widevine-partner/oemcrypto_core_message
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update to ODK v18.3

Browse Source
This commit is contained in:
Jacob Trimble
2023-07-20 18:11:31 +00:00
parent 2bfd670424
commit 74178f968f
39 changed files with 14570 additions and 600 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
oemcrypto/odk/include/OEMCryptoCENCCommon.h
View File

@@ -106,6 +106,8 @@ typedef enum OEMCryptoResult {
OPK_ERROR_REMOTE_CALL = OPK_ERROR_BASE,
OPK_ERROR_INCOMPATIBLE_VERSION = OPK_ERROR_BASE + 1,
OPK_ERROR_NO_PERSISTENT_DATA = OPK_ERROR_BASE + 2,
OPK_ERROR_PREHOOK_FAILURE = OPK_ERROR_BASE + 3,
OPK_ERROR_POSTHOOK_FAILURE = OPK_ERROR_BASE + 4,
} OEMCryptoResult;
/* clang-format on */
@@ -139,11 +141,23 @@ typedef enum OEMCrypto_LicenseType {
typedef enum OEMCrypto_PrivateKeyType {
OEMCrypto_RSA_Private_Key = 0,
OEMCrypto_ECC_Private_Key = 1,
OEMCrypto_PrivateKeyType_MaxValue = OEMCrypto_ECC_Private_Key,
} OEMCrypto_PrivateKeyType;
/**
* Used to indicate a substring of a signed message in OEMCrypto_LoadKeys and
* other functions which must verify that a parameter is contained within a
* The base for (delayed) timers, i.e. from what time the (delayed) timer
* starts.
*/
typedef enum OEMCrypto_TimerDelayBase {
OEMCrypto_License_Start = 0,
OEMCrypto_License_Load = 1,
OEMCrypto_First_Decrypt = 2,
OEMCrypto_TimerDelayBase_MaxValue = OEMCrypto_First_Decrypt,
} OEMCrypto_TimerDelayBase;
/**
* Used to indicate a substring of a signed message in ODK_ParseLicense
* and other functions which must verify that a parameter is contained within a
* signed message.
*/
typedef struct {
@@ -209,7 +223,7 @@ typedef struct {
/**
* Points to the relevant fields for a content key. The fields are extracted
* from the License Response message offered to OEMCrypto_LoadKeys(). Each
* from the License Response message offered to ODK_ParseLicense(). Each
* field points to one of the components of the key. Key data, key control,
* and both IV fields are 128 bits (16 bytes):
* @param key_id: the unique id of this key.
@@ -226,7 +240,7 @@ typedef struct {
* the content key from the key_data field.
*
* The memory for the OEMCrypto_KeyObject fields is allocated and freed
* by the caller of OEMCrypto_LoadKeys().
* by the caller of ODK_ParseLicense().
*/
typedef struct {
OEMCrypto_Substring key_id;

12
oemcrypto/odk/include/core_message_deserialize.h
View File

@@ -55,6 +55,18 @@ bool CoreProvisioningRequestFromMessage(
const std::string& oemcrypto_core_message,
ODK_ProvisioningRequest* core_provisioning_request);
/**
* Counterpart (deserializer) of ODK_PrepareCoreProvisioning40Request
* (serializer)
*
* Parameters:
* [in] oemcrypto_core_message
* [out] core_provisioning_request
*/
bool CoreProvisioning40RequestFromMessage(
const std::string& oemcrypto_core_message,
ODK_Provisioning40Request* core_provisioning_request);
/**
* Counterpart (deserializer) of ODK_PrepareCoreRenewedProvisioningRequest
* (serializer)

8
oemcrypto/odk/include/core_message_features.h
View File

@@ -8,6 +8,7 @@
#include <stdint.h>
#include <iostream>
#include <ostream>
#include <string>
namespace oemcrypto_core_message {
@@ -25,10 +26,9 @@ struct CoreMessageFeatures {
// This is the published version of the ODK Core Message library. The default
// behavior is for the server to restrict messages to at most this version
// number. The default is 16.5, the last version used by Chrome. This will
// change to 17.0 when v17 has been released.
uint32_t maximum_major_version = 17;
uint32_t maximum_minor_version = 0;
// number. The default is 18.3.
uint32_t maximum_major_version = 18;
uint32_t maximum_minor_version = 3;
bool operator==(const CoreMessageFeatures &other) const;
bool operator!=(const CoreMessageFeatures &other) const {

17
oemcrypto/odk/include/core_message_serialize.h
View File

@@ -39,7 +39,7 @@ using oemcrypto_core_message::features::CoreMessageFeatures;
* [out] oemcrypto_core_message
*/
bool CreateCoreLicenseResponse(const CoreMessageFeatures& features,
const ODK_ParsedLicense& parsed_lic,
const ODK_Packing_ParsedLicense& parsed_lic,
const ODK_LicenseRequest& core_request,
const std::string& core_request_sha256,
std::string* oemcrypto_core_message);
@@ -72,6 +72,21 @@ bool CreateCoreProvisioningResponse(const CoreMessageFeatures& features,
const ODK_ParsedProvisioning& parsed_prov,
const ODK_ProvisioningRequest& core_request,
std::string* oemcrypto_core_message);
/**
* Counterpart (serializer) of ODK_ParseProvisioning40 (deserializer)
* struct-input variant
*
* Parameters:
* [in] features feature support for response message.
* [in] core_request
* [out] oemcrypto_core_message
*/
bool CreateCoreProvisioning40Response(
const CoreMessageFeatures& features,
const ODK_Provisioning40Request& core_request,
std::string* oemcrypto_core_message);
} // namespace serialize
} // namespace oemcrypto_core_message

6
oemcrypto/odk/include/core_message_serialize_proto.h
View File

@@ -17,6 +17,7 @@
#include <cstdint>
#include <string>
#include "OEMCryptoCENCCommon.h"
#include "core_message_features.h"
#include "core_message_types.h"
#include "license_protocol.pb.h"
@@ -42,8 +43,8 @@ bool CreateCoreLicenseResponseFromProto(
const oemcrypto_core_message::features::CoreMessageFeatures& features,
const std::string& serialized_license,
const ODK_LicenseRequest& core_request,
const std::string& core_request_sha256, const bool nonce_required,
const bool uses_padding, std::string* oemcrypto_core_message);
const std::string& core_request_sha256, bool nonce_required,
bool uses_padding, std::string* oemcrypto_core_message);
/**
* Counterpart (serializer) of ODK_ParseProvisioning (deserializer)
@@ -59,6 +60,7 @@ bool CreateCoreProvisioningResponseFromProto(
const oemcrypto_core_message::features::CoreMessageFeatures& features,
const std::string& serialized_provisioning_response,
const ODK_ProvisioningRequest& core_request,
OEMCrypto_PrivateKeyType device_key_type,
std::string* oemcrypto_core_message);
} // namespace serialize

66
oemcrypto/odk/include/core_message_types.h
View File

@@ -30,23 +30,25 @@
* KDO provides a corresponding writer.
*
* Table: ODK vs KDO (s: serialize; d: deserialize)
* +----------------------------------------+---------------------------------------+
* | ODK | KDO |
* +---+------------------------------------+---+-----------------------------------+
* | s | ODK_PrepareCoreLicenseRequest | d | CoreLicenseRequestFromMessage |
* | +------------------------------------+ +-----------------------------------+
* | | ODK_PrepareCoreRenewalRequest | | CoreRenewalRequestFromMessage |
* | +------------------------------------+ +-----------------------------------+
* | | ODK_PrepareCoreProvisioningRequest | | CoreProvisioningRequestFromMessage|
* | +------------------------------------+ +-----------------------------------+
* | | ODK_PrepareCommonRequest | | CoreCommonRequestFromMessage |
* +---+------------------------------------+---+-----------------------------------+
* | d | ODK_ParseLicense | s | CreateCoreLicenseResponse |
* | +------------------------------------+ +-----------------------------------+
* | | ODK_ParseRenewal | | CreateCoreRenewalResponse |
* | +------------------------------------+ +-----------------------------------+
* | | ODK_ParseProvisioning | | CreateCoreProvisioningResponse |
* +---+------------------------------------+---+-----------------------------------+
* +------------------------------------------+------------------------------------------+
* | ODK | KDO |
* +---+--------------------------------------+---+--------------------------------------+
* | s | ODK_PrepareCoreLicenseRequest | d | CoreLicenseRequestFromMessage |
* | +--------------------------------------+ +--------------------------------------+
* | | ODK_PrepareCoreRenewalRequest | | CoreRenewalRequestFromMessage |
* | +--------------------------------------+ +--------------------------------------+
* | | ODK_PrepareCoreProvisioningRequest | | CoreProvisioningRequestFromMessage |
* | | ODK_PrepareCoreProvisioning40Request | | CoreProvisioning40RequestFromMessage |
* | +--------------------------------------+ +--------------------------------------+
* | | ODK_PrepareCommonRequest | | CoreCommonRequestFromMessage |
* +---+--------------------------------------+---+--------------------------------------+
* | d | ODK_ParseLicense | s | CreateCoreLicenseResponse |
* | +--------------------------------------+ +--------------------------------------+
* | | ODK_ParseRenewal | | CreateCoreRenewalResponse |
* | +--------------------------------------+ +--------------------------------------+
* | | ODK_ParseProvisioning | | CreateCoreProvisioningResponse |
* | | ODK_ParseProvisioning40 | | CreateCoreProvisioning40Response |
* +---+--------------------------------------+---+--------------------------------------+
*
*********************************************************************/
// clang-format on
@@ -66,12 +68,27 @@ namespace oemcrypto_core_message {
* Input structure for CreateCommonResponse
*/
struct ODK_CommonRequest {
uint32_t message_type;
uint32_t message_length;
uint16_t api_minor_version;
uint16_t api_major_version;
uint32_t nonce;
uint32_t session_id;
};
struct ODK_MessageCounter {
uint64_t master_generation_number;
uint32_t provisioning_count;
uint32_t license_count;
uint32_t decrypt_count;
uint16_t major_version;
uint16_t minor_version;
uint16_t patch_version;
uint8_t soc_vendor[16];
uint8_t chipset_model[16];
uint8_t extra[12];
};
/**
* Output structure for CoreLicenseRequestFromMessage
* Input structure for CreateCoreLicenseResponse
@@ -81,6 +98,7 @@ struct ODK_LicenseRequest {
uint16_t api_major_version;
uint32_t nonce;
uint32_t session_id;
ODK_MessageCounter counter_info;
};
/**
@@ -108,6 +126,20 @@ struct ODK_ProvisioningRequest {
std::string device_id;
uint16_t renewal_type;
std::string renewal_data;
ODK_MessageCounter counter_info;
};
/**
* Output structure for CoreProvisioningRequest40FromMessage
* Input structure for CreateCoreProvisioning40Response
*/
struct ODK_Provisioning40Request {
uint16_t api_minor_version;
uint16_t api_major_version;
uint32_t nonce;
uint32_t session_id;
std::string device_info;
ODK_MessageCounter counter_info;
};
} // namespace oemcrypto_core_message

119
oemcrypto/odk/include/odk.h
View File

@@ -259,6 +259,8 @@ OEMCryptoResult ODK_DeactivateUsageEntry(ODK_ClockValues* clock_values);
* of the message. (in) size of buffer reserved for the core message, in
* bytes. (out) actual length of the core message, in bytes.
* @param[in] nonce_values: pointer to the session's nonce data.
* @param[in] message_count_info: information used for server-side anomaly
* detection
*
* @retval OEMCrypto_SUCCESS
* @retval OEMCrypto_ERROR_SHORT_BUFFER: core_message_size is too small
@@ -269,7 +271,8 @@ OEMCryptoResult ODK_DeactivateUsageEntry(ODK_ClockValues* clock_values);
*/
OEMCryptoResult ODK_PrepareCoreLicenseRequest(
uint8_t* message, size_t message_length, size_t* core_message_size,
const ODK_NonceValues* nonce_values);
const ODK_NonceValues* nonce_values,
const ODK_MessageCounterInfo* counter_info);
/**
* Modifies the message to include a core renewal request at the beginning of
@@ -337,11 +340,8 @@ OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message,
* of the message. (in) size of buffer reserved for the core message, in
* bytes. (out) actual length of the core message, in bytes.
* @param[in] nonce_values: pointer to the session's nonce data.
* @param[in] device_id: For devices with a keybox, this is the device ID from
* the keybox. For devices with an OEM Certificate, this is a device
* unique id string.
* @param[in] device_id_length: length of device_id. The device ID can be at
* most 64 bytes.
* @param[in] message_count_info: information used for server-side anomaly
* detection
*
* @retval OEMCrypto_SUCCESS
* @retval OEMCrypto_ERROR_SHORT_BUFFER: core_message_size is too small
@@ -352,8 +352,44 @@ OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message,
*/
OEMCryptoResult ODK_PrepareCoreProvisioningRequest(
uint8_t* message, size_t message_length, size_t* core_message_length,
const ODK_NonceValues* nonce_values, const uint8_t* device_id,
size_t device_id_length);
const ODK_NonceValues* nonce_values,
const ODK_MessageCounterInfo* counter_info);
/**
* Modifies the message to include a core provisioning 4.0 request at the
* beginning of the message buffer. The values in nonce_values are used to
* populate the message.
*
* This shall be called by OEMCrypto from
* OEMCrypto_PrepAndSignProvisioningRequest.
*
* NOTE: if the message pointer is null and/or input core_message_length is
* zero, this function returns OEMCrypto_ERROR_SHORT_BUFFER and sets output
* core_message_size to the size needed.
*
* @param[in,out] message: Pointer to memory for the entire message. Modified by
* the ODK library.
* @param[in] message_length: length of the entire message buffer.
* @param[in,out] core_message_size: length of the core message at the beginning
* of the message. (in) size of buffer reserved for the core message, in
* bytes. (out) actual length of the core message, in bytes.
* @param[in] nonce_values: pointer to the session's nonce data.
* @param[in] device_info: Encoded device hardware info in CBOR format.
* @param[in] device_info_length: length of device_info.
* @param[in] message_count_info: information used for server-side anomaly
* detection
*
* @retval OEMCrypto_SUCCESS
* @retval OEMCrypto_ERROR_SHORT_BUFFER: core_message_size is too small
* @retval OEMCrypto_ERROR_INVALID_CONTEXT
*
* @version
* This method is new in version 18 of the API.
*/
OEMCryptoResult ODK_PrepareCoreProvisioning40Request(
uint8_t* message, size_t message_length, size_t* core_message_length,
const ODK_NonceValues* nonce_values, const uint8_t* device_info,
size_t device_info_length, const ODK_MessageCounterInfo* counter_info);
/**
* Modifies the message to include a core renewal provisioning request at the
@@ -515,6 +551,7 @@ OEMCryptoResult ODK_RefreshV15Values(const ODK_TimerLimits* timer_limits,
* and false when called for OEMCrypto_ReloadLicense.
* @param[in] usage_entry_present: true if the session has a new usage entry
* associated with it created via OEMCrypto_CreateNewUsageEntry.
* @param[in] system_time_seconds: The current system's time in seconds.
* @param[in,out] timer_limits: The session's timer limits. These will be
* updated.
* @param[in,out] clock_values: The session's clock values. These will be
@@ -522,13 +559,19 @@ OEMCryptoResult ODK_RefreshV15Values(const ODK_TimerLimits* timer_limits,
* @param[in,out] nonce_values: The session's nonce values. These will be
* updated.
* @param[out] parsed_license: the destination for the data.
* @param[out] timer_value: set if playback timer should be started.
*
* @retval OEMCrypto_SUCCESS
* @retval ODK_ERROR_CORE_MESSAGE: if the message did not parse correctly, or
* there were other incorrect values. An error should be returned to the
* CDM layer.
* @retval ODK_UNSUPPORTED_API
* @retval OEMCrypto_ERROR_INVALID_NONCE
* @retval ODK_SET_TIMER: if the playback timer has been started successfully
* @retval ODK_DISABLE_TIMER: if the playtime timer has been started
* successfully then is disabled.
* @retval ODK_TIMER_EXPIRED: if the license is attempted to be loaded after the
* rental duration expires.
* @retval OEMCrypto_ERROR_INVALåID_NONCE
*
* @version
* This method is new in version 16 of the API.
@@ -536,8 +579,9 @@ OEMCryptoResult ODK_RefreshV15Values(const ODK_TimerLimits* timer_limits,
OEMCryptoResult ODK_ParseLicense(
const uint8_t* message, size_t message_length, size_t core_message_length,
bool initial_license_load, bool usage_entry_present,
ODK_TimerLimits* timer_limits, ODK_ClockValues* clock_values,
ODK_NonceValues* nonce_values, ODK_ParsedLicense* parsed_license);
uint64_t system_time_seconds, ODK_TimerLimits* timer_limits,
ODK_ClockValues* clock_values, ODK_NonceValues* nonce_values,
ODK_ParsedLicense* parsed_license, uint64_t* timer_value);
/**
* The function ODK_ParseRenewal will parse the message and verify its
@@ -564,7 +608,8 @@ OEMCryptoResult ODK_ParseLicense(
* @param[in] message_length: length of the entire message buffer.
* @param[in] core_message_size: length of the core message, at the beginning of
* the message buffer.
* @param[in] nonce_values: pointer to the session's nonce data.
* @param[in,out] nonce_values: pointer to the session's nonce data. These might
* be updated if the server returns a lower API version.
* @param[in] system_time_seconds: the current time on OEMCrypto's clock, in
* seconds.
* @param[in] timer_limits: timer limits specified in the license.
@@ -591,7 +636,7 @@ OEMCryptoResult ODK_ParseLicense(
*/
OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
size_t core_message_length,
const ODK_NonceValues* nonce_values,
ODK_NonceValues* nonce_values,
uint64_t system_time_seconds,
const ODK_TimerLimits* timer_limits,
ODK_ClockValues* clock_values,
@@ -604,8 +649,8 @@ OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
* If the message does not parse correctly, ODK_ParseProvisioning will return
* an error that OEMCrypto should return to the CDM layer above.
*
* If the API in the message is larger than 16, then ODK_UNSUPPORTED_API is
* returned.
* If the API in the message is larger than ODK_MAJOR_VERSION, then
* ODK_UNSUPPORTED_API is returned.
*
* ODK_ParseProvisioning shall verify that nonce_values->nonce and
* nonce_values->session_id are the same as those in the message. Otherwise
@@ -620,11 +665,13 @@ OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
* @param[in] message_length: length of the entire message buffer.
* @param[in] core_message_size: length of the core message, at the beginning of
* the message buffer.
* @param[in] nonce_values: pointer to the session's nonce data.
* @param[in/out] nonce_values: pointer to the session's nonce data. These might
* be updated if the server returns a lower API version.
* @param[in] device_id: a pointer to a buffer containing the device ID of the
* device. The ODK function will verify it matches that in the message.
* @param[in] device_id_length: the length of the device ID.
* @param[out] parsed_response: destination for the parse data.
* @param[out] counter_info: destination for counter portion of parse data.
* @param[out] parsed_response: destination for response portion of parse data.
*
* @retval OEMCrypto_SUCCESS
* @retval ODK_ERROR_CORE_MESSAGE: the message did not parse correctly, or there
@@ -638,9 +685,45 @@ OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
*/
OEMCryptoResult ODK_ParseProvisioning(
const uint8_t* message, size_t message_length, size_t core_message_length,
const ODK_NonceValues* nonce_values, const uint8_t* device_id,
ODK_NonceValues* nonce_values, const uint8_t* device_id,
size_t device_id_length, ODK_ParsedProvisioning* parsed_response);
/**
* The function ODK_ParseProvisioning40 will parse the message and verify the
* nonce values match those in the request.
*
* If the message does not parse correctly, ODK_ParseProvisioning40 will return
* an error that OEMCrypto should return to the CDM layer above.
*
* If the API in the message is larger than ODK_MAJOR_VERSION, then
* ODK_UNSUPPORTED_API is returned.
*
* ODK_ParseProvisioning40 shall verify that nonce_values->nonce and
* nonce_values->session_id are the same as those in the message. Otherwise
* it shall return OEMCrypto_ERROR_INVALID_NONCE.
*
* @param[in] message: pointer to the message buffer.
* @param[in] message_length: length of the entire message buffer.
* @param[in] core_message_size: length of the core message, at the beginning of
* the message buffer.
* @param[in,out] nonce_values: pointer to the session's nonce data. These might
* be updated if the server returns a lower API version.
*
* @retval OEMCrypto_SUCCESS
* @retval ODK_ERROR_CORE_MESSAGE: the message did not parse correctly, or there
* were other incorrect values. An error should be returned to the CDM
* layer.
* @retval ODK_UNSUPPORTED_API
* @retval OEMCrypto_ERROR_INVALID_NONCE
*
* @version
* This method is new in version 18 of the API.
*/
OEMCryptoResult ODK_ParseProvisioning40(const uint8_t* message,
size_t message_length,
size_t core_message_length,
ODK_NonceValues* nonce_values);
/**
* The function ODK_ParseProvisioning will parse the message and verify the
* API version is at most the version passed in.

7
oemcrypto/odk/include/odk_message.h
View File

@@ -36,10 +36,12 @@ extern "C" {
#if defined(__GNUC__) || defined(__clang__)
#define ALIGNED __attribute__((aligned))
#elif _MSC_VER
#define ALIGNED __declspec(align(8))
#else
#define ALIGNED
#error ODK_Message must be aligned to the maximum useful alignment of the \
machine you are compiling for. Define the ALIGNED macro accordingly.
machine you are compiling for. Define the ALIGNED macro accordingly.
#endif
typedef struct {
@@ -61,7 +63,8 @@ typedef enum {
MESSAGE_STATUS_NOT_INITIALIZED = 0x2990b6c6,
MESSAGE_STATUS_OUT_OF_MEMORY = 0x7c5c64cc,
MESSAGE_STATUS_MAP_SHARED_MEMORY_FAILED = 0x7afecacf,
MESSAGE_STATUS_SECURE_BUFFER_ERROR = 0x78f0e873
MESSAGE_STATUS_SECURE_BUFFER_ERROR = 0x78f0e873,
MESSAGE_STATUS_BUFFER_TOO_LARGE = 0x5bfcfb21
} ODK_MessageStatus;
/*

99
oemcrypto/odk/include/odk_structs.h
View File

@@ -15,11 +15,11 @@ extern "C" {
#include "odk_target.h"
/* The version of this library. */
#define ODK_MAJOR_VERSION 17
#define ODK_MINOR_VERSION 1
#define ODK_MAJOR_VERSION 18
#define ODK_MINOR_VERSION 3
/* ODK Version string. Date changed automatically on each release. */
#define ODK_RELEASE_DATE "ODK v17.1 2022-06-17"
#define ODK_RELEASE_DATE "ODK v18.3 2023-07-07"
/* The lowest version number for an ODK message. */
#define ODK_FIRST_VERSION 16
@@ -28,6 +28,11 @@ extern "C" {
#define ODK_DEVICE_ID_LEN_MAX 64
#define ODK_SHA256_HASH_SIZE 32
#define ODK_KEYBOX_RENEWAL_DATA_SIZE 1600
/* The max length of the encoded device info in CBOR format. Make sure it gets
* updated when more device info is included. Refer to
* https://www.rfc-editor.org/rfc/rfc8949.html#name-specification-of-the-cbor-e
* for an estimation of the required length. */
#define ODK_DEVICE_INFO_LEN_MAX 768
/// @addtogroup odk_timer
/// @{
@@ -92,7 +97,8 @@ typedef struct {
*
* @param time_of_license_request_signed: Time that the license request was
* signed, based on OEMCrypto's system clock. This value shall be stored
* and reloaded with usage entry as time_of_license_received.
* and reloaded with usage entry as time_of_license_received. This is
* also used to track the start of the rental clock time.
* @param time_of_first_decrypt: Time of the first decrypt or call select key,
* based on OEMCrypto's system clock. This is 0 if the license has not
* been used to decrypt any data. This value shall be stored and reloaded
@@ -161,6 +167,47 @@ typedef struct {
/// @addtogroup odk_parser
/// @{
/**
* This counter information is used by the license and provisioning servers to
* keep track of requests. Values should be updated after every successful
* provisioning request, license request, and decrypt call.
*
* @param provisioning_count: number of times a provisioning request was made on
* this device in the current instance. May be reset to 0 on device power off.
* @param license_count: number of times a license request was made on this
* device in the current instance. May be reset to 0 on device power off.
* @param decrypt_count: number of times OEMCrypto_DecryptCENC() has been called
* on this device in the current instance. May be reset to 0 on device power
* off.
* @param master_generation_number: current master generation number value from
* the OEMCrypto usage table. Persists across reboots.
* @param soc_vendor: name of the system-on-a-chip vendor for the device,
* limited to 16 bytes
* @param chipset_model: name of the chipset on the device, limited to 16 bytes
* @param major_version: major version of the TA binary. This is different from
* the OEMCrypto version that is being implemented.
* @param minor_version: minor version of the TA binary, if applicable. This is
* different from the OEMCrypto version that is being implemented.
* @param patch_version: patch version of the TA binary, if applicable. This is
* different from the OEMCrypto version that is being implemented.
* @param extra: unused in V18
*
* @version
* This struct was added in API version 18.
*/
typedef struct {
uint64_t master_generation_number;
uint32_t provisioning_count;
uint32_t license_count;
uint32_t decrypt_count;
uint16_t major_version;
uint16_t minor_version;
uint16_t patch_version;
uint8_t soc_vendor[16];
uint8_t chipset_model[16];
uint8_t extra[12];
} ODK_MessageCounterInfo;
/**
* The parsed license structure contains information from the license
* message. The function ODK_ParseLicense will fill in the fields of this
@@ -178,11 +225,12 @@ typedef struct {
* @param timer_limits: time limits of the for the license.
* @param watermarking: specifies if device supports watermarking.
* @param dtcp2_required: specifies if device supports DTCP.
* @param renewal_delay_base: what time the timer starting is based off of.
* @param key_array_length: number of keys present.
* @param key_array: set of keys to be installed.
*
* @version
* This struct changed in API version 17.
* This struct changed in API version 18.
*/
typedef struct {
OEMCrypto_Substring enc_mac_keys_iv;
@@ -194,10 +242,51 @@ typedef struct {
ODK_TimerLimits timer_limits;
uint32_t watermarking;
OEMCrypto_DTCP2_CMI_Packet dtcp2_required;
OEMCrypto_TimerDelayBase renewal_delay_base;
uint32_t key_array_length;
OEMCrypto_KeyObject key_array[ODK_MAX_NUM_KEYS];
} ODK_ParsedLicense;
/**
* The parsed license structure contains information from the license
* message. The function ODK_ParseLicense will fill in the fields of this
* message. All substrings are contained within the message body.
*
* @param enc_mac_keys_iv: IV for decrypting new mac_key. Size is 128 bits.
* @param enc_mac_keys: encrypted mac_keys for generating new mac_keys. Size is
* 512 bits.
* @param pst: the Provider Session Token.
* @param srm_restriction_data: optional data specifying the minimum SRM
* version.
* @param license_type: specifies if the license contains content keys or
* entitlement keys.
* @param nonce_required: indicates if the license requires a nonce.
* @param timer_limits: time limits of the for the license.
* @param watermarking: specifies if device supports watermarking.
* @param dtcp2_required: specifies if device supports DTCP.
* @param renewal_delay_base: what time the timer starting is based off of.
* @param key_array_length: number of keys present.
* @param key_array: set of keys to be installed. This is a pointer to an array
* to allow packing a number of keys greater than |ODK_MAX_NUM_KEYS|.
*
* @version
* This struct changed in API version 18.
*/
typedef struct {
OEMCrypto_Substring enc_mac_keys_iv;
OEMCrypto_Substring enc_mac_keys;
OEMCrypto_Substring pst;
OEMCrypto_Substring srm_restriction_data;
OEMCrypto_LicenseType license_type;
bool nonce_required;
ODK_TimerLimits timer_limits;
uint32_t watermarking;
OEMCrypto_DTCP2_CMI_Packet dtcp2_required;
OEMCrypto_TimerDelayBase renewal_delay_base;
uint32_t key_array_length;
OEMCrypto_KeyObject* key_array;
} ODK_Packing_ParsedLicense;
/**
* The parsed provisioning structure contains information from the license
* message. The function ODK_ParseProvisioning will fill in the fields of