Pick widevine oemcrypto-v18 change

No-Typo-Check: From a third party header file
Bug: 260918793
Test: unit tests
Test: atp v2/widevine-eng/drm_compliance
Change-Id: I36effd6a10a99bdb2399ab1f4a0fad026d607c70

libwvdrmengine/oemcrypto/odk/include/OEMCryptoCENCCommon.h

@@ -142,6 +142,17 @@ typedef enum OEMCrypto_PrivateKeyType {
   OEMCrypto_PrivateKeyType_MaxValue = OEMCrypto_ECC_Private_Key,
 } OEMCrypto_PrivateKeyType;
 
+/**
+ * The base for (delayed) timers, i.e. from what time the (delayed) timer
+ * starts.
+ */
+typedef enum OEMCrypto_TimerDelayBase {
+  OEMCrypto_License_Start = 0,
+  OEMCrypto_License_Load = 1,
+  OEMCrypto_First_Decrypt = 2,
+  OEMCrypto_TimerDelayBase_MaxValue = OEMCrypto_First_Decrypt,
+} OEMCrypto_TimerDelayBase;
+
 /**
  *  Used to indicate a substring of a signed message in OEMCrypto_LoadKeys and
  *  other functions which must verify that a parameter is contained within a

libwvdrmengine/oemcrypto/odk/include/core_message_deserialize.h

@@ -55,6 +55,18 @@ bool CoreProvisioningRequestFromMessage(
     const std::string& oemcrypto_core_message,
     ODK_ProvisioningRequest* core_provisioning_request);
 
+/**
+ * Counterpart (deserializer) of ODK_PrepareCoreProvisioning40Request
+ * (serializer)
+ *
+ * Parameters:
+ *   [in] oemcrypto_core_message
+ *   [out] core_provisioning_request
+ */
+bool CoreProvisioning40RequestFromMessage(
+    const std::string& oemcrypto_core_message,
+    ODK_Provisioning40Request* core_provisioning_request);
+
 /**
  * Counterpart (deserializer) of ODK_PrepareCoreRenewedProvisioningRequest
  * (serializer)

libwvdrmengine/oemcrypto/odk/include/core_message_features.h

@@ -8,6 +8,7 @@
 #include <stdint.h>
 
 #include <iostream>
+#include <ostream>
 #include <string>
 
 namespace oemcrypto_core_message {

libwvdrmengine/oemcrypto/odk/include/core_message_serialize.h

@@ -72,6 +72,21 @@ bool CreateCoreProvisioningResponse(const CoreMessageFeatures& features,
                                     const ODK_ParsedProvisioning& parsed_prov,
                                     const ODK_ProvisioningRequest& core_request,
                                     std::string* oemcrypto_core_message);
+
+/**
+ * Counterpart (serializer) of ODK_ParseProvisioning40 (deserializer)
+ * struct-input variant
+ *
+ * Parameters:
+ *   [in] features feature support for response message.
+ *   [in] core_request
+ *   [out] oemcrypto_core_message
+ */
+bool CreateCoreProvisioning40Response(
+    const CoreMessageFeatures& features,
+    const ODK_Provisioning40Request& core_request,
+    std::string* oemcrypto_core_message);
+
 }  // namespace serialize
 }  // namespace oemcrypto_core_message
 

libwvdrmengine/oemcrypto/odk/include/core_message_serialize_proto.h

@@ -17,6 +17,7 @@
 #include <cstdint>
 #include <string>
 
+#include "OEMCryptoCENCCommon.h"
 #include "core_message_features.h"
 #include "core_message_types.h"
 #include "license_protocol.pb.h"
@@ -59,6 +60,7 @@ bool CreateCoreProvisioningResponseFromProto(
     const oemcrypto_core_message::features::CoreMessageFeatures& features,
     const std::string& serialized_provisioning_response,
     const ODK_ProvisioningRequest& core_request,
+    const OEMCrypto_PrivateKeyType device_key_type,
     std::string* oemcrypto_core_message);
 
 }  // namespace serialize

libwvdrmengine/oemcrypto/odk/include/core_message_types.h

@@ -30,23 +30,25 @@
  * KDO provides a corresponding writer.
  *
  * Table: ODK vs KDO (s: serialize; d: deserialize)
- * +----------------------------------------+---------------------------------------+
- * | ODK                                    | KDO                                   |
- * +---+------------------------------------+---+-----------------------------------+
- * | s | ODK_PrepareCoreLicenseRequest      | d | CoreLicenseRequestFromMessage     |
- * |   +------------------------------------+   +-----------------------------------+
- * |   | ODK_PrepareCoreRenewalRequest      |   | CoreRenewalRequestFromMessage     |
- * |   +------------------------------------+   +-----------------------------------+
- * |   | ODK_PrepareCoreProvisioningRequest |   | CoreProvisioningRequestFromMessage|
- * |   +------------------------------------+   +-----------------------------------+
- * |   | ODK_PrepareCommonRequest           |   | CoreCommonRequestFromMessage      |
- * +---+------------------------------------+---+-----------------------------------+
- * | d | ODK_ParseLicense                   | s | CreateCoreLicenseResponse         |
- * |   +------------------------------------+   +-----------------------------------+
- * |   | ODK_ParseRenewal                   |   | CreateCoreRenewalResponse         |
- * |   +------------------------------------+   +-----------------------------------+
- * |   | ODK_ParseProvisioning              |   | CreateCoreProvisioningResponse    |
- * +---+------------------------------------+---+-----------------------------------+
+ * +------------------------------------------+------------------------------------------+
+ * | ODK                                      | KDO                                      |
+ * +---+--------------------------------------+---+--------------------------------------+
+ * | s | ODK_PrepareCoreLicenseRequest        | d | CoreLicenseRequestFromMessage        |
+ * |   +--------------------------------------+   +--------------------------------------+
+ * |   | ODK_PrepareCoreRenewalRequest        |   | CoreRenewalRequestFromMessage        |
+ * |   +--------------------------------------+   +--------------------------------------+
+ * |   | ODK_PrepareCoreProvisioningRequest   |   | CoreProvisioningRequestFromMessage   |
+ * |   | ODK_PrepareCoreProvisioning40Request |   | CoreProvisioning40RequestFromMessage |
+ * |   +--------------------------------------+   +--------------------------------------+
+ * |   | ODK_PrepareCommonRequest             |   | CoreCommonRequestFromMessage         |
+ * +---+--------------------------------------+---+--------------------------------------+
+ * | d | ODK_ParseLicense                     | s | CreateCoreLicenseResponse            |
+ * |   +--------------------------------------+   +--------------------------------------+
+ * |   | ODK_ParseRenewal                     |   | CreateCoreRenewalResponse            |
+ * |   +--------------------------------------+   +--------------------------------------+
+ * |   | ODK_ParseProvisioning                |   | CreateCoreProvisioningResponse       |
+ * |   | ODK_ParseProvisioning40              |   | CreateCoreProvisioning40Response     |
+ * +---+--------------------------------------+---+--------------------------------------+
  *
  *********************************************************************/
 // clang-format on
@@ -95,6 +97,19 @@ struct ODK_RenewalRequest {
   uint64_t playback_time_seconds;
 };
 
+struct ODK_MessageCounter {
+  uint64_t master_generation_number;
+  uint32_t provisioning_count;
+  uint32_t license_count;
+  uint32_t decrypt_count;
+  uint16_t major_version;
+  uint16_t minor_version;
+  uint16_t patch_version;
+  uint8_t soc_vendor[16];
+  uint8_t chipset_model[16];
+  uint8_t extra[16];
+};
+
 /**
  * Output structure for CoreProvisioningRequestFromMessage and
  * CoreRenewedProvisioningRequestFromMessage
@@ -108,6 +123,19 @@ struct ODK_ProvisioningRequest {
   std::string device_id;
   uint16_t renewal_type;
   std::string renewal_data;
+  ODK_MessageCounter counter_info;
+};
+
+/**
+ * Output structure for CoreProvisioningRequest40FromMessage
+ * Input structure for CreateCoreProvisioning40Response
+ */
+struct ODK_Provisioning40Request {
+  uint16_t api_minor_version;
+  uint16_t api_major_version;
+  uint32_t nonce;
+  uint32_t session_id;
+  std::string device_info;
 };
 
 }  // namespace oemcrypto_core_message

libwvdrmengine/oemcrypto/odk/include/odk.h

@@ -259,6 +259,8 @@ OEMCryptoResult ODK_DeactivateUsageEntry(ODK_ClockValues* clock_values);
  *       of the message. (in) size of buffer reserved for the core message, in
  *       bytes. (out) actual length of the core message, in bytes.
  * @param[in] nonce_values: pointer to the session's nonce data.
+ * @param[in] message_count_info: information used for server-side anomaly
+ * detection
  *
  * @retval OEMCrypto_SUCCESS
  * @retval OEMCrypto_ERROR_SHORT_BUFFER: core_message_size is too small
@@ -269,7 +271,8 @@ OEMCryptoResult ODK_DeactivateUsageEntry(ODK_ClockValues* clock_values);
  */
 OEMCryptoResult ODK_PrepareCoreLicenseRequest(
     uint8_t* message, size_t message_length, size_t* core_message_size,
-    const ODK_NonceValues* nonce_values);
+    const ODK_NonceValues* nonce_values,
+    const ODK_MessageCounterInfo* counter_info);
 
 /**
  * Modifies the message to include a core renewal request at the beginning of
@@ -337,11 +340,8 @@ OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message,
  *       of the message. (in) size of buffer reserved for the core message, in
  *       bytes. (out) actual length of the core message, in bytes.
  * @param[in] nonce_values: pointer to the session's nonce data.
- * @param[in] device_id: For devices with a keybox, this is the device ID from
- *       the keybox. For devices with an OEM Certificate, this is a device
- *       unique id string.
- * @param[in] device_id_length: length of device_id. The device ID can be at
- *       most 64 bytes.
+ * @param[in] message_count_info: information used for server-side anomaly
+ * detection
  *
  * @retval OEMCrypto_SUCCESS
  * @retval OEMCrypto_ERROR_SHORT_BUFFER: core_message_size is too small
@@ -352,8 +352,44 @@ OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message,
  */
 OEMCryptoResult ODK_PrepareCoreProvisioningRequest(
     uint8_t* message, size_t message_length, size_t* core_message_length,
-    const ODK_NonceValues* nonce_values, const uint8_t* device_id,
-    size_t device_id_length);
+    const ODK_NonceValues* nonce_values,
+    const ODK_MessageCounterInfo* counter_info);
+
+/**
+ * Modifies the message to include a core provisioning 4.0 request at the
+ * beginning of the message buffer. The values in nonce_values are used to
+ * populate the message.
+ *
+ * This shall be called by OEMCrypto from
+ * OEMCrypto_PrepAndSignProvisioningRequest.
+ *
+ * NOTE: if the message pointer is null and/or input core_message_length is
+ * zero, this function returns OEMCrypto_ERROR_SHORT_BUFFER and sets output
+ * core_message_size to the size needed.
+ *
+ * @param[in,out] message: Pointer to memory for the entire message. Modified by
+ *       the ODK library.
+ * @param[in] message_length: length of the entire message buffer.
+ * @param[in,out] core_message_size: length of the core message at the beginning
+ *       of the message. (in) size of buffer reserved for the core message, in
+ *       bytes. (out) actual length of the core message, in bytes.
+ * @param[in] nonce_values: pointer to the session's nonce data.
+ * @param[in] device_info: Encoded device hardware info in CBOR format.
+ * @param[in] device_info_length: length of device_info.
+ * @param[in] message_count_info: information used for server-side anomaly
+ * detection
+ *
+ * @retval OEMCrypto_SUCCESS
+ * @retval OEMCrypto_ERROR_SHORT_BUFFER: core_message_size is too small
+ * @retval OEMCrypto_ERROR_INVALID_CONTEXT
+ *
+ * @version
+ * This method is new in version 18 of the API.
+ */
+OEMCryptoResult ODK_PrepareCoreProvisioning40Request(
+    uint8_t* message, size_t message_length, size_t* core_message_length,
+    const ODK_NonceValues* nonce_values, const uint8_t* device_info,
+    size_t device_info_length, const ODK_MessageCounterInfo* counter_info);
 
 /**
  * Modifies the message to include a core renewal provisioning request at the
@@ -515,6 +551,7 @@ OEMCryptoResult ODK_RefreshV15Values(const ODK_TimerLimits* timer_limits,
  *       and false when called for OEMCrypto_ReloadLicense.
  * @param[in] usage_entry_present: true if the session has a new usage entry
  *       associated with it created via OEMCrypto_CreateNewUsageEntry.
+ * @param[in] system_time_seconds: The current system's time in seconds.
  * @param[in,out] timer_limits: The session's timer limits. These will be
  *       updated.
  * @param[in,out] clock_values: The session's clock values. These will be
@@ -522,13 +559,19 @@ OEMCryptoResult ODK_RefreshV15Values(const ODK_TimerLimits* timer_limits,
  * @param[in,out] nonce_values: The session's nonce values. These will be
  *       updated.
  * @param[out] parsed_license: the destination for the data.
+ * @param[out] timer_value: set if playback timer should be started.
  *
  * @retval OEMCrypto_SUCCESS
  * @retval ODK_ERROR_CORE_MESSAGE: if the message did not parse correctly, or
  *         there were other incorrect values. An error should be returned to the
  *         CDM layer.
  * @retval ODK_UNSUPPORTED_API
- * @retval OEMCrypto_ERROR_INVALID_NONCE
+ * @retval ODK_SET_TIMER: if the playback timer has been started successfully
+ * @retval ODK_DISABLE_TIMER: if the playtime timer has been started
+ *         successfully then is disabled.
+ * @retval ODK_TIMER_EXPIRED: if the license is attempted to be loaded after the
+ *         rental duration expires.
+ * @retval OEMCrypto_ERROR_INVALåID_NONCE
  *
  * @version
  * This method is new in version 16 of the API.
@@ -536,8 +579,9 @@ OEMCryptoResult ODK_RefreshV15Values(const ODK_TimerLimits* timer_limits,
 OEMCryptoResult ODK_ParseLicense(
     const uint8_t* message, size_t message_length, size_t core_message_length,
     bool initial_license_load, bool usage_entry_present,
-    ODK_TimerLimits* timer_limits, ODK_ClockValues* clock_values,
-    ODK_NonceValues* nonce_values, ODK_ParsedLicense* parsed_license);
+    uint64_t system_time_seconds, ODK_TimerLimits* timer_limits,
+    ODK_ClockValues* clock_values, ODK_NonceValues* nonce_values,
+    ODK_ParsedLicense* parsed_license, uint64_t* timer_value);
 
 /**
  * The function ODK_ParseRenewal will parse the message and verify its
@@ -564,7 +608,8 @@ OEMCryptoResult ODK_ParseLicense(
  * @param[in] message_length: length of the entire message buffer.
  * @param[in] core_message_size: length of the core message, at the beginning of
  *       the message buffer.
- * @param[in] nonce_values: pointer to the session's nonce data.
+ * @param[in,out] nonce_values: pointer to the session's nonce data. These might
+ *       be updated if the server returns a lower API version.
  * @param[in] system_time_seconds: the current time on OEMCrypto's clock, in
  *       seconds.
  * @param[in] timer_limits: timer limits specified in the license.
@@ -591,7 +636,7 @@ OEMCryptoResult ODK_ParseLicense(
  */
 OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
                                  size_t core_message_length,
-                                 const ODK_NonceValues* nonce_values,
+                                 ODK_NonceValues* nonce_values,
                                  uint64_t system_time_seconds,
                                  const ODK_TimerLimits* timer_limits,
                                  ODK_ClockValues* clock_values,
@@ -604,8 +649,8 @@ OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
  * If the message does not parse correctly, ODK_ParseProvisioning will return
  * an error that OEMCrypto should return to the CDM layer above.
  *
- * If the API in the message is larger than 16, then ODK_UNSUPPORTED_API is
- * returned.
+ * If the API in the message is larger than ODK_MAJOR_VERSION, then
+ * ODK_UNSUPPORTED_API is returned.
  *
  * ODK_ParseProvisioning shall verify that nonce_values->nonce and
  * nonce_values->session_id are the same as those in the message. Otherwise
@@ -620,11 +665,13 @@ OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
  * @param[in] message_length: length of the entire message buffer.
  * @param[in] core_message_size: length of the core message, at the beginning of
  *       the message buffer.
- * @param[in] nonce_values: pointer to the session's nonce data.
+ * @param[in/out] nonce_values: pointer to the session's nonce data. These might
+ *       be updated if the server returns a lower API version.
  * @param[in] device_id: a pointer to a buffer containing the device ID of the
  *       device. The ODK function will verify it matches that in the message.
  * @param[in] device_id_length: the length of the device ID.
- * @param[out] parsed_response: destination for the parse data.
+ * @param[out] counter_info: destination for counter portion of parse data.
+ * @param[out] parsed_response: destination for response portion of parse data.
  *
  * @retval OEMCrypto_SUCCESS
  * @retval ODK_ERROR_CORE_MESSAGE: the message did not parse correctly, or there
@@ -638,9 +685,45 @@ OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
  */
 OEMCryptoResult ODK_ParseProvisioning(
     const uint8_t* message, size_t message_length, size_t core_message_length,
-    const ODK_NonceValues* nonce_values, const uint8_t* device_id,
+    ODK_NonceValues* nonce_values, const uint8_t* device_id,
     size_t device_id_length, ODK_ParsedProvisioning* parsed_response);
 
+/**
+ * The function ODK_ParseProvisioning40 will parse the message and verify the
+ * nonce values match those in the request.
+ *
+ * If the message does not parse correctly, ODK_ParseProvisioning40 will return
+ * an error that OEMCrypto should return to the CDM layer above.
+ *
+ * If the API in the message is larger than ODK_MAJOR_VERSION, then
+ * ODK_UNSUPPORTED_API is returned.
+ *
+ * ODK_ParseProvisioning40 shall verify that nonce_values->nonce and
+ * nonce_values->session_id are the same as those in the message. Otherwise
+ * it shall return OEMCrypto_ERROR_INVALID_NONCE.
+ *
+ * @param[in] message: pointer to the message buffer.
+ * @param[in] message_length: length of the entire message buffer.
+ * @param[in] core_message_size: length of the core message, at the beginning of
+ *       the message buffer.
+ * @param[in,out] nonce_values: pointer to the session's nonce data. These might
+ *       be updated if the server returns a lower API version.
+ *
+ * @retval OEMCrypto_SUCCESS
+ * @retval ODK_ERROR_CORE_MESSAGE: the message did not parse correctly, or there
+ *         were other incorrect values. An error should be returned to the CDM
+ *         layer.
+ * @retval ODK_UNSUPPORTED_API
+ * @retval OEMCrypto_ERROR_INVALID_NONCE
+ *
+ * @version
+ * This method is new in version 18 of the API.
+ */
+OEMCryptoResult ODK_ParseProvisioning40(const uint8_t* message,
+                                        size_t message_length,
+                                        size_t core_message_length,
+                                        ODK_NonceValues* nonce_values);
+
 /**
  * The function ODK_ParseProvisioning will parse the message and verify the
  * API version is at most the version passed in.

libwvdrmengine/oemcrypto/odk/include/odk_message.h

@@ -63,7 +63,8 @@ typedef enum {
   MESSAGE_STATUS_NOT_INITIALIZED = 0x2990b6c6,
   MESSAGE_STATUS_OUT_OF_MEMORY = 0x7c5c64cc,
   MESSAGE_STATUS_MAP_SHARED_MEMORY_FAILED = 0x7afecacf,
-  MESSAGE_STATUS_SECURE_BUFFER_ERROR = 0x78f0e873
+  MESSAGE_STATUS_SECURE_BUFFER_ERROR = 0x78f0e873,
+  MESSAGE_STATUS_BUFFER_TOO_LARGE = 0x5bfcfb21
 } ODK_MessageStatus;
 
 /*

libwvdrmengine/oemcrypto/odk/include/odk_structs.h

@@ -15,11 +15,11 @@ extern "C" {
 #include "odk_target.h"
 
 /* The version of this library. */
-#define ODK_MAJOR_VERSION 17
-#define ODK_MINOR_VERSION 2
+#define ODK_MAJOR_VERSION 18
+#define ODK_MINOR_VERSION 0
 
 /* ODK Version string. Date changed automatically on each release. */
-#define ODK_RELEASE_DATE "ODK v17.2 2022-08-10"
+#define ODK_RELEASE_DATE "ODK v18.0 2022-12-14"
 
 /* The lowest version number for an ODK message. */
 #define ODK_FIRST_VERSION 16
@@ -28,6 +28,11 @@ extern "C" {
 #define ODK_DEVICE_ID_LEN_MAX 64
 #define ODK_SHA256_HASH_SIZE 32
 #define ODK_KEYBOX_RENEWAL_DATA_SIZE 1600
+/* The max length of the encoded device info in CBOR format. Make sure it gets
+ * updated when more device info is included. Refer to
+ * https://www.rfc-editor.org/rfc/rfc8949.html#name-specification-of-the-cbor-e
+ * for an estimation of the required length. */
+#define ODK_DEVICE_INFO_LEN_MAX 256
 
 /// @addtogroup odk_timer
 /// @{
@@ -161,6 +166,47 @@ typedef struct {
 /// @addtogroup odk_parser
 /// @{
 
+/**
+ * This counter information is used by the license and provisioning servers to
+ * keep track of requests. Values should be updated after every successful
+ * provisioning request, license request, and decrypt call.
+ *
+ * @param provisioning_count: number of times a provisioning request was made on
+ * this device in the current instance. May be reset to 0 on device power off.
+ * @param license_count: number of times a license request was made on this
+ * device in the current instance. May be reset to 0 on device power off.
+ * @param decrypt_count: number of times OEMCrypto_DecryptCENC() has been called
+ * on this device in the current instance. May be reset to 0 on device power
+ * off.
+ * @param master_generation_number: current master generation number value from
+ * the OEMCrypto usage table. Persists across reboots.
+ * @param soc_vendor: name of the system-on-a-chip vendor for the device,
+ * limited to 16 bytes
+ * @param chipset_model: name of the chipset on the device, limited to 16 bytes
+ * @param major_version: major version of the TA binary. This is different from
+ * the OEMCrypto version that is being implemented.
+ * @param minor_version: minor version of the TA binary, if applicable. This is
+ * different from the OEMCrypto version that is being implemented.
+ * @param patch_version: patch version of the TA binary, if applicable. This is
+ * different from the OEMCrypto version that is being implemented.
+ * @param extra: unused in V18
+ *
+ * @version
+ * This struct was added in API version 18.
+ */
+typedef struct {
+  uint64_t master_generation_number;
+  uint32_t provisioning_count;
+  uint32_t license_count;
+  uint32_t decrypt_count;
+  uint16_t major_version;
+  uint16_t minor_version;
+  uint16_t patch_version;
+  uint8_t soc_vendor[16];
+  uint8_t chipset_model[16];
+  uint8_t extra[12];
+} ODK_MessageCounterInfo;
+
 /**
  * The parsed license structure contains information from the license
  * message. The function ODK_ParseLicense will fill in the fields of this
@@ -178,11 +224,12 @@ typedef struct {
  * @param timer_limits: time limits of the for the license.
  * @param watermarking: specifies if device supports watermarking.
  * @param dtcp2_required: specifies if device supports DTCP.
+ * @param renewal_delay_base: what time the timer starting is based off of.
  * @param key_array_length: number of keys present.
  * @param key_array: set of keys to be installed.
  *
  * @version
- * This struct changed in API version 17.
+ * This struct changed in API version 18.
  */
 typedef struct {
   OEMCrypto_Substring enc_mac_keys_iv;
@@ -194,6 +241,7 @@ typedef struct {
   ODK_TimerLimits timer_limits;
   uint32_t watermarking;
   OEMCrypto_DTCP2_CMI_Packet dtcp2_required;
+  OEMCrypto_TimerDelayBase renewal_delay_base;
   uint32_t key_array_length;
   OEMCrypto_KeyObject key_array[ODK_MAX_NUM_KEYS];
 } ODK_ParsedLicense;