From patchwork Wed Jun 27 08:40:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ramalingam C X-Patchwork-Id: 10490903 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CABB660375 for ; Wed, 27 Jun 2018 08:52:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B3EAF1FE8A for ; Wed, 27 Jun 2018 08:52:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A6520285EC; Wed, 27 Jun 2018 08:52:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id F0B1C1FE8A for ; Wed, 27 Jun 2018 08:52:00 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 8D1296E7BF; Wed, 27 Jun 2018 08:50:54 +0000 (UTC) X-Original-To: intel-gfx@lists.freedesktop.org Delivered-To: intel-gfx@lists.freedesktop.org Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by gabe.freedesktop.org (Postfix) with ESMTPS id 14C5B6E7B2; Wed, 27 Jun 2018 08:50:50 +0000 (UTC) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Jun 2018 01:50:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,278,1526367600"; d="scan'208";a="211535920" Received: from mint-dev.iind.intel.com ([10.223.25.164]) by orsmga004.jf.intel.com with ESMTP; 27 Jun 2018 01:50:26 -0700 From: Ramalingam C To: intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, daniel@ffwll.ch, tomas.winkler@intel.com, alexander.usyskin@intel.com, uma.shankar@intel.com Date: Wed, 27 Jun 2018 14:10:04 +0530 Message-Id: <1530088829-11730-16-git-send-email-ramalingam.c@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1530088829-11730-1-git-send-email-ramalingam.c@intel.com> References: <1530088829-11730-1-git-send-email-ramalingam.c@intel.com> MIME-Version: 1.0 Subject: [Intel-gfx] [PATCH v5 15/40] drm/i915: Implement HDCP2.2 receiver authentication X-BeenThere: intel-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Intel graphics driver community testing & development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" X-Virus-Scanned: ClamAV using ClamSMTP Implements HDCP2.2 authentication for hdcp2.2 receivers, with following steps: Authentication and Key exchange (AKE). Locality Check (LC). Session Key Exchange(SKE). DP Errata for stream type configuration for receivers. At AKE, the HDCP Receiver’s public key certificate is verified by the HDCP Transmitter. A Master Key k m is exchanged. At LC, the HDCP Transmitter enforces locality on the content by requiring that the Round Trip Time (RTT) between a pair of messages is not more than 20 ms. At SKE, The HDCP Transmitter exchanges Session Key ks with the HDCP Receiver. In DP HDCP2.2 encryption and decryption logics use the stream type as one of the parameter. So Before enabling the Encryption DP HDCP2.2 receiver needs to be communicated with stream type. This is added to spec as ERRATA. This generic implementation is complete only with the hdcp2_shim defined. v2: Rebased. v3: No Changes. v4: %s/PARING/PAIRING Coding style fixing [Uma] v5: Rebased as part of patch reordering. Defined the functions for mei services. [Daniel] Signed-off-by: Ramalingam C --- drivers/gpu/drm/i915/intel_hdcp.c | 400 +++++++++++++++++++++++++++++++++++++- 1 file changed, 399 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/intel_hdcp.c b/drivers/gpu/drm/i915/intel_hdcp.c index 1e75b4fc978a..bb6e72807060 100644 --- a/drivers/gpu/drm/i915/intel_hdcp.c +++ b/drivers/gpu/drm/i915/intel_hdcp.c @@ -18,6 +18,7 @@ #define KEY_LOAD_TRIES 5 #define TIME_FOR_ENCRYPT_STATUS_CHANGE 32 +#define HDCP2_LC_RETRY_CNT 3 #define GET_MEI_DDI_INDEX(port) (((port) == PORT_A) ? DDI_A : \ (enum hdcp_physical_port)(port)) @@ -995,6 +996,222 @@ int intel_hdcp_check_link(struct intel_connector *connector) return ret; } +static int +hdcp2_prepare_ake_init(struct intel_connector *connector, + struct hdcp2_ake_init *ake_data) +{ + struct mei_hdcp_data *data = &connector->hdcp.mei_data; + struct drm_i915_private *dev_priv = to_i915(connector->base.dev); + struct i915_hdcp_component *comp = dev_priv->hdcp_comp; + int ret; + + if (!comp) + return -EINVAL; + + mutex_lock(&comp->mutex); + if (!comp->ops || !comp->mei_cldev) { + mutex_unlock(&comp->mutex); + return -EINVAL; + } + + if (data->port == INVALID_PORT && connector->encoder) + data->port = GET_MEI_DDI_INDEX(connector->encoder->port); + + /* Clear ME FW instance for the port, just incase */ + comp->ops->close_hdcp_session(comp->mei_cldev, data); + + ret = comp->ops->initiate_hdcp2_session(comp->mei_cldev, + data, ake_data); + mutex_unlock(&comp->mutex); + + return ret; +} + +static int +hdcp2_verify_rx_cert_prepare_km(struct intel_connector *connector, + struct hdcp2_ake_send_cert *rx_cert, + bool *paired, + struct hdcp2_ake_no_stored_km *ek_pub_km, + size_t *msg_sz) +{ + struct mei_hdcp_data *data = &connector->hdcp.mei_data; + struct drm_i915_private *dev_priv = to_i915(connector->base.dev); + struct i915_hdcp_component *comp = dev_priv->hdcp_comp; + int ret; + + if (!comp) + return -EINVAL; + + mutex_lock(&comp->mutex); + if (!comp->ops || !comp->mei_cldev || data->port == INVALID_PORT) { + mutex_unlock(&comp->mutex); + return -EINVAL; + } + + ret = comp->ops->verify_receiver_cert_prepare_km(comp->mei_cldev, data, + rx_cert, paired, + ek_pub_km, msg_sz); + if (ret < 0) + comp->ops->close_hdcp_session(comp->mei_cldev, data); + + mutex_unlock(&comp->mutex); + return ret; +} + +static int hdcp2_verify_hprime(struct intel_connector *connector, + struct hdcp2_ake_send_hprime *rx_hprime) +{ + struct mei_hdcp_data *data = &connector->hdcp.mei_data; + struct drm_i915_private *dev_priv = to_i915(connector->base.dev); + struct i915_hdcp_component *comp = dev_priv->hdcp_comp; + int ret; + + if (!comp) + return -EINVAL; + + mutex_lock(&comp->mutex); + if (!comp->ops || !comp->mei_cldev || data->port == INVALID_PORT) { + mutex_unlock(&comp->mutex); + return -EINVAL; + } + + ret = comp->ops->verify_hprime(comp->mei_cldev, data, rx_hprime); + if (ret < 0) + comp->ops->close_hdcp_session(comp->mei_cldev, data); + + mutex_unlock(&comp->mutex); + return ret; +} + +static int +hdcp2_store_pairing_info(struct intel_connector *connector, + struct hdcp2_ake_send_pairing_info *pairing_info) +{ + struct mei_hdcp_data *data = &connector->hdcp.mei_data; + struct drm_i915_private *dev_priv = to_i915(connector->base.dev); + struct i915_hdcp_component *comp = dev_priv->hdcp_comp; + int ret; + + if (!comp) + return -EINVAL; + + mutex_lock(&comp->mutex); + if (!comp->ops || !comp->mei_cldev || data->port == INVALID_PORT) { + mutex_unlock(&comp->mutex); + return -EINVAL; + } + + ret = comp->ops->store_pairing_info(comp->mei_cldev, + data, pairing_info); + if (ret < 0) + comp->ops->close_hdcp_session(comp->mei_cldev, data); + + mutex_unlock(&comp->mutex); + return ret; +} + +static int +hdcp2_prepare_lc_init(struct intel_connector *connector, + struct hdcp2_lc_init *lc_init) +{ + struct mei_hdcp_data *data = &connector->hdcp.mei_data; + struct drm_i915_private *dev_priv = to_i915(connector->base.dev); + struct i915_hdcp_component *comp = dev_priv->hdcp_comp; + int ret; + + if (!comp) + return -EINVAL; + + mutex_lock(&comp->mutex); + if (!comp->ops || !comp->mei_cldev || data->port == INVALID_PORT) { + mutex_unlock(&comp->mutex); + return -EINVAL; + } + + ret = comp->ops->initiate_locality_check(comp->mei_cldev, + data, lc_init); + if (ret < 0) + comp->ops->close_hdcp_session(comp->mei_cldev, data); + + mutex_unlock(&comp->mutex); + return ret; +} + +static int +hdcp2_verify_lprime(struct intel_connector *connector, + struct hdcp2_lc_send_lprime *rx_lprime) +{ + struct mei_hdcp_data *data = &connector->hdcp.mei_data; + struct drm_i915_private *dev_priv = to_i915(connector->base.dev); + struct i915_hdcp_component *comp = dev_priv->hdcp_comp; + int ret; + + if (!comp) + return -EINVAL; + + mutex_lock(&comp->mutex); + if (!comp->ops || !comp->mei_cldev || data->port == INVALID_PORT) { + mutex_unlock(&comp->mutex); + return -EINVAL; + } + + ret = comp->ops->verify_lprime(comp->mei_cldev, data, rx_lprime); + if (ret < 0) + comp->ops->close_hdcp_session(comp->mei_cldev, data); + + mutex_unlock(&comp->mutex); + return ret; +} + +static int hdcp2_prepare_skey(struct intel_connector *connector, + struct hdcp2_ske_send_eks *ske_data) +{ + struct mei_hdcp_data *data = &connector->hdcp.mei_data; + struct drm_i915_private *dev_priv = to_i915(connector->base.dev); + struct i915_hdcp_component *comp = dev_priv->hdcp_comp; + int ret; + + if (!comp) + return -EINVAL; + + mutex_lock(&comp->mutex); + if (!comp->ops || !comp->mei_cldev || data->port == INVALID_PORT) { + mutex_unlock(&comp->mutex); + return -EINVAL; + } + + ret = comp->ops->get_session_key(comp->mei_cldev, data, ske_data); + if (ret < 0) + comp->ops->close_hdcp_session(comp->mei_cldev, data); + + mutex_unlock(&comp->mutex); + return ret; +} + +static int hdcp2_authenticate_port(struct intel_connector *connector) +{ + struct mei_hdcp_data *data = &connector->hdcp.mei_data; + struct drm_i915_private *dev_priv = to_i915(connector->base.dev); + struct i915_hdcp_component *comp = dev_priv->hdcp_comp; + int ret; + + if (!comp) + return -EINVAL; + + mutex_lock(&comp->mutex); + if (!comp->ops || !comp->mei_cldev || data->port == INVALID_PORT) { + mutex_unlock(&comp->mutex); + return -EINVAL; + } + + ret = comp->ops->enable_hdcp_authentication(comp->mei_cldev, data); + if (ret < 0) + comp->ops->close_hdcp_session(comp->mei_cldev, data); + + mutex_unlock(&comp->mutex); + return ret; +} + static int hdcp2_close_mei_session(struct intel_connector *connector) { struct mei_hdcp_data *data = &connector->hdcp.mei_data; @@ -1021,11 +1238,192 @@ static int hdcp2_deauthenticate_port(struct intel_connector *connector) return hdcp2_close_mei_session(connector); } -static int hdcp2_authenticate_sink(struct intel_connector *connector) +/* Authentication flow starts from here */ +static int hdcp2_authentication_key_exchange(struct intel_connector *connector) +{ + struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector); + struct intel_hdcp *hdcp = &connector->hdcp; + union { + struct hdcp2_ake_init ake_init; + struct hdcp2_ake_send_cert send_cert; + struct hdcp2_ake_no_stored_km no_stored_km; + struct hdcp2_ake_send_hprime send_hprime; + struct hdcp2_ake_send_pairing_info pairing_info; + } msgs; + const struct intel_hdcp_shim *shim = hdcp->hdcp_shim; + size_t size; + int ret; + + /* Init for seq_num */ + hdcp->seq_num_v = 0; + hdcp->seq_num_m = 0; + + ret = hdcp2_prepare_ake_init(connector, &msgs.ake_init); + if (ret < 0) + return ret; + + ret = shim->write_2_2_msg(intel_dig_port, &msgs.ake_init, + sizeof(msgs.ake_init)); + if (ret < 0) + return ret; + + ret = shim->read_2_2_msg(intel_dig_port, HDCP_2_2_AKE_SEND_CERT, + &msgs.send_cert, sizeof(msgs.send_cert)); + if (ret < 0) + return ret; + + if (msgs.send_cert.rx_caps[0] != HDCP_2_2_RX_CAPS_VERSION_VAL) + return -EINVAL; + + hdcp->is_repeater = HDCP_2_2_RX_REPEATER(msgs.send_cert.rx_caps[2]); + + /* + * Here msgs.no_stored_km will hold msgs corresponding to the km + * stored also. + */ + ret = hdcp2_verify_rx_cert_prepare_km(connector, &msgs.send_cert, + &hdcp->is_paired, + &msgs.no_stored_km, &size); + if (ret < 0) + return ret; + + ret = shim->write_2_2_msg(intel_dig_port, &msgs.no_stored_km, size); + if (ret < 0) + return ret; + + ret = shim->read_2_2_msg(intel_dig_port, HDCP_2_2_AKE_SEND_HPRIME, + &msgs.send_hprime, sizeof(msgs.send_hprime)); + if (ret < 0) + return ret; + + ret = hdcp2_verify_hprime(connector, &msgs.send_hprime); + if (ret < 0) + return ret; + + if (!hdcp->is_paired) { + /* Pairing is required */ + ret = shim->read_2_2_msg(intel_dig_port, + HDCP_2_2_AKE_SEND_PAIRING_INFO, + &msgs.pairing_info, + sizeof(msgs.pairing_info)); + if (ret < 0) + return ret; + + ret = hdcp2_store_pairing_info(connector, &msgs.pairing_info); + if (ret < 0) + return ret; + hdcp->is_paired = true; + } + + return 0; +} + +static int hdcp2_locality_check(struct intel_connector *connector) +{ + struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector); + struct intel_hdcp *hdcp = &connector->hdcp; + union { + struct hdcp2_lc_init lc_init; + struct hdcp2_lc_send_lprime send_lprime; + } msgs; + const struct intel_hdcp_shim *shim = hdcp->hdcp_shim; + int tries = HDCP2_LC_RETRY_CNT, ret, i; + + for (i = 0; i < tries; i++) { + ret = hdcp2_prepare_lc_init(connector, &msgs.lc_init); + if (ret < 0) + continue; + + ret = shim->write_2_2_msg(intel_dig_port, &msgs.lc_init, + sizeof(msgs.lc_init)); + if (ret < 0) + continue; + + ret = shim->read_2_2_msg(intel_dig_port, + HDCP_2_2_LC_SEND_LPRIME, + &msgs.send_lprime, + sizeof(msgs.send_lprime)); + if (ret < 0) + continue; + + ret = hdcp2_verify_lprime(connector, &msgs.send_lprime); + if (!ret) + break; + } + + return ret; +} + +static int hdcp2_session_key_exchange(struct intel_connector *connector) { + struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector); + struct intel_hdcp *hdcp = &connector->hdcp; + struct hdcp2_ske_send_eks send_eks; + int ret; + + ret = hdcp2_prepare_skey(connector, &send_eks); + if (ret < 0) + return ret; + + ret = hdcp->hdcp_shim->write_2_2_msg(intel_dig_port, &send_eks, + sizeof(send_eks)); + if (ret < 0) + return ret; + return 0; } +static int hdcp2_authenticate_sink(struct intel_connector *connector) +{ + struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector); + struct intel_hdcp *hdcp = &connector->hdcp; + const struct intel_hdcp_shim *shim = hdcp->hdcp_shim; + struct hdcp2_dp_errata_stream_type stream_type_msg; + int ret; + + ret = hdcp2_authentication_key_exchange(connector); + if (ret < 0) { + DRM_DEBUG_KMS("AKE Failed. Err : %d\n", ret); + return ret; + } + + ret = hdcp2_locality_check(connector); + if (ret < 0) { + DRM_DEBUG_KMS("Locality Check failed. Err : %d\n", ret); + return ret; + } + + ret = hdcp2_session_key_exchange(connector); + if (ret < 0) { + DRM_DEBUG_KMS("SKE Failed. Err : %d\n", ret); + return ret; + } + + if (!hdcp->is_repeater && shim->config_stream_type) { + /* + * Errata for DP: As Stream type is used for encryption, + * Receiver should be communicated with stream type for the + * decryption of the content. + * Repeater will be communicated with stream type as a + * part of it's auth later in time. + */ + stream_type_msg.msg_id = HDCP_2_2_ERRATA_DP_STREAM_TYPE; + stream_type_msg.stream_type = hdcp->content_type; + + ret = shim->config_stream_type(intel_dig_port, &stream_type_msg, + sizeof(stream_type_msg)); + if (ret < 0) + return ret; + } + + hdcp->mei_data.streams[0].stream_type = hdcp->content_type; + ret = hdcp2_authenticate_port(connector); + if (ret < 0) + return ret; + + return ret; +} + static int hdcp2_enable_encryption(struct intel_connector *connector) { struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);