[Intel-gfx] [PATCH v3 23/40] drm/i915: Implement HDCP2.2 receiver authentication

Shankar, Uma uma.shankar at intel.com
Wed May 9 15:20:36 UTC 2018 


>-----Original Message-----
>From: Intel-gfx [mailto:intel-gfx-bounces at lists.freedesktop.org] On Behalf Of
>Ramalingam C
>Sent: Tuesday, April 3, 2018 7:28 PM
>To: intel-gfx at lists.freedesktop.org; dri-devel at lists.freedesktop.org;
>seanpaul at chromium.org; daniel at ffwll.ch; chris at chris-wilson.co.uk;
>jani.nikula at linux.intel.com; Winkler, Tomas <tomas.winkler at intel.com>;
>Usyskin, Alexander <alexander.usyskin at intel.com>
>Cc: Vivi, Rodrigo <rodrigo.vivi at intel.com>
>Subject: [Intel-gfx] [PATCH v3 23/40] drm/i915: Implement HDCP2.2 receiver
>authentication
>
>Implements HDCP2.2 authentication for hdcp2.2 receivers, with following steps:
>	Authentication and Key enchange (AKE).

Typo in exchange.

>	Locality Check (LC).
>	Session Key Exchange(SKE).
>	DP Errata for stream type confuguration for receivers.

Typo in configuration.

>
>At AKE, the HDCP Receiver’s public key certificate is verified by the HDCP
>Transmitter. A Master Key k m is exchanged.
>
>At LC, the HDCP Transmitter enforces locality on the content by requiring that the
>Round Trip Time (RTT) between a pair of messages is not more than 20 ms.
>
>At SKE, The HDCP Transmitter exchanges Session Key ks with the HDCP Receiver.
>
>In DP HDCP2.2 encryption and decryption logics use the stream type as one of the
>parameter. So Before enabling the Encryption DP HDCP2.2 receiver needs to be
>communicated with stream type. This is added to spec as ERRATA.
>
>This generic implementation is complete only with the hdcp2_shim defined.
>
>v2:
>  Rebased.
>v3:
>  No Changes.
>
>Signed-off-by: Ramalingam C <ramalingam.c at intel.com>
>---
> drivers/gpu/drm/i915/intel_hdcp.c | 184
>++++++++++++++++++++++++++++++++++++++
> 1 file changed, 184 insertions(+)
>
>diff --git a/drivers/gpu/drm/i915/intel_hdcp.c
>b/drivers/gpu/drm/i915/intel_hdcp.c
>index b4d56b21cf9b..ee9b7519fe73 100644
>--- a/drivers/gpu/drm/i915/intel_hdcp.c
>+++ b/drivers/gpu/drm/i915/intel_hdcp.c
>@@ -18,6 +18,7 @@
> #define GET_MEI_DDI_INDEX(port)		(((port) == PORT_A) ? DDI_A : \
> 					 (enum hdcp_physical_port) (port))
> #define KEY_LOAD_TRIES	5
>+#define HDCP2_LC_RETRY_CNT		3
>
> static int intel_hdcp_poll_ksv_fifo(struct intel_digital_port *intel_dig_port,
> 				    const struct intel_hdcp_shim *shim) @@ -
>1011,3 +1012,186 @@ static inline int hdcp2_deauthenticate_port(struct
>intel_hdcp *hdcp)  {
> 	return hdcp2_close_mei_session(hdcp);
> }
>+
>+static int hdcp2_authentication_key_exchange(struct intel_connector
>+*connector) {
>+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
>+	struct intel_hdcp *hdcp = &connector->hdcp;
>+	union {
>+		struct hdcp2_ake_init ake_init;
>+		struct hdcp2_ake_send_cert send_cert;
>+		struct hdcp2_ake_no_stored_km no_stored_km;
>+		struct hdcp2_ake_send_hprime send_hprime;
>+		struct hdcp2_ake_send_pairing_info pairing_info;
>+	} msgs;
>+	const struct intel_hdcp_shim *shim = hdcp->hdcp_shim;
>+	size_t size;
>+	int ret;
>+
>+	/* Init for seq_num */
>+	hdcp->seq_num_v = 0;
>+	hdcp->seq_num_m = 0;
>+
>+	ret = hdcp2_prepare_ake_init(hdcp, &msgs.ake_init);
>+	if (ret < 0)
>+		return ret;
>+
>+	ret = shim->write_2_2_msg(intel_dig_port, &msgs.ake_init,
>+				  sizeof(msgs.ake_init));
>+	if (ret < 0)
>+		return ret;
>+
>+	ret = shim->read_2_2_msg(intel_dig_port, HDCP_2_2_AKE_SEND_CERT,
>+				 &msgs.send_cert, sizeof(msgs.send_cert));
>+	if (ret < 0)
>+		return ret;
>+
>+	if (msgs.send_cert.rx_caps[0] != HDCP_2_2_RX_CAPS_VERSION_VAL)
>+		return -EINVAL;
>+
>+	hdcp->is_repeater =
>HDCP_2_2_RX_REPEATER(msgs.send_cert.rx_caps[2]);
>+
>+	/*
>+	 * Here msgs.no_stored_km will hold msgs corresponding to the km
>+	 * stored also.
>+	 */
>+	ret = hdcp2_verify_rx_cert_prepare_km(hdcp, &msgs.send_cert,
>+					      &hdcp->is_paired,
>+					      &msgs.no_stored_km, &size);
>+	if (ret < 0)
>+		return ret;
>+
>+	ret = shim->write_2_2_msg(intel_dig_port, &msgs.no_stored_km, size);
>+	if (ret < 0)
>+		return ret;
>+
>+	ret = shim->read_2_2_msg(intel_dig_port,
>HDCP_2_2_AKE_SEND_HPRIME,
>+				 &msgs.send_hprime,
>sizeof(msgs.send_hprime));
>+	if (ret < 0)
>+		return ret;
>+
>+	ret = hdcp2_verify_hprime(hdcp, &msgs.send_hprime);
>+	if (ret < 0)
>+		return ret;
>+
>+	if (!hdcp->is_paired) {
>+		/* Pairing is required */
>+		ret = shim->read_2_2_msg(intel_dig_port,
>+					 HDCP_2_2_AKE_SEND_PARING_INFO,
>+					 &msgs.pairing_info,
>+					 sizeof(msgs.pairing_info));
>+		if (ret < 0)
>+			return ret;
>+
>+		ret = hdcp2_store_paring_info(hdcp, &msgs.pairing_info);
>+		if (ret < 0)
>+			return ret;
>+		hdcp->is_paired = true;
>+	}

Leave a blank line here.

>+	return 0;
>+}
>+
>+static int hdcp2_locality_check(struct intel_connector *connector) {
>+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
>+	struct intel_hdcp *hdcp = &connector->hdcp;
>+	union {
>+		struct hdcp2_lc_init lc_init;
>+		struct hdcp2_lc_send_lprime send_lprime;
>+	} msgs;
>+	const struct intel_hdcp_shim *shim = hdcp->hdcp_shim;
>+	int tries = HDCP2_LC_RETRY_CNT, ret, i;
>+
>+	for (i = 0; i < tries; i++) {
>+		ret = hdcp2_prepare_lc_init(hdcp, &msgs.lc_init);
>+		if (ret < 0)
>+			continue;
>+
>+		ret = shim->write_2_2_msg(intel_dig_port, &msgs.lc_init,
>+				      sizeof(msgs.lc_init));
>+		if (ret < 0)
>+			continue;
>+
>+		ret = shim->read_2_2_msg(intel_dig_port,
>+					 HDCP_2_2_LC_SEND_LPRIME,
>+					 &msgs.send_lprime,
>+					 sizeof(msgs.send_lprime));
>+		if (ret < 0)
>+			continue;
>+
>+		ret = hdcp2_verify_lprime(hdcp, &msgs.send_lprime);
>+		if (!ret)
>+			break;
>+	}

Leave a blank line.

>+	return ret;
>+}
>+
>+static int hdcp2_session_key_exchange(struct intel_connector
>+*connector) {
>+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
>+	struct intel_hdcp *hdcp = &connector->hdcp;
>+	struct hdcp2_ske_send_eks send_eks;
>+	int ret;
>+
>+	ret = hdcp2_prepare_skey(hdcp, &send_eks);
>+	if (ret < 0)
>+		return ret;
>+
>+	ret = hdcp->hdcp_shim->write_2_2_msg(intel_dig_port, &send_eks,
>+					     sizeof(send_eks));
>+	if (ret < 0)
>+		return ret;
>+
>+	return 0;
>+}
>+
>+static int hdcp2_authenticate_sink(struct intel_connector *connector) {
>+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
>+	struct intel_hdcp *hdcp = &connector->hdcp;
>+	const struct intel_hdcp_shim *shim = hdcp->hdcp_shim;
>+	struct hdcp2_dp_errata_stream_type stream_type_msg;
>+	int ret;
>+
>+	ret = hdcp2_authentication_key_exchange(connector);
>+	if (ret < 0) {
>+		DRM_DEBUG_KMS("AKE Failed. Err : %d\n", ret);
>+		return ret;
>+	}
>+
>+	ret = hdcp2_locality_check(connector);
>+	if (ret < 0) {
>+		DRM_DEBUG_KMS("Locality Check failed. Err : %d\n", ret);
>+		return ret;
>+	}
>+
>+	ret = hdcp2_session_key_exchange(connector);
>+	if (ret < 0) {
>+		DRM_DEBUG_KMS("SKE Failed. Err : %d\n", ret);
>+		return ret;
>+	}
>+
>+	if (!hdcp->is_repeater && shim->config_stream_type) {
>+
>+		/* Errata for DP: As Stream type is used for encryption,

Incorrect multi line comment style.

>+		 * Receiver should be communicated with stream type for the
>+		 * decryption of the content.
>+		 * Repeater will be communicated with stream type as a
>+		 * part of it's auth in later in time

Remove "in"

>+		 */
>+		stream_type_msg.msg_id =
>HDCP_2_2_ERRATA_DP_STREAM_TYPE;
>+		stream_type_msg.stream_type = hdcp->content_type;
>+
>+		ret = shim->config_stream_type(intel_dig_port,
>&stream_type_msg,
>+					       sizeof(stream_type_msg));
>+		if (ret < 0)
>+			return ret;
>+	}
>+
>+	hdcp->mei_data.streams[0].stream_type = hdcp->content_type;
>+	ret = hdcp2_authenticate_port(hdcp);
>+	if (ret < 0)
>+		return ret;
>+
>+	return ret;
>+}
>--
>2.7.4
>
>_______________________________________________
>Intel-gfx mailing list
>Intel-gfx at lists.freedesktop.org
>https://lists.freedesktop.org/mailman/listinfo/intel-gfx

More information about the dri-devel mailing list