widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ODK: forward compatibility and nonce-free offline license support am: 8dc1d7a11d am: 5bb396fb72

Browse Source 
Original change: https://googleplex-android-review.googlesource.com/c/platform/vendor/widevine/+/11688972

Change-Id: I92345d75991bfbe9f1214dd61350b0be90eac8fb
This commit is contained in:
Fred Gylys-Colwell
2020-06-02 22:01:46 +00:00
committed by Automerger Merge Worker
parent f588353820 5bb396fb72
commit d2830141cc
4 changed files with 39 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libwvdrmengine/oemcrypto/odk/include/odk_structs.h
View File

@@ -14,6 +14,12 @@
#define ODK_MAJOR_VERSION 16 #define ODK_MAJOR_VERSION 16
#define ODK_MINOR_VERSION 2 #define ODK_MINOR_VERSION 2
/* ODK Version string. Date changed automatically on each release. */
#define ODK_RELEASE_DATE "ODK v16.2 2020-05-30"
/* The lowest version number for an ODK message. */
#define ODK_FIRST_VERSION 16
/* Some useful constants. */ /* Some useful constants. */
#define ODK_DEVICE_ID_LEN_MAX 64 #define ODK_DEVICE_ID_LEN_MAX 64
#define ODK_SHA256_HASH_SIZE 32 #define ODK_SHA256_HASH_SIZE 32

15
libwvdrmengine/oemcrypto/odk/src/core_message_deserialize.cpp
View File

@@ -19,9 +19,6 @@ namespace oemcrypto_core_message {
namespace deserialize { namespace deserialize {
namespace { namespace {
constexpr int EARLIEST_OEMCRYPTO_VERSION_WITH_ODK = 16;
constexpr int LATEST_OEMCRYPTO_VERSION = 16;
/** /**
* Template for parsing requests * Template for parsing requests
* *
@@ -59,21 +56,19 @@ bool ParseRequest(uint32_t message_type,
core_request->session_id = core_message.nonce_values.session_id; core_request->session_id = core_message.nonce_values.session_id;
// Verify that the minor version matches the released version for the given // Verify that the minor version matches the released version for the given
// major version. // major version.
if ((core_request->api_major_version < EARLIEST_OEMCRYPTO_VERSION_WITH_ODK) || if (core_request->api_major_version < ODK_FIRST_VERSION) {
(core_request->api_major_version > LATEST_OEMCRYPTO_VERSION)) { // Non existing versions are not supported.
// Non existing and future versions are not supported.
return false; return false;
} else if (core_request->api_major_version == 16) { } else if (core_request->api_major_version == 16) {
// For version 16, we demand a minor version of at least 2. // For version 16, we demand a minor version of at least 2.
// We accept 16.2, 16.3, or higher.
if (core_request->api_major_version < 2) return false; if (core_request->api_major_version < 2) return false;
} else { } else {
// Other versions do not (yet) have a restriction on minor number. // Other versions do not (yet) have a restriction on minor number.
// In particular, future versions are accepted for forward compatibility.
} }
return core_message.message_type == message_type && return core_message.message_type == message_type &&
core_message.message_length == GetOffset(msg) && core_message.message_length == GetOffset(msg);
core_request->api_major_version >=
EARLIEST_OEMCRYPTO_VERSION_WITH_ODK &&
core_request->api_major_version <= LATEST_OEMCRYPTO_VERSION;
} }
} // namespace } // namespace

6
libwvdrmengine/oemcrypto/odk/src/core_message_serialize.cpp
View File

@@ -41,6 +41,12 @@ bool CreateResponse(uint32_t message_type, const S& core_request,
header->nonce_values.api_minor_version = core_request.api_minor_version; header->nonce_values.api_minor_version = core_request.api_minor_version;
header->nonce_values.nonce = core_request.nonce; header->nonce_values.nonce = core_request.nonce;
header->nonce_values.session_id = core_request.session_id; header->nonce_values.session_id = core_request.session_id;
// The message API version for the response is the minimum of our version and
// the request's version.
if (core_request.api_major_version > ODK_MAJOR_VERSION) {
header->nonce_values.api_major_version = ODK_MAJOR_VERSION;
header->nonce_values.api_minor_version = ODK_MINOR_VERSION;
}
static constexpr size_t BUF_CAPACITY = 2048; static constexpr size_t BUF_CAPACITY = 2048;
std::vector<uint8_t> buf(BUF_CAPACITY, 0); std::vector<uint8_t> buf(BUF_CAPACITY, 0);

28
libwvdrmengine/oemcrypto/odk/src/odk.c
View File

@@ -190,9 +190,9 @@ OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message,
* renewal. All releases use v15. */ * renewal. All releases use v15. */
if (clock_values->timer_status == ODK_CLOCK_TIMER_STATUS_LICENSE_NOT_LOADED || if (clock_values->timer_status == ODK_CLOCK_TIMER_STATUS_LICENSE_NOT_LOADED ||
clock_values->timer_status == ODK_CLOCK_TIMER_STATUS_LICENSE_INACTIVE) { clock_values->timer_status == ODK_CLOCK_TIMER_STATUS_LICENSE_INACTIVE) {
nonce_values->api_major_version = 15; nonce_values->api_major_version = ODK_FIRST_VERSION - 1;
} }
if (nonce_values->api_major_version < 16) { if (nonce_values->api_major_version < ODK_FIRST_VERSION) {
*core_message_size = 0; *core_message_size = 0;
return OEMCrypto_SUCCESS; return OEMCrypto_SUCCESS;
} }
@@ -270,12 +270,28 @@ OEMCryptoResult ODK_ParseLicense(
return err; return err;
} }
/* This function should not be used for legacy licenses. */ /* We do not support future API version. Also, this function should not be
if (license_response.request.core_message.nonce_values.api_major_version != * used for legacy licenses. */
ODK_MAJOR_VERSION) { if (license_response.request.core_message.nonce_values.api_major_version >
ODK_MAJOR_VERSION ||
license_response.request.core_message.nonce_values.api_major_version <
ODK_FIRST_VERSION) {
return ODK_UNSUPPORTED_API; return ODK_UNSUPPORTED_API;
} }
/* If the server sent us an older format, record the license's API version. */
if (nonce_values->api_major_version >
license_response.request.core_message.nonce_values.api_major_version) {
nonce_values->api_major_version =
license_response.request.core_message.nonce_values.api_major_version;
nonce_values->api_minor_version =
license_response.request.core_message.nonce_values.api_minor_version;
} else if (nonce_values->api_minor_version >
license_response.request.core_message.nonce_values
.api_minor_version) {
nonce_values->api_minor_version =
license_response.request.core_message.nonce_values.api_minor_version;
}
/* If the license has a provider session token (pst), then OEMCrypto should /* If the license has a provider session token (pst), then OEMCrypto should
* have a usage entry loaded. The opposite is also an error. */ * have a usage entry loaded. The opposite is also an error. */
if ((usage_entry_present && parsed_license->pst.length == 0) || if ((usage_entry_present && parsed_license->pst.length == 0) ||
@@ -302,7 +318,7 @@ OEMCryptoResult ODK_ParseLicense(
* OEMCrypto stores a hash of the core license request and only signs the * OEMCrypto stores a hash of the core license request and only signs the
* message body. Here, when we process the license response, we verify that * message body. Here, when we process the license response, we verify that
* the server has the same hash of the core request. */ * the server has the same hash of the core request. */
if (initial_license_load && if (initial_license_load && parsed_license->nonce_required &&
crypto_memcmp(request_hash, license_response.request_hash, crypto_memcmp(request_hash, license_response.request_hash,
ODK_SHA256_HASH_SIZE)) { ODK_SHA256_HASH_SIZE)) {
return ODK_ERROR_CORE_MESSAGE; return ODK_ERROR_CORE_MESSAGE;