widevine-partner/odkitee
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
v15
odkitee/oemcrypto_ta/oemcrypto_key.h
John W. Bruce eaa8984c06 First Publicly Shared Version of ODKiTEE v15
2020-07-24 12:03:58 -07:00

95 lines
4.1 KiB
C
Raw Permalink Blame History

/* Copyright 2019 Google LLC. All Rights Reserved. This file and proprietary
source code may only be used and distributed under the Widevine Master
License Agreement. */
#ifndef OEMCRYPTO_TA_OEMCRYPTO_KEY_H_
#define OEMCRYPTO_TA_OEMCRYPTO_KEY_H_
#include "crypto_interface.h"
#include "oemcrypto_key_types.h"
typedef struct KeyControlBlock {
bool valid;
char verification[4];
uint32_t duration;
uint32_t nonce;
uint32_t control_bits;
} KeyControlBlock;
typedef struct CryptoKey {
/* Index into the global key table. */
uint32_t key_table_index;
uint64_t cookie;
CryptoKeyType key_type;
CryptoKeyOperation key_operation;
/* key_handle is owned by the TEE. */
TEE_Key_Handle key_handle;
CryptoKeySize key_size;
uint32_t allowed_schemes; /* For DRM RSA keys only */
/* For entitlement or content keys only. */
uint8_t key_id[KEY_ID_MAX_SIZE];
uint8_t key_id_size;
KeyControlBlock key_control_block;
/* Index into either the content or entitlement key table in the session. */
uint32_t session_key_index;
/* For entitlement keys only. */
uint32_t entitled_content_key_index; /* Index of entitled content key that
this entitles. */
bool has_entitled_content_key;
/* For content keys only. */
uint32_t entitlement_key_index; /* Index of entitlement key that entitles this
key. */
bool is_entitled_content_key;
OEMCryptoCipherMode cipher_mode;
} CryptoKey;
/* Initializes the data fields in the |key| and sets |key|'s key_handle to
the key handle formed from |serialized_bytes| and |size|.
Returns the result of CreateKeyHandle if it fails and OEMCrypto_SUCCESS
otherwise.
|serialized_bytes_length| must be > 0 and |key_type| must be valid.
Caller retains ownership of all pointers and they must not be NULL. */
OEMCryptoResult InitializeCryptoKey(CryptoKey* key,
const uint8_t* serialized_bytes,
uint32_t serialized_bytes_length,
CryptoKeyType key_type,
CryptoKeyOperation key_operation,
CryptoKeySize key_size);
/* Initializes the data fields in the |key| and sets |key|'s key_handle to
the key handle formed from |wrapped_key| and |size|.
The data in |wrapped_key| was previously computed in WrapCryptoKey.
Returns the result of CreateKeyHandle if it fails and OEMCrypto_SUCCESS
otherwise.
|serialized_bytes_length| must be > 0 and |key_type| must be valid.
Caller retains ownership of all pointers and they must not be NULL. */
OEMCryptoResult InitializeCryptoKeyFromWrappedKey(
CryptoKey* key, const uint8_t* wrapped_key, uint32_t wrapped_key_length,
CryptoKeyType key_type, CryptoKeyOperation key_operation,
CryptoKeySize key_size);
/* Wraps the key data into a buffer that can be saved to the file system. The
wrapping must be device unique. Caller retains ownership of |key| and
|buffer| and they must not be NULL. Caller ensures that buffer_length is at
least as big as the wrapped key size specified in
oemcrypto_config_macros.h. */
OEMCryptoResult WrapCryptoKey(CryptoKey* key, uint8_t* buffer,
size_t buffer_length);
/* Frees the key handle associated with this key if it exists and then clears
the key. Returns the result of freeing the key handle.
Caller retains ownership of |key| and it must not be NULL. */
OEMCryptoResult FreeCryptoKey(CryptoKey* key);
/* Checks to make sure that |key| isn't NULL, its cookie is valid, its key_type
matches |key_type|, and its key operation matches |key_operation|. */
bool CheckKey(CryptoKey* key, CryptoKeyType key_type,
CryptoKeyOperation key_operation);
/* Parses the given |kcb| into a KeyControlBlock. If the verification fails, the
key control block is marked invalid. Returns the parsed KeyControlBlock.
Caller retains ownership of all pointers and they must not be NULL. */
KeyControlBlock ParseKeyControlBlock(const uint8_t* kcb);
#endif /* OEMCRYPTO_TA_OEMCRYPTO_KEY_H_ */
Reference in New Issue View Git Blame Copy Permalink