widevine-partner/oemcrypto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
98f0721662a32c59d0ccadede644db1352f523ff
oemcrypto/oemcrypto/opk/serialization/os_interfaces/tos_secure_buffer_interface.h
Fred Gylys-Colwell 0a16cb2594 Version 17 plus test updates and OPK v17 
This is the first public release of OPK v17.
See the file CHANGELOG.md for details.
2022-04-13 19:36:27 -07:00

109 lines
4.3 KiB
C
Raw Blame History

/*
* Copyright 2021 Google LLC. All Rights Reserved. This file and proprietary
* source code may only be used and distributed under the Widevine
* License Agreement.
*/
#ifndef TOS_SECURE_BUFFER_INTERFACE_H_
#define TOS_SECURE_BUFFER_INTERFACE_H_
#ifdef __cplusplus
extern "C" {
#endif
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include "OEMCryptoCENC.h"
#include "odk_message.h"
/** @defgroup tos-secure-buffer TOS Secure Buffer Interface
*
* Functions used to pass a secure buffer handle from the REE to the TEE.
*
* The secure buffer interface is responsible for serializing secure output
* buffer descriptors in messages sent from the REE to the TEE during decrypt
* and copy operations.
*
* These interface functions need to be defined in both the REE and TEE
* libraries because the functions are called from code that is common to
* both. However TOS_SecureBuffer_Pack() will never be called in the TEE
* library, and TOS_SecureBuffer_Unpack() will never be called in the REE
* library.
*
* A secure buffer is a region of memory that is accessible by the TEE but not
* by the REE. It is used to pass decrypted content to the secure decoder.
* Secure buffers are integral to an L1 OEMCrypto implementation and must be
* supported with SoC hardware features to implement a protected video path. The
* data structure, or descriptor, used to reference a secure buffer is
* device-specific. The TOS\_SecureBuffer interface provides a way for the OPK
* to serialize and deserialize secure buffer descriptors in messages in a way
* that is device-independent. Widevine provides a secure buffer implementation
* for the Trusty OS.
*
* @{
*/
/**
* TOS_SecureBuffer_Pack is called during request message serialization in the
* REE. It receives the |secure| variant of the OEMCrypto_DestBufferDesc union,
* performs platform-specific operations using the data in the fields, then
* serializes fields into the message which the TEE will use to establish access
* to the secure output buffer memory region for decrypt or copy operations. On
* entry, the fields of descriptor->buffer.secure are set to the values supplied
* by the caller to OEMCrypto.
*
* If there is a fatal error in this function, set the message status to
* MESSAGE_STATUS_SECURE_BUFFER_ERROR using ODK_MESSAGE_SETSTATUS(). This will
* terminate message processing and prevent the message from being delivered
* to the TEE.
*
* @param[in,out] message: message to which the descriptor should be packed.
* @param[in] descriptor: descriptor of the secure buffer in the REE.
*/
void TOS_SecureBuffer_Pack(ODK_Message* message,
const OEMCrypto_DestBufferDesc* descriptor);
/**
* TOS_SecureBuffer_Unpack is called during request message deserialization in
* the TEE. It unpacks the fields from the message that were packed by the REE
* in TOS_SecureBuffer_Pack, performs platform-specific operations using the
* data in the fields, then initializes the |secure| variant of the
* OEMCrypto_DestBufferDesc union.
*
* If there is a fatal error in this function, set the message status to
* MESSAGE_STATUS_SECURE_BUFFER_ERROR using ODK_MESSAGE_SETSTATUS(). This will
* terminate message processing and prevent the oemcrypto function from being
* called in the TEE.
*
* @param[in] message: message from which the descriptor should be unpacked.
* @param[out] descriptor: descriptor of the secure buffer in the TEE.
*/
void TOS_SecureBuffer_Unpack(ODK_Message* message,
OEMCrypto_DestBufferDesc* descriptor);
/**
* TOS_SecureBuffer_CheckSize is called during request message deserialization
* in the TEE. Its job is to check that the secure buffer pointed to by
* |handle|, which was unpacked by a previous call to TOS_SecureBuffer_Unpack(),
* is at least as big as the given size. It should return true if the buffer
* pointed to by |handle| is at least |size| bytes in size and should return
* false otherwise.
*
* @param[in] handle: handle to secure buffer.
* @param[in] size: size to be verified.
*
* @return true if the buffer pointed to by |handle| is at least |size| bytes
* in size and should return false otherwise.
*/
bool TOS_SecureBuffer_CheckSize(void* handle, size_t size);
/// @}
#ifdef __cplusplus
} // extern "C"
#endif
#endif // TOS_SECURE_BUFFER_INTERFACE_H_
Reference in New Issue View Git Blame Copy Permalink