widevine-partner/oemcrypto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update version compatibility document

Browse Source 
- This updates the version compatibility document to clarify how the
Android hidl interface works.
- Testing of analog output was removed because the unit tests cannot
verify correct behaviour.
- Some buffer overflow tests have been added.
This commit is contained in:
Fred Gylys-Colwell
2020-12-15 14:29:34 -08:00
parent ad3791e23f
commit 2980612cb5
8 changed files with 258 additions and 260 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
docs/Widevine_OEMCrypto_Version_Compatibility.pdf
View File

Binary file not shown.

113
oemcrypto/include/OEMCryptoCENC.h
View File

@@ -480,8 +480,8 @@ typedef enum OEMCrypto_ProvisioningMethod {
OEMCrypto_ProvisioningError = 0, // Device cannot be provisioned.
OEMCrypto_DrmCertificate = 1, // Device has baked in DRM certificate
// (level 3 only)
OEMCrypto_Keybox = 2, // Device has factory installed unique keybox.
OEMCrypto_OEMCertificate = 3 // Device has factory installed OEM certificate.
OEMCrypto_Keybox = 2, // Device has factory installed unique keybox.
OEMCrypto_OEMCertificate = 3 // Device has factory installed OEM certificate.
} OEMCrypto_ProvisioningMethod;
/**
@@ -489,7 +489,7 @@ typedef enum OEMCrypto_ProvisioningMethod {
*/
#define OEMCrypto_Supports_RSA_2048bit 0x1
#define OEMCrypto_Supports_RSA_3072bit 0x2
#define OEMCrypto_Supports_RSA_CAST 0x10
#define OEMCrypto_Supports_RSA_CAST 0x10
#define OEMCrypto_Supports_ECC_secp256r1 0x100
#define OEMCrypto_Supports_ECC_secp384r1 0x200
#define OEMCrypto_Supports_ECC_secp521r1 0x400
@@ -504,12 +504,12 @@ typedef enum OEMCrypto_ProvisioningMethod {
/**
* Return values from OEMCrypto_GetAnalogOutputFlags.
*/
#define OEMCrypto_No_Analog_Output 0x0
#define OEMCrypto_Supports_Analog_Output 0x1
#define OEMCrypto_Can_Disable_Analog_Ouptput 0x2
#define OEMCrypto_Supports_CGMS_A 0x4
#define OEMCrypto_No_Analog_Output 0x0
#define OEMCrypto_Supports_Analog_Output 0x1
#define OEMCrypto_Can_Disable_Analog_Ouptput 0x2
#define OEMCrypto_Supports_CGMS_A 0x4
// Unknown_Analog_Output is used only for backwards compatibility.
#define OEMCrypto_Unknown_Analog_Output (1<<31)
#define OEMCrypto_Unknown_Analog_Output (1 << 31)
/// @}
@@ -622,6 +622,8 @@ typedef enum OEMCrypto_ProvisioningMethod {
#define OEMCrypto_DecryptCENC _oecc105
#define OEMCrypto_LoadDRMPrivateKey _oecc107
#define OEMCrypto_MinorAPIVersion _oecc108
#define OEMCrypto_AllocateSecureBuffer _oecc109
#define OEMCrypto_FreeSecureBuffer _oecc110
// clang-format on
/// @addtogroup initcontrol
@@ -4723,12 +4725,25 @@ OEMCryptoResult OEMCrypto_FreeSecureBuffer(
* current version of OEMCrypto. They are being declared here to help with
* backwards compatibility.
*/
/*
* OEMCrypto_GenerateSignature
* @deprecated
* Not required for the current version of OEMCrypto. Declared here to
* help with backward compatibility.
*/
OEMCryptoResult OEMCrypto_GenerateSignature(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
uint8_t* signature,
size_t* signature_length);
/*
* OEMCrypto_RewrapDeviceRSAKey30
* @deprecated
* Not required for the current version of OEMCrypto. Declared here to
* help with backward compatibility.
*/
OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey30(
OEMCrypto_SESSION session, const uint32_t* unaligned_nonce,
const uint8_t* encrypted_message_key, size_t encrypted_message_key_length,
@@ -4736,6 +4751,12 @@ OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey30(
const uint8_t* enc_rsa_key_iv, uint8_t* wrapped_rsa_key,
size_t* wrapped_rsa_key_length);
/*
* OEMCrypto_RewrapDeviceRSAKey
* @deprecated
* Not required for the current version of OEMCrypto. Declared here to
* help with backward compatibility.
*/
OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey(
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
const uint8_t* signature, size_t signature_length,
@@ -4743,26 +4764,70 @@ OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey(
size_t enc_rsa_key_length, const uint8_t* enc_rsa_key_iv,
uint8_t* wrapped_rsa_key, size_t* wrapped_rsa_key_length);
/*
* OEMCrypto_UpdateUsageTable
* @deprecated
* Not required for the current version of OEMCrypto. Declared here to
* help with backward compatibility.
*/
OEMCryptoResult OEMCrypto_UpdateUsageTable(void);
OEMCryptoResult OEMCrypto_DeleteUsageEntry(OEMCrypto_SESSION, const uint8_t*,
size_t, const uint8_t*, size_t,
const uint8_t*, size_t);
/*
* OEMCrypto_DeleteUsageEntry
* @deprecated
* Not required for the current version of OEMCrypto. Declared here to
* help with backward compatibility.
*/
OEMCryptoResult OEMCrypto_DeleteUsageEntry(
OEMCrypto_SESSION session, const uint8_t* pst, size_t pst_length,
const uint8_t* message, size_t message_length, const uint8_t* signature,
size_t signature_length);
OEMCryptoResult OEMCrypto_ForceDeleteUsageEntry(const uint8_t*, size_t);
/*
* OEMCrypto_ForceDeleteUsageEntry
* @deprecated
* Not required for the current version of OEMCrypto. Declared here to
* help with backward compatibility.
*/
OEMCryptoResult OEMCrypto_ForceDeleteUsageEntry(const uint8_t* pst,
size_t pst_length);
/*
* OEMCrypto_CopyOldUsageEntry
* @deprecated
* Not required for the current version of OEMCrypto. Declared here to
* help with backward compatibility.
*/
OEMCryptoResult OEMCrypto_CopyOldUsageEntry(OEMCrypto_SESSION session,
const uint8_t* pst,
size_t pst_length);
/*
* OEMCrypto_DeleteOldUsageTable
* @deprecated
* Not required for the current version of OEMCrypto. Declared here to
* help with backward compatibility.
*/
OEMCryptoResult OEMCrypto_DeleteOldUsageTable(void);
/*
* OEMCrypto_CreateOldUsageEntry
* @deprecated
* Not required for the current version of OEMCrypto. Declared here to
* help with backward compatibility.
*/
OEMCryptoResult OEMCrypto_CreateOldUsageEntry(
uint64_t time_since_license_received, uint64_t time_since_first_decrypt,
uint64_t time_since_last_decrypt, OEMCrypto_Usage_Entry_Status status,
uint8_t* server_mac_key, uint8_t* client_mac_key, const uint8_t* pst,
size_t pst_length);
/*
* OEMCrypto_GenerateDerivedKeys_V15
* @deprecated
* Not required for the current version of OEMCrypto. Declared here to
* help with backward compatibility.
*/
OEMCryptoResult OEMCrypto_GenerateDerivedKeys_V15(
OEMCrypto_SESSION session, const uint8_t* mac_key_context,
uint32_t mac_key_context_length, const uint8_t* enc_key_context,
@@ -4774,18 +4839,36 @@ typedef struct {
size_t offset; // offset into the pattern in blocks for this call.
} OEMCrypto_CENCEncryptPatternDesc_V15;
/*
* OEMCrypto_DecryptCENC_V15
* @deprecated
* Not required for the current version of OEMCrypto. Declared here to
* help with backward compatibility.
*/
OEMCryptoResult OEMCrypto_DecryptCENC_V15(
OEMCrypto_SESSION session, const uint8_t* data_addr, size_t data_length,
bool is_encrypted, const uint8_t* iv,
OEMCrypto_SESSION session, const uint8_t* data_addr,
size_t data_addr_length, bool is_encrypted, const uint8_t* iv,
size_t block_offset, // used for CTR "cenc" mode only.
OEMCrypto_DestBufferDesc* out_buffer_descriptor,
OEMCrypto_DestBufferDesc* out_buffer,
const OEMCrypto_CENCEncryptPatternDesc_V15* pattern,
uint8_t subsample_flags);
/*
* OEMCrypto_GetOEMPublicCertificate_V15
* @deprecated
* Not required for the current version of OEMCrypto. Declared here to
* help with backward compatibility.
*/
OEMCryptoResult OEMCrypto_GetOEMPublicCertificate_V15(
OEMCrypto_SESSION session, uint8_t* public_cert,
size_t* public_cert_length);
/*
* OEMCrypto_LoadDeviceRSAKey
* @deprecated
* Not required for the current version of OEMCrypto. Declared here to
* help with backward compatibility.
*/
OEMCryptoResult OEMCrypto_LoadDeviceRSAKey(OEMCrypto_SESSION session,
const uint8_t* wrapped_rsa_key,
size_t wrapped_rsa_key_length);

229
oemcrypto/include/level3.h
View File

@@ -14,8 +14,8 @@
#include <stddef.h>
#include <stdint.h>
#include "level3_file_system.h"
#include "OEMCryptoCENC.h"
#include "level3_file_system.h"
#include "oemcrypto_adapter.h"
namespace wvoec3 {
@@ -33,13 +33,10 @@ namespace wvoec3 {
#define Level3_WrapKeyboxOrOEMCert _lcc08
#define Level3_OpenSession _lcc09
#define Level3_CloseSession _lcc10
#define Level3_DecryptCENC _lcc11
#define Level3_GenerateDerivedKeys _lcc12
#define Level3_GenerateSignature _lcc13
#define Level3_GenerateNonce _lcc14
#define Level3_RewrapDeviceRSAKey _lcc18
#define Level3_LoadDeviceRSAKey _lcc19
#define Level3_GenerateRSASignature _lcc20
#define Level3_DeriveKeysFromSessionKey _lcc21
#define Level3_APIVersion _lcc22
#define Level3_SecurityLevel _lcc23
@@ -47,22 +44,16 @@ namespace wvoec3 {
#define Level3_Generic_Decrypt _lcc25
#define Level3_Generic_Sign _lcc26
#define Level3_Generic_Verify _lcc27
#define Level3_GetHDCPCapability _lcc28
#define Level3_SupportsUsageTable _lcc29
#define Level3_UpdateUsageTable _lcc30
#define Level3_DeactivateUsageEntry _lcc31
#define Level3_ReportUsage _lcc32
#define Level3_DeleteUsageEntry _lcc33
#define Level3_DeleteOldUsageTable _lcc34
#define Level3_GetMaxNumberOfSessions _lcc37
#define Level3_GetNumberOfOpenSessions _lcc38
#define Level3_IsAntiRollbackHwPresent _lcc39
#define Level3_QueryKeyControl _lcc41
#define Level3_ForceDeleteUsageEntry _lcc43
#define Level3_GetHDCPCapability _lcc44
#define Level3_LoadTestRSAKey _lcc45
#define Level3_SecurityPatchLevel _lcc46
#define Level3_GetProvisioningMethod _lcc49
#define Level3_GetOEMPublicCertificate _lcc50
#define Level3_RewrapDeviceRSAKey30 _lcc51
#define Level3_SupportedCertificates _lcc52
#define Level3_IsSRMUpdateSupported _lcc53
@@ -76,8 +67,6 @@ namespace wvoec3 {
#define Level3_UpdateUsageEntry _lcc65
#define Level3_ShrinkUsageTableHeader _lcc67
#define Level3_MoveEntry _lcc68
#define Level3_CopyOldUsageEntry _lcc69
#define Level3_CreateOldUsageEntry _lcc70
#define Level3_GetAnalogOutputFlags _lcc71
#define Level3_LoadTestKeybox _lcc78
#define Level3_SelectKey _lcc81
@@ -91,6 +80,21 @@ namespace wvoec3 {
#define Level3_RefreshKeys _lcc91
#define Level3_LoadEntitledContentKeys _lcc92
#define Level3_CopyBuffer _lcc93
#define Level3_MaximumUsageTableHeaderSize _lcc94
#define Level3_GenerateDerivedKeys _lcc95
#define Level3_PrepAndSignLicenseRequest _lcc96
#define Level3_PrepAndSignRenewalRequest _lcc97
#define Level3_PrepAndSignProvisioningRequest _lcc98
#define Level3_LoadLicense _lcc99
#define Level3_LoadRenewal _lcc101
#define Level3_LoadProvisioning _lcc102
#define Level3_LoadOEMPrivateKey _lcc103
#define Level3_GetOEMPublicCertificate _lcc104
#define Level3_DecryptCENC _lcc105
#define Level3_LoadDRMPrivateKey _lcc107
#define Level3_MinorAPIVersion _lcc108
#define Level3_AllocateSecureBuffer _lcc111
#define Level3_FreeSecureBuffer _lcc112
#else
#define Level3_IsInApp _oecc00
#define Level3_Initialize _oecc01
@@ -103,7 +107,6 @@ namespace wvoec3 {
#define Level3_WrapKeyboxOrOEMCert _oecc08
#define Level3_OpenSession _oecc09
#define Level3_CloseSession _oecc10
#define Level3_GenerateDerivedKeys _oecc12
#define Level3_GenerateSignature _oecc13
#define Level3_GenerateNonce _oecc14
#define Level3_RewrapDeviceRSAKey _oecc18
@@ -116,22 +119,16 @@ namespace wvoec3 {
#define Level3_Generic_Sign _oecc26
#define Level3_Generic_Verify _oecc27
#define Level3_SupportsUsageTable _oecc29
#define Level3_UpdateUsageTable _oecc30
#define Level3_ReportUsage _oecc32
#define Level3_DeleteUsageEntry _oecc33
#define Level3_DeleteOldUsageTable _oecc34
#define Level3_GenerateRSASignature _oecc36
#define Level3_GetMaxNumberOfSessions _oecc37
#define Level3_GetNumberOfOpenSessions _oecc38
#define Level3_IsAntiRollbackHwPresent _oecc39
#define Level3_QueryKeyControl _oecc41
#define Level3_ForceDeleteUsageEntry _oecc43
#define Level3_GetHDCPCapability _oecc44
#define Level3_LoadTestRSAKey _oecc45
#define Level3_SecurityPatchLevel _oecc46
#define Level3_DecryptCENC _oecc48
#define Level3_GetProvisioningMethod _oecc49
#define Level3_GetOEMPublicCertificate _oecc50
#define Level3_RewrapDeviceRSAKey30 _oecc51
#define Level3_SupportedCertificates _oecc52
#define Level3_IsSRMUpdateSupported _oecc53
@@ -146,8 +143,6 @@ namespace wvoec3 {
#define Level3_DeactivateUsageEntry _oecc66
#define Level3_ShrinkUsageTableHeader _oecc67
#define Level3_MoveEntry _oecc68
#define Level3_CopyOldUsageEntry _oecc69
#define Level3_CreateOldUsageEntry _oecc70
#define Level3_GetAnalogOutputFlags _oecc71
#define Level3_LoadTestKeybox _oecc78
#define Level3_SelectKey _oecc81
@@ -161,6 +156,21 @@ namespace wvoec3 {
#define Level3_RefreshKeys _oecc91
#define Level3_LoadEntitledContentKeys _oecc92
#define Level3_CopyBuffer _oecc93
#define Level3_MaximumUsageTableHeaderSize _oecc94
#define Level3_GenerateDerivedKeys _oecc95
#define Level3_PrepAndSignLicenseRequest _oecc96
#define Level3_PrepAndSignRenewalRequest _oecc97
#define Level3_PrepAndSignProvisioningRequest _oecc98
#define Level3_LoadLicense _oecc99
#define Level3_LoadRenewal _oecc101
#define Level3_LoadProvisioning _oecc102
#define Level3_LoadOEMPrivateKey _oecc103
#define Level3_GetOEMPublicCertificate _oecc104
#define Level3_DecryptCENC _oecc105
#define Level3_LoadDRMPrivateKey _oecc107
#define Level3_MinorAPIVersion _oecc108
#define Level3_AllocateSecureBuffer _oecc111
#define Level3_FreeSecureBuffer _oecc112
#endif
#define Level3_GetInitializationState _oecl3o01
@@ -171,88 +181,69 @@ extern "C" {
bool Level3_IsInApp();
OEMCryptoResult Level3_Initialize(void);
OEMCryptoResult Level3_Terminate(void);
OEMCryptoResult Level3_OpenSession(OEMCrypto_SESSION *session);
OEMCryptoResult Level3_OpenSession(OEMCrypto_SESSION* session);
OEMCryptoResult Level3_CloseSession(OEMCrypto_SESSION session);
OEMCryptoResult Level3_GenerateDerivedKeys(OEMCrypto_SESSION session,
const uint8_t *mac_key_context,
uint32_t mac_key_context_length,
const uint8_t *enc_key_context,
uint32_t enc_key_context_length);
const uint8_t* mac_key_context,
size_t mac_key_context_length,
const uint8_t* enc_key_context,
size_t enc_key_context_length);
OEMCryptoResult Level3_GenerateNonce(OEMCrypto_SESSION session,
uint32_t* nonce);
OEMCryptoResult Level3_GenerateSignature(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
uint8_t* signature,
size_t* signature_length);
OEMCryptoResult Level3_QueryKeyControl(OEMCrypto_SESSION session,
const uint8_t* key_id,
size_t key_id_length,
uint8_t* key_control_block,
size_t* key_control_block_length);
OEMCryptoResult Level3_DecryptCENC(
OEMCrypto_SESSION session, const uint8_t* data_addr, size_t data_length,
bool is_encrypted, const uint8_t* iv, size_t block_offset,
OEMCrypto_DestBufferDesc* out_buffer_descriptor,
const OEMCrypto_CENCEncryptPatternDesc_V15* pattern,
uint8_t subsample_flags);
OEMCrypto_SESSION session, const OEMCrypto_SampleDescription* samples,
size_t samples_length, const OEMCrypto_CENCEncryptPatternDesc* pattern);
OEMCryptoResult Level3_InstallKeyboxOrOEMCert(const uint8_t* rot,
size_t rotLength);
OEMCryptoResult Level3_IsKeyboxOrOEMCertValid(void);
OEMCryptoResult Level3_WrapKeyboxOrOEMCert(const uint8_t* rot,
size_t rotLength,
OEMCryptoResult Level3_WrapKeyboxOrOEMCert(const uint8_t* rot, size_t rotLength,
uint8_t* wrappedRot,
size_t* wrappedRotLength,
const uint8_t* transportKey,
size_t transportKeyLength);
OEMCrypto_ProvisioningMethod Level3_GetProvisioningMethod();
OEMCryptoResult Level3_GetOEMPublicCertificate(OEMCrypto_SESSION session,
uint8_t *public_cert,
size_t *public_cert_length);
OEMCryptoResult Level3_GetDeviceID(uint8_t* deviceID,
size_t *idLength);
OEMCryptoResult Level3_GetKeyData(uint8_t* keyData,
size_t *keyDataLength);
OEMCryptoResult Level3_GetRandom(uint8_t* randomData,
size_t dataLength);
OEMCryptoResult Level3_RewrapDeviceRSAKey30(OEMCrypto_SESSION session,
const uint32_t *nonce,
const uint8_t* encrypted_message_key,
size_t encrypted_message_key_length,
const uint8_t* enc_rsa_key,
size_t enc_rsa_key_length,
const uint8_t* enc_rsa_key_iv,
uint8_t* wrapped_rsa_key,
size_t* wrapped_rsa_key_length);
OEMCryptoResult Level3_RewrapDeviceRSAKey(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
const uint8_t* signature,
size_t signature_length,
const uint32_t *nonce,
const uint8_t* enc_rsa_key,
size_t enc_rsa_key_length,
const uint8_t* enc_rsa_key_iv,
uint8_t* wrapped_rsa_key,
size_t *wrapped_rsa_key_length);
OEMCryptoResult Level3_LoadDeviceRSAKey(OEMCrypto_SESSION session,
const uint8_t* wrapped_rsa_key,
size_t wrapped_rsa_key_length);
OEMCryptoResult Level3_GetOEMPublicCertificate(uint8_t* public_cert,
size_t* public_cert_length);
OEMCryptoResult Level3_GetDeviceID(uint8_t* deviceID, size_t* idLength);
OEMCryptoResult Level3_GetKeyData(uint8_t* keyData, size_t* keyDataLength);
OEMCryptoResult Level3_GetRandom(uint8_t* randomData, size_t dataLength);
OEMCryptoResult Level3_LoadOEMPrivateKey(OEMCrypto_SESSION session);
OEMCryptoResult Level3_LoadDRMPrivateKey(OEMCrypto_SESSION session,
OEMCrypto_PrivateKeyType key_type,
const uint8_t* wrapped_rsa_key,
size_t wrapped_rsa_key_length);
OEMCryptoResult Level3_LoadProvisioning(
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
size_t core_message_length, const uint8_t* signature,
size_t signature_length, uint8_t* wrapped_private_key,
size_t* wrapped_private_key_length);
OEMCryptoResult Level3_RewrapDeviceRSAKey(
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
const uint8_t* signature, size_t signature_length, const uint32_t* nonce,
const uint8_t* enc_rsa_key, size_t enc_rsa_key_length,
const uint8_t* enc_rsa_key_iv, uint8_t* wrapped_rsa_key,
size_t* wrapped_rsa_key_length);
OEMCryptoResult Level3_LoadTestRSAKey();
OEMCryptoResult Level3_GenerateRSASignature(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
uint8_t* signature,
size_t *signature_length,
size_t* signature_length,
RSA_Padding_Scheme padding_scheme);
OEMCryptoResult Level3_DeriveKeysFromSessionKey(OEMCrypto_SESSION session,
const uint8_t* enc_session_key,
size_t enc_session_key_length,
const uint8_t *mac_key_context,
const uint8_t* mac_key_context,
size_t mac_key_context_length,
const uint8_t *enc_key_context,
const uint8_t* enc_key_context,
size_t enc_key_context_length);
uint32_t Level3_APIVersion();
uint32_t Level3_MinorAPIVersion();
uint8_t Level3_SecurityPatchLevel();
const char* Level3_SecurityLevel();
OEMCryptoResult Level3_GetHDCPCapability(OEMCrypto_HDCP_Capability* current,
@@ -264,14 +255,12 @@ OEMCryptoResult Level3_GetMaxNumberOfSessions(size_t* maximum);
uint32_t Level3_SupportedCertificates();
OEMCryptoResult Level3_Generic_Encrypt(OEMCrypto_SESSION session,
const uint8_t* in_buffer,
size_t buffer_length,
const uint8_t* iv,
size_t buffer_length, const uint8_t* iv,
OEMCrypto_Algorithm algorithm,
uint8_t* out_buffer);
OEMCryptoResult Level3_Generic_Decrypt(OEMCrypto_SESSION session,
const uint8_t* in_buffer,
size_t buffer_length,
const uint8_t* iv,
size_t buffer_length, const uint8_t* iv,
OEMCrypto_Algorithm algorithm,
uint8_t* out_buffer);
OEMCryptoResult Level3_Generic_Sign(OEMCrypto_SESSION session,
@@ -286,39 +275,24 @@ OEMCryptoResult Level3_Generic_Verify(OEMCrypto_SESSION session,
OEMCrypto_Algorithm algorithm,
const uint8_t* signature,
size_t signature_length);
OEMCryptoResult Level3_UpdateUsageTable();
OEMCryptoResult Level3_DeactivateUsageEntry(OEMCrypto_SESSION session,
const uint8_t *pst,
const uint8_t* pst,
size_t pst_length);
OEMCryptoResult Level3_ReportUsage(OEMCrypto_SESSION session,
const uint8_t *pst,
size_t pst_length,
uint8_t *buffer,
size_t *buffer_length);
OEMCryptoResult Level3_DeleteUsageEntry(OEMCrypto_SESSION session,
const uint8_t* pst,
size_t pst_length,
const uint8_t *message,
size_t message_length,
const uint8_t *signature,
size_t signature_length);
OEMCryptoResult Level3_ForceDeleteUsageEntry(const uint8_t* pst,
size_t pst_length);
OEMCryptoResult Level3_DeleteOldUsageTable();
const uint8_t* pst, size_t pst_length,
uint8_t* buffer, size_t* buffer_length);
bool Level3_IsSRMUpdateSupported();
OEMCryptoResult Level3_GetCurrentSRMVersion(uint16_t* version);
OEMCryptoResult Level3_LoadSRM(const uint8_t* buffer,
size_t buffer_length);
OEMCryptoResult Level3_LoadSRM(const uint8_t* buffer, size_t buffer_length);
OEMCryptoResult Level3_RemoveSRM();
OEMCryptoResult Level3_CreateUsageTableHeader(uint8_t* header_buffer,
size_t* header_buffer_length);
OEMCryptoResult Level3_LoadUsageTableHeader(const uint8_t* buffer,
size_t buffer_length);
OEMCryptoResult Level3_CreateNewUsageEntry(OEMCrypto_SESSION session,
uint32_t *usage_entry_number);
OEMCryptoResult Level3_LoadUsageEntry(OEMCrypto_SESSION session,
uint32_t index,
const uint8_t *buffer,
uint32_t* usage_entry_number);
OEMCryptoResult Level3_LoadUsageEntry(OEMCrypto_SESSION session, uint32_t index,
const uint8_t* buffer,
size_t buffer_size);
OEMCryptoResult Level3_UpdateUsageEntry(OEMCrypto_SESSION session,
uint8_t* header_buffer,
@@ -328,24 +302,18 @@ OEMCryptoResult Level3_UpdateUsageEntry(OEMCrypto_SESSION session,
OEMCryptoResult Level3_ShrinkUsageTableHeader(uint32_t new_table_size,
uint8_t* header_buffer,
size_t* header_buffer_length);
OEMCryptoResult Level3_MoveEntry(OEMCrypto_SESSION session,
uint32_t new_index);
OEMCryptoResult Level3_CopyOldUsageEntry(OEMCrypto_SESSION session,
const uint8_t*pst,
size_t pst_length);
OEMCryptoResult Level3_CreateOldUsageEntry(uint64_t time_since_license_received,
uint64_t time_since_first_decrypt,
uint64_t time_since_last_decrypt,
OEMCrypto_Usage_Entry_Status status,
uint8_t *server_mac_key,
uint8_t *client_mac_key,
const uint8_t* pst,
size_t pst_length);
OEMCryptoResult Level3_MoveEntry(OEMCrypto_SESSION session, uint32_t new_index);
uint32_t Level3_GetAnalogOutputFlags();
OEMCryptoResult Level3_LoadTestKeybox(const uint8_t* buffer, size_t length);
OEMCryptoResult Level3_SelectKey(const OEMCrypto_SESSION session,
const uint8_t* key_id, size_t key_id_length,
OEMCryptoCipherMode cipher_mode);
OEMCryptoResult Level3_LoadLicense(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
size_t core_message_length,
const uint8_t* signature,
size_t signature_length);
OEMCryptoResult Level3_LoadKeys(
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
const uint8_t* signature, size_t signature_length,
@@ -364,10 +332,18 @@ OEMCryptoResult Level3_SetDecryptHash(OEMCrypto_SESSION session,
OEMCryptoResult Level3_GetHashErrorCode(OEMCrypto_SESSION session,
uint32_t* failed_frame_number);
const char* Level3_BuildInformation();
OEMCryptoResult Level3_RefreshKeys(
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
const uint8_t* signature, size_t signature_length, size_t num_keys,
const OEMCrypto_KeyRefreshObject* key_array);
OEMCryptoResult Level3_LoadRenewal(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
size_t core_message_length,
const uint8_t* signature,
size_t signature_length);
OEMCryptoResult Level3_RefreshKeys(OEMCrypto_SESSION session,
const uint8_t* message,
size_t message_length,
const uint8_t* signature,
size_t signature_length, size_t num_keys,
const OEMCrypto_KeyRefreshObject* key_array);
OEMCryptoResult Level3_LoadEntitledContentKeys(
OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
size_t num_keys, const OEMCrypto_EntitledContentKeyObject* key_array);
@@ -375,7 +351,22 @@ OEMCryptoResult Level3_CopyBuffer(
OEMCrypto_SESSION session, const uint8_t* data_addr, size_t data_length,
const OEMCrypto_DestBufferDesc* out_buffer_descriptor,
uint8_t subsample_flags);
OEMCryptoResult Level3_PrepAndSignProvisioningRequest(
OEMCrypto_SESSION session, uint8_t* message, size_t message_length,
size_t* core_message_length, uint8_t* signature, size_t* signature_length);
OEMCryptoResult Level3_PrepAndSignLicenseRequest(
OEMCrypto_SESSION session, uint8_t* message, size_t message_length,
size_t* core_message_length, uint8_t* signature, size_t* signature_length);
OEMCryptoResult Level3_PrepAndSignRenewalRequest(
OEMCrypto_SESSION session, uint8_t* message, size_t message_length,
size_t* core_message_length, uint8_t* signature, size_t* signature_length);
size_t Level3_MaximumUsageTableHeaderSize();
OEMCryptoResult Level3_AllocateSecureBuffer(
OEMCrypto_SESSION session, size_t buffer_size,
OEMCrypto_DestBufferDesc* output_descriptor, int* secure_fd);
OEMCryptoResult Level3_FreeSecureBuffer(
OEMCrypto_SESSION session, OEMCrypto_DestBufferDesc* output_descriptor,
int secure_fd);
// The following are specific to Google's Level 3 implementation and are not
// required.
@@ -448,7 +439,7 @@ void Level3_OutputErrorLogs();
// serial number or any other character sequence representing that device.
// The parameter |len| needs to be changed to reflect the length of the
// unique identifier.
const char *getUniqueID(size_t *len);
const char* getUniqueID(size_t* len);
// Returns a 64-bit unsigned integer to be used as a random seed for RNG.
// If the operation is unsuccessful, this function returns 0.

4
oemcrypto/odk/include/odk_attributes.h
View File

@@ -6,9 +6,9 @@
#define WIDEVINE_ODK_INCLUDE_ODK_ATTRIBUTES_H_
#if defined(__GNUC__) || defined(__clang__)
#define UNUSED __attribute__((__unused__))
# define UNUSED __attribute__((__unused__))
#else
#define UNUSED
# define UNUSED
#endif
#endif // WIDEVINE_ODK_INCLUDE_ODK_ATTRIBUTES_H_

4
oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.h
View File

@@ -36,9 +36,7 @@ class OEMCryptoLicenseAPIFuzz : public InitializeFuzz {
session_.GenerateNonce();
}
~OEMCryptoLicenseAPIFuzz() {
session_.close();
}
~OEMCryptoLicenseAPIFuzz() { session_.close(); }
LicenseRoundTrip& license_messages() { return license_messages_; }

60
oemcrypto/test/fuzz_tests/oemcrypto_fuzztests.gyp
View File

@@ -5,60 +5,22 @@
# Builds under the CDM ./build.py (target platform) build system
# Refer to the distribution package's README for details.
{
'target_defaults': {
'type': 'executable',
'includes': [
'oemcrypto_fuzztests.gypi',
],
'variables': {
'oemcrypto_lib%': '',
'openssl_config%': 'system',
'openssl_target%': '',
},
'targets': [
{
'target_name': 'oemcrypto_load_license_fuzz',
'target_name': 'wv_ce_cdm_oemcrypto_generate_signature_fuzz_test',
'type': 'executable',
'sources': [
'oemcrypto_load_license_fuzz.cc',
# The test runner and the testing device certificate.
'oemcrypto_generate_signature.cc',
],
},
{
'target_name': 'oemcrypto_load_provisioning_fuzz',
'sources': [
'oemcrypto_load_provisioning_fuzz.cc',
'includes': [
'oemcrypto_fuzztests.gypi',
],
},
{
'target_name': 'oemcrypto_load_renewal_fuzz',
'sources': [
'oemcrypto_load_renewal_fuzz.cc',
],
},
{
'target_name': 'oemcrypto_license_request_fuzz',
'sources': [
'oemcrypto_license_request_fuzz.cc',
],
},
{
'target_name': 'oemcrypto_provisioning_request_fuzz',
'sources': [
'oemcrypto_provisioning_request_fuzz.cc',
],
},
{
'target_name': 'oemcrypto_renewal_request_fuzz',
'sources': [
'oemcrypto_renewal_request_fuzz.cc',
],
},
{
'target_name': 'oemcrypto_decrypt_cenc_fuzz',
'sources': [
'oemcrypto_decrypt_cenc_fuzz.cc',
],
},
{
'target_name': 'oemcrypto_load_entitled_content_keys_fuzz',
'sources': [
'oemcrypto_load_entitled_content_keys_fuzz.cc',
],
},
},
],
}

100
oemcrypto/test/fuzz_tests/oemcrypto_fuzztests.gypi
View File

@@ -1,88 +1,48 @@
# Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
#source code may only be used and distributed under the Widevine Master License
#Agreement.
#
# Include this in any custom unit test targets.
# Does not include the test runner main.
{
'variables': {
'boringssl_libcrypto_path%': '../../../third_party/boringssl/boringssl.gyp:crypto',
'boringssl_libssl_path%': '../../../third_party/boringssl/boringssl.gyp:ssl',
'oemcrypto_dir': '../..',
'platform_specific_dir': '../../../linux/src',
'privacy_crypto_impl%': 'boringssl',
# Flag used to generate source based code coverage reports.
'generate_code_coverage_report%': 'false',
'util_dir': '../../../util',
},
'sources': [
'../../odk/src/core_message_deserialize.cpp',
'../../odk/src/core_message_serialize.cpp',
'../oec_device_features.cpp',
'../oec_key_deriver.cpp',
'../oemcrypto_corpus_generator_helper.cpp',
'../oec_session_util.cpp',
'../oemcrypto_corpus_generator_helper.cpp',
'oemcrypto_fuzz_helper.cc',
'../oemcrypto_session_tests_helper.cpp',
'<(platform_specific_dir)/file_store.cpp',
'<(platform_specific_dir)/log.cpp',
'<(util_dir)/src/platform.cpp',
'<(util_dir)/src/rw_lock.cpp',
'<(util_dir)/src/string_conversions.cpp',
'<(util_dir)/test/test_sleep.cpp',
'<(util_dir)/test/test_clock.cpp',
'../oemcrypto_session_tests_helper.h',
'../../../cdm/test/device_cert.cpp',
'../../../cdm/test/device_cert.h',
],
'include_dirs': [
'../../../third_party/fuzz',
'<(util_dir)/include',
'<(util_dir)/test',
'<(oemcrypto_dir)/include',
'<(oemcrypto_dir)/ref/src',
'<(oemcrypto_dir)/test',
'<(oemcrypto_dir)/test/fuzz_tests',
'<(oemcrypto_dir)/odk/include',
'<(oemcrypto_dir)/odk/src',
],
'includes': [
'../../../util/libssl_dependency.gypi',
'../../ref/oec_ref.gypi',
],
'dependencies': [
'../../../third_party/gmock.gyp:gtest',
'../../../third_party/gmock.gyp:gmock',
'../../../core/include', # log.h
'../../include',
'../../ref/src', # oemcrypto_key_ref.h
'../',
'../../../cdm/test',
],
'defines': [
'OEMCRYPTO_TESTS',
'OEMCRYPTO_FUZZ_TESTS',
],
'conditions': [
['generate_code_coverage_report=="false"', {
# Include flags to build fuzzer binaries for cluster fuzz.
'cflags_cc': [
'-std=c++11',
'-fsanitize=fuzzer,address,undefined',
# Need -g flag to include source line numbers in error stack trace.
'-g',
],
'ldflags': [
'-fPIC',
'-fsanitize=fuzzer,address,undefined',
],
}],
['generate_code_coverage_report=="true"', {
# Include flags to build fuzzer binaries to generate source based code coverage reports.
'cflags_cc': [
'-std=c++11',
'-fprofile-instr-generate',
'-fcoverage-mapping',
],
'ldflags': [
'-fPIC',
'-fsanitize=fuzzer,address,undefined',
'-fprofile-instr-generate',
'-fcoverage-mapping',
],
}],
], # conditions
'libraries': [
'-lpthread',
'../../../third_party/fuzz/platforms/x86-64/libFuzzer.a',
],
'dependencies': [
'../../../cdm/cdm.gyp:widevine_ce_cdm_shared',
'../../../third_party/gmock.gyp:gmock',
'../../../third_party/gmock.gyp:gtest',
],
'conditions': [
['oemcrypto_lib==""', {
'includes': [
'../../ref/oec_ref.gypi',
],
}, {
'libraries': [
'../../../third_party/fuzz/platforms/x86-64/libFuzzer.a',
'<(oemcrypto_lib)',
],
}],
],
}

8
oemcrypto/test/oemcrypto_test.cpp
View File

@@ -217,7 +217,9 @@ TEST_F(OEMCryptoClientTest, VersionNumber) {
EXPECT_EQ(ODK_MAJOR_VERSION, 16);
// Note on minor versions. Widevine requires version 16.3 or greater for CE
// CDM and Android devices. For CE CDM devices that do not support usage
// tables, we strongly recommend 16.4.
// tables, we strongly recommend 16.4. Note: This is the version of the ODK
// library built into the tests, which might be different from the version
// that is pre-compiled into liboemcrypto.so.
EXPECT_GE(ODK_MINOR_VERSION, 3);
EXPECT_LE(ODK_MINOR_VERSION, 4);
EXPECT_EQ(kCurrentAPI, 16u);
@@ -226,7 +228,9 @@ TEST_F(OEMCryptoClientTest, VersionNumber) {
ASSERT_EQ('L', level[0]);
cout << " OEMCrypto Security Level is " << level << endl;
uint32_t version = OEMCrypto_APIVersion();
cout << " OEMCrypto API version is " << version << endl;
uint32_t minor_version = OEMCrypto_MinorAPIVersion();
cout << " OEMCrypto API version is " << version << "."
<< minor_version << endl;
if (OEMCrypto_SupportsUsageTable()) {
cout << " OEMCrypto supports usage tables" << endl;
} else {