Source release 19.2.0

oemcrypto/include/OEMCryptoCENC.h

@@ -3,7 +3,7 @@
 // License Agreement.
 
 /**
- * @mainpage OEMCrypto API v19.1
+ * @mainpage OEMCrypto API v19.2
  *
  * OEMCrypto is the low level library implemented by the OEM to provide key and
  * content protection, usually in a separate secure memory or process space. The
@@ -744,6 +744,8 @@ typedef enum OEMCrypto_SignatureHashAlgorithm {
 #define OEMCrypto_LoadRelease                 _oecc150
 #define OEMCrypto_GetEmbeddedDrmCertificate   _oecc151
 #define OEMCrypto_UseSecondaryKey             _oecc152
+#define OEMCrypto_MarkOfflineSession          _oecc153
+#define OEMCrypto_WrapClearPrivateKey         _oecc154
 // clang-format on
 
 /// @addtogroup initcontrol
@@ -1030,9 +1032,12 @@ OEMCryptoResult OEMCrypto_GenerateNonce(OEMCrypto_SESSION session,
 
 /**
  * OEMCrypto will use ODK_PrepareCoreLicenseRequest to prepare the core
- * message. If it returns OEMCrypto_SUCCESS, then OEMCrypto shall sign the
- * message body using the DRM certificate's private key. If it returns an
- * error, the error should be returned by OEMCrypto to the CDM layer.
+ * message. If it returns OEMCrypto_SUCCESS, then OEMCrypto shall generate
+ * a SHA-512 hash over the whole message buffer (includes both the prepared
+ * core message and message body), then sign the resulting hash using the
+ * DRM certificate's private key. If ODK returns an error, the error should
+ * be returned by OEMCrypto to the CDM layer.
+ *
  * ODK_PrepareCoreLicenseRequest is described in the document "Widevine Core
  * Message Serialization".
  *
@@ -1113,11 +1118,16 @@ OEMCryptoResult OEMCrypto_PrepAndSignLicenseRequest(
  * corresponding generation number in the usage table header is also incremented
  * so that it matches the one in the entry.
  *
- * OEMCrypto will use ODK_PrepareCoreLicenseRelease to prepare the core
- * message. If it returns OEMCrypto_SUCCESS, then OEMCrypto shall sign the
- * message body using the DRM certificate's private key. If it returns an
- * error, the error should be returned by OEMCrypto to the CDM layer.
- * ODK_PrepareCoreLicenseRelease is described in the document "Widevine Core
+ * OEMCrypto will use ODK_PrepareCoreReleaseRequest to prepare the core
+ * message. If it returns OEMCrypto_SUCCESS, then OEMCrypto shall generate
+ * the signature using the whole message buffer (includes both the prepared
+ * core message and message body) using the session's client MAC key client
+ * which should be the client renewal MAC key if available; otherwise, the
+ * signing is performed using the session's Usage Entry's client MAC key.
+ * If ODK returns an error, the error should be returned by OEMCrypto to the
+ * CDM layer.
+ *
+ * ODK_PrepareCoreReleaseRequest is described in the document "Widevine Core
  * Message Serialization".
  *
  * This function generates a HMAC-SHA256 signature using the mac_key[client]
@@ -1180,22 +1190,10 @@ OEMCryptoResult OEMCrypto_PrepAndSignReleaseRequest(
  * document "Widevine Core Message Serialization", to prepare the core
  * message.
  *
- * If it returns an error, the error should be returned by OEMCrypto to the
- * CDM layer. If it returns OEMCrypto_SUCCESS, then OEMCrypto computes the
- * signature using the renewal mac key which was delivered in the license via
- * LoadLicense.
- *
- * If nonce_values.api_level is 16, then OEMCrypto shall compute the
- * signature of the entire message using the session's client renewal mac
- * key. The entire message is the buffer starting at message with length
- * message_length.
- *
- * If nonce_values.api_major_version is 15, then OEMCrypto shall compute the
- * signature of the message body using the session's client renewal mac key.
- * The message body is the buffer starting at message+core_message_size with
- * length message_length - core_message_size. If the session has not had a
- * license loaded, it will use the usage entries client mac key to sign the
- * message body.
+ * If ODK returns an error, the error should be returned by OEMCrypto to the
+ * CDM layer. If it returns OEMCrypto_SUCCESS, then OEMCrypto shall generate
+ * the signature using the whole message buffer (includes both the prepared
+ * core message and message body) using the session's client MAC key client.
  *
  * This function generates a HMAC-SHA256 signature using the mac_key[client]
  * for license request signing under the license server protocol for CENC.
@@ -3178,6 +3176,51 @@ OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(void);
 OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* device_id,
                                       size_t* device_id_length);
 
+/**
+ * Encrypts a clear device RSA/ECC key with an internal key (such as the OEM
+ * key or Widevine Keybox key) and a generated IV using AES-128-CBC with PKCS#5
+ * padding.
+ *
+ * Copies the wrapped key to the buffer specified by |wrapped_private_key| and
+ * sets the size of the wrapped key to |wrapped_private_key_length|.
+ *
+ * The clear private key is encoded in PKCS#8 binary DER format. The OEMCrypto
+ * library shall verify that this RSA key is valid.
+ *
+ * The clear key should be encrypted using the same device specific key used in
+ * OEMCrypto_LoadProvisioning. The wrapped private key will be unwrapped in the
+ * function OEMCrypto_LoadDRMPrivateKey.
+ *
+ * This function should only be implemented for factory builds.
+ *
+ * @param[in] clear_private_key_bytes: pointer to memory containing the
+ *     unencrypted private key data.
+ * @param[in] clear_private_key_length: the length of the private key data.
+ * @param[out] wrapped_private_key: pointer to buffer in which the encrypted
+ *     private key should be stored. May be null on the first call in order to
+ *     find required buffer size.
+ * @param[in,out] wrapped_private_key_length: (in) length of the encrypted
+ *     private key, in bytes. (out) actual length of the encrypted private key,
+ *     or required length if provided length is too small.
+ *
+ * @retval OEMCrypto_SUCCESS on success
+ * @retval OEMCrypto_ERROR_INVALID_CONTEXT clear_private_key_bytes is NULL, or
+ *         clear private key fails to parse as PKCS#8
+ * @retval OEMCrypto_ERROR_SHORT_BUFFER wrapped_private_key_length is too small,
+ *         or wrapped_private_key is NULL
+ *
+ * @threading
+ *   This is an "Initialization and Termination Function" and will not be
+ *   called simultaneously with any other function, as if the CDM holds a write
+ *   lock on the OEMCrypto system.
+ *
+ * @version
+ *   This method is new in API version 19.2.
+ */
+OEMCryptoResult OEMCrypto_WrapClearPrivateKey(
+    const uint8_t* clear_private_key_bytes, size_t clear_private_key_length,
+    uint8_t* wrapped_private_key, size_t* wrapped_private_key_length);
+
 /// @}
 
 /// @addtogroup keybox
@@ -6138,10 +6181,28 @@ OEMCryptoResult OEMCrypto_GetEmbeddedDrmCertificate(uint8_t* public_cert,
  *
  * @ignore
  * @retval OEMCrypto_SUCCESS on success
+ * @retval OEMCrypto_ERROR_INVALID_SESSION
+ * @retval OEMCrypto_ERROR_SESSION_STATE_LOST
+ * @retval OEMCrypto_ERROR_SYSTEM_INVALIDATED
+ * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
  */
 OEMCryptoResult OEMCrypto_UseSecondaryKey(OEMCrypto_SESSION session_id,
                                           bool dual_key);
 
+/**
+ * Marks the given session as being used for existing offline licenses.
+ *
+ * @param[in] session: session id for operation.
+ *
+ * @ignore
+ * @retval OEMCrypto_SUCCESS on success
+ * @retval OEMCrypto_ERROR_INVALID_SESSION
+ * @retval OEMCrypto_ERROR_SESSION_STATE_LOST
+ * @retval OEMCrypto_ERROR_SYSTEM_INVALIDATED
+ * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
+ */
+OEMCryptoResult OEMCrypto_MarkOfflineSession(OEMCrypto_SESSION session);
+
 #ifdef __cplusplus
 }
 #endif