Refactor OEMCrypto_SetDecryptHash

The current implementation of OEMCrypto_SetDecryptHash gives developers
flexibility to use different types of hashes. However, all the
implementations we have seen thus far use crc32. Because of this, crc32
should be sufficient and we can refactor OEMCrypto_SetDecryptHash to
only use the crc32 hash.

Bug: 287706586
Change-Id: I4aaa253b2656dfd9c984f77dfb08fe160b23b47c

libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h

@@ -662,7 +662,7 @@ typedef enum OEMCrypto_SignatureHashAlgorithm {
 #define OEMCrypto_ResourceRatingTier          _oecc85
 #define OEMCrypto_SupportsDecryptHash         _oecc86
 #define OEMCrypto_InitializeDecryptHash       _oecc87
-#define OEMCrypto_SetDecryptHash              _oecc88
+#define OEMCrypto_SetDecryptHash_V18          _oecc88
 #define OEMCrypto_GetHashErrorCode            _oecc89
 #define OEMCrypto_BuildInformation_V16        _oecc90
 #define OEMCrypto_RefreshKeys                 _oecc91
@@ -715,6 +715,7 @@ typedef enum OEMCrypto_SignatureHashAlgorithm {
 #define OEMCrypto_EnterTestMode               _oecc140
 #define OEMCrypto_GetDeviceSignedCsrPayload   _oecc141
 #define OEMCrypto_FactoryInstallBCCSignature  _oecc142
+#define OEMCrypto_SetDecryptHash              _oecc143
 // clang-format on
 
 /// @addtogroup initcontrol
@@ -5243,8 +5244,7 @@ uint32_t OEMCrypto_SupportsDecryptHash(void);
  * output is not supported, then this will return
  * OEMCrypto_ERROR_NOT_IMPLEMENTED. If the hash is ill formed or there are
  * other error conditions, this returns OEMCrypto_ERROR_UNKNOWN_FAILURE. The
- * length of the hash will be at most 128 bytes, and will be 4 bytes (32
- * bits) for the default CRC32 hash.
+ * length of the hash will be 4 bytes (32 bits) for the default CRC32 hash.
  *
  * This may be called before the first call to OEMCrypto_GetKeyHandle. In that
  * case, this function cannot verify that the key control block allows hash
@@ -5265,8 +5265,7 @@ uint32_t OEMCrypto_SupportsDecryptHash(void);
  *
  * @param[in] session: session id for current decrypt operation
  * @param[in] frame_number: frame number for the recent DecryptCENC sample.
- * @param[in] hash: hash or CRC of previously decrypted frame.
- * @param[in] hash_length: length of hash, in bytes.
+ * @param[in] crc32: CRC of previously decrypted frame.
  *
  * @retval OEMCrypto_SUCCESS if the hash was set
  * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED function not implemented
@@ -5290,9 +5289,7 @@ uint32_t OEMCrypto_SupportsDecryptHash(void);
  *   This method is new in API version 15.
  */
 OEMCryptoResult OEMCrypto_SetDecryptHash(OEMCrypto_SESSION session,
-                                         uint32_t frame_number,
-                                         const uint8_t* hash,
-                                         size_t hash_length);
+                                         uint32_t frame_number, uint32_t crc32);
 
 /**
  * If the hash set in OEMCrypto_SetDecryptHash() did not match the computed
@@ -5531,6 +5528,17 @@ OEMCryptoResult OEMCrypto_ProcessOTAKeybox(OEMCrypto_SESSION session,
  * backwards compatibility.
  */
 
+/*
+ * OEMCrypto_SetDecryptHash
+ * @deprecated
+ *   Not required for the current version of OEMCrypto. Declared here to
+ *   help with backward compatibility.
+ */
+OEMCryptoResult OEMCrypto_SetDecryptHash_V18(OEMCrypto_SESSION session,
+                                             uint32_t frame_number,
+                                             const uint8_t* hash,
+                                             size_t hash_length);
+
 /*
  * OEMCrypto_GenerateSignature
  * @deprecated

libwvdrmengine/oemcrypto/include/level3.h

@@ -72,7 +72,7 @@ namespace wvoec3 {
 #define Level3_SetSandbox                  _lcc84
 #define Level3_ResourceRatingTier          _lcc85
 #define Level3_SupportsDecryptHash         _lcc86
-#define Level3_SetDecryptHash              _lcc88
+#define Level3_SetDecryptHash_V18          _lcc88
 #define Level3_GetHashErrorCode            _lcc89
 #define Level3_RefreshKeys                 _lcc91
 #define Level3_LoadEntitledContentKeys_V16 _lcc92
@@ -120,6 +120,7 @@ namespace wvoec3 {
 #define Level3_GetSignatureHashAlgorithm   _lcc139
 #define Level3_EnterTestMode               _lcc140
 #define Level3_GetDeviceSignedCsrPayload   _lcc141
+#define Level3_SetDecryptHash              _lcc143
 #else
 #define Level3_Initialize                  _oecc01
 #define Level3_Terminate                   _oecc02
@@ -173,7 +174,7 @@ namespace wvoec3 {
 #define Level3_SetSandbox                  _oecc84
 #define Level3_ResourceRatingTier          _oecc85
 #define Level3_SupportsDecryptHash         _oecc86
-#define Level3_SetDecryptHash              _oecc88
+#define Level3_SetDecryptHash_V18          _oecc88
 #define Level3_GetHashErrorCode            _oecc89
 #define Level3_RefreshKeys                 _oecc91
 #define Level3_LoadEntitledContentKeys_V16 _oecc92
@@ -221,6 +222,7 @@ namespace wvoec3 {
 #define Level3_GetSignatureHashAlgorithm   _oecc139
 #define Level3_EnterTestMode               _oecc140
 #define Level3_GetDeviceSignedCsrPayload   _oecc141
+#define Level3_SetDecryptHash              _oecc143
 #endif
 
 #define Level3_GetInitializationState     _oecl3o01
@@ -373,8 +375,11 @@ uint32_t Level3_ResourceRatingTier();
 uint32_t Level3_SupportsDecryptHash();
 
 OEMCryptoResult Level3_SetDecryptHash(OEMCrypto_SESSION session,
-                                      uint32_t frame_number,
-                                      const uint8_t* hash, size_t hash_length);
+                                      uint32_t frame_number, uint32_t crc32);
+OEMCryptoResult Level3_SetDecryptHash_V18(OEMCrypto_SESSION session,
+                                          uint32_t frame_number,
+                                          const uint8_t* hash,
+                                          size_t hash_length);
 OEMCryptoResult Level3_GetHashErrorCode(OEMCrypto_SESSION session,
                                         uint32_t* failed_frame_number);
 OEMCryptoResult Level3_BuildInformation(char* buffer, size_t* buffer_length);

libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_decrypt_hash_fuzz.cc

@@ -55,15 +55,14 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   uint32_t* const failed_frame_number =
       fuzzed_data.ConsumeBool() ? &failed_frame_number_data : nullptr;
 
-  const std::vector<uint8_t> hash =
-      fuzzed_data.ConsumeRemainingBytes<uint8_t>();
+  const uint32_t crc32 = fuzzed_data.ConsumeIntegral<uint32_t>();
 
   license_api_fuzz.LoadLicense();
   std::vector<uint8_t> key_handle;
   wvoec::GetKeyHandleIntoVector(session_id, content_key_id.data(),
                                 content_key_id.size(),
                                 OEMCrypto_CipherMode_CENC, key_handle);
-  OEMCrypto_SetDecryptHash(session_id, frame_number, hash.data(), hash.size());
+  OEMCrypto_SetDecryptHash(session_id, frame_number, crc32);
   OEMCrypto_DecryptCENC(key_handle.data(), key_handle.size(), &sample, 1,
                         &pattern);
   OEMCrypto_GetHashErrorCode(session_id, failed_frame_number);

libwvdrmengine/oemcrypto/test/oemcrypto_decrypt_test.cpp

@@ -242,12 +242,10 @@ TEST_P(OEMCryptoLicenseTest, HashForbiddenAPI15) {
   ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
 
   uint32_t frame_number = 1;
-  uint32_t hash = 42;
+  const uint32_t crc32 = 42;
   // It is OK to set the hash before loading the keys
-  ASSERT_EQ(OEMCrypto_SUCCESS,
-            OEMCrypto_SetDecryptHash(session_.session_id(), frame_number,
-                                     reinterpret_cast<const uint8_t*>(&hash),
-                                     sizeof(hash)));
+  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_SetDecryptHash(session_.session_id(),
+                                                        frame_number, crc32));
   // It is OK to select the key and decrypt.
   ASSERT_NO_FATAL_FAILURE(session_.TestDecryptCTR());
   // But the error code should be bad.
@@ -257,11 +255,10 @@ TEST_P(OEMCryptoLicenseTest, HashForbiddenAPI15) {
 
 // This test verifies OEMCrypto_SetDecryptHash for out of range frame number.
 TEST_P(OEMCryptoLicenseTest, DecryptHashForOutOfRangeFrameNumber) {
-  uint32_t frame_number = kHugeRandomNumber;
-  uint32_t hash = 42;
-  ASSERT_NO_FATAL_FAILURE(OEMCrypto_SetDecryptHash(
-      session_.session_id(), frame_number,
-      reinterpret_cast<const uint8_t*>(&hash), sizeof(hash)));
+  const uint32_t frame_number = kHugeRandomNumber;
+  const uint32_t crc32 = 42;
+  ASSERT_NO_FATAL_FAILURE(
+      OEMCrypto_SetDecryptHash(session_.session_id(), frame_number, crc32));
 }
 
 //

libwvdrmengine/oemcrypto/test/oemcrypto_decrypt_test.h

@@ -386,11 +386,9 @@ class OEMCryptoSessionTestsDecryptTests
     if (verify_crc_) {
       const TestSample& sample = samples_[0];
 
-      uint32_t hash =
+      uint32_t crc32 =
           util::wvcrc32(sample.truth_buffer.data(), sample.truth_buffer.size());
-      OEMCrypto_SetDecryptHash(session_.session_id(), 1,
-                               reinterpret_cast<const uint8_t*>(&hash),
-                               sizeof(hash));
+      OEMCrypto_SetDecryptHash(session_.session_id(), 1, crc32);
     }
 
     // Build an array of just the sample descriptions.

libwvdrmengine/oemcrypto/test/oemcrypto_security_test.cpp

@@ -599,11 +599,10 @@ TEST_F(OEMCryptoSessionTests,
 TEST_F(OEMCryptoMemoryLicenseTest,
        OEMCryptoMemoryDecryptHashForHugeHashBuffer) {
   uint32_t session_id = session_.session_id();
-  auto f = [session_id](size_t hash_length) {
-    uint32_t frame_number = 1;
-    vector<uint8_t> hash_buffer(hash_length);
-    return OEMCrypto_SetDecryptHash(session_id, frame_number,
-                                    hash_buffer.data(), hash_buffer.size());
+  auto f = [session_id]() {
+    const uint32_t frame_number = 1;
+    const uint32_t crc32 = 0;
+    return OEMCrypto_SetDecryptHash(session_id, frame_number, crc32);
   };
   TestHugeLengthDoesNotCrashAPI(f, kCheckStatus);
 }