mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-11-24 14:26:09 +03:00
238 lines
9.0 KiB
Plaintext
238 lines
9.0 KiB
Plaintext
// Copyright 2017 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Next MinVersion: 2
|
|
|
|
// The original version of this file lives in the Chromium repository at:
|
|
// src/components/arc/common/oemcrypto.mojom
|
|
|
|
// This file defines the mojo interface between Android, Chrome and the
|
|
// Chrome OS daemon for the Widevine L1 OEMCrypto implementation used in ARC++.
|
|
// This files matches what's in Widevine's OEMCryptoCENC.h file closely and all
|
|
// methods are documented there.
|
|
|
|
module arc.mojom;
|
|
|
|
[Extensible]
|
|
enum OemCryptoResult {
|
|
SUCCESS = 0,
|
|
ERROR_INIT_FAILED = 1,
|
|
ERROR_TERMINATE_FAILED = 2,
|
|
ERROR_OPEN_FAILURE = 3,
|
|
ERROR_CLOSE_FAILURE = 4,
|
|
ERROR_ENTER_SECURE_PLAYBACK_FAILED = 5,
|
|
ERROR_EXIT_SECURE_PLAYBACK_FAILED = 6,
|
|
ERROR_SHORT_BUFFER = 7,
|
|
ERROR_NO_DEVICE_KEY = 8,
|
|
ERROR_NO_ASSET_KEY = 9,
|
|
ERROR_KEYBOX_INVALID = 10,
|
|
ERROR_NO_KEYDATA = 11,
|
|
ERROR_NO_CW = 12,
|
|
ERROR_DECRYPT_FAILED = 13,
|
|
ERROR_WRITE_KEYBOX = 14,
|
|
ERROR_WRAP_KEYBOX = 15,
|
|
ERROR_BAD_MAGIC = 16,
|
|
ERROR_BAD_CRC = 17,
|
|
ERROR_NO_DEVICEID = 18,
|
|
ERROR_RNG_FAILED = 19,
|
|
ERROR_RNG_NOT_SUPPORTED = 20,
|
|
ERROR_SETUP = 21,
|
|
ERROR_OPEN_SESSION_FAILED = 22,
|
|
ERROR_CLOSE_SESSION_FAILED = 23,
|
|
ERROR_INVALID_SESSIONS = 24,
|
|
ERROR_NOT_IMPLEMENTED = 25,
|
|
ERROR_NO_CONTENT_KEY = 26,
|
|
ERROR_CONTROL_INVALID = 27,
|
|
ERROR_UNKNOWN_FAILURE = 28,
|
|
ERROR_INVALID_CONTEXT = 29,
|
|
ERROR_SIGNATURE_FAILURE = 30,
|
|
ERROR_TOO_MANY_SESSIONS = 31,
|
|
ERROR_INVALID_NONCE = 32,
|
|
ERROR_TOO_MANY_KEYS = 33,
|
|
ERROR_DEVICE_NOT_RSA_PROVISIONED = 34,
|
|
ERROR_INVALID_RSA_KEY = 35,
|
|
ERROR_KEY_EXPIRED = 36,
|
|
ERROR_INSUFFICIENT_RESOURCES = 37,
|
|
ERROR_INSUFFICIENT_HDCP = 38,
|
|
};
|
|
|
|
struct OemCryptoSecureBuffer {
|
|
// buffer_handle should be passed to the ProtectedBufferManager service in
|
|
// the GPU in order to retrieve the shared memory handle that corresponds
|
|
// to the actual secure buffer. It should then be mapped and data written at
|
|
// offset up until offset + max_length.
|
|
handle buffer_handle;
|
|
uint32 max_length;
|
|
uint32 offset;
|
|
};
|
|
|
|
[Extensible]
|
|
enum OemCryptoCipherMode {
|
|
CIPHER_MODE_CTR = 0,
|
|
CIPHER_MODE_CBC = 1,
|
|
};
|
|
|
|
struct OemCryptoKeyObject {
|
|
uint32 key_id_offset;
|
|
uint32 key_id_length;
|
|
uint32 key_data_iv_offset;
|
|
uint32 key_data_offset;
|
|
uint32 key_data_length;
|
|
uint32 key_control_iv_offset;
|
|
uint32 key_control_offset;
|
|
OemCryptoCipherMode cipher_mode;
|
|
};
|
|
|
|
struct OemCryptoKeyRefreshObject {
|
|
uint32 key_id_offset;
|
|
uint32 key_id_length;
|
|
bool has_key_control_iv;
|
|
uint32 key_control_iv_offset;
|
|
uint32 key_control_offset;
|
|
};
|
|
|
|
[Extensible]
|
|
enum OemCryptoAlgorithm {
|
|
AES_CBC_128_NO_PADDING = 0,
|
|
HMAC_SHA265 = 1,
|
|
};
|
|
|
|
struct OemCryptoCencEncryptPatternDesc {
|
|
uint32 encrypt;
|
|
uint32 skip;
|
|
uint32 offset;
|
|
};
|
|
|
|
struct OemCryptoPstReport {
|
|
array<uint8, 20> signature;
|
|
uint8 status;
|
|
uint8 clock_security_level;
|
|
uint64 seconds_since_license_received;
|
|
uint64 seconds_since_first_decrypt;
|
|
uint64 seconds_since_last_decrypt;
|
|
};
|
|
|
|
[Extensible]
|
|
enum OemCryptoRsaPaddingScheme {
|
|
SIGN_RSASSA_PSS = 1,
|
|
SIGN_PKCS1_BLOCK1 = 2,
|
|
};
|
|
|
|
[Extensible]
|
|
enum OemCryptoHdcpCapability {
|
|
HDCP_NONE = 0,
|
|
HDCP_V1 = 1,
|
|
HDCP_V2 = 2,
|
|
HDCP_V2_1 = 3,
|
|
HDCP_V2_2 = 4,
|
|
HDCP_NO_DIGITAL_OUTPUT = 0xFF,
|
|
};
|
|
|
|
// This is the interface that implements all the calls that map to the
|
|
// OEMCrypto API itself.
|
|
// Next method ID: 36
|
|
interface OemCryptoService {
|
|
Initialize@0() => (OemCryptoResult result);
|
|
Terminate@1() => (OemCryptoResult result);
|
|
OpenSession@2() => (OemCryptoResult result, uint32 session);
|
|
CloseSession@3(uint32 session) => (OemCryptoResult result);
|
|
GenerateDerivedKeys@4(uint32 session, array<uint8> mac_key_context,
|
|
array<uint8> enc_key_context)
|
|
=> (OemCryptoResult result);
|
|
GenerateNonce@5(uint32 session) => (OemCryptoResult result, uint32 nonce);
|
|
GenerateSignature@6(uint32 session, array<uint8> message)
|
|
=> (OemCryptoResult result, array<uint8>? signature);
|
|
// The offset values are offsets into the message parameter for those values.
|
|
// If they have a length and it's zero, then they are NULL; if there is no
|
|
// length param then a bool param is there to indicate presence.
|
|
LoadKeys@7(uint32 session, array<uint8> message, array<uint8> signature,
|
|
bool has_enc_mac_keys, uint32 enc_mac_keys_iv_offset,
|
|
uint32 enc_mac_keys_offset, array<OemCryptoKeyObject> key_array,
|
|
uint32 pst_offset, uint32 pst_length)
|
|
=> (OemCryptoResult result);
|
|
RefreshKeys@8(uint32 session, array<uint8> message, array<uint8> signature,
|
|
array<OemCryptoKeyRefreshObject> key_array)
|
|
=> (OemCryptoResult result);
|
|
QueryKeyControl@9(uint32 session, array<uint8> key_id)
|
|
=> (OemCryptoResult result, array<uint8>? key_control_block);
|
|
SelectKey@10(uint32 session, array<uint8> key_id)
|
|
=> (OemCryptoResult result);
|
|
// For decrypting to a secure buffer, pass in the secure_buffer parameter,
|
|
// otherwise it will return the contents decrypted into a clear buffer in the
|
|
// returned array. It will only do that if the drm policy allows it.
|
|
DecryptCenc@11(uint32 session, array<uint8> data, bool is_encrypted,
|
|
array<uint8, 16> iv, uint32 block_offset,
|
|
OemCryptoSecureBuffer? secure_buffer,
|
|
OemCryptoCencEncryptPatternDesc pattern)
|
|
=> (OemCryptoResult result, array<uint8>? decrypted_data);
|
|
GenericEncrypt@12(uint32 session, array<uint8> data, array<uint8, 16> iv,
|
|
OemCryptoAlgorithm algorithm) =>
|
|
(OemCryptoResult result, array<uint8>? encrypted_data);
|
|
GenericDecrypt@13(uint32 session, array<uint8> data, array<uint8, 16> iv,
|
|
OemCryptoAlgorithm algorithm) =>
|
|
(OemCryptoResult result, array<uint8>? decrypted_data);
|
|
GenericSign@14(uint32 session, array<uint8> data,
|
|
OemCryptoAlgorithm algorithm) =>
|
|
(OemCryptoResult result, array<uint8>? signature);
|
|
GenericVerify@15(uint32 session, array<uint8> data,
|
|
OemCryptoAlgorithm algorithm, array<uint8> signature) =>
|
|
(OemCryptoResult result);
|
|
CopyBuffer@16(array<uint8> data, OemCryptoSecureBuffer out_buffer)
|
|
=> (OemCryptoResult result);
|
|
LoadTestKeybox@17() => (OemCryptoResult result);
|
|
IsKeyboxValid@18() => (OemCryptoResult result);
|
|
GetDeviceId@19() => (OemCryptoResult result, array<uint8>? device_id);
|
|
GetKeyData@20() => (OemCryptoResult result, array<uint8>? key_data);
|
|
GetRandom@21(uint32 length) => (OemCryptoResult result, array<uint8>? data);
|
|
GetNumberOfOpenSessions@22() => (OemCryptoResult result, uint32 num);
|
|
GetMaxNumberOfSessions@23() => (OemCryptoResult result, uint32 max);
|
|
RewrapDeviceRsaKey@24(uint32 session, array<uint8> message,
|
|
array<uint8> signature, uint32 nonce_offset,
|
|
uint32 enc_rsa_key_offset, uint32 enc_rsa_key_length,
|
|
uint32 enc_rsa_key_iv_offset)
|
|
=> (OemCryptoResult result, array<uint8>? wrapped_key);
|
|
LoadDeviceRsaKey@25(uint32 session, array<uint8> wrapped_rsa_key)
|
|
=> (OemCryptoResult result);
|
|
GenerateRsaSignature@26(uint32 session, array<uint8> message,
|
|
OemCryptoRsaPaddingScheme padding_scheme)
|
|
=> (OemCryptoResult result, array<uint8>? signature);
|
|
DeriveKeysFromSessionKey@27(uint32 session, array<uint8> enc_session_key,
|
|
array<uint8> mac_key_context,
|
|
array<uint8> enc_key_context)
|
|
=> (OemCryptoResult result);
|
|
SecurityPatchLevel@28() => (uint8 security_patch_level);
|
|
GetHdcpCapability@29() => (OemCryptoResult result,
|
|
OemCryptoHdcpCapability current,
|
|
OemCryptoHdcpCapability maximum);
|
|
UpdateUsageTable@30() => (OemCryptoResult result);
|
|
DeactivateUsageEntry@31(array<uint8> pst) => (OemCryptoResult result);
|
|
ReportUsage@32(uint32 session, array<uint8> pst)
|
|
=> (OemCryptoResult result, OemCryptoPstReport? report);
|
|
DeleteUsageEntry@33(uint32 session, uint32 pst_offset, uint32 pst_length,
|
|
array<uint8> message, array<uint8> signature) =>
|
|
(OemCryptoResult result);
|
|
ForceDeleteUsageEntry@34(array<uint8> pst) => (OemCryptoResult result);
|
|
DeleteUsageTable@35() => (OemCryptoResult result);
|
|
};
|
|
|
|
// OemCryptoService is implemented as another service outside of the Browser
|
|
// process, so we need to proxy a connection to it through ArcBridge initially.
|
|
// This interface is implemented in the Browser process and also in the daemon
|
|
// that runs in Chrome OS.
|
|
// Next Method ID: 1
|
|
interface OemCryptoHost {
|
|
Connect@0(OemCryptoService& oemcryptor);
|
|
};
|
|
|
|
// OemCryptoInstance is implemented in the liboemcrypto.so library that runs in
|
|
// Android and handles the Android side of the ArcBridge connection.
|
|
// Next Method ID: 2
|
|
interface OemCryptoInstance {
|
|
// DEPRECATED: Please use Init@1 instead.
|
|
InitDeprecated@0(OemCryptoHost host_ptr);
|
|
|
|
// Establishes full-duplex communication with the host.
|
|
[MinVersion=1] Init@1(OemCryptoHost host_ptr) => ();
|
|
};
|