// Copyright 2019 Google LLC. This file and proprietary // source code may only be used and distributed under the Widevine // License Agreement. /********************************************************************* * OEMCryptoCENCCommon.h * * Common structures and error codes between WV servers and OEMCrypto. * *********************************************************************/ #ifndef WIDEVINE_ODK_INCLUDE_OEMCRYPTOCENCCOMMON_H_ #define WIDEVINE_ODK_INCLUDE_OEMCRYPTOCENCCOMMON_H_ #include #include #include #ifdef __cplusplus extern "C" { #endif /// @addtogroup common_types /// @{ /* clang-format off */ /** Error and result codes returned by OEMCrypto functions. */ typedef enum OEMCryptoResult { OEMCrypto_SUCCESS = 0, OEMCrypto_ERROR_INIT_FAILED = 1, OEMCrypto_ERROR_TERMINATE_FAILED = 2, OEMCrypto_ERROR_OPEN_FAILURE = 3, OEMCrypto_ERROR_CLOSE_FAILURE = 4, OEMCrypto_ERROR_ENTER_SECURE_PLAYBACK_FAILED = 5, /* deprecated */ OEMCrypto_ERROR_EXIT_SECURE_PLAYBACK_FAILED = 6, /* deprecated */ OEMCrypto_ERROR_SHORT_BUFFER = 7, OEMCrypto_ERROR_NO_DEVICE_KEY = 8, /* no keybox device key. */ OEMCrypto_ERROR_NO_ASSET_KEY = 9, OEMCrypto_ERROR_KEYBOX_INVALID = 10, OEMCrypto_ERROR_NO_KEYDATA = 11, OEMCrypto_ERROR_NO_CW = 12, OEMCrypto_ERROR_DECRYPT_FAILED = 13, OEMCrypto_ERROR_WRITE_KEYBOX = 14, OEMCrypto_ERROR_WRAP_KEYBOX = 15, OEMCrypto_ERROR_BAD_MAGIC = 16, OEMCrypto_ERROR_BAD_CRC = 17, OEMCrypto_ERROR_NO_DEVICEID = 18, OEMCrypto_ERROR_RNG_FAILED = 19, OEMCrypto_ERROR_RNG_NOT_SUPPORTED = 20, OEMCrypto_ERROR_SETUP = 21, OEMCrypto_ERROR_OPEN_SESSION_FAILED = 22, OEMCrypto_ERROR_CLOSE_SESSION_FAILED = 23, OEMCrypto_ERROR_INVALID_SESSION = 24, OEMCrypto_ERROR_NOT_IMPLEMENTED = 25, OEMCrypto_ERROR_NO_CONTENT_KEY = 26, OEMCrypto_ERROR_CONTROL_INVALID = 27, OEMCrypto_ERROR_UNKNOWN_FAILURE = 28, OEMCrypto_ERROR_INVALID_CONTEXT = 29, OEMCrypto_ERROR_SIGNATURE_FAILURE = 30, OEMCrypto_ERROR_TOO_MANY_SESSIONS = 31, OEMCrypto_ERROR_INVALID_NONCE = 32, OEMCrypto_ERROR_TOO_MANY_KEYS = 33, OEMCrypto_ERROR_DEVICE_NOT_RSA_PROVISIONED = 34, OEMCrypto_ERROR_INVALID_RSA_KEY = 35, /* deprecated */ OEMCrypto_ERROR_KEY_EXPIRED = 36, OEMCrypto_ERROR_INSUFFICIENT_RESOURCES = 37, OEMCrypto_ERROR_INSUFFICIENT_HDCP = 38, OEMCrypto_ERROR_BUFFER_TOO_LARGE = 39, OEMCrypto_WARNING_GENERATION_SKEW = 40, /* Warning, not error. */ OEMCrypto_ERROR_GENERATION_SKEW = 41, OEMCrypto_LOCAL_DISPLAY_ONLY = 42, /* Info, not an error. */ OEMCrypto_ERROR_ANALOG_OUTPUT = 43, OEMCrypto_ERROR_WRONG_PST = 44, OEMCrypto_ERROR_WRONG_KEYS = 45, OEMCrypto_ERROR_MISSING_MASTER = 46, OEMCrypto_ERROR_LICENSE_INACTIVE = 47, OEMCrypto_ERROR_ENTRY_NEEDS_UPDATE = 48, OEMCrypto_ERROR_ENTRY_IN_USE = 49, OEMCrypto_ERROR_USAGE_TABLE_UNRECOVERABLE = 50, /* Obsolete. Don't use. */ /* Use OEMCrypto_ERROR_NO_CONTENT_KEY instead of KEY_NOT_LOADED. */ OEMCrypto_KEY_NOT_LOADED = 51, /* Obsolete. */ OEMCrypto_KEY_NOT_ENTITLED = 52, OEMCrypto_ERROR_BAD_HASH = 53, OEMCrypto_ERROR_OUTPUT_TOO_LARGE = 54, OEMCrypto_ERROR_SESSION_LOST_STATE = 55, OEMCrypto_ERROR_SYSTEM_INVALIDATED = 56, OEMCrypto_ERROR_LICENSE_RELOAD = 57, OEMCrypto_ERROR_MULTIPLE_USAGE_ENTRIES = 58, OEMCrypto_WARNING_MIXED_OUTPUT_PROTECTION = 59, OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION = 60, OEMCrypto_ERROR_NEEDS_KEYBOX_PROVISIONING = 61, OEMCrypto_ERROR_UNSUPPORTED_CIPHER = 62, OEMCrypto_ERROR_DVR_FORBIDDEN = 63, OEMCrypto_ERROR_INSUFFICIENT_PRIVILEGE = 64, OEMCrypto_ERROR_INVALID_KEY = 65, OEMCrypto_ERROR_INVALID_OEM_CERTIFICATE = 66, /* ODK return values */ ODK_ERROR_BASE = 1000, ODK_ERROR_CORE_MESSAGE = ODK_ERROR_BASE, ODK_SET_TIMER = ODK_ERROR_BASE + 1, ODK_DISABLE_TIMER = ODK_ERROR_BASE + 2, ODK_TIMER_EXPIRED = ODK_ERROR_BASE + 3, ODK_UNSUPPORTED_API = ODK_ERROR_BASE + 4, ODK_STALE_RENEWAL = ODK_ERROR_BASE + 5, /* OPK return values */ OPK_ERROR_BASE = 2000, OPK_ERROR_REMOTE_CALL = OPK_ERROR_BASE, OPK_ERROR_INCOMPATIBLE_VERSION = OPK_ERROR_BASE + 1, OPK_ERROR_NO_PERSISTENT_DATA = OPK_ERROR_BASE + 2, OPK_ERROR_PREHOOK_FAILURE = OPK_ERROR_BASE + 3, OPK_ERROR_POSTHOOK_FAILURE = OPK_ERROR_BASE + 4, } OEMCryptoResult; /* clang-format on */ /** * Valid values for status in the usage table. */ typedef enum OEMCrypto_Usage_Entry_Status { kUnused = 0, kActive = 1, kInactive = 2, /* Deprecated. Use kInactiveUsed or kInactiveUnused. */ kInactiveUsed = 3, kInactiveUnused = 4, } OEMCrypto_Usage_Entry_Status; /* Not used publicly. Not documented with Doxygen. */ typedef enum OEMCrypto_ProvisioningRenewalType { OEMCrypto_NoRenewal = 0, OEMCrypto_RenewalACert = 1, } OEMCrypto_ProvisioningRenewalType; /** * OEMCrypto_LicenseType is used in the license message to indicate if the key * objects are for content keys, or for entitlement keys. */ typedef enum OEMCrypto_LicenseType { OEMCrypto_ContentLicense = 0, OEMCrypto_EntitlementLicense = 1, OEMCrypto_LicenseType_MaxValue = OEMCrypto_EntitlementLicense, } OEMCrypto_LicenseType; /** * Private key type used in the provisioning response. */ typedef enum OEMCrypto_PrivateKeyType { OEMCrypto_RSA_Private_Key = 0, OEMCrypto_ECC_Private_Key = 1, OEMCrypto_PrivateKeyType_MaxValue = OEMCrypto_ECC_Private_Key, } OEMCrypto_PrivateKeyType; /** * The base for (delayed) timers, i.e. from what time the (delayed) timer * starts. */ typedef enum OEMCrypto_TimerDelayBase { OEMCrypto_License_Start = 0, OEMCrypto_License_Load = 1, OEMCrypto_First_Decrypt = 2, OEMCrypto_TimerDelayBase_MaxValue = OEMCrypto_First_Decrypt, } OEMCrypto_TimerDelayBase; /** * Used to indicate a substring of a signed message in ODK_ParseLicense * and other functions which must verify that a parameter is contained within a * signed message. */ typedef struct { size_t offset; size_t length; } OEMCrypto_Substring; /** * Used to specify information about CMI Descriptor 0. * @param id: ID value of CMI Descriptor assigned by DTLA. * @param length: byte length of the usage rules field. * @param data: usage rules data. */ typedef struct { uint8_t id; // 0x00 uint8_t extension; // 0x00 uint16_t length; // 0x01 uint8_t data; } OEMCrypto_DTCP2_CMI_Descriptor_0; /** * Used to specify information about CMI Descriptor 1. * @param id: ID value of CMI Descriptor assigned by DTLA. * @param extension: specified by the CMI descriptor * @param length: byte length of the usage rules field. * @param data: usage rules data. */ typedef struct { uint8_t id; // 0x01 uint8_t extension; // 0x00 uint16_t length; // 0x03 uint8_t data[3]; } OEMCrypto_DTCP2_CMI_Descriptor_1; /** * Used to specify information about CMI Descriptor 2. * @param id: ID value of CMI Descriptor assigned by DTLA. * @param extension: specified by the CMI descriptor * @param length: byte length of the usage rules field. * @param data: usage rules data. */ typedef struct { uint8_t id; // 0x02 uint8_t extension; // 0x00 uint16_t length; // 0x03 uint8_t data[3]; } OEMCrypto_DTCP2_CMI_Descriptor_2; /** * Used to specify the required DTCP2 level. If dtcp2_required is 0, there are * no requirements on any of the keys. If dtcp2_required is 1, any key with the * kControlHDCPRequired bit set requires DTCP2 in its output. * @param dtcp2_required: specifies whether dtcp2 is required. 0 = not required, * 1 = DTCP2 required. * @param cmi_descriptor_1: three bytes of CMI descriptor 1 */ typedef struct { uint8_t dtcp2_required; // 0 = not required. 1 = DTCP2 v1 required. OEMCrypto_DTCP2_CMI_Descriptor_0 cmi_descriptor_0; OEMCrypto_DTCP2_CMI_Descriptor_1 cmi_descriptor_1; OEMCrypto_DTCP2_CMI_Descriptor_2 cmi_descriptor_2; } OEMCrypto_DTCP2_CMI_Packet; /** * Points to the relevant fields for a content key. The fields are extracted * from the License Response message offered to ODK_ParseLicense(). Each * field points to one of the components of the key. Key data, key control, * and both IV fields are 128 bits (16 bytes): * @param key_id: the unique id of this key. * @param key_id_length: the size of key_id. OEMCrypto may assume this is at * most 16. However, OEMCrypto shall correctly handle key id lengths * from 1 to 16 bytes. * @param key_data_iv: the IV for performing AES-128-CBC decryption of the * key_data field. * @param key_data - the key data. It is encrypted (AES-128-CBC) with the * session's derived encrypt key and the key_data_iv. * @param key_control_iv: the IV for performing AES-128-CBC decryption of the * key_control field. * @param key_control: the key control block. It is encrypted (AES-128-CBC) with * the content key from the key_data field. * * The memory for the OEMCrypto_KeyObject fields is allocated and freed * by the caller of ODK_ParseLicense(). */ typedef struct { OEMCrypto_Substring key_id; OEMCrypto_Substring key_data_iv; OEMCrypto_Substring key_data; OEMCrypto_Substring key_control_iv; OEMCrypto_Substring key_control; } OEMCrypto_KeyObject; /// @} #ifdef __cplusplus } #endif #endif // WIDEVINE_ODK_INCLUDE_OEMCRYPTOCENCCOMMON_H_