widevine-partner/odkitee
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eaa8984c06076c987a962f00c95f404443f8c0e4
odkitee/oemcrypto_ta/tee_interfaces/root_of_trust_interface.h
John W. Bruce eaa8984c06 First Publicly Shared Version of ODKiTEE v15
2020-07-24 12:03:58 -07:00

115 lines
5.7 KiB
C
Raw Blame History

/* Copyright 2019 Google LLC. All Rights Reserved. This file and proprietary
source code may only be used and distributed under the Widevine Master
License Agreement. */
#ifndef OEMCRYPTO_TA_ROOT_OF_TRUST_INTERFACE_H_
#define OEMCRYPTO_TA_ROOT_OF_TRUST_INTERFACE_H_
#include "stddef.h"
#include "stdint.h"
#include "OEMCryptoCENC.h"
/* Sets the length of the OEM public certificate. Returns
OEMCrypto_ERROR_INVALID_CONTEXT if |public_cert| is NULL,
OEMCrypto_ERROR_UNKNOWN_FAILURE if there are any other issues, and
OEMCrypto_SUCCESS otherwise.
Caller retains ownership of |public_cert|. */
OEMCryptoResult GetOEMPublicCertificateLength(uint32_t* public_cert_length);
/* Sets the OEM public certificate. Returns OEMCrypto_ERROR_INVALID_CONTEXT
if |public_cert| is NULL, OEMCrypto_ERROR_UNKNOWN_FAILURE if there are any
other issues, and OEMCrypto_SUCCESS otherwise.
Caller retains ownership of |public_cert|. */
OEMCryptoResult GetOEMPublicCertificate(uint8_t* public_cert);
/* Calls to the crypto engine to sign |message_length| bytes of |message| using
padding scheme RSASSA-PSS with SHA1 and places the result in |signature| and
modifies |signature_length| to the appropriate value.
Returns OEMCrypto_ERROR_SHORT_BUFFER if |signature_length| is too small or if
|signature| is NULL, in which case it sets |signature_length| to the
appropriate length. Returns OEMCrypto_ERROR_INVALID_CONTEXT if
|message_length| is 0 or if any of the pointers except |signature| are NULL,
OEMCrypto_ERROR_INVALID_RSA_KEY if the OEM RSA key is invalid,
OEMCrypto_ERROR_UNKNOWN_FAILURE if there are any other failures, and
OEMCrypto_SUCCESS otherwise. */
OEMCryptoResult SignMessageWithOEMPrivateKey(const uint8_t* message,
uint32_t message_length,
uint8_t* signature,
uint32_t* signature_length);
/* Calls to the crypto engine to decrypt |in_length| bytes of |in| and place it
in |out| using the OEM private key. The padding scheme shall only be
PKCS1-OAEP.
Returns OEMCrypto_ERROR_INVALID_CONTEXT if any of the pointers are NULL or
|in_length| is 0, OEMCrypto_ERROR_SHORT_BUFFER if *|out_length| is too small,
in which case it sets *|out_length| to the appropriate length,
OEMCrypto_ERROR_UNKNOWN_FAILURE if there are any other failures, and
OEMCrypto_SUCCESS otherwise.
Caller retains ownership of all pointers. */
OEMCryptoResult DecryptMessageWithOEMPrivateKey(const uint8_t* in,
uint32_t in_length,
uint8_t* out,
uint32_t* out_length);
/* Validates the OEM private key stored on the device.
Returns OEMCrypto_ERROR_INVALID_RSA_KEY if the key is not a valid RSA key,
OEMCrypto_ERROR_UNKNOWN_FAILURE on any other failures, and OEMCrypto_SUCCESS
otherwise. */
OEMCryptoResult ValidateOEMPrivateKey(void);
/* For devices that use Provisioning 3.0 and want to provide a custom device id
instead of using the OEM cert as the unique identifier.
Returns OEMCrypto_ERROR_SHORT_BUFFER if |device_id_length| is too small,
OEMCrypto_ERROR_INVALID_CONTEXT if |device_id| is NULL,
OEMCrypto_ERROR_NOT_IMPLEMENTED if the OEM cert should be used,
OEMCrypto_ERROR_UNKNOWN_FAILURE on any other failures, and OEMCrypto_SUCCESS
otherwise.
Caller retains ownership of all pointers and |device_id_length| must not be
NULL. */
OEMCryptoResult GetDeviceIDForOEMCert(uint8_t* device_id,
uint32_t* device_id_length);
/* Attempt to validate the current keybox loaded.
Returns OEMCrypto_ERROR_BAD_MAGIC if magic field is not "kbox",
OEMCrypto_ERROR_BAD_CRC if computed CRC is not equivalent to stored CRC,
and OEMCrypto_SUCCESS otherwise. */
OEMCryptoResult ValidateKeybox(void);
/* Get the 72 byte encrypted key data from the current keybox.
Returns OEMCrypto_ERROR_INVALID_CONTEXT if |key_data| is NULL and
OEMCrypto_SUCCESS otherwise.
In order to avoid buffer overflow attacks, we recommend partners to keep this
separate from the device key in the keybox, so that when this accessed, the
device key is not exposed.
|key_data| must be >= 72 bytes. */
OEMCryptoResult GetKeyDataFromKeybox(uint8_t* key_data);
/* Get the 32 byte device id from the current keybox.
Returns OEMCrypto_ERROR_INVALID_CONTEXT if |device_id| is NULL and
OEMCrypto_SUCCESS otherwise.
In order to avoid buffer overflow attacks, we recommend partners to keep this
separate from the device key in the keybox, so that when this accessed, the
device key is not exposed.
|device_id| must be >= 32 bytes. */
OEMCryptoResult GetDeviceIDFromKeybox(uint8_t* device_id);
/* Load a test keybox to be used until the next OEMCrypto_Terminate call.
Returns OEMCrypto_ERROR_INVALID_CONTEXT if |test_keybox| is NULL and
OEMCrypto_SUCCESS otherwise.
|test_keybox| must be >= 128 bytes. */
OEMCryptoResult LoadTestKeybox(const uint8_t* test_keybox);
/* Derives a 16 byte key from the keybox key and |context_length| bytes of
|context| using AES-128-CMAC. Prepends |counter| to context in the
derivation. Modifies |out| to the correct value.
|out| must be >= 16 bytes.
Returns OEMCrypto_ERROR_INVALID_CONTEXT if any of the pointers are NULL or
|context_length| is 0, OEMCrypto_ERROR_UNKNOWN_FAILURE if there are any other
failures, and OEMCrypto_SUCCESS otherwise.
Caller retains ownership of all pointers. */
OEMCryptoResult DeriveKeyFromKeybox(uint8_t counter, const uint8_t* context,
uint32_t context_length, uint8_t* out);
#endif /* OEMCRYPTO_TA_ROOT_OF_TRUST_INTERFACE_H_ */
Reference in New Issue View Git Blame Copy Permalink