From b10a4459f893a39887af18b3149a84d2015a4825 Mon Sep 17 00:00:00 2001 From: Fred Gylys-Colwell Date: Tue, 8 Nov 2022 13:43:12 -0800 Subject: [PATCH] Verify OEMCrypto API has not changed Merge from Widevine repo of http://go/wvgerrit/157923 This adds a C file to be built by Luci to verify that nobody has made a change to OEMCryptoCENC.h that changes the signature of any _oecc function. See the new comment in the header for an explanation why we don't want to chage the function signature of an oecc function. We also update the OEMCrypto release script to verify that all of the functions have been locked. There is a script to update the lock file that should be run before each release. Bug: 235858362 Test: tested with http://go/ag/20420224 Change-Id: Id890054e82cf8cc4c75e83c8347a776bda2d8a3b --- .../oemcrypto/include/OEMCryptoCENC.h | 7 + .../oemcrypto/test/GEN_api_lock_file.c | 235 ++++++++++++++++++ libwvdrmengine/oemcrypto/test/common.mk | 1 + 3 files changed, 243 insertions(+) create mode 100644 libwvdrmengine/oemcrypto/test/GEN_api_lock_file.c diff --git a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h index b6a23484..dd5bc044 100644 --- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h +++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h @@ -574,6 +574,13 @@ typedef enum OEMCrypto_WatermarkingSupport { /** * Obfuscation Renames. + * + * The function signatures of each oecc obfuscated name should remain static + * across multiple versions. When we want to change the function signature of a + * function, we will give the new signature a new oecc number and keep the + * original oecc name with the original function signature. This allows us to + * maintain backwards compatibility when the CDM loads an older version of + * liboemcrypto.so using dlopen. */ // clang-format off #define OEMCrypto_Initialize _oecc01 diff --git a/libwvdrmengine/oemcrypto/test/GEN_api_lock_file.c b/libwvdrmengine/oemcrypto/test/GEN_api_lock_file.c new file mode 100644 index 00000000..507ba377 --- /dev/null +++ b/libwvdrmengine/oemcrypto/test/GEN_api_lock_file.c @@ -0,0 +1,235 @@ +// Copyright 2019 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine License +// Agreement. +// +// This code is semi-auto-generated, do not edit unless you know what you are +// doing. The script oemcrypto/lock-api-for-release will append to this file. +// +// If this file does not build, then you have modified an OEMCrypto API +// function. Instead, you should rename the old function and give the modified +// function a new oecc number. + +#include "OEMCryptoCENC.h" + +// This initial generation of this file was for v16.4, so older functions will +// not have an accurate version number. + +OEMCryptoResult _oecc84(const uint8_t* sandbox_id, size_t sandbox_id_length); +OEMCryptoResult _oecc01(void); +OEMCryptoResult _oecc02(void); +OEMCryptoResult _oecc09(OEMCrypto_SESSION* session); +OEMCryptoResult _oecc10(OEMCrypto_SESSION session); +OEMCryptoResult _oecc95(OEMCrypto_SESSION session, + const OEMCrypto_SharedMemory* mac_key_context, + size_t mac_key_context_length, + const OEMCrypto_SharedMemory* enc_key_context, + size_t enc_key_context_length); +OEMCryptoResult _oecc21(OEMCrypto_SESSION session, + const uint8_t* derivation_key, + size_t derivation_key_length, + const OEMCrypto_SharedMemory* mac_key_context, + size_t mac_key_context_length, + const OEMCrypto_SharedMemory* enc_key_context, + size_t enc_key_context_length); +OEMCryptoResult _oecc14(OEMCrypto_SESSION session, uint32_t* nonce); +OEMCryptoResult _oecc96(OEMCrypto_SESSION session, uint8_t* message, + size_t message_length, size_t* core_message_size, + uint8_t* signature, size_t* signature_length); +OEMCryptoResult _oecc97(OEMCrypto_SESSION session, uint8_t* message, + size_t message_length, size_t* core_message_size, + uint8_t* signature, size_t* signature_length); +OEMCryptoResult _oecc98(OEMCrypto_SESSION session, uint8_t* message, + size_t message_length, size_t* core_message_size, + uint8_t* signature, size_t* signature_length); +OEMCryptoResult _oecc55(const uint8_t* buffer, size_t buffer_length); +OEMCryptoResult _oecc83( + OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, + const uint8_t* signature, size_t signature_length, + OEMCrypto_Substring enc_mac_keys_iv, OEMCrypto_Substring enc_mac_keys, + size_t key_array_length, const OEMCrypto_KeyObject* key_array, + OEMCrypto_Substring pst, OEMCrypto_Substring srm_restriction_data, + OEMCrypto_LicenseType license_type); +OEMCryptoResult _oecc99(OEMCrypto_SESSION session, const uint8_t* message, + size_t message_length, size_t core_message_length, + const uint8_t* signature, size_t signature_length); +OEMCryptoResult _oecc92( + OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, + size_t key_array_length, + const OEMCrypto_EntitledContentKeyObject_V16* key_array); +OEMCryptoResult _oecc91(OEMCrypto_SESSION session, const uint8_t* message, + size_t message_length, const uint8_t* signature, + size_t signature_length, size_t num_keys, + const OEMCrypto_KeyRefreshObject* key_array); +OEMCryptoResult _oecc101(OEMCrypto_SESSION session, const uint8_t* message, + size_t message_length, size_t core_message_length, + const uint8_t* signature, size_t signature_length); +OEMCryptoResult _oecc41(OEMCrypto_SESSION session, + const uint8_t* content_key_id, + size_t content_key_id_length, + uint8_t* key_control_block, + size_t* key_control_block_length); +OEMCryptoResult _oecc81(OEMCrypto_SESSION session, + const uint8_t* content_key_id, + size_t content_key_id_length, + OEMCryptoCipherMode cipher_mode); +OEMCryptoResult _oecc105( + OEMCrypto_SESSION session, + const OEMCrypto_SampleDescription* samples, // an array of samples. + size_t samples_length, // the number of samples. + const OEMCrypto_CENCEncryptPatternDesc* pattern); +OEMCryptoResult _oecc93(OEMCrypto_SESSION session, + const OEMCrypto_SharedMemory* data_addr, + size_t data_addr_length, + const OEMCrypto_DestBufferDesc* out_buffer_descriptor, + uint8_t subsample_flags); +OEMCryptoResult _oecc24(OEMCrypto_SESSION session, + const OEMCrypto_SharedMemory* in_buffer, + size_t in_buffer_length, const uint8_t* iv, + OEMCrypto_Algorithm algorithm, + OEMCrypto_SharedMemory* out_buffer); +OEMCryptoResult _oecc25(OEMCrypto_SESSION session, + const OEMCrypto_SharedMemory* in_buffer, + size_t in_buffer_length, const uint8_t* iv, + OEMCrypto_Algorithm algorithm, + OEMCrypto_SharedMemory* out_buffer); +OEMCryptoResult _oecc26(OEMCrypto_SESSION session, + const OEMCrypto_SharedMemory* buffer, + size_t buffer_length, OEMCrypto_Algorithm algorithm, + OEMCrypto_SharedMemory* signature, + size_t* signature_length); +OEMCryptoResult _oecc27(OEMCrypto_SESSION session, + const OEMCrypto_SharedMemory* buffer, + size_t buffer_length, OEMCrypto_Algorithm algorithm, + const OEMCrypto_SharedMemory* signature, + size_t signature_length); +OEMCryptoResult _oecc08(const uint8_t* keybox_or_cert, + size_t keybox_or_cert_length, + uint8_t* wrapped_keybox_or_cert, + size_t* wrapped_keybox_or_cert_length, + const uint8_t* transport_key, + size_t transport_key_length); +OEMCryptoResult _oecc03(const uint8_t* keybox_or_cert, + size_t keybox_or_cert_length); +OEMCrypto_ProvisioningMethod _oecc49(void); +OEMCryptoResult _oecc05(void); +OEMCryptoResult _oecc07(uint8_t* device_id, size_t* device_id_length); +OEMCryptoResult _oecc04(uint8_t* key_data, size_t* key_data_length); +OEMCryptoResult _oecc78(const uint8_t* buffer, size_t buffer_length); +OEMCryptoResult _oecc103(OEMCrypto_SESSION session); +OEMCryptoResult _oecc104(uint8_t* public_cert, size_t* public_cert_length); +OEMCryptoResult _oecc06(uint8_t* random_data, size_t random_data_length); +uint32_t _oecc22(void); +uint32_t _oecc108(void); +uint8_t _oecc46(void); +OEMCryptoResult _oecc44(OEMCrypto_HDCP_Capability* current, + OEMCrypto_HDCP_Capability* maximum); +bool _oecc29(void); +size_t _oecc94(void); +bool _oecc39(void); +OEMCryptoResult _oecc38(size_t* count); +OEMCryptoResult _oecc37(size_t* max); +uint32_t _oecc52(void); +bool _oecc53(void); +OEMCryptoResult _oecc54(uint16_t* version); +uint32_t _oecc71(void); +uint32_t _oecc85(void); +OEMCryptoResult _oecc102(OEMCrypto_SESSION session, const uint8_t* message, + size_t message_length, size_t core_message_length, + const uint8_t* signature, size_t signature_length, + uint8_t* wrapped_private_key, + size_t* wrapped_private_key_length); +OEMCryptoResult _oecc107(OEMCrypto_SESSION session, + OEMCrypto_PrivateKeyType key_type, + const uint8_t* wrapped_private_key, + size_t wrapped_private_key_length); +OEMCryptoResult _oecc45(void); +OEMCryptoResult _oecc36(OEMCrypto_SESSION session, const uint8_t* message, + size_t message_length, uint8_t* signature, + size_t* signature_length, + RSA_Padding_Scheme padding_scheme); +OEMCryptoResult _oecc61(uint8_t* header_buffer, size_t* header_buffer_length); +OEMCryptoResult _oecc62(const uint8_t* buffer, size_t buffer_length); +OEMCryptoResult _oecc63(OEMCrypto_SESSION session, + uint32_t* usage_entry_number); +OEMCryptoResult _oecc64(OEMCrypto_SESSION session, uint32_t usage_entry_number, + const uint8_t* buffer, size_t buffer_length); +OEMCryptoResult _oecc65(OEMCrypto_SESSION session, + OEMCrypto_SharedMemory* header_buffer, + size_t* header_buffer_length, + OEMCrypto_SharedMemory* entry_buffer, + size_t* entry_buffer_length); +OEMCryptoResult _oecc66(OEMCrypto_SESSION session, const uint8_t* pst, + size_t pst_length); +OEMCryptoResult _oecc32(OEMCrypto_SESSION session, const uint8_t* pst, + size_t pst_length, uint8_t* buffer, + size_t* buffer_length); +OEMCryptoResult _oecc68(OEMCrypto_SESSION session, uint32_t new_index); +OEMCryptoResult _oecc67(uint32_t new_entry_count, uint8_t* header_buffer, + size_t* header_buffer_length); +OEMCryptoResult _oecc57(void); +uint32_t _oecc86(void); +OEMCryptoResult _oecc88(OEMCrypto_SESSION session, uint32_t frame_number, + const uint8_t* hash, size_t hash_length); +OEMCryptoResult _oecc89(OEMCrypto_SESSION session, + uint32_t* failed_frame_number); +OEMCryptoResult _oecc109(OEMCrypto_SESSION session, size_t buffer_size, + OEMCrypto_DestBufferDesc* output_descriptor, + int* secure_fd); +OEMCryptoResult _oecc110(OEMCrypto_SESSION session, + OEMCrypto_DestBufferDesc* output_descriptor, + int secure_fd); +OEMCryptoResult _oecc115(uint32_t* ree_major, uint32_t* ree_minor, + uint32_t* tee_major, uint32_t* tee_minor); +OEMCryptoResult _oecc113(OEMCrypto_SESSION session, uint8_t* buffer, + size_t* buffer_length, uint32_t use_test_key); +OEMCryptoResult _oecc114(OEMCrypto_SESSION session, const uint8_t* buffer, + size_t buffer_length, uint32_t use_test_key); +OEMCryptoResult _oecc13(OEMCrypto_SESSION session, const uint8_t* message, + size_t message_length, uint8_t* signature, + size_t* signature_length); +OEMCryptoResult _oecc51(OEMCrypto_SESSION session, + const uint32_t* unaligned_nonce, + const uint8_t* encrypted_message_key, + size_t encrypted_message_key_length, + const uint8_t* enc_rsa_key, size_t enc_rsa_key_length, + const uint8_t* enc_rsa_key_iv, uint8_t* wrapped_rsa_key, + size_t* wrapped_rsa_key_length); +OEMCryptoResult _oecc18(OEMCrypto_SESSION session, const uint8_t* message, + size_t message_length, const uint8_t* signature, + size_t signature_length, + const uint32_t* unaligned_nonce, + const uint8_t* enc_rsa_key, size_t enc_rsa_key_length, + const uint8_t* enc_rsa_key_iv, uint8_t* wrapped_rsa_key, + size_t* wrapped_rsa_key_length); +OEMCryptoResult _oecc30(void); +OEMCryptoResult _oecc33(OEMCrypto_SESSION session, const uint8_t* pst, + size_t pst_length, const uint8_t* message, + size_t message_length, const uint8_t* signature, + size_t signature_length); +OEMCryptoResult _oecc43(const uint8_t* pst, size_t pst_length); +OEMCryptoResult _oecc69(OEMCrypto_SESSION session, const uint8_t* pst, + size_t pst_length); +OEMCryptoResult _oecc34(void); +OEMCryptoResult _oecc70(uint64_t time_since_license_received, + uint64_t time_since_first_decrypt, + uint64_t time_since_last_decrypt, + OEMCrypto_Usage_Entry_Status status, + uint8_t* server_mac_key, uint8_t* client_mac_key, + const uint8_t* pst, size_t pst_length); +OEMCryptoResult _oecc12(OEMCrypto_SESSION session, + const uint8_t* mac_key_context, + uint32_t mac_key_context_length, + const uint8_t* enc_key_context, + uint32_t enc_key_context_length); +OEMCryptoResult _oecc48(OEMCrypto_SESSION session, const uint8_t* data_addr, + size_t data_addr_length, bool is_encrypted, + const uint8_t* iv, + size_t block_offset, // used for CTR "cenc" mode only. + OEMCrypto_DestBufferDesc* out_buffer, + const OEMCrypto_CENCEncryptPatternDesc_V15* pattern, + uint8_t subsample_flags); +OEMCryptoResult _oecc50(OEMCrypto_SESSION session, uint8_t* public_cert, + size_t* public_cert_length); +OEMCryptoResult _oecc19(OEMCrypto_SESSION session, + const uint8_t* wrapped_rsa_key, + size_t wrapped_rsa_key_length); diff --git a/libwvdrmengine/oemcrypto/test/common.mk b/libwvdrmengine/oemcrypto/test/common.mk index 0486c8a7..09313165 100644 --- a/libwvdrmengine/oemcrypto/test/common.mk +++ b/libwvdrmengine/oemcrypto/test/common.mk @@ -18,6 +18,7 @@ endif LOCAL_CFLAGS += -DTEST_OEMCRYPTO_V15 LOCAL_SRC_FILES:= \ + GEN_api_lock_file.c \ oec_device_features.cpp \ oec_decrypt_fallback_chain.cpp \ oec_key_deriver.cpp \