Add Provisioning 4 support

Widevine provisioning 4 support is added in this patch.
2025-02-25 13:49:37 -08:00
parent 5f209e6980
commit 41829ca1e5
37 changed files with 2915 additions and 356 deletions
--- a/oemcrypto/include/OEMCryptoCENC.h
+++ b/oemcrypto/include/OEMCryptoCENC.h
@@ -3,7 +3,7 @@
 // License Agreement.

 /**
- * @mainpage OEMCrypto API v18.4
+ * @mainpage OEMCrypto API v18.8
 *
 * OEMCrypto is the low level library implemented by the OEM to provide key and
 * content protection, usually in a separate secure memory or process space. The
@@ -718,6 +718,10 @@ typedef enum OEMCrypto_SignatureHashAlgorithm {
 #define OEMCrypto_GetDeviceSignedCsrPayload   _oecc141
 #define OEMCrypto_FactoryInstallBCCSignature  _oecc142
 #define OEMCrypto_GetEmbeddedDrmCertificate   _oecc143
+#define OEMCrypto_UseSecondaryKey             _oecc144
+#define OEMCrypto_MarkOfflineSession          _oecc153
+#define OEMCrypto_WrapClearPrivateKey         _oecc154
+#define OEMCrypto_SetSessionUsage             _oecc155
 // clang-format on

 /// @addtogroup initcontrol
@@ -1938,6 +1942,33 @@ OEMCryptoResult OEMCrypto_GetOEMKeyToken(OEMCrypto_SESSION key_session,
                                         uint8_t* key_token,
                                         size_t* key_token_length);

+/**
+ * Sets the session's usage information and scrambling mode, allowing the
+ * descrambler to be set up to decode one or more streams encrypted by the
+ * Conditional Access System (CAS). This method is currently used exclusively by
+ * CAS.
+ *
+ * @param[in] session: session id.
+ * @param[in] intent: session usage information. A constant defined by MediaCaS.
+ * @param[in] mode: scrambling mode. A constant defined by MediaCaS.
+ *
+ * @retval OEMCrypto_SUCCESS on success
+ * @retval OEMCrypto_ERROR_INVALID_SESSION
+ * @retval OEMCrypto_ERROR_INVALID_CONTEXT
+ * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
+ *
+ * @threading
+ *   This is a "Session Function" and may be called simultaneously with session
+ *   functions for other sessions but not simultaneously with other functions
+ *   for this session. It is as if the CDM holds a write lock for this session,
+ *   and a read lock on the OEMCrypto system.
+ *
+ * @version
+ *   This method is new in API version 19.
+ */
+OEMCryptoResult OEMCrypto_SetSessionUsage(OEMCrypto_SESSION session,
+                                          uint32_t intent, uint32_t mode);
+
 /// @}

 /// @addtogroup decryption
@@ -2233,10 +2264,20 @@ OEMCryptoResult OEMCrypto_GetKeyHandle(OEMCrypto_SESSION session,
 * usually be non-zero. This mode allows devices to decrypt FMP4 HLS content,
 * SAMPLE-AES HLS content, as well as content using the DASH 'cbcs' scheme.
 *
- * The skip field of OEMCrypto_CENCEncryptPatternDesc may also be zero. If
- * the skip field is zero, then patterns are not in use and all crypto blocks
- * in the encrypted part of the subsample are encrypted. It is not valid for
- * the encrypt field to be zero.
+ * The skip field of OEMCrypto_CENCEncryptPatternDesc may be zero. If the skip
+ * field is zero, then patterns are not in use and all crypto blocks in the
+ * encrypted part of the subsample are encrypted, except for any partial crypto
+ * blocks at the end. The most common pattern with a skip field of zero is
+ * (10,0), but all patterns with a skip field of zero are functionally the same.
+ *
+ * If the skip field of OEMCrypto_CENCEncryptPatternDesc is zero, the encrypt
+ * field may also be zero. This pattern sometimes appears in content,
+ * particularly in audio tracks. This (0,0) pattern should be treated as
+ * equivalent to the pattern (10,0). e.g. All complete crypto blocks should be
+ * decrypted.
+ *
+ * It is not valid for the encrypt field of OEMCrypto_CENCEncryptPatternDesc to
+ * be zero if the skip field is non-zero.
 *
 * The length of a crypto block in AES-128 is 16 bytes. In the 'cbcs' scheme,
 * if the encrypted part of a subsample has a length that is not a multiple
@@ -3139,6 +3180,51 @@ OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(void);
 OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* device_id,
                                      size_t* device_id_length);

+/**
+ * Encrypts a clear device RSA/ECC key with an internal key (such as the OEM
+ * key or Widevine Keybox key) and a generated IV using AES-128-CBC with PKCS#5
+ * padding.
+ *
+ * Copies the wrapped key to the buffer specified by |wrapped_private_key| and
+ * sets the size of the wrapped key to |wrapped_private_key_length|.
+ *
+ * The clear private key is encoded in PKCS#8 binary DER format. The OEMCrypto
+ * library shall verify that this RSA key is valid.
+ *
+ * The clear key should be encrypted using the same device specific key used in
+ * OEMCrypto_LoadProvisioning. The wrapped private key will be unwrapped in the
+ * function OEMCrypto_LoadDRMPrivateKey.
+ *
+ * This function should only be implemented for factory builds.
+ *
+ * @param[in] clear_private_key_bytes: pointer to memory containing the
+ *     unencrypted private key data.
+ * @param[in] clear_private_key_length: the length of the private key data.
+ * @param[out] wrapped_private_key: pointer to buffer in which the encrypted
+ *     private key should be stored. May be null on the first call in order to
+ *     find required buffer size.
+ * @param[in,out] wrapped_private_key_length: (in) length of the encrypted
+ *     private key, in bytes. (out) actual length of the encrypted private key,
+ *     or required length if provided length is too small.
+ *
+ * @retval OEMCrypto_SUCCESS on success
+ * @retval OEMCrypto_ERROR_INVALID_CONTEXT clear_private_key_bytes is NULL, or
+ *         clear private key fails to parse as PKCS#8
+ * @retval OEMCrypto_ERROR_SHORT_BUFFER wrapped_private_key_length is too small,
+ *         or wrapped_private_key is NULL
+ *
+ * @threading
+ *   This is an "Initialization and Termination Function" and will not be
+ *   called simultaneously with any other function, as if the CDM holds a write
+ *   lock on the OEMCrypto system.
+ *
+ * @version
+ *   This method is new in API version 18.6.
+ */
+OEMCryptoResult OEMCrypto_WrapClearPrivateKey(
+    const uint8_t* clear_private_key_bytes, size_t clear_private_key_length,
+    uint8_t* wrapped_private_key, size_t* wrapped_private_key_length);
+
 /// @}

 /// @addtogroup keybox
@@ -5862,6 +5948,36 @@ OEMCryptoResult OEMCrypto_Generic_Verify_V17(
 OEMCryptoResult OEMCrypto_GetEmbeddedDrmCertificate(uint8_t* public_cert,
                                                    size_t* public_cert_length);

+/**
+ * Marks the given session as using a secondary key.
+ *
+ * @param[in] session_id: handle for the session to be used.
+ * @param[in] dual_key: whether this session uses a secondary key.
+ *
+ * @ignore
+ * @retval OEMCrypto_SUCCESS on success
+ * @retval OEMCrypto_ERROR_INVALID_SESSION
+ * @retval OEMCrypto_ERROR_SESSION_STATE_LOST
+ * @retval OEMCrypto_ERROR_SYSTEM_INVALIDATED
+ * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
+ */
+OEMCryptoResult OEMCrypto_UseSecondaryKey(OEMCrypto_SESSION session_id,
+                                          bool dual_key);
+
+/**
+ * Marks the given session as being used for existing offline licenses.
+ *
+ * @param[in] session: session id for operation.
+ *
+ * @ignore
+ * @retval OEMCrypto_SUCCESS on success
+ * @retval OEMCrypto_ERROR_INVALID_SESSION
+ * @retval OEMCrypto_ERROR_SESSION_STATE_LOST
+ * @retval OEMCrypto_ERROR_SYSTEM_INVALIDATED
+ * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
+ */
+OEMCryptoResult OEMCrypto_MarkOfflineSession(OEMCrypto_SESSION session);
+
 #ifdef __cplusplus
 }
 #endif
--- a/oemcrypto/include/level3.h
+++ b/oemcrypto/include/level3.h
@@ -117,7 +117,11 @@
 #define Level3_GetSignatureHashAlgorithm   _lcc139
 #define Level3_EnterTestMode               _lcc140
 #define Level3_GetDeviceSignedCsrPayload   _lcc141
+#define Level3_UseSecondaryKey             _lcc142
 #define Level3_GetEmbeddedDrmCertificate   _lcc143
+#define Level3_MarkOfflineSession          _lcc144
+// Added in OEMCrypto v19.3, but back ported to v18
+#define Level3_SetSessionUsage             _lcc155
 #else
 #define Level3_Initialize                  _oecc01
 #define Level3_Terminate                   _oecc02
@@ -220,6 +224,10 @@
 #define Level3_GetDeviceSignedCsrPayload   _oecc141
 // Internal-only.
 #define Level3_GetEmbeddedDrmCertificate   _oecc143
+#define Level3_UseSecondaryKey             _oecc144
+#define Level3_MarkOfflineSession          _oecc145
+// Added in OEMCrypto v19.3, but back ported to v18
+#define Level3_SetSessionUsage             _oecc155
 #endif

 #define Level3_GetInitializationState     _oecl3o01
@@ -444,6 +452,8 @@ OEMCrypto_WatermarkingSupport Level3_GetWatermarkingSupport();
 OEMCryptoResult Level3_GetOEMKeyToken(OEMCrypto_SESSION key_session,
                                      uint8_t* key_token,
                                      size_t* key_token_length);
+OEMCryptoResult Level3_SetSessionUsage(OEMCrypto_SESSION session,
+                                       uint32_t intent, uint32_t mode);
 OEMCryptoResult Level3_GetDeviceInformation(uint8_t* device_info,
                                            size_t* device_info_length);
 OEMCryptoResult Level3_GetDeviceSignedCsrPayload(
@@ -493,7 +503,10 @@ OEMCryptoResult Level3_GetSignatureHashAlgorithm(
    OEMCrypto_SESSION session, OEMCrypto_SignatureHashAlgorithm* algorithm);
 OEMCryptoResult Level3_EnterTestMode(void);
 OEMCryptoResult Level3_GetEmbeddedDrmCertificate(uint8_t* public_cert,
-                                                    size_t* public_cert_length);
+                                                 size_t* public_cert_length);
+OEMCryptoResult Level3_UseSecondaryKey(OEMCrypto_SESSION session_id,
+                                       bool dual_key);
+OEMCryptoResult Level3_MarkOfflineSession(OEMCrypto_SESSION session_id);

 // The following are specific to Google's Level 3 implementation and are not
 // required.