1 /********************************************************************** 2 * Copyright (C) 2014 Intel Corporation. All rights reserved. 3 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 8 * http://www.apache.org/licenses/LICENSE-2.0 9 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 **********************************************************************/ 16 17 #ifndef __WV_MOD_DRM_API_H_ 18 #define __WV_MOD_DRM_API_H_ 19 20 #include <inttypes.h> 21 #include "drm_common_api.h" 22 #include "wv_mod_oem_crypto.h" 23 24 /*! 25 * Defines 26 */ 27 #define DRM_WV_MOD_CLEAR_CONTENT_FLAG (1) 28 #define DRM_WV_MOD_AUDIO_CONTENT_FLAG (1 << 1) 29 #define DRM_WV_MOD_SECURE_CONTENT_FLAG (1 << 2) 30 31 // HDCP version values 32 enum hdcp_version_type 33 { 34 DRM_WV_MOD_HDCP_VERSION_ANY = 0, 35 DRM_WV_MOD_HDCP_VERSION_1_0, 36 DRM_WV_MOD_HDCP_VERSION_2_0, 37 DRM_WV_MOD_HDCP_VERSION_2_1, 38 DRM_WV_MOD_HDCP_VERSION_2_2, 39 DRM_WV_MOD_HDCP_VERSION_NONE = 0xFF 40 }; 41 42 43 /*! 44 * APIs 45 */ 46 uint32_t drm_wv_mod_open_session(uint32_t *session_id); 47 48 uint32_t drm_wv_mod_close_session(uint32_t session_id); 49 50 uint32_t drm_wv_mod_start_playback(uint32_t session_id); 51 52 uint32_t drm_wv_mod_stop_playback(uint32_t session_id); 53 54 uint32_t drm_wv_mod_generate_derived_keys(uint32_t session_id, 55 const uint8_t *mac_key_context, 56 uint32_t mac_key_context_length, 57 const uint8_t *enc_key_context, 58 uint32_t enc_key_context_length); 59 60 uint32_t drm_wv_mod_generate_nonce(uint32_t session_id, 61 uint32_t *nonce); 62 63 uint32_t drm_wv_mod_generate_signature(uint32_t session_id, 64 const uint8_t *message, 65 uint32_t message_length, 66 uint8_t *signature, 67 uint32_t *signature_length); 68 69 uint32_t drm_wv_mod_load_keys(uint32_t session_id, 70 const uint8_t *message, 71 uint32_t message_length, 72 const uint8_t *signature, 73 uint32_t signature_length, 74 const uint8_t *enc_mac_keys_iv, 75 const uint8_t *enc_mac_keys, 76 uint32_t num_keys, 77 const struct drm_wv_mod_key_object *key_array); 78 79 uint32_t drm_wv_mod_refresh_keys(uint32_t session_id, 80 const uint8_t *message, 81 uint32_t message_length, 82 const uint8_t *signature, 83 uint32_t signature_length, 84 uint32_t num_keys, 85 const struct drm_wv_mod_key_refresh_object *key_array); 86 87 uint32_t drm_wv_mod_select_key(uint32_t session_id, 88 const uint8_t *key_id, 89 uint32_t key_id_length); 90 91 uint32_t drm_wv_mod_decrypt_ctr(uint32_t session_id, 92 const uint8_t *inp_data_buffer, 93 uint32_t inp_data_size, 94 uint8_t *out_data_buffer, 95 uint32_t out_data_size, 96 const uint8_t *iv, 97 uint8_t flags); 98 99 uint32_t drm_wv_mod_rewrap_device_rsa_key(uint32_t session_id, 100 const uint8_t *message, 101 uint32_t message_length, 102 const uint8_t *signature, 103 uint32_t signature_length, 104 uint32_t *nonce, 105 const uint8_t *enc_rsa_key, 106 uint32_t enc_rsa_key_length, 107 const uint8_t *enc_rsa_key_iv, 108 uint8_t *wrapped_rsa_key, 109 uint32_t *wrapped_rsa_key_length); 110 111 uint32_t drm_wv_mod_load_device_rsa_key(uint32_t session_id, 112 const uint8_t *wrapped_rsa_key, 113 uint32_t wrapped_rsa_key_length); 114 115 uint32_t drm_wv_mod_generate_rsa_signature(uint32_t session_id, 116 const uint8_t *message, 117 uint32_t message_length, 118 uint8_t *signature, 119 uint32_t *signature_length); 120 121 uint32_t drm_wv_mod_derive_keys_from_session_key(uint32_t session_id, 122 const uint8_t *enc_session_key, 123 uint32_t enc_session_key_length, 124 const uint8_t *mac_key_context, 125 uint32_t mac_key_context_length, 126 const uint8_t *enc_key_context, 127 uint32_t enc_key_context_length); 128 129 uint32_t drm_wv_mod_generic_encrypt(uint32_t session_id, 130 const uint8_t *in_buffer, 131 uint32_t buffer_size, 132 const uint8_t *iv, 133 enum drm_wv_mod_algorithm algorithm, 134 uint8_t *out_buffer); 135 136 uint32_t drm_wv_mod_generic_decrypt(uint32_t session_id, 137 const uint8_t *in_buffer, 138 uint32_t buffer_size, 139 const uint8_t *iv, 140 enum drm_wv_mod_algorithm algorithm, 141 uint8_t *out_buffer); 142 143 uint32_t drm_wv_mod_generic_sign(uint32_t session_id, 144 const uint8_t *in_buffer, 145 uint32_t buffer_size, 146 enum drm_wv_mod_algorithm algorithm, 147 uint8_t *signature, 148 uint32_t *signature_size); 149 150 uint32_t drm_wv_mod_generic_verify(uint32_t session_id, 151 const uint8_t *in_buffer, 152 uint32_t buffer_size, 153 enum drm_wv_mod_algorithm algorithm, 154 const uint8_t *signature, 155 uint32_t signature_size); 156 157 /*! Version 9 specific APIs */ 158 uint32_t drm_wv_mod_v9_load_keys(uint32_t session_id, 159 const uint8_t *message, 160 uint32_t message_length, 161 const uint8_t *signature, 162 uint32_t signature_length, 163 const uint8_t *enc_mac_keys_iv, 164 const uint8_t *enc_mac_keys, 165 uint32_t num_keys, 166 const struct drm_wv_mod_key_object *key_array, 167 const uint8_t *pst, 168 uint32_t pst_length, 169 const uint8_t *srm_restriction_data); 170 171 uint32_t drm_wv_mod_v9_generate_rsa_signature(uint32_t session_id, 172 const uint8_t *message, 173 uint32_t message_length, 174 uint8_t *signature, 175 uint32_t *signature_length, 176 enum drm_wv_mod_rsa_padding_scheme padding_scheme); 177 178 179 /** 180 * @brief Loads an existing usage table into chaabi secure memory 181 * 182 * This should be first called prior to load keys. Caller shall call 183 * drm_wv_mod_update_usage_table after making this call. 184 * 185 * @param[in] usage_table_data 186 * Existing usage table blob to load. If NULL, chaabi will 187 * return required table size. 188 * @param[in,out] data_size 189 * Size of the passed-in usage_table_data, in bytes. This 190 * will always be updated to the required table size. 191 * @param[in] system_time 192 * current system time. Time in seconds since 1970. 193 */ 194 uint32_t drm_wv_mod_load_usage_table(const uint8_t *const usage_table_data, 195 uint32_t *const data_size, 196 uint64_t system_time); 197 198 /* @brief Update usage table and return it 199 * 200 * Chaabi will update the usage table from its TEE memory and set the flag 201 * is_updated. 202 * 203 * Upon returning DRM_WV_MOD_SUCCESS and is_updated == 1, caller should 204 * write save the usage table to the file system. 205 * 206 * @param[out] usage_table_data 207 * Buffer where the usage table will be returned. Input is ignored. 208 * This will only contain data if is_updated == 1. 209 * @param[in] data_size 210 * Size of the usage_table_data buffer, which must be large enough to 211 * hold the entire structure. This size can be obtained via the 212 * load_usage_table API or by re-using the size of a previous table blob. 213 * @param[out] is_updated 214 * Flag indicating if the table has changed since the last 215 * update_usage_table or load_usage_table call. 216 * 217 */ 218 uint32_t drm_wv_mod_update_usage_table(uint8_t *const usage_table_data, 219 uint32_t data_size, 220 uint8_t *const is_updated); 221 222 // NOTE: drm_wv_mod_update_usage_table shall be called after calling this 223 // function 224 uint32_t drm_wv_mod_deactivate_usage_entry(uint32_t session_id, 225 const uint8_t *const pst, 226 uint32_t pst_length); 227 228 /** 229 * @brief Returns the usage entry information for a particular pst 230 * 231 * Caller shall call drm_wv_mod_update_usage_table after making this call. 232 * 233 * @param[in] session_id 234 * Session ID to be associated with the pst entry 235 * @param[in] pst 236 * Pointer to pst data used as an index into the usage table 237 * @param[in] pst_length 238 * Length of pst buffer in bytes 239 * @param[out] pst_report_buffer 240 * Pointer to caller-allocated memory where the usage report shall be placed 241 * @param[in,out] pst_report_buffer_length 242 * Length of provided pst_report_buffer in bytes. Should be sizeof(pst) + 243 * sizeof(struct OEMCrypto_PST_Report) in length. If extra space is provided, 244 * this field will reflect the actual size of the returned report. 245 * 246 */ 247 uint32_t drm_wv_mod_report_usage(uint32_t session_id, 248 const uint8_t *const pst, 249 uint32_t pst_length, 250 uint8_t *const pst_report_buffer, 251 uint32_t *const pst_report_buffer_length); 252 253 /** 254 * @brief Deletes a previously-reported entry from the usage table 255 * 256 * Caller shall call drm_wv_mod_update_usage_table after making this call. 257 * 258 * @param[in] session_id 259 * Session ID previously associated with the pst 260 * @param[in] pst 261 * Pointer to pst data used as an index into the usage table 262 * @param[in] pst_length 263 * Length of pst buffer in bytes 264 * @param[in] msg 265 * Pointer to message to be verified 266 * @param[in] msg_len 267 * Length of msg buffer in bytes 268 * @param[in] signature 269 * Pointer to signature to verify against 270 * @param[in] signature_length 271 * Length of signature buffer in bytes 272 * 273 */ 274 uint32_t drm_wv_mod_delete_usage_entry(uint32_t session_id, 275 const uint8_t *const pst, 276 uint32_t pst_length, 277 const uint8_t *const msg, 278 uint32_t msg_length, 279 const uint8_t *const signature, 280 uint32_t signature_length); 281 282 // This will only clear Chaabi TEE memory. Caller is responsible for deleting 283 // usage table file from file system. 284 uint32_t drm_wv_mod_delete_usage_table(void); 285 286 287 /** 288 * brief Clear session context 289 * 290 * This API is used to reset all sessions context. 291 * Typically called to cleanup sessions resulting from a application crash. 292 */ 293 uint32_t drm_wv_mod_reset_session_context(void); 294 295 /** 296 * @brief Returns the maximum and current HDCP version supported by the device 297 * 298 * @param[out] current_ver 299 * Current HDCP version supported by the device 300 * @param[out] maximum_ver 301 * Maximum HDCP version supported by the device 302 * 303 */ 304 uint32_t drm_wv_mod_get_hdcp_capability(enum hdcp_version_type *const current_ver, 305 enum hdcp_version_type *const maximum_ver); 306 307 /*! Version 10 specific APIs. */ 308 309 /** 310 * @brief Get current number of open sessions along with maximum number of 311 * supported sessions. 312 */ 313 uint32_t drm_wv_mod_get_num_sessions(uint32_t *open_sessions, uint32_t *max_sessions); 314 315 /** 316 * @brief Deletes an entry from session usage table. 317 * 318 * This API is used to delete stale entries without a signed request from server. 319 */ 320 uint32_t drm_wv_mod_force_delete_usage_entry(const uint8_t *pst, uint32_t pst_length); 321 322 /** 323 * @brief Returns the decrypted key control block for the given key_id. 324 */ 325 uint32_t drm_wv_mod_query_key_control(const uint32_t session_id, 326 const uint8_t *key_id, 327 uint32_t key_id_length, 328 uint8_t *key_control_block, 329 uint32_t *key_control_block_length); 330 331 /*! Version 11 specific APIs */ 332 uint32_t drm_wv_mod_security_patch_level(uint32_t *security_patch_level); 333 334 uint32_t drm_wv_mod_api_version(uint32_t *api_version); 335 336 uint32_t drm_wv_mod_decrypt_cenc(uint32_t session_id, 337 const uint8_t *inp_data_buffer, 338 uint32_t inp_data_size, 339 uint8_t *out_data_buffer, 340 uint32_t out_data_size, 341 const uint8_t *iv, 342 uint8_t flags); 343 344 uint32_t drm_wv_mod_glue_block(uint32_t session_id, 345 uint8_t *encrypted, 346 const uint8_t *cleartext, 347 uint32_t cleartext_length, 348 const uint8_t *iv); 349 350 /*! Version 13 specific APIs */ 351 352 /*! 353 * Create a new Usage Table Header with no entries. 354 */ 355 uint32_t drm_wv_mod_create_usage_table_header(uint8_t *header_buffer, 356 uint32_t *header_buffer_length, 357 uint64_t system_time); 358 359 /*! 360 * Loads the usage table header into TEE. 361 */ 362 uint32_t drm_wv_mod_load_usage_table_header(const uint8_t *buffer, 363 uint32_t buffer_length, 364 uint64_t system_time); 365 366 /*! 367 * Create a new usage entry. 368 */ 369 uint32_t drm_wv_mod_create_new_usage_entry(uint32_t session_id, 370 uint32_t *usage_entry_number); 371 372 /*! 373 * Load a usage table saved by update usage entry. 374 */ 375 uint32_t drm_wv_mod_load_usage_entry(uint32_t session_id, 376 uint32_t index, 377 const uint8_t *buffer, 378 uint32_t buffer_length); 379 380 /*! 381 * Updates session usage entry. 382 */ 383 uint32_t drm_wv_mod_update_usage_entry(uint32_t session_id, 384 uint8_t *header_buffer, 385 uint32_t *header_buffer_length, 386 uint8_t *entry_buffer, 387 uint32_t *entry_buffer_length); 388 389 /*! 390 * Move usage entry with current session from one location in header to another. 391 */ 392 uint32_t drm_wv_mod_move_entry(uint32_t session_id, 393 uint32_t new_index); 394 395 /*! 396 * Shrinks the usage table and the header. 397 */ 398 uint32_t drm_wv_mod_shrink_usage_table_header(uint32_t new_entry_count, 399 uint8_t *header_buffer, 400 uint32_t *header_buffer_length); 401 402 /*! 403 * Copies an entry from old v12(or earlier) usage table to new table. 404 */ 405 uint32_t drm_wv_mod_copy_old_usage_entry(uint32_t session_id, 406 const uint8_t *pst, 407 uint32_t pst_length); 408 409 /*! 410 * Delete the old usage table. 411 */ 412 uint32_t drm_wv_mod_delete_old_usage_table(void); 413 414 /*! 415 * Create old usage entry. 416 */ 417 uint32_t drm_wv_mod_create_old_usage_entry(uint64_t time_since_license_received, 418 uint64_t time_since_first_decrypt, 419 uint64_t time_since_last_decrypt, 420 enum drm_wv_mod_usage_entry_status status, 421 uint8_t *server_mac_key, 422 uint8_t *client_mac_key, 423 const uint8_t *pst, 424 uint32_t pst_length); 425 426 #endif /* __WV_MOD_DRM_API_H_ */ 427