Merge cdm changes to android repo

Bug: 251924225
Test: GtsMediaTestCases
Change-Id: I1b4e64c0abf701fe1f5017f14dc72b72c3ea6770

libwvdrmengine/oemcrypto/odk/include/OEMCryptoCENCCommon.h

@@ -120,6 +120,11 @@ typedef enum OEMCrypto_Usage_Entry_Status {
   kInactiveUnused = 4,
 } OEMCrypto_Usage_Entry_Status;
 
+typedef enum OEMCrypto_ProvisioningRenewalType {
+  OEMCrypto_NoRenewal = 0,
+  OEMCrypto_RenewalACert = 1,
+} OEMCrypto_ProvisioningRenewalType;
+
 /**
  *  OEMCrypto_LicenseType is used in the license message to indicate if the key
  *  objects are for content keys, or for entitlement keys.
@@ -134,6 +139,7 @@ typedef enum OEMCrypto_LicenseType {
 typedef enum OEMCrypto_PrivateKeyType {
   OEMCrypto_RSA_Private_Key = 0,
   OEMCrypto_ECC_Private_Key = 1,
+  OEMCrypto_PrivateKeyType_MaxValue = OEMCrypto_ECC_Private_Key,
 } OEMCrypto_PrivateKeyType;
 
 /**

libwvdrmengine/oemcrypto/odk/include/core_message_deserialize.h

@@ -55,6 +55,18 @@ bool CoreProvisioningRequestFromMessage(
     const std::string& oemcrypto_core_message,
     ODK_ProvisioningRequest* core_provisioning_request);
 
+/**
+ * Counterpart (deserializer) of ODK_PrepareCoreRenewedProvisioningRequest
+ * (serializer)
+ *
+ * Parameters:
+ *   [in] oemcrypto_core_message
+ *   [out] core_provisioning_request
+ */
+bool CoreRenewedProvisioningRequestFromMessage(
+    const std::string& oemcrypto_core_message,
+    ODK_ProvisioningRequest* core_provisioning_request);
+
 /**
  * Serializer counterpart is not used and is therefore not implemented.
  *

libwvdrmengine/oemcrypto/odk/include/core_message_features.h

@@ -25,10 +25,9 @@ struct CoreMessageFeatures {
 
   // This is the published version of the ODK Core Message library. The default
   // behavior is for the server to restrict messages to at most this version
-  // number. The default is 16.5, the last version used by Chrome. This will
-  // change to 17.0 when v17 has been released.
+  // number. The default is 17.2.
   uint32_t maximum_major_version = 17;
-  uint32_t maximum_minor_version = 0;
+  uint32_t maximum_minor_version = 2;
 
   bool operator==(const CoreMessageFeatures &other) const;
   bool operator!=(const CoreMessageFeatures &other) const {

libwvdrmengine/oemcrypto/odk/include/core_message_types.h

@@ -96,7 +96,8 @@ struct ODK_RenewalRequest {
 };
 
 /**
- * Output structure for CoreProvisioningRequestFromMessage
+ * Output structure for CoreProvisioningRequestFromMessage and
+ * CoreRenewedProvisioningRequestFromMessage
  * Input structure for CreateCoreProvisioningResponse
  */
 struct ODK_ProvisioningRequest {
@@ -105,6 +106,8 @@ struct ODK_ProvisioningRequest {
   uint32_t nonce;
   uint32_t session_id;
   std::string device_id;
+  uint16_t renewal_type;
+  std::string renewal_data;
 };
 
 }  // namespace oemcrypto_core_message

libwvdrmengine/oemcrypto/odk/include/odk.h

@@ -326,7 +326,7 @@ OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message,
  * OEMCrypto_GetDeviceID. The device ID shall be unique to the device, and
  * stable across reboots and factory resets for an L1 device.
  *
- * NOTE: if the message pointer is null and/or input core_message_size is
+ * NOTE: if the message pointer is null and/or input core_message_length is
  * zero, this function returns OEMCrypto_ERROR_SHORT_BUFFER and sets output
  * core_message_size to the size needed.
  *
@@ -351,10 +351,56 @@ OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message,
  * This method is new in version 16 of the API.
  */
 OEMCryptoResult ODK_PrepareCoreProvisioningRequest(
-    uint8_t* message, size_t message_length, size_t* core_message_size,
+    uint8_t* message, size_t message_length, size_t* core_message_length,
     const ODK_NonceValues* nonce_values, const uint8_t* device_id,
     size_t device_id_length);
 
+/**
+ * Modifies the message to include a core renewal provisioning request at the
+ * beginning of the message buffer. The values in nonce_values are used to
+ * populate the message.
+ *
+ * This shall be called by OEMCrypto from
+ * OEMCrypto_PrepAndSignProvisioningRequest.
+ *
+ * The buffer device_id shall be the same string returned by
+ * OEMCrypto_GetDeviceID. The device ID shall be unique to the device, and
+ * stable across reboots and factory resets for an L1 device.
+ *
+ * NOTE: if the message pointer is null and/or input core_message_length is
+ * zero, this function returns OEMCrypto_ERROR_SHORT_BUFFER and sets output
+ * core_message_size to the size needed.
+ *
+ * @param[in,out] message: pointer to memory for the entire message. Modified by
+ *       the ODK library.
+ * @param[in] message_length: length of the entire message buffer.
+ * @param[in,out] core_message_size: length of the core message at the beginning
+ *       of the message. (in) size of buffer reserved for the core message, in
+ *       bytes. (out) actual length of the core message, in bytes.
+ * @param[in] nonce_values: pointer to the session's nonce data.
+ * @param[in] device_id: For devices with a keybox, this is the device ID from
+ *       the keybox. For devices with an OEM Certificate, this is a device
+ *       unique id string.
+ * @param[in] device_id_length: length of device_id. The device ID can be at
+ *       most 64 bytes.
+ * @param[in] renewal_type: type of renewal used
+ * @param[in] renewal_data: renewal data used. For renewal_type = 1,
+ *       renewal_data is the Android attestation batch certificate.
+ * @param[in] renewal_data_length: length of renewal_data
+ *
+ * @retval OEMCrypto_SUCCESS
+ * @retval OEMCrypto_ERROR_SHORT_BUFFER: core_message_size is too small
+ * @retval OEMCrypto_ERROR_INVALID_CONTEXT
+ *
+ * @version
+ * This method is new in version 17 of the API.
+ */
+OEMCryptoResult ODK_PrepareCoreRenewedProvisioningRequest(
+    uint8_t* message, size_t message_length, size_t* core_message_length,
+    const ODK_NonceValues* nonce_values, const uint8_t* device_id,
+    size_t device_id_length, uint16_t renewal_type, const uint8_t* renewal_data,
+    size_t renewal_data_length);
+
 /// @}
 
 /// @addtogroup odk_timer

libwvdrmengine/oemcrypto/odk/include/odk_message.h

@@ -36,10 +36,12 @@ extern "C" {
 
 #if defined(__GNUC__) || defined(__clang__)
 #define ALIGNED __attribute__((aligned))
+#elif _MSC_VER
+#define ALIGNED __declspec(align(8))
 #else
 #define ALIGNED
 #error ODK_Message must be aligned to the maximum useful alignment of the \
-  machine you are compiling for. Define the ALIGNED macro accordingly.
+    machine you are compiling for. Define the ALIGNED macro accordingly.
 #endif
 
 typedef struct {
@@ -48,19 +50,19 @@ typedef struct {
 } ALIGNED ODK_Message;
 
 typedef enum {
-  MESSAGE_STATUS_OK = 0xe937fcf7,
-  MESSAGE_STATUS_UNKNOWN_ERROR = 0xe06c1190,
-  MESSAGE_STATUS_OVERFLOW_ERROR = 0xc43ae4bc,
+  MESSAGE_STATUS_OK = 0x7937fcf7,
+  MESSAGE_STATUS_UNKNOWN_ERROR = 0x706c1190,
+  MESSAGE_STATUS_OVERFLOW_ERROR = 0x543ae4bc,
   MESSAGE_STATUS_UNDERFLOW_ERROR = 0x7123cd0b,
   MESSAGE_STATUS_PARSE_ERROR = 0x0b9f6189,
   MESSAGE_STATUS_NULL_POINTER_ERROR = 0x2d66837a,
   MESSAGE_STATUS_API_VALUE_ERROR = 0x6ba34f47,
-  MESSAGE_STATUS_END_OF_MESSAGE_ERROR = 0x998db72a,
-  MESSAGE_STATUS_INVALID_ENUM_VALUE = 0xedb88197,
+  MESSAGE_STATUS_END_OF_MESSAGE_ERROR = 0x798db72a,
+  MESSAGE_STATUS_INVALID_ENUM_VALUE = 0x7db88197,
   MESSAGE_STATUS_INVALID_TAG_ERROR = 0x14dce06a,
   MESSAGE_STATUS_NOT_INITIALIZED = 0x2990b6c6,
-  MESSAGE_STATUS_OUT_OF_MEMORY = 0xfc5c64cc,
-  MESSAGE_STATUS_MAP_SHARED_MEMORY_FAILED = 0xfafecacf,
+  MESSAGE_STATUS_OUT_OF_MEMORY = 0x7c5c64cc,
+  MESSAGE_STATUS_MAP_SHARED_MEMORY_FAILED = 0x7afecacf,
   MESSAGE_STATUS_SECURE_BUFFER_ERROR = 0x78f0e873
 } ODK_MessageStatus;
 

libwvdrmengine/oemcrypto/odk/include/odk_structs.h

@@ -16,10 +16,10 @@ extern "C" {
 
 /* The version of this library. */
 #define ODK_MAJOR_VERSION 17
-#define ODK_MINOR_VERSION 0
+#define ODK_MINOR_VERSION 2
 
 /* ODK Version string. Date changed automatically on each release. */
-#define ODK_RELEASE_DATE "ODK v17.0 2022-05-06"
+#define ODK_RELEASE_DATE "ODK v17.2 2022-08-10"
 
 /* The lowest version number for an ODK message. */
 #define ODK_FIRST_VERSION 16
@@ -27,6 +27,7 @@ extern "C" {
 /* Some useful constants. */
 #define ODK_DEVICE_ID_LEN_MAX 64
 #define ODK_SHA256_HASH_SIZE 32
+#define ODK_KEYBOX_RENEWAL_DATA_SIZE 1600
 
 /// @addtogroup odk_timer
 /// @{

libwvdrmengine/oemcrypto/odk/src/core_message_deserialize.cpp

@@ -10,6 +10,7 @@
 #include <cstring>
 #include <string>
 
+#include "OEMCryptoCENCCommon.h"
 #include "odk_serialize.h"
 #include "odk_structs.h"
 #include "odk_structs_priv.h"
@@ -52,6 +53,7 @@ bool ParseRequest(uint32_t message_type,
   core_request->api_minor_version = core_message.nonce_values.api_minor_version;
   core_request->nonce = core_message.nonce_values.nonce;
   core_request->session_id = core_message.nonce_values.session_id;
+
   // Verify that the minor version matches the released version for the given
   // major version.
   if (core_request->api_major_version < ODK_FIRST_VERSION) {
@@ -68,10 +70,13 @@ bool ParseRequest(uint32_t message_type,
   // For v16, a release and a renewal use the same message structure.
   // However, for future API versions, the release might be a separate
   // message. Otherwise, we expect an exact match of message types.
+  // A provisioning request may contain a renewed provisioning message.
   if (message_type != ODK_Common_Request_Type &&
       core_message.message_type != message_type &&
       !(message_type == ODK_Renewal_Request_Type &&
-        core_message.message_type == ODK_Release_Request_Type)) {
+        core_message.message_type == ODK_Release_Request_Type) &&
+      !(message_type == ODK_Provisioning_Request_Type &&
+        core_message.message_type == ODK_Renewed_Provisioning_Request_Type)) {
     return false;
   }
   // Verify that the amount of buffer we read, which is GetOffset, is not more
@@ -125,6 +130,42 @@ bool CoreProvisioningRequestFromMessage(
   }
   core_provisioning_request->device_id.assign(
       reinterpret_cast<const char*>(device_id), device_id_length);
+  core_provisioning_request->renewal_type = OEMCrypto_NoRenewal;
+  core_provisioning_request->renewal_data.clear();
+  return true;
+}
+
+bool CoreRenewedProvisioningRequestFromMessage(
+    const std::string& oemcrypto_core_message,
+    ODK_ProvisioningRequest* core_provisioning_request) {
+  const auto unpacker = Unpack_ODK_PreparedRenewedProvisioningRequest;
+  ODK_PreparedRenewedProvisioningRequest prepared_provision = {};
+  if (!ParseRequest(ODK_Renewed_Provisioning_Request_Type,
+                    oemcrypto_core_message, core_provisioning_request,
+                    &prepared_provision, unpacker)) {
+    return false;
+  }
+  const uint8_t* device_id = prepared_provision.device_id;
+  const uint32_t device_id_length = prepared_provision.device_id_length;
+  if (device_id_length > ODK_DEVICE_ID_LEN_MAX) {
+    return false;
+  }
+  uint8_t zero[ODK_DEVICE_ID_LEN_MAX] = {};
+  if (memcmp(zero, device_id + device_id_length,
+             ODK_DEVICE_ID_LEN_MAX - device_id_length)) {
+    return false;
+  }
+  core_provisioning_request->device_id.assign(
+      reinterpret_cast<const char*>(device_id), device_id_length);
+
+  if (prepared_provision.renewal_data_length >
+      sizeof(prepared_provision.renewal_data)) {
+    return false;
+  }
+  core_provisioning_request->renewal_type = OEMCrypto_RenewalACert;
+  core_provisioning_request->renewal_data.assign(
+      reinterpret_cast<const char*>(prepared_provision.renewal_data),
+      prepared_provision.renewal_data_length);
   return true;
 }
 

libwvdrmengine/oemcrypto/odk/src/core_message_features.cpp

@@ -23,7 +23,7 @@ CoreMessageFeatures CoreMessageFeatures::DefaultFeatures(
       features.maximum_minor_version = 5;  // 16.5
       break;
     case 17:
-      features.maximum_minor_version = 0;  // 17.0
+      features.maximum_minor_version = 2;  // 17.2
       break;
     default:
       features.maximum_minor_version = 0;

libwvdrmengine/oemcrypto/odk/src/core_message_serialize.cpp

@@ -148,7 +148,8 @@ bool CreateCoreLicenseResponse(const CoreMessageFeatures& features,
         license_response.parsed_license->key_array_length;
     uint32_t i;
     for (i = 0; i < license_response_v16.parsed_license.key_array_length &&
-                i < license_response.parsed_license->key_array_length; i++) {
+                i < license_response.parsed_license->key_array_length;
+         i++) {
       license_response_v16.parsed_license.key_array[i] =
           license_response.parsed_license->key_array[i];
     }

libwvdrmengine/oemcrypto/odk/src/odk.c

@@ -72,6 +72,17 @@ static OEMCryptoResult ODK_PrepareRequest(
           &msg, (ODK_PreparedProvisioningRequest*)prepared_request_buffer);
       break;
     }
+    case ODK_Renewed_Provisioning_Request_Type: {
+      core_message->message_length = ODK_RENEWED_PROVISIONING_REQUEST_SIZE;
+      if (sizeof(ODK_PreparedRenewedProvisioningRequest) >
+          prepared_request_buffer_length) {
+        return ODK_ERROR_CORE_MESSAGE;
+      }
+      Pack_ODK_PreparedRenewedProvisioningRequest(
+          &msg,
+          (ODK_PreparedRenewedProvisioningRequest*)prepared_request_buffer);
+      break;
+    }
     default: {
       return ODK_ERROR_CORE_MESSAGE;
     }
@@ -238,6 +249,37 @@ OEMCryptoResult ODK_PrepareCoreProvisioningRequest(
                             sizeof(ODK_PreparedProvisioningRequest));
 }
 
+OEMCryptoResult ODK_PrepareCoreRenewedProvisioningRequest(
+    uint8_t* message, size_t message_length, size_t* core_message_length,
+    const ODK_NonceValues* nonce_values, const uint8_t* device_id,
+    size_t device_id_length, uint16_t renewal_type, const uint8_t* renewal_data,
+    size_t renewal_data_length) {
+  if (core_message_length == NULL || nonce_values == NULL) {
+    return ODK_ERROR_CORE_MESSAGE;
+  }
+  ODK_PreparedRenewedProvisioningRequest provisioning_request = {0};
+  if (device_id_length > sizeof(provisioning_request.device_id)) {
+    return ODK_ERROR_CORE_MESSAGE;
+  }
+  provisioning_request.device_id_length = (uint32_t)device_id_length;
+  if (device_id) {
+    memcpy(provisioning_request.device_id, device_id, device_id_length);
+  }
+  if (renewal_data_length > sizeof(provisioning_request.renewal_data)) {
+    return ODK_ERROR_CORE_MESSAGE;
+  }
+  provisioning_request.renewal_type = renewal_type;
+  provisioning_request.renewal_data_length = (uint32_t)renewal_data_length;
+  if (renewal_data) {
+    memcpy(provisioning_request.renewal_data, renewal_data,
+           renewal_data_length);
+  }
+  return ODK_PrepareRequest(message, message_length, core_message_length,
+                            ODK_Renewed_Provisioning_Request_Type, nonce_values,
+                            &provisioning_request,
+                            sizeof(provisioning_request));
+}
+
 /* @@ parse response functions */
 
 OEMCryptoResult ODK_ParseLicense(

libwvdrmengine/oemcrypto/odk/src/odk_endian.h

@@ -25,6 +25,14 @@ extern "C" {
 #define oemcrypto_be32toh OSSwapBigToHostInt32
 #define oemcrypto_htobe64 OSSwapHostToBigInt64
 #define oemcrypto_be64toh OSSwapBigToHostInt64
+#elif defined(_WIN32)
+#include <winsock2.h>
+#define oemcrypto_htobe16 htons
+#define oemcrypto_be16toh ntohs
+#define oemcrypto_htobe32 htonl
+#define oemcrypto_be32toh ntohl
+#define oemcrypto_htobe64 htonll
+#define oemcrypto_be64toh ntohll
 #else  /* defined(__linux__) || defined(__ANDROID__) */
 uint32_t oemcrypto_htobe16(uint16_t u16);
 uint32_t oemcrypto_be16toh(uint16_t u16);

libwvdrmengine/oemcrypto/odk/src/odk_serialize.c

@@ -128,12 +128,22 @@ void Pack_ODK_PreparedRenewalRequest(ODK_Message* msg,
 }
 
 void Pack_ODK_PreparedProvisioningRequest(
-    ODK_Message* msg, ODK_PreparedProvisioningRequest const* obj) {
+    ODK_Message* msg, const ODK_PreparedProvisioningRequest* obj) {
   Pack_ODK_CoreMessage(msg, &obj->core_message);
   Pack_uint32_t(msg, &obj->device_id_length);
   PackArray(msg, &obj->device_id[0], sizeof(obj->device_id));
 }
 
+void Pack_ODK_PreparedRenewedProvisioningRequest(
+    ODK_Message* msg, const ODK_PreparedRenewedProvisioningRequest* obj) {
+  Pack_ODK_CoreMessage(msg, &obj->core_message);
+  Pack_uint32_t(msg, &obj->device_id_length);
+  PackArray(msg, &obj->device_id[0], sizeof(obj->device_id));
+  Pack_uint16_t(msg, &obj->renewal_type);
+  Pack_uint32_t(msg, &obj->renewal_data_length);
+  PackArray(msg, &obj->renewal_data[0], sizeof(obj->renewal_data));
+}
+
 /* @@ kdo serialize */
 
 void Pack_ODK_LicenseResponse(ODK_Message* msg,
@@ -156,7 +166,7 @@ void Pack_ODK_RenewalResponse(ODK_Message* msg,
 }
 
 void Pack_ODK_ProvisioningResponse(ODK_Message* msg,
-                                   ODK_ProvisioningResponse const* obj) {
+                                   const ODK_ProvisioningResponse* obj) {
   Pack_ODK_PreparedProvisioningRequest(msg, &obj->request);
   Pack_ODK_ParsedProvisioning(
       msg, (const ODK_ParsedProvisioning*)obj->parsed_provisioning);
@@ -202,7 +212,7 @@ static void Unpack_ODK_ParsedLicense(ODK_Message* msg, ODK_ParsedLicense* obj) {
   Unpack_OEMCrypto_Substring(msg, &obj->enc_mac_keys);
   Unpack_OEMCrypto_Substring(msg, &obj->pst);
   Unpack_OEMCrypto_Substring(msg, &obj->srm_restriction_data);
-  obj->license_type = (OEMCrypto_LicenseType)Unpack_enum(msg);
+  Unpack_OEMCrypto_LicenseType(msg, &obj->license_type);
   Unpack_bool(msg, &obj->nonce_required);
   Unpack_ODK_TimerLimits(msg, &obj->timer_limits);
   Unpack_uint32_t(msg, &obj->watermarking);
@@ -260,7 +270,7 @@ static void Unpack_ODK_ParsedLicenseV16(ODK_Message* msg,
   Unpack_OEMCrypto_Substring(msg, &obj->enc_mac_keys);
   Unpack_OEMCrypto_Substring(msg, &obj->pst);
   Unpack_OEMCrypto_Substring(msg, &obj->srm_restriction_data);
-  obj->license_type = (OEMCrypto_LicenseType)Unpack_enum(msg);
+  Unpack_OEMCrypto_LicenseType(msg, &obj->license_type);
   Unpack_bool(msg, &obj->nonce_required);
   Unpack_ODK_TimerLimits(msg, &obj->timer_limits);
   Unpack_uint32_t(msg, &obj->key_array_length);
@@ -276,7 +286,7 @@ static void Unpack_ODK_ParsedLicenseV16(ODK_Message* msg,
 
 static void Unpack_ODK_ParsedProvisioning(ODK_Message* msg,
                                           ODK_ParsedProvisioning* obj) {
-  obj->key_type = (OEMCrypto_PrivateKeyType)Unpack_enum(msg);
+  Unpack_OEMCrypto_PrivateKeyType(msg, &obj->key_type);
   Unpack_OEMCrypto_Substring(msg, &obj->enc_private_key);
   Unpack_OEMCrypto_Substring(msg, &obj->enc_private_key_iv);
   Unpack_OEMCrypto_Substring(msg, &obj->encrypted_message_key);
@@ -302,6 +312,16 @@ void Unpack_ODK_PreparedProvisioningRequest(
   UnpackArray(msg, &obj->device_id[0], sizeof(obj->device_id));
 }
 
+void Unpack_ODK_PreparedRenewedProvisioningRequest(
+    ODK_Message* msg, ODK_PreparedRenewedProvisioningRequest* obj) {
+  Unpack_ODK_CoreMessage(msg, &obj->core_message);
+  Unpack_uint32_t(msg, &obj->device_id_length);
+  UnpackArray(msg, &obj->device_id[0], sizeof(obj->device_id));
+  Unpack_uint16_t(msg, &obj->renewal_type);
+  Unpack_uint32_t(msg, &obj->renewal_data_length);
+  UnpackArray(msg, &obj->renewal_data[0], obj->renewal_data_length);
+}
+
 void Unpack_ODK_PreparedCommonRequest(ODK_Message* msg,
                                       ODK_PreparedCommonRequest* obj) {
   Unpack_ODK_CoreMessage(msg, &obj->core_message);

libwvdrmengine/oemcrypto/odk/src/odk_serialize.h

@@ -22,6 +22,8 @@ void Pack_ODK_PreparedRenewalRequest(ODK_Message* msg,
                                      const ODK_PreparedRenewalRequest* obj);
 void Pack_ODK_PreparedProvisioningRequest(
     ODK_Message* msg, const ODK_PreparedProvisioningRequest* obj);
+void Pack_ODK_PreparedRenewedProvisioningRequest(
+    ODK_Message* msg, const ODK_PreparedRenewedProvisioningRequest* obj);
 
 /* odk unpack */
 void Unpack_ODK_CoreMessage(ODK_Message* msg, ODK_CoreMessage* obj);
@@ -47,6 +49,8 @@ void Unpack_ODK_PreparedRenewalRequest(ODK_Message* msg,
                                        ODK_PreparedRenewalRequest* obj);
 void Unpack_ODK_PreparedProvisioningRequest(
     ODK_Message* msg, ODK_PreparedProvisioningRequest* obj);
+void Unpack_ODK_PreparedRenewedProvisioningRequest(
+    ODK_Message* msg, ODK_PreparedRenewedProvisioningRequest* obj);
 
 void Unpack_ODK_PreparedCommonRequest(ODK_Message* msg,
                                       ODK_PreparedCommonRequest* obj);

libwvdrmengine/oemcrypto/odk/src/odk_structs_priv.h

@@ -24,6 +24,7 @@ typedef uint32_t ODK_MessageType;
 #define ODK_Renewal_Response_Type ((ODK_MessageType)4u)
 #define ODK_Provisioning_Request_Type ((ODK_MessageType)5u)
 #define ODK_Provisioning_Response_Type ((ODK_MessageType)6u)
+#define ODK_Renewed_Provisioning_Request_Type ((ODK_MessageType)11u)
 
 // Reserve future message types to support forward compatibility.
 #define ODK_Release_Request_Type ((ODK_MessageType)7u)
@@ -52,6 +53,15 @@ typedef struct {
   uint8_t device_id[ODK_DEVICE_ID_LEN_MAX];
 } ODK_PreparedProvisioningRequest;
 
+typedef struct {
+  ODK_CoreMessage core_message;
+  uint32_t device_id_length;
+  uint8_t device_id[ODK_DEVICE_ID_LEN_MAX];
+  uint16_t renewal_type;
+  uint32_t renewal_data_length;
+  uint8_t renewal_data[ODK_KEYBOX_RENEWAL_DATA_SIZE];
+} ODK_PreparedRenewedProvisioningRequest;
+
 typedef struct {
   ODK_CoreMessage core_message;
 } ODK_PreparedCommonRequest;
@@ -96,6 +106,7 @@ typedef struct {
 #define ODK_LICENSE_REQUEST_SIZE 20u
 #define ODK_RENEWAL_REQUEST_SIZE 28u
 #define ODK_PROVISIONING_REQUEST_SIZE 88u
+#define ODK_RENEWED_PROVISIONING_REQUEST_SIZE 1694u
 
 // These are the possible timer status values.
 #define ODK_CLOCK_TIMER_STATUS_UNDEFINED 0u  // Should not happen.

libwvdrmengine/oemcrypto/odk/src/serialization_base.c

@@ -38,7 +38,7 @@ static void PackBytes(ODK_Message* message, const uint8_t* ptr, size_t count) {
 }
 
 void Pack_enum(ODK_Message* message, int value) {
-  uint32_t v32 = value;
+  uint32_t v32 = (uint32_t)value;
   Pack_uint32_t(message, &v32);
 }
 
@@ -108,10 +108,28 @@ static void UnpackBytes(ODK_Message* message, uint8_t* ptr, size_t count) {
   }
 }
 
-int Unpack_enum(ODK_Message* message) {
-  uint32_t v32;
+void Unpack_OEMCrypto_LicenseType(ODK_Message* message,
+                                  OEMCrypto_LicenseType* value) {
+  assert(value);
+  uint32_t v32 = 0;
   Unpack_uint32_t(message, &v32);
-  return (int)v32;
+  if (v32 <= OEMCrypto_LicenseType_MaxValue) {
+    *value = (OEMCrypto_LicenseType)v32;
+  } else {
+    ODK_Message_SetStatus(message, MESSAGE_STATUS_PARSE_ERROR);
+  }
+}
+
+void Unpack_OEMCrypto_PrivateKeyType(ODK_Message* message,
+                                     OEMCrypto_PrivateKeyType* value) {
+  assert(value);
+  uint32_t v32 = 0;
+  Unpack_uint32_t(message, &v32);
+  if (v32 <= OEMCrypto_PrivateKeyType_MaxValue) {
+    *value = (OEMCrypto_PrivateKeyType)v32;
+  } else {
+    ODK_Message_SetStatus(message, MESSAGE_STATUS_PARSE_ERROR);
+  }
 }
 
 void Unpack_bool(ODK_Message* message, bool* value) {

libwvdrmengine/oemcrypto/odk/src/serialization_base.h

@@ -25,7 +25,10 @@ void PackArray(ODK_Message* message, const uint8_t* base, size_t size);
 void Pack_OEMCrypto_Substring(ODK_Message* message,
                               const OEMCrypto_Substring* obj);
 
-int Unpack_enum(ODK_Message* message);
+void Unpack_OEMCrypto_LicenseType(ODK_Message* message,
+                                  OEMCrypto_LicenseType* value);
+void Unpack_OEMCrypto_PrivateKeyType(ODK_Message* message,
+                                     OEMCrypto_PrivateKeyType* value);
 void Unpack_bool(ODK_Message* message, bool* value);
 void Unpack_uint8_t(ODK_Message* message, uint8_t* value);
 void Unpack_uint16_t(ODK_Message* message, uint16_t* value);

libwvdrmengine/oemcrypto/odk/test/odk_test.cpp

@@ -28,6 +28,8 @@ using oemcrypto_core_message::ODK_RenewalRequest;
 using oemcrypto_core_message::deserialize::CoreLicenseRequestFromMessage;
 using oemcrypto_core_message::deserialize::CoreProvisioningRequestFromMessage;
 using oemcrypto_core_message::deserialize::CoreRenewalRequestFromMessage;
+using oemcrypto_core_message::deserialize::
+    CoreRenewedProvisioningRequestFromMessage;
 
 using oemcrypto_core_message::features::CoreMessageFeatures;
 
@@ -271,6 +273,35 @@ TEST(OdkTest, NullRequestTest) {
             ODK_PrepareCoreProvisioningRequest(
                 message, ODK_PROVISIONING_REQUEST_SIZE, &core_message_length,
                 &nonce_values, nullptr, 0uL));
+
+  EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
+            ODK_PrepareCoreRenewedProvisioningRequest(
+                nullptr, 0uL, &core_message_length, nullptr, nullptr, 0uL,
+                OEMCrypto_RenewalACert, nullptr, 0uL));
+  EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
+            ODK_PrepareCoreRenewedProvisioningRequest(
+                nullptr, 0uL, nullptr, &nonce_values, nullptr, 0uL,
+                OEMCrypto_RenewalACert, nullptr, 0uL));
+
+  // Null device id in renewed provisioning request is ok
+  uint8_t renewed_message[ODK_RENEWED_PROVISIONING_REQUEST_SIZE] = {0};
+  uint8_t renewal_data[ODK_KEYBOX_RENEWAL_DATA_SIZE] = {0};
+  uint32_t renewal_data_length = ODK_KEYBOX_RENEWAL_DATA_SIZE;
+  core_message_length = ODK_RENEWED_PROVISIONING_REQUEST_SIZE;
+  EXPECT_EQ(OEMCrypto_SUCCESS,
+            ODK_PrepareCoreRenewedProvisioningRequest(
+                renewed_message, ODK_RENEWED_PROVISIONING_REQUEST_SIZE,
+                &core_message_length, &nonce_values, nullptr, 0uL,
+                OEMCrypto_RenewalACert, renewal_data, renewal_data_length));
+
+  // Null renewal data in renewed provisioning request is ok
+  uint8_t device_id[ODK_DEVICE_ID_LEN_MAX] = {0};
+  uint32_t device_id_length = ODK_DEVICE_ID_LEN_MAX;
+  core_message_length = ODK_RENEWED_PROVISIONING_REQUEST_SIZE;
+  ODK_PrepareCoreRenewedProvisioningRequest(
+      renewed_message, ODK_RENEWED_PROVISIONING_REQUEST_SIZE,
+      &core_message_length, &nonce_values, device_id, device_id_length,
+      OEMCrypto_RenewalACert, nullptr, 0uL);
 }
 
 TEST(OdkTest, NullResponseTest) {
@@ -423,6 +454,21 @@ TEST(OdkTest, PrepareCoreProvisioningRequest) {
           &core_message_length, &nonce_values, device_id, sizeof(device_id)));
 }
 
+TEST(OdkTest, PrepareCoreRenewedProvisioningRequest) {
+  uint8_t provisioning_message[ODK_RENEWED_PROVISIONING_REQUEST_SIZE] = {0};
+  size_t core_message_length = sizeof(provisioning_message);
+  ODK_NonceValues nonce_values;
+  memset(&nonce_values, 0, sizeof(nonce_values));
+  uint8_t device_id[ODK_DEVICE_ID_LEN_MAX] = {0};
+  uint8_t renewal_data[ODK_KEYBOX_RENEWAL_DATA_SIZE] = {0};
+  EXPECT_EQ(
+      OEMCrypto_SUCCESS,
+      ODK_PrepareCoreRenewedProvisioningRequest(
+          provisioning_message, sizeof(provisioning_message),
+          &core_message_length, &nonce_values, device_id, sizeof(device_id),
+          OEMCrypto_RenewalACert, renewal_data, sizeof(renewal_data)));
+}
+
 TEST(OdkTest, PrepareCoreProvisioningRequestDeviceId) {
   uint8_t provisioning_message[ODK_PROVISIONING_REQUEST_SIZE] = {0};
   size_t core_message_length = sizeof(provisioning_message);
@@ -436,6 +482,36 @@ TEST(OdkTest, PrepareCoreProvisioningRequestDeviceId) {
                 sizeof(device_id_invalid)));
 }
 
+TEST(OdkTest, PrepareCoreRenewedProvisioningRequestDeviceId) {
+  uint8_t provisioning_message[ODK_PROVISIONING_REQUEST_SIZE] = {0};
+  size_t core_message_length = sizeof(provisioning_message);
+  ODK_NonceValues nonce_values;
+  memset(&nonce_values, 0, sizeof(nonce_values));
+  uint8_t device_id_invalid[ODK_DEVICE_ID_LEN_MAX + 1] = {0};
+  uint8_t renewal_data[ODK_KEYBOX_RENEWAL_DATA_SIZE] = {0};
+  EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
+            ODK_PrepareCoreRenewedProvisioningRequest(
+                provisioning_message, sizeof(provisioning_message),
+                &core_message_length, &nonce_values, device_id_invalid,
+                sizeof(device_id_invalid), OEMCrypto_RenewalACert, renewal_data,
+                sizeof(renewal_data)));
+}
+
+TEST(OdkTest, PrepareCoreRenewedProvisioningRequestRenewalDataInvalid) {
+  uint8_t provisioning_message[ODK_PROVISIONING_REQUEST_SIZE] = {0};
+  size_t core_message_length = sizeof(provisioning_message);
+  ODK_NonceValues nonce_values;
+  memset(&nonce_values, 0, sizeof(nonce_values));
+  uint8_t device_id[ODK_DEVICE_ID_LEN_MAX] = {0};
+  uint8_t renewal_data_invalid[ODK_KEYBOX_RENEWAL_DATA_SIZE + 1] = {0};
+  EXPECT_EQ(ODK_ERROR_CORE_MESSAGE,
+            ODK_PrepareCoreRenewedProvisioningRequest(
+                provisioning_message, sizeof(provisioning_message),
+                &core_message_length, &nonce_values, device_id,
+                sizeof(device_id), OEMCrypto_RenewalACert, renewal_data_invalid,
+                sizeof(renewal_data_invalid)));
+}
+
 // Serialize and de-serialize license request
 TEST(OdkTest, LicenseRequestRoundtrip) {
   std::vector<ODK_Field> empty;
@@ -498,6 +574,39 @@ TEST(OdkTest, ProvisionRequestRoundtrip) {
                                            kdo_parse_func);
 }
 
+TEST(OdkTest, RenewedProvisionRequestRoundtrip) {
+  uint32_t device_id_length = ODK_DEVICE_ID_LEN_MAX / 2;
+  uint8_t device_id[ODK_DEVICE_ID_LEN_MAX] = {0};
+  memset(device_id, 0xff, device_id_length);
+  uint16_t renewal_type = OEMCrypto_RenewalACert;
+  uint32_t renewal_data_length = ODK_KEYBOX_RENEWAL_DATA_SIZE / 2;
+  uint8_t renewal_data[ODK_KEYBOX_RENEWAL_DATA_SIZE] = {0};
+  memset(renewal_data, 0xff, renewal_data_length);
+  std::vector<ODK_Field> extra_fields = {
+      {ODK_UINT32, &device_id_length, "device_id_length"},
+      {ODK_DEVICEID, device_id, "device_id"},
+      {ODK_UINT16, &renewal_type, "renewal_type"},
+      {ODK_UINT32, &renewal_data_length, "renewal_data_length"},
+      {ODK_RENEWALDATA, renewal_data, "renewal_data"},
+  };
+  auto odk_prepare_func = [&](uint8_t* const buf, size_t* size,
+                              const ODK_NonceValues* nonce_values) {
+    return ODK_PrepareCoreRenewedProvisioningRequest(
+        buf, SIZE_MAX, size, nonce_values, device_id, device_id_length,
+        renewal_type, renewal_data, renewal_data_length);
+  };
+  auto kdo_parse_func =
+      [&](const std::string& oemcrypto_core_message,
+          ODK_ProvisioningRequest* core_provisioning_request) {
+        bool ok = CoreRenewedProvisioningRequestFromMessage(
+            oemcrypto_core_message, core_provisioning_request);
+        return ok;
+      };
+  ValidateRequest<ODK_ProvisioningRequest>(
+      ODK_Renewed_Provisioning_Request_Type, extra_fields, odk_prepare_func,
+      kdo_parse_func);
+}
+
 TEST(OdkTest, ParseLicenseErrorNonce) {
   ODK_LicenseResponseParams params;
   ODK_SetDefaultLicenseResponseParams(&params, ODK_MAJOR_VERSION);
@@ -762,6 +871,8 @@ std::vector<VersionParameters> TestCases() {
       {17, 16, 4, 16, 4},
       {17, 16, 5, 16, 5},
       {17, 17, 0, 17, 0},
+      {17, 17, 1, 17, 1},
+      {17, 17, 2, 17, 2},
   };
   return test_cases;
 }

libwvdrmengine/oemcrypto/odk/test/odk_test_helper.cpp

@@ -330,6 +330,8 @@ size_t ODK_FieldLength(ODK_FieldType type) {
       return sizeof(uint32_t) + sizeof(uint32_t);
     case ODK_DEVICEID:
       return ODK_DEVICE_ID_LEN_MAX;
+    case ODK_RENEWALDATA:
+      return ODK_KEYBOX_RENEWAL_DATA_SIZE;
     case ODK_HASH:
       return ODK_SHA256_HASH_SIZE;
     default:
@@ -386,6 +388,7 @@ OEMCryptoResult ODK_WriteSingleField(uint8_t* buf, const ODK_Field* field) {
       break;
     }
     case ODK_DEVICEID:
+    case ODK_RENEWALDATA:
     case ODK_HASH: {
       const size_t field_len = ODK_FieldLength(field->type);
       const uint8_t* const id = static_cast<uint8_t*>(field->value);
@@ -445,6 +448,7 @@ OEMCryptoResult ODK_ReadSingleField(const uint8_t* buf,
       break;
     }
     case ODK_DEVICEID:
+    case ODK_RENEWALDATA:
     case ODK_HASH: {
       const size_t field_len = ODK_FieldLength(field->type);
       uint8_t* const id = static_cast<uint8_t*>(field->value);
@@ -504,6 +508,7 @@ OEMCryptoResult ODK_DumpSingleField(const uint8_t* buf,
       break;
     }
     case ODK_DEVICEID:
+    case ODK_RENEWALDATA:
     case ODK_HASH: {
       const size_t field_len = ODK_FieldLength(field->type);
       std::cerr << field->name << ": ";

libwvdrmengine/oemcrypto/odk/test/odk_test_helper.h

@@ -21,6 +21,7 @@ enum ODK_FieldType {
   ODK_UINT64,
   ODK_SUBSTRING,
   ODK_DEVICEID,
+  ODK_RENEWALDATA,
   ODK_HASH,
   // The "stressable" types are the ones we can put in a stress test that packs
   // and unpacks random data and can expect to get back the same thing.