diff --git a/libwvdrmengine/cdm/core/include/oemcrypto_adapter.h b/libwvdrmengine/cdm/core/include/oemcrypto_adapter.h index cbff211d..1f208aaf 100644 --- a/libwvdrmengine/cdm/core/include/oemcrypto_adapter.h +++ b/libwvdrmengine/cdm/core/include/oemcrypto_adapter.h @@ -37,6 +37,16 @@ OEMCryptoResult OEMCrypto_GetMaxNumberOfSessions(SecurityLevel level, uint8_t OEMCrypto_Security_Patch_Level(SecurityLevel level); OEMCrypto_ProvisioningMethod OEMCrypto_GetProvisioningMethod( SecurityLevel level); +uint32_t OEMCrypto_SupportedCertificates(SecurityLevel level); +OEMCryptoResult OEMCrypto_CreateUsageTableHeader(SecurityLevel level); +OEMCryptoResult OEMCrypto_LoadUsageTableHeader(SecurityLevel level, + const uint8_t* buffer, + size_t buffer_length); +OEMCryptoResult OEMCrypto_ShrinkUsageTableHeader(SecurityLevel level, + uint32_t new_table_size, + uint8_t* header_buffer, + size_t* header_buffer_length); + } // namespace wvcdm #endif // WVCDM_CORE_OEMCRYPTO_ADAPTER_H_ diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp index 22b72d03..9026f77d 100644 --- a/libwvdrmengine/cdm/core/src/crypto_session.cpp +++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp @@ -435,7 +435,8 @@ CdmResponseType CryptoSession::LoadKeys( oec_session_id_, msg, message.size(), reinterpret_cast(signature.data()), signature.size(), enc_mac_key_iv, enc_mac_key, keys.size(), &load_keys[0], pst, - provider_session_token.length()); + provider_session_token.length(), + NULL); // TODO(rfrias): http://b/28955520 if (OEMCrypto_SUCCESS == sts) { if (!provider_session_token.empty()) { @@ -789,8 +790,10 @@ CdmResponseType CryptoSession::DeactivateUsageInformation( uint8_t* pst = reinterpret_cast( const_cast(provider_session_token.data())); + // TODO(fredgc or rfrias): make sure oec_session_id_ is valid. OEMCryptoResult status = - OEMCrypto_DeactivateUsageEntry(pst, provider_session_token.length()); + OEMCrypto_DeactivateUsageEntry((uint32_t)oec_session_id_, + pst, provider_session_token.length()); switch (status) { case OEMCrypto_SUCCESS: @@ -963,7 +966,7 @@ CdmResponseType CryptoSession::DeleteMultipleUsageInformation( CdmResponseType CryptoSession::DeleteAllUsageReports() { LOGV("DeleteAllUsageReports"); - OEMCryptoResult status = OEMCrypto_DeleteUsageTable(); + OEMCryptoResult status = OEMCrypto_DeleteOldUsageTable(); if (OEMCrypto_SUCCESS != status) { LOGE("CryptoSession::DeleteAllUsageReports: Delete Usage Table error =%ld", diff --git a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp index d74d58bf..41b88aad 100644 --- a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp +++ b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp @@ -66,6 +66,12 @@ typedef OEMCryptoResult (*L1_GenerateSignature_t)(OEMCrypto_SESSION session, uint8_t* signature, size_t* signature_length); typedef OEMCryptoResult (*L1_LoadKeys_t)( + OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, + const uint8_t* signature, size_t signature_length, + const uint8_t* enc_mac_key_iv, const uint8_t* enc_mac_key, size_t num_keys, + const OEMCrypto_KeyObject* key_array, const uint8_t* pst, + size_t pst_length, const uint8_t* srm_requirement); +typedef OEMCryptoResult (*L1_LoadKeys_V12_t)( OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, const uint8_t* signature, size_t signature_length, const uint8_t* enc_mac_key_iv, const uint8_t* enc_mac_key, size_t num_keys, @@ -173,8 +179,8 @@ typedef OEMCryptoResult (*L1_Generic_Verify_t)(OEMCrypto_SESSION session, const uint8_t* signature, size_t signature_length); typedef OEMCryptoResult (*L1_UpdateUsageTable_t)(); -typedef OEMCryptoResult (*L1_DeactivateUsageEntry_t)(const uint8_t* pst, - size_t pst_length); +typedef OEMCryptoResult (*L1_DeactivateUsageEntry_V12_t)(const uint8_t* pst, + size_t pst_length); typedef OEMCryptoResult (*L1_ReportUsage_t)(OEMCrypto_SESSION session, const uint8_t* pst, size_t pst_length, @@ -186,7 +192,7 @@ typedef OEMCryptoResult (*L1_DeleteUsageEntry_t)( size_t signature_length); typedef OEMCryptoResult (*L1_ForceDeleteUsageEntry_t)(const uint8_t* pst, size_t pst_length); -typedef OEMCryptoResult (*L1_DeleteUsageTable_t)(); +typedef OEMCryptoResult (*L1_DeleteOldUsageTable_t)(); typedef OEMCrypto_ProvisioningMethod (*L1_GetProvisioningMethod_t)(); typedef OEMCryptoResult (*L1_GetOEMPublicCertificate_t)( OEMCrypto_SESSION session, @@ -202,6 +208,37 @@ typedef OEMCryptoResult (*L1_RewrapDeviceRSAKey30_t)( const uint8_t* enc_rsa_key_iv, uint8_t* wrapped_rsa_key, size_t* wrapped_rsa_key_length); +typedef uint32_t (*L1_SupportedCertificates_t)(); +typedef bool (*L1_IsSRMUpdateSupported_t)(); +typedef OEMCryptoResult (*L1_GetCurrentSRMVersion_t)(uint16_t* version); +typedef OEMCryptoResult (*L1_LoadSRM_t)(const uint8_t* buffer, + size_t buffer_length); +typedef OEMCryptoResult (*L1_RemoveSRM_t)(); +typedef OEMCryptoResult (*L1_CreateUsageTableHeader_t)(); +typedef OEMCryptoResult (*L1_LoadUsageTableHeader_t)(const uint8_t* buffer, + size_t buffer_length); +typedef OEMCryptoResult (*L1_CreateNewUsageEntry_t)(OEMCrypto_SESSION session, + uint32_t *usage_entry_number); +typedef OEMCryptoResult (*L1_LoadUsageEntry_t)(OEMCrypto_SESSION session, + uint32_t index, + const uint8_t *buffer, + size_t buffer_size); +typedef OEMCryptoResult (*L1_UpdateUsageEntry_t)(OEMCrypto_SESSION session, + uint8_t* header_buffer, + size_t* header_buffer_length, + uint8_t* entry_buffer, + size_t* entry_buffer_length); +typedef OEMCryptoResult (*L1_DeactivateUsageEntry_t)(OEMCrypto_SESSION session, + const uint8_t* pst, + size_t pst_length); +typedef OEMCryptoResult (*L1_ShrinkUsageTableHeader_t)(uint32_t new_table_size, + uint8_t* header_buffer, + size_t* header_buffer_length); +typedef OEMCryptoResult (*L1_MoveEntry_t)(OEMCrypto_SESSION session, + uint32_t new_index); +typedef OEMCryptoResult (*L1_CopyOldUsageEntry_t)(OEMCrypto_SESSION session, + const uint8_t*pst, + size_t pst_length); struct FunctionPointers { uint32_t version; @@ -248,15 +285,30 @@ struct FunctionPointers { L1_ReportUsage_t ReportUsage; L1_DeleteUsageEntry_t DeleteUsageEntry; L1_ForceDeleteUsageEntry_t ForceDeleteUsageEntry; - L1_DeleteUsageTable_t DeleteUsageTable; + L1_DeleteOldUsageTable_t DeleteOldUsageTable; L1_GetProvisioningMethod_t GetProvisioningMethod; L1_GetOEMPublicCertificate_t GetOEMPublicCertificate; L1_RewrapDeviceRSAKey30_t RewrapDeviceRSAKey30; + L1_SupportedCertificates_t SupportedCertificates; + L1_IsSRMUpdateSupported_t IsSRMUpdateSupported; + L1_GetCurrentSRMVersion_t GetCurrentSRMVersion; + L1_LoadSRM_t LoadSRM; + L1_RemoveSRM_t RemoveSRM; + L1_CreateUsageTableHeader_t CreateUsageTableHeader; + L1_LoadUsageTableHeader_t LoadUsageTableHeader; + L1_CreateNewUsageEntry_t CreateNewUsageEntry; + L1_LoadUsageEntry_t LoadUsageEntry; + L1_UpdateUsageEntry_t UpdateUsageEntry; + L1_ShrinkUsageTableHeader_t ShrinkUsageTableHeader; + L1_MoveEntry_t MoveEntry; + L1_CopyOldUsageEntry_t CopyOldUsageEntry; L1_LoadKeys_V8_t LoadKeys_V8; L1_GenerateRSASignature_V8_t GenerateRSASignature_V8; L1_GetHDCPCapability_V9_t GetHDCPCapability_V9; L1_LoadKeys_V9_or_V10_t LoadKeys_V9_or_V10; + L1_LoadKeys_V12_t LoadKeys_V12; + L1_DeactivateUsageEntry_V12_t DeactivateUsageEntry_V12; }; // The Cache Flush function is very processor dependent, but is needed by the @@ -430,11 +482,17 @@ class Adapter { } else { // version >= 9 LOOKUP(GenerateRSASignature, OEMCrypto_GenerateRSASignature); LOOKUP(SupportsUsageTable, OEMCrypto_SupportsUsageTable); - LOOKUP(UpdateUsageTable, OEMCrypto_UpdateUsageTable); - LOOKUP(DeactivateUsageEntry, OEMCrypto_DeactivateUsageEntry); + // TODO(fredgc): only use these if version < 13. LOOKUP(ReportUsage, OEMCrypto_ReportUsage); - LOOKUP(DeleteUsageEntry, OEMCrypto_DeleteUsageEntry); - LOOKUP(DeleteUsageTable, OEMCrypto_DeleteUsageTable); + LOOKUP(DeleteOldUsageTable, OEMCrypto_DeleteOldUsageTable); + // TODO(fredgc): remove this hack after unit tests have been fixed. + // TODO(fredgc) if (level1_.version < 13) { + LOOKUP(UpdateUsageTable, OEMCrypto_UpdateUsageTable); + if (level1_.version < 13 ) { + LOOKUP(DeactivateUsageEntry_V12, OEMCrypto_DeactivateUsageEntry_V12); + } + LOOKUP(DeleteUsageEntry, OEMCrypto_DeleteUsageEntry); + // TODO(fredgc): } if (level1_.version == 9) { LOOKUP(LoadKeys_V9_or_V10, OEMCrypto_LoadKeys_V9_or_V10); LOOKUP(GetHDCPCapability_V9, OEMCrypto_GetHDCPCapability_V9); @@ -447,18 +505,40 @@ class Adapter { LOOKUP(IsAntiRollbackHwPresent, OEMCrypto_IsAntiRollbackHwPresent); LOOKUP(GetNumberOfOpenSessions, OEMCrypto_GetNumberOfOpenSessions); LOOKUP(GetMaxNumberOfSessions, OEMCrypto_GetMaxNumberOfSessions); - LOOKUP(ForceDeleteUsageEntry, OEMCrypto_ForceDeleteUsageEntry); + // TODO(fredgc): if (level1_.version < 13) { + LOOKUP(ForceDeleteUsageEntry, OEMCrypto_ForceDeleteUsageEntry); + // TODO(fredgc): } if (level1_.version == 10) { LOOKUP(LoadKeys_V9_or_V10, OEMCrypto_LoadKeys_V9_or_V10); LOOKUP(DecryptCTR_V10, OEMCrypto_DecryptCTR_V10); } else { // version >= 11. - LOOKUP(LoadKeys, OEMCrypto_LoadKeys); LOOKUP(DecryptCENC, OEMCrypto_DecryptCENC); LOOKUP(SecurityPatchLevel, OEMCrypto_Security_Patch_Level); - if (level1_.version >= 12) { + if (level1_.version == 11) { + LOOKUP(LoadKeys_V12, OEMCrypto_LoadKeys_V12); + } else { // version >= 12. LOOKUP(GetProvisioningMethod, OEMCrypto_GetProvisioningMethod); LOOKUP(GetOEMPublicCertificate, OEMCrypto_GetOEMPublicCertificate); LOOKUP(RewrapDeviceRSAKey30, OEMCrypto_RewrapDeviceRSAKey30); + if (level1_.version == 12) { + LOOKUP(LoadKeys_V12, OEMCrypto_LoadKeys_V12); + } else { // version >= 13. + LOOKUP(LoadKeys, OEMCrypto_LoadKeys); + LOOKUP(SupportedCertificates, OEMCrypto_SupportedCertificates); + LOOKUP(IsSRMUpdateSupported, OEMCrypto_IsSRMUpdateSupported); + LOOKUP(GetCurrentSRMVersion, OEMCrypto_GetCurrentSRMVersion); + LOOKUP(LoadSRM, OEMCrypto_LoadSRM); + LOOKUP(RemoveSRM, OEMCrypto_RemoveSRM); + LOOKUP(CreateUsageTableHeader, OEMCrypto_CreateUsageTableHeader); + LOOKUP(LoadUsageTableHeader, OEMCrypto_LoadUsageTableHeader); + LOOKUP(CreateNewUsageEntry, OEMCrypto_CreateNewUsageEntry); + LOOKUP(LoadUsageEntry, OEMCrypto_LoadUsageEntry); + LOOKUP(UpdateUsageEntry, OEMCrypto_UpdateUsageEntry); + LOOKUP(DeactivateUsageEntry, OEMCrypto_DeactivateUsageEntry); + LOOKUP(ShrinkUsageTableHeader, OEMCrypto_ShrinkUsageTableHeader); + LOOKUP(MoveEntry, OEMCrypto_MoveEntry); + LOOKUP(CopyOldUsageEntry, OEMCrypto_CopyOldUsageEntry); + } } } } @@ -559,10 +639,23 @@ class Adapter { level3_.ReportUsage = Level3_ReportUsage; level3_.DeleteUsageEntry = Level3_DeleteUsageEntry; level3_.ForceDeleteUsageEntry = Level3_ForceDeleteUsageEntry; - level3_.DeleteUsageTable = Level3_DeleteUsageTable; + level3_.DeleteOldUsageTable = Level3_DeleteOldUsageTable; level3_.GetProvisioningMethod = Level3_GetProvisioningMethod; level3_.GetOEMPublicCertificate = Level3_GetOEMPublicCertificate; level3_.RewrapDeviceRSAKey30 = Level3_RewrapDeviceRSAKey30; + level3_.SupportedCertificates = Level3_SupportedCertificates; + level3_.IsSRMUpdateSupported = Level3_IsSRMUpdateSupported; + level3_.GetCurrentSRMVersion = Level3_GetCurrentSRMVersion; + level3_.LoadSRM = Level3_LoadSRM; + level3_.RemoveSRM = Level3_RemoveSRM; + level3_.CreateUsageTableHeader = Level3_CreateUsageTableHeader; + level3_.LoadUsageTableHeader = Level3_LoadUsageTableHeader; + level3_.CreateNewUsageEntry = Level3_CreateNewUsageEntry; + level3_.LoadUsageEntry = Level3_LoadUsageEntry; + level3_.UpdateUsageEntry = Level3_UpdateUsageEntry; + level3_.ShrinkUsageTableHeader = Level3_ShrinkUsageTableHeader; + level3_.MoveEntry = Level3_MoveEntry; + level3_.CopyOldUsageEntry = Level3_CopyOldUsageEntry; level3_.version = Level3_APIVersion(); } @@ -792,6 +885,47 @@ OEMCryptoResult OEMCrypto_GetMaxNumberOfSessions(SecurityLevel level, if (fcn->version < 10) return OEMCrypto_ERROR_NOT_IMPLEMENTED; return fcn->GetMaxNumberOfSessions(maximum); } + +uint32_t OEMCrypto_SupportedCertificates(SecurityLevel level) { + if (!kAdapter) return 0; + const FunctionPointers* fcn = kAdapter->get(level); + if (!fcn) return 0; + // Default is to support 2048 bit RSA keys. + if (fcn->version < 13) return OEMCrypto_Supports_RSA_2048bit; + return fcn->SupportedCertificates(); +} + +OEMCryptoResult OEMCrypto_CreateUsageTableHeader(SecurityLevel level) { + if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; + const FunctionPointers* fcn = kAdapter->get(level); + if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION; + if (fcn->version < 9) return OEMCrypto_ERROR_NOT_IMPLEMENTED; + if (fcn->version < 13) return fcn->DeleteOldUsageTable(); + return fcn->CreateUsageTableHeader(); +} + +OEMCryptoResult OEMCrypto_LoadUsageTableHeader(SecurityLevel level, + const uint8_t* buffer, + size_t buffer_length) { + if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; + const FunctionPointers* fcn = kAdapter->get(level); + if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION; + if (fcn->version < 13) return OEMCrypto_ERROR_NOT_IMPLEMENTED; + return fcn->LoadUsageTableHeader(buffer, buffer_length); +} + +OEMCryptoResult OEMCrypto_ShrinkUsageTableHeader(SecurityLevel level, + uint32_t new_table_size, + uint8_t* header_buffer, + size_t* header_buffer_length) { + if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; + const FunctionPointers* fcn = kAdapter->get(level); + if (!fcn) return OEMCrypto_ERROR_INVALID_SESSION; + if (fcn->version < 13) return OEMCrypto_ERROR_NOT_IMPLEMENTED; + return fcn->ShrinkUsageTableHeader(new_table_size, header_buffer, + header_buffer_length); +} + } // namespace wvcdm extern "C" OEMCryptoResult OEMCrypto_Initialize(void) { @@ -857,7 +991,7 @@ extern "C" OEMCryptoResult OEMCrypto_LoadKeys( const uint8_t* signature, size_t signature_length, const uint8_t* enc_mac_key_iv, const uint8_t* enc_mac_key, size_t num_keys, const OEMCrypto_KeyObject* key_array, const uint8_t* pst, - size_t pst_length) { + size_t pst_length, const uint8_t* srm_requirement) { if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; LevelSession pair = kAdapter->get(session); if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION; @@ -888,9 +1022,17 @@ extern "C" OEMCryptoResult OEMCrypto_LoadKeys( pst, pst_length); } } else { - return pair.fcn->LoadKeys(pair.session, message, message_length, signature, - signature_length, enc_mac_key_iv, enc_mac_key, - num_keys, key_array, pst, pst_length); + if (pair.fcn->version < 13) { + return pair.fcn->LoadKeys_V12(pair.session, message, message_length, + signature, signature_length, enc_mac_key_iv, + enc_mac_key, num_keys, key_array, pst, + pst_length); + } else { + return pair.fcn->LoadKeys(pair.session, message, message_length, signature, + signature_length, enc_mac_key_iv, enc_mac_key, + num_keys, key_array, pst, pst_length, + srm_requirement); + } } } @@ -1134,6 +1276,10 @@ extern "C" OEMCryptoResult OEMCrypto_GetMaxNumberOfSessions(size_t* maximum) { return OEMCrypto_GetMaxNumberOfSessions(kLevelDefault, maximum); } +extern "C" uint32_t OEMCrypto_SupportedCertificates() { + return OEMCrypto_SupportedCertificates(kLevelDefault); +} + extern "C" OEMCryptoResult OEMCrypto_Generic_Encrypt( OEMCrypto_SESSION session, const uint8_t* in_buffer, size_t buffer_length, const uint8_t* iv, OEMCrypto_Algorithm algorithm, uint8_t* out_buffer) { @@ -1208,31 +1354,90 @@ extern "C" OEMCryptoResult OEMCrypto_Generic_Verify( algorithm, signature, signature_length); } +// TODO(fredgc): remove this function when cdm layer doesn't need it. extern "C" OEMCryptoResult OEMCrypto_UpdateUsageTable() { if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; const FunctionPointers* fcn1 = kAdapter->get(kLevelDefault); const FunctionPointers* fcn3 = kAdapter->get(kLevel3); OEMCryptoResult sts = OEMCrypto_ERROR_NOT_IMPLEMENTED; - if (fcn3 && fcn3->version > 8) sts = fcn3->UpdateUsageTable(); - if (fcn1 && fcn1 != fcn3 && fcn1->version > 8) sts = fcn1->UpdateUsageTable(); + if (fcn3 && fcn3->version > 8 && fcn3->version < 13) { + sts = fcn3->UpdateUsageTable(); + } + if (fcn1 && fcn1 != fcn3 && fcn1->version > 8 && fcn1->version < 13) { + sts = fcn1->UpdateUsageTable(); + } else { + // TODO(fredgc): Remove this after unit tests, haystack, and mock + // have been updated to v13. RED: REMOVE BEFORE FLIGHT --> + if (fcn1) sts = fcn1->UpdateUsageTable(); + } return sts; } -extern "C" OEMCryptoResult OEMCrypto_DeactivateUsageEntry(const uint8_t* pst, +extern "C" OEMCryptoResult OEMCrypto_DeactivateUsageEntry(OEMCrypto_SESSION session, + const uint8_t* pst, size_t pst_length) { if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; - const FunctionPointers* fcn1 = kAdapter->get(kLevelDefault); - const FunctionPointers* fcn3 = kAdapter->get(kLevel3); - OEMCryptoResult sts = OEMCrypto_ERROR_NOT_IMPLEMENTED; - if (fcn1 && fcn1->version > 8) { - sts = fcn1->DeactivateUsageEntry(pst, pst_length); + LevelSession pair = kAdapter->get(session); + if (!pair.fcn) { + // TODO(fredgc): remove before flight! + // return OEMCrypto_ERROR_INVALID_SESSION; + LOGE("TODO(fredgc): remove temporary DeactivateUsageEntry."); + const FunctionPointers* fcn1 = kAdapter->get(kLevelDefault); + const FunctionPointers* fcn3 = kAdapter->get(kLevel3); + OEMCryptoResult sts = OEMCrypto_ERROR_INVALID_SESSION; + if (fcn1) { + if(fcn1->version < 13) { + if (fcn1->DeactivateUsageEntry_V12) { + sts = fcn1->DeactivateUsageEntry_V12(pst, pst_length); + } else { + LOGE("TODO(fredgc): Fred screwed up temporary code for v12!\n"); + } + } else { + if (fcn1->DeactivateUsageEntry) { + sts = fcn1->DeactivateUsageEntry(0, pst, pst_length); + } else { + LOGE("TODO(fredgc): Fred screwed up temporary code for v13!\n"); + } + } + } + if (OEMCrypto_SUCCESS != sts) { + if (fcn3 && fcn1 != fcn3) { + if(fcn3->version < 13) { + if (fcn3->DeactivateUsageEntry_V12) { + sts = fcn3->DeactivateUsageEntry_V12(pst, pst_length); + } else { + LOGE("TODO(fredgc): Fred screwed up temporary code for L3 v12!\n"); + } + } else { + if (fcn3->DeactivateUsageEntry) { + sts = fcn3->DeactivateUsageEntry(0, pst, pst_length); + } else { + LOGE("TODO(fredgc): Fred screwed up temporary code for L3 v13!\n"); + } + } + } + } + return sts; + // All of the hacky code above should be removed once the unit tests and + // cdm codde use the new deactivate usage entry. } - if (OEMCrypto_SUCCESS != sts) { - if (fcn3 && fcn1 != fcn3 && fcn3->version > 8) { - sts = fcn3->DeactivateUsageEntry(pst, pst_length); + if (pair.fcn->version < 9) { + return OEMCrypto_ERROR_NOT_IMPLEMENTED; + } + if(pair.fcn->version < 13) { + if (pair.fcn->DeactivateUsageEntry_V12 ) { + return pair.fcn->DeactivateUsageEntry_V12(pst, pst_length); + } else { + LOGE("TODO(fredgc): problem picking function!\n"); + return OEMCrypto_ERROR_INVALID_SESSION; } } - return sts; + if (pair.fcn->DeactivateUsageEntry) { + return pair.fcn->DeactivateUsageEntry(pair.session, pst, pst_length); + } else { + LOGE("TODO(fredgc): problem picking function!\n"); + return OEMCrypto_ERROR_INVALID_SESSION; + } } extern "C" OEMCryptoResult OEMCrypto_ReportUsage(OEMCrypto_SESSION session, @@ -1255,6 +1460,7 @@ extern "C" OEMCryptoResult OEMCrypto_DeleteUsageEntry( OEMCrypto_SESSION session, const uint8_t* pst, size_t pst_length, const uint8_t* message, size_t message_length, const uint8_t* signature, size_t signature_length) { + LOGE("TODO(fredgc): remove DeleteUsageEntry."); if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; LevelSession pair = kAdapter->get(session); if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION; @@ -1269,6 +1475,7 @@ extern "C" OEMCryptoResult OEMCrypto_DeleteUsageEntry( extern "C" OEMCryptoResult OEMCrypto_ForceDeleteUsageEntry( const uint8_t* pst, size_t pst_length) { + LOGE("TODO(fredgc): remove ForceDeleteUsageEntry."); if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; const FunctionPointers* fcn1 = kAdapter->get(kLevelDefault); const FunctionPointers* fcn3 = kAdapter->get(kLevel3); @@ -1285,12 +1492,143 @@ extern "C" OEMCryptoResult OEMCrypto_ForceDeleteUsageEntry( return sts; } -extern "C" OEMCryptoResult OEMCrypto_DeleteUsageTable() { +extern "C" OEMCryptoResult OEMCrypto_DeleteOldUsageTable() { if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; const FunctionPointers* fcn1 = kAdapter->get(kLevelDefault); const FunctionPointers* fcn3 = kAdapter->get(kLevel3); OEMCryptoResult sts = OEMCrypto_ERROR_NOT_IMPLEMENTED; - if (fcn3 && fcn3->version > 8) sts = fcn3->DeleteUsageTable(); - if (fcn1 && fcn1 != fcn3 && fcn1->version > 8) sts = fcn1->DeleteUsageTable(); + if (fcn3 && fcn3->version > 8) sts = fcn3->DeleteOldUsageTable(); + if (fcn1 && fcn1 != fcn3 && fcn1->version > 8) sts = fcn1->DeleteOldUsageTable(); return sts; } + +extern "C" +bool OEMCrypto_IsSRMUpdateSupported() { + if (!kAdapter) return false; + // Level 3 can't load an SRM, so this just checkes Level 1. + const FunctionPointers* fcn = kAdapter->get(kLevelDefault); + if (!fcn) return false; + if (fcn->version < 13) return false; + return fcn->IsSRMUpdateSupported(); +} + +extern "C" +OEMCryptoResult OEMCrypto_GetCurrentSRMVersion(uint16_t* version) { + if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; + // Level 3 can't load an SRM, so this just checkes Level 1. + const FunctionPointers* fcn = kAdapter->get(kLevelDefault); + if (!fcn) return OEMCrypto_ERROR_NOT_IMPLEMENTED; + if (fcn->version < 13) return OEMCrypto_ERROR_NOT_IMPLEMENTED; + return fcn->GetCurrentSRMVersion(version); +} + +extern "C" +OEMCryptoResult OEMCrypto_LoadSRM(const uint8_t* buffer, + size_t buffer_length) { + if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; + // Level 3 can't load an SRM, so this just checkes Level 1. + const FunctionPointers* fcn = kAdapter->get(kLevelDefault); + if (!fcn) return OEMCrypto_ERROR_NOT_IMPLEMENTED; + if (fcn->version < 13) return OEMCrypto_ERROR_NOT_IMPLEMENTED; + return fcn->LoadSRM(buffer, buffer_length); +} + +extern "C" +OEMCryptoResult OEMCrypto_RemoveSRM() { + if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; + // Level 3 can't load an SRM, so this just checkes Level 1. + const FunctionPointers* fcn = kAdapter->get(kLevelDefault); + if (!fcn) return OEMCrypto_ERROR_NOT_IMPLEMENTED; + if (fcn->version < 13) return OEMCrypto_ERROR_NOT_IMPLEMENTED; + return fcn->RemoveSRM(); +} + +extern "C" +OEMCryptoResult OEMCrypto_CreateUsageTableHeader() { + return OEMCrypto_CreateUsageTableHeader(kLevelDefault); +} + +extern "C" +OEMCryptoResult OEMCrypto_LoadUsageTableHeader(const uint8_t* buffer, + size_t buffer_length) { + return OEMCrypto_LoadUsageTableHeader(kLevelDefault, buffer, buffer_length); +} + +extern "C" +OEMCryptoResult OEMCrypto_CreateNewUsageEntry(OEMCrypto_SESSION session, + uint32_t *usage_entry_number) { + if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; + LevelSession pair = kAdapter->get(session); + if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION; + if (pair.fcn->version < 13) return OEMCrypto_ERROR_NOT_IMPLEMENTED; + return pair.fcn->CreateNewUsageEntry(pair.session, usage_entry_number); +} + +extern "C" +OEMCryptoResult OEMCrypto_LoadUsageEntry(OEMCrypto_SESSION session, + uint32_t index, + const uint8_t *buffer, + size_t buffer_size) { + if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; + LevelSession pair = kAdapter->get(session); + if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION; + if (pair.fcn->version < 13) return OEMCrypto_ERROR_NOT_IMPLEMENTED; + return pair.fcn->LoadUsageEntry(pair.session, index, buffer, buffer_size); +} + +extern "C" +OEMCryptoResult OEMCrypto_UpdateUsageEntry(OEMCrypto_SESSION session, + uint8_t* header_buffer, + size_t* header_buffer_length, + uint8_t* entry_buffer, + size_t* entry_buffer_length) { + if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; + LevelSession pair = kAdapter->get(session); + if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION; + if (pair.fcn->version < 13) return OEMCrypto_ERROR_NOT_IMPLEMENTED; + return pair.fcn->UpdateUsageEntry(pair.session, header_buffer, + header_buffer_length, entry_buffer, + entry_buffer_length); +} + +extern "C" +OEMCryptoResult OEMCrypto_ShrinkUsageTableHeader(uint32_t new_table_size, + uint8_t* header_buffer, + size_t* header_buffer_length) { + return OEMCrypto_ShrinkUsageTableHeader(kLevelDefault, new_table_size, + header_buffer, header_buffer_length); +} + +extern "C" +OEMCryptoResult OEMCrypto_MoveEntry(OEMCrypto_SESSION session, + uint32_t new_index) { + if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; + LevelSession pair = kAdapter->get(session); + if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION; + if (pair.fcn->version < 13) return OEMCrypto_ERROR_NOT_IMPLEMENTED; + return pair.fcn->MoveEntry(pair.session, new_index); +} + +extern "C" +OEMCryptoResult OEMCrypto_CopyOldUsageEntry(OEMCrypto_SESSION session, + const uint8_t*pst, + size_t pst_length) { + if (!kAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE; + LevelSession pair = kAdapter->get(session); + if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION; + if (pair.fcn->version < 13) return OEMCrypto_ERROR_NOT_IMPLEMENTED; + return pair.fcn->CopyOldUsageEntry(pair.session, pst, pst_length); +} + +extern "C" +OEMCryptoResult Level3_CreateOldUsageEntry(uint64_t time_since_license_received, + uint64_t time_since_first_decrypt, + uint64_t time_since_last_decrypt, + OEMCrypto_Usage_Entry_Status status, + uint8_t *server_mac_key, + uint8_t *client_mac_key, + const uint8_t* pst, + size_t pst_length) { + // TODO(fredgc): add this. + return OEMCrypto_ERROR_NOT_IMPLEMENTED; +} diff --git a/libwvdrmengine/docs/WidevineModularDRMSecurityIntegrationGuideforCENC.pdf b/libwvdrmengine/docs/WidevineModularDRMSecurityIntegrationGuideforCENC.pdf deleted file mode 100644 index 9cf40c18..00000000 Binary files a/libwvdrmengine/docs/WidevineModularDRMSecurityIntegrationGuideforCENC.pdf and /dev/null differ diff --git a/libwvdrmengine/docs/WidevineSecurityIntegrationGuideforCENCAndroidSupplement.pdf b/libwvdrmengine/docs/WidevineSecurityIntegrationGuideforCENCAndroidSupplement.pdf deleted file mode 100644 index 3933298b..00000000 Binary files a/libwvdrmengine/docs/WidevineSecurityIntegrationGuideforCENCAndroidSupplement.pdf and /dev/null differ diff --git a/libwvdrmengine/level3/arm/libwvlevel3.a b/libwvdrmengine/level3/arm/libwvlevel3.a index caffe61f..1ae71fb8 100644 Binary files a/libwvdrmengine/level3/arm/libwvlevel3.a and b/libwvdrmengine/level3/arm/libwvlevel3.a differ diff --git a/libwvdrmengine/level3/mips/libwvlevel3.a b/libwvdrmengine/level3/mips/libwvlevel3.a index f57b94d1..8588d807 100644 Binary files a/libwvdrmengine/level3/mips/libwvlevel3.a and b/libwvdrmengine/level3/mips/libwvlevel3.a differ diff --git a/libwvdrmengine/level3/x86/libwvlevel3.a b/libwvdrmengine/level3/x86/libwvlevel3.a index ddbeec1f..e2f816b4 100644 Binary files a/libwvdrmengine/level3/x86/libwvlevel3.a and b/libwvdrmengine/level3/x86/libwvlevel3.a differ diff --git a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h index 6c224320..11862285 100644 --- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h +++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h @@ -6,9 +6,9 @@ * Reference APIs needed to support Widevine's crypto algorithms. * * See the document "WV Modular DRM Security Integration Guide for Common - * Encryption (CENC) -- version 12" for a description of this API. You + * Encryption (CENC) -- version 13" for a description of this API. You * can find this document in the widevine repository as - * docs/WidevineModularDRMSecurityIntegrationGuideforCENC.pdf + * docs/WidevineModularDRMSecurityIntegrationGuideforCENC_v13.pdf * Changes between different versions of this API are documented in the files * docs/Widevine_Modular_DRM_Version_*_Delta.pdf * @@ -33,10 +33,10 @@ typedef enum OEMCryptoResult { OEMCrypto_ERROR_TERMINATE_FAILED = 2, OEMCrypto_ERROR_OPEN_FAILURE = 3, OEMCrypto_ERROR_CLOSE_FAILURE = 4, - OEMCrypto_ERROR_ENTER_SECURE_PLAYBACK_FAILED = 5, - OEMCrypto_ERROR_EXIT_SECURE_PLAYBACK_FAILED = 6, + OEMCrypto_ERROR_ENTER_SECURE_PLAYBACK_FAILED = 5, // deprecated + OEMCrypto_ERROR_EXIT_SECURE_PLAYBACK_FAILED = 6, // deprecated OEMCrypto_ERROR_SHORT_BUFFER = 7, - OEMCrypto_ERROR_NO_DEVICE_KEY = 8, + OEMCrypto_ERROR_NO_DEVICE_KEY = 8, // no keybox device key. OEMCrypto_ERROR_NO_ASSET_KEY = 9, OEMCrypto_ERROR_KEYBOX_INVALID = 10, OEMCrypto_ERROR_NO_KEYDATA = 11, @@ -68,6 +68,13 @@ typedef enum OEMCryptoResult { OEMCrypto_ERROR_INSUFFICIENT_RESOURCES = 37, OEMCrypto_ERROR_INSUFFICIENT_HDCP = 38, OEMCrypto_ERROR_BUFFER_TOO_LARGE = 39, + OEMCrypto_WARNING_GENERATION_SKEW = 40, // Warning, not an error. + OEMCrypto_ERROR_GENERATION_SKEW = 41, + OEMCrypto_LOCAL_DISPLAY_ONLY = 42, // Info, not an error. + OEMCrypto_ERROR_ANALOG_OUTPUT = 43, + OEMCrypto_ERROR_WRONG_PST = 44, + OEMCrypto_ERROR_WRONG_KEYS = 45, + OEMCrypto_ERROR_MISSING_MASTER = 46, } OEMCryptoResult; /* @@ -235,7 +242,7 @@ typedef struct { typedef enum OEMCrypto_Usage_Entry_Status { kUnused = 0, kActive = 1, - kInactive = 2 + kInactive = 2 // TODO(fredgc): http://b/32714323. used and unused. } OEMCrypto_Usage_Entry_Status; /* @@ -274,12 +281,12 @@ typedef enum RSA_Padding_Scheme { * level, and in GetHDCPCapability for reporting. */ typedef enum OEMCrypto_HDCP_Capability { - HDCP_NONE = 0, // No HDCP supported, no secure data path. - HDCP_V1 = 1, // HDCP version 1.0 - HDCP_V2 = 2, // HDCP version 2.0 - HDCP_V2_1 = 3, // HDCP version 2.1 - HDCP_V2_2 = 4, // HDCP version 2.2 Type 1. - HDCP_NO_DIGITAL_OUTPUT = 0xff // No digital output. + HDCP_NONE = 0, // No HDCP supported, no secure data path. + HDCP_V1 = 1, // HDCP version 1.0 + HDCP_V2 = 2, // HDCP version 2.0 Type 1. + HDCP_V2_1 = 3, // HDCP version 2.1 Type 1. + HDCP_V2_2 = 4, // HDCP version 2.2 Type 1. + HDCP_NO_DIGITAL_OUTPUT = 0xff // No digital output. } OEMCrypto_HDCP_Capability; /* Return value for OEMCrypto_GetProvisioningMethod(). */ @@ -291,6 +298,19 @@ typedef enum OEMCrypto_ProvisioningMethod { OEMCrypto_OEMCertificate = 3 // Device has factory installed OEM certificate. } OEMCrypto_ProvisioningMethod; +/* + * Flags indicating RSA keys supported. + */ +#define OEMCrypto_Supports_RSA_2048bit 0x1 +#define OEMCrypto_Supports_RSA_3072bit 0x2 +#define OEMCrypto_Supports_RSA_CAST 0x10 + +/* + * Flags indicating full decrypt path hash supported. + */ +#define OEMCrypto_Hash_Not_Supported 0 +#define OEMCrypto_HMAC_Clear_Buffer 1 + /* * Obfuscation Renames. */ @@ -324,10 +344,10 @@ typedef enum OEMCrypto_ProvisioningMethod { #define OEMCrypto_GetHDCPCapability_V9 _oecc28 #define OEMCrypto_SupportsUsageTable _oecc29 #define OEMCrypto_UpdateUsageTable _oecc30 -#define OEMCrypto_DeactivateUsageEntry _oecc31 +#define OEMCrypto_DeactivateUsageEntry_V12 _oecc31 #define OEMCrypto_ReportUsage _oecc32 #define OEMCrypto_DeleteUsageEntry _oecc33 -#define OEMCrypto_DeleteUsageTable _oecc34 +#define OEMCrypto_DeleteOldUsageTable _oecc34 #define OEMCrypto_LoadKeys_V9_or_V10 _oecc35 #define OEMCrypto_GenerateRSASignature _oecc36 #define OEMCrypto_GetMaxNumberOfSessions _oecc37 @@ -340,11 +360,30 @@ typedef enum OEMCrypto_ProvisioningMethod { #define OEMCrypto_GetHDCPCapability _oecc44 #define OEMCrypto_LoadTestRSAKey _oecc45 #define OEMCrypto_Security_Patch_Level _oecc46 -#define OEMCrypto_LoadKeys _oecc47 +#define OEMCrypto_LoadKeys_V12 _oecc47 #define OEMCrypto_DecryptCENC _oecc48 #define OEMCrypto_GetProvisioningMethod _oecc49 #define OEMCrypto_GetOEMPublicCertificate _oecc50 #define OEMCrypto_RewrapDeviceRSAKey30 _oecc51 +#define OEMCrypto_SupportedCertificates _oecc52 +#define OEMCrypto_IsSRMUpdateSupported _oecc53 +#define OEMCrypto_GetCurrentSRMVersion _oecc54 +#define OEMCrypto_LoadSRM _oecc55 +#define OEMCrypto_LoadKeys _oecc56 +#define OEMCrypto_RemoveSRM _oecc57 +#define OEMCrypto_SupportsDecryptHash _oecc58 +#define OEMCrypto_SetDecryptHash _oecc59 +#define OEMCrypto_VerifyDecryptHash _oecc60 +#define OEMCrypto_CreateUsageTableHeader _oecc61 +#define OEMCrypto_LoadUsageTableHeader _oecc62 +#define OEMCrypto_CreateNewUsageEntry _oecc63 +#define OEMCrypto_LoadUsageEntry _oecc64 +#define OEMCrypto_UpdateUsageEntry _oecc65 +#define OEMCrypto_DeactivateUsageEntry _oecc66 +#define OEMCrypto_ShrinkUsageTableHeader _oecc67 +#define OEMCrypto_MoveEntry _oecc68 +#define OEMCrypto_CopyOldUsageEntry _oecc69 +#define OEMCrypto_CreateOldUsageEntry _oecc70 /* @@ -442,6 +481,7 @@ OEMCryptoResult OEMCrypto_OpenSession(OEMCrypto_SESSION* session); * Version: * This method changed in API version 5. */ +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session); /* @@ -774,12 +814,14 @@ OEMCryptoResult OEMCrypto_GenerateSignature(OEMCrypto_SESSION session, * Version: * This method changed in API version 11. */ +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ + OEMCryptoResult OEMCrypto_LoadKeys( OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, const uint8_t* signature, size_t signature_length, const uint8_t* enc_mac_keys_iv, const uint8_t* enc_mac_keys, size_t num_keys, const OEMCrypto_KeyObject* key_array, const uint8_t* pst, - size_t pst_length); + size_t pst_length, const uint8_t* srm_requirement); /* * OEMCrypto_RefreshKeys @@ -1001,6 +1043,7 @@ OEMCryptoResult OEMCrypto_QueryKeyControl(OEMCrypto_SESSION session, * Version: * This method changed in API version 8. */ +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ OEMCryptoResult OEMCrypto_SelectKey(OEMCrypto_SESSION session, const uint8_t* key_id, size_t key_id_length); @@ -1177,6 +1220,7 @@ OEMCryptoResult OEMCrypto_SelectKey(OEMCrypto_SESSION session, * This method changed in API version 11. * This method changed its name in API version 11. */ +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ OEMCryptoResult OEMCrypto_DecryptCENC( OEMCrypto_SESSION session, const uint8_t* data_addr, size_t data_length, bool is_encrypted, const uint8_t* iv, size_t block_offset, @@ -1252,6 +1296,7 @@ OEMCryptoResult OEMCrypto_DecryptCENC( * Version * This method is added in API version 10. */ +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ OEMCryptoResult OEMCrypto_CopyBuffer(const uint8_t* data_addr, size_t data_length, OEMCrypto_DestBufferDesc* out_buffer, @@ -2237,6 +2282,9 @@ OEMCryptoResult OEMCrypto_GetNumberOfOpenSessions(size_t* count); */ OEMCryptoResult OEMCrypto_GetMaxNumberOfSessions(size_t* max); +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +uint32_t OEMCrypto_SupportedCertificates(); + /* * OEMCrypto_Generic_Encrypt * @@ -2508,7 +2556,8 @@ OEMCryptoResult OEMCrypto_Generic_Verify(OEMCrypto_SESSION session, * OEMCrypto_ERROR_UNKNOWN_FAILURE * * Version: - * This method changed in API version 9. + * This method is deprecated in API version 13. + * TODO(fredgc): remove this. */ OEMCryptoResult OEMCrypto_UpdateUsageTable(); @@ -2548,9 +2597,15 @@ OEMCryptoResult OEMCrypto_UpdateUsageTable(); * too large. * * Version: - * This method changed in API version 9. + * This method is deprecated in API version 13. + * TODO(fredgc): remove this. */ -OEMCryptoResult OEMCrypto_DeactivateUsageEntry(const uint8_t* pst, +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +OEMCryptoResult OEMCrypto_DeactivateUsageEntry_12(const uint8_t* pst, + size_t pst_length); +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +OEMCryptoResult OEMCrypto_DeactivateUsageEntry(OEMCrypto_SESSION session, + const uint8_t* pst, size_t pst_length); /* @@ -2576,7 +2631,8 @@ OEMCryptoResult OEMCrypto_DeactivateUsageEntry(const uint8_t* pst, * Valid values for status are: * 0 = kUnused -- the keys have not been used to decrypt. * 1 = kActive -- the keys have been used, and have not been deactivated. - * 2 = kInactive -- the keys have been marked inactive. + * 2 = kInactiveUsed -- the keys have been marked inactive after a decrypt. + * 3 = kInactiveUnused -- the keys have been marked inactive, no decrypt. * * The clock_security_level is reported as follows: * 0 = Insecure Clock - clock just uses system time. @@ -2634,6 +2690,7 @@ OEMCryptoResult OEMCrypto_DeactivateUsageEntry(const uint8_t* pst, * Version: * This method changed in API version 9. */ +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ OEMCryptoResult OEMCrypto_ReportUsage(OEMCrypto_SESSION session, const uint8_t* pst, size_t pst_length, OEMCrypto_PST_Report* buffer, @@ -2700,6 +2757,8 @@ OEMCryptoResult OEMCrypto_ReportUsage(OEMCrypto_SESSION session, * Version: * This method changed in API version 9. */ +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +/* TODO(fredgc): remove this. */ OEMCryptoResult OEMCrypto_DeleteUsageEntry( OEMCrypto_SESSION session, const uint8_t* pst, size_t pst_length, const uint8_t* message, size_t message_length, const uint8_t* signature, @@ -2746,6 +2805,8 @@ OEMCryptoResult OEMCrypto_DeleteUsageEntry( * Version * This method changed in API version 10. */ +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +/* TODO(fredgc): remove this. */ OEMCryptoResult OEMCrypto_ForceDeleteUsageEntry(const uint8_t* pst, size_t pst_length); @@ -2772,7 +2833,70 @@ OEMCryptoResult OEMCrypto_ForceDeleteUsageEntry(const uint8_t* pst, * Version: * This method changed in API version 9. */ -OEMCryptoResult OEMCrypto_DeleteUsageTable(); +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +OEMCryptoResult OEMCrypto_DeleteOldUsageTable(); + +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +OEMCryptoResult OEMCrypto_CreateOldUsageEntry(uint64_t time_since_license_received, + uint64_t time_since_first_decrypt, + uint64_t time_since_last_decrypt, + OEMCrypto_Usage_Entry_Status status, + uint8_t *server_mac_key, + uint8_t *client_mac_key, + const uint8_t* pst, + size_t pst_length); + +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +bool OEMCrypto_IsSRMUpdateSupported(); + +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +OEMCryptoResult OEMCrypto_GetCurrentSRMVersion(uint16_t* version); + + +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +OEMCryptoResult OEMCrypto_LoadSRM(const uint8_t* buffer, + size_t buffer_length); + +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +OEMCryptoResult OEMCrypto_RemoveSRM(); + +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +OEMCryptoResult OEMCrypto_CreateUsageTableHeader(); + +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +OEMCryptoResult OEMCrypto_LoadUsageTableHeader(const uint8_t* buffer, + size_t buffer_length); + +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +OEMCryptoResult OEMCrypto_CreateNewUsageEntry(OEMCrypto_SESSION session, + uint32_t* usage_entry_number); + +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +OEMCryptoResult OEMCrypto_LoadUsageEntry(OEMCrypto_SESSION session, + uint32_t index, + const uint8_t* buffer, + size_t buffer_size); + +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +OEMCryptoResult OEMCrypto_UpdateUsageEntry(OEMCrypto_SESSION session, + uint8_t* header_buffer, + size_t* header_buffer_length, + uint8_t* entry_buffer, + size_t* entry_buffer_length); + +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +OEMCryptoResult OEMCrypto_ShrinkUsageTableHeader(uint32_t new_entry_count, + uint8_t* header_buffer, + size_t* header_buffer_length); + +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +OEMCryptoResult OEMCrypto_MoveEntry(OEMCrypto_SESSION session, + uint32_t new_index); + +/* TODO(fredgc): copy text from http://go/wvgerrit/22887 */ +OEMCryptoResult OEMCrypto_CopyOldUsageEntry(OEMCrypto_SESSION session, + const uint8_t*pst, + size_t pst_length); #ifdef __cplusplus } diff --git a/libwvdrmengine/oemcrypto/include/level3.h b/libwvdrmengine/oemcrypto/include/level3.h index e3509ac4..5e79b8bc 100644 --- a/libwvdrmengine/oemcrypto/include/level3.h +++ b/libwvdrmengine/oemcrypto/include/level3.h @@ -31,7 +31,6 @@ namespace wvoec3 { #define Level3_GenerateDerivedKeys _lcc12 #define Level3_GenerateSignature _lcc13 #define Level3_GenerateNonce _lcc14 -#define Level3_LoadKeys _lcc15 #define Level3_RefreshKeys _lcc16 #define Level3_SelectKey _lcc17 #define Level3_RewrapDeviceRSAKey _lcc18 @@ -50,7 +49,7 @@ namespace wvoec3 { #define Level3_DeactivateUsageEntry _lcc31 #define Level3_ReportUsage _lcc32 #define Level3_DeleteUsageEntry _lcc33 -#define Level3_DeleteUsageTable _lcc34 +#define Level3_DeleteOldUsageTable _lcc34 #define Level3_GetMaxNumberOfSessions _lcc37 #define Level3_GetNumberOfOpenSessions _lcc38 #define Level3_IsAntiRollbackHwPresent _lcc39 @@ -63,7 +62,24 @@ namespace wvoec3 { #define Level3_GetProvisioningMethod _lcc49 #define Level3_GetOEMPublicCertificate _lcc50 #define Level3_RewrapDeviceRSAKey30 _lcc51 - +#define Level3_SupportedCertificates _lcc52 +#define Level3_IsSRMUpdateSupported _lcc53 +#define Level3_GetCurrentSRMVersion _lcc54 +#define Level3_LoadSRM _lcc55 +#define Level3_LoadKeys _lcc56 +#define Level3_RemoveSRM _lcc57 +#define Level3_SupportsDecryptHash _lcc58 +#define Level3_SetDecryptHash _lcc59 +#define Level3_VerifyDecryptHash _lcc60 +#define Level3_CreateUsageTableHeader _lcc61 +#define Level3_LoadUsageTableHeader _lcc62 +#define Level3_CreateNewUsageEntry _lcc63 +#define Level3_LoadUsageEntry _lcc64 +#define Level3_UpdateUsageEntry _lcc65 +#define Level3_ShrinkUsageTableHeader _lcc67 +#define Level3_MoveEntry _lcc68 +#define Level3_CopyOldUsageEntry _lcc69 +#define Level3_CreateOldUsageEntry _lcc70 extern "C" { bool Level3_IsInApp(const char* path); @@ -83,17 +99,12 @@ OEMCryptoResult Level3_GenerateSignature(OEMCrypto_SESSION session, size_t message_length, uint8_t* signature, size_t* signature_length); -OEMCryptoResult Level3_LoadKeys(OEMCrypto_SESSION session, - const uint8_t* message, - size_t message_length, - const uint8_t* signature, - size_t signature_length, - const uint8_t* enc_mac_key_iv, - const uint8_t* enc_mac_key, - size_t num_keys, - const OEMCrypto_KeyObject* key_array, - const uint8_t* pst, - size_t pst_length); +OEMCryptoResult Level3_LoadKeys( + OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, + const uint8_t* signature, size_t signature_length, + const uint8_t* enc_mac_keys_iv, const uint8_t* enc_mac_keys, + size_t num_keys, const OEMCrypto_KeyObject* key_array, const uint8_t* pst, + size_t pst_length, const uint8_t* srm_requirement); OEMCryptoResult Level3_RefreshKeys(OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, @@ -188,6 +199,7 @@ bool Level3_SupportsUsageTable(); bool Level3_IsAntiRollbackHwPresent(); OEMCryptoResult Level3_GetNumberOfOpenSessions(size_t* count); OEMCryptoResult Level3_GetMaxNumberOfSessions(size_t* maximum); +uint32_t Level3_SupportedCertificates(); OEMCryptoResult Level3_Generic_Encrypt(OEMCrypto_SESSION session, const uint8_t* in_buffer, size_t buffer_length, @@ -213,7 +225,8 @@ OEMCryptoResult Level3_Generic_Verify(OEMCrypto_SESSION session, const uint8_t* signature, size_t signature_length); OEMCryptoResult Level3_UpdateUsageTable(); -OEMCryptoResult Level3_DeactivateUsageEntry(const uint8_t *pst, +OEMCryptoResult Level3_DeactivateUsageEntry(OEMCrypto_SESSION session, + const uint8_t *pst, size_t pst_length); OEMCryptoResult Level3_ReportUsage(OEMCrypto_SESSION session, const uint8_t *pst, @@ -229,7 +242,48 @@ OEMCryptoResult Level3_DeleteUsageEntry(OEMCrypto_SESSION session, size_t signature_length); OEMCryptoResult Level3_ForceDeleteUsageEntry(const uint8_t* pst, size_t pst_length); -OEMCryptoResult Level3_DeleteUsageTable(); +OEMCryptoResult Level3_DeleteOldUsageTable(); +bool Level3_IsSRMUpdateSupported(); +OEMCryptoResult Level3_GetCurrentSRMVersion(uint16_t* version); +OEMCryptoResult Level3_LoadSRM(const uint8_t* buffer, + size_t buffer_length); +OEMCryptoResult Level3_RemoveSRM(); +uint32_t Level3_SupportsDecryptHash(); +OEMCryptoResult Level3_SetDecryptHash(OEMCrypto_SESSION session, + const uint8_t* hash, + size_t hash_length); +OEMCryptoResult Level3_VerifyDecryptHash(OEMCrypto_SESSION session, + uint64_t* failure_data); +OEMCryptoResult Level3_CreateUsageTableHeader(); +OEMCryptoResult Level3_LoadUsageTableHeader(const uint8_t* buffer, + size_t buffer_length); +OEMCryptoResult Level3_CreateNewUsageEntry(OEMCrypto_SESSION session, + uint32_t *usage_entry_number); +OEMCryptoResult Level3_LoadUsageEntry(OEMCrypto_SESSION session, + uint32_t index, + const uint8_t *buffer, + size_t buffer_size); +OEMCryptoResult Level3_UpdateUsageEntry(OEMCrypto_SESSION session, + uint8_t* header_buffer, + size_t* header_buffer_length, + uint8_t* entry_buffer, + size_t* entry_buffer_length); +OEMCryptoResult Level3_ShrinkUsageTableHeader(uint32_t new_table_size, + uint8_t* header_buffer, + size_t* header_buffer_length); +OEMCryptoResult Level3_MoveEntry(OEMCrypto_SESSION session, + uint32_t new_index); +OEMCryptoResult Level3_CopyOldUsageEntry(OEMCrypto_SESSION session, + const uint8_t*pst, + size_t pst_length); +OEMCryptoResult Level3_CreateOldUsageEntry(uint64_t time_since_license_received, + uint64_t time_since_first_decrypt, + uint64_t time_since_last_decrypt, + OEMCrypto_Usage_Entry_Status status, + uint8_t *server_mac_key, + uint8_t *client_mac_key, + const uint8_t* pst, + size_t pst_length); } // extern "C" } // namespace wvoec3 diff --git a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_key_mock.cpp b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_key_mock.cpp index b163b392..af0c949e 100644 --- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_key_mock.cpp +++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_key_mock.cpp @@ -18,7 +18,8 @@ bool KeyControlBlock::Validate() { memcmp(verification_, "kc09", 4) && // add in version 9 api memcmp(verification_, "kc10", 4) && // add in version 10 api memcmp(verification_, "kc11", 4) && // add in version 11 api - memcmp(verification_, "kc12", 4)) { // add in version 12 api + memcmp(verification_, "kc12", 4) && // add in version 11 api + memcmp(verification_, "kc13", 4)) { // add in version 13 api LOGE("KCB: BAD verification string: %4.4s", verification_); valid_ = false; } else { diff --git a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_mock.cpp b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_mock.cpp index 2fbddb66..048d2327 100644 --- a/libwvdrmengine/oemcrypto/mock/src/oemcrypto_mock.cpp +++ b/libwvdrmengine/oemcrypto/mock/src/oemcrypto_mock.cpp @@ -305,7 +305,8 @@ OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session, size_t num_keys, const OEMCrypto_KeyObject* key_array, const uint8_t* pst, - size_t pst_length) { + size_t pst_length, + const uint8_t* srm_requirement) { if (!crypto_engine) { LOGE("OEMCrypto_LoadKeys: OEMCrypto Not Initialized."); return OEMCrypto_ERROR_UNKNOWN_FAILURE; @@ -1380,7 +1381,7 @@ OEMCryptoResult OEMCrypto_DeriveKeysFromSessionKey( extern "C" uint32_t OEMCrypto_APIVersion() { - return 12; + return 13; } extern "C" @@ -1471,6 +1472,12 @@ bool OEMCrypto_IsAntiRollbackHwPresent() { return anti_rollback_hw_present; } +extern "C" +uint32_t OEMCrypto_SupportedCertificates() { + return OEMCrypto_Supports_RSA_2048bit | OEMCrypto_Supports_RSA_3072bit + | OEMCrypto_Supports_RSA_CAST; +} + extern "C" OEMCryptoResult OEMCrypto_Generic_Encrypt(OEMCrypto_SESSION session, const uint8_t* in_buffer, @@ -1660,7 +1667,8 @@ OEMCryptoResult OEMCrypto_UpdateUsageTable() { } extern "C" -OEMCryptoResult OEMCrypto_DeactivateUsageEntry(const uint8_t *pst, +OEMCryptoResult OEMCrypto_DeactivateUsageEntry(OEMCrypto_SESSION session, + const uint8_t *pst, size_t pst_length) { if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) { LOGI("-- OEMCryptoResult OEMCrypto_DeactivateUsageEntry(\n"); @@ -1795,12 +1803,12 @@ OEMCryptoResult OEMCrypto_ForceDeleteUsageEntry(const uint8_t* pst, } extern "C" -OEMCryptoResult OEMCrypto_DeleteUsageTable() { +OEMCryptoResult OEMCrypto_DeleteOldUsageTable() { if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) { - LOGI("-- OEMCryptoResult OEMCrypto_DeleteUsageTable()\n"); + LOGI("-- OEMCryptoResult OEMCrypto_DeleteOldUsageTable()\n"); } if (!crypto_engine) { - LOGE("OEMCrypto_DeleteUsageTable: OEMCrypto Not Initialized."); + LOGE("OEMCrypto_DeleteOldUsageTable: OEMCrypto Not Initialized."); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } if (!crypto_engine->config_supports_usage_table()) { @@ -1811,4 +1819,79 @@ OEMCryptoResult OEMCrypto_DeleteUsageTable() { return OEMCrypto_SUCCESS; } +extern "C" +bool OEMCrypto_IsSRMUpdateSupported() { + return false; +} + +extern "C" +OEMCryptoResult OEMCrypto_GetCurrentSRMVersion(uint16_t* version) { + return OEMCrypto_ERROR_NOT_IMPLEMENTED; +} + +extern "C" +OEMCryptoResult OEMCrypto_LoadSRM(const uint8_t* buffer, + size_t buffer_length) { + return OEMCrypto_ERROR_NOT_IMPLEMENTED; +} + +extern "C" +OEMCryptoResult OEMCrypto_RemoveSRM() { + return OEMCrypto_ERROR_NOT_IMPLEMENTED; +} + +extern "C" +OEMCryptoResult OEMCrypto_CreateUsageTableHeader() { + return OEMCrypto_ERROR_NOT_IMPLEMENTED; +} + +extern "C" +OEMCryptoResult OEMCrypto_LoadUsageTableHeader(const uint8_t* buffer, + size_t buffer_length) { + return OEMCrypto_ERROR_NOT_IMPLEMENTED; +} + +extern "C" +OEMCryptoResult OEMCrypto_CreateNewUsageEntry(OEMCrypto_SESSION session, + uint32_t *usage_entry_number) { + return OEMCrypto_ERROR_NOT_IMPLEMENTED; +} + +extern "C" +OEMCryptoResult OEMCrypto_LoadUsageEntry(OEMCrypto_SESSION session, + uint32_t index, + const uint8_t *buffer, + size_t buffer_size) { + return OEMCrypto_ERROR_NOT_IMPLEMENTED; +} + +extern "C" +OEMCryptoResult OEMCrypto_UpdateUsageEntry(OEMCrypto_SESSION session, + uint8_t* header_buffer, + size_t* header_buffer_length, + uint8_t* entry_buffer, + size_t* entry_buffer_length) { + return OEMCrypto_ERROR_NOT_IMPLEMENTED; +} + +extern "C" +OEMCryptoResult OEMCrypto_ShrinkUsageTableHeader(uint32_t new_table_size, + uint8_t* header_buffer, + size_t* header_buffer_length) { + return OEMCrypto_ERROR_NOT_IMPLEMENTED; +} + +extern "C" +OEMCryptoResult OEMCrypto_MoveEntry(OEMCrypto_SESSION session, + uint32_t new_index) { + return OEMCrypto_ERROR_NOT_IMPLEMENTED; +} + +extern "C" +OEMCryptoResult OEMCrypto_CopyOldUsageEntry(OEMCrypto_SESSION session, + const uint8_t* pst, + size_t pst_length) { + return OEMCrypto_ERROR_NOT_IMPLEMENTED; +} + } // namespace wvoec_mock diff --git a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp index f6c0f72f..c9df8ac9 100644 --- a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp +++ b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp @@ -222,7 +222,8 @@ void Session::LoadTestKeys(const std::string& pst, bool new_mac_keys) { &signature_[0], signature_.size(), encrypted_license().mac_key_iv, encrypted_license().mac_keys, num_keys_, - key_array_, pst_ptr, pst.length())); + key_array_, pst_ptr, pst.length(), + NULL)); // Update new generated keys. memcpy(&mac_key_server_[0], license_.mac_keys, wvcdm::MAC_KEY_SIZE); memcpy(&mac_key_client_[0], license_.mac_keys + wvcdm::MAC_KEY_SIZE, @@ -231,7 +232,8 @@ void Session::LoadTestKeys(const std::string& pst, bool new_mac_keys) { ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_LoadKeys(session_id(), message_ptr(), message_size_, &signature_[0], signature_.size(), NULL, NULL, - num_keys_, key_array_, pst_ptr, pst.length())); + num_keys_, key_array_, pst_ptr, pst.length(), + NULL)); } VerifyTestKeys(); } diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp index 60f61e6f..43c38872 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp @@ -90,7 +90,7 @@ TEST_F(OEMCryptoClientTest, VersionNumber) { cout << " OEMCrypto does not support usage tables." << endl; } ASSERT_GE(version, 8u); - ASSERT_LE(version, 12u); + ASSERT_LE(version, 13u); } TEST_F(OEMCryptoClientTest, ProvisioningDeclaredAPI12) { @@ -592,7 +592,7 @@ class OEMCryptoSessionTests : public OEMCryptoClientTest { virtual void SetUp() { OEMCryptoClientTest::SetUp(); EnsureTestKeys(); - if (global_features.usage_table) OEMCrypto_DeleteUsageTable(); + if (global_features.usage_table) OEMCrypto_DeleteOldUsageTable(); } void EnsureTestKeys() { @@ -938,7 +938,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadRange1) { s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, &mac_keys[0], // Not pointing into buffer. - s.num_keys(), s.key_array(), NULL, 0); + s.num_keys(), s.key_array(), NULL, 0, NULL); ASSERT_NE(OEMCrypto_SUCCESS, sts); } @@ -956,7 +956,8 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadRange2) { s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), &mac_key_iv[0], // bad. - s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0); + s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0, + NULL); ASSERT_NE(OEMCrypto_SUCCESS, sts); } @@ -974,7 +975,8 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadRange3) { OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, - s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0); + s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0, + NULL); ASSERT_NE(OEMCrypto_SUCCESS, sts); } @@ -993,7 +995,8 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadRange4) { OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, - s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0); + s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0, + NULL); ASSERT_NE(OEMCrypto_SUCCESS, sts); } @@ -1010,7 +1013,8 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadRange5) { OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, - s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0); + s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0, + NULL); ASSERT_NE(OEMCrypto_SUCCESS, sts); } @@ -1029,7 +1033,8 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadRange6) { OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, - s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0); + s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0, + NULL); ASSERT_NE(OEMCrypto_SUCCESS, sts); } @@ -1048,7 +1053,8 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadRange7) { OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, - s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0); + s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0, + NULL); ASSERT_NE(OEMCrypto_SUCCESS, sts); } @@ -1063,7 +1069,8 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadNonce) { OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, - s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0); + s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0, + NULL); ASSERT_NE(OEMCrypto_SUCCESS, sts); } @@ -1088,7 +1095,8 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithRepeatNonce) { OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, - s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0); + s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0, + NULL); ASSERT_NE(OEMCrypto_SUCCESS, sts); } @@ -1103,7 +1111,8 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadVerification) { OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, - s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0); + s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0, + NULL); ASSERT_NE(OEMCrypto_SUCCESS, sts); } @@ -1137,7 +1146,8 @@ TEST_P(SessionTestAlternateVerification, LoadKeys) { OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, - s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0); + s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0, + NULL); // If this is a future API, then LoadKeys should fail. if (global_features.api_version < target_api_) { ASSERT_NE(OEMCrypto_SUCCESS, sts); @@ -1163,7 +1173,8 @@ TEST_F(OEMCryptoSessionTests, LoadKeysBadSignature) { OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, - s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0); + s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0, + NULL); ASSERT_NE(OEMCrypto_SUCCESS, sts); } @@ -1176,7 +1187,8 @@ TEST_F(OEMCryptoSessionTests, LoadKeysWithNoDerivedKeys) { OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, - s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0); + s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0, + NULL); ASSERT_NE(OEMCrypto_SUCCESS, sts); } @@ -1193,7 +1205,8 @@ TEST_F(OEMCryptoSessionTests, LoadKeyNoKeys) { OEMCrypto_SUCCESS, OEMCrypto_LoadKeys(s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), NULL, NULL, - kNoKeys, s.key_array(), NULL, 0)); + kNoKeys, s.key_array(), NULL, 0, + NULL)); } TEST_F(OEMCryptoSessionTests, LoadKeyNoKeyWithNonce) { @@ -1208,7 +1221,8 @@ TEST_F(OEMCryptoSessionTests, LoadKeyNoKeyWithNonce) { OEMCrypto_SUCCESS, OEMCrypto_LoadKeys(s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), NULL, NULL, - kNoKeys, s.key_array(), NULL, 0)); + kNoKeys, s.key_array(), NULL, 0, + NULL)); } TEST_F(OEMCryptoSessionTests, QueryKeyControl) { @@ -1248,7 +1262,8 @@ TEST_F(OEMCryptoSessionTests, AntiRollbackHardwareRequired) { OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, - s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0); + s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0, + NULL); if (OEMCrypto_IsAntiRollbackHwPresent()) { ASSERT_EQ(OEMCrypto_SUCCESS, sts); } else { @@ -1271,7 +1286,8 @@ TEST_F(OEMCryptoSessionTests, CheckMinimumPatchLevel) { &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, s.encrypted_license().mac_keys, s.num_keys(), - s.key_array(), NULL, 0)); + s.key_array(), NULL, 0, + NULL)); if (patch_level < 0x3F) { Session s; ASSERT_NO_FATAL_FAILURE(s.open()); @@ -1286,7 +1302,8 @@ TEST_F(OEMCryptoSessionTests, CheckMinimumPatchLevel) { &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, s.encrypted_license().mac_keys, s.num_keys(), - s.key_array(), NULL, 0)); + s.key_array(), NULL, 0, + NULL)); } if (patch_level > 0) { Session s; @@ -1302,7 +1319,8 @@ TEST_F(OEMCryptoSessionTests, CheckMinimumPatchLevel) { &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, s.encrypted_license().mac_keys, s.num_keys(), - s.key_array(), NULL, 0)); + s.key_array(), NULL, 0, + NULL)); } } @@ -4280,7 +4298,7 @@ class UsageTableTest : public GenericCryptoTest { void DeactivatePST(const std::string& pst) { ASSERT_EQ(OEMCrypto_SUCCESS, - OEMCrypto_DeactivateUsageEntry( + OEMCrypto_DeactivateUsageEntry(0, reinterpret_cast(pst.c_str()), pst.length())); } @@ -4457,7 +4475,8 @@ TEST_F(UsageTableTest, RepeatOnlineLicense) { &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, s.encrypted_license().mac_keys, s.num_keys(), - s.key_array(), pst_ptr, pst.length())); + s.key_array(), pst_ptr, pst.length(), + NULL)); ASSERT_NO_FATAL_FAILURE(s2.close()); } @@ -4474,7 +4493,8 @@ TEST_F(UsageTableTest, OnlineEmptyPST) { OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, - s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0); + s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0, + NULL); ASSERT_NE(OEMCrypto_SUCCESS, sts); ASSERT_NO_FATAL_FAILURE(s.close()); } @@ -4492,7 +4512,7 @@ TEST_F(UsageTableTest, EmptyTable) { ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys(pst, new_mac_keys_)); s.GenerateReport(pst); ASSERT_NO_FATAL_FAILURE(s.close()); - OEMCrypto_DeleteUsageTable(); + OEMCrypto_DeleteOldUsageTable(); Session s2; ASSERT_NO_FATAL_FAILURE(s2.open()); s2.GenerateReport(pst, false); @@ -4803,11 +4823,11 @@ TEST_P(UsageTableTestWithMAC, DeleteEntryBadRange) { TEST_P(UsageTableTestWithMAC, DeactivateBadPST) { ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable()); std::string pst = "nonexistant pst"; - OEMCryptoResult sts = OEMCrypto_DeactivateUsageEntry( + OEMCryptoResult sts = OEMCrypto_DeactivateUsageEntry(0, reinterpret_cast(pst.c_str()), pst.length()); EXPECT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT, sts); std::string null_pst = ""; - sts = OEMCrypto_DeactivateUsageEntry( + sts = OEMCrypto_DeactivateUsageEntry(0, reinterpret_cast(null_pst.c_str()), null_pst.length()); EXPECT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT, sts); } @@ -5160,7 +5180,8 @@ TEST_P(UsageTableTestWithMAC, BadReloadOfflineLicense) { &s2.signature()[0], s2.signature().size(), s2.encrypted_license().mac_key_iv, s2.encrypted_license().mac_keys, s.num_keys(), - s2.key_array(), pst_ptr, pst.length())); + s2.key_array(), pst_ptr, pst.length(), + NULL)); ASSERT_NO_FATAL_FAILURE(s2.close()); // Offline license with same mac keys should still be OK. @@ -5186,7 +5207,8 @@ TEST_P(UsageTableTestWithMAC, OfflineBadNonce) { s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), pst_ptr, - pst.length()); + pst.length(), + NULL); ASSERT_NE(OEMCrypto_SUCCESS, sts); ASSERT_NO_FATAL_FAILURE(s.close()); } @@ -5203,7 +5225,8 @@ TEST_P(UsageTableTestWithMAC, OfflineEmptyPST) { OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, - s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0); + s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0, + NULL); ASSERT_NE(OEMCrypto_SUCCESS, sts); ASSERT_NO_FATAL_FAILURE(s.close()); } @@ -5241,7 +5264,8 @@ TEST_P(UsageTableTestWithMAC, DeactivateOfflineLicense) { &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, s.encrypted_license().mac_keys, s.num_keys(), - s.key_array(), pst_ptr, pst.length())); + s.key_array(), pst_ptr, pst.length(), + NULL)); // But we can still generate a report. Session s3; ASSERT_NO_FATAL_FAILURE(s3.open()); @@ -5265,7 +5289,8 @@ TEST_P(UsageTableTestWithMAC, BadRange) { &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, s.encrypted_license().mac_keys, s.num_keys(), - s.key_array(), pst_ptr, pst.length())); + s.key_array(), pst_ptr, pst.length(), + NULL)); } TEST_F(UsageTableTest, TimingTest) { @@ -5530,7 +5555,8 @@ TEST_F(UsageTableTest, PSTLargeBuffer) { &s.signature()[0], s.signature().size(), s.encrypted_license().mac_key_iv, s.encrypted_license().mac_keys, s.num_keys(), - s.key_array(), pst_ptr, pst.length())); + s.key_array(), pst_ptr, pst.length(), + NULL)); // But we can still generate a report. Session s3; ASSERT_NO_FATAL_FAILURE(s3.open());