widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merges to android Pi release (part 6)

Browse Source 
These are a set of CLs merged from the wv cdm repo to the android repo.

* Enable Cast for Android Things build.

  Author: Thoren Paulson <thoren@google.com>

  [ Merge of http://go/wvgerrit/29941 ]

  Added a path to make_cast_libwvlevel3 for Android Things. Added the new
  system id to the preprocessor guards in android_keybox.cpp. Guarded the
  references to stderr in page_allocator.cpp because for some reason they
  don't get resolved when we link against the resulting library.

  BUG: 63443584

* Resolve memory leaks in use of OpenSSL.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32700 ]

  Use of EVP_CIPHER_CTX requires a call to EVP_CIPHER_CTX_cleanup().

* Memory leak in OpenSSL RSA key handling.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32621 ]

  This fixes a range of tests. --gtest_filter="CdmDecrypt*" runs
  five tests and still loses 5 objects totalling 1320 bytes (down
  from 6200 bytes).

* Unit test and mock OEMCrypto memory leaks.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32640 ]

  More memory leak cleanup. All remaining leaks are due
  to calls to CRYPTO_malloc() without the matching free
  (i.e., calls into openssl).

* Clean up memory leaks in tests.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32600 ]

  This is the first pass at cleaning up memory leaks. These leaks
  were affecting a lot of tests, making it hard to identify more
  serious leaks.

  Switch to unique_ptr<> pointers for CdmEngine in
  generic_crypto_unittest tests for FileSystem object in
  mock OEMCrypto's CryptoEngine object.

* Fix broken tests - linux-only & address sanitizer failures.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32460 ]

  Fix broken test:
    WvCdmEnginePreProvTestStaging.ServiceCertificateInitialNoneTest

  Fix failures found by address sanitizer:
    DeviceFilesUsageInfoTest.RetrieveByProviderSessionToken
    DeviceFilesUsageInfoTest.UpdateUsageInfo

  NOTE: address sanitizer cannot handle EXPECT_CALL macros containing
  a call with a Contains matcher as an argument, e.g.:

  EXPECT_CALL(file,
              Write(Contains(certificate, wrapped_private_key, 0),
                    Gt(certificate.size() + wrapped_private_key.size())))

  The address sanitizer reports a crash, issues a report, and stops. A
  temporary fix is to replace the "Contains()" argument with "_".

* Usage license handling corrections

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/28540 ]

  Validate that offline licenses that do not contain a provider session
  token are not handled by the TEE.

  BUG: 38490468

  Test: WV Unit/integration tests, GtsMediaTestCases,
        WvCdmRequestLicenseTest.ReleaseRetryL3OfflineKeySessionUsageDisabledTest

* UsageTableEntry::CopyOldUsageEntry memcpy read out of range.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32220 ]

  The function copies the pst from a variable length input vector
  into a 256 byte character array. But the length argument was a
  fixed value - MAC_KEY_SIZE. Depending on the actual PST length this
  can lead to memcpy reading out of bounds or the PST getting truncated.

BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
  commit in the chain.

Change-Id: I81a4593d7d04d0ef6069ce48d0601b6fbdd85de9
This commit is contained in:
Rahul Frias
2018-01-09 22:56:21 -08:00
parent b7c9ad57c9
commit 00da44bb68
63 changed files with 977 additions and 582 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
libwvdrmengine/cdm/core/src/cdm_session.cpp
View File

@@ -12,7 +12,6 @@
#include "clock.h"
#include "file_store.h"
#include "log.h"
#include "metrics_front_end.h"
#include "properties.h"
#include "string_conversions.h"
#include "wv_cdm_constants.h"
@@ -25,10 +24,10 @@ const size_t kKeySetIdLength = 14;
namespace wvcdm {
CdmSession::CdmSession(FileSystem* file_system) :
CdmSession::CdmSession(FileSystem* file_system,
metrics::SessionMetrics* metrics) :
metrics_(metrics),
initialized_(false),
closed_(false),
crypto_session_(new CryptoSession(&metrics_)),
file_handle_(new DeviceFiles(file_system)),
license_received_(false),
is_offline_(false),
@@ -45,6 +44,9 @@ CdmSession::CdmSession(FileSystem* file_system) :
usage_entry_number_(0),
mock_license_parser_in_use_(false),
mock_policy_engine_in_use_(false) {
assert(metrics_); // metrics_ must not be null.
crypto_metrics_ = metrics_->GetCryptoMetrics();
crypto_session_.reset(new CryptoSession(crypto_metrics_));
life_span_.Start();
}
@@ -55,7 +57,10 @@ CdmSession::~CdmSession() {
}
Properties::RemoveSessionPropertySet(session_id_);
M_RECORD(&metrics_, cdm_session_life_span_, life_span_.AsMs());
if (metrics_) {
M_RECORD(metrics_, cdm_session_life_span_, life_span_.AsMs());
metrics_->SetCompleted();
}
}
CdmResponseType CdmSession::Init(
@@ -80,16 +85,15 @@ CdmResponseType CdmSession::Init(
}
CdmResponseType sts;
M_TIME(
sts = crypto_session_->Open(
requested_security_level_),
&metrics_,
sts = crypto_session_->Open(requested_security_level_),
crypto_metrics_,
crypto_session_open_,
sts,
requested_security_level_);
if (NO_ERROR != sts) return sts;
M_TIME(
security_level_ = crypto_session_->GetSecurityLevel(),
&metrics_,
crypto_metrics_,
crypto_session_get_security_level_,
security_level_);
if (!file_handle_->Init(security_level_)) {
@@ -126,7 +130,7 @@ CdmResponseType CdmSession::Init(
M_TIME(
get_client_token_sts = crypto_session_->GetClientToken(
&client_token),
&metrics_,
crypto_metrics_,
crypto_session_get_token_,
get_client_token_sts);
if (!get_client_token_sts) {
@@ -144,7 +148,7 @@ CdmResponseType CdmSession::Init(
M_TIME(
load_cert_sts = crypto_session_->LoadCertificatePrivateKey(
wrapped_key),
&metrics_,
crypto_metrics_,
crypto_session_load_certificate_private_key_,
load_cert_sts);
if(!load_cert_sts) {
@@ -166,6 +170,7 @@ CdmResponseType CdmSession::Init(
session_id_ =
Properties::AlwaysUseKeySetIds() ? key_set_id_ : GenerateSessionId();
metrics_->SetSessionId(session_id_);
if (session_id_.empty()) {
LOGE("CdmSession::Init: empty session ID");
@@ -222,14 +227,20 @@ CdmResponseType CdmSession::RestoreOfflineSession(
return GET_RELEASED_LICENSE_ERROR;
}
std::string provider_session_token;
if (usage_support_type_ == kUsageEntrySupport) {
CdmResponseType sts = usage_table_header_->LoadEntry(crypto_session_.get(),
usage_entry_,
usage_entry_number_);
if (sts != NO_ERROR) {
LOGE("CdmSession::RestoreOfflineSession: failed to load usage entry = %d",
sts);
return sts;
if (!license_parser_->ExtractProviderSessionToken(
key_response_, &provider_session_token)) {
provider_session_token.clear();
} else {
CdmResponseType sts =
usage_table_header_->LoadEntry(crypto_session_.get(), usage_entry_,
usage_entry_number_);
if (sts != NO_ERROR) {
LOGE("CdmSession::RestoreOfflineSession: failed to load usage entry = "
"%d", sts);
return sts;
}
}
}
@@ -246,7 +257,8 @@ CdmResponseType CdmSession::RestoreOfflineSession(
}
}
if (usage_support_type_ == kUsageEntrySupport) {
if (usage_support_type_ == kUsageEntrySupport &&
!provider_session_token.empty()) {
CdmResponseType sts =
usage_table_header_->UpdateEntry(crypto_session_.get(), &usage_entry_);
if (sts != NO_ERROR) {
@@ -432,7 +444,8 @@ CdmResponseType CdmSession::AddKey(const CdmKeyResponse& key_response) {
if (sts != KEY_ADDED) {
CdmResponseType sts =
usage_table_header_->DeleteEntry(usage_entry_number_,
file_handle_.get(), &metrics_);
file_handle_.get(),
crypto_metrics_);
if (sts != NO_ERROR) {
LOGW("CdmSession::AddKey: Delete usage entry failed = %d", sts);
}
@@ -449,8 +462,10 @@ CdmResponseType CdmSession::AddKey(const CdmKeyResponse& key_response) {
license_parser_->provider_session_token().c_str());
if (is_offline_ || has_provider_session_token()) {
if (usage_support_type_ == kUsageEntrySupport)
if (has_provider_session_token() &&
usage_support_type_ == kUsageEntrySupport) {
usage_table_header_->UpdateEntry(crypto_session_.get(), &usage_entry_);
}
if (!is_offline_)
usage_provider_session_token_ =
@@ -614,7 +629,8 @@ CdmResponseType CdmSession::GenerateReleaseRequest(
if (KEY_MESSAGE != status) return status;
if (usage_support_type_ == kUsageEntrySupport) {
if (has_provider_session_token() &&
usage_support_type_ == kUsageEntrySupport) {
status = usage_table_header_->UpdateEntry(crypto_session_.get(),
&usage_entry_);
if (status != NO_ERROR) {
@@ -645,7 +661,8 @@ CdmResponseType CdmSession::ReleaseKey(const CdmKeyResponse& key_response) {
if (is_offline_ || has_provider_session_token()) {
DeleteLicense();
if (usage_support_type_ == kUsageEntrySupport) {
if (usage_support_type_ == kUsageEntrySupport &&
has_provider_session_token()) {
sts = DeleteUsageEntry(usage_entry_number_);
if (NO_ERROR != sts) return sts;
}
@@ -654,7 +671,8 @@ CdmResponseType CdmSession::ReleaseKey(const CdmKeyResponse& key_response) {
}
CdmResponseType CdmSession::DeleteUsageEntry(uint32_t usage_entry_number) {
if (usage_support_type_ != kUsageEntrySupport) {
if (usage_support_type_ != kUsageEntrySupport ||
!has_provider_session_token()) {
LOGE("CdmSession::DeleteUsageEntry: Unexpected usage type supported: %d",
usage_support_type_);
return INCORRECT_USAGE_SUPPORT_TYPE_1;
@@ -664,10 +682,10 @@ CdmResponseType CdmSession::DeleteUsageEntry(uint32_t usage_entry_number) {
// it, so close and reopen session.
CdmResponseType sts;
crypto_session_->Close();
crypto_session_.reset(new CryptoSession(&metrics_));
crypto_session_.reset(new CryptoSession(crypto_metrics_));
M_TIME(
sts = crypto_session_->Open(requested_security_level_),
&metrics_,
crypto_metrics_,
crypto_session_open_,
sts,
requested_security_level_);
@@ -688,7 +706,7 @@ CdmResponseType CdmSession::DeleteUsageEntry(uint32_t usage_entry_number) {
return usage_table_header_->DeleteEntry(usage_entry_number,
file_handle_.get(),
&metrics_);
crypto_metrics_);
}
bool CdmSession::IsKeyLoaded(const KeyId& key_id) {
@@ -838,7 +856,7 @@ CdmResponseType CdmSession::DeleteMultipleUsageInformation(
M_TIME(
sts = crypto_session_->DeleteMultipleUsageInformation(
provider_session_tokens),
&metrics_,
crypto_metrics_,
crypto_session_delete_multiple_usage_information_,
sts);
return sts;
@@ -852,7 +870,7 @@ CdmResponseType CdmSession::UpdateUsageTableInformation() {
if (sts == NO_ERROR && usage_support_type == kUsageTableSupport) {
M_TIME(
sts = crypto_session_->UpdateUsageInformation(),
&metrics_,
crypto_metrics_,
crypto_session_update_usage_information_,
sts);
return sts;
@@ -862,7 +880,8 @@ CdmResponseType CdmSession::UpdateUsageTableInformation() {
}
CdmResponseType CdmSession::UpdateUsageEntryInformation() {
if (usage_support_type_ != kUsageEntrySupport) {
if (usage_support_type_ != kUsageEntrySupport ||
!has_provider_session_token()) {
LOGE("CdmSession::UpdateUsageEntryInformation: Unexpected usage type "
"supported: %d", usage_support_type_);
return INCORRECT_USAGE_SUPPORT_TYPE_2;
@@ -900,7 +919,7 @@ CdmResponseType CdmSession::GenericEncrypt(const std::string& in_buffer,
iv,
algorithm,
out_buffer),
&metrics_,
crypto_metrics_,
crypto_session_generic_encrypt_,
sts,
metrics::Pow2Bucket(in_buffer.size()),
@@ -925,7 +944,7 @@ CdmResponseType CdmSession::GenericDecrypt(const std::string& in_buffer,
iv,
algorithm,
out_buffer),
&metrics_,
crypto_metrics_,
crypto_session_generic_decrypt_,
sts,
metrics::Pow2Bucket(in_buffer.size()),
@@ -948,7 +967,7 @@ CdmResponseType CdmSession::GenericSign(const std::string& message,
key_id,
algorithm,
signature),
&metrics_,
crypto_metrics_,
crypto_session_generic_sign_,
sts,
metrics::Pow2Bucket(message.size()),
@@ -967,7 +986,7 @@ CdmResponseType CdmSession::GenericVerify(const std::string& message,
key_id,
algorithm,
signature),
&metrics_,
crypto_metrics_,
crypto_session_generic_verify_,
sts,
metrics::Pow2Bucket(message.size()),