diff options
Diffstat (limited to 'security/tf_sdk')
-rw-r--r-- | security/tf_sdk/include/OEMCrypto.h | 388 | ||||
-rw-r--r-- | security/tf_sdk/include/common_secure_driver_protocol.h | 35 | ||||
-rw-r--r-- | security/tf_sdk/include/s_type.h | 2 | ||||
-rw-r--r-- | security/tf_sdk/include/wvdrm_protocol.h | 131 |
4 files changed, 555 insertions, 1 deletions
diff --git a/security/tf_sdk/include/OEMCrypto.h b/security/tf_sdk/include/OEMCrypto.h new file mode 100644 index 0000000..daefdc8 --- /dev/null +++ b/security/tf_sdk/include/OEMCrypto.h @@ -0,0 +1,388 @@ +/******************************************************************************* + * + * Reference APIs needed to support Widevine's crypto algorithms. + * + ******************************************************************************/ + +#ifndef _OEMCRYPTO_AES_H +#define _OEMCRYPTO_AES_H + +typedef unsigned char OEMCrypto_UINT8; +typedef char OEMCrypto_INT8; +typedef unsigned int OEMCrypto_UINT32; +typedef unsigned int OEMCrypto_SECURE_BUFFER; + + +typedef enum OEMCryptoResult { + OEMCrypto_SUCCESS = 0, + OEMCrypto_ERROR_INIT_FAILED, + OEMCrypto_ERROR_TERMINATE_FAILED, + OEMCrypto_ERROR_ENTER_SECURE_PLAYBACK_FAILED, + OEMCrypto_ERROR_EXIT_SECURE_PLAYBACK_FAILED, + OEMCrypto_ERROR_SHORT_BUFFER, + OEMCrypto_ERROR_NO_DEVICE_KEY, + OEMCrypto_ERROR_NO_ASSET_KEY, + OEMCrypto_ERROR_KEYBOX_INVALID, + OEMCrypto_ERROR_NO_KEYDATA, + OEMCrypto_ERROR_NO_CW, + OEMCrypto_ERROR_DECRYPT_FAILED, + OEMCrypto_ERROR_WRITE_KEYBOX, + OEMCrypto_ERROR_WRAP_KEYBOX, + OEMCrypto_ERROR_BAD_MAGIC, + OEMCrypto_ERROR_BAD_CRC, + OEMCrypto_ERROR_NO_DEVICEID, + OEMCrypto_ERROR_RNG_FAILED, + OEMCrypto_ERROR_RNG_NOT_SUPPORTED, + OEMCrypto_ERROR_SETUP +} OEMCryptoResult; + + +#ifdef __cplusplus +extern "C" { +#endif + +#define OEMCrypto_Initialize _oec01 +#define OEMCrypto_Terminate _oec02 +#define OEMCrypto_SetEntitlementKey _oec03 +#define OEMCrypto_DeriveControlWord _oec04 +#define OEMCrypto_DecryptVideo _oec05 +#define OEMCrypto_DecryptAudio _oec06 +#define OEMCrypto_InstallKeybox _oec07 +#define OEMCrypto_GetKeyData _oec08 +#define OEMCrypto_IsKeyboxValid _oec09 +#define OEMCrypto_GetRandom _oec10 +#define OEMCrypto_GetDeviceID _oec11 +#define OEMCrypto_EnterSecurePlayback _oec12 +#define OEMCrypto_ExitSecurePlayback _oec13 +#define OEMCrypto_WrapKeybox _oec14 + +/* + * OEMCrypto_Initialize + * + * Description: + * Initializes the crypto hardware + * + * Parameters: + * N/A + * + * Returns: + * OEMCrypto_SUCCESS success + * OEMCrypto_ERROR_INIT_FAILED failed to initialize crypto hardware + */ +OEMCryptoResult OEMCrypto_Initialize(void); + + +/* + * OEMCrypto_Terminate + * + * Description: + * The API closes the crypto operation and releases all resources used. + * + * Parameters: + * N/A + * + * Returns: + * OEMCrypto_SUCCESS success + * OEMCrypto_ERROR_TERMINATE_FAILED failed to de-initialize crypto hardware + */ +OEMCryptoResult OEMCrypto_Terminate(void); + +/* + * OEMCrypto_EnterSecurePlayback + * + * Description: + * Configures the security processor for secure decryption. This may involve + * setting up firewall regions. It is called when the decrypt session for an + * asset is established. + * + * Parameters: + * N/A + * + * Returns: + * OEMCrypto_SUCCESS success + * OEMCrypto_ERROR_ENTER_SECURE_PLAYBACK_FAILED + */ +OEMCryptoResult OEMCrypto_EnterSecurePlayback(void); + +/* + * OEMCrypto_ExitSecurePlayback + * + * Description: + * Exit the secure playback mode. This may involve releasing the firewall regions. It is + * called when the decrypt session for an asset is closed. + * + * Parameters: + * N/A + * + * Returns: + * OEMCrypto_SUCCESS success + * OEMCrypto_ERROR_EXIT_SECURE_PLAYBACK_FAILED + */ +OEMCryptoResult OEMCrypto_ExitSecurePlayback(void); + +/* + * OEMCrypto_SetEntitlementKey + * + * Description: + * Decrypt the entitlement (EMM) key, also known as the asset key, + * using the encrypted device key (Device Key field) in the Widevine Keybox. + * + * As shown in Figure 1 on the next page, Step 1 uses an OEM root key to decrypt + * (AES-128-ECB) the Device Key in the Keybox; the result is “latched” in hardware + * key ladder. + * + * Step 2 uses the “latched” clear device key to decrypt (AES-128-ECB) the + * entitlement key passed in as the *emmKey parameter and “latched” the clear + * entitlement key in hardware for the next operation. + * + * Parameters: + * emmKey (in) - pointer to the encrypted entitlement key + * emmKeyLength (in) – length of entitlement key in bytes + * + * Returns: + * OEMCrypto_SUCCESS success + * OEMCrypto_ERROR_NO_DEVICE_KEY failed to decrypt device key + * OEMCrypto_ERROR_NO_ASSET_KEY failed to decrypt asset key + * OEMCrypto_ERROR_KEYBOX_INVALID cannot decrypt and read from Keybox + */ + +OEMCryptoResult OEMCrypto_SetEntitlementKey(const OEMCrypto_UINT8* emmKey, + const OEMCrypto_UINT32 emmKeyLength); + +/* + * OEMCrypto_DeriveControlWord + * + * Description: + * Using the active key ladder key from OEMCrypto_SetEntitlementKey(), decrypts + * (AES-128-CBC, iv=0) the 32-byte ECM referenced by the *ecm parameter; returns in + * *flags the first clear 4 bytes data. “Latched” the clear bytes [4..20] as the + * clear control word for subsequent payload decryption operation. + * + * Parameters: + * ecm (in) - points to encrypted ECM data + * length (in) – length of encrypted ECM data in bytes + * flags (out) - points to buffer to receive 4 byte clear flag value + * + * Returns: + * OEMCrypto_SUCCESS success + * OEMCrypto_ERROR_NO_CW cannot decrypt control word +*/ + +OEMCryptoResult OEMCrypto_DeriveControlWord(const OEMCrypto_UINT8* ecm, + const OEMCrypto_UINT32 length, + OEMCrypto_UINT32* flags); + + +/* + * OEMCrypto_DecryptVideo + * + * Description: + * + * The API decrypts (AES-128-CBC) the video payload in the buffer referenced by + * the *input parameter into the secure buffer referenced by the output + * parameter, using the control word “latched” in the active hardware key + * ladder. If inputLength is not a multiple of the crypto block size (16 bytes), + * the API handles the residual bytes using CipherText Stealing (CTS). + * + * Parameters: + * iv (in/out) - If iv is NULL, then no decryption is required, i.e. the packets are + * already clear. Otherwise, iv references the AES initialization + * vector. Note that the updated IV after processing the final crypto + * block must be passed back out in *iv. + * input (in) - buffer containing the encrypted data + * inputLength (in) - number of bytes in the input payload, which may not be a multiple of 16 bytes + * output (in) – reference to the secure buffer which will receive the decrypted data + * outputLength (out) - number of bytes written into the secure buffer + * + * Returns: + * OEMCrypto_SUCCESS success + * OEMCrypto_ERROR_DECRYPT_FAILED failed decryption +*/ + +OEMCryptoResult +OEMCrypto_DecryptVideo(const OEMCrypto_UINT8* iv, + const OEMCrypto_UINT8* input, const OEMCrypto_UINT32 inputLength, + OEMCrypto_UINT32 output_handle, OEMCrypto_UINT32 output_offset, OEMCrypto_UINT32 *outputLength); + + +/* + * OEMCrypto_DecryptAudio + * + * Description: + * The API decrypts (AES-128-CBC) the audio payload in the buffer referenced by + * the *input parameter into the non-secure buffer referenced by the output + * parameter, using the control word “latched” in the active hardware key + * ladder. If inputLength is not a multiple of the crypto block size (16 bytes), + * the API handles the residual bytes using CipherText Stealing (CTS). + * + * OEMCrypto_DecryptAudio must make sure that it cannot be used to decrypt a video + * stream into non-firewalled buffers, by verifying that no video packets are + * processed. + * + * Parameters: + * iv (in/out) - If iv is NULL, then no decryption is required, i.e. the packets are + * already clear. Otherwise, iv references the AES initialization + * vector. Note that the updated IV after processing the final crypto + * block must be passed back out in *iv. + * input (in) - buffer containing the encrypted data + * inputLength (in) - number of bytes in the input payload, which may not be a multiple of 16 bytes + * output (in) – reference to the non-secure buffer which will receive the decrypted data + * outputLength (out) - number of bytes written into the non-secure buffer + * + * Returns: + * OEMCrypto_SUCCESS success + * OEMCrypto_ERROR_DECRYPT_FAILED failed decryption +*/ +OEMCryptoResult +OEMCrypto_DecryptAudio(const OEMCrypto_UINT8* iv, + const OEMCrypto_UINT8* input, const OEMCrypto_UINT32 inputLength, + OEMCrypto_UINT8 *output, OEMCrypto_UINT32 *outputLength); + + +/* + * OEMCrypto_InstallKeybox + * + * Description: + * Unwrap and store the keybox to persistent memory. The device key must be stored + * securely. The device key will be decrypted and + * “latched” into hardware key ladder by OEMCrypto_SetEntitlementKey. + * + * This function is used once to load the keybox onto the device at provisioning time. + * + * Parameters: + * keybox (in) - Pointer to clear keybox data. Must have been wrapped with OEMCrypto_WrapKeybox + * keyboxLength (in) - Length of the keybox data in bytes + * + * Returns: + * OEMCrypto_SUCCESS success + * OEMCrypto_ERROR_WRITE_KEYBOX failed to handle and store Keybox + */ + +OEMCryptoResult OEMCrypto_InstallKeybox(OEMCrypto_UINT8 *keybox, + OEMCrypto_UINT32 keyBoxLength); + + +/* + * OEMCrypto_IsKeyboxValid + * + * Description: + * Validate the Widevine Keybox stored on the device. + * + * The API performs two verification steps on the Keybox. It first verifies the MAGIC + * field contains a valid signature (i.e. ‘k’’b’’o’’x’). The API then computes the + * CRC using CRC-32-IEEE 802.3 standard and compares the checksum to the CRC stored + * in the Keybox. The CRC is computed over the entire Keybox excluding the 4 bytes + * CRC (i.e. Keybox[0..123]. + * + * Parameters: + * none + * + * Returns: + * OEMCrypto_SUCCESS + * OEMCrypto_ERROR_BAD_MAGIC + * OEMCrypto_ERROR_BAD_CRC + */ + +OEMCryptoResult OEMCrypto_IsKeyboxValid(void); + + +/* + * OEMCrypto_GetDeviceID + * + * Description: + * Retrieve the device's unique identifier from the Keybox. + * + * Parameters: + * deviceId (out) - pointer to the buffer that receives the Device ID + * idLength (in/out) - on input, size of the caller's device ID buffer. + * On output, the number of bytes written into the buffer. + * + * Returns: + * OEMCrypto_SUCCESS success + * OEMCrypto_ERROR_SHORT_BUFFER if the buffer is too small to return the device ID + * OEMCrypto_ERROR_NO_DEVICEID failed to return Device Id + */ +OEMCryptoResult OEMCrypto_GetDeviceID(OEMCrypto_UINT8* deviceID, + OEMCrypto_UINT32 *idLength); + + +/* + * OEMCrypto_GetKeyData + * + * Description: + * Returns the Key Data field from the Keybox. The Key Data field does not need to be + * encrypted by an OEM root key, but may be if desired. + * + * If the Key Data field was encrypted with an OEM root key when the Keybox was stored + * on the device, then this function should decrypt it and return the clear Key Data. + * If the Key Data was not encrypted, then this function should just access and return + * the clear Key data. + * + * Parameters: + * keyData (out) - pointer to the buffer to hold the Key Data field from the Keybox + * dataLength (in/out) - on input, the allocated buffer size. On output, the number + * of bytes in KeyData. + * + * Returns: + * OEMCrypto_SUCCESS success + * OEMCrypto_ERROR_SHORT_BUFFER if the buffer is too small to return the KeyData + * OEMCrypto_ERROR_NO_KEYDATA failed to return KeyData + */ +OEMCryptoResult OEMCrypto_GetKeyData(OEMCrypto_UINT8* keyData, + OEMCrypto_UINT32 *keyDataLength); + + +/* + * OEMCrypto_GetRandom + * + * Description: + * Returns a buffer filled with hardware-generated random bytes, if supported by the hardware. + * + * Parameters: + * randomData (out) - Points to the buffer that should recieve the random data. + * dataLength (in) - Length of the random data buffer in bytes. + * + * Returns: + * OEMCrypto_SUCCESS success + * OEMCrypto_ERROR_RNG_FAILED failed to generate random number + * OEMCrypto_ERROR_RNG_NOT_SUPPORTED function not supported + */ + +OEMCryptoResult OEMCrypto_GetRandom(OEMCrypto_UINT8* randomData, + OEMCrypto_UINT32 dataLength); + +/* + * OEMCrypto_WrapKeybox + * + * Description: + * Wrap the Keybox with a key derived for the device key. + * + * Parameters: + * keybox (in) - Pointer to keybox data. + * keyboxLength - Length of the Keybox data in bytes + * wrappedKeybox (out) - Pointer to wrapped keybox + * wrappedKeyboxLength (out) - Pointer to the length of the wrapped keybox in bytes + * transportKey (in) - An optional AES transport key. If provided, the parameter + * keybox is passed encrypted with this transport key with AES-CBC + * and a null IV + * transportKeyLength - number of bytes in the transportKey + * + * Returns: + * OEMCrypto_SUCCESS success + * OEMCrypto_ERROR_WRAP_KEYBOX failed to wrap Keybox + */ + +OEMCryptoResult OEMCrypto_WrapKeybox(OEMCrypto_UINT8 *keybox, + OEMCrypto_UINT32 keyBoxLength, + OEMCrypto_UINT8 *wrappedKeybox, + OEMCrypto_UINT32 *wrappedKeyBoxLength, + OEMCrypto_UINT8 *transportKey, + OEMCrypto_UINT32 transportKeyLength); + +#ifdef __cplusplus +} +#endif + +#endif + +/***************************** End of File *****************************/ diff --git a/security/tf_sdk/include/common_secure_driver_protocol.h b/security/tf_sdk/include/common_secure_driver_protocol.h new file mode 100644 index 0000000..3f46113 --- /dev/null +++ b/security/tf_sdk/include/common_secure_driver_protocol.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2011 Trusted Logic S.A. + * All Rights Reserved. + * + * This software is the confidential and proprietary information of + * Trusted Logic S.A. ("Confidential Information"). You shall not + * disclose such Confidential Information and shall use it only in + * accordance with the terms of the license agreement you entered + * into with Trusted Logic S.A. + * + * TRUSTED LOGIC S.A. MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE + * SUITABILITY OF THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING + * BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. TRUSTED LOGIC S.A. SHALL + * NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, + * MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. + */ +#ifndef __COMMON_SECURE_DRIVER_PROTOCOL_H__ +#define __COMMON_SECURE_DRIVER_PROTOCOL_H__ + +/*C2537CC3-36F0-48D9-820E-559601478029*/ +#define COMMON_SECURE_DRIVER_UUID {0xC2537CC3, 0x36F0, 0x48D9, {0x82, 0x0E, 0x55, 0x96, 0x01, 0x47, 0x80, 0x29}} + +#define COMMON_SECURE_DRIVER_GET_SECURE_BUFFER 0x00000000 +#define COMMON_SECURE_DRIVER_HDCP_SECURE_IS_SECURE 0x00000002 +#define COMMON_SECURE_DRIVER_ENTER_SECURE_PLAYBACK 0x00003000 +#define COMMON_SECURE_DRIVER_EXIT_SECURE_PLAYBACK 0x00003001 +#define COMMON_SECURE_DRIVER_LOCK_SECURE_PLAYBACK 0x00004000 +#define COMMON_SECURE_DRIVER_UNLOCK_SECURE_PLAYBACK 0x00004001 + +#define COMMON_SECURE_DRIVER_CEK_UNWRAP 0x00006000 +#define COMMON_SECURE_DRIVER_KEK_WRAP 0x00006001 +#define COMMON_SECURE_DRIVER_KEK_UNWRAP 0x00006002 + +#endif /* __COMMON_SECURE_DRIVER_PROTOCOL_H__ */ diff --git a/security/tf_sdk/include/s_type.h b/security/tf_sdk/include/s_type.h index 72f2a8a..ae260cc 100644 --- a/security/tf_sdk/include/s_type.h +++ b/security/tf_sdk/include/s_type.h @@ -35,7 +35,7 @@ #define __S_TYPE_H__ /* C99 integer types */ -#if (!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L) &&(!defined(__ANDROID32__)) +#if (!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L) &&(!defined(ANDROID)) #include <limits.h> diff --git a/security/tf_sdk/include/wvdrm_protocol.h b/security/tf_sdk/include/wvdrm_protocol.h new file mode 100644 index 0000000..de51fb6 --- /dev/null +++ b/security/tf_sdk/include/wvdrm_protocol.h @@ -0,0 +1,131 @@ +/* + * Copyright (c) 2011 Trusted Logic S.A. + * All Rights Reserved. + * + * This software is the confidential and proprietary information of + * Trusted Logic S.A. ("Confidential Information"). You shall not + * disclose such Confidential Information and shall use it only in + * accordance with the terms of the license agreement you entered + * into with Trusted Logic S.A. + * + * TRUSTED LOGIC S.A. MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE + * SUITABILITY OF THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING + * BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. TRUSTED LOGIC S.A. SHALL + * NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, + * MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. + */ +#ifndef __WVDRM_PROTOCOL_H__ +#define __WVDRM_PROTOCOL_H__ + +#include <common_secure_driver_protocol.h> + +/* 45544DF9-B1DF-9BEE-D0B9-0C98CE3B41F6 */ +#define WVDRM_UUID {0x45544DF9, 0xB1DF, 0x9BEE, {0xD0, 0xB9, 0x0C, 0x98, 0xCE, 0x3B, 0x41, 0xF6}} + +/* + * Persistently install the DRM "key box" previously wrapped + * with WRAP_KEYBOX + * + * Param #0: MEMREF_INPUT: + * The encrypted keybox + */ +#define WVDRM_INSTALL_KEYBOX 0x00001000 + +/* + * Test if a keybox is provisioned and optionnally get its key data + * + * #0: + * - NONE: for testing if the keybox is valid (returns S_ERROR_ITEM_NOT_FOUND if not) + * - MEMREF_OUTPUT: to actually get the key data + */ +#define WVDRM_GET_KEY_DATA 0x00001001 + +/* + * Generate random data + * + * #0: + * - MEMREF_OUTPUT: buffer to fill with random data + */ +#define WVDRM_GET_RANDOM 0x00001002 + +/* + * Get the device ID + * + * #0: MEMREF_OUTPUT: filled with the device ID + */ +#define WVDRM_GET_DEVICE_ID 0x00001003 + +/* + * Optionnally decrypt a keybox with a transport key + * and wrap it with a device specific key. The result + * can be later passed to INSTALL_KEYBOX + * + * #0: MEMREF_INPUT: the input keybox + * - either in cleartext if param #2 is NONE + * - or encrypted with the key in param #2 + * #1: MEMREF_OUTPUT: the resulting wrapped key box + * #2: + * - NONE: param#0 is the clear-text keybox + * - MEMREF_INPUT: a transport key, in which case + * param#0 is the encryption with AES-CBC-128 of the + * keybox with an IV filled with zeros + */ +#define WVDRM_WRAP_KEYBOX 0x00001004 + +/* + * Unwrap an asset key. The asset key is stored in transient memory + * but available globally to all sessons. There can be only one asset key + * at a time. + * + * #0: MEMREF_INPUT + */ +#define WVDRM_SET_ENTITLEMENT_KEY 0x00002000 + +/* + * Decrypt the ECM (Entitlement Control Message = content key) using the asset key. + * Store the flags associated with the ECM. These flags will be later used, e.g., + * to activate HDCP protection. Also returns the flags. + * + * #0: MEMREF_INPUT + * #1: VALUE_OUTPUT: a=flags + * + */ +#define WVDRM_DERIVE_CONTROL_WORD 0x00002001 + +/* + * Decrypt a chunk of content from a non-secure buffer into + * a secure buffer opaquely referred to as an offset within + * the Decrypted-Encoded-Buffer part of the carveout. + * + * #0: MEMREF_INPUT: the encrypted content + * #1: VALUE_INPUT: + * [in] a=physical address of the ION handle, b=size of the handle + * #2: MEMREF_INOUT: the IV + * #3: VALUE_INOUT: + * [in] a=offset from the physical address of the ION handle, b=max size + * [out] b=actual size or required size + */ +#define WVDRM_DECRYPT_VIDEO 0x00002002 + +/* + * Decrypt a chunk of content into a non-secure buffer. This + * must be used only for audio content. + * + * #0: MEMREF_INPUT: the encrypted content + * #1: MEMREF_OUTPUT: the decrypted content + * #2: MEMREF_INOUT: the IV + */ +#define WVDRM_DECRYPT_AUDIO 0x00002003 + +/* + * Enter in secure playback. + */ +#define WVDRM_ENTER_SECURE_PLAYBACK COMMON_SECURE_DRIVER_ENTER_SECURE_PLAYBACK + +/* + * Exit in secure playback. + */ +#define WVDRM_EXIT_SECURE_PLAYBACK COMMON_SECURE_DRIVER_EXIT_SECURE_PLAYBACK + +#endif /* __WVDRM_PROTOCOL_H__ */ |