Implement serialization version checking

Merge from Widevine repo of http://go/wvgerrit/125263 and http://go/wvgerrit/135749 Define a |major.minor| version in the serialization layer and check for compatibility between REE and TEE before accepting connections. bug: 158857733 test: opk_all_tests Change-Id: Iad44a1f50a27c6bca4959c6d41c9b361712dbde8
2021-08-17 04:48:03 +00:00
parent 7cbf3ebf6b
commit b082f3fb0b
3 changed files with 53 additions and 2 deletions
--- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
+++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
@@ -624,10 +624,17 @@ typedef enum OEMCrypto_ProvisioningMethod {
 #define OEMCrypto_MinorAPIVersion             _oecc108
 #define OEMCrypto_AllocateSecureBuffer        _oecc109
 #define OEMCrypto_FreeSecureBuffer            _oecc110
-// Reserved 111-112
+#define OEMCrypto_CreateEntitledKeySession    _oecc111
+#define OEMCrypto_RemoveEntitledKeySession    _oecc112
 #define OEMCrypto_GenerateOTARequest          _oecc113
 #define OEMCrypto_ProcessOTAKeybox            _oecc114
-// Reserved 115-121
+#define OEMCrypto_OPK_SerializationVersion    _oecc115
+#define OEMCrypto_GetBootCertificateChain     _oecc116
+#define OEMCrypto_GenerateCertificateKeyPair  _oecc117
+#define OEMCrypto_InstallOemPrivateKey        _oecc118
+#define OEMCrypto_ReassociateEntitledKeySession _oecc119
+#define OEMCrypto_LoadCasECMKeys              _oecc120
+#define OEMCrypto_LoadEntitledContentKeys_v17 _oecc121  // place holder for v17.
 // clang-format on

 /// @addtogroup initcontrol
@@ -4728,6 +4735,39 @@ OEMCryptoResult OEMCrypto_FreeSecureBuffer(

 /// @}

+/*
+ * OEMCrypto_OPK_SerializationVersion
+ *   Check the serialization protocol version used by the OEMCrypto Porting Kit
+ *   (OPK). If the OPK is not used, this function must return
+ *   OEMCrypto_ERROR_NOT_IMPLEMENTED.  The serialization version is expressed as
+ *   |major.minor|, where |major| and |minor| are integers. The TEE and REE
+ *   serialization versions must match in order for OEMCrypto to communicate
+ *   with the TEE. If the serialization versions do not match, calls to other
+ *   OEMCrypto functions will return OPK_ERROR_INCOMPATIBLE_VERSION. A match is
+ *   achieved if the |major| fields of the TEE and REE versions are the
+ *   same. Differences in only the |minor| fields indicates that the protocols
+ *   are different but are still compatible.
+ *
+ * @param[in,out] ree_major: pointer to memory to receive the REE's |major|
+ *    version. On input, *ree_major may be zero to request the serialization
+ *    version of the REE. If *ree_major is non-zero, this function will test the
+ *    TEE's compatibility using the specified REE major version.
+ * @param[in,out] ree_minor: pointer to memory to receive the REE's |minor|
+ *    version. On input, *ree_minor may be zero to request the serialization
+ *    version of the REE. If *ree_minor is non-zero, this function will test the
+ *    TEE's compatibility using the specified REE minor version.
+ * @param[out] tee_major: pointer to memory to receive the TEE's |major| version
+ * @param[out] tee_minor: pointer to memory to receive the TEE's |minor| version
+ *
+ * @retval OEMCrypto_SUCCESS success
+ * @retval OPK_ERROR_INCOMPATIBLE_VERSION
+ * @retval OEMCrypto_ERROR_NOT_IMPLEMENTED
+ */
+OEMCryptoResult OEMCrypto_OPK_SerializationVersion(uint32_t* ree_major,
+                                                   uint32_t* ree_minor,
+                                                   uint32_t* tee_major,
+                                                   uint32_t* tee_minor);
+
 /****************************************************************************/
 /****************************************************************************/
 /* The following functions are optional. They are only used if the device