From 73804a15cf4aa731468148da4dde1560bf4a06ff Mon Sep 17 00:00:00 2001
From: Jeff Tinker <jtinker@google.com>
Date: Tue, 17 Aug 2021 04:48:03 +0000
Subject: [PATCH] Implement serialization version checking

Merge from Widevine repo of http://go/wvgerrit/125263
and http://go/wvgerrit/135749

Define a |major.minor| version in the
serialization layer and check for compatibility
between REE and TEE before accepting connections.

bug: 158857733
test: opk_all_tests
Change-Id: Iad44a1f50a27c6bca4959c6d41c9b361712dbde8
---
 .../cdm/core/test/test_printers.cpp           |  7 +++
 .../oemcrypto/include/OEMCryptoCENC.h         | 44 ++++++++++++++++++-
 .../odk/include/OEMCryptoCENCCommon.h         |  4 ++
 3 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/libwvdrmengine/cdm/core/test/test_printers.cpp b/libwvdrmengine/cdm/core/test/test_printers.cpp
index 1027e598..e3400967 100644
--- a/libwvdrmengine/cdm/core/test/test_printers.cpp
+++ b/libwvdrmengine/cdm/core/test/test_printers.cpp
@@ -1213,6 +1213,13 @@ void PrintTo(const enum OEMCryptoResult& value, ::std::ostream* os) {
     case ODK_STALE_RENEWAL:
       *os << "STALE_RENEWAL";
       break;
+    // OPK Values.
+    case OPK_ERROR_INCOMPATIBLE_VERSION:
+      *os << "INCOMPATIBLE_VERSION";
+      break;
+    case OPK_ERROR_REMOTE_CALL:
+      *os << "REMOTE_CALL";
+      break;
   }
 }
 namespace okp {
diff --git a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
index 439b5b76..4b855aa1 100644
--- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
+++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
@@ -624,10 +624,17 @@ typedef enum OEMCrypto_ProvisioningMethod {
 #define OEMCrypto_MinorAPIVersion             _oecc108
 #define OEMCrypto_AllocateSecureBuffer        _oecc109
 #define OEMCrypto_FreeSecureBuffer            _oecc110
-// Reserved 111-112
+#define OEMCrypto_CreateEntitledKeySession    _oecc111
+#define OEMCrypto_RemoveEntitledKeySession    _oecc112
 #define OEMCrypto_GenerateOTARequest          _oecc113
 #define OEMCrypto_ProcessOTAKeybox            _oecc114
-// Reserved 115-121
+#define OEMCrypto_OPK_SerializationVersion    _oecc115
+#define OEMCrypto_GetBootCertificateChain     _oecc116
+#define OEMCrypto_GenerateCertificateKeyPair  _oecc117
+#define OEMCrypto_InstallOemPrivateKey        _oecc118
+#define OEMCrypto_ReassociateEntitledKeySession _oecc119
+#define OEMCrypto_LoadCasECMKeys              _oecc120
+#define OEMCrypto_LoadEntitledContentKeys_v17 _oecc121  // place holder for v17.
 // clang-format on
 
 /// @addtogroup initcontrol
@@ -4728,6 +4735,39 @@ OEMCryptoResult OEMCrypto_FreeSecureBuffer(
 
 /// @}
 
+/*
+ * OEMCrypto_OPK_SerializationVersion
+ *   Check the serialization protocol version used by the OEMCrypto Porting Kit
+ *   (OPK). If the OPK is not used, this function must return
+ *   OEMCrypto_ERROR_NOT_IMPLEMENTED.  The serialization version is expressed as
+ *   |major.minor|, where |major| and |minor| are integers. The TEE and REE
+ *   serialization versions must match in order for OEMCrypto to communicate
+ *   with the TEE. If the serialization versions do not match, calls to other
+ *   OEMCrypto functions will return OPK_ERROR_INCOMPATIBLE_VERSION. A match is
+ *   achieved if the |major| fields of the TEE and REE versions are the
+ *   same. Differences in only the |minor| fields indicates that the protocols
+ *   are different but are still compatible.
+ *
+ * @param[in,out] ree_major: pointer to memory to receive the REE's |major|
+ *    version. On input, *ree_major may be zero to request the serialization
+ *    version of the REE. If *ree_major is non-zero, this function will test the
+ *    TEE's compatibility using the specified REE major version.
+ * @param[in,out] ree_minor: pointer to memory to receive the REE's |minor|
+ *    version. On input, *ree_minor may be zero to request the serialization
+ *    version of the REE. If *ree_minor is non-zero, this function will test the
+ *    TEE's compatibility using the specified REE minor version.
+ * @param[out] tee_major: pointer to memory to receive the TEE's |major| version
+ * @param[out] tee_minor: pointer to memory to receive the TEE's |minor| version
+ *
+ * @retval OEMCrypto_SUCCESS success
+ * @retval OPK_ERROR_INCOMPATIBLE_VERSION
+ * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
+ */
+OEMCryptoResult OEMCrypto_OPK_SerializationVersion(uint32_t* ree_major,
+                                                   uint32_t* ree_minor,
+                                                   uint32_t* tee_major,
+                                                   uint32_t* tee_minor);
+
 /****************************************************************************/
 /****************************************************************************/
 /* The following functions are optional. They are only used if the device
diff --git a/libwvdrmengine/oemcrypto/odk/include/OEMCryptoCENCCommon.h b/libwvdrmengine/oemcrypto/odk/include/OEMCryptoCENCCommon.h
index b1ad6e97..e445a0c2 100644
--- a/libwvdrmengine/oemcrypto/odk/include/OEMCryptoCENCCommon.h
+++ b/libwvdrmengine/oemcrypto/odk/include/OEMCryptoCENCCommon.h
@@ -97,6 +97,10 @@ typedef enum OEMCryptoResult {
   ODK_TIMER_EXPIRED                            = ODK_ERROR_BASE + 3,
   ODK_UNSUPPORTED_API                          = ODK_ERROR_BASE + 4,
   ODK_STALE_RENEWAL                            = ODK_ERROR_BASE + 5,
+  /* OPK return values */
+  OPK_ERROR_BASE                               = 2000,
+  OPK_ERROR_REMOTE_CALL                        = OPK_ERROR_BASE,
+  OPK_ERROR_INCOMPATIBLE_VERSION               = OPK_ERROR_BASE + 1
 } OEMCryptoResult;
 /* clang-format on */