widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ODK: forward compatibility and nonce-free offline license support

Browse Source 
Merge of http://go/wvgerrit/101183

This is a combination of multiple commits from google3:
* http://cl/313814938
  ODK Version String
* http://cl/313962712
  ODK: accept messages with future API version numbers
* http://cl/312219187
  Ignore hash if initial load of license, and the nonce not required
  (squashed into http://cl/313962712)

Test: OEMCryptoLicenseTest.LoadKeyWithNoRequest
Bug: 157822248
Bug: 156853321
Change-Id: I735d355241876bddb0c52440b0049efb72a4b26f
This commit is contained in:
Fred Gylys-Colwell
2020-05-29 11:13:20 -07:00
committed by Robert Shih
parent c34e2af181
commit 8dc1d7a11d
4 changed files with 39 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
libwvdrmengine/oemcrypto/odk/src/odk.c
View File

@@ -190,9 +190,9 @@ OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message,
* renewal. All releases use v15. */
if (clock_values->timer_status == ODK_CLOCK_TIMER_STATUS_LICENSE_NOT_LOADED ||
clock_values->timer_status == ODK_CLOCK_TIMER_STATUS_LICENSE_INACTIVE) {
nonce_values->api_major_version = 15;
nonce_values->api_major_version = ODK_FIRST_VERSION - 1;
}
if (nonce_values->api_major_version < 16) {
if (nonce_values->api_major_version < ODK_FIRST_VERSION) {
*core_message_size = 0;
return OEMCrypto_SUCCESS;
}
@@ -270,12 +270,28 @@ OEMCryptoResult ODK_ParseLicense(
return err;
}
/* This function should not be used for legacy licenses. */
if (license_response.request.core_message.nonce_values.api_major_version !=
ODK_MAJOR_VERSION) {
/* We do not support future API version. Also, this function should not be
* used for legacy licenses. */
if (license_response.request.core_message.nonce_values.api_major_version >
ODK_MAJOR_VERSION ||
license_response.request.core_message.nonce_values.api_major_version <
ODK_FIRST_VERSION) {
return ODK_UNSUPPORTED_API;
}
/* If the server sent us an older format, record the license's API version. */
if (nonce_values->api_major_version >
license_response.request.core_message.nonce_values.api_major_version) {
nonce_values->api_major_version =
license_response.request.core_message.nonce_values.api_major_version;
nonce_values->api_minor_version =
license_response.request.core_message.nonce_values.api_minor_version;
} else if (nonce_values->api_minor_version >
license_response.request.core_message.nonce_values
.api_minor_version) {
nonce_values->api_minor_version =
license_response.request.core_message.nonce_values.api_minor_version;
}
/* If the license has a provider session token (pst), then OEMCrypto should
* have a usage entry loaded. The opposite is also an error. */
if ((usage_entry_present && parsed_license->pst.length == 0) ||
@@ -302,7 +318,7 @@ OEMCryptoResult ODK_ParseLicense(
* OEMCrypto stores a hash of the core license request and only signs the
* message body. Here, when we process the license response, we verify that
* the server has the same hash of the core request. */
if (initial_license_load &&
if (initial_license_load && parsed_license->nonce_required &&
crypto_memcmp(request_hash, license_response.request_hash,
ODK_SHA256_HASH_SIZE)) {
return ODK_ERROR_CORE_MESSAGE;