widevine-partner/oemcrypto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a11741f98d0ad42c479be795fb48409d68187625
oemcrypto/oemcrypto/opk/oemcrypto_ta/wtpi/wtpi_device_key_interface.h
Fred Gylys-Colwell a11741f98d Initial OPK Partner Beta v16 Release 
See https://developers.google.com/widevine/drm/client/opk
for documentation and an integration guide.
2021-12-16 00:18:35 +00:00

96 lines
3.6 KiB
C
Raw Blame History

/* Copyright 2021 Google LLC. All Rights Reserved. This file and proprietary
source code may only be used and distributed under the Widevine
License Agreement. */
#ifndef OEMCRYPTO_TA_WTPI_DEVICE_KEY_INTERFACE_H_
#define OEMCRYPTO_TA_WTPI_DEVICE_KEY_INTERFACE_H_
#include "OEMCryptoCENC.h"
#ifdef __cplusplus
extern "C" {
#endif
/** @defgroup dev-key Device Keys
*
* This is the top layer of the porting layer. The OPK directly calls functions
* in this file. Partners have the option to implement these functions directly,
* or use the reference version of the device key interface functions, and
* instead implement the device key access functions.
*
* @{
*/
/* The types of device specific keys that can be generated are as follows. */
/** A device unique key for encrypting/signing the usage table data. This key
* must be unique to this device so that usage tables may not be copied from one
* device to another.
* This should be used as a key derivation context in
* WTPI_K1_DeriveDeviceKeyIntoHandle().
*/
#define DEVICE_KEY_WRAP_USAGE_TABLE 0x22d8fdcf
/** A device unique key for encrypting/signing the private key in the DRM
* certificate. This key must be unique to this device so that a DRM certificate
* not be copied from one device to another.
* This should be used as a key derivation context in
* WTPI_K1_DeriveDeviceKeyIntoHandle().
*/
#define DEVICE_KEY_WRAP_DRM_CERT 0x1db2a411
/** A device unique key for encrypting the internal key used by the
* implementation of the key management layer. This should be used as a key
* derivation context in WTPI_K1_DeriveDeviceKeyIntoHandle().
*/
#define DEVICE_KEY_WRAP_INTERNAL_KEY 0x604e77a1
/** A device unique key for signing the wrapped internal key used by the
* implementation of the key management layer. This should be used as a key
* derivation context in WTPI_K1_DeriveDeviceKeyIntoHandle().
*/
#define DEVICE_KEY_SIGN_INTERNAL_KEY 0x90b4a189
/** A device unique key for encrypting the mac keys in usage entry.
*/
#define DEVICE_KEY_WRAP_MAC_KEY 0x125cc98d
/**
* Gets the size (in bytes) of the buffer needed by WTPI_EncryptAndSign to
* handle a buffer of the given size (in bytes). The return value should
* include |in_size| in the result.
*/
OEMCryptoResult WTPI_GetEncryptAndSignSize(uint32_t context, size_t in_size,
size_t* wrapped_size);
/**
* Encrypts the given buffer and signs it in a way that can be verified later.
* How this is done is implementation-defined. The encryption should be
* device-specific so it can't be used on another device. This should check the
* buffer size and return OEMCrypto_ERROR_SHORT_BUFFER if there isn't enough
* space. The input needs to be padded to a multiple of 16 bytes.
* Caller retains ownership of all pointers.
*/
OEMCryptoResult WTPI_EncryptAndSign(uint32_t context, const uint8_t* data,
size_t data_size, uint8_t* out,
size_t* out_size);
/**
* Verifies the buffer has a valid signature and decrypts it into the given
* buffer. This should return OEMCrypto_ERROR_SIGNATURE_FAILURE if the
* signature fails. This should check the buffer size and return
* OEMCrypto_ERROR_SHORT_BUFFER if there isn't enough space. If the input is
* padded, the padding is included in the output.
* Caller retains ownership of all pointers.
*/
OEMCryptoResult WTPI_VerifyAndDecrypt(uint32_t context, const uint8_t* wrapped,
size_t wrapped_size, uint8_t* out,
size_t* out_size);
/// @}
#ifdef __cplusplus
}
#endif
#endif /* OEMCRYPTO_TA_WTPI_DEVICE_KEY_INTERFACE_H_ */
Reference in New Issue View Git Blame Copy Permalink