All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ramalingam C <ramalingam.c@intel.com>
To: intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
	daniel.vetter@ffwll.ch, tomas.winkler@intel.com
Subject: [PATCH v8 07/35] drm/i915: Implement HDCP2.2 receiver authentication
Date: Tue, 27 Nov 2018 16:13:05 +0530	[thread overview]
Message-ID: <1543315413-24302-8-git-send-email-ramalingam.c@intel.com> (raw)
In-Reply-To: <1543315413-24302-1-git-send-email-ramalingam.c@intel.com>

Implements HDCP2.2 authentication for hdcp2.2 receivers, with
following steps:
	Authentication and Key exchange (AKE).
	Locality Check (LC).
	Session Key Exchange(SKE).
	DP Errata for stream type configuration for receivers.

At AKE, the HDCP Receiver’s public key certificate is verified by the
HDCP Transmitter. A Master Key k m is exchanged.

At LC, the HDCP Transmitter enforces locality on the content by
requiring that the Round Trip Time (RTT) between a pair of messages
is not more than 20 ms.

At SKE, The HDCP Transmitter exchanges Session Key ks with
the HDCP Receiver.

In DP HDCP2.2 encryption and decryption logics use the stream type as
one of the parameter. So Before enabling the Encryption DP HDCP2.2
receiver needs to be communicated with stream type. This is added to
spec as ERRATA.

This generic implementation is complete only with the hdcp2_shim
defined.

v2:
  Rebased.
v3:
  No Changes.
v4:
  %s/PARING/PAIRING
  Coding style fixing [Uma]
v5:
  Rebased as part of patch reordering.
  Defined the functions for mei services. [Daniel]
v6:
  Redefined the mei service functions as per comp redesign.
  Required intel_hdcp members are defined [Sean Paul]
v7:
  Typo of cipher is Fixed [Uma]
  %s/uintxx_t/uxx
  Check for comp_master is removed.
v8:
  Adjust to the new interface.
  Avoid using bool structure members. [Tomas]

Signed-off-by: Ramalingam C <ramalingam.c@intel.com>
---
 drivers/gpu/drm/i915/intel_drv.h  |  34 ++++++
 drivers/gpu/drm/i915/intel_hdcp.c | 211 +++++++++++++++++++++++++++++++++++---
 2 files changed, 230 insertions(+), 15 deletions(-)

diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h
index 3e9f21d23442..24d258488efe 100644
--- a/drivers/gpu/drm/i915/intel_drv.h
+++ b/drivers/gpu/drm/i915/intel_drv.h
@@ -387,6 +387,22 @@ struct intel_hdcp_shim {
 	/* Detects whether Panel is HDCP2.2 capable */
 	int (*hdcp_2_2_capable)(struct intel_digital_port *intel_dig_port,
 				bool *capable);
+
+	/* Write HDCP2.2 messages */
+	int (*write_2_2_msg)(struct intel_digital_port *intel_dig_port,
+			     void *buf, size_t size);
+
+	/* Read HDCP2.2 messages */
+	int (*read_2_2_msg)(struct intel_digital_port *intel_dig_port,
+			    u8 msg_id, void *buf, size_t size);
+
+	/*
+	 * Implementation of DP HDCP2.2 Errata for the communication of stream
+	 * type to Receivers. In DP HDCP2.2 Stream type is one of the input to
+	 * the HDCP2.2 Cipher for En/De-Cryption. Not applicable for HDMI.
+	 */
+	int (*config_stream_type)(struct intel_digital_port *intel_dig_port,
+				  void *buf, size_t size);
 };
 
 struct intel_hdcp {
@@ -411,6 +427,24 @@ struct intel_hdcp {
 
 	/* mei interface related information */
 	struct mei_hdcp_data mei_data;
+
+	u8 is_paired;
+	u8 is_repeater;
+
+	/*
+	 * Count of ReceiverID_List received. Initialized to 0 at AKE_INIT.
+	 * Incremented after processing the RepeaterAuth_Send_ReceiverID_List.
+	 * When it rolls over re-auth has to be triggered.
+	 */
+	u32 seq_num_v;
+
+	/*
+	 * Count of RepeaterAuth_Stream_Manage msg propagated.
+	 * Initialized to 0 on AKE_INIT. Incremented after every successful
+	 * transmission of RepeaterAuth_Stream_Manage message. When it rolls
+	 * over re-Auth has to be triggered.
+	 */
+	u32 seq_num_m;
 };
 
 struct intel_connector {
diff --git a/drivers/gpu/drm/i915/intel_hdcp.c b/drivers/gpu/drm/i915/intel_hdcp.c
index c1bd1ccd47cd..0d7fea9c9bb1 100644
--- a/drivers/gpu/drm/i915/intel_hdcp.c
+++ b/drivers/gpu/drm/i915/intel_hdcp.c
@@ -18,6 +18,7 @@
 
 #define KEY_LOAD_TRIES	5
 #define TIME_FOR_ENCRYPT_STATUS_CHANGE	50
+#define HDCP2_LC_RETRY_CNT		3
 #define GET_MEI_DDI_INDEX(p) ({                            \
 	typeof(p) __p = (p);                               \
 	__p == PORT_A ? MEI_DDI_A : (enum mei_hdcp_ddi)__p;\
@@ -876,7 +877,7 @@ bool is_hdcp_supported(struct drm_i915_private *dev_priv, enum port port)
 		!IS_CHERRYVIEW(dev_priv) && port < PORT_E);
 }
 
-static __attribute__((unused)) int
+static int
 hdcp2_prepare_ake_init(struct intel_connector *connector,
 		       struct hdcp2_ake_init *ake_data)
 {
@@ -907,7 +908,7 @@ hdcp2_prepare_ake_init(struct intel_connector *connector,
 	return ret;
 }
 
-static __attribute__((unused)) int
+static int
 hdcp2_verify_rx_cert_prepare_km(struct intel_connector *connector,
 				struct hdcp2_ake_send_cert *rx_cert,
 				bool *paired,
@@ -938,9 +939,8 @@ hdcp2_verify_rx_cert_prepare_km(struct intel_connector *connector,
 	return ret;
 }
 
-static __attribute__((unused)) int
-hdcp2_verify_hprime(struct intel_connector *connector,
-		    struct hdcp2_ake_send_hprime *rx_hprime)
+static int hdcp2_verify_hprime(struct intel_connector *connector,
+			       struct hdcp2_ake_send_hprime *rx_hprime)
 {
 	struct mei_hdcp_data *data = &connector->hdcp.mei_data;
 	struct drm_i915_private *dev_priv = to_i915(connector->base.dev);
@@ -964,7 +964,7 @@ hdcp2_verify_hprime(struct intel_connector *connector,
 	return ret;
 }
 
-static __attribute__((unused)) int
+static int
 hdcp2_store_pairing_info(struct intel_connector *connector,
 			 struct hdcp2_ake_send_pairing_info *pairing_info)
 {
@@ -991,7 +991,7 @@ hdcp2_store_pairing_info(struct intel_connector *connector,
 	return ret;
 }
 
-static __attribute__((unused)) int
+static int
 hdcp2_prepare_lc_init(struct intel_connector *connector,
 		      struct hdcp2_lc_init *lc_init)
 {
@@ -1018,7 +1018,7 @@ hdcp2_prepare_lc_init(struct intel_connector *connector,
 	return ret;
 }
 
-static __attribute__((unused)) int
+static int
 hdcp2_verify_lprime(struct intel_connector *connector,
 		    struct hdcp2_lc_send_lprime *rx_lprime)
 {
@@ -1044,9 +1044,8 @@ hdcp2_verify_lprime(struct intel_connector *connector,
 	return ret;
 }
 
-static __attribute__((unused))
-int hdcp2_prepare_skey(struct intel_connector *connector,
-		       struct hdcp2_ske_send_eks *ske_data)
+static int hdcp2_prepare_skey(struct intel_connector *connector,
+			      struct hdcp2_ske_send_eks *ske_data)
 {
 	struct mei_hdcp_data *data = &connector->hdcp.mei_data;
 	struct drm_i915_private *dev_priv = to_i915(connector->base.dev);
@@ -1126,8 +1125,7 @@ hdcp2_verify_mprime(struct intel_connector *connector,
 	return ret;
 }
 
-static __attribute__((unused))
-int hdcp2_authenticate_port(struct intel_connector *connector)
+static int hdcp2_authenticate_port(struct intel_connector *connector)
 {
 	struct mei_hdcp_data *data = &connector->hdcp.mei_data;
 	struct drm_i915_private *dev_priv = to_i915(connector->base.dev);
@@ -1178,11 +1176,194 @@ static int hdcp2_deauthenticate_port(struct intel_connector *connector)
 	return hdcp2_close_mei_session(connector);
 }
 
+/* Authentication flow starts from here */
+static int hdcp2_authentication_key_exchange(struct intel_connector *connector)
+{
+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
+	struct intel_hdcp *hdcp = &connector->hdcp;
+	union {
+		struct hdcp2_ake_init ake_init;
+		struct hdcp2_ake_send_cert send_cert;
+		struct hdcp2_ake_no_stored_km no_stored_km;
+		struct hdcp2_ake_send_hprime send_hprime;
+		struct hdcp2_ake_send_pairing_info pairing_info;
+	} msgs;
+	const struct intel_hdcp_shim *shim = hdcp->shim;
+	size_t size;
+	int ret;
+	bool is_paired;
+
+	/* Init for seq_num */
+	hdcp->seq_num_v = 0;
+	hdcp->seq_num_m = 0;
+
+	ret = hdcp2_prepare_ake_init(connector, &msgs.ake_init);
+	if (ret < 0)
+		return ret;
+
+	ret = shim->write_2_2_msg(intel_dig_port, &msgs.ake_init,
+				  sizeof(msgs.ake_init));
+	if (ret < 0)
+		return ret;
+
+	ret = shim->read_2_2_msg(intel_dig_port, HDCP_2_2_AKE_SEND_CERT,
+				 &msgs.send_cert, sizeof(msgs.send_cert));
+	if (ret < 0)
+		return ret;
+
+	if (msgs.send_cert.rx_caps[0] != HDCP_2_2_RX_CAPS_VERSION_VAL)
+		return -EINVAL;
+
+	hdcp->is_repeater = HDCP_2_2_RX_REPEATER(msgs.send_cert.rx_caps[2]) ?
+			    1 : 0;
+
+	/*
+	 * Here msgs.no_stored_km will hold msgs corresponding to the km
+	 * stored also.
+	 */
+	ret = hdcp2_verify_rx_cert_prepare_km(connector, &msgs.send_cert,
+					      &is_paired,
+					      &msgs.no_stored_km, &size);
+	if (ret < 0)
+		return ret;
+
+	hdcp->is_paired = is_paired ? 1 : 0;
+
+	ret = shim->write_2_2_msg(intel_dig_port, &msgs.no_stored_km, size);
+	if (ret < 0)
+		return ret;
+
+	ret = shim->read_2_2_msg(intel_dig_port, HDCP_2_2_AKE_SEND_HPRIME,
+				 &msgs.send_hprime, sizeof(msgs.send_hprime));
+	if (ret < 0)
+		return ret;
+
+	ret = hdcp2_verify_hprime(connector, &msgs.send_hprime);
+	if (ret < 0)
+		return ret;
+
+	if (!hdcp->is_paired) {
+		/* Pairing is required */
+		ret = shim->read_2_2_msg(intel_dig_port,
+					 HDCP_2_2_AKE_SEND_PAIRING_INFO,
+					 &msgs.pairing_info,
+					 sizeof(msgs.pairing_info));
+		if (ret < 0)
+			return ret;
+
+		ret = hdcp2_store_pairing_info(connector, &msgs.pairing_info);
+		if (ret < 0)
+			return ret;
+		hdcp->is_paired = 1;
+	}
+
+	return 0;
+}
+
+static int hdcp2_locality_check(struct intel_connector *connector)
+{
+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
+	struct intel_hdcp *hdcp = &connector->hdcp;
+	union {
+		struct hdcp2_lc_init lc_init;
+		struct hdcp2_lc_send_lprime send_lprime;
+	} msgs;
+	const struct intel_hdcp_shim *shim = hdcp->shim;
+	int tries = HDCP2_LC_RETRY_CNT, ret, i;
+
+	for (i = 0; i < tries; i++) {
+		ret = hdcp2_prepare_lc_init(connector, &msgs.lc_init);
+		if (ret < 0)
+			continue;
+
+		ret = shim->write_2_2_msg(intel_dig_port, &msgs.lc_init,
+				      sizeof(msgs.lc_init));
+		if (ret < 0)
+			continue;
+
+		ret = shim->read_2_2_msg(intel_dig_port,
+					 HDCP_2_2_LC_SEND_LPRIME,
+					 &msgs.send_lprime,
+					 sizeof(msgs.send_lprime));
+		if (ret < 0)
+			continue;
+
+		ret = hdcp2_verify_lprime(connector, &msgs.send_lprime);
+		if (!ret)
+			break;
+	}
+
+	return ret;
+}
+
+static int hdcp2_session_key_exchange(struct intel_connector *connector)
+{
+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
+	struct intel_hdcp *hdcp = &connector->hdcp;
+	struct hdcp2_ske_send_eks send_eks;
+	int ret;
+
+	ret = hdcp2_prepare_skey(connector, &send_eks);
+	if (ret < 0)
+		return ret;
+
+	ret = hdcp->shim->write_2_2_msg(intel_dig_port, &send_eks,
+					sizeof(send_eks));
+	if (ret < 0)
+		return ret;
+
+	return 0;
+}
+
 static int hdcp2_authenticate_sink(struct intel_connector *connector)
 {
-	DRM_ERROR("Sink authentication is done in subsequent patches\n");
+	struct intel_digital_port *intel_dig_port = conn_to_dig_port(connector);
+	struct intel_hdcp *hdcp = &connector->hdcp;
+	const struct intel_hdcp_shim *shim = hdcp->shim;
+	struct hdcp2_dp_errata_stream_type stream_type_msg;
+	int ret;
 
-	return -EINVAL;
+	ret = hdcp2_authentication_key_exchange(connector);
+	if (ret < 0) {
+		DRM_DEBUG_KMS("AKE Failed. Err : %d\n", ret);
+		return ret;
+	}
+
+	ret = hdcp2_locality_check(connector);
+	if (ret < 0) {
+		DRM_DEBUG_KMS("Locality Check failed. Err : %d\n", ret);
+		return ret;
+	}
+
+	ret = hdcp2_session_key_exchange(connector);
+	if (ret < 0) {
+		DRM_DEBUG_KMS("SKE Failed. Err : %d\n", ret);
+		return ret;
+	}
+
+	if (!hdcp->is_repeater && shim->config_stream_type) {
+		/*
+		 * Errata for DP: As Stream type is used for encryption,
+		 * Receiver should be communicated with stream type for the
+		 * decryption of the content.
+		 * Repeater will be communicated with stream type as a
+		 * part of it's auth later in time.
+		 */
+		stream_type_msg.msg_id = HDCP_2_2_ERRATA_DP_STREAM_TYPE;
+		stream_type_msg.stream_type = hdcp->content_type;
+
+		ret = shim->config_stream_type(intel_dig_port, &stream_type_msg,
+					       sizeof(stream_type_msg));
+		if (ret < 0)
+			return ret;
+	}
+
+	hdcp->mei_data.streams[0].stream_type = hdcp->content_type;
+	ret = hdcp2_authenticate_port(connector);
+	if (ret < 0)
+		return ret;
+
+	return ret;
 }
 
 static int hdcp2_enable_encryption(struct intel_connector *connector)
-- 
2.7.4

_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

  parent reply	other threads:[~2018-11-27 10:43 UTC|newest]

Thread overview: 80+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-27 10:42 [PATCH v8 00/35] drm/i915: Implement HDCP2.2 Ramalingam C
2018-11-27 10:42 ` [PATCH v8 01/35] drm/i915: debug log for REPLY_ACK missing Ramalingam C
2018-11-27 10:43 ` [PATCH v8 02/35] drm/i915: Increase timeout for Encrypt status change Ramalingam C
2018-11-27 10:43 ` [PATCH v8 03/35] linux/mei: Header for mei_hdcp driver interface Ramalingam C
2018-12-07 13:53   ` C, Ramalingam
2018-12-07 14:10     ` Daniel Vetter
2018-12-08 20:15       ` Winkler, Tomas
2018-12-10  9:31         ` Daniel Vetter
2018-11-27 10:43 ` [PATCH v8 04/35] drm/i915: Initialize HDCP2.2 Ramalingam C
2018-12-06 10:03   ` Daniel Vetter
2018-12-07  4:54     ` C, Ramalingam
2018-12-07 14:16       ` Daniel Vetter
2018-12-08 18:47         ` Winkler, Tomas
2018-12-10  9:28           ` Daniel Vetter
2018-11-27 10:43 ` [PATCH v8 05/35] drm/i915: MEI interface definition Ramalingam C
2018-12-06 10:23   ` Daniel Vetter
2018-12-07  5:52     ` C, Ramalingam
2018-12-07 10:48       ` C, Ramalingam
2018-12-07 10:48       ` C, Ramalingam
2018-12-07 14:32         ` Daniel Vetter
2018-12-07 14:29       ` Daniel Vetter
2018-12-12  8:58         ` C, Ramalingam
2018-12-12 10:38           ` Daniel Vetter
2018-12-12 11:04             ` C, Ramalingam
2018-12-13  3:55               ` C, Ramalingam
2018-11-27 10:43 ` [PATCH v8 06/35] drm/i915: Enable and Disable of HDCP2.2 Ramalingam C
2018-12-06 10:30   ` Daniel Vetter
2018-12-07  6:22     ` C, Ramalingam
2018-12-07 14:33       ` Daniel Vetter
2018-11-27 10:43 ` Ramalingam C [this message]
2018-11-27 10:43 ` [PATCH v8 08/35] drm/i915: Implement HDCP2.2 repeater authentication Ramalingam C
2018-12-06 10:45   ` Daniel Vetter
2018-12-12  9:11     ` C, Ramalingam
2018-11-27 10:43 ` [PATCH v8 09/35] drm/i915: Implement HDCP2.2 link integrity check Ramalingam C
2018-12-06 13:27   ` Daniel Vetter
2018-12-06 13:41     ` Daniel Vetter
2018-12-07  6:46     ` C, Ramalingam
2018-12-07 14:36       ` Daniel Vetter
2018-11-27 10:43 ` [PATCH v8 10/35] drm/i915: Handle HDCP2.2 downstream topology change Ramalingam C
2018-12-06 13:42   ` Daniel Vetter
2018-11-27 10:43 ` [PATCH v8 11/35] drm/i915: Check HDCP 1.4 and 2.2 link on CP_IRQ Ramalingam C
2018-12-06 13:44   ` Daniel Vetter
2018-11-27 10:43 ` [PATCH v8 12/35] drm/i915: Implement the HDCP2.2 support for DP Ramalingam C
2018-11-27 16:54   ` Bloomfield, Jon
2018-11-27 17:37     ` Daniel Vetter
2018-11-28  5:15       ` C, Ramalingam
2018-11-28  5:26   ` Stéphane Marchesin
2018-11-28  7:24     ` C, Ramalingam
2018-12-06 13:58   ` Daniel Vetter
2018-11-27 10:43 ` [PATCH v8 13/35] drm/i915: Implement the HDCP2.2 support for HDMI Ramalingam C
2018-12-06 14:04   ` Daniel Vetter
2018-11-27 10:43 ` [PATCH v8 14/35] drm/i915: Add HDCP2.2 support for DP connectors Ramalingam C
2018-11-27 10:43 ` [PATCH v8 15/35] drm/i915: Add HDCP2.2 support for HDMI connectors Ramalingam C
2018-11-27 10:43 ` [PATCH v8 16/35] mei: bus: whitelist hdcp client Ramalingam C
2018-11-27 10:43 ` [PATCH v8 17/35] mei: bus: export to_mei_cl_device for mei client device drivers Ramalingam C
2018-11-27 10:43 ` [PATCH v8 18/35] misc/mei/hdcp: Client driver for HDCP application Ramalingam C
2018-11-27 10:43 ` [PATCH v8 19/35] misc/mei/hdcp: Define ME FW interface for HDCP2.2 Ramalingam C
2018-11-27 10:43 ` [PATCH v8 20/35] misc/mei/hdcp: Initiate Wired HDCP2.2 Tx Session Ramalingam C
2018-11-27 10:43 ` [PATCH v8 21/35] misc/mei/hdcp: Verify Receiver Cert and prepare km Ramalingam C
2018-11-27 10:43 ` [PATCH v8 22/35] misc/mei/hdcp: Verify H_prime Ramalingam C
2018-11-27 10:43 ` [PATCH v8 23/35] misc/mei/hdcp: Store the HDCP Pairing info Ramalingam C
2018-11-27 10:43 ` [PATCH v8 24/35] misc/mei/hdcp: Initiate Locality check Ramalingam C
2018-11-27 10:43 ` [PATCH v8 25/35] misc/mei/hdcp: Verify L_prime Ramalingam C
2018-11-27 10:43 ` [PATCH v8 26/35] misc/mei/hdcp: Prepare Session Key Ramalingam C
2018-11-27 10:43 ` [PATCH v8 27/35] misc/mei/hdcp: Repeater topology verification and ack Ramalingam C
2018-11-27 10:43 ` [PATCH v8 28/35] misc/mei/hdcp: Verify M_prime Ramalingam C
2018-11-27 10:43 ` [PATCH v8 29/35] misc/mei/hdcp: Enabling the HDCP authentication Ramalingam C
2018-11-27 10:43 ` [PATCH v8 30/35] misc/mei/hdcp: Closing wired HDCP2.2 Tx Session Ramalingam C
2018-11-27 10:43 ` [PATCH v8 31/35] misc/mei/hdcp: Component framework for I915 Interface Ramalingam C
2018-11-27 10:43 ` [PATCH v8 32/35] drm/i915: Commit CP without modeset Ramalingam C
2018-12-06 14:19   ` Daniel Vetter
2018-11-27 10:43 ` [PATCH v8 33/35] drm/i915: Fix KBL HDCP2.2 encrypt status signalling Ramalingam C
2018-12-06 14:20   ` Daniel Vetter
2018-12-07  7:03     ` C, Ramalingam
2018-11-27 10:43 ` [PATCH v8 34/35] FOR_TEST: i915/Kconfig: Select mei_hdcp by I915 Ramalingam C
2018-11-27 10:43 ` [PATCH v8 35/35] FOR_TESTING_ONLY: debugfs: Excluding the LSPCon for HDCP1.4 Ramalingam C
2018-11-27 11:08 ` ✗ Fi.CI.CHECKPATCH: warning for drm/i915: Implement HDCP2.2 (rev10) Patchwork
2018-11-27 11:16 ` ✗ Fi.CI.SPARSE: " Patchwork
2018-11-27 11:36 ` ✗ Fi.CI.BAT: failure " Patchwork
2018-12-06 14:27 ` [PATCH v8 00/35] drm/i915: Implement HDCP2.2 Daniel Vetter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1543315413-24302-8-git-send-email-ramalingam.c@intel.com \
    --to=ramalingam.c@intel.com \
    --cc=daniel.vetter@ffwll.ch \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=intel-gfx@lists.freedesktop.org \
    --cc=tomas.winkler@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.