diff mbox

[v3,23/40] drm/i915: Implement HDCP2.2 receiver authentication

Message ID 1522763873-23041-24-git-send-email-ramalingam.c@intel.com (mailing list archive)
State New, archived
Headers show

Commit Message

Ramalingam C April 3, 2018, 1:57 p.m. UTC
Implements HDCP2.2 authentication for hdcp2.2 receivers, with
following steps:
	Authentication and Key enchange (AKE).
	Locality Check (LC).
	Session Key Exchange(SKE).
	DP Errata for stream type confuguration for receivers.

At AKE, the HDCP Receiver’s public key certificate is verified by the
HDCP Transmitter. A Master Key k m is exchanged.

At LC, the HDCP Transmitter enforces locality on the content by
requiring that the Round Trip Time (RTT) between a pair of messages
is not more than 20 ms.

At SKE, The HDCP Transmitter exchanges Session Key ks with
the HDCP Receiver.

In DP HDCP2.2 encryption and decryption logics use the stream type as
one of the parameter. So Before enabling the Encryption DP HDCP2.2
receiver needs to be communicated with stream type. This is added to
spec as ERRATA.

This generic implementation is complete only with the hdcp2_shim
defined.

v2:
  Rebased.
v3:
  No Changes.

Signed-off-by: Ramalingam C <ramalingam.c@intel.com>
---
 drivers/gpu/drm/i915/intel_hdcp.c | 184 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 184 insertions(+)

Comments

Uma Shankar May 9, 2018, 3:20 p.m. UTC | #1
>-----Original Message-----

>From: Intel-gfx [mailto:intel-gfx-bounces@lists.freedesktop.org] On Behalf Of

>Ramalingam C

>Sent: Tuesday, April 3, 2018 7:28 PM

>To: intel-gfx@lists.freedesktop.org; dri-devel@lists.freedesktop.org;

>seanpaul@chromium.org; daniel@ffwll.ch; chris@chris-wilson.co.uk;

>jani.nikula@linux.intel.com; Winkler, Tomas <tomas.winkler@intel.com>;

>Usyskin, Alexander <alexander.usyskin@intel.com>

>Cc: Vivi, Rodrigo <rodrigo.vivi@intel.com>

>Subject: [Intel-gfx] [PATCH v3 23/40] drm/i915: Implement HDCP2.2 receiver

>authentication

>

>Implements HDCP2.2 authentication for hdcp2.2 receivers, with following steps:

>	Authentication and Key enchange (AKE).


Typo in exchange.

>	Locality Check (LC).

>	Session Key Exchange(SKE).

>	DP Errata for stream type confuguration for receivers.


Typo in configuration.

>

>At AKE, the HDCP Receiver’s public key certificate is verified by the HDCP

>Transmitter. A Master Key k m is exchanged.

>

>At LC, the HDCP Transmitter enforces locality on the content by requiring that the

>Round Trip Time (RTT) between a pair of messages is not more than 20 ms.

>

>At SKE, The HDCP Transmitter exchanges Session Key ks with the HDCP Receiver.

>

>In DP HDCP2.2 encryption and decryption logics use the stream type as one of the

>parameter. So Before enabling the Encryption DP HDCP2.2 receiver needs to be

>communicated with stream type. This is added to spec as ERRATA.

>

>This generic implementation is complete only with the hdcp2_shim defined.

>

>v2:

>  Rebased.

>v3:

>  No Changes.

>

>Signed-off-by: Ramalingam C <ramalingam.c@intel.com>

>---

> drivers/gpu/drm/i915/intel_hdcp.c | 184

>++++++++++++++++++++++++++++++++++++++

> 1 file changed, 184 insertions(+)

>

>diff --git a/drivers/gpu/drm/i915/intel_hdcp.c

>b/drivers/gpu/drm/i915/intel_hdcp.c

>index b4d56b21cf9b..ee9b7519fe73 100644

>--- a/drivers/gpu/drm/i915/intel_hdcp.c

>+++ b/drivers/gpu/drm/i915/intel_hdcp.c

>@@ -18,6 +18,7 @@

> #define GET_MEI_DDI_INDEX(port)		(((port) == PORT_A) ? DDI_A : \

> 					 (enum hdcp_physical_port) (port))

> #define KEY_LOAD_TRIES	5

>+#define HDCP2_LC_RETRY_CNT		3

>

> static int intel_hdcp_poll_ksv_fifo(struct intel_digital_port *intel_dig_port,

> 				    const struct intel_hdcp_shim *shim) @@ -

>1011,3 +1012,186 @@ static inline int hdcp2_deauthenticate_port(struct

>intel_hdcp *hdcp)  {

> 	return hdcp2_close_mei_session(hdcp);

> }

>+

>+static int hdcp2_authentication_key_exchange(struct intel_connector

>+*connector) {

>+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);

>+	struct intel_hdcp *hdcp = &connector->hdcp;

>+	union {

>+		struct hdcp2_ake_init ake_init;

>+		struct hdcp2_ake_send_cert send_cert;

>+		struct hdcp2_ake_no_stored_km no_stored_km;

>+		struct hdcp2_ake_send_hprime send_hprime;

>+		struct hdcp2_ake_send_pairing_info pairing_info;

>+	} msgs;

>+	const struct intel_hdcp_shim *shim = hdcp->hdcp_shim;

>+	size_t size;

>+	int ret;

>+

>+	/* Init for seq_num */

>+	hdcp->seq_num_v = 0;

>+	hdcp->seq_num_m = 0;

>+

>+	ret = hdcp2_prepare_ake_init(hdcp, &msgs.ake_init);

>+	if (ret < 0)

>+		return ret;

>+

>+	ret = shim->write_2_2_msg(intel_dig_port, &msgs.ake_init,

>+				  sizeof(msgs.ake_init));

>+	if (ret < 0)

>+		return ret;

>+

>+	ret = shim->read_2_2_msg(intel_dig_port, HDCP_2_2_AKE_SEND_CERT,

>+				 &msgs.send_cert, sizeof(msgs.send_cert));

>+	if (ret < 0)

>+		return ret;

>+

>+	if (msgs.send_cert.rx_caps[0] != HDCP_2_2_RX_CAPS_VERSION_VAL)

>+		return -EINVAL;

>+

>+	hdcp->is_repeater =

>HDCP_2_2_RX_REPEATER(msgs.send_cert.rx_caps[2]);

>+

>+	/*

>+	 * Here msgs.no_stored_km will hold msgs corresponding to the km

>+	 * stored also.

>+	 */

>+	ret = hdcp2_verify_rx_cert_prepare_km(hdcp, &msgs.send_cert,

>+					      &hdcp->is_paired,

>+					      &msgs.no_stored_km, &size);

>+	if (ret < 0)

>+		return ret;

>+

>+	ret = shim->write_2_2_msg(intel_dig_port, &msgs.no_stored_km, size);

>+	if (ret < 0)

>+		return ret;

>+

>+	ret = shim->read_2_2_msg(intel_dig_port,

>HDCP_2_2_AKE_SEND_HPRIME,

>+				 &msgs.send_hprime,

>sizeof(msgs.send_hprime));

>+	if (ret < 0)

>+		return ret;

>+

>+	ret = hdcp2_verify_hprime(hdcp, &msgs.send_hprime);

>+	if (ret < 0)

>+		return ret;

>+

>+	if (!hdcp->is_paired) {

>+		/* Pairing is required */

>+		ret = shim->read_2_2_msg(intel_dig_port,

>+					 HDCP_2_2_AKE_SEND_PARING_INFO,

>+					 &msgs.pairing_info,

>+					 sizeof(msgs.pairing_info));

>+		if (ret < 0)

>+			return ret;

>+

>+		ret = hdcp2_store_paring_info(hdcp, &msgs.pairing_info);

>+		if (ret < 0)

>+			return ret;

>+		hdcp->is_paired = true;

>+	}


Leave a blank line here.

>+	return 0;

>+}

>+

>+static int hdcp2_locality_check(struct intel_connector *connector) {

>+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);

>+	struct intel_hdcp *hdcp = &connector->hdcp;

>+	union {

>+		struct hdcp2_lc_init lc_init;

>+		struct hdcp2_lc_send_lprime send_lprime;

>+	} msgs;

>+	const struct intel_hdcp_shim *shim = hdcp->hdcp_shim;

>+	int tries = HDCP2_LC_RETRY_CNT, ret, i;

>+

>+	for (i = 0; i < tries; i++) {

>+		ret = hdcp2_prepare_lc_init(hdcp, &msgs.lc_init);

>+		if (ret < 0)

>+			continue;

>+

>+		ret = shim->write_2_2_msg(intel_dig_port, &msgs.lc_init,

>+				      sizeof(msgs.lc_init));

>+		if (ret < 0)

>+			continue;

>+

>+		ret = shim->read_2_2_msg(intel_dig_port,

>+					 HDCP_2_2_LC_SEND_LPRIME,

>+					 &msgs.send_lprime,

>+					 sizeof(msgs.send_lprime));

>+		if (ret < 0)

>+			continue;

>+

>+		ret = hdcp2_verify_lprime(hdcp, &msgs.send_lprime);

>+		if (!ret)

>+			break;

>+	}


Leave a blank line.

>+	return ret;

>+}

>+

>+static int hdcp2_session_key_exchange(struct intel_connector

>+*connector) {

>+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);

>+	struct intel_hdcp *hdcp = &connector->hdcp;

>+	struct hdcp2_ske_send_eks send_eks;

>+	int ret;

>+

>+	ret = hdcp2_prepare_skey(hdcp, &send_eks);

>+	if (ret < 0)

>+		return ret;

>+

>+	ret = hdcp->hdcp_shim->write_2_2_msg(intel_dig_port, &send_eks,

>+					     sizeof(send_eks));

>+	if (ret < 0)

>+		return ret;

>+

>+	return 0;

>+}

>+

>+static int hdcp2_authenticate_sink(struct intel_connector *connector) {

>+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);

>+	struct intel_hdcp *hdcp = &connector->hdcp;

>+	const struct intel_hdcp_shim *shim = hdcp->hdcp_shim;

>+	struct hdcp2_dp_errata_stream_type stream_type_msg;

>+	int ret;

>+

>+	ret = hdcp2_authentication_key_exchange(connector);

>+	if (ret < 0) {

>+		DRM_DEBUG_KMS("AKE Failed. Err : %d\n", ret);

>+		return ret;

>+	}

>+

>+	ret = hdcp2_locality_check(connector);

>+	if (ret < 0) {

>+		DRM_DEBUG_KMS("Locality Check failed. Err : %d\n", ret);

>+		return ret;

>+	}

>+

>+	ret = hdcp2_session_key_exchange(connector);

>+	if (ret < 0) {

>+		DRM_DEBUG_KMS("SKE Failed. Err : %d\n", ret);

>+		return ret;

>+	}

>+

>+	if (!hdcp->is_repeater && shim->config_stream_type) {

>+

>+		/* Errata for DP: As Stream type is used for encryption,


Incorrect multi line comment style.

>+		 * Receiver should be communicated with stream type for the

>+		 * decryption of the content.

>+		 * Repeater will be communicated with stream type as a

>+		 * part of it's auth in later in time


Remove "in"

>+		 */

>+		stream_type_msg.msg_id =

>HDCP_2_2_ERRATA_DP_STREAM_TYPE;

>+		stream_type_msg.stream_type = hdcp->content_type;

>+

>+		ret = shim->config_stream_type(intel_dig_port,

>&stream_type_msg,

>+					       sizeof(stream_type_msg));

>+		if (ret < 0)

>+			return ret;

>+	}

>+

>+	hdcp->mei_data.streams[0].stream_type = hdcp->content_type;

>+	ret = hdcp2_authenticate_port(hdcp);

>+	if (ret < 0)

>+		return ret;

>+

>+	return ret;

>+}

>--

>2.7.4

>

>_______________________________________________

>Intel-gfx mailing list

>Intel-gfx@lists.freedesktop.org

>https://lists.freedesktop.org/mailman/listinfo/intel-gfx
diff mbox

Patch

diff --git a/drivers/gpu/drm/i915/intel_hdcp.c b/drivers/gpu/drm/i915/intel_hdcp.c
index b4d56b21cf9b..ee9b7519fe73 100644
--- a/drivers/gpu/drm/i915/intel_hdcp.c
+++ b/drivers/gpu/drm/i915/intel_hdcp.c
@@ -18,6 +18,7 @@ 
 #define GET_MEI_DDI_INDEX(port)		(((port) == PORT_A) ? DDI_A : \
 					 (enum hdcp_physical_port) (port))
 #define KEY_LOAD_TRIES	5
+#define HDCP2_LC_RETRY_CNT		3
 
 static int intel_hdcp_poll_ksv_fifo(struct intel_digital_port *intel_dig_port,
 				    const struct intel_hdcp_shim *shim)
@@ -1011,3 +1012,186 @@  static inline int hdcp2_deauthenticate_port(struct intel_hdcp *hdcp)
 {
 	return hdcp2_close_mei_session(hdcp);
 }
+
+static int hdcp2_authentication_key_exchange(struct intel_connector *connector)
+{
+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
+	struct intel_hdcp *hdcp = &connector->hdcp;
+	union {
+		struct hdcp2_ake_init ake_init;
+		struct hdcp2_ake_send_cert send_cert;
+		struct hdcp2_ake_no_stored_km no_stored_km;
+		struct hdcp2_ake_send_hprime send_hprime;
+		struct hdcp2_ake_send_pairing_info pairing_info;
+	} msgs;
+	const struct intel_hdcp_shim *shim = hdcp->hdcp_shim;
+	size_t size;
+	int ret;
+
+	/* Init for seq_num */
+	hdcp->seq_num_v = 0;
+	hdcp->seq_num_m = 0;
+
+	ret = hdcp2_prepare_ake_init(hdcp, &msgs.ake_init);
+	if (ret < 0)
+		return ret;
+
+	ret = shim->write_2_2_msg(intel_dig_port, &msgs.ake_init,
+				  sizeof(msgs.ake_init));
+	if (ret < 0)
+		return ret;
+
+	ret = shim->read_2_2_msg(intel_dig_port, HDCP_2_2_AKE_SEND_CERT,
+				 &msgs.send_cert, sizeof(msgs.send_cert));
+	if (ret < 0)
+		return ret;
+
+	if (msgs.send_cert.rx_caps[0] != HDCP_2_2_RX_CAPS_VERSION_VAL)
+		return -EINVAL;
+
+	hdcp->is_repeater = HDCP_2_2_RX_REPEATER(msgs.send_cert.rx_caps[2]);
+
+	/*
+	 * Here msgs.no_stored_km will hold msgs corresponding to the km
+	 * stored also.
+	 */
+	ret = hdcp2_verify_rx_cert_prepare_km(hdcp, &msgs.send_cert,
+					      &hdcp->is_paired,
+					      &msgs.no_stored_km, &size);
+	if (ret < 0)
+		return ret;
+
+	ret = shim->write_2_2_msg(intel_dig_port, &msgs.no_stored_km, size);
+	if (ret < 0)
+		return ret;
+
+	ret = shim->read_2_2_msg(intel_dig_port, HDCP_2_2_AKE_SEND_HPRIME,
+				 &msgs.send_hprime, sizeof(msgs.send_hprime));
+	if (ret < 0)
+		return ret;
+
+	ret = hdcp2_verify_hprime(hdcp, &msgs.send_hprime);
+	if (ret < 0)
+		return ret;
+
+	if (!hdcp->is_paired) {
+		/* Pairing is required */
+		ret = shim->read_2_2_msg(intel_dig_port,
+					 HDCP_2_2_AKE_SEND_PARING_INFO,
+					 &msgs.pairing_info,
+					 sizeof(msgs.pairing_info));
+		if (ret < 0)
+			return ret;
+
+		ret = hdcp2_store_paring_info(hdcp, &msgs.pairing_info);
+		if (ret < 0)
+			return ret;
+		hdcp->is_paired = true;
+	}
+	return 0;
+}
+
+static int hdcp2_locality_check(struct intel_connector *connector)
+{
+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
+	struct intel_hdcp *hdcp = &connector->hdcp;
+	union {
+		struct hdcp2_lc_init lc_init;
+		struct hdcp2_lc_send_lprime send_lprime;
+	} msgs;
+	const struct intel_hdcp_shim *shim = hdcp->hdcp_shim;
+	int tries = HDCP2_LC_RETRY_CNT, ret, i;
+
+	for (i = 0; i < tries; i++) {
+		ret = hdcp2_prepare_lc_init(hdcp, &msgs.lc_init);
+		if (ret < 0)
+			continue;
+
+		ret = shim->write_2_2_msg(intel_dig_port, &msgs.lc_init,
+				      sizeof(msgs.lc_init));
+		if (ret < 0)
+			continue;
+
+		ret = shim->read_2_2_msg(intel_dig_port,
+					 HDCP_2_2_LC_SEND_LPRIME,
+					 &msgs.send_lprime,
+					 sizeof(msgs.send_lprime));
+		if (ret < 0)
+			continue;
+
+		ret = hdcp2_verify_lprime(hdcp, &msgs.send_lprime);
+		if (!ret)
+			break;
+	}
+	return ret;
+}
+
+static int hdcp2_session_key_exchange(struct intel_connector *connector)
+{
+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
+	struct intel_hdcp *hdcp = &connector->hdcp;
+	struct hdcp2_ske_send_eks send_eks;
+	int ret;
+
+	ret = hdcp2_prepare_skey(hdcp, &send_eks);
+	if (ret < 0)
+		return ret;
+
+	ret = hdcp->hdcp_shim->write_2_2_msg(intel_dig_port, &send_eks,
+					     sizeof(send_eks));
+	if (ret < 0)
+		return ret;
+
+	return 0;
+}
+
+static int hdcp2_authenticate_sink(struct intel_connector *connector)
+{
+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
+	struct intel_hdcp *hdcp = &connector->hdcp;
+	const struct intel_hdcp_shim *shim = hdcp->hdcp_shim;
+	struct hdcp2_dp_errata_stream_type stream_type_msg;
+	int ret;
+
+	ret = hdcp2_authentication_key_exchange(connector);
+	if (ret < 0) {
+		DRM_DEBUG_KMS("AKE Failed. Err : %d\n", ret);
+		return ret;
+	}
+
+	ret = hdcp2_locality_check(connector);
+	if (ret < 0) {
+		DRM_DEBUG_KMS("Locality Check failed. Err : %d\n", ret);
+		return ret;
+	}
+
+	ret = hdcp2_session_key_exchange(connector);
+	if (ret < 0) {
+		DRM_DEBUG_KMS("SKE Failed. Err : %d\n", ret);
+		return ret;
+	}
+
+	if (!hdcp->is_repeater && shim->config_stream_type) {
+
+		/* Errata for DP: As Stream type is used for encryption,
+		 * Receiver should be communicated with stream type for the
+		 * decryption of the content.
+		 * Repeater will be communicated with stream type as a
+		 * part of it's auth in later in time
+		 */
+		stream_type_msg.msg_id = HDCP_2_2_ERRATA_DP_STREAM_TYPE;
+		stream_type_msg.stream_type = hdcp->content_type;
+
+		ret = shim->config_stream_type(intel_dig_port, &stream_type_msg,
+					       sizeof(stream_type_msg));
+		if (ret < 0)
+			return ret;
+	}
+
+	hdcp->mei_data.streams[0].stream_type = hdcp->content_type;
+	ret = hdcp2_authenticate_port(hdcp);
+	if (ret < 0)
+		return ret;
+
+	return ret;
+}