {
-
-// The constants below represent integers with a single "on" bit that
-// represents categories of logging This allows users to specify with
-// more precision what they want to log. LogCategoryEnabled(category)
-// is used to see if the category passed in the parameters is to
-// be logged based on the current settings. Categories can be combines
-// using the | (or) bitwise  operator. For example
-// LogCategoryEnabled(category1 | category2)  will return true if
-// category1 and/or category2 are set to logging.
-
-const int kLoggingTraceOEMCryptoCalls = 0x01;  // All except decrypt calls.
-const int kLoggingDumpContentKeys = 0x02;
-const int kLoggingDumpKeyControlBlocks = 0x04;
-const int kLoggingDumpDerivedKeys = 0x08;
-const int kLoggingTraceNonce = 0x10;
-const int kLoggingTraceDecryption = 0x20;
-const int kLoggingTraceUsageTable = 0x40;
-const int kLoggingTraceDecryptCalls = 0x80;
-const int kLoggingDumpTraceAll = 0xFF;
-
-void SetLoggingSettings(int level, int categories);
-
-// set level of logging
-void SetLoggingLevel(int level);
-
-void TurnOffLoggingForAllCategories();
-
-// Returns true if the category passed is set to logging.
-// Returns false otherwise. The category constant declared
-// above are passed.
-bool LogCategoryEnabled(int category);
-
-// Turn on logging  for the categories passed.
-void AddLoggingForCategories(int categories);
-
-// Turn off logging for the categories passed.
-void RemoveLoggingForCategories(int categories);
-
-void dump_hex_helper(std::string& buffer, std::string name,
-                     const uint8_t* vector, size_t length);
-
-void dump_hex(std::string name, const uint8_t* vector, size_t length);
-
-void dump_array_part_helper(std::string& buffer, std::string array,
-                            size_t index, std::string name,
-                            const uint8_t* vector, size_t length);
-
-void dump_array_part(std::string array, size_t index, std::string name,
-                     const uint8_t* vector, size_t length);
-
-}  // namespace wvoec_mock
-
-#endif  // WVOEC_OEMCRYPTO_LOGGING_H_

oemcrypto/include/oemcrypto_types.h

@@ -0,0 +1,67 @@
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
+
+#ifndef WV_OEMCRYPTO_TYPES_H_
+#define WV_OEMCRYPTO_TYPES_H_
+
+#include <stdint.h>
+
+namespace wvoec {
+
+// This is the format of a Widevine keybox.
+typedef struct WidevineKeybox {   // 128 bytes total.
+  // C character string identifying the device.  Null terminated.
+  uint8_t device_id_[32];
+  // 128 bit AES key assigned to device.  Generated by Widevine.
+  uint8_t device_key_[16];
+  // Key Data.  Encrypted data.
+  uint8_t data_[72];
+  // Constant code used to recognize a valid keybox "kbox" = 0x6b626f78.
+  uint8_t magic_[4];
+  // The CRC checksum of the first 124 bytes of the keybox.
+  uint8_t crc_[4];
+} WidevineKeybox;
+
+// Key Control Block Bit Masks:
+const uint32_t kControlObserveDataPath = (1<<31);
+const uint32_t kControlObserveHDCP     = (1<<30);
+const uint32_t kControlObserveCGMS     = (1<<29);
+const uint32_t kControlRequireAntiRollbackHardware = (1<<28);
+const uint32_t kSharedLicense          = (1<<23);
+const uint32_t kControlSRMVersionRequired = (1<<22);
+const uint32_t kControlDisableAnalogOutput = (1<<21);
+const uint32_t kControlSecurityPatchLevelShift = 15;
+const uint32_t kControlSecurityPatchLevelMask =
+    (0x3F<<kControlSecurityPatchLevelShift);
+const uint32_t kControlReplayMask      = (0x03<<13);
+const uint32_t kControlNonceRequired   = (0x01<<13);
+const uint32_t kControlNonceOrEntry    = (0x02<<13);
+const uint32_t kControlHDCPVersionShift = 9;
+const uint32_t kControlHDCPVersionMask = (0x0F<<kControlHDCPVersionShift);
+const uint32_t kControlAllowEncrypt    = (1<<8);
+const uint32_t kControlAllowDecrypt    = (1<<7);
+const uint32_t kControlAllowSign       = (1<<6);
+const uint32_t kControlAllowVerify     = (1<<5);
+const uint32_t kControlDataPathSecure  = (1<<4);
+const uint32_t kControlNonceEnabled    = (1<<3);
+const uint32_t kControlHDCPRequired    = (1<<2);
+const uint32_t kControlCGMSMask        = (0x03);
+const uint32_t kControlCGMSCopyFreely  = (0x00);
+const uint32_t kControlCGMSCopyOnce    = (0x02);
+const uint32_t kControlCGMSCopyNever   = (0x03);
+
+// Various constants and sizes:
+static const size_t KEY_CONTROL_SIZE = 16;
+static const size_t KEY_ID_SIZE = 16;
+static const size_t KEY_IV_SIZE = 16;
+static const size_t KEY_PAD_SIZE = 16;
+static const size_t KEY_SIZE = 16;
+static const size_t MAC_KEY_SIZE = 32;
+static const size_t KEYBOX_KEY_DATA_SIZE = 72;
+static const size_t SRM_REQUIREMENT_SIZE = 12;
+
+
+}  // namespace wvoec
+
+#endif  // WV_OEMCRYPTO_TYPES_H_

oemcrypto/include/pst_report.h

@@ -0,0 +1,148 @@
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
+
+/*********************************************************************
+ * pst_report.h
+ *
+ * Reference APIs needed to support Widevine's crypto algorithms.
+ *********************************************************************/
+
+#ifndef PST_REPORT_H_
+#define PST_REPORT_H_
+
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "OEMCryptoCENC.h"
+#include "string_conversions.h"  // needed for htonll64.
+
+namespace wvcdm {
+
+class Unpacked_PST_Report {
+ public:
+  // This object does not own the buffer, and does not check that buffer
+  // is not null.
+  Unpacked_PST_Report(uint8_t *buffer) : buffer_(buffer) {}
+
+  // Copy and move semantics of this class is like that of a pointer.
+  Unpacked_PST_Report(const Unpacked_PST_Report& other) :
+      buffer_(other.buffer_) {}
+
+  Unpacked_PST_Report& operator=(const Unpacked_PST_Report& other) {
+    buffer_ = other.buffer_;
+    return *this;
+  }
+
+  size_t report_size() const {
+    return pst_length() + kraw_pst_report_size;
+  }
+
+  static size_t report_size(size_t pst_length) {
+    return pst_length + kraw_pst_report_size;
+  }
+
+  uint8_t status() const {
+    return static_cast<uint8_t>(* (buffer_ +  kstatus_offset));
+  }
+
+  void set_status(uint8_t value)  {
+    buffer_[kstatus_offset] = value;
+  }
+
+  uint8_t* signature()  {
+    return buffer_ + ksignature_offset;
+  }
+
+  uint8_t clock_security_level() const {
+    return static_cast<uint8_t>(* (buffer_ +  kclock_security_level_offset));
+  }
+
+  void set_clock_security_level(uint8_t value)  {
+    buffer_[kclock_security_level_offset] = value;
+  }
+
+  uint8_t pst_length() const {
+    return static_cast<uint8_t>(* (buffer_ +  kpst_length_offset));
+  }
+
+  void set_pst_length(uint8_t value)  {
+    buffer_[kpst_length_offset] = value;
+  }
+
+  uint8_t padding() const {
+    return static_cast<uint8_t>(* (buffer_ +  kpadding_offset));
+  }
+
+  void set_padding(uint8_t value)  {
+    buffer_[kpadding_offset] = value;
+  }
+
+  // In host byte order.
+  int64_t seconds_since_license_received() const {
+    int64_t time;
+    memcpy(&time, buffer_ +  kseconds_since_license_received_offset,
+           sizeof(int64_t));
+    return ntohll64(time);
+  }
+
+  // Parameter time is in host byte order.
+  void set_seconds_since_license_received(int64_t time) const {
+    time = ntohll64(time);
+    memcpy(buffer_ +  kseconds_since_license_received_offset, &time,
+           sizeof(int64_t));
+  }
+
+  // In host byte order.
+  int64_t seconds_since_first_decrypt() const {
+    int64_t time;
+    memcpy(&time, buffer_ +  kseconds_since_first_decrypt_offset,
+           sizeof(int64_t));
+    return ntohll64(time);
+  }
+
+  // Parameter time is in host byte order.
+  void set_seconds_since_first_decrypt(int64_t time) const {
+    time = ntohll64(time);
+    memcpy(buffer_ +  kseconds_since_first_decrypt_offset, &time,
+           sizeof(int64_t));
+  }
+
+  // In host byte order.
+  int64_t seconds_since_last_decrypt() const {
+    int64_t time;
+    memcpy(&time, buffer_ +  kseconds_since_last_decrypt_offset,
+           sizeof(int64_t));
+    return ntohll64(time);
+  }
+
+  // Parameter time is in host byte order.
+  void set_seconds_since_last_decrypt(int64_t time) const {
+    time = ntohll64(time);
+    memcpy(buffer_ +  kseconds_since_last_decrypt_offset, &time,
+           sizeof(int64_t));
+  }
+
+  uint8_t* pst() {
+    return  (buffer_ +  kpst_offset);
+  }
+
+ private:
+  uint8_t *buffer_;
+
+  // Size of the PST_Report without the pst string.
+  static const size_t kraw_pst_report_size = 48;
+  static const size_t ksignature_offset  = 0;
+  static const size_t kstatus_offset  = 20;
+  static const size_t kclock_security_level_offset = 21;
+  static const size_t kpst_length_offset = 22;
+  static const size_t kpadding_offset = 23;
+  static const size_t kseconds_since_license_received_offset = 24;
+  static const size_t kseconds_since_first_decrypt_offset = 32;
+  static const size_t kseconds_since_last_decrypt_offset = 40;
+  static const size_t kpst_offset = 48;
+};
+}  // namespace wvcdm
+
+#endif  // PST_REPORT_H_