Merges to android Pi release (part 6)
These are a set of CLs merged from the wv cdm repo to the android repo. * Enable Cast for Android Things build. Author: Thoren Paulson <thoren@google.com> [ Merge of http://go/wvgerrit/29941 ] Added a path to make_cast_libwvlevel3 for Android Things. Added the new system id to the preprocessor guards in android_keybox.cpp. Guarded the references to stderr in page_allocator.cpp because for some reason they don't get resolved when we link against the resulting library. BUG: 63443584 * Resolve memory leaks in use of OpenSSL. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/32700 ] Use of EVP_CIPHER_CTX requires a call to EVP_CIPHER_CTX_cleanup(). * Memory leak in OpenSSL RSA key handling. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/32621 ] This fixes a range of tests. --gtest_filter="CdmDecrypt*" runs five tests and still loses 5 objects totalling 1320 bytes (down from 6200 bytes). * Unit test and mock OEMCrypto memory leaks. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/32640 ] More memory leak cleanup. All remaining leaks are due to calls to CRYPTO_malloc() without the matching free (i.e., calls into openssl). * Clean up memory leaks in tests. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/32600 ] This is the first pass at cleaning up memory leaks. These leaks were affecting a lot of tests, making it hard to identify more serious leaks. Switch to unique_ptr<> pointers for CdmEngine in generic_crypto_unittest tests for FileSystem object in mock OEMCrypto's CryptoEngine object. * Fix broken tests - linux-only & address sanitizer failures. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/32460 ] Fix broken test: WvCdmEnginePreProvTestStaging.ServiceCertificateInitialNoneTest Fix failures found by address sanitizer: DeviceFilesUsageInfoTest.RetrieveByProviderSessionToken DeviceFilesUsageInfoTest.UpdateUsageInfo NOTE: address sanitizer cannot handle EXPECT_CALL macros containing a call with a Contains matcher as an argument, e.g.: EXPECT_CALL(file, Write(Contains(certificate, wrapped_private_key, 0), Gt(certificate.size() + wrapped_private_key.size()))) The address sanitizer reports a crash, issues a report, and stops. A temporary fix is to replace the "Contains()" argument with "_". * Usage license handling corrections Author: Rahul Frias <rfrias@google.com> [ Merge of http://go/wvgerrit/28540 ] Validate that offline licenses that do not contain a provider session token are not handled by the TEE. BUG: 38490468 Test: WV Unit/integration tests, GtsMediaTestCases, WvCdmRequestLicenseTest.ReleaseRetryL3OfflineKeySessionUsageDisabledTest * UsageTableEntry::CopyOldUsageEntry memcpy read out of range. Author: Gene Morgan <gmorgan@google.com> [ Merge of http://go/wvgerrit/32220 ] The function copies the pst from a variable length input vector into a 256 byte character array. But the length argument was a fixed value - MAC_KEY_SIZE. Depending on the actual PST length this can lead to memcpy reading out of bounds or the PST getting truncated. BUG: 71650075 Test: Not currently passing. Will be addressed in a subsequent commit in the chain. Change-Id: I81a4593d7d04d0ef6069ce48d0601b6fbdd85de9
This commit is contained in:
Rahul Frias
@@ -10,11 +10,9 @@
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "counter_metric.h"
|
||||
#include "event_metric.h"
|
||||
#include "metrics.pb.h"
|
||||
#include "OEMCryptoCENC.h"
|
||||
#include "value_metric.h"
|
||||
#include "wv_cdm_types.h"
|
||||
|
||||
// This definition indicates that a given metric does not need timing
|
||||
@@ -88,64 +86,70 @@ class CryptoMetrics {
|
||||
void Serialize(drm_metrics::MetricsGroup* metrics);
|
||||
|
||||
/* CRYPTO SESSION */
|
||||
// TODO(blueeyes): Convert this to crypto_session_default_security_level_.
|
||||
ValueMetric<CdmSecurityLevel> crypto_session_security_level_;
|
||||
CounterMetric<CdmResponseType> crypto_session_delete_all_usage_reports_;
|
||||
CounterMetric<CdmResponseType> crypto_session_delete_multiple_usage_information_;
|
||||
EventMetric<CdmResponseType> crypto_session_delete_all_usage_reports_;
|
||||
EventMetric<CdmResponseType> crypto_session_delete_multiple_usage_information_;
|
||||
EventMetric<CdmResponseType, Pow2Bucket, CdmEncryptionAlgorithm> crypto_session_generic_decrypt_;
|
||||
EventMetric<CdmResponseType, Pow2Bucket, CdmEncryptionAlgorithm> crypto_session_generic_encrypt_;
|
||||
EventMetric<CdmResponseType, Pow2Bucket, CdmSigningAlgorithm> crypto_session_generic_sign_;
|
||||
EventMetric<CdmResponseType, Pow2Bucket, CdmSigningAlgorithm> crypto_session_generic_verify_;
|
||||
CounterMetric<bool> crypto_session_get_device_unique_id_;
|
||||
CounterMetric<bool> crypto_session_get_token_;
|
||||
ValueMetric<double> crypto_session_life_span_;
|
||||
EventMetric<bool> crypto_session_get_device_unique_id_;
|
||||
EventMetric<CdmSecurityLevel> crypto_session_get_security_level_;
|
||||
EventMetric<bool, uint32_t> crypto_session_get_system_id_;
|
||||
EventMetric<bool> crypto_session_get_token_;
|
||||
EventMetric<> crypto_session_life_span_;
|
||||
EventMetric<bool> crypto_session_load_certificate_private_key_;
|
||||
EventMetric<CdmResponseType, SecurityLevel> crypto_session_open_; // This is the requested security level.
|
||||
ValueMetric<uint32_t> crypto_session_system_id_;
|
||||
EventMetric<CdmResponseType, SecurityLevel> crypto_session_open_;
|
||||
EventMetric<CdmResponseType> crypto_session_update_usage_information_;
|
||||
ValueMetric<bool> crypto_session_usage_information_support_;
|
||||
EventMetric<bool> crypto_session_usage_information_support_;
|
||||
/* OEMCRYPTO */
|
||||
ValueMetric<uint32_t> oemcrypto_api_version_;
|
||||
CounterMetric<OEMCryptoResult> oemcrypto_close_session_;
|
||||
EventMetric<OEMCryptoResult, Pow2Bucket> oemcrypto_copy_buffer_;
|
||||
ValueMetric<OEMCrypto_HDCP_Capability> oemcrypto_current_hdcp_capability_;
|
||||
CounterMetric<OEMCryptoResult> oemcrypto_deactivate_usage_entry_;
|
||||
EventMetric<uint32_t, SecurityLevel> oemcrypto_api_version_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_close_session_;
|
||||
EventMetric<OEMCryptoResult, SecurityLevel, Pow2Bucket> oemcrypto_copy_buffer_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_deactivate_usage_entry_;
|
||||
EventMetric<OEMCryptoResult, Pow2Bucket> oemcrypto_decrypt_cenc_;
|
||||
CounterMetric<OEMCryptoResult> oemcrypto_delete_usage_entry_;
|
||||
CounterMetric<OEMCryptoResult> oemcrypto_delete_usage_table_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_delete_usage_entry_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_delete_usage_table_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_derive_keys_from_session_key_;
|
||||
CounterMetric<OEMCryptoResult> oemcrypto_force_delete_usage_entry_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_force_delete_usage_entry_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_generate_derived_keys_;
|
||||
CounterMetric<OEMCryptoResult> oemcrypto_generate_nonce_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_generate_nonce_;
|
||||
EventMetric<OEMCryptoResult, Pow2Bucket> oemcrypto_generate_rsa_signature_;
|
||||
EventMetric<OEMCryptoResult, Pow2Bucket> oemcrypto_generate_signature_;
|
||||
EventMetric<OEMCryptoResult, Pow2Bucket> oemcrypto_generic_decrypt_;
|
||||
EventMetric<OEMCryptoResult, Pow2Bucket> oemcrypto_generic_encrypt_;
|
||||
EventMetric<OEMCryptoResult, Pow2Bucket> oemcrypto_generic_sign_;
|
||||
EventMetric<OEMCryptoResult, Pow2Bucket> oemcrypto_generic_verify_;
|
||||
CounterMetric<OEMCryptoResult> oemcrypto_get_device_id_;
|
||||
EventMetric<OEMCryptoResult, Pow2Bucket> oemcrypto_get_key_data_;
|
||||
CounterMetric<OEMCryptoResult> oemcrypto_get_oem_public_certificate_;
|
||||
CounterMetric<OEMCryptoResult> oemcrypto_get_random_;
|
||||
EventMetric<OEMCryptoResult, SecurityLevel> oemcrypto_get_device_id_;
|
||||
EventMetric<OEMCryptoResult, SecurityLevel> oemcrypto_get_hdcp_capability_;
|
||||
EventMetric<OEMCryptoResult, Pow2Bucket, SecurityLevel> oemcrypto_get_key_data_;
|
||||
EventMetric<OEMCryptoResult, SecurityLevel> oemcrypto_get_max_number_of_sessions_;
|
||||
EventMetric<OEMCryptoResult, SecurityLevel> oemcrypto_get_number_of_open_sessions_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_get_oem_public_certificate_;
|
||||
EventMetric<OEMCrypto_ProvisioningMethod, SecurityLevel> oemcrypto_get_provisioning_method_;
|
||||
EventMetric<OEMCryptoResult, Pow2Bucket> oemcrypto_get_random_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_initialize_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_install_keybox_;
|
||||
ValueMetric<bool> oemcrypto_is_anti_rollback_hw_present_;
|
||||
ValueMetric<bool> oemcrypto_is_keybox_valid_;
|
||||
EventMetric<OEMCryptoResult, SecurityLevel> oemcrypto_install_keybox_;
|
||||
EventMetric<bool, SecurityLevel> oemcrypto_is_anti_rollback_hw_present_;
|
||||
EventMetric<OEMCryptoResult, SecurityLevel> oemcrypto_is_keybox_valid_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_load_device_rsa_key_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_load_keys_;
|
||||
ValueMetric<OEMCrypto_HDCP_Capability> oemcrypto_max_hdcp_capability_;
|
||||
ValueMetric<size_t> oemcrypto_max_number_of_sessions_;
|
||||
ValueMetric<size_t> oemcrypto_number_of_open_sessions_;
|
||||
ValueMetric<OEMCrypto_ProvisioningMethod> oemcrypto_provisioning_method_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_load_test_keybox_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_load_test_rsa_key_;
|
||||
EventMetric<OEMCryptoResult, SecurityLevel> oemcrypto_open_session_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_refresh_keys_;
|
||||
CounterMetric<OEMCryptoResult> oemcrypto_report_usage_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_report_usage_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_rewrap_device_rsa_key_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_rewrap_device_rsa_key_30_;
|
||||
ValueMetric<uint16_t> oemcrypto_security_patch_level_;
|
||||
EventMetric<CdmSecurityLevel, SecurityLevel> oemcrypto_security_level_;
|
||||
EventMetric<uint8_t, SecurityLevel> oemcrypto_security_patch_level_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_select_key_;
|
||||
ValueMetric<bool> oemcrypto_supports_usage_table_;
|
||||
CounterMetric<OEMCryptoResult> oemcrypto_update_usage_table_;
|
||||
EventMetric<OEMCryptoResult, SecurityLevel> oemcrypto_supports_usage_table_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_update_usage_table_;
|
||||
EventMetric<OEMCryptoResult> oemcrypto_wrap_keybox_;
|
||||
|
||||
/* Internal OEMCrypto Metrics */
|
||||
EventMetric<OEMCryptoInitializationMode> oemcrypto_initialization_mode_;
|
||||
EventMetric<uint32_t, uint32_t> oemcrypto_l1_api_version_;
|
||||
};
|
||||
|
||||
// This class contains session-scoped metrics. All properties and
|
||||
@@ -175,10 +179,10 @@ class SessionMetrics {
|
||||
CryptoMetrics* GetCryptoMetrics() { return &crypto_metrics_; }
|
||||
|
||||
// Metrics collected at the session level.
|
||||
ValueMetric<double> cdm_session_life_span_; // Milliseconds.
|
||||
EventMetric<> cdm_session_life_span_;
|
||||
EventMetric<CdmResponseType> cdm_session_renew_key_;
|
||||
CounterMetric<CdmResponseType> cdm_session_restore_offline_session_;
|
||||
CounterMetric<CdmResponseType> cdm_session_restore_usage_session_;
|
||||
EventMetric<CdmResponseType> cdm_session_restore_offline_session_;
|
||||
EventMetric<CdmResponseType> cdm_session_restore_usage_session_;
|
||||
|
||||
// Serialize the session metrics to the provided |metric_group|.
|
||||
// |metric_group| is owned by the caller and must not be null.
|
||||
@@ -191,45 +195,6 @@ class SessionMetrics {
|
||||
CryptoMetrics crypto_metrics_;
|
||||
};
|
||||
|
||||
// This class contains metrics for the OEMCrypto Dynamic Adapter. They are
|
||||
// separated from other metrics because they need to be encapsulated in a
|
||||
// singleton object. This is because the dynamic adapter uses the OEMCrypto
|
||||
// function signatures and contract and cannot be extended to inject
|
||||
// dependencies.
|
||||
//
|
||||
// Operations for this metrics class are serialized since these particular
|
||||
// metrics may be accessed by a separate thread during intialize even as
|
||||
// the metric may be serialized.
|
||||
class OemCryptoDynamicAdapterMetrics {
|
||||
public:
|
||||
explicit OemCryptoDynamicAdapterMetrics();
|
||||
|
||||
// Set methods for OEMCrypto metrics.
|
||||
void SetInitializationMode(OEMCryptoInitializationMode mode);
|
||||
void SetL1ApiVersion(uint32_t version);
|
||||
void SetL1MinApiVersion(uint32_t version);
|
||||
|
||||
// Serialize the session metrics to the provided |metric_group|.
|
||||
// |metric_group| is owned by the caller and must not be null.
|
||||
void Serialize(drm_metrics::MetricsGroup* metric_group);
|
||||
|
||||
// Clears the existing metric values.
|
||||
void Clear();
|
||||
|
||||
private:
|
||||
Lock adapter_lock_;
|
||||
ValueMetric<OEMCryptoInitializationMode> oemcrypto_initialization_mode_;
|
||||
ValueMetric<uint32_t> oemcrypto_l1_api_version_;
|
||||
ValueMetric<uint32_t> oemcrypto_l1_min_api_version_;
|
||||
};
|
||||
|
||||
// This will fetch the singleton instance for dynamic adapter metrics.
|
||||
// This method is safe only if we use C++ 11. In C++ 11, static function-local
|
||||
// initialization is guaranteed to be threadsafe. We return the reference to
|
||||
// avoid non-guaranteed destructor order problems. Effectively, the destructor
|
||||
// is never run for the created instance.
|
||||
OemCryptoDynamicAdapterMetrics& GetDynamicAdapterMetricsInstance();
|
||||
|
||||
// This class contains engine-scoped metrics. All properties and
|
||||
// statistics related to operations within the engine, but outside
|
||||
// the scope of a session are recorded here.
|
||||
@@ -263,39 +228,33 @@ class EngineMetrics {
|
||||
void Serialize(drm_metrics::MetricsGroup* metric_group, bool completed_only,
|
||||
bool clear_serialized_sessions);
|
||||
|
||||
void SetAppPackageName(const std::string& app_package_name);
|
||||
|
||||
// Metrics recorded at the engine level.
|
||||
EventMetric<CdmResponseType> cdm_engine_add_key_;
|
||||
ValueMetric<std::string> cdm_engine_cdm_version_;
|
||||
CounterMetric<CdmResponseType> cdm_engine_close_session_;
|
||||
ValueMetric<int64_t> cdm_engine_creation_time_millis_;
|
||||
EventMetric<CdmResponseType, Pow2Bucket> cdm_engine_decrypt_;
|
||||
CounterMetric<bool> cdm_engine_find_session_for_key_;
|
||||
EventMetric<CdmResponseType> cdm_engine_close_session_;
|
||||
EventMetric<CdmResponseType> cdm_engine_decrypt_;
|
||||
EventMetric<bool> cdm_engine_find_session_for_key_;
|
||||
EventMetric<CdmResponseType> cdm_engine_generate_key_request_;
|
||||
EventMetric<CdmResponseType> cdm_engine_get_provisioning_request_;
|
||||
EventMetric<CdmResponseType> cdm_engine_get_usage_info_;
|
||||
EventMetric<CdmResponseType> cdm_engine_handle_provisioning_response_;
|
||||
ValueMetric<double> cdm_engine_life_span_; // Milliseconds
|
||||
CounterMetric<CdmResponseType> cdm_engine_open_key_set_session_;
|
||||
CounterMetric<CdmResponseType> cdm_engine_open_session_;
|
||||
EventMetric<> cdm_engine_life_span_;
|
||||
EventMetric<CdmResponseType> cdm_engine_open_key_set_session_;
|
||||
EventMetric<CdmResponseType> cdm_engine_open_session_;
|
||||
EventMetric<CdmResponseType> cdm_engine_query_key_status_;
|
||||
CounterMetric<CdmResponseType> cdm_engine_release_all_usage_info_;
|
||||
CounterMetric<CdmResponseType> cdm_engine_release_usage_info_;
|
||||
CounterMetric<CdmResponseType> cdm_engine_remove_keys_;
|
||||
EventMetric<CdmResponseType> cdm_engine_release_all_usage_info_;
|
||||
EventMetric<CdmResponseType> cdm_engine_release_usage_info_;
|
||||
EventMetric<CdmResponseType> cdm_engine_remove_keys_;
|
||||
EventMetric<CdmResponseType> cdm_engine_restore_key_;
|
||||
CounterMetric<CdmResponseType, CdmSecurityLevel> cdm_engine_unprovision_;
|
||||
EventMetric<CdmResponseType, CdmSecurityLevel> cdm_engine_unprovision_;
|
||||
|
||||
private:
|
||||
Lock session_metrics_lock_;
|
||||
std::vector<metrics::SessionMetrics*> session_metrics_list_;
|
||||
CryptoMetrics crypto_metrics_;
|
||||
std::string app_package_name_;
|
||||
|
||||
void SerializeEngineMetrics(drm_metrics::MetricsGroup* out);
|
||||
};
|
||||
|
||||
} // namespace metrics
|
||||
} // namespace wvcdm
|
||||
|
||||
#endif // WVCDM_METRICS_METRICS_GROUP_H_
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user