widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Pick widevine oemcrypto-v18 change

Browse Source 
No-Typo-Check: From a third party header file
Bug: 260918793
Test: unit tests
Test: atp v2/widevine-eng/drm_compliance
Change-Id: I36effd6a10a99bdb2399ab1f4a0fad026d607c70
This commit is contained in:
Kyle Zhang
2022-12-16 03:21:08 +00:00
parent 4586522c07
commit 11255b7426
105 changed files with 324641 additions and 299787 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libwvdrmengine/oemcrypto/odk/Android.bp
View File

@@ -93,6 +93,8 @@ cc_test {
"libwv_kdo",
],
shared_libs: ["libprotobuf-cpp-lite"],
srcs: [
"test/odk_test.cpp",
"test/odk_test_helper.cpp",

11
libwvdrmengine/oemcrypto/odk/include/OEMCryptoCENCCommon.h
View File

@@ -142,6 +142,17 @@ typedef enum OEMCrypto_PrivateKeyType {
OEMCrypto_PrivateKeyType_MaxValue = OEMCrypto_ECC_Private_Key,
} OEMCrypto_PrivateKeyType;
/**
* The base for (delayed) timers, i.e. from what time the (delayed) timer
* starts.
*/
typedef enum OEMCrypto_TimerDelayBase {
OEMCrypto_License_Start = 0,
OEMCrypto_License_Load = 1,
OEMCrypto_First_Decrypt = 2,
OEMCrypto_TimerDelayBase_MaxValue = OEMCrypto_First_Decrypt,
} OEMCrypto_TimerDelayBase;
/**
* Used to indicate a substring of a signed message in OEMCrypto_LoadKeys and
* other functions which must verify that a parameter is contained within a

12
libwvdrmengine/oemcrypto/odk/include/core_message_deserialize.h
View File

@@ -55,6 +55,18 @@ bool CoreProvisioningRequestFromMessage(
const std::string& oemcrypto_core_message,
ODK_ProvisioningRequest* core_provisioning_request);
/**
* Counterpart (deserializer) of ODK_PrepareCoreProvisioning40Request
* (serializer)
*
* Parameters:
* [in] oemcrypto_core_message
* [out] core_provisioning_request
*/
bool CoreProvisioning40RequestFromMessage(
const std::string& oemcrypto_core_message,
ODK_Provisioning40Request* core_provisioning_request);
/**
* Counterpart (deserializer) of ODK_PrepareCoreRenewedProvisioningRequest
* (serializer)

1
libwvdrmengine/oemcrypto/odk/include/core_message_features.h
View File

@@ -8,6 +8,7 @@
#include <stdint.h>
#include <iostream>
#include <ostream>
#include <string>
namespace oemcrypto_core_message {

15
libwvdrmengine/oemcrypto/odk/include/core_message_serialize.h
View File

@@ -72,6 +72,21 @@ bool CreateCoreProvisioningResponse(const CoreMessageFeatures& features,
const ODK_ParsedProvisioning& parsed_prov,
const ODK_ProvisioningRequest& core_request,
std::string* oemcrypto_core_message);
/**
* Counterpart (serializer) of ODK_ParseProvisioning40 (deserializer)
* struct-input variant
*
* Parameters:
* [in] features feature support for response message.
* [in] core_request
* [out] oemcrypto_core_message
*/
bool CreateCoreProvisioning40Response(
const CoreMessageFeatures& features,
const ODK_Provisioning40Request& core_request,
std::string* oemcrypto_core_message);
} // namespace serialize
} // namespace oemcrypto_core_message

2
libwvdrmengine/oemcrypto/odk/include/core_message_serialize_proto.h
View File

@@ -17,6 +17,7 @@
#include <cstdint>
#include <string>
#include "OEMCryptoCENCCommon.h"
#include "core_message_features.h"
#include "core_message_types.h"
#include "license_protocol.pb.h"
@@ -59,6 +60,7 @@ bool CreateCoreProvisioningResponseFromProto(
const oemcrypto_core_message::features::CoreMessageFeatures& features,
const std::string& serialized_provisioning_response,
const ODK_ProvisioningRequest& core_request,
const OEMCrypto_PrivateKeyType device_key_type,
std::string* oemcrypto_core_message);
} // namespace serialize

62
libwvdrmengine/oemcrypto/odk/include/core_message_types.h
View File

@@ -30,23 +30,25 @@
* KDO provides a corresponding writer.
*
* Table: ODK vs KDO (s: serialize; d: deserialize)
* +----------------------------------------+---------------------------------------+
* | ODK | KDO |
* +---+------------------------------------+---+-----------------------------------+
* | s | ODK_PrepareCoreLicenseRequest | d | CoreLicenseRequestFromMessage |
* | +------------------------------------+ +-----------------------------------+
* | | ODK_PrepareCoreRenewalRequest | | CoreRenewalRequestFromMessage |
* | +------------------------------------+ +-----------------------------------+
* | | ODK_PrepareCoreProvisioningRequest | | CoreProvisioningRequestFromMessage|
* | +------------------------------------+ +-----------------------------------+
* | | ODK_PrepareCommonRequest | | CoreCommonRequestFromMessage |
* +---+------------------------------------+---+-----------------------------------+
* | d | ODK_ParseLicense | s | CreateCoreLicenseResponse |
* | +------------------------------------+ +-----------------------------------+
* | | ODK_ParseRenewal | | CreateCoreRenewalResponse |
* | +------------------------------------+ +-----------------------------------+
* | | ODK_ParseProvisioning | | CreateCoreProvisioningResponse |
* +---+------------------------------------+---+-----------------------------------+
* +------------------------------------------+------------------------------------------+
* | ODK | KDO |
* +---+--------------------------------------+---+--------------------------------------+
* | s | ODK_PrepareCoreLicenseRequest | d | CoreLicenseRequestFromMessage |
* | +--------------------------------------+ +--------------------------------------+
* | | ODK_PrepareCoreRenewalRequest | | CoreRenewalRequestFromMessage |
* | +--------------------------------------+ +--------------------------------------+
* | | ODK_PrepareCoreProvisioningRequest | | CoreProvisioningRequestFromMessage |
* | | ODK_PrepareCoreProvisioning40Request | | CoreProvisioning40RequestFromMessage |
* | +--------------------------------------+ +--------------------------------------+
* | | ODK_PrepareCommonRequest | | CoreCommonRequestFromMessage |
* +---+--------------------------------------+---+--------------------------------------+
* | d | ODK_ParseLicense | s | CreateCoreLicenseResponse |
* | +--------------------------------------+ +--------------------------------------+
* | | ODK_ParseRenewal | | CreateCoreRenewalResponse |
* | +--------------------------------------+ +--------------------------------------+
* | | ODK_ParseProvisioning | | CreateCoreProvisioningResponse |
* | | ODK_ParseProvisioning40 | | CreateCoreProvisioning40Response |
* +---+--------------------------------------+---+--------------------------------------+
*
*********************************************************************/
// clang-format on
@@ -95,6 +97,19 @@ struct ODK_RenewalRequest {
uint64_t playback_time_seconds;
};
struct ODK_MessageCounter {
uint64_t master_generation_number;
uint32_t provisioning_count;
uint32_t license_count;
uint32_t decrypt_count;
uint16_t major_version;
uint16_t minor_version;
uint16_t patch_version;
uint8_t soc_vendor[16];
uint8_t chipset_model[16];
uint8_t extra[16];
};
/**
* Output structure for CoreProvisioningRequestFromMessage and
* CoreRenewedProvisioningRequestFromMessage
@@ -108,6 +123,19 @@ struct ODK_ProvisioningRequest {
std::string device_id;
uint16_t renewal_type;
std::string renewal_data;
ODK_MessageCounter counter_info;
};
/**
* Output structure for CoreProvisioningRequest40FromMessage
* Input structure for CreateCoreProvisioning40Response
*/
struct ODK_Provisioning40Request {
uint16_t api_minor_version;
uint16_t api_major_version;
uint32_t nonce;
uint32_t session_id;
std::string device_info;
};
} // namespace oemcrypto_core_message

119
libwvdrmengine/oemcrypto/odk/include/odk.h
View File

@@ -259,6 +259,8 @@ OEMCryptoResult ODK_DeactivateUsageEntry(ODK_ClockValues* clock_values);
* of the message. (in) size of buffer reserved for the core message, in
* bytes. (out) actual length of the core message, in bytes.
* @param[in] nonce_values: pointer to the session's nonce data.
* @param[in] message_count_info: information used for server-side anomaly
* detection
*
* @retval OEMCrypto_SUCCESS
* @retval OEMCrypto_ERROR_SHORT_BUFFER: core_message_size is too small
@@ -269,7 +271,8 @@ OEMCryptoResult ODK_DeactivateUsageEntry(ODK_ClockValues* clock_values);
*/
OEMCryptoResult ODK_PrepareCoreLicenseRequest(
uint8_t* message, size_t message_length, size_t* core_message_size,
const ODK_NonceValues* nonce_values);
const ODK_NonceValues* nonce_values,
const ODK_MessageCounterInfo* counter_info);
/**
* Modifies the message to include a core renewal request at the beginning of
@@ -337,11 +340,8 @@ OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message,
* of the message. (in) size of buffer reserved for the core message, in
* bytes. (out) actual length of the core message, in bytes.
* @param[in] nonce_values: pointer to the session's nonce data.
* @param[in] device_id: For devices with a keybox, this is the device ID from
* the keybox. For devices with an OEM Certificate, this is a device
* unique id string.
* @param[in] device_id_length: length of device_id. The device ID can be at
* most 64 bytes.
* @param[in] message_count_info: information used for server-side anomaly
* detection
*
* @retval OEMCrypto_SUCCESS
* @retval OEMCrypto_ERROR_SHORT_BUFFER: core_message_size is too small
@@ -352,8 +352,44 @@ OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message,
*/
OEMCryptoResult ODK_PrepareCoreProvisioningRequest(
uint8_t* message, size_t message_length, size_t* core_message_length,
const ODK_NonceValues* nonce_values, const uint8_t* device_id,
size_t device_id_length);
const ODK_NonceValues* nonce_values,
const ODK_MessageCounterInfo* counter_info);
/**
* Modifies the message to include a core provisioning 4.0 request at the
* beginning of the message buffer. The values in nonce_values are used to
* populate the message.
*
* This shall be called by OEMCrypto from
* OEMCrypto_PrepAndSignProvisioningRequest.
*
* NOTE: if the message pointer is null and/or input core_message_length is
* zero, this function returns OEMCrypto_ERROR_SHORT_BUFFER and sets output
* core_message_size to the size needed.
*
* @param[in,out] message: Pointer to memory for the entire message. Modified by
* the ODK library.
* @param[in] message_length: length of the entire message buffer.
* @param[in,out] core_message_size: length of the core message at the beginning
* of the message. (in) size of buffer reserved for the core message, in
* bytes. (out) actual length of the core message, in bytes.
* @param[in] nonce_values: pointer to the session's nonce data.
* @param[in] device_info: Encoded device hardware info in CBOR format.
* @param[in] device_info_length: length of device_info.
* @param[in] message_count_info: information used for server-side anomaly
* detection
*
* @retval OEMCrypto_SUCCESS
* @retval OEMCrypto_ERROR_SHORT_BUFFER: core_message_size is too small
* @retval OEMCrypto_ERROR_INVALID_CONTEXT
*
* @version
* This method is new in version 18 of the API.
*/
OEMCryptoResult ODK_PrepareCoreProvisioning40Request(
uint8_t* message, size_t message_length, size_t* core_message_length,
const ODK_NonceValues* nonce_values, const uint8_t* device_info,
size_t device_info_length, const ODK_MessageCounterInfo* counter_info);
/**
* Modifies the message to include a core renewal provisioning request at the
@@ -515,6 +551,7 @@ OEMCryptoResult ODK_RefreshV15Values(const ODK_TimerLimits* timer_limits,
* and false when called for OEMCrypto_ReloadLicense.
* @param[in] usage_entry_present: true if the session has a new usage entry
* associated with it created via OEMCrypto_CreateNewUsageEntry.
* @param[in] system_time_seconds: The current system's time in seconds.
* @param[in,out] timer_limits: The session's timer limits. These will be
* updated.
* @param[in,out] clock_values: The session's clock values. These will be
@@ -522,13 +559,19 @@ OEMCryptoResult ODK_RefreshV15Values(const ODK_TimerLimits* timer_limits,
* @param[in,out] nonce_values: The session's nonce values. These will be
* updated.
* @param[out] parsed_license: the destination for the data.
* @param[out] timer_value: set if playback timer should be started.
*
* @retval OEMCrypto_SUCCESS
* @retval ODK_ERROR_CORE_MESSAGE: if the message did not parse correctly, or
* there were other incorrect values. An error should be returned to the
* CDM layer.
* @retval ODK_UNSUPPORTED_API
* @retval OEMCrypto_ERROR_INVALID_NONCE
* @retval ODK_SET_TIMER: if the playback timer has been started successfully
* @retval ODK_DISABLE_TIMER: if the playtime timer has been started
* successfully then is disabled.
* @retval ODK_TIMER_EXPIRED: if the license is attempted to be loaded after the
* rental duration expires.
* @retval OEMCrypto_ERROR_INVALåID_NONCE
*
* @version
* This method is new in version 16 of the API.
@@ -536,8 +579,9 @@ OEMCryptoResult ODK_RefreshV15Values(const ODK_TimerLimits* timer_limits,
OEMCryptoResult ODK_ParseLicense(
const uint8_t* message, size_t message_length, size_t core_message_length,
bool initial_license_load, bool usage_entry_present,
ODK_TimerLimits* timer_limits, ODK_ClockValues* clock_values,
ODK_NonceValues* nonce_values, ODK_ParsedLicense* parsed_license);
uint64_t system_time_seconds, ODK_TimerLimits* timer_limits,
ODK_ClockValues* clock_values, ODK_NonceValues* nonce_values,
ODK_ParsedLicense* parsed_license, uint64_t* timer_value);
/**
* The function ODK_ParseRenewal will parse the message and verify its
@@ -564,7 +608,8 @@ OEMCryptoResult ODK_ParseLicense(
* @param[in] message_length: length of the entire message buffer.
* @param[in] core_message_size: length of the core message, at the beginning of
* the message buffer.
* @param[in] nonce_values: pointer to the session's nonce data.
* @param[in,out] nonce_values: pointer to the session's nonce data. These might
* be updated if the server returns a lower API version.
* @param[in] system_time_seconds: the current time on OEMCrypto's clock, in
* seconds.
* @param[in] timer_limits: timer limits specified in the license.
@@ -591,7 +636,7 @@ OEMCryptoResult ODK_ParseLicense(
*/
OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
size_t core_message_length,
const ODK_NonceValues* nonce_values,
ODK_NonceValues* nonce_values,
uint64_t system_time_seconds,
const ODK_TimerLimits* timer_limits,
ODK_ClockValues* clock_values,
@@ -604,8 +649,8 @@ OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
* If the message does not parse correctly, ODK_ParseProvisioning will return
* an error that OEMCrypto should return to the CDM layer above.
*
* If the API in the message is larger than 16, then ODK_UNSUPPORTED_API is
* returned.
* If the API in the message is larger than ODK_MAJOR_VERSION, then
* ODK_UNSUPPORTED_API is returned.
*
* ODK_ParseProvisioning shall verify that nonce_values->nonce and
* nonce_values->session_id are the same as those in the message. Otherwise
@@ -620,11 +665,13 @@ OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
* @param[in] message_length: length of the entire message buffer.
* @param[in] core_message_size: length of the core message, at the beginning of
* the message buffer.
* @param[in] nonce_values: pointer to the session's nonce data.
* @param[in/out] nonce_values: pointer to the session's nonce data. These might
* be updated if the server returns a lower API version.
* @param[in] device_id: a pointer to a buffer containing the device ID of the
* device. The ODK function will verify it matches that in the message.
* @param[in] device_id_length: the length of the device ID.
* @param[out] parsed_response: destination for the parse data.
* @param[out] counter_info: destination for counter portion of parse data.
* @param[out] parsed_response: destination for response portion of parse data.
*
* @retval OEMCrypto_SUCCESS
* @retval ODK_ERROR_CORE_MESSAGE: the message did not parse correctly, or there
@@ -638,9 +685,45 @@ OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
*/
OEMCryptoResult ODK_ParseProvisioning(
const uint8_t* message, size_t message_length, size_t core_message_length,
const ODK_NonceValues* nonce_values, const uint8_t* device_id,
ODK_NonceValues* nonce_values, const uint8_t* device_id,
size_t device_id_length, ODK_ParsedProvisioning* parsed_response);
/**
* The function ODK_ParseProvisioning40 will parse the message and verify the
* nonce values match those in the request.
*
* If the message does not parse correctly, ODK_ParseProvisioning40 will return
* an error that OEMCrypto should return to the CDM layer above.
*
* If the API in the message is larger than ODK_MAJOR_VERSION, then
* ODK_UNSUPPORTED_API is returned.
*
* ODK_ParseProvisioning40 shall verify that nonce_values->nonce and
* nonce_values->session_id are the same as those in the message. Otherwise
* it shall return OEMCrypto_ERROR_INVALID_NONCE.
*
* @param[in] message: pointer to the message buffer.
* @param[in] message_length: length of the entire message buffer.
* @param[in] core_message_size: length of the core message, at the beginning of
* the message buffer.
* @param[in,out] nonce_values: pointer to the session's nonce data. These might
* be updated if the server returns a lower API version.
*
* @retval OEMCrypto_SUCCESS
* @retval ODK_ERROR_CORE_MESSAGE: the message did not parse correctly, or there
* were other incorrect values. An error should be returned to the CDM
* layer.
* @retval ODK_UNSUPPORTED_API
* @retval OEMCrypto_ERROR_INVALID_NONCE
*
* @version
* This method is new in version 18 of the API.
*/
OEMCryptoResult ODK_ParseProvisioning40(const uint8_t* message,
size_t message_length,
size_t core_message_length,
ODK_NonceValues* nonce_values);
/**
* The function ODK_ParseProvisioning will parse the message and verify the
* API version is at most the version passed in.

3
libwvdrmengine/oemcrypto/odk/include/odk_message.h
View File

@@ -63,7 +63,8 @@ typedef enum {
MESSAGE_STATUS_NOT_INITIALIZED = 0x2990b6c6,
MESSAGE_STATUS_OUT_OF_MEMORY = 0x7c5c64cc,
MESSAGE_STATUS_MAP_SHARED_MEMORY_FAILED = 0x7afecacf,
MESSAGE_STATUS_SECURE_BUFFER_ERROR = 0x78f0e873
MESSAGE_STATUS_SECURE_BUFFER_ERROR = 0x78f0e873,
MESSAGE_STATUS_BUFFER_TOO_LARGE = 0x5bfcfb21
} ODK_MessageStatus;
/*

56
libwvdrmengine/oemcrypto/odk/include/odk_structs.h
View File

@@ -15,11 +15,11 @@ extern "C" {
#include "odk_target.h"
/* The version of this library. */
#define ODK_MAJOR_VERSION 17
#define ODK_MINOR_VERSION 2
#define ODK_MAJOR_VERSION 18
#define ODK_MINOR_VERSION 0
/* ODK Version string. Date changed automatically on each release. */
#define ODK_RELEASE_DATE "ODK v17.2 2022-08-10"
#define ODK_RELEASE_DATE "ODK v18.0 2022-12-14"
/* The lowest version number for an ODK message. */
#define ODK_FIRST_VERSION 16
@@ -28,6 +28,11 @@ extern "C" {
#define ODK_DEVICE_ID_LEN_MAX 64
#define ODK_SHA256_HASH_SIZE 32
#define ODK_KEYBOX_RENEWAL_DATA_SIZE 1600
/* The max length of the encoded device info in CBOR format. Make sure it gets
* updated when more device info is included. Refer to
* https://www.rfc-editor.org/rfc/rfc8949.html#name-specification-of-the-cbor-e
* for an estimation of the required length. */
#define ODK_DEVICE_INFO_LEN_MAX 256
/// @addtogroup odk_timer
/// @{
@@ -161,6 +166,47 @@ typedef struct {
/// @addtogroup odk_parser
/// @{
/**
* This counter information is used by the license and provisioning servers to
* keep track of requests. Values should be updated after every successful
* provisioning request, license request, and decrypt call.
*
* @param provisioning_count: number of times a provisioning request was made on
* this device in the current instance. May be reset to 0 on device power off.
* @param license_count: number of times a license request was made on this
* device in the current instance. May be reset to 0 on device power off.
* @param decrypt_count: number of times OEMCrypto_DecryptCENC() has been called
* on this device in the current instance. May be reset to 0 on device power
* off.
* @param master_generation_number: current master generation number value from
* the OEMCrypto usage table. Persists across reboots.
* @param soc_vendor: name of the system-on-a-chip vendor for the device,
* limited to 16 bytes
* @param chipset_model: name of the chipset on the device, limited to 16 bytes
* @param major_version: major version of the TA binary. This is different from
* the OEMCrypto version that is being implemented.
* @param minor_version: minor version of the TA binary, if applicable. This is
* different from the OEMCrypto version that is being implemented.
* @param patch_version: patch version of the TA binary, if applicable. This is
* different from the OEMCrypto version that is being implemented.
* @param extra: unused in V18
*
* @version
* This struct was added in API version 18.
*/
typedef struct {
uint64_t master_generation_number;
uint32_t provisioning_count;
uint32_t license_count;
uint32_t decrypt_count;
uint16_t major_version;
uint16_t minor_version;
uint16_t patch_version;
uint8_t soc_vendor[16];
uint8_t chipset_model[16];
uint8_t extra[12];
} ODK_MessageCounterInfo;
/**
* The parsed license structure contains information from the license
* message. The function ODK_ParseLicense will fill in the fields of this
@@ -178,11 +224,12 @@ typedef struct {
* @param timer_limits: time limits of the for the license.
* @param watermarking: specifies if device supports watermarking.
* @param dtcp2_required: specifies if device supports DTCP.
* @param renewal_delay_base: what time the timer starting is based off of.
* @param key_array_length: number of keys present.
* @param key_array: set of keys to be installed.
*
* @version
* This struct changed in API version 17.
* This struct changed in API version 18.
*/
typedef struct {
OEMCrypto_Substring enc_mac_keys_iv;
@@ -194,6 +241,7 @@ typedef struct {
ODK_TimerLimits timer_limits;
uint32_t watermarking;
OEMCrypto_DTCP2_CMI_Packet dtcp2_required;
OEMCrypto_TimerDelayBase renewal_delay_base;
uint32_t key_array_length;
OEMCrypto_KeyObject key_array[ODK_MAX_NUM_KEYS];
} ODK_ParsedLicense;

97
libwvdrmengine/oemcrypto/odk/src/core_message_deserialize.cpp
View File

@@ -11,10 +11,10 @@
#include <string>
#include "OEMCryptoCENCCommon.h"
#include "odk_message.h"
#include "odk_serialize.h"
#include "odk_structs.h"
#include "odk_structs_priv.h"
#include "serialization_base.h"
namespace oemcrypto_core_message {
namespace deserialize {
@@ -89,8 +89,33 @@ bool ParseRequest(uint32_t message_type,
} // namespace
static bool GetNonceFromMessage(const std::string& oemcrypto_core_message,
ODK_NonceValues* nonce_values) {
if (nonce_values == nullptr) return false;
if (oemcrypto_core_message.size() < sizeof(ODK_CoreMessage)) return false;
ODK_CoreMessage core_message;
const uint8_t* buf =
reinterpret_cast<const uint8_t*>(oemcrypto_core_message.c_str());
ODK_Message msg = ODK_Message_Create(const_cast<uint8_t*>(buf),
oemcrypto_core_message.size());
ODK_Message_SetSize(&msg, sizeof(ODK_CoreMessage));
Unpack_ODK_CoreMessage(&msg, &core_message);
if (ODK_Message_GetStatus(&msg) != MESSAGE_STATUS_OK) return false;
*nonce_values = core_message.nonce_values;
return true;
}
bool CoreLicenseRequestFromMessage(const std::string& oemcrypto_core_message,
ODK_LicenseRequest* core_license_request) {
ODK_NonceValues nonce;
if (!GetNonceFromMessage(oemcrypto_core_message, &nonce)) return false;
if (nonce.api_major_version <= 17) {
const auto unpacker = Unpack_ODK_PreparedLicenseRequestV17;
ODK_PreparedLicenseRequestV17 prepared_license = {};
return ParseRequest(ODK_License_Request_Type, oemcrypto_core_message,
core_license_request, &prepared_license, unpacker);
}
const auto unpacker = Unpack_ODK_PreparedLicenseRequest;
ODK_PreparedLicenseRequest prepared_license = {};
return ParseRequest(ODK_License_Request_Type, oemcrypto_core_message,
@@ -112,26 +137,70 @@ bool CoreRenewalRequestFromMessage(const std::string& oemcrypto_core_message,
bool CoreProvisioningRequestFromMessage(
const std::string& oemcrypto_core_message,
ODK_ProvisioningRequest* core_provisioning_request) {
const auto unpacker = Unpack_ODK_PreparedProvisioningRequest;
ODK_PreparedProvisioningRequest prepared_provision = {};
if (!ParseRequest(ODK_Provisioning_Request_Type, oemcrypto_core_message,
// We can't tell if V18 format or older. Need to partially parse in order
// to get the nonce values, which will tell us.
ODK_NonceValues nonce;
if (!GetNonceFromMessage(oemcrypto_core_message, &nonce)) return false;
if (nonce.api_major_version == 18) {
// Proceed with V18 types
const auto unpacker = Unpack_ODK_PreparedProvisioningRequest;
ODK_PreparedProvisioningRequest prepared_provision = {};
if (!ParseRequest(ODK_Provisioning_Request_Type, oemcrypto_core_message,
core_provisioning_request, &prepared_provision,
unpacker)) {
return false;
}
} else {
// V17 and older
const auto unpacker = Unpack_ODK_PreparedProvisioningRequestV17;
ODK_PreparedProvisioningRequestV17 prepared_provision = {};
if (!ParseRequest(ODK_Provisioning_Request_Type, oemcrypto_core_message,
core_provisioning_request, &prepared_provision,
unpacker)) {
return false;
}
const uint8_t* device_id = prepared_provision.device_id;
const uint32_t device_id_length = prepared_provision.device_id_length;
if (device_id_length > ODK_DEVICE_ID_LEN_MAX) {
return false;
}
if (device_id_length > 0) {
uint8_t zero[ODK_DEVICE_ID_LEN_MAX] = {};
if (memcmp(zero, device_id + device_id_length,
ODK_DEVICE_ID_LEN_MAX - device_id_length)) {
return false;
}
core_provisioning_request->device_id.assign(
reinterpret_cast<const char*>(device_id), device_id_length);
}
core_provisioning_request->renewal_type = OEMCrypto_NoRenewal;
core_provisioning_request->renewal_data.clear();
}
return true;
}
bool CoreProvisioning40RequestFromMessage(
const std::string& oemcrypto_core_message,
ODK_Provisioning40Request* core_provisioning_request) {
const auto unpacker = Unpack_ODK_PreparedProvisioning40Request;
ODK_PreparedProvisioning40Request prepared_provision = {};
if (!ParseRequest(ODK_Provisioning40_Request_Type, oemcrypto_core_message,
core_provisioning_request, &prepared_provision, unpacker)) {
return false;
}
const uint8_t* device_id = prepared_provision.device_id;
const uint32_t device_id_length = prepared_provision.device_id_length;
if (device_id_length > ODK_DEVICE_ID_LEN_MAX) {
const uint8_t* device_info = prepared_provision.device_info;
const uint32_t device_info_length = prepared_provision.device_info_length;
if (device_info_length > ODK_DEVICE_INFO_LEN_MAX) {
return false;
}
uint8_t zero[ODK_DEVICE_ID_LEN_MAX] = {};
if (memcmp(zero, device_id + device_id_length,
ODK_DEVICE_ID_LEN_MAX - device_id_length)) {
uint8_t zero[ODK_DEVICE_INFO_LEN_MAX] = {};
if (memcmp(zero, device_info + device_info_length,
ODK_DEVICE_INFO_LEN_MAX - device_info_length)) {
return false;
}
core_provisioning_request->device_id.assign(
reinterpret_cast<const char*>(device_id), device_id_length);
core_provisioning_request->renewal_type = OEMCrypto_NoRenewal;
core_provisioning_request->renewal_data.clear();
core_provisioning_request->device_info.assign(
reinterpret_cast<const char*>(device_info), device_info_length);
return true;
}

5
libwvdrmengine/oemcrypto/odk/src/core_message_features.cpp
View File

@@ -4,6 +4,8 @@
#include "core_message_features.h"
#include <ostream>
namespace oemcrypto_core_message {
namespace features {
const CoreMessageFeatures CoreMessageFeatures::kDefaultFeatures;
@@ -25,6 +27,9 @@ CoreMessageFeatures CoreMessageFeatures::DefaultFeatures(
case 17:
features.maximum_minor_version = 2; // 17.2
break;
case 18:
features.maximum_minor_version = 0; // 18.0
break;
default:
features.maximum_minor_version = 0;
}

165
libwvdrmengine/oemcrypto/odk/src/core_message_serialize.cpp
View File

@@ -30,8 +30,9 @@ namespace {
*/
template <typename T, typename S>
bool CreateResponseHeader(const CoreMessageFeatures& features,
ODK_MessageType message_type, const S& core_request,
T& response) {
ODK_MessageType message_type,
ODK_CoreMessage* response_header,
const S& core_request, T& response) {
// Bad major version.
if ((features.maximum_major_version > ODK_MAJOR_VERSION) ||
(features.maximum_major_version == ODK_MAJOR_VERSION &&
@@ -40,20 +41,24 @@ bool CreateResponseHeader(const CoreMessageFeatures& features,
return false;
}
auto* header = &response.request.core_message;
header->message_type = message_type;
header->nonce_values.api_major_version = core_request.api_major_version;
header->nonce_values.api_minor_version = core_request.api_minor_version;
header->nonce_values.nonce = core_request.nonce;
header->nonce_values.session_id = core_request.session_id;
response_header->message_type = message_type;
response_header->nonce_values.api_major_version =
core_request.api_major_version;
response_header->nonce_values.api_minor_version =
core_request.api_minor_version;
response_header->nonce_values.nonce = core_request.nonce;
response_header->nonce_values.session_id = core_request.session_id;
// The message API version for the response is the minimum of our version and
// the request's version.
if (core_request.api_major_version > features.maximum_major_version) {
header->nonce_values.api_major_version = features.maximum_major_version;
header->nonce_values.api_minor_version = features.maximum_minor_version;
response_header->nonce_values.api_major_version =
features.maximum_major_version;
response_header->nonce_values.api_minor_version =
features.maximum_minor_version;
} else if (core_request.api_major_version == features.maximum_major_version &&
core_request.api_minor_version > features.maximum_minor_version) {
header->nonce_values.api_minor_version = features.maximum_minor_version;
response_header->nonce_values.api_minor_version =
features.maximum_minor_version;
}
return true;
}
@@ -68,14 +73,14 @@ bool CreateResponseHeader(const CoreMessageFeatures& features,
*/
template <typename T, typename S, typename P>
bool CreateResponse(ODK_MessageType message_type, const S& core_request,
std::string* oemcrypto_core_message, T& response,
std::string* oemcrypto_core_message,
ODK_CoreMessage* response_header, T& response,
const P& packer) {
if (!oemcrypto_core_message) {
return false;
}
auto* header = &response.request.core_message;
if (header->message_type != message_type ||
header->nonce_values.api_major_version < ODK_FIRST_VERSION) {
if (response_header->message_type != message_type ||
response_header->nonce_values.api_major_version < ODK_FIRST_VERSION) {
// This indicates CreateResponseHeader was not called.
return false;
}
@@ -89,8 +94,8 @@ bool CreateResponse(ODK_MessageType message_type, const S& core_request,
}
uint32_t message_length = static_cast<uint32_t>(ODK_Message_GetSize(&msg));
msg = ODK_Message_Create(buf.data() + sizeof(header->message_type),
sizeof(header->message_length));
msg = ODK_Message_Create(buf.data() + sizeof(response_header->message_type),
sizeof(response_header->message_length));
Pack_uint32_t(&msg, &message_length);
oemcrypto_core_message->assign(reinterpret_cast<const char*>(buf.data()),
message_length);
@@ -98,10 +103,10 @@ bool CreateResponse(ODK_MessageType message_type, const S& core_request,
}
bool CopyDeviceId(const ODK_ProvisioningRequest& src,
ODK_ProvisioningResponse* dest) {
ODK_ProvisioningResponseV16* dest) {
auto& request = dest->request;
const std::string& device_id = src.device_id;
if (request.device_id_length > sizeof(request.device_id)) {
if (device_id.size() > sizeof(request.device_id)) {
return false;
}
request.device_id_length = static_cast<uint32_t>(device_id.size());
@@ -119,17 +124,17 @@ bool CreateCoreLicenseResponse(const CoreMessageFeatures& features,
std::string* oemcrypto_core_message) {
ODK_LicenseResponse license_response{
{}, const_cast<ODK_ParsedLicense*>(&parsed_lic)};
if (!CreateResponseHeader(features, ODK_License_Response_Type, core_request,
if (!CreateResponseHeader(features, ODK_License_Response_Type,
&license_response.core_message, core_request,
license_response)) {
return false;
}
if (ODK_MAX_NUM_KEYS < license_response.parsed_license->key_array_length) {
return false;
}
if (license_response.request.core_message.nonce_values.api_major_version ==
16) {
if (license_response.core_message.nonce_values.api_major_version == 16) {
ODK_LicenseResponseV16 license_response_v16;
license_response_v16.request = license_response.request;
license_response_v16.request.core_message = license_response.core_message;
license_response_v16.parsed_license.enc_mac_keys_iv =
license_response.parsed_license->enc_mac_keys_iv;
license_response_v16.parsed_license.enc_mac_keys =
@@ -158,12 +163,73 @@ bool CreateCoreLicenseResponse(const CoreMessageFeatures& features,
memcpy(license_response_v16.request_hash, core_request_sha256.data(),
sizeof(license_response_v16.request_hash));
return CreateResponse(ODK_License_Response_Type, core_request,
oemcrypto_core_message, license_response_v16,
Pack_ODK_LicenseResponseV16);
oemcrypto_core_message,
&license_response_v16.request.core_message,
license_response_v16, Pack_ODK_LicenseResponseV16);
} else if (license_response.core_message.nonce_values.api_major_version ==
17) {
ODK_LicenseResponseV17 license_response_v17;
ODK_ParsedLicenseV17* dest = &license_response_v17.parsed_license;
ODK_ParsedLicense src = *license_response.parsed_license;
license_response_v17.request.core_message = license_response.core_message;
dest->enc_mac_keys_iv = src.enc_mac_keys_iv;
dest->enc_mac_keys = src.enc_mac_keys;
dest->pst = src.pst;
dest->srm_restriction_data = src.srm_restriction_data;
dest->license_type = src.license_type;
dest->nonce_required = src.nonce_required;
dest->timer_limits = src.timer_limits;
dest->watermarking = src.watermarking;
dest->dtcp2_required.dtcp2_required = src.dtcp2_required.dtcp2_required;
dest->dtcp2_required.cmi_descriptor_0.id =
src.dtcp2_required.cmi_descriptor_0.id;
dest->dtcp2_required.cmi_descriptor_0.extension =
src.dtcp2_required.cmi_descriptor_0.extension;
dest->dtcp2_required.cmi_descriptor_0.length =
src.dtcp2_required.cmi_descriptor_0.length;
dest->dtcp2_required.cmi_descriptor_0.data =
src.dtcp2_required.cmi_descriptor_0.data;
dest->dtcp2_required.cmi_descriptor_1.id =
src.dtcp2_required.cmi_descriptor_1.id;
dest->dtcp2_required.cmi_descriptor_1.extension =
src.dtcp2_required.cmi_descriptor_1.extension;
dest->dtcp2_required.cmi_descriptor_1.length =
src.dtcp2_required.cmi_descriptor_1.length;
dest->dtcp2_required.cmi_descriptor_1.data[0] =
src.dtcp2_required.cmi_descriptor_1.data[0];
dest->dtcp2_required.cmi_descriptor_1.data[1] =
src.dtcp2_required.cmi_descriptor_1.data[1];
dest->dtcp2_required.cmi_descriptor_1.data[2] =
src.dtcp2_required.cmi_descriptor_1.data[2];
dest->dtcp2_required.cmi_descriptor_2.id =
src.dtcp2_required.cmi_descriptor_2.id;
dest->dtcp2_required.cmi_descriptor_2.extension =
src.dtcp2_required.cmi_descriptor_2.extension;
dest->dtcp2_required.cmi_descriptor_2.length =
src.dtcp2_required.cmi_descriptor_2.length;
dest->dtcp2_required.cmi_descriptor_2.data[0] =
src.dtcp2_required.cmi_descriptor_2.data[0];
dest->dtcp2_required.cmi_descriptor_2.data[1] =
src.dtcp2_required.cmi_descriptor_2.data[1];
dest->dtcp2_required.cmi_descriptor_2.data[2] =
src.dtcp2_required.cmi_descriptor_2.data[2];
dest->key_array_length = src.key_array_length;
uint32_t i;
for (i = 0; i < dest->key_array_length && i < src.key_array_length; i++) {
dest->key_array[i] = src.key_array[i];
}
if (core_request_sha256.size() != sizeof(license_response_v17.request_hash))
return false;
memcpy(license_response_v17.request_hash, core_request_sha256.data(),
sizeof(license_response_v17.request_hash));
return CreateResponse(ODK_License_Response_Type, core_request,
oemcrypto_core_message,
&license_response_v17.request.core_message,
license_response_v17, Pack_ODK_LicenseResponseV17);
}
return CreateResponse(ODK_License_Response_Type, core_request,
oemcrypto_core_message, license_response,
Pack_ODK_LicenseResponse);
oemcrypto_core_message, &license_response.core_message,
license_response, Pack_ODK_LicenseResponse);
}
bool CreateCoreRenewalResponse(const CoreMessageFeatures& features,
@@ -173,13 +239,15 @@ bool CreateCoreRenewalResponse(const CoreMessageFeatures& features,
ODK_RenewalResponse renewal_response{{}, core_request.playback_time_seconds};
renewal_response.request.playback_time = core_request.playback_time_seconds;
renewal_response.renewal_duration_seconds = renewal_duration_seconds;
if (!CreateResponseHeader(features, ODK_Renewal_Response_Type, core_request,
renewal_response)) {
if (!CreateResponseHeader(features, ODK_Renewal_Response_Type,
&renewal_response.request.core_message,
core_request, renewal_response)) {
return false;
}
return CreateResponse(ODK_Renewal_Response_Type, core_request,
oemcrypto_core_message, renewal_response,
Pack_ODK_RenewalResponse);
oemcrypto_core_message,
&renewal_response.request.core_message,
renewal_response, Pack_ODK_RenewalResponse);
}
bool CreateCoreProvisioningResponse(const CoreMessageFeatures& features,
@@ -188,16 +256,43 @@ bool CreateCoreProvisioningResponse(const CoreMessageFeatures& features,
std::string* oemcrypto_core_message) {
ODK_ProvisioningResponse prov_response{
{}, const_cast<ODK_ParsedProvisioning*>(&parsed_prov)};
if (!CopyDeviceId(core_request, &prov_response)) {
if (!CreateResponseHeader(features, ODK_Provisioning_Response_Type,
&prov_response.core_message, core_request,
prov_response)) {
return false;
}
if (prov_response.core_message.nonce_values.api_major_version <= 17) {
ODK_ProvisioningResponseV16 prov_response_v16;
if (!CopyDeviceId(core_request, &prov_response_v16)) {
return false;
}
prov_response_v16.request.core_message = prov_response.core_message;
prov_response_v16.parsed_provisioning = prov_response.parsed_provisioning;
return CreateResponse(ODK_Provisioning_Response_Type, core_request,
oemcrypto_core_message,
&prov_response_v16.request.core_message,
prov_response_v16, Pack_ODK_ProvisioningResponseV16);
}
return CreateResponse(ODK_Provisioning_Response_Type, core_request,
oemcrypto_core_message, &prov_response.core_message,
prov_response, Pack_ODK_ProvisioningResponse);
}
bool CreateCoreProvisioning40Response(
const CoreMessageFeatures& features,
const ODK_Provisioning40Request& core_request,
std::string* oemcrypto_core_message) {
ODK_Provisioning40Response prov_response = {};
if (!CreateResponseHeader(features, ODK_Provisioning_Response_Type,
core_request, prov_response)) {
&prov_response.core_message, core_request,
prov_response)) {
return false;
}
return CreateResponse(ODK_Provisioning_Response_Type, core_request,
oemcrypto_core_message, prov_response,
Pack_ODK_ProvisioningResponse);
oemcrypto_core_message, &prov_response.core_message,
prov_response, Pack_ODK_Provisioning40Response);
}
} // namespace serialize

23
libwvdrmengine/oemcrypto/odk/src/core_message_serialize_proto.cpp
View File

@@ -164,19 +164,16 @@ bool CreateCoreLicenseResponseFromProto(const CoreMessageFeatures& features,
core_request_sha256, oemcrypto_core_message);
}
bool CreateCoreProvisioningResponseFromProto(
const CoreMessageFeatures& features,
bool DeserializeProvisioningResponse(
const std::string& serialized_provisioning_resp,
const ODK_ProvisioningRequest& core_request,
std::string* oemcrypto_core_message) {
ODK_ParsedProvisioning parsed_prov{};
const OEMCrypto_PrivateKeyType device_key_type,
ODK_ParsedProvisioning& parsed_prov) {
video_widevine::ProvisioningResponse prov;
if (!prov.ParseFromString(serialized_provisioning_resp)) {
return false;
}
parsed_prov.key_type =
OEMCrypto_RSA_Private_Key; // TODO(b/148404408): ECC or RSA
parsed_prov.key_type = device_key_type;
if (prov.has_device_rsa_key()) {
parsed_prov.enc_private_key =
GetOecSubstring(serialized_provisioning_resp, prov.device_rsa_key());
@@ -189,7 +186,19 @@ bool CreateCoreProvisioningResponseFromProto(
parsed_prov.encrypted_message_key =
GetOecSubstring(serialized_provisioning_resp, prov.wrapping_key());
}
return true;
}
bool CreateCoreProvisioningResponseFromProto(
const CoreMessageFeatures& features,
const std::string& serialized_provisioning_resp,
const ODK_ProvisioningRequest& core_request,
const OEMCrypto_PrivateKeyType device_key_type,
std::string* oemcrypto_core_message) {
ODK_ParsedProvisioning parsed_prov{};
if (!DeserializeProvisioningResponse(serialized_provisioning_resp,
device_key_type, parsed_prov))
return false;
return CreateCoreProvisioningResponse(features, parsed_prov, core_request,
oemcrypto_core_message);
}

257
libwvdrmengine/oemcrypto/odk/src/odk.c
View File

@@ -6,6 +6,7 @@
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include "odk_overflow.h"
@@ -13,7 +14,6 @@
#include "odk_structs.h"
#include "odk_structs_priv.h"
#include "odk_util.h"
#include "serialization_base.h"
/* @ private odk functions */
@@ -72,6 +72,16 @@ static OEMCryptoResult ODK_PrepareRequest(
&msg, (ODK_PreparedProvisioningRequest*)prepared_request_buffer);
break;
}
case ODK_Provisioning40_Request_Type: {
core_message->message_length = ODK_PROVISIONING40_REQUEST_SIZE;
if (sizeof(ODK_PreparedProvisioning40Request) >
prepared_request_buffer_length) {
return ODK_ERROR_CORE_MESSAGE;
}
Pack_ODK_PreparedProvisioning40Request(
&msg, (ODK_PreparedProvisioning40Request*)prepared_request_buffer);
break;
}
case ODK_Renewed_Provisioning_Request_Type: {
core_message->message_length = ODK_RENEWED_PROVISIONING_REQUEST_SIZE;
if (sizeof(ODK_PreparedRenewedProvisioningRequest) >
@@ -169,14 +179,18 @@ static OEMCryptoResult ODK_ParseCoreHeader(const uint8_t* message,
/* @@ prepare request functions */
OEMCryptoResult ODK_PrepareCoreLicenseRequest(
uint8_t* message, size_t message_length, size_t* core_message_length,
const ODK_NonceValues* nonce_values) {
if (core_message_length == NULL || nonce_values == NULL) {
uint8_t* message, size_t message_length, size_t* core_message_size,
const ODK_NonceValues* nonce_values,
const ODK_MessageCounterInfo* counter_info) {
if (core_message_size == NULL || nonce_values == NULL ||
counter_info == NULL) {
return ODK_ERROR_CORE_MESSAGE;
}
ODK_PreparedLicenseRequest license_request = {0};
memcpy(&license_request.counter_info, counter_info,
sizeof(license_request.counter_info));
return ODK_PrepareRequest(
message, message_length, core_message_length, ODK_License_Request_Type,
message, message_length, core_message_size, ODK_License_Request_Type,
nonce_values, &license_request, sizeof(ODK_PreparedLicenseRequest));
}
@@ -230,25 +244,47 @@ OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message,
OEMCryptoResult ODK_PrepareCoreProvisioningRequest(
uint8_t* message, size_t message_length, size_t* core_message_length,
const ODK_NonceValues* nonce_values, const uint8_t* device_id,
size_t device_id_length) {
if (core_message_length == NULL || nonce_values == NULL) {
const ODK_NonceValues* nonce_values,
const ODK_MessageCounterInfo* counter_info) {
if (core_message_length == NULL || nonce_values == NULL ||
counter_info == NULL) {
return ODK_ERROR_CORE_MESSAGE;
}
ODK_PreparedProvisioningRequest provisioning_request = {0};
if (device_id_length > sizeof(provisioning_request.device_id)) {
return ODK_ERROR_CORE_MESSAGE;
}
provisioning_request.device_id_length = (uint32_t)device_id_length;
if (device_id) {
memcpy(provisioning_request.device_id, device_id, device_id_length);
}
memcpy(&provisioning_request.counter_info, counter_info,
sizeof(ODK_MessageCounterInfo));
return ODK_PrepareRequest(message, message_length, core_message_length,
ODK_Provisioning_Request_Type, nonce_values,
&provisioning_request,
sizeof(ODK_PreparedProvisioningRequest));
}
OEMCryptoResult ODK_PrepareCoreProvisioning40Request(
uint8_t* message, size_t message_length, size_t* core_message_length,
const ODK_NonceValues* nonce_values, const uint8_t* device_info,
size_t device_info_length, const ODK_MessageCounterInfo* counter_info) {
if (core_message_length == NULL || nonce_values == NULL ||
counter_info == NULL) {
return ODK_ERROR_CORE_MESSAGE;
}
ODK_PreparedProvisioning40Request provisioning_request = {0};
if (device_info_length > sizeof(provisioning_request.device_info)) {
return ODK_ERROR_CORE_MESSAGE;
}
provisioning_request.device_info_length = (uint32_t)device_info_length;
if (device_info) {
memcpy(provisioning_request.device_info, device_info, device_info_length);
}
memcpy(&provisioning_request.counter_info, counter_info,
sizeof(provisioning_request.counter_info));
return ODK_PrepareRequest(message, message_length, core_message_length,
ODK_Provisioning40_Request_Type, nonce_values,
&provisioning_request,
sizeof(provisioning_request));
}
OEMCryptoResult ODK_PrepareCoreRenewedProvisioningRequest(
uint8_t* message, size_t message_length, size_t* core_message_length,
const ODK_NonceValues* nonce_values, const uint8_t* device_id,
@@ -285,14 +321,15 @@ OEMCryptoResult ODK_PrepareCoreRenewedProvisioningRequest(
OEMCryptoResult ODK_ParseLicense(
const uint8_t* message, size_t message_length, size_t core_message_length,
bool initial_license_load, bool usage_entry_present,
ODK_TimerLimits* timer_limits, ODK_ClockValues* clock_values,
ODK_NonceValues* nonce_values, ODK_ParsedLicense* parsed_license) {
uint64_t system_time_seconds, ODK_TimerLimits* timer_limits,
ODK_ClockValues* clock_values, ODK_NonceValues* nonce_values,
ODK_ParsedLicense* parsed_license, uint64_t* timer_value) {
if (message == NULL || timer_limits == NULL || clock_values == NULL ||
nonce_values == NULL || parsed_license == NULL) {
return ODK_ERROR_CORE_MESSAGE;
}
const OEMCryptoResult err =
OEMCryptoResult err =
ODK_ParseCoreHeader(message, message_length, core_message_length,
ODK_License_Response_Type, nonce_values);
if (err != OEMCrypto_SUCCESS) {
@@ -303,6 +340,7 @@ OEMCryptoResult ODK_ParseLicense(
license_response.parsed_license = parsed_license;
ODK_Message msg = ODK_Message_Create((uint8_t*)message, message_length);
ODK_Message_SetSize(&msg, core_message_length);
if (nonce_values->api_major_version == 16) {
ODK_LicenseResponseV16 license_response_v16 = {0};
@@ -339,7 +377,6 @@ OEMCryptoResult ODK_ParseLicense(
}
// Set fields not used in V16 to default values.
parsed_license->watermarking = 0;
// Set fields not used in V16 to default values.
parsed_license->dtcp2_required.dtcp2_required = 0;
parsed_license->dtcp2_required.cmi_descriptor_0.id = 0;
parsed_license->dtcp2_required.cmi_descriptor_0.extension = 0;
@@ -357,7 +394,73 @@ OEMCryptoResult ODK_ParseLicense(
parsed_license->dtcp2_required.cmi_descriptor_2.data[0] = 0;
parsed_license->dtcp2_required.cmi_descriptor_2.data[1] = 0;
parsed_license->dtcp2_required.cmi_descriptor_2.data[2] = 0;
license_response.request = license_response_v16.request;
license_response.core_message = license_response_v16.request.core_message;
parsed_license->renewal_delay_base = 0;
} else if (nonce_values->api_major_version == 17) {
ODK_LicenseResponseV17 license_response_v17 = {0};
Unpack_ODK_LicenseResponseV17(&msg, &license_response_v17);
if (ODK_Message_GetStatus(&msg) != MESSAGE_STATUS_OK ||
ODK_Message_GetOffset(&msg) != core_message_length) {
return ODK_ERROR_CORE_MESSAGE;
}
ODK_ParsedLicenseV17 src = license_response_v17.parsed_license;
// Need to manually set parsed_license fields to
// license_response_v17.parsed_license field values since
// license_response_v17 is no longer a pointer so parsed_license doesn't get
// updated during the unpacking.
parsed_license->enc_mac_keys_iv = src.enc_mac_keys_iv;
parsed_license->enc_mac_keys = src.enc_mac_keys;
parsed_license->pst = src.pst;
parsed_license->srm_restriction_data = src.srm_restriction_data;
parsed_license->license_type = src.license_type;
parsed_license->nonce_required = src.nonce_required;
parsed_license->timer_limits = src.timer_limits;
parsed_license->watermarking = src.watermarking;
parsed_license->dtcp2_required.dtcp2_required =
src.dtcp2_required.dtcp2_required;
parsed_license->dtcp2_required.cmi_descriptor_0.id =
src.dtcp2_required.cmi_descriptor_0.id;
parsed_license->dtcp2_required.cmi_descriptor_0.extension =
src.dtcp2_required.cmi_descriptor_0.extension;
parsed_license->dtcp2_required.cmi_descriptor_0.length =
src.dtcp2_required.cmi_descriptor_0.length;
parsed_license->dtcp2_required.cmi_descriptor_0.data =
src.dtcp2_required.cmi_descriptor_0.data;
parsed_license->dtcp2_required.cmi_descriptor_1.id =
src.dtcp2_required.cmi_descriptor_1.id;
parsed_license->dtcp2_required.cmi_descriptor_1.extension =
src.dtcp2_required.cmi_descriptor_1.extension;
parsed_license->dtcp2_required.cmi_descriptor_1.length =
src.dtcp2_required.cmi_descriptor_1.length;
parsed_license->dtcp2_required.cmi_descriptor_1.data[0] =
src.dtcp2_required.cmi_descriptor_1.data[0];
parsed_license->dtcp2_required.cmi_descriptor_1.data[1] =
src.dtcp2_required.cmi_descriptor_1.data[1];
parsed_license->dtcp2_required.cmi_descriptor_1.data[2] =
src.dtcp2_required.cmi_descriptor_1.data[2];
parsed_license->dtcp2_required.cmi_descriptor_2.id =
src.dtcp2_required.cmi_descriptor_2.id;
parsed_license->dtcp2_required.cmi_descriptor_2.extension =
src.dtcp2_required.cmi_descriptor_2.extension;
parsed_license->dtcp2_required.cmi_descriptor_2.length =
src.dtcp2_required.cmi_descriptor_2.length;
parsed_license->dtcp2_required.cmi_descriptor_2.data[0] =
src.dtcp2_required.cmi_descriptor_2.data[0];
parsed_license->dtcp2_required.cmi_descriptor_2.data[1] =
src.dtcp2_required.cmi_descriptor_2.data[1];
parsed_license->dtcp2_required.cmi_descriptor_2.data[2] =
src.dtcp2_required.cmi_descriptor_2.data[2];
parsed_license->key_array_length = src.key_array_length;
uint32_t i;
for (i = 0; i < parsed_license->key_array_length; i++) {
parsed_license->key_array[i] = src.key_array[i];
}
// Set fields not used in V17 to default values.
parsed_license->renewal_delay_base = 0;
license_response.core_message = license_response_v17.request.core_message;
} else {
Unpack_ODK_LicenseResponse(&msg, &license_response);
@@ -382,26 +485,32 @@ OEMCryptoResult ODK_ParseLicense(
*/
if (parsed_license->nonce_required && initial_license_load) {
if (nonce_values->nonce !=
license_response.request.core_message.nonce_values.nonce ||
license_response.core_message.nonce_values.nonce ||
nonce_values->session_id !=
license_response.request.core_message.nonce_values.session_id) {
license_response.core_message.nonce_values.session_id) {
return OEMCrypto_ERROR_INVALID_NONCE;
}
} else { /* !initial_license_load, or can't tell if initial. */
nonce_values->nonce =
license_response.request.core_message.nonce_values.nonce;
nonce_values->nonce = license_response.core_message.nonce_values.nonce;
nonce_values->session_id =
license_response.request.core_message.nonce_values.session_id;
license_response.core_message.nonce_values.session_id;
}
bool license_load =
(parsed_license->renewal_delay_base == OEMCrypto_License_Load);
*timer_limits = parsed_license->timer_limits;
/* And update the clock values state. */
clock_values->timer_status = ODK_CLOCK_TIMER_STATUS_LICENSE_LOADED;
if (nonce_values->api_major_version == 18 && license_load) {
err = ODK_AttemptFirstPlayback(system_time_seconds, timer_limits,
clock_values, timer_value);
return err;
}
return OEMCrypto_SUCCESS;
}
OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
size_t core_message_length,
const ODK_NonceValues* nonce_values,
ODK_NonceValues* nonce_values,
uint64_t system_time,
const ODK_TimerLimits* timer_limits,
ODK_ClockValues* clock_values,
@@ -413,7 +522,7 @@ OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
const OEMCryptoResult err =
ODK_ParseCoreHeader(message, message_length, core_message_length,
ODK_Renewal_Response_Type, NULL);
ODK_Renewal_Response_Type, nonce_values);
if (err != OEMCrypto_SUCCESS) {
return err;
}
@@ -454,7 +563,7 @@ OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
OEMCryptoResult ODK_ParseProvisioning(
const uint8_t* message, size_t message_length, size_t core_message_length,
const ODK_NonceValues* nonce_values, const uint8_t* device_id,
ODK_NonceValues* nonce_values, const uint8_t* device_id,
size_t device_id_length, ODK_ParsedProvisioning* parsed_response) {
if (message == NULL || nonce_values == NULL || device_id == NULL ||
parsed_response == NULL) {
@@ -462,44 +571,96 @@ OEMCryptoResult ODK_ParseProvisioning(
}
const OEMCryptoResult err =
ODK_ParseCoreHeader(message, message_length, core_message_length,
ODK_Provisioning_Response_Type, NULL);
ODK_Provisioning_Response_Type, nonce_values);
if (err != OEMCrypto_SUCCESS) {
return err;
}
ODK_ProvisioningResponse provisioning_response = {0};
provisioning_response.parsed_provisioning = parsed_response;
if (device_id_length > ODK_DEVICE_ID_LEN_MAX) {
if (nonce_values->api_major_version <= 17) {
// Do v16/v17
ODK_ProvisioningResponseV16 provisioning_response = {0};
provisioning_response.parsed_provisioning = parsed_response;
if (device_id_length > ODK_DEVICE_ID_LEN_MAX) {
return ODK_ERROR_CORE_MESSAGE;
}
ODK_Message msg = ODK_Message_Create((uint8_t*)message, message_length);
ODK_Message_SetSize(&msg, core_message_length);
Unpack_ODK_ProvisioningResponseV16(&msg, &provisioning_response);
if (ODK_Message_GetStatus(&msg) != MESSAGE_STATUS_OK ||
ODK_Message_GetOffset(&msg) != core_message_length) {
return ODK_ERROR_CORE_MESSAGE;
}
/* always verify nonce_values for Renewal and Provisioning responses */
if (!ODK_NonceValuesEqualExcludingVersion(
nonce_values,
&(provisioning_response.request.core_message.nonce_values))) {
return OEMCrypto_ERROR_INVALID_NONCE;
}
if (crypto_memcmp(device_id, provisioning_response.request.device_id,
device_id_length) != 0) {
return ODK_ERROR_CORE_MESSAGE;
}
const uint8_t zero[ODK_DEVICE_ID_LEN_MAX] = {0};
/* check bytes beyond device_id_length are 0 */
if (crypto_memcmp(
zero, provisioning_response.request.device_id + device_id_length,
ODK_DEVICE_ID_LEN_MAX - device_id_length) != 0) {
return ODK_ERROR_CORE_MESSAGE;
}
} else {
// v18
ODK_ProvisioningResponse provisioning_response = {0};
provisioning_response.parsed_provisioning = parsed_response;
ODK_Message msg = ODK_Message_Create((uint8_t*)message, message_length);
ODK_Message_SetSize(&msg, core_message_length);
Unpack_ODK_ProvisioningResponse(&msg, &provisioning_response);
if (ODK_Message_GetStatus(&msg) != MESSAGE_STATUS_OK ||
ODK_Message_GetOffset(&msg) != core_message_length) {
return ODK_ERROR_CORE_MESSAGE;
}
/* always verify nonce_values for Renewal and Provisioning responses */
if (!ODK_NonceValuesEqualExcludingVersion(
nonce_values, &(provisioning_response.core_message.nonce_values))) {
return OEMCrypto_ERROR_INVALID_NONCE;
}
}
return OEMCrypto_SUCCESS;
}
OEMCryptoResult ODK_ParseProvisioning40(const uint8_t* message,
size_t message_length,
size_t core_message_length,
ODK_NonceValues* nonce_values) {
if (message == NULL || nonce_values == NULL) {
return ODK_ERROR_CORE_MESSAGE;
}
const OEMCryptoResult err =
ODK_ParseCoreHeader(message, message_length, core_message_length,
ODK_Provisioning_Response_Type, nonce_values);
if (err != OEMCrypto_SUCCESS) {
return err;
}
ODK_Provisioning40Response provisioning_response = {0};
ODK_Message msg = ODK_Message_Create((uint8_t*)message, message_length);
ODK_Message_SetSize(&msg, core_message_length);
Unpack_ODK_ProvisioningResponse(&msg, &provisioning_response);
Unpack_ODK_Provisioning40Response(&msg, &provisioning_response);
if (ODK_Message_GetStatus(&msg) != MESSAGE_STATUS_OK ||
ODK_Message_GetOffset(&msg) != core_message_length) {
return ODK_ERROR_CORE_MESSAGE;
}
/* always verify nonce_values for Renewal and Provisioning responses */
if (!ODK_NonceValuesEqualExcludingVersion(
nonce_values,
&(provisioning_response.request.core_message.nonce_values))) {
nonce_values, &(provisioning_response.core_message.nonce_values))) {
return OEMCrypto_ERROR_INVALID_NONCE;
}
if (crypto_memcmp(device_id, provisioning_response.request.device_id,
device_id_length) != 0) {
return ODK_ERROR_CORE_MESSAGE;
}
const uint8_t zero[ODK_DEVICE_ID_LEN_MAX] = {0};
/* check bytes beyond device_id_length are 0 */
if (crypto_memcmp(zero,
provisioning_response.request.device_id + device_id_length,
ODK_DEVICE_ID_LEN_MAX - device_id_length) != 0) {
return ODK_ERROR_CORE_MESSAGE;
}
return OEMCrypto_SUCCESS;
}

2
libwvdrmengine/oemcrypto/odk/src/odk_overflow.c
View File

@@ -2,6 +2,8 @@
// source code may only be used and distributed under the Widevine
// License Agreement.
#include "odk_overflow.h"
#include <stddef.h>
#include <stdint.h>

218
libwvdrmengine/oemcrypto/odk/src/odk_serialize.c
View File

@@ -6,6 +6,8 @@
* This code is auto-generated, do not edit
*/
#include "odk_serialize.h"
#include "odk_structs_priv.h"
#include "serialization_base.h"
@@ -78,6 +80,48 @@ static void Pack_ODK_ParsedLicense(ODK_Message* msg,
Pack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_2.data[1]);
Pack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_2.data[2]);
}
Pack_enum(msg, obj->renewal_delay_base);
Pack_uint32_t(msg, &obj->key_array_length);
size_t i;
for (i = 0; i < (size_t)obj->key_array_length; i++) {
Pack_OEMCrypto_KeyObject(msg, &obj->key_array[i]);
}
}
static void Pack_ODK_ParsedLicenseV17(ODK_Message* msg,
ODK_ParsedLicenseV17 const* obj) {
/* hand-coded */
if (obj->key_array_length > ODK_MAX_NUM_KEYS) {
ODK_Message_SetStatus(msg, MESSAGE_STATUS_OVERFLOW_ERROR);
return;
}
Pack_OEMCrypto_Substring(msg, &obj->enc_mac_keys_iv);
Pack_OEMCrypto_Substring(msg, &obj->enc_mac_keys);
Pack_OEMCrypto_Substring(msg, &obj->pst);
Pack_OEMCrypto_Substring(msg, &obj->srm_restriction_data);
Pack_enum(msg, obj->license_type);
Pack_bool(msg, &obj->nonce_required);
Pack_ODK_TimerLimits(msg, &obj->timer_limits);
Pack_uint32_t(msg, &obj->watermarking);
Pack_uint8_t(msg, &obj->dtcp2_required.dtcp2_required);
if (obj->dtcp2_required.dtcp2_required) {
Pack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_0.id);
Pack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_0.extension);
Pack_uint16_t(msg, &obj->dtcp2_required.cmi_descriptor_0.length);
Pack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_0.data);
Pack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_1.id);
Pack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_1.extension);
Pack_uint16_t(msg, &obj->dtcp2_required.cmi_descriptor_1.length);
Pack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_1.data[0]);
Pack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_1.data[1]);
Pack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_1.data[2]);
Pack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_2.id);
Pack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_2.extension);
Pack_uint16_t(msg, &obj->dtcp2_required.cmi_descriptor_2.length);
Pack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_2.data[0]);
Pack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_2.data[1]);
Pack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_2.data[2]);
}
Pack_uint32_t(msg, &obj->key_array_length);
size_t i;
for (i = 0; i < (size_t)obj->key_array_length; i++) {
@@ -114,11 +158,31 @@ static void Pack_ODK_ParsedProvisioning(ODK_Message* msg,
Pack_OEMCrypto_Substring(msg, &obj->encrypted_message_key);
}
static void Pack_ODK_MessageCounterInfo(ODK_Message* msg,
ODK_MessageCounterInfo const* obj) {
Pack_uint64_t(msg, &obj->master_generation_number);
Pack_uint32_t(msg, &obj->provisioning_count);
Pack_uint32_t(msg, &obj->license_count);
Pack_uint32_t(msg, &obj->decrypt_count);
Pack_uint16_t(msg, &obj->major_version);
Pack_uint16_t(msg, &obj->minor_version);
Pack_uint16_t(msg, &obj->patch_version);
PackArray(msg, &obj->soc_vendor[0], sizeof(obj->soc_vendor));
PackArray(msg, &obj->chipset_model[0], sizeof(obj->chipset_model));
PackArray(msg, &obj->extra[0], sizeof(obj->extra));
}
/* @@ odk serialize */
void Pack_ODK_PreparedLicenseRequest(ODK_Message* msg,
ODK_PreparedLicenseRequest const* obj) {
Pack_ODK_CoreMessage(msg, &obj->core_message);
Pack_ODK_MessageCounterInfo(msg, &obj->counter_info);
}
void Pack_ODK_PreparedLicenseRequestV17(
ODK_Message* msg, ODK_PreparedLicenseRequestV17 const* obj) {
Pack_ODK_CoreMessage(msg, &obj->core_message);
}
void Pack_ODK_PreparedRenewalRequest(ODK_Message* msg,
@@ -130,10 +194,24 @@ void Pack_ODK_PreparedRenewalRequest(ODK_Message* msg,
void Pack_ODK_PreparedProvisioningRequest(
ODK_Message* msg, const ODK_PreparedProvisioningRequest* obj) {
Pack_ODK_CoreMessage(msg, &obj->core_message);
Pack_ODK_MessageCounterInfo(msg, &obj->counter_info);
}
void Pack_ODK_PreparedProvisioningRequestV17(
ODK_Message* msg, const ODK_PreparedProvisioningRequestV17* obj) {
Pack_ODK_CoreMessage(msg, &obj->core_message);
Pack_uint32_t(msg, &obj->device_id_length);
PackArray(msg, &obj->device_id[0], sizeof(obj->device_id));
}
void Pack_ODK_PreparedProvisioning40Request(
ODK_Message* msg, const ODK_PreparedProvisioning40Request* obj) {
Pack_ODK_CoreMessage(msg, &obj->core_message);
Pack_uint32_t(msg, &obj->device_info_length);
PackArray(msg, &obj->device_info[0], sizeof(obj->device_info));
Pack_ODK_MessageCounterInfo(msg, &obj->counter_info);
}
void Pack_ODK_PreparedRenewedProvisioningRequest(
ODK_Message* msg, const ODK_PreparedRenewedProvisioningRequest* obj) {
Pack_ODK_CoreMessage(msg, &obj->core_message);
@@ -148,13 +226,19 @@ void Pack_ODK_PreparedRenewedProvisioningRequest(
void Pack_ODK_LicenseResponse(ODK_Message* msg,
ODK_LicenseResponse const* obj) {
Pack_ODK_PreparedLicenseRequest(msg, &obj->request);
Pack_ODK_CoreMessage(msg, &obj->core_message);
Pack_ODK_ParsedLicense(msg, (const ODK_ParsedLicense*)obj->parsed_license);
}
void Pack_ODK_LicenseResponseV17(ODK_Message* msg,
ODK_LicenseResponseV17 const* obj) {
Pack_ODK_PreparedLicenseRequestV17(msg, &obj->request);
Pack_ODK_ParsedLicenseV17(msg, &obj->parsed_license);
}
void Pack_ODK_LicenseResponseV16(ODK_Message* msg,
ODK_LicenseResponseV16 const* obj) {
Pack_ODK_PreparedLicenseRequest(msg, &obj->request);
Pack_ODK_PreparedLicenseRequestV17(msg, &obj->request);
Pack_ODK_ParsedLicenseV16(msg, &obj->parsed_license);
PackArray(msg, &obj->request_hash[0], sizeof(obj->request_hash));
}
@@ -167,11 +251,23 @@ void Pack_ODK_RenewalResponse(ODK_Message* msg,
void Pack_ODK_ProvisioningResponse(ODK_Message* msg,
const ODK_ProvisioningResponse* obj) {
Pack_ODK_PreparedProvisioningRequest(msg, &obj->request);
Pack_ODK_CoreMessage(msg, &obj->core_message);
Pack_ODK_ParsedProvisioning(
msg, (const ODK_ParsedProvisioning*)obj->parsed_provisioning);
}
void Pack_ODK_ProvisioningResponseV16(ODK_Message* msg,
const ODK_ProvisioningResponseV16* obj) {
Pack_ODK_PreparedProvisioningRequestV17(msg, &obj->request);
Pack_ODK_ParsedProvisioning(
msg, (const ODK_ParsedProvisioning*)obj->parsed_provisioning);
}
void Pack_ODK_Provisioning40Response(ODK_Message* msg,
const ODK_Provisioning40Response* obj) {
Pack_ODK_CoreMessage(msg, &obj->core_message);
}
/* @ deserialize */
/* @@ private deserialize */
@@ -253,6 +349,65 @@ static void Unpack_ODK_ParsedLicense(ODK_Message* msg, ODK_ParsedLicense* obj) {
obj->dtcp2_required.cmi_descriptor_2.data[1] = 0;
obj->dtcp2_required.cmi_descriptor_2.data[2] = 0;
}
Unpack_OEMCrypto_TimerDelayBase(msg, &obj->renewal_delay_base);
Unpack_uint32_t(msg, &obj->key_array_length);
if (obj->key_array_length > ODK_MAX_NUM_KEYS) {
ODK_Message_SetStatus(msg, MESSAGE_STATUS_OVERFLOW_ERROR);
return;
}
uint32_t i;
for (i = 0; i < obj->key_array_length; i++) {
Unpack_OEMCrypto_KeyObject(msg, &obj->key_array[i]);
}
}
static void Unpack_ODK_ParsedLicenseV17(ODK_Message* msg,
ODK_ParsedLicenseV17* obj) {
Unpack_OEMCrypto_Substring(msg, &obj->enc_mac_keys_iv);
Unpack_OEMCrypto_Substring(msg, &obj->enc_mac_keys);
Unpack_OEMCrypto_Substring(msg, &obj->pst);
Unpack_OEMCrypto_Substring(msg, &obj->srm_restriction_data);
Unpack_OEMCrypto_LicenseType(msg, &obj->license_type);
Unpack_bool(msg, &obj->nonce_required);
Unpack_ODK_TimerLimits(msg, &obj->timer_limits);
Unpack_uint32_t(msg, &obj->watermarking);
Unpack_uint8_t(msg, &obj->dtcp2_required.dtcp2_required);
if (obj->dtcp2_required.dtcp2_required) {
Unpack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_0.id);
Unpack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_0.extension);
Unpack_uint16_t(msg, &obj->dtcp2_required.cmi_descriptor_0.length);
Unpack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_0.data);
Unpack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_1.id);
Unpack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_1.extension);
Unpack_uint16_t(msg, &obj->dtcp2_required.cmi_descriptor_1.length);
Unpack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_1.data[0]);
Unpack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_1.data[1]);
Unpack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_1.data[2]);
Unpack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_2.id);
Unpack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_2.extension);
Unpack_uint16_t(msg, &obj->dtcp2_required.cmi_descriptor_2.length);
Unpack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_2.data[0]);
Unpack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_2.data[1]);
Unpack_uint8_t(msg, &obj->dtcp2_required.cmi_descriptor_2.data[2]);
} else {
obj->dtcp2_required.dtcp2_required = 0;
obj->dtcp2_required.cmi_descriptor_0.id = 0;
obj->dtcp2_required.cmi_descriptor_0.extension = 0;
obj->dtcp2_required.cmi_descriptor_0.length = 0;
obj->dtcp2_required.cmi_descriptor_0.data = 0;
obj->dtcp2_required.cmi_descriptor_1.id = 0;
obj->dtcp2_required.cmi_descriptor_1.extension = 0;
obj->dtcp2_required.cmi_descriptor_1.length = 0;
obj->dtcp2_required.cmi_descriptor_1.data[0] = 0;
obj->dtcp2_required.cmi_descriptor_1.data[1] = 0;
obj->dtcp2_required.cmi_descriptor_1.data[2] = 0;
obj->dtcp2_required.cmi_descriptor_2.id = 0;
obj->dtcp2_required.cmi_descriptor_2.extension = 0;
obj->dtcp2_required.cmi_descriptor_2.length = 0;
obj->dtcp2_required.cmi_descriptor_2.data[0] = 0;
obj->dtcp2_required.cmi_descriptor_2.data[1] = 0;
obj->dtcp2_required.cmi_descriptor_2.data[2] = 0;
}
Unpack_uint32_t(msg, &obj->key_array_length);
if (obj->key_array_length > ODK_MAX_NUM_KEYS) {
ODK_Message_SetStatus(msg, MESSAGE_STATUS_OVERFLOW_ERROR);
@@ -292,11 +447,31 @@ static void Unpack_ODK_ParsedProvisioning(ODK_Message* msg,
Unpack_OEMCrypto_Substring(msg, &obj->encrypted_message_key);
}
static void Unpack_ODK_MessageCounterInfo(ODK_Message* msg,
ODK_MessageCounterInfo* obj) {
Unpack_uint64_t(msg, &obj->master_generation_number);
Unpack_uint32_t(msg, &obj->provisioning_count);
Unpack_uint32_t(msg, &obj->license_count);
Unpack_uint32_t(msg, &obj->decrypt_count);
Unpack_uint16_t(msg, &obj->major_version);
Unpack_uint16_t(msg, &obj->minor_version);
Unpack_uint16_t(msg, &obj->patch_version);
UnpackArray(msg, &obj->soc_vendor[0], sizeof(obj->soc_vendor));
UnpackArray(msg, &obj->chipset_model[0], sizeof(obj->chipset_model));
UnpackArray(msg, &obj->extra[0], sizeof(obj->extra));
}
/* @ kdo deserialize */
void Unpack_ODK_PreparedLicenseRequest(ODK_Message* msg,
ODK_PreparedLicenseRequest* obj) {
Unpack_ODK_CoreMessage(msg, &obj->core_message);
Unpack_ODK_MessageCounterInfo(msg, &obj->counter_info);
}
void Unpack_ODK_PreparedLicenseRequestV17(ODK_Message* msg,
ODK_PreparedLicenseRequestV17* obj) {
Unpack_ODK_CoreMessage(msg, &obj->core_message);
}
void Unpack_ODK_PreparedRenewalRequest(ODK_Message* msg,
@@ -308,10 +483,24 @@ void Unpack_ODK_PreparedRenewalRequest(ODK_Message* msg,
void Unpack_ODK_PreparedProvisioningRequest(
ODK_Message* msg, ODK_PreparedProvisioningRequest* obj) {
Unpack_ODK_CoreMessage(msg, &obj->core_message);
Unpack_ODK_MessageCounterInfo(msg, &obj->counter_info);
}
void Unpack_ODK_PreparedProvisioningRequestV17(
ODK_Message* msg, ODK_PreparedProvisioningRequestV17* obj) {
Unpack_ODK_CoreMessage(msg, &obj->core_message);
Unpack_uint32_t(msg, &obj->device_id_length);
UnpackArray(msg, &obj->device_id[0], sizeof(obj->device_id));
}
void Unpack_ODK_PreparedProvisioning40Request(
ODK_Message* msg, ODK_PreparedProvisioning40Request* obj) {
Unpack_ODK_CoreMessage(msg, &obj->core_message);
Unpack_uint32_t(msg, &obj->device_info_length);
UnpackArray(msg, &obj->device_info[0], sizeof(obj->device_info));
Unpack_ODK_MessageCounterInfo(msg, &obj->counter_info);
}
void Unpack_ODK_PreparedRenewedProvisioningRequest(
ODK_Message* msg, ODK_PreparedRenewedProvisioningRequest* obj) {
Unpack_ODK_CoreMessage(msg, &obj->core_message);
@@ -329,13 +518,19 @@ void Unpack_ODK_PreparedCommonRequest(ODK_Message* msg,
/* @@ odk deserialize */
void Unpack_ODK_LicenseResponse(ODK_Message* msg, ODK_LicenseResponse* obj) {
Unpack_ODK_PreparedLicenseRequest(msg, &obj->request);
Unpack_ODK_CoreMessage(msg, &obj->core_message);
Unpack_ODK_ParsedLicense(msg, obj->parsed_license);
}
void Unpack_ODK_LicenseResponseV17(ODK_Message* msg,
ODK_LicenseResponseV17* obj) {
Unpack_ODK_PreparedLicenseRequestV17(msg, &obj->request);
Unpack_ODK_ParsedLicenseV17(msg, &obj->parsed_license);
}
void Unpack_ODK_LicenseResponseV16(ODK_Message* msg,
ODK_LicenseResponseV16* obj) {
Unpack_ODK_PreparedLicenseRequest(msg, &obj->request);
Unpack_ODK_PreparedLicenseRequestV17(msg, &obj->request);
Unpack_ODK_ParsedLicenseV16(msg, &obj->parsed_license);
UnpackArray(msg, &obj->request_hash[0], sizeof(obj->request_hash));
}
@@ -347,6 +542,17 @@ void Unpack_ODK_RenewalResponse(ODK_Message* msg, ODK_RenewalResponse* obj) {
void Unpack_ODK_ProvisioningResponse(ODK_Message* msg,
ODK_ProvisioningResponse* obj) {
Unpack_ODK_PreparedProvisioningRequest(msg, &obj->request);
Unpack_ODK_CoreMessage(msg, &obj->core_message);
Unpack_ODK_ParsedProvisioning(msg, obj->parsed_provisioning);
}
void Unpack_ODK_ProvisioningResponseV16(ODK_Message* msg,
ODK_ProvisioningResponseV16* obj) {
Unpack_ODK_PreparedProvisioningRequestV17(msg, &obj->request);
Unpack_ODK_ParsedProvisioning(msg, obj->parsed_provisioning);
}
void Unpack_ODK_Provisioning40Response(ODK_Message* msg,
ODK_Provisioning40Response* obj) {
Unpack_ODK_CoreMessage(msg, &obj->core_message);
}

26
libwvdrmengine/oemcrypto/odk/src/odk_serialize.h
View File

@@ -8,8 +8,8 @@
#ifndef WIDEVINE_ODK_SRC_ODK_SERIALIZE_H_
#define WIDEVINE_ODK_SRC_ODK_SERIALIZE_H_
#include "odk_message.h"
#include "odk_structs_priv.h"
#include "serialization_base.h"
#ifdef __cplusplus
extern "C" {
@@ -18,37 +18,61 @@ extern "C" {
/* odk pack */
void Pack_ODK_PreparedLicenseRequest(ODK_Message* msg,
const ODK_PreparedLicenseRequest* obj);
void Pack_ODK_PreparedLicenseRequestV16(
ODK_Message* msg, const ODK_PreparedLicenseRequestV17* obj);
void Pack_ODK_PreparedRenewalRequest(ODK_Message* msg,
const ODK_PreparedRenewalRequest* obj);
void Pack_ODK_PreparedProvisioningRequest(
ODK_Message* msg, const ODK_PreparedProvisioningRequest* obj);
void Pack_ODK_PreparedProvisioningRequestV17(
ODK_Message* msg, const ODK_PreparedProvisioningRequestV17* obj);
void Pack_ODK_PreparedProvisioning40Request(
ODK_Message* msg, const ODK_PreparedProvisioning40Request* obj);
void Pack_ODK_PreparedRenewedProvisioningRequest(
ODK_Message* msg, const ODK_PreparedRenewedProvisioningRequest* obj);
/* odk unpack */
void Unpack_ODK_CoreMessage(ODK_Message* msg, ODK_CoreMessage* obj);
void Unpack_ODK_LicenseResponse(ODK_Message* msg, ODK_LicenseResponse* obj);
void Unpack_ODK_LicenseResponseV17(ODK_Message* msg,
ODK_LicenseResponseV17* obj);
void Unpack_ODK_LicenseResponseV16(ODK_Message* msg,
ODK_LicenseResponseV16* obj);
void Unpack_ODK_RenewalResponse(ODK_Message* msg, ODK_RenewalResponse* obj);
void Unpack_ODK_ProvisioningResponse(ODK_Message* msg,
ODK_ProvisioningResponse* obj);
void Unpack_ODK_ProvisioningResponseV16(ODK_Message* msg,
ODK_ProvisioningResponseV16* obj);
void Unpack_ODK_Provisioning40Response(ODK_Message* msg,
ODK_Provisioning40Response* obj);
/* kdo pack */
void Pack_ODK_LicenseResponse(ODK_Message* msg, const ODK_LicenseResponse* obj);
void Pack_ODK_LicenseResponseV17(ODK_Message* msg,
const ODK_LicenseResponseV17* obj);
void Pack_ODK_LicenseResponseV16(ODK_Message* msg,
const ODK_LicenseResponseV16* obj);
void Pack_ODK_RenewalResponse(ODK_Message* msg, const ODK_RenewalResponse* obj);
void Pack_ODK_ProvisioningResponse(ODK_Message* msg,
const ODK_ProvisioningResponse* obj);
void Pack_ODK_ProvisioningResponseV16(ODK_Message* msg,
const ODK_ProvisioningResponseV16* obj);
void Pack_ODK_Provisioning40Response(ODK_Message* msg,
const ODK_Provisioning40Response* obj);
/* kdo unpack */
void Unpack_ODK_PreparedLicenseRequest(ODK_Message* msg,
ODK_PreparedLicenseRequest* obj);
void Unpack_ODK_PreparedLicenseRequestV17(ODK_Message* msg,
ODK_PreparedLicenseRequestV17* obj);
void Unpack_ODK_PreparedRenewalRequest(ODK_Message* msg,
ODK_PreparedRenewalRequest* obj);
void Unpack_ODK_PreparedProvisioningRequest(
ODK_Message* msg, ODK_PreparedProvisioningRequest* obj);
void Unpack_ODK_PreparedProvisioningRequestV17(
ODK_Message* msg, ODK_PreparedProvisioningRequestV17* obj);
void Unpack_ODK_PreparedProvisioning40Request(
ODK_Message* msg, ODK_PreparedProvisioning40Request* obj);
void Unpack_ODK_PreparedRenewedProvisioningRequest(
ODK_Message* msg, ODK_PreparedRenewedProvisioningRequest* obj);

65
libwvdrmengine/oemcrypto/odk/src/odk_structs_priv.h
View File

@@ -25,8 +25,10 @@ typedef uint32_t ODK_MessageType;
#define ODK_Provisioning_Request_Type ((ODK_MessageType)5u)
#define ODK_Provisioning_Response_Type ((ODK_MessageType)6u)
#define ODK_Renewed_Provisioning_Request_Type ((ODK_MessageType)11u)
#define ODK_Provisioning40_Request_Type ((ODK_MessageType)12u)
// Reserve future message types to support forward compatibility.
// TODO(b/244580447): Reserve future message types to support
// forward compatibility.
#define ODK_Release_Request_Type ((ODK_MessageType)7u)
#define ODK_Release_Response_Type ((ODK_MessageType)8u)
#define ODK_Common_Request_Type ((ODK_MessageType)9u)
@@ -40,18 +42,35 @@ typedef struct {
typedef struct {
ODK_CoreMessage core_message;
ODK_MessageCounterInfo counter_info;
} ODK_PreparedLicenseRequest;
typedef struct {
ODK_CoreMessage core_message;
} ODK_PreparedLicenseRequestV17;
typedef struct {
ODK_CoreMessage core_message;
uint64_t playback_time;
} ODK_PreparedRenewalRequest;
typedef struct {
ODK_CoreMessage core_message;
ODK_MessageCounterInfo counter_info;
} ODK_PreparedProvisioningRequest;
typedef struct {
ODK_CoreMessage core_message;
uint32_t device_id_length;
uint8_t device_id[ODK_DEVICE_ID_LEN_MAX];
} ODK_PreparedProvisioningRequest;
} ODK_PreparedProvisioningRequestV17;
typedef struct {
ODK_CoreMessage core_message;
uint32_t device_info_length;
uint8_t device_info[ODK_DEVICE_INFO_LEN_MAX];
ODK_MessageCounterInfo counter_info;
} ODK_PreparedProvisioning40Request;
typedef struct {
ODK_CoreMessage core_message;
@@ -79,12 +98,32 @@ typedef struct {
} ODK_ParsedLicenseV16;
typedef struct {
ODK_PreparedLicenseRequest request;
OEMCrypto_Substring enc_mac_keys_iv;
OEMCrypto_Substring enc_mac_keys;
OEMCrypto_Substring pst;
OEMCrypto_Substring srm_restriction_data;
OEMCrypto_LicenseType license_type;
bool nonce_required;
ODK_TimerLimits timer_limits;
uint32_t watermarking;
OEMCrypto_DTCP2_CMI_Packet dtcp2_required;
uint32_t key_array_length;
OEMCrypto_KeyObject key_array[ODK_MAX_NUM_KEYS];
} ODK_ParsedLicenseV17;
typedef struct {
ODK_CoreMessage core_message;
ODK_ParsedLicense* parsed_license;
} ODK_LicenseResponse;
typedef struct {
ODK_PreparedLicenseRequest request;
ODK_PreparedLicenseRequestV17 request;
ODK_ParsedLicenseV17 parsed_license;
uint8_t request_hash[ODK_SHA256_HASH_SIZE];
} ODK_LicenseResponseV17;
typedef struct {
ODK_PreparedLicenseRequestV17 request;
ODK_ParsedLicenseV16 parsed_license;
uint8_t request_hash[ODK_SHA256_HASH_SIZE];
} ODK_LicenseResponseV16;
@@ -95,18 +134,30 @@ typedef struct {
} ODK_RenewalResponse;
typedef struct {
ODK_PreparedProvisioningRequest request;
ODK_CoreMessage core_message;
ODK_ParsedProvisioning* parsed_provisioning;
} ODK_ProvisioningResponse;
// Used by V16 and V17
typedef struct {
ODK_PreparedProvisioningRequestV17 request;
ODK_ParsedProvisioning* parsed_provisioning;
} ODK_ProvisioningResponseV16;
typedef struct {
ODK_CoreMessage core_message;
} ODK_Provisioning40Response;
// These are the sum of sizeof of each individual member of the request structs
// without any padding added by the compiler. Make sure they get updated when
// request structs change. Refer to test suite OdkSizeTest in
// ../test/odk_test.cpp for validations of each of the defined request sizes.
#define ODK_LICENSE_REQUEST_SIZE 20u
#define ODK_LICENSE_REQUEST_SIZE 90u
#define ODK_RENEWAL_REQUEST_SIZE 28u
#define ODK_PROVISIONING_REQUEST_SIZE 88u
#define ODK_PROVISIONING_REQUEST_SIZE 90u
#define ODK_PROVISIONING40_REQUEST_SIZE 350u
#define ODK_RENEWED_PROVISIONING_REQUEST_SIZE 1694u
#define ODK_MESSAGECOUNTERINFO_SIZE 70u
// These are the possible timer status values.
#define ODK_CLOCK_TIMER_STATUS_UNDEFINED 0u // Should not happen.

12
libwvdrmengine/oemcrypto/odk/src/serialization_base.c
View File

@@ -132,6 +132,18 @@ void Unpack_OEMCrypto_PrivateKeyType(ODK_Message* message,
}
}
void Unpack_OEMCrypto_TimerDelayBase(ODK_Message* message,
OEMCrypto_TimerDelayBase* value) {
assert(value);
uint32_t v32 = 0;
Unpack_uint32_t(message, &v32);
if (v32 <= OEMCrypto_TimerDelayBase_MaxValue) {
*value = (OEMCrypto_TimerDelayBase)v32;
} else {
ODK_Message_SetStatus(message, MESSAGE_STATUS_PARSE_ERROR);
}
}
void Unpack_bool(ODK_Message* message, bool* value) {
uint8_t data[4] = {0};
UnpackBytes(message, data, sizeof(data));

2
libwvdrmengine/oemcrypto/odk/src/serialization_base.h
View File

@@ -29,6 +29,8 @@ void Unpack_OEMCrypto_LicenseType(ODK_Message* message,
OEMCrypto_LicenseType* value);
void Unpack_OEMCrypto_PrivateKeyType(ODK_Message* message,
OEMCrypto_PrivateKeyType* value);
void Unpack_OEMCrypto_TimerDelayBase(ODK_Message* message,
OEMCrypto_TimerDelayBase* value);
void Unpack_bool(ODK_Message* message, bool* value);
void Unpack_uint8_t(ODK_Message* message, uint8_t* value);
void Unpack_uint16_t(ODK_Message* message, uint16_t* value);

24
libwvdrmengine/oemcrypto/odk/test/fuzzing/corpus_generator/odk_corpus_generator.c
View File

@@ -113,15 +113,14 @@ OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
OEMCryptoResult ODK_PrepareCoreProvisioningRequest(
uint8_t* message, size_t message_length, size_t* core_message_length,
const ODK_NonceValues* nonce_values, const uint8_t* device_id,
size_t device_id_length) {
const ODK_NonceValues* nonce_values,
const ODK_MessageCounterInfo* counter_info) {
OEMCryptoResult (*original_function)(uint8_t*, size_t, size_t*,
const ODK_NonceValues*, const uint8_t*,
size_t);
const ODK_NonceValues*,
const ODK_MessageCounterInfo*);
original_function = dlsym(RTLD_NEXT, "ODK_PrepareCoreProvisioningRequest");
OEMCryptoResult oem_crypto_result =
(*original_function)(message, message_length, core_message_length,
nonce_values, device_id, device_id_length);
OEMCryptoResult oem_crypto_result = (*original_function)(
message, message_length, core_message_length, nonce_values, counter_info);
char* file_name = GetFileName("provisioning_request_corpus");
// Provisioning Request format expected by fuzzer - [Core Provisioning
@@ -134,18 +133,19 @@ OEMCryptoResult ODK_PrepareCoreProvisioningRequest(
OEMCryptoResult ODK_ParseProvisioning(
const uint8_t* message, size_t message_length, size_t core_message_length,
const ODK_NonceValues* nonce_values, const uint8_t* device_id,
size_t device_id_length, ODK_ParsedProvisioning* parsed_response) {
size_t device_id_length, ODK_MessageCounterInfo* counter_info,
ODK_ParsedProvisioning* parsed_response) {
struct ODK_ParseProvisioning_Args parse_provisioning_args;
parse_provisioning_args.nonce_values = *nonce_values;
memcpy(parse_provisioning_args.device_id, device_id, device_id_length);
parse_provisioning_args.device_id_length = device_id_length;
OEMCryptoResult (*original_function)(const uint8_t*, size_t, size_t,
const ODK_NonceValues*, const uint8_t*,
size_t, ODK_ParsedProvisioning*);
OEMCryptoResult (*original_function)(
const uint8_t*, size_t, size_t, const ODK_NonceValues*, const uint8_t*,
size_t, ODK_MessageCounterInfo*, ODK_ParsedProvisioning*);
original_function = dlsym(RTLD_NEXT, "ODK_ParseProvisioning");
OEMCryptoResult oem_crypto_result = (*original_function)(
message, message_length, core_message_length, nonce_values, device_id,
device_id_length, parsed_response);
device_id_length, counter_info, parsed_response);
char* file_name = GetFileName("provisioning_response_corpus");
// Provisioning Response format expected by fuzzer -

18
libwvdrmengine/oemcrypto/odk/test/fuzzing/odk_fuzz_helper.cpp
View File

@@ -6,6 +6,7 @@
#include <string>
#include "odk.h"
#include "odk_structs.h"
namespace oemcrypto_core_message {
using features::CoreMessageFeatures;
@@ -39,7 +40,10 @@ OEMCryptoResult odk_serialize_LicenseRequest(
const void* in UNUSED, uint8_t* out, size_t* size,
const ODK_LicenseRequest& core_license_request UNUSED,
const ODK_NonceValues* nonce_values) {
return ODK_PrepareCoreLicenseRequest(out, SIZE_MAX, size, nonce_values);
// TODO(mattfedd): hook up counters to fuzzer
const ODK_MessageCounterInfo counter_info = {0};
return ODK_PrepareCoreLicenseRequest(out, SIZE_MAX, size, nonce_values,
&counter_info);
}
OEMCryptoResult odk_serialize_RenewalRequest(
@@ -56,10 +60,10 @@ OEMCryptoResult odk_serialize_ProvisioningRequest(
const void* in UNUSED, uint8_t* out, size_t* size,
const ODK_ProvisioningRequest& core_provisioning,
const ODK_NonceValues* nonce_values) {
const std::string& device_id = core_provisioning.device_id;
return ODK_PrepareCoreProvisioningRequest(
out, SIZE_MAX, size, nonce_values,
reinterpret_cast<const uint8_t*>(device_id.data()), device_id.size());
// TODO(mattfedd): hook up counters to fuzzer
const ODK_MessageCounterInfo counter_info = {0};
return ODK_PrepareCoreProvisioningRequest(out, SIZE_MAX, size, nonce_values,
&counter_info);
}
OEMCryptoResult odk_deserialize_LicenseResponse(const uint8_t* message,
@@ -69,9 +73,9 @@ OEMCryptoResult odk_deserialize_LicenseResponse(const uint8_t* message,
ODK_ParsedLicense* parsed_lic) {
return ODK_ParseLicense(message, SIZE_MAX, core_message_length,
static_cast<bool>(a->initial_license_load),
static_cast<bool>(a->usage_entry_present),
static_cast<bool>(a->usage_entry_present), 0,
&a->timer_limits, &a->clock_values, nonce_values,
parsed_lic);
parsed_lic, nullptr);
}
OEMCryptoResult odk_deserialize_RenewalResponse(

371
libwvdrmengine/oemcrypto/odk/test/odk_test.cpp
View File

@@ -6,14 +6,18 @@
#include <cstdlib>
#include <cstring>
#include <ostream>
#include <string>
#include <vector>
#include "OEMCryptoCENCCommon.h"
#include "core_message_deserialize.h"
#include "core_message_features.h"
#include "core_message_serialize.h"
#include "core_message_serialize_proto.h"
#include "core_message_types.h"
#include "gtest/gtest.h"
#include "odk_structs.h"
#include "odk_structs_priv.h"
#include "odk_test_helper.h"
@@ -22,10 +26,12 @@ namespace wvodk_test {
namespace {
using oemcrypto_core_message::ODK_LicenseRequest;
using oemcrypto_core_message::ODK_Provisioning40Request;
using oemcrypto_core_message::ODK_ProvisioningRequest;
using oemcrypto_core_message::ODK_RenewalRequest;
using oemcrypto_core_message::deserialize::CoreLicenseRequestFromMessage;
using oemcrypto_core_message::deserialize::CoreProvisioning40RequestFromMessage;
using oemcrypto_core_message::deserialize::CoreProvisioningRequestFromMessage;
using oemcrypto_core_message::deserialize::CoreRenewalRequestFromMessage;
using oemcrypto_core_message::deserialize::
@@ -34,7 +40,10 @@ using oemcrypto_core_message::deserialize::
using oemcrypto_core_message::features::CoreMessageFeatures;
using oemcrypto_core_message::serialize::CreateCoreLicenseResponse;
using oemcrypto_core_message::serialize::CreateCoreProvisioning40Response;
using oemcrypto_core_message::serialize::CreateCoreProvisioningResponse;
using oemcrypto_core_message::serialize::
CreateCoreProvisioningResponseFromProto;
using oemcrypto_core_message::serialize::CreateCoreRenewalResponse;
constexpr uint32_t kExtraPayloadSize = 128u;
@@ -59,6 +68,17 @@ void PrintTo(const VersionParameters& p, std::ostream* os) {
<< p.response_minor_version;
}
void SetDefaultSerializedProvisioningResponse(std::string* serialized_message) {
// Create a dummy provisioning response
video_widevine::ProvisioningResponse provisioning_response;
provisioning_response.set_device_certificate("device_certificate");
provisioning_response.set_device_rsa_key("device_rsa_key");
provisioning_response.set_device_rsa_key_iv("device_rsa_key_iv");
if (!provisioning_response.SerializeToString(serialized_message)) {
FAIL();
}
}
template <typename T, typename F, typename G>
void ValidateRequest(uint32_t message_type,
const std::vector<ODK_Field>& extra_fields,
@@ -241,13 +261,19 @@ TEST(OdkTest, NullRequestTest) {
memset(&nonce_values, 0, sizeof(nonce_values));
ODK_ClockValues clock_values;
memset(&clock_values, 0, sizeof(clock_values));
ODK_MessageCounterInfo counter_info;
memset(&counter_info, 0, sizeof(counter_info));
// Assert that nullptr does not cause a core dump.
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, ODK_PrepareCoreLicenseRequest(
nullptr, 0uL, nullptr, &nonce_values));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_PrepareCoreLicenseRequest(nullptr, 0uL, nullptr, &nonce_values,
&counter_info));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_PrepareCoreLicenseRequest(nullptr, 0uL, &core_message_length,
nullptr));
nullptr, &counter_info));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_PrepareCoreLicenseRequest(nullptr, 0uL, &core_message_length,
&nonce_values, nullptr));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_PrepareCoreRenewalRequest(nullptr, 0uL, nullptr, &nonce_values,
@@ -261,10 +287,23 @@ TEST(OdkTest, NullRequestTest) {
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_PrepareCoreProvisioningRequest(
nullptr, 0uL, &core_message_length, nullptr, nullptr, 0uL));
nullptr, 0uL, &core_message_length, nullptr, &counter_info));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_PrepareCoreProvisioningRequest(nullptr, 0uL, nullptr,
&nonce_values, nullptr, 0uL));
&nonce_values, &counter_info));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_PrepareCoreProvisioningRequest(
nullptr, 0uL, &core_message_length, &nonce_values, nullptr));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, ODK_PrepareCoreProvisioning40Request(
nullptr, 0uL, &core_message_length,
nullptr, nullptr, 0uL, &counter_info));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, ODK_PrepareCoreProvisioning40Request(
nullptr, 0uL, nullptr, &nonce_values,
nullptr, 0uL, &counter_info));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, ODK_PrepareCoreProvisioning40Request(
nullptr, 0uL, &core_message_length,
&nonce_values, nullptr, 0uL, nullptr));
// Null device id in provisioning request is ok
uint8_t message[ODK_PROVISIONING_REQUEST_SIZE] = {0};
@@ -272,7 +311,16 @@ TEST(OdkTest, NullRequestTest) {
EXPECT_EQ(OEMCrypto_SUCCESS,
ODK_PrepareCoreProvisioningRequest(
message, ODK_PROVISIONING_REQUEST_SIZE, &core_message_length,
&nonce_values, nullptr, 0uL));
&nonce_values, &counter_info));
// Null device info in provisioning 4.0 request is ok
uint8_t message_prov4[ODK_PROVISIONING40_REQUEST_SIZE] = {0};
core_message_length = ODK_PROVISIONING40_REQUEST_SIZE;
EXPECT_EQ(
OEMCrypto_SUCCESS,
ODK_PrepareCoreProvisioning40Request(
message_prov4, ODK_PROVISIONING40_REQUEST_SIZE, &core_message_length,
&nonce_values, nullptr, 0uL, &counter_info));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_PrepareCoreRenewedProvisioningRequest(
@@ -316,26 +364,26 @@ TEST(OdkTest, NullResponseTest) {
memset(&clock_values, 0, sizeof(clock_values));
// Assert that nullptr does not cause a core dump.
EXPECT_EQ(
ODK_ERROR_CORE_MESSAGE,
ODK_ParseLicense(message, message_size, core_message_length, true, true,
&timer_limits, &clock_values, &nonce_values, nullptr));
EXPECT_EQ(
ODK_ERROR_CORE_MESSAGE,
ODK_ParseLicense(message, message_size, core_message_length, true, true,
&timer_limits, &clock_values, nullptr, &parsed_license));
EXPECT_EQ(
ODK_ERROR_CORE_MESSAGE,
ODK_ParseLicense(message, message_size, core_message_length, true, true,
&timer_limits, nullptr, &nonce_values, &parsed_license));
EXPECT_EQ(
ODK_ERROR_CORE_MESSAGE,
ODK_ParseLicense(message, message_size, core_message_length, true, true,
nullptr, &clock_values, &nonce_values, &parsed_license));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_ParseLicense(message, message_size, core_message_length, true,
true, 0, &timer_limits, &clock_values,
&nonce_values, nullptr, nullptr));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_ParseLicense(message, message_size, core_message_length, true,
true, 0, &timer_limits, &clock_values, nullptr,
&parsed_license, nullptr));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_ParseLicense(message, message_size, core_message_length, true,
true, 0, &timer_limits, nullptr, &nonce_values,
&parsed_license, nullptr));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_ParseLicense(message, message_size, core_message_length, true,
true, 0, nullptr, &clock_values, &nonce_values,
&parsed_license, nullptr));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_ParseLicense(nullptr, message_size, core_message_length, true,
true, &timer_limits, &clock_values, &nonce_values,
&parsed_license));
true, 0, &timer_limits, &clock_values,
&nonce_values, &parsed_license, nullptr));
constexpr uint64_t system_time = 0;
uint64_t timer_value = 0;
@@ -373,6 +421,13 @@ TEST(OdkTest, NullResponseTest) {
ODK_ParseProvisioning(nullptr, message_size, core_message_length,
&nonce_values, device_id,
ODK_DEVICE_ID_LEN_MAX, &parsed_response));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_ParseProvisioning40(message, message_size, core_message_length,
nullptr));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_ParseProvisioning40(nullptr, message_size, core_message_length,
&nonce_values));
}
TEST(OdkTest, PrepareCoreLicenseRequest) {
@@ -380,9 +435,12 @@ TEST(OdkTest, PrepareCoreLicenseRequest) {
size_t core_message_length = sizeof(license_message);
ODK_NonceValues nonce_values;
memset(&nonce_values, 0, sizeof(nonce_values));
EXPECT_EQ(OEMCrypto_SUCCESS, ODK_PrepareCoreLicenseRequest(
license_message, sizeof(license_message),
&core_message_length, &nonce_values));
ODK_MessageCounterInfo counter_info;
memset(&counter_info, 0, sizeof(counter_info));
EXPECT_EQ(OEMCrypto_SUCCESS,
ODK_PrepareCoreLicenseRequest(
license_message, sizeof(license_message), &core_message_length,
&nonce_values, &counter_info));
}
TEST(OdkTest, PrepareCoreLicenseRequestSize) {
@@ -390,18 +448,20 @@ TEST(OdkTest, PrepareCoreLicenseRequestSize) {
size_t core_message_length = sizeof(license_message);
ODK_NonceValues nonce_values;
memset(&nonce_values, 0, sizeof(nonce_values));
ODK_MessageCounterInfo counter_info;
memset(&counter_info, 0, sizeof(counter_info));
// message length smaller than core message length
size_t core_message_length_invalid = core_message_length + 1;
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_PrepareCoreLicenseRequest(
license_message, sizeof(license_message),
&core_message_length_invalid, &nonce_values));
&core_message_length_invalid, &nonce_values, &counter_info));
// message length larger than core message length
uint8_t license_message_large[ODK_LICENSE_REQUEST_SIZE * 2] = {0};
EXPECT_EQ(OEMCrypto_SUCCESS,
ODK_PrepareCoreLicenseRequest(license_message_large,
sizeof(license_message_large),
&core_message_length, &nonce_values));
ODK_PrepareCoreLicenseRequest(
license_message_large, sizeof(license_message_large),
&core_message_length, &nonce_values, &counter_info));
}
TEST(OdkTest, PrepareCoreRenewalRequest) {
@@ -446,12 +506,27 @@ TEST(OdkTest, PrepareCoreProvisioningRequest) {
size_t core_message_length = sizeof(provisioning_message);
ODK_NonceValues nonce_values;
memset(&nonce_values, 0, sizeof(nonce_values));
uint8_t device_id[ODK_DEVICE_ID_LEN_MAX] = {0};
EXPECT_EQ(
OEMCrypto_SUCCESS,
ODK_PrepareCoreProvisioningRequest(
provisioning_message, sizeof(provisioning_message),
&core_message_length, &nonce_values, device_id, sizeof(device_id)));
ODK_MessageCounterInfo counter_info;
memset(&counter_info, 0, sizeof(counter_info));
EXPECT_EQ(OEMCrypto_SUCCESS,
ODK_PrepareCoreProvisioningRequest(
provisioning_message, sizeof(provisioning_message),
&core_message_length, &nonce_values, &counter_info));
}
TEST(OdkTest, PrepareCoreProvisioning40Request) {
uint8_t provisioning_message[ODK_PROVISIONING40_REQUEST_SIZE] = {0};
size_t core_message_length = sizeof(provisioning_message);
ODK_NonceValues nonce_values;
memset(&nonce_values, 0, sizeof(nonce_values));
ODK_MessageCounterInfo counter_info;
memset(&counter_info, 0, sizeof(counter_info));
uint8_t device_info[ODK_DEVICE_INFO_LEN_MAX] = {0};
EXPECT_EQ(OEMCrypto_SUCCESS,
ODK_PrepareCoreProvisioning40Request(
provisioning_message, sizeof(provisioning_message),
&core_message_length, &nonce_values, device_info,
sizeof(device_info), &counter_info));
}
TEST(OdkTest, PrepareCoreRenewedProvisioningRequest) {
@@ -469,17 +544,19 @@ TEST(OdkTest, PrepareCoreRenewedProvisioningRequest) {
OEMCrypto_RenewalACert, renewal_data, sizeof(renewal_data)));
}
TEST(OdkTest, PrepareCoreProvisioningRequestDeviceId) {
uint8_t provisioning_message[ODK_PROVISIONING_REQUEST_SIZE] = {0};
TEST(OdkTest, PrepareCoreProvisioning40RequestDeviceInfo) {
uint8_t provisioning_message[ODK_PROVISIONING40_REQUEST_SIZE] = {0};
size_t core_message_length = sizeof(provisioning_message);
ODK_NonceValues nonce_values;
memset(&nonce_values, 0, sizeof(nonce_values));
uint8_t device_id_invalid[ODK_DEVICE_ID_LEN_MAX + 1] = {0};
ODK_MessageCounterInfo counter_info;
memset(&counter_info, 0, sizeof(counter_info));
uint8_t device_info_invalid[ODK_DEVICE_INFO_LEN_MAX + 1] = {0};
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
ODK_PrepareCoreProvisioningRequest(
ODK_PrepareCoreProvisioning40Request(
provisioning_message, sizeof(provisioning_message),
&core_message_length, &nonce_values, device_id_invalid,
sizeof(device_id_invalid)));
&core_message_length, &nonce_values, device_info_invalid,
sizeof(device_info_invalid), &counter_info));
}
TEST(OdkTest, PrepareCoreRenewedProvisioningRequestDeviceId) {
@@ -514,13 +591,27 @@ TEST(OdkTest, PrepareCoreRenewedProvisioningRequestRenewalDataInvalid) {
// Serialize and de-serialize license request
TEST(OdkTest, LicenseRequestRoundtrip) {
std::vector<ODK_Field> empty;
ODK_MessageCounterInfo counter_info;
counter_info.master_generation_number = 0x12345678abcdffff;
counter_info.provisioning_count = 12;
counter_info.license_count = 50;
counter_info.decrypt_count = 340;
counter_info.major_version = ODK_MAJOR_VERSION;
counter_info.minor_version = ODK_MINOR_VERSION;
counter_info.patch_version = 4;
memset(counter_info.soc_vendor, 0xff, sizeof(counter_info.soc_vendor));
memset(counter_info.chipset_model, 0xdd, sizeof(counter_info.chipset_model));
memset(counter_info.extra, 0xee, sizeof(counter_info.extra));
std::vector<ODK_Field> extra_fields = {
{ODK_MESSAGECOUNTER, &counter_info, "counter_info"},
};
auto odk_prepare_func = [&](uint8_t* const buf, size_t* size,
ODK_NonceValues* nonce_values) {
return ODK_PrepareCoreLicenseRequest(buf, SIZE_MAX, size, nonce_values);
return ODK_PrepareCoreLicenseRequest(buf, SIZE_MAX, size, nonce_values,
&counter_info);
};
auto kdo_parse_func = CoreLicenseRequestFromMessage;
ValidateRequest<ODK_LicenseRequest>(ODK_License_Request_Type, empty,
ValidateRequest<ODK_LicenseRequest>(ODK_License_Request_Type, extra_fields,
odk_prepare_func, kdo_parse_func);
}
@@ -550,17 +641,25 @@ TEST(OdkTest, RenewalRequestRoundtrip) {
}
TEST(OdkTest, ProvisionRequestRoundtrip) {
uint32_t device_id_length = ODK_DEVICE_ID_LEN_MAX / 2;
uint8_t device_id[ODK_DEVICE_ID_LEN_MAX] = {0};
memset(device_id, 0xff, device_id_length);
ODK_MessageCounterInfo counter_info;
counter_info.master_generation_number = 0x12345678abcdffff;
counter_info.provisioning_count = 12;
counter_info.license_count = 50;
counter_info.decrypt_count = 340;
counter_info.major_version = ODK_MAJOR_VERSION;
counter_info.minor_version = ODK_MINOR_VERSION;
counter_info.patch_version = 4;
memset(counter_info.soc_vendor, 0xff, sizeof(counter_info.soc_vendor));
memset(counter_info.chipset_model, 0xdd, sizeof(counter_info.chipset_model));
memset(counter_info.extra, 0xee, sizeof(counter_info.extra));
std::vector<ODK_Field> extra_fields = {
{ODK_UINT32, &device_id_length, "device_id_length"},
{ODK_DEVICEID, device_id, "device_id"},
{ODK_MESSAGECOUNTER, &counter_info, "counter_info"},
};
auto odk_prepare_func = [&](uint8_t* const buf, size_t* size,
const ODK_NonceValues* nonce_values) {
return ODK_PrepareCoreProvisioningRequest(buf, SIZE_MAX, size, nonce_values,
device_id, device_id_length);
&counter_info);
};
auto kdo_parse_func =
[&](const std::string& oemcrypto_core_message,
@@ -574,6 +673,44 @@ TEST(OdkTest, ProvisionRequestRoundtrip) {
kdo_parse_func);
}
TEST(OdkTest, ProvisionRequest40Roundtrip) {
uint32_t device_info_length = ODK_DEVICE_INFO_LEN_MAX / 2;
uint8_t device_info[ODK_DEVICE_INFO_LEN_MAX] = {0};
memset(device_info, 0xaa, device_info_length);
ODK_MessageCounterInfo counter_info;
counter_info.master_generation_number = 0x12345678abcdffff;
counter_info.provisioning_count = 12;
counter_info.license_count = 50;
counter_info.decrypt_count = 340;
counter_info.major_version = ODK_MAJOR_VERSION;
counter_info.minor_version = ODK_MINOR_VERSION;
counter_info.patch_version = 4;
memset(counter_info.soc_vendor, 0xff, sizeof(counter_info.soc_vendor));
memset(counter_info.chipset_model, 0xdd, sizeof(counter_info.chipset_model));
memset(counter_info.extra, 0xee, sizeof(counter_info.extra));
std::vector<ODK_Field> extra_fields = {
{ODK_UINT32, &device_info_length, "device_info_length"},
{ODK_DEVICEINFO, device_info, "device_info"},
{ODK_MESSAGECOUNTER, &counter_info, "counter_info"},
};
auto odk_prepare_func = [&](uint8_t* const buf, size_t* size,
const ODK_NonceValues* nonce_values) {
return ODK_PrepareCoreProvisioning40Request(
buf, SIZE_MAX, size, nonce_values, device_info, device_info_length,
&counter_info);
};
auto kdo_parse_func =
[&](const std::string& oemcrypto_core_message,
ODK_Provisioning40Request* core_provisioning_request) {
bool ok = CoreProvisioning40RequestFromMessage(
oemcrypto_core_message, core_provisioning_request);
return ok;
};
ValidateRequest<ODK_Provisioning40Request>(ODK_Provisioning40_Request_Type,
extra_fields, odk_prepare_func,
kdo_parse_func);
}
TEST(OdkTest, RenewedProvisionRequestRoundtrip) {
uint32_t device_id_length = ODK_DEVICE_ID_LEN_MAX / 2;
uint8_t device_id[ODK_DEVICE_ID_LEN_MAX] = {0};
@@ -618,9 +755,9 @@ TEST(OdkTest, ParseLicenseErrorNonce) {
params.core_message.nonce_values.nonce = 0;
OEMCryptoResult err = ODK_ParseLicense(
buf, buf_size + kExtraPayloadSize, buf_size, params.initial_license_load,
params.usage_entry_present, &(params.timer_limits),
params.usage_entry_present, 0, &(params.timer_limits),
&(params.clock_values), &(params.core_message.nonce_values),
&(params.parsed_license));
&(params.parsed_license), nullptr);
EXPECT_EQ(OEMCrypto_ERROR_INVALID_NONCE, err);
delete[] buf;
}
@@ -635,9 +772,9 @@ TEST(OdkTest, ParseLicenseErrorUsageEntry) {
params.usage_entry_present = false;
OEMCryptoResult err = ODK_ParseLicense(
buf, buf_size + kExtraPayloadSize, buf_size, params.initial_license_load,
params.usage_entry_present, &(params.timer_limits),
params.usage_entry_present, 0, &(params.timer_limits),
&(params.clock_values), &(params.core_message.nonce_values),
&(params.parsed_license));
&(params.parsed_license), nullptr);
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, err);
delete[] buf;
}
@@ -653,9 +790,9 @@ TEST(OdkTest, ParseLicenseNullSubstring) {
&buf_size);
OEMCryptoResult result = ODK_ParseLicense(
buf, buf_size + kExtraPayloadSize, buf_size, params.initial_license_load,
params.usage_entry_present, &(params.timer_limits),
params.usage_entry_present, 0, &(params.timer_limits),
&(params.clock_values), &(params.core_message.nonce_values),
&(params.parsed_license));
&(params.parsed_license), nullptr);
EXPECT_EQ(OEMCrypto_SUCCESS, result);
delete[] buf;
}
@@ -671,9 +808,9 @@ TEST(OdkTest, ParseLicenseErrorSubstringOffset) {
&buf_size);
OEMCryptoResult err = ODK_ParseLicense(
buf, buf_size + kExtraPayloadSize, buf_size, params.initial_license_load,
params.usage_entry_present, &(params.timer_limits),
params.usage_entry_present, 0, &(params.timer_limits),
&(params.clock_values), &(params.core_message.nonce_values),
&(params.parsed_license));
&(params.parsed_license), nullptr);
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, err);
delete[] buf;
@@ -687,9 +824,9 @@ TEST(OdkTest, ParseLicenseErrorSubstringOffset) {
&buf_size);
err = ODK_ParseLicense(
buf, buf_size + kExtraPayloadSize, buf_size, params.initial_license_load,
params.usage_entry_present, &(params.timer_limits),
params.usage_entry_present, 0, &(params.timer_limits),
&(params.clock_values), &(params.core_message.nonce_values),
&(params.parsed_license));
&(params.parsed_license), nullptr);
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, err);
delete[] buf;
}
@@ -710,20 +847,22 @@ TEST(OdkTest, ParseRenewalErrorTimer) {
delete[] buf;
}
TEST(OdkTest, ParsePrivisioningErrorDeviceId) {
ODK_ProvisioningResponseParams params;
ODK_SetDefaultProvisioningResponseParams(&params);
uint8_t* buf = nullptr;
uint32_t buf_size = 0;
ODK_BuildMessageBuffer(&(params.core_message), params.extra_fields, &buf,
&buf_size);
// temporarily mess up with device_id
params.device_id[0] = 0;
OEMCryptoResult err = ODK_ParseProvisioning(
buf, buf_size + 16, buf_size, &(params.core_message.nonce_values),
params.device_id, params.device_id_length, &(params.parsed_provisioning));
EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, err);
delete[] buf;
TEST(OdkTest, ProvisionResponseFromProto) {
std::string serialized_provisioning_resp;
EXPECT_NO_FATAL_FAILURE(
SetDefaultSerializedProvisioningResponse(&serialized_provisioning_resp));
ODK_ProvisioningRequest core_request = {
.api_minor_version = ODK_MINOR_VERSION,
.api_major_version = ODK_MAJOR_VERSION,
.nonce = 0xdeadbeef,
.session_id = 0xcafebabe,
};
const CoreMessageFeatures features =
CoreMessageFeatures::DefaultFeatures(ODK_MAJOR_VERSION);
std::string oemcrypto_core_message;
EXPECT_TRUE(CreateCoreProvisioningResponseFromProto(
features, serialized_provisioning_resp, core_request,
OEMCrypto_RSA_Private_Key, &oemcrypto_core_message));
}
class OdkVersionTest : public ::testing::Test,
@@ -735,8 +874,12 @@ class OdkVersionTest : public ::testing::Test,
GetParam().response_major_version;
params->core_message.nonce_values.api_minor_version =
GetParam().response_minor_version;
features_ =
CoreMessageFeatures::DefaultFeatures(GetParam().maximum_major_version);
if (GetParam().maximum_major_version > 0) {
features_ = CoreMessageFeatures::DefaultFeatures(
GetParam().maximum_major_version);
} else {
features_ = CoreMessageFeatures::kDefaultFeatures;
}
}
CoreMessageFeatures features_;
};
@@ -756,9 +899,9 @@ TEST_P(OdkVersionTest, LicenseResponseRoundtrip) {
auto odk_parse_func = [&](const uint8_t* buf, size_t size) {
return ODK_ParseLicense(
buf, size + kExtraPayloadSize, size, params.initial_license_load,
params.usage_entry_present, &(params.timer_limits),
params.usage_entry_present, 0, &(params.timer_limits),
&(params.clock_values), &(params.core_message.nonce_values),
&(params.parsed_license));
&(params.parsed_license), nullptr);
};
const std::string request_hash_string(
reinterpret_cast<const char*>(request_hash_read),
@@ -806,7 +949,8 @@ TEST_P(OdkVersionTest, RenewalResponseRoundtrip) {
TEST_P(OdkVersionTest, ProvisionResponseRoundtrip) {
ODK_ProvisioningResponseParams params;
ODK_SetDefaultProvisioningResponseParams(&params);
ODK_SetDefaultProvisioningResponseParams(&params,
GetParam().response_major_version);
SetRequestVersion(&params);
// save a copy of params.device_id as it will be zero out during the test
const uint32_t device_id_length = params.device_id_length;
@@ -821,8 +965,12 @@ TEST_P(OdkVersionTest, ProvisionResponseRoundtrip) {
};
auto kdo_prepare_func = [&](ODK_ProvisioningRequest& core_request,
std::string* oemcrypto_core_message) {
// use device_id for V17 and V16
core_request.device_id.assign(reinterpret_cast<char*>(device_id),
device_id_length);
// use counter info for V18
memcpy(&core_request.counter_info, &params.counter_info,
sizeof(params.counter_info));
return CreateCoreProvisioningResponse(features_, params.parsed_provisioning,
core_request, oemcrypto_core_message);
};
@@ -831,12 +979,30 @@ TEST_P(OdkVersionTest, ProvisionResponseRoundtrip) {
kdo_prepare_func);
}
TEST_P(OdkVersionTest, Provision40ResponseRoundtrip) {
ODK_Provisioning40ResponseParams params;
ODK_SetDefaultProvisioning40ResponseParams(&params);
SetRequestVersion(&params);
auto odk_parse_func = [&](const uint8_t* buf, size_t size) {
OEMCryptoResult err = ODK_ParseProvisioning40(
buf, size + 16, size, &(params.core_message.nonce_values));
return err;
};
auto kdo_prepare_func = [&](ODK_Provisioning40Request& core_request,
std::string* oemcrypto_core_message) {
return CreateCoreProvisioning40Response(features_, core_request,
oemcrypto_core_message);
};
ValidateResponse<ODK_Provisioning40Request>(
GetParam(), &(params.core_message), params.extra_fields, odk_parse_func,
kdo_prepare_func);
}
// If the minor version is positive, we can test an older minor version.
const uint16_t kOldMinor = ODK_MINOR_VERSION > 0 ? ODK_MINOR_VERSION - 1 : 0;
// Similarly, if this isn't the first major version, we can test an older major
// version.
// TODO(b/163416999): Remove it in the future. This will be unecessarily
// complicated after we upgrade to version 17.
const uint16_t kOldMajor = ODK_MAJOR_VERSION > ODK_FIRST_VERSION
? ODK_MAJOR_VERSION - 1
: ODK_FIRST_VERSION;
@@ -862,17 +1028,24 @@ std::vector<VersionParameters> TestCases() {
{ODK_MAJOR_VERSION, kOldMajor, kOldMajorMinor, kOldMajor, kOldMajorMinor},
// If the server is restricted to v16, then the response can be at
// most 16.5
// These tests cases must be updated whenever we roll the minor version
// number.
{16, ODK_MAJOR_VERSION, ODK_MINOR_VERSION, 16, 5},
{17, ODK_MAJOR_VERSION, ODK_MINOR_VERSION, 17, 2},
{18, ODK_MAJOR_VERSION, ODK_MINOR_VERSION, 18, 0},
// Here are some known good versions. Make extra sure they work.
{16, 16, 3, 16, 3},
{16, 16, 4, 16, 4},
{16, 16, 5, 16, 5},
{17, 16, 3, 16, 3},
{17, 16, 4, 16, 4},
{17, 16, 5, 16, 5},
{17, 17, 0, 17, 0},
{17, 17, 1, 17, 1},
{17, 17, 2, 17, 2},
{ODK_MAJOR_VERSION, 16, 3, 16, 3},
{ODK_MAJOR_VERSION, 16, 4, 16, 4},
{ODK_MAJOR_VERSION, 16, 5, 16, 5},
{ODK_MAJOR_VERSION, 17, 1, 17, 1},
{ODK_MAJOR_VERSION, 17, 2, 17, 2},
{ODK_MAJOR_VERSION, 18, 0, 18, 0},
{0, 16, 3, 16, 3},
{0, 16, 4, 16, 4},
{0, 16, 5, 16, 5},
{0, 17, 1, 17, 1},
{0, 17, 2, 17, 2},
{0, 18, 0, 17, 2}, // Change to 18 when the default version is updated.
};
return test_cases;
}
@@ -888,11 +1061,14 @@ TEST(OdkSizeTest, LicenseRequest) {
uint16_t api_major_version = 0;
uint32_t nonce = 0;
uint32_t session_id = 0;
ODK_MessageCounterInfo counter_info;
memset(&counter_info, 0, sizeof(counter_info));
ODK_NonceValues nonce_values{api_minor_version, api_major_version, nonce,
session_id};
EXPECT_EQ(OEMCrypto_ERROR_SHORT_BUFFER,
ODK_PrepareCoreLicenseRequest(message, message_length,
&core_message_length, &nonce_values));
&core_message_length, &nonce_values,
&counter_info));
// the core_message_length should be appropriately set
EXPECT_EQ(ODK_LICENSE_REQUEST_SIZE, core_message_length);
}
@@ -949,13 +1125,14 @@ TEST(OdkSizeTest, ProvisioningRequest) {
uint16_t api_major_version = 0;
uint32_t nonce = 0;
uint32_t session_id = 0;
uint32_t device_id_length = 0;
ODK_MessageCounterInfo counter_info;
memset(&counter_info, 0, sizeof(counter_info));
ODK_NonceValues nonce_values{api_minor_version, api_major_version, nonce,
session_id};
EXPECT_EQ(OEMCrypto_ERROR_SHORT_BUFFER,
ODK_PrepareCoreProvisioningRequest(
message, message_length, &core_message_length, &nonce_values,
nullptr, device_id_length));
ODK_PrepareCoreProvisioningRequest(message, message_length,
&core_message_length,
&nonce_values, &counter_info));
// the core_message_length should be appropriately set
EXPECT_EQ(ODK_PROVISIONING_REQUEST_SIZE, core_message_length);
}

125
libwvdrmengine/oemcrypto/odk/test/odk_test_helper.cpp
View File

@@ -8,7 +8,10 @@
#include <cstdlib>
#include <cstring>
#include <fstream>
#include <iomanip>
#include <ios>
#include <iostream>
#include <ostream>
#include <string>
#include <vector>
@@ -75,6 +78,7 @@ void ODK_SetDefaultLicenseResponseParams(ODK_LicenseResponseParams* params,
.length = 3,
.data = {0, 0, 0},
}},
.renewal_delay_base = OEMCrypto_License_Start,
.key_array_length = 3,
.key_array =
{
@@ -203,6 +207,11 @@ void ODK_SetDefaultLicenseResponseParams(ODK_LicenseResponseParams* params,
".cmi_descriptor_data"});
}
}
if (odk_major_version >= 18) {
params->extra_fields.push_back(
{ODK_UINT32, &(params->parsed_license.renewal_delay_base),
".renewal_delay_base"});
}
params->extra_fields.push_back({ODK_UINT32,
&(params->parsed_license.key_array_length),
".key_array_length"});
@@ -288,7 +297,7 @@ void ODK_SetDefaultRenewalResponseParams(ODK_RenewalResponseParams* params) {
}
void ODK_SetDefaultProvisioningResponseParams(
ODK_ProvisioningResponseParams* params) {
ODK_ProvisioningResponseParams* params, uint32_t odk_major_version) {
ODK_SetDefaultCoreFields(&(params->core_message),
ODK_Provisioning_Response_Type);
params->device_id_length = ODK_DEVICE_ID_LEN_MAX / 2;
@@ -301,17 +310,34 @@ void ODK_SetDefaultProvisioningResponseParams(
.enc_private_key_iv = {.offset = 2, .length = 3},
.encrypted_message_key = {.offset = 4, .length = 5},
};
params->extra_fields = {
{ODK_UINT32, &(params->device_id_length), "device_id_length"},
{ODK_DEVICEID, params->device_id, "device_id"},
{ODK_UINT32, &(params->parsed_provisioning).key_type, "key_type"},
params->extra_fields = {};
// V17 uses device_id
if (odk_major_version <= 17) {
params->extra_fields.push_back(
{ODK_UINT32, &(params->device_id_length), "device_id_length"});
params->extra_fields.push_back(
{ODK_DEVICEID, params->device_id, "device_id"});
}
params->extra_fields.push_back(
{ODK_UINT32, &(params->parsed_provisioning).key_type, "key_type"});
params->extra_fields.push_back(
{ODK_SUBSTRING, &(params->parsed_provisioning).enc_private_key,
"enc_private_key"},
"enc_private_key"});
params->extra_fields.push_back(
{ODK_SUBSTRING, &(params->parsed_provisioning).enc_private_key_iv,
"enc_private_key_iv"},
"enc_private_key_iv"});
params->extra_fields.push_back(
{ODK_SUBSTRING, &(params->parsed_provisioning).encrypted_message_key,
"encrypted_message_key"},
};
"encrypted_message_key"});
}
void ODK_SetDefaultProvisioning40ResponseParams(
ODK_Provisioning40ResponseParams* params) {
ODK_SetDefaultCoreFields(&(params->core_message),
ODK_Provisioning_Response_Type);
params->extra_fields = {};
}
size_t ODK_FieldLength(ODK_FieldType type) {
@@ -330,6 +356,10 @@ size_t ODK_FieldLength(ODK_FieldType type) {
return sizeof(uint32_t) + sizeof(uint32_t);
case ODK_DEVICEID:
return ODK_DEVICE_ID_LEN_MAX;
case ODK_MESSAGECOUNTER:
return ODK_MESSAGECOUNTERINFO_SIZE;
case ODK_DEVICEINFO:
return ODK_DEVICE_INFO_LEN_MAX;
case ODK_RENEWALDATA:
return ODK_KEYBOX_RENEWAL_DATA_SIZE;
case ODK_HASH:
@@ -343,6 +373,9 @@ size_t ODK_AllocSize(ODK_FieldType type) {
if (type == ODK_SUBSTRING) {
return sizeof(OEMCrypto_Substring);
}
if (type == ODK_MESSAGECOUNTER) {
return sizeof(ODK_MessageCounterInfo);
}
return ODK_FieldLength(type);
}
@@ -388,6 +421,7 @@ OEMCryptoResult ODK_WriteSingleField(uint8_t* buf, const ODK_Field* field) {
break;
}
case ODK_DEVICEID:
case ODK_DEVICEINFO:
case ODK_RENEWALDATA:
case ODK_HASH: {
const size_t field_len = ODK_FieldLength(field->type);
@@ -396,6 +430,27 @@ OEMCryptoResult ODK_WriteSingleField(uint8_t* buf, const ODK_Field* field) {
break;
}
case ODK_MESSAGECOUNTER: {
// Size required in field->value, which may get padding from the compiler.
const size_t src_len = ODK_AllocSize(field->type);
// Size taken up in serialized message buffer, which is tightly packed.
const size_t dest_len = ODK_FieldLength(field->type);
const uint8_t* const write_src = static_cast<uint8_t*>(field->value);
// Copy data from field to buf, fixing endian-ness
ODK_MessageCounterInfo info;
memcpy(&info, write_src, src_len);
info.master_generation_number =
oemcrypto_htobe64(info.master_generation_number);
info.provisioning_count = oemcrypto_htobe32(info.provisioning_count);
info.license_count = oemcrypto_htobe32(info.license_count);
info.decrypt_count = oemcrypto_htobe32(info.decrypt_count);
info.major_version = oemcrypto_htobe16(info.major_version);
info.minor_version = oemcrypto_htobe16(info.minor_version);
info.patch_version = oemcrypto_htobe16(info.patch_version);
memcpy(buf, &info, dest_len);
break;
}
default:
return ODK_ERROR_CORE_MESSAGE;
}
@@ -448,6 +503,7 @@ OEMCryptoResult ODK_ReadSingleField(const uint8_t* buf,
break;
}
case ODK_DEVICEID:
case ODK_DEVICEINFO:
case ODK_RENEWALDATA:
case ODK_HASH: {
const size_t field_len = ODK_FieldLength(field->type);
@@ -455,6 +511,55 @@ OEMCryptoResult ODK_ReadSingleField(const uint8_t* buf,
memcpy(id, buf, field_len);
break;
}
case ODK_MESSAGECOUNTER: {
// Size required in field->value, which may get padding from the compiler.
const size_t dest_len = ODK_AllocSize(field->type);
// Size taken up in serialized message buffer, which is tightly packed.
const size_t src_len = ODK_FieldLength(field->type);
uint8_t* const read_dest = static_cast<uint8_t*>(field->value);
// Copy data from buf to field, fixing endian-ness
uint8_t temp_buf[sizeof(ODK_MessageCounterInfo)] = {0};
memcpy(temp_buf, buf, src_len);
size_t index = 0;
ODK_MessageCounterInfo info;
uint64_t* u64 = reinterpret_cast<uint64_t*>(&temp_buf[index]);
info.master_generation_number = oemcrypto_be64toh(*u64);
index += sizeof(uint64_t);
uint32_t* u32 = reinterpret_cast<uint32_t*>(&temp_buf[index]);
info.provisioning_count = oemcrypto_be32toh(*u32);
index += sizeof(uint32_t);
u32 = reinterpret_cast<uint32_t*>(&temp_buf[index]);
info.license_count = oemcrypto_be32toh(*u32);
index += sizeof(uint32_t);
u32 = reinterpret_cast<uint32_t*>(&temp_buf[index]);
info.decrypt_count = oemcrypto_be32toh(*u32);
index += sizeof(uint32_t);
uint16_t* u16 = reinterpret_cast<uint16_t*>(&temp_buf[index]);
info.major_version = oemcrypto_be16toh(*u16);
index += sizeof(uint16_t);
u16 = reinterpret_cast<uint16_t*>(&temp_buf[index]);
info.minor_version = oemcrypto_be16toh(*u16);
index += sizeof(uint16_t);
u16 = reinterpret_cast<uint16_t*>(&temp_buf[index]);
info.patch_version = oemcrypto_be16toh(*u16);
index += sizeof(uint16_t);
memcpy(info.soc_vendor, &temp_buf[index], sizeof(info.soc_vendor));
index += sizeof(info.soc_vendor);
memcpy(info.chipset_model, &temp_buf[index], sizeof(info.chipset_model));
index += sizeof(info.chipset_model);
memcpy(info.extra, &temp_buf[index], sizeof(info.extra));
memcpy(read_dest, &info, dest_len);
break;
}
default:
return ODK_ERROR_CORE_MESSAGE;
}
@@ -508,6 +613,8 @@ OEMCryptoResult ODK_DumpSingleField(const uint8_t* buf,
break;
}
case ODK_DEVICEID:
case ODK_MESSAGECOUNTER:
case ODK_DEVICEINFO:
case ODK_RENEWALDATA:
case ODK_HASH: {
const size_t field_len = ODK_FieldLength(field->type);

13
libwvdrmengine/oemcrypto/odk/test/odk_test_helper.h
View File

@@ -21,6 +21,8 @@ enum ODK_FieldType {
ODK_UINT64,
ODK_SUBSTRING,
ODK_DEVICEID,
ODK_DEVICEINFO,
ODK_MESSAGECOUNTER,
ODK_RENEWALDATA,
ODK_HASH,
// The "stressable" types are the ones we can put in a stress test that packs
@@ -71,10 +73,17 @@ struct ODK_ProvisioningResponseParams {
ODK_CoreMessage core_message;
uint8_t device_id[ODK_DEVICE_ID_LEN_MAX];
uint32_t device_id_length;
uint32_t padding_u32;
ODK_MessageCounterInfo counter_info;
ODK_ParsedProvisioning parsed_provisioning;
std::vector<ODK_Field> extra_fields;
};
struct ODK_Provisioning40ResponseParams {
ODK_CoreMessage core_message;
std::vector<ODK_Field> extra_fields;
};
// Default values in core_message for testing
void ODK_SetDefaultCoreFields(ODK_CoreMessage* core_message,
ODK_MessageType message_type);
@@ -82,7 +91,9 @@ void ODK_SetDefaultLicenseResponseParams(ODK_LicenseResponseParams* params,
uint32_t odk_major_version);
void ODK_SetDefaultRenewalResponseParams(ODK_RenewalResponseParams* params);
void ODK_SetDefaultProvisioningResponseParams(
ODK_ProvisioningResponseParams* params);
ODK_ProvisioningResponseParams* params, uint32_t odk_major_version);
void ODK_SetDefaultProvisioning40ResponseParams(
ODK_Provisioning40ResponseParams* params);
size_t ODK_FieldLength(ODK_FieldType type);
size_t ODK_AllocSize(ODK_FieldType type);

95
libwvdrmengine/oemcrypto/odk/test/odk_timer_test.cpp
View File

@@ -6,7 +6,9 @@
#include "OEMCryptoCENCCommon.h"
#include "gtest/gtest.h"
#include "odk.h"
#include "odk_structs.h"
#include "odk_structs_priv.h"
#include "odk_test_helper.h"
namespace {
@@ -23,6 +25,99 @@ constexpr uint64_t kRentalClockStart = 1000u;
// renewal is not loaded.
constexpr uint64_t kGracePeriod = 5u;
constexpr uint32_t kExtraPayloadSize = 128u;
constexpr uint32_t kSystemTime = 20u;
namespace wvodk_test {
TEST(OdkTimerBasicTest, ParseLicenseTimerSet) {
// playback timer is successfully started
::wvodk_test::ODK_LicenseResponseParams params;
ODK_SetDefaultLicenseResponseParams(&params, ODK_MAJOR_VERSION);
params.parsed_license.renewal_delay_base = OEMCrypto_License_Load;
params.parsed_license.timer_limits.soft_enforce_rental_duration = false;
params.parsed_license.timer_limits.soft_enforce_playback_duration = false;
params.parsed_license.timer_limits.earliest_playback_start_seconds = 10;
params.parsed_license.timer_limits.total_playback_duration_seconds = 0;
params.parsed_license.timer_limits.rental_duration_seconds = 10;
params.parsed_license.timer_limits.initial_renewal_duration_seconds = 0;
OEMCryptoResult result =
ODK_InitializeClockValues(&params.clock_values, kSystemTime);
EXPECT_EQ(OEMCrypto_SUCCESS, result);
params.clock_values.time_of_license_request_signed = 5;
params.clock_values.status = kActive;
uint8_t* buf = nullptr;
uint32_t buf_size = 0;
ODK_BuildMessageBuffer(&(params.core_message), params.extra_fields, &buf,
&buf_size);
result = ODK_ParseLicense(
buf, buf_size + kExtraPayloadSize, buf_size, params.initial_license_load,
params.usage_entry_present, kSystemTime, &(params.timer_limits),
&(params.clock_values), &(params.core_message.nonce_values),
&(params.parsed_license), nullptr);
EXPECT_EQ(ODK_SET_TIMER, result);
delete[] buf;
}
TEST(OdkTimerBasicTest, ParseLicenseTimerDisabled) {
// playback timer is successfully started
::wvodk_test::ODK_LicenseResponseParams params;
ODK_SetDefaultLicenseResponseParams(&params, ODK_MAJOR_VERSION);
params.parsed_license.renewal_delay_base = OEMCrypto_License_Load;
params.parsed_license.timer_limits.soft_enforce_rental_duration = true;
params.parsed_license.timer_limits.earliest_playback_start_seconds = 3;
params.parsed_license.timer_limits.total_playback_duration_seconds = 0;
params.parsed_license.timer_limits.initial_renewal_duration_seconds = 0;
params.clock_values.time_of_first_decrypt = 10;
params.clock_values.time_of_license_request_signed = 5;
params.clock_values.status = kActive;
uint8_t* buf = nullptr;
uint32_t buf_size = 0;
ODK_BuildMessageBuffer(&(params.core_message), params.extra_fields, &buf,
&buf_size);
OEMCryptoResult result = ODK_ParseLicense(
buf, buf_size + kExtraPayloadSize, buf_size, params.initial_license_load,
params.usage_entry_present, kSystemTime, &(params.timer_limits),
&(params.clock_values), &(params.core_message.nonce_values),
&(params.parsed_license), nullptr);
EXPECT_EQ(ODK_DISABLE_TIMER, result);
delete[] buf;
}
TEST(OdkTimerBasicTest, ParseRenewalTimerExpired) {
// playback timer is successfully started
::wvodk_test::ODK_LicenseResponseParams params;
ODK_SetDefaultLicenseResponseParams(&params, ODK_MAJOR_VERSION);
params.parsed_license.renewal_delay_base = OEMCrypto_License_Load;
params.parsed_license.timer_limits.rental_duration_seconds = 5;
params.parsed_license.timer_limits.earliest_playback_start_seconds = 3;
OEMCryptoResult result =
ODK_InitializeClockValues(&params.clock_values, kSystemTime);
EXPECT_EQ(OEMCrypto_SUCCESS, result);
params.clock_values.time_of_license_request_signed = 5;
uint8_t* buf = nullptr;
uint32_t buf_size = 0;
ODK_BuildMessageBuffer(&(params.core_message), params.extra_fields, &buf,
&buf_size);
result = ODK_ParseLicense(
buf, buf_size + kExtraPayloadSize, buf_size, params.initial_license_load,
params.usage_entry_present, kSystemTime, &(params.timer_limits),
&(params.clock_values), &(params.core_message.nonce_values),
&(params.parsed_license), nullptr);
EXPECT_EQ(ODK_TIMER_EXPIRED, result);
delete[] buf;
}
} // namespace wvodk_test
TEST(OdkTimerBasicTest, NullTest) {
// Assert that nullptr does not cause a core dump.
ODK_InitializeClockValues(nullptr, 0u);