Initial OPK Partner Beta v16 Release

See https://developers.google.com/widevine/drm/client/opk
for documentation and an integration guide.

oemcrypto/opk/oemcrypto_ta/wtpi/wtpi_device_key_interface.h

@@ -0,0 +1,95 @@
+/* Copyright 2021 Google LLC. All Rights Reserved. This file and proprietary
+   source code may only be used and distributed under the Widevine
+   License Agreement. */
+
+#ifndef OEMCRYPTO_TA_WTPI_DEVICE_KEY_INTERFACE_H_
+#define OEMCRYPTO_TA_WTPI_DEVICE_KEY_INTERFACE_H_
+
+#include "OEMCryptoCENC.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** @defgroup dev-key Device Keys
+ *
+ * This is the top layer of the porting layer. The OPK directly calls functions
+ * in this file. Partners have the option to implement these functions directly,
+ * or use the reference version of the device key interface functions, and
+ * instead implement the device key access functions.
+ *
+ * @{
+ */
+
+/* The types of device specific keys that can be generated are as follows. */
+
+/** A device unique key for encrypting/signing the usage table data. This key
+ * must be unique to this device so that usage tables may not be copied from one
+ * device to another.
+ * This should be used as a key derivation context in
+ * WTPI_K1_DeriveDeviceKeyIntoHandle().
+ */
+#define DEVICE_KEY_WRAP_USAGE_TABLE 0x22d8fdcf
+
+/** A device unique key for encrypting/signing the private key in the DRM
+ * certificate. This key must be unique to this device so that a DRM certificate
+ * not be copied from one device to another.
+ * This should be used as a key derivation context in
+ * WTPI_K1_DeriveDeviceKeyIntoHandle().
+ */
+#define DEVICE_KEY_WRAP_DRM_CERT 0x1db2a411
+
+/** A device unique key for encrypting the internal key used by the
+ * implementation of the key management layer. This should be used as a key
+ * derivation context in WTPI_K1_DeriveDeviceKeyIntoHandle().
+ */
+#define DEVICE_KEY_WRAP_INTERNAL_KEY 0x604e77a1
+
+/** A device unique key for signing the wrapped internal key used by the
+ * implementation of the key management layer. This should be used as a key
+ * derivation context in WTPI_K1_DeriveDeviceKeyIntoHandle().
+ */
+#define DEVICE_KEY_SIGN_INTERNAL_KEY 0x90b4a189
+
+/** A device unique key for encrypting the mac keys in usage entry.
+ */
+#define DEVICE_KEY_WRAP_MAC_KEY 0x125cc98d
+
+/**
+ * Gets the size (in bytes) of the buffer needed by WTPI_EncryptAndSign to
+ * handle a buffer of the given size (in bytes).  The return value should
+ * include |in_size| in the result.
+ */
+OEMCryptoResult WTPI_GetEncryptAndSignSize(uint32_t context, size_t in_size,
+                                           size_t* wrapped_size);
+
+/**
+ * Encrypts the given buffer and signs it in a way that can be verified later.
+ * How this is done is implementation-defined.  The encryption should be
+ * device-specific so it can't be used on another device.  This should check the
+ * buffer size and return OEMCrypto_ERROR_SHORT_BUFFER if there isn't enough
+ * space.  The input needs to be padded to a multiple of 16 bytes.
+ * Caller retains ownership of all pointers.
+ */
+OEMCryptoResult WTPI_EncryptAndSign(uint32_t context, const uint8_t* data,
+                                    size_t data_size, uint8_t* out,
+                                    size_t* out_size);
+
+/**
+ * Verifies the buffer has a valid signature and decrypts it into the given
+ * buffer.  This should return OEMCrypto_ERROR_SIGNATURE_FAILURE  if the
+ * signature fails.  This should check the buffer size and return
+ * OEMCrypto_ERROR_SHORT_BUFFER if there isn't enough space.  If the input is
+ * padded, the padding is included in the output.
+ * Caller retains ownership of all pointers.
+ */
+OEMCryptoResult WTPI_VerifyAndDecrypt(uint32_t context, const uint8_t* wrapped,
+                                      size_t wrapped_size, uint8_t* out,
+                                      size_t* out_size);
+
+/// @}
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* OEMCRYPTO_TA_WTPI_DEVICE_KEY_INTERFACE_H_ */