Source release 19.1.0

2024-03-28 19:21:54 -07:00
parent 28ec8548c6
commit b8bdfccebe
182 changed files with 10645 additions and 2040 deletions
--- a/oemcrypto/odk/src/odk.c
+++ b/oemcrypto/odk/src/odk.c
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC. All rights reserved. This file and proprietary
+// Copyright 2019 Google LLC. This file and proprietary
 // source code may only be used and distributed under the Widevine
 // License Agreement.

@@ -9,6 +9,7 @@
 #include <stdio.h>
 #include <string.h>

+#include "OEMCryptoCENCCommon.h"
 #include "odk_message.h"
 #include "odk_overflow.h"
 #include "odk_serialize.h"
@@ -65,6 +66,15 @@ static OEMCryptoResult ODK_PrepareRequest(
      }
      break;
    }
+    case ODK_Release_Request_Type: {
+      core_message->message_length = ODK_RELEASE_REQUEST_SIZE;
+      if (sizeof(ODK_PreparedReleaseRequest) > prepared_request_buffer_length) {
+        return ODK_ERROR_CORE_MESSAGE;
+      }
+      Pack_ODK_PreparedReleaseRequest(
+          &msg, (ODK_PreparedReleaseRequest*)prepared_request_buffer);
+      break;
+    }
    case ODK_Renewal_Request_Type: {
      core_message->message_length = ODK_RENEWAL_REQUEST_SIZE;
      if (sizeof(ODK_PreparedRenewalRequest) > prepared_request_buffer_length) {
@@ -223,6 +233,34 @@ OEMCryptoResult ODK_PrepareCoreLicenseRequest(
  }
 }

+OEMCryptoResult ODK_PrepareCoreReleaseRequest(
+    uint8_t* message, size_t message_length, size_t* core_message_size,
+    ODK_NonceValues* nonce_values, uint32_t status,
+    uint32_t clock_security_level, int64_t seconds_since_license_requested,
+    int64_t seconds_since_first_decrypt, ODK_ClockValues* clock_values,
+    uint64_t system_time_seconds) {
+  (void)status;
+  (void)clock_security_level;
+  (void)seconds_since_license_requested;
+  (void)seconds_since_first_decrypt;
+  if (core_message_size == NULL || nonce_values == NULL ||
+      clock_values == NULL) {
+    return ODK_ERROR_CORE_MESSAGE;
+  }
+  if (nonce_values->api_major_version >= 19) {
+    ODK_PreparedReleaseRequest release_request = {0};
+    return ODK_PrepareRequest(
+        message, message_length, core_message_size, ODK_Release_Request_Type,
+        nonce_values, &release_request, sizeof(ODK_PreparedReleaseRequest));
+  } else {
+    // If the version is pre 19 when license release isn't supported, create a
+    // license request.
+    return ODK_PrepareCoreRenewalRequest(message, message_length,
+                                         core_message_size, nonce_values,
+                                         clock_values, system_time_seconds);
+  }
+}
+
 OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message,
                                              size_t message_length,
                                              size_t* core_message_size,
@@ -423,7 +461,7 @@ OEMCryptoResult ODK_ParseLicense(
  *timer_limits = parsed_license->timer_limits;
  /* And update the clock values state. */
  clock_values->timer_status = ODK_CLOCK_TIMER_STATUS_LICENSE_LOADED;
-  if (nonce_values->api_major_version == 18 && license_load) {
+  if (nonce_values->api_major_version >= 18 && license_load) {
    err = ODK_AttemptFirstPlayback(system_time_seconds, timer_limits,
                                   clock_values, timer_value);
    return err;
@@ -488,6 +526,33 @@ OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length,
                                    timer_value);
 }

+OEMCryptoResult ODK_ParseRelease(const uint8_t* message, size_t message_length,
+                                 size_t core_message_length,
+                                 ODK_NonceValues* nonce_values) {
+  if (message == NULL || nonce_values == NULL) {
+    return ODK_ERROR_CORE_MESSAGE;
+  }
+
+  const OEMCryptoResult err =
+      ODK_ParseCoreHeader(message, message_length, core_message_length,
+                          ODK_Release_Response_Type, nonce_values);
+  if (err != OEMCrypto_SUCCESS) {
+    return err;
+  }
+
+  ODK_ReleaseResponse release_response = {0};
+  ODK_Message msg = ODK_Message_Create((uint8_t*)message, message_length);
+  ODK_Message_SetSize(&msg, core_message_length);
+  Unpack_ODK_ReleaseResponse(&msg, &release_response);
+
+  if (ODK_Message_GetStatus(&msg) != MESSAGE_STATUS_OK ||
+      ODK_Message_GetOffset(&msg) != core_message_length) {
+    return ODK_ERROR_CORE_MESSAGE;
+  }
+
+  return OEMCrypto_SUCCESS;
+}
+
 OEMCryptoResult ODK_ParseProvisioning(
    const uint8_t* message, size_t message_length, size_t core_message_length,
    ODK_NonceValues* nonce_values, const uint8_t* device_id,
@@ -589,3 +654,69 @@ bool CheckApiVersionAtMost(const ODK_NonceValues* nonce_values,
         (nonce_values->api_major_version == major_version &&
          nonce_values->api_minor_version <= minor_version);
 }
+
+const uint8_t ODK_MacKeyLabelWithZero[] = "AUTHENTICATION";
+const size_t ODK_MacKeyLabelWithZeroLength = sizeof(ODK_MacKeyLabelWithZero);
+// This is the key size (512) in network byte order.
+const uint8_t ODK_MacKeySuffix[] = {0x00, 0x00, 0x02, 0x00};
+const size_t ODK_MacKeySuffixLength = sizeof(ODK_MacKeySuffix);
+
+const uint8_t ODK_EncKeyLabelWithZero[] = "ENCRYPTION";
+const size_t ODK_EncKeyLabelWithZeroLength = sizeof(ODK_EncKeyLabelWithZero);
+// This is the key size (128) in network byte order.
+const uint8_t ODK_EncKeySuffix[] = {0x00, 0x00, 0x00, 0x80};
+const size_t ODK_EncKeySuffixLength = sizeof(ODK_EncKeySuffix);
+
+OEMCryptoResult ODK_GenerateKeyContexts(const uint8_t* context,
+                                        size_t context_length,
+                                        uint8_t* mac_key_context,
+                                        size_t* mac_key_context_length,
+                                        uint8_t* enc_key_context,
+                                        size_t* enc_key_context_length) {
+  size_t real_mac_length;
+  size_t real_enc_length;
+  if (odk_add_overflow_ux(
+          context_length,
+          ODK_MacKeyLabelWithZeroLength + ODK_MacKeySuffixLength,
+          &real_mac_length) ||
+      real_mac_length > 0xffffffff ||
+      odk_add_overflow_ux(
+          context_length,
+          ODK_EncKeyLabelWithZeroLength + ODK_EncKeySuffixLength,
+          &real_enc_length) ||
+      real_enc_length > 0xffffffff) {
+    return OEMCrypto_ERROR_INVALID_CONTEXT;
+  }
+  bool short_buffer = false;
+  if (mac_key_context_length) {
+    short_buffer = real_mac_length > *mac_key_context_length;
+    *mac_key_context_length = real_mac_length;
+  }
+  if (enc_key_context_length) {
+    short_buffer = short_buffer || real_enc_length > *enc_key_context_length;
+    *enc_key_context_length = real_enc_length;
+  }
+  if (short_buffer || !mac_key_context || !enc_key_context) {
+    return OEMCrypto_ERROR_SHORT_BUFFER;
+  }
+
+  if (!context || !mac_key_context_length || !enc_key_context_length) {
+    return OEMCrypto_ERROR_INVALID_CONTEXT;
+  }
+
+  memcpy(mac_key_context, ODK_MacKeyLabelWithZero,
+         ODK_MacKeyLabelWithZeroLength);
+  memcpy(mac_key_context + ODK_MacKeyLabelWithZeroLength, context,
+         context_length);
+  memcpy(mac_key_context + ODK_MacKeyLabelWithZeroLength + context_length,
+         ODK_MacKeySuffix, ODK_MacKeySuffixLength);
+
+  memcpy(enc_key_context, ODK_EncKeyLabelWithZero,
+         ODK_EncKeyLabelWithZeroLength);
+  memcpy(enc_key_context + ODK_EncKeyLabelWithZeroLength, context,
+         context_length);
+  memcpy(enc_key_context + ODK_EncKeyLabelWithZeroLength + context_length,
+         ODK_EncKeySuffix, ODK_EncKeySuffixLength);
+
+  return OEMCrypto_SUCCESS;
+}