1 /********************************************************************** 2 * Copyright (C) 2014 Intel Corporation. All rights reserved. 3 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 8 * http://www.apache.org/licenses/LICENSE-2.0 9 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 **********************************************************************/ 16 17 #ifndef __WV_MOD_DRM_API_H_ 18 #define __WV_MOD_DRM_API_H_ 19 20 #include <inttypes.h> 21 #include "drm_common_api.h" 22 #include "wv_mod_oem_crypto.h" 23 24 /*! 25 * Defines 26 */ 27 #define DRM_WV_MOD_CLEAR_CONTENT_FLAG (1) 28 #define DRM_WV_MOD_AUDIO_CONTENT_FLAG (1 << 1) 29 #define DRM_WV_MOD_SECURE_CONTENT_FLAG (1 << 2) 30 31 // HDCP version values 32 enum hdcp_version_type 33 { 34 DRM_WV_MOD_HDCP_VERSION_ANY = 0, 35 DRM_WV_MOD_HDCP_VERSION_1_0, 36 DRM_WV_MOD_HDCP_VERSION_2_0, 37 DRM_WV_MOD_HDCP_VERSION_2_1, 38 DRM_WV_MOD_HDCP_VERSION_2_2, 39 DRM_WV_MOD_HDCP_VERSION_NONE = 0xFF 40 }; 41 42 43 /*! 44 * APIs 45 */ 46 uint32_t drm_wv_mod_open_session(uint32_t *session_id); 47 48 uint32_t drm_wv_mod_close_session(uint32_t session_id); 49 50 uint32_t drm_wv_mod_start_playback(uint32_t session_id); 51 52 uint32_t drm_wv_mod_stop_playback(uint32_t session_id); 53 54 uint32_t drm_wv_mod_generate_derived_keys(uint32_t session_id, 55 const uint8_t *mac_key_context, 56 uint32_t mac_key_context_length, 57 const uint8_t *enc_key_context, 58 uint32_t enc_key_context_length); 59 60 uint32_t drm_wv_mod_generate_nonce(uint32_t session_id, 61 uint32_t *nonce); 62 63 uint32_t drm_wv_mod_generate_signature(uint32_t session_id, 64 const uint8_t *message, 65 uint32_t message_length, 66 uint8_t *signature, 67 uint32_t *signature_length); 68 69 uint32_t drm_wv_mod_load_keys(uint32_t session_id, 70 const uint8_t *message, 71 uint32_t message_length, 72 const uint8_t *signature, 73 uint32_t signature_length, 74 const uint8_t *enc_mac_keys_iv, 75 const uint8_t *enc_mac_keys, 76 uint32_t num_keys, 77 const struct drm_wv_mod_key_object *key_array); 78 79 uint32_t drm_wv_mod_refresh_keys(uint32_t session_id, 80 const uint8_t *message, 81 uint32_t message_length, 82 const uint8_t *signature, 83 uint32_t signature_length, 84 uint32_t num_keys, 85 const struct drm_wv_mod_key_refresh_object *key_array); 86 87 uint32_t drm_wv_mod_select_key(uint32_t session_id, 88 const uint8_t *key_id, 89 uint32_t key_id_length); 90 91 uint32_t drm_wv_mod_decrypt_ctr(uint32_t session_id, 92 const uint8_t *inp_data_buffer, 93 uint32_t inp_data_size, 94 uint8_t *out_data_buffer, 95 uint32_t out_data_size, 96 const uint8_t *iv, 97 uint8_t flags); 98 99 uint32_t drm_wv_mod_rewrap_device_rsa_key(uint32_t session_id, 100 const uint8_t *message, 101 uint32_t message_length, 102 const uint8_t *signature, 103 uint32_t signature_length, 104 uint32_t *nonce, 105 const uint8_t *enc_rsa_key, 106 uint32_t enc_rsa_key_length, 107 const uint8_t *enc_rsa_key_iv, 108 uint8_t *wrapped_rsa_key, 109 uint32_t *wrapped_rsa_key_length); 110 111 uint32_t drm_wv_mod_load_device_rsa_key(uint32_t session_id, 112 const uint8_t *wrapped_rsa_key, 113 uint32_t wrapped_rsa_key_length); 114 115 uint32_t drm_wv_mod_generate_rsa_signature(uint32_t session_id, 116 const uint8_t *message, 117 uint32_t message_length, 118 uint8_t *signature, 119 uint32_t *signature_length); 120 121 uint32_t drm_wv_mod_derive_keys_from_session_key(uint32_t session_id, 122 const uint8_t *enc_session_key, 123 uint32_t enc_session_key_length, 124 const uint8_t *mac_key_context, 125 uint32_t mac_key_context_length, 126 const uint8_t *enc_key_context, 127 uint32_t enc_key_context_length); 128 129 uint32_t drm_wv_mod_generic_encrypt(uint32_t session_id, 130 const uint8_t *in_buffer, 131 uint32_t buffer_size, 132 const uint8_t *iv, 133 enum drm_wv_mod_algorithm algorithm, 134 uint8_t *out_buffer); 135 136 uint32_t drm_wv_mod_generic_decrypt(uint32_t session_id, 137 const uint8_t *in_buffer, 138 uint32_t buffer_size, 139 const uint8_t *iv, 140 enum drm_wv_mod_algorithm algorithm, 141 uint8_t *out_buffer); 142 143 uint32_t drm_wv_mod_generic_sign(uint32_t session_id, 144 const uint8_t *in_buffer, 145 uint32_t buffer_size, 146 enum drm_wv_mod_algorithm algorithm, 147 uint8_t *signature, 148 uint32_t *signature_size); 149 150 uint32_t drm_wv_mod_generic_verify(uint32_t session_id, 151 const uint8_t *in_buffer, 152 uint32_t buffer_size, 153 enum drm_wv_mod_algorithm algorithm, 154 const uint8_t *signature, 155 uint32_t signature_size); 156 157 /*! Version 9 specific APIs */ 158 uint32_t drm_wv_mod_v9_load_keys(uint32_t session_id, 159 const uint8_t *message, 160 uint32_t message_length, 161 const uint8_t *signature, 162 uint32_t signature_length, 163 const uint8_t *enc_mac_keys_iv, 164 const uint8_t *enc_mac_keys, 165 uint32_t num_keys, 166 const struct drm_wv_mod_key_object *key_array, 167 const uint8_t *pst, 168 uint32_t pst_length); 169 170 uint32_t drm_wv_mod_v9_generate_rsa_signature(uint32_t session_id, 171 const uint8_t *message, 172 uint32_t message_length, 173 uint8_t *signature, 174 uint32_t *signature_length, 175 enum drm_wv_mod_rsa_padding_scheme padding_scheme); 176 177 178 /** 179 * @brief Loads an existing usage table into chaabi secure memory 180 * 181 * This should be first called prior to load keys. Caller shall call 182 * drm_wv_mod_update_usage_table after making this call. 183 * 184 * @param[in] usage_table_data 185 * Existing usage table blob to load. If NULL, chaabi will 186 * return required table size. 187 * @param[in,out] data_size 188 * Size of the passed-in usage_table_data, in bytes. This 189 * will always be updated to the required table size. 190 * @param[in] system_time 191 * current system time. Time in seconds since 1970. 192 */ 193 uint32_t drm_wv_mod_load_usage_table(const uint8_t *const usage_table_data, 194 uint32_t *const data_size, 195 uint64_t system_time); 196 197 /* @brief Update usage table and return it 198 * 199 * Chaabi will update the usage table from its TEE memory and set the flag 200 * is_updated. 201 * 202 * Upon returning DRM_WV_MOD_SUCCESS and is_updated == 1, caller should 203 * write save the usage table to the file system. 204 * 205 * @param[out] usage_table_data 206 * Buffer where the usage table will be returned. Input is ignored. 207 * This will only contain data if is_updated == 1. 208 * @param[in] data_size 209 * Size of the usage_table_data buffer, which must be large enough to 210 * hold the entire structure. This size can be obtained via the 211 * load_usage_table API or by re-using the size of a previous table blob. 212 * @param[out] is_updated 213 * Flag indicating if the table has changed since the last 214 * update_usage_table or load_usage_table call. 215 * 216 * TODO: Return documentation 217 */ 218 uint32_t drm_wv_mod_update_usage_table(uint8_t *const usage_table_data, 219 uint32_t data_size, 220 uint8_t *const is_updated); 221 222 // NOTE: drm_wv_mod_update_usage_table shall be called after calling this 223 // function 224 // TODO: Documentation 225 uint32_t drm_wv_mod_deactivate_usage_entry(const uint8_t *const pst, 226 uint32_t pst_length); 227 228 /** 229 * @brief Returns the usage entry information for a particular pst 230 * 231 * Caller shall call drm_wv_mod_update_usage_table after making this call. 232 * 233 * @param[in] session_id 234 * Session ID to be associated with the pst entry 235 * @param[in] pst 236 * Pointer to pst data used as an index into the usage table 237 * @param[in] pst_length 238 * Length of pst buffer in bytes 239 * @param[out] pst_report_buffer 240 * Pointer to caller-allocated memory where the usage report shall be placed 241 * @param[in,out] pst_report_buffer_length 242 * Length of provided pst_report_buffer in bytes. Should be sizeof(pst) + 243 * sizeof(struct OEMCrypto_PST_Report) in length. If extra space is provided, 244 * this field will reflect the actual size of the returned report. 245 * 246 * TODO: Return documentation 247 */ 248 uint32_t drm_wv_mod_report_usage(uint32_t session_id, 249 const uint8_t *const pst, 250 uint32_t pst_length, 251 uint8_t *const pst_report_buffer, 252 uint32_t *const pst_report_buffer_length); 253 254 /** 255 * @brief Deletes a previously-reported entry from the usage table 256 * 257 * Caller shall call drm_wv_mod_update_usage_table after making this call. 258 * 259 * @param[in] session_id 260 * Session ID previously associated with the pst 261 * @param[in] pst 262 * Pointer to pst data used as an index into the usage table 263 * @param[in] pst_length 264 * Length of pst buffer in bytes 265 * @param[in] msg 266 * Pointer to message to be verified 267 * @param[in] msg_len 268 * Length of msg buffer in bytes 269 * @param[in] signature 270 * Pointer to signature to verify against 271 * @param[in] signature_length 272 * Length of signature buffer in bytes 273 * 274 * TODO: Return Documentation 275 */ 276 uint32_t drm_wv_mod_delete_usage_entry(uint32_t session_id, 277 const uint8_t *const pst, 278 uint32_t pst_length, 279 const uint8_t *const msg, 280 uint32_t msg_length, 281 const uint8_t *const signature, 282 uint32_t signature_length); 283 284 // This will only clear Chaabi TEE memory. Caller is responsible for deleting 285 // usage table file from file system. 286 // TODO: Documentation 287 uint32_t drm_wv_mod_delete_usage_table(void); 288 289 290 /** 291 * brief Clear session context 292 * 293 * This API is used to reset all sessions context. 294 * Typically called to cleanup sessions resulting from a application crash. 295 */ 296 uint32_t drm_wv_mod_reset_session_context(void); 297 298 /** 299 * @brief Returns the maximum and current HDCP version supported by the device 300 * 301 * @param[out] current_ver 302 * Current HDCP version supported by the device 303 * @param[out] maximum_ver 304 * Maximum HDCP version supported by the device 305 * 306 */ 307 uint32_t drm_wv_mod_get_hdcp_capability(enum hdcp_version_type *const current_ver, 308 enum hdcp_version_type *const maximum_ver); 309 310 /*! Version 10 specific APIs. */ 311 312 /** 313 * @brief Get current number of open sessions along with maximum number of 314 * supported sessions. 315 */ 316 uint32_t drm_wv_mod_get_num_sessions(uint32_t *open_sessions, uint32_t *max_sessions); 317 318 /** 319 * @brief Deletes an entry from session usage table. 320 * 321 * This API is used to delete stale entries without a signed request from server. 322 */ 323 uint32_t drm_wv_mod_force_delete_usage_entry(const uint8_t *pst, uint32_t pst_length); 324 325 /** 326 * @brief Returns the decrypted key control block for the given key_id. 327 */ 328 uint32_t drm_wv_mod_query_key_control(const uint32_t session_id, 329 const uint8_t *key_id, 330 uint32_t key_id_length, 331 uint8_t *key_control_block, 332 uint32_t *key_control_block_length); 333 334 /*! Version 11 specific APIs */ 335 uint32_t drm_wv_mod_security_patch_level(uint32_t *security_patch_level); 336 337 uint32_t drm_wv_mod_api_version(uint32_t *api_version); 338 339 uint32_t drm_wv_mod_decrypt_cenc(uint32_t session_id, 340 const uint8_t *inp_data_buffer, 341 uint32_t inp_data_size, 342 uint8_t *out_data_buffer, 343 uint32_t out_data_size, 344 const uint8_t *iv, 345 uint8_t flags); 346 347 uint32_t drm_wv_mod_glue_block(uint32_t session_id, 348 uint8_t *encrypted, 349 const uint8_t *cleartext, 350 uint32_t cleartext_length, 351 const uint8_t *iv); 352 353 #endif /* __WV_MOD_DRM_API_H_ */ 354