Sync Android reference with CDM reference.

The sc-dev branch on Android is out of sync with several important changes on the CDM master branch. This changes copies several CLs. [ Merge of http://go/wvgerrit/104524 ] OEMCrypto unittest: generic crypto APIs Add unit tests to verify that generic crypto APIs do not crash for large input buffer lengths and signature lengths. [ Merge of http://go/wvgerrit/106583 ] Fix secure buffer tests in OEMCrypto testbed The secure buffers were not being used correctly in the testbed, and were failing OEMCryptoMemoryCopyBufferForHugeBufferLengths. [ Merge of http://go/wvgerrit/109603 ] Reject block_offsets of 16 or greater in OEC Ref This is a potential security hole. We will be enforcing that OEMCrypto rejects this in an upcoming test, so the Ref must be updated to reject it. [ Merge of http://go/wvgerrit/110165 ] Fix Format String Signedness See above for full description. [ Merge of http://go/wvgerrit/111784 ] Fix heap overflow test in L3 and OEMCrypto ref Check the length of wrapped_rsa_key_length before casting to WrappedRSAKey struct. [ Merge of http://go/wvgerrit/113563 ] Reword "blacklisted" to "forbidden" [ Merge of http://go/wvgerrit/113583 ] Use error code from RAND_bytes The return code from RAND_bytes was not used correctly. [ Merge of http://go/wvgerrit/113644 ] Check for buffer overflow when computing subsample size The test DecryptCENCForNumBytesClearPlusEncryptedOverflowsSize cleverly picks num_bytes_clear + num_bytes_encrypted = 1 after integer overflow. This is in the refernce code, level 3, and odkitee. [ Merge of http://go/wvgerrit/113683 ] OEMCrypto reference code: respect analog flags for clear buffers The reference code should honor the analog_display_active flag for both clear and secure buffers. [ Merge of http://go/wvgerrit/114883 ] Add size check for IV in OEMCrypto APIs IV is supposed to be 16 bytes but the size is never checked before iv gets used in LoadProvisioning. Bug: 145026457 Bug: 147569428 Bug: 159847851 Bug: 162372059 Bug: 169278035 Bug: 169980065 Bug: 173460694 Bug: 173994023 Bug: 174523584 Bug: 175001473 Bug: 175041667 Test: No compiled files changed Change-Id: If0ccd1cd3a56f72eedd2a6cb202a34bc7b43ca0d
2021-02-19 17:16:32 -08:00
parent eb56801fdb
commit 23f7cd60a7
5 changed files with 167 additions and 110 deletions
--- a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_session.cpp
+++ b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_session.cpp
@@ -303,9 +303,12 @@ bool SessionContext::RSADeriveKeys(
    LOGE("[RSADeriveKeys(): no RSA key set]");
    return false;
  }
-  if (enc_session_key.size() != static_cast<size_t>(RSA_size(rsa_key()))) {
-    LOGE("[RSADeriveKeys(): encrypted session key wrong size:%zu, expected %d]",
-         enc_session_key.size(), RSA_size(rsa_key()));
+  const size_t actual_key_size = static_cast<size_t>(RSA_size(rsa_key()));
+  if (enc_session_key.size() != actual_key_size) {
+    LOGE(
+        "[RSADeriveKeys(): encrypted session key wrong size: %zu, expected "
+        "%zu]",
+        enc_session_key.size(), actual_key_size);
    dump_boringssl_error();
    return false;
  }
@@ -806,8 +809,8 @@ OEMCryptoResult SessionContext::LoadKeysNoSignature(
      LOGW("[LoadKeys: SRM Version is too small %u, required: %u",
           current_version, minimum_version);
      srm_requirements_status_ = InvalidSRMVersion;
-    } else if (ce_->srm_blacklisted_device_attached()) {
-      LOGW("[LoadKeys: SRM blacklisted device attached]");
+    } else if (ce_->srm_forbidden_device_attached()) {
+      LOGW("[LoadKeys: SRM forbidden device attached]");
      srm_requirements_status_ = InvalidSRMVersion;
    } else {
      LOGI("[LoadKeys: SRM Versions is %u, required: %u]", current_version,
@@ -1193,6 +1196,36 @@ OEMCryptoResult SessionContext::CheckKeyUse(const std::string& log_string,
      return OEMCrypto_ERROR_DECRYPT_FAILED;
    }
  }
+  if (!ce_->config_local_display_only()) {
+    // Only look at HDCP restrictions if the display can be non-local.
+    if (control.control_bits() & wvoec::kControlHDCPRequired) {
+      uint8_t required_hdcp =
+          (control.control_bits() & wvoec::kControlHDCPVersionMask) >>
+          wvoec::kControlHDCPVersionShift;
+      if (ce_->srm_forbidden_device_attached()) {
+        required_hdcp = HDCP_NO_DIGITAL_OUTPUT;
+      }
+      // For reference implementation, we pretend we can handle the current
+      // HDCP version.
+      if (required_hdcp > ce_->config_current_hdcp_capability() ||
+          ce_->config_current_hdcp_capability() == 0) {
+        return OEMCrypto_ERROR_INSUFFICIENT_HDCP;
+      }
+    }
+  }
+  // Return an error if analog displays should be disabled.
+  if ((control.control_bits() & wvoec::kControlDisableAnalogOutput) &&
+      ce_->analog_display_active()) {
+    LOGE("[%s(): control bit says disable analog", log_string.c_str());
+    return OEMCrypto_ERROR_ANALOG_OUTPUT;
+  }
+  // Check if CGMS is required.
+  if (control.control_bits() & wvoec::kControlCGMSMask) {
+    if (ce_->analog_display_active() && !ce_->cgms_a_active()) {
+      LOGE("[%s(): control bit says CGMS required", log_string.c_str());
+      return OEMCrypto_ERROR_ANALOG_OUTPUT;
+    }
+  }
  if (!decrypt_started_) {
    // The reference implementation does not have a hardware timer.
    uint64_t* timer_expiration = nullptr;
@@ -1207,44 +1240,6 @@ OEMCryptoResult SessionContext::CheckKeyUse(const std::string& log_string,
    if (result == ODK_TIMER_EXPIRED) return OEMCrypto_ERROR_KEY_EXPIRED;
    if (usage_entry_ != nullptr) usage_entry_->set_recent_decrypt(true);
  }
-  if (!ce_->config_local_display_only()) {
-    // Only look at HDCP restrictions if the display can be non-local.
-    if (control.control_bits() & wvoec::kControlHDCPRequired) {
-      uint8_t required_hdcp =
-          (control.control_bits() & wvoec::kControlHDCPVersionMask) >>
-          wvoec::kControlHDCPVersionShift;
-      if (ce_->srm_blacklisted_device_attached()) {
-        required_hdcp = HDCP_NO_DIGITAL_OUTPUT;
-      }
-      // For reference implementation, we pretend we can handle the current
-      // HDCP version.
-      if (required_hdcp > ce_->config_current_hdcp_capability() ||
-          ce_->config_current_hdcp_capability() == 0) {
-        return OEMCrypto_ERROR_INSUFFICIENT_HDCP;
-      }
-    }
-  }
-  // If the output buffer is clear, then we cannot control whether the output is
-  // an active analog display.  In that case, return an error if analog displays
-  // should be disabled.
-  if ((control.control_bits() & wvoec::kControlDisableAnalogOutput) &&
-      (ce_->analog_display_active() ||
-       (buffer_type == OEMCrypto_BufferType_Clear))) {
-    LOGE("[%s(): control bit says disable analog", log_string.c_str());
-    return OEMCrypto_ERROR_ANALOG_OUTPUT;
-  }
-  // Check if CGMS is required.
-  if (control.control_bits() & wvoec::kControlCGMSMask) {
-    // We can't control CGMS for a clear buffer.
-    if (buffer_type == OEMCrypto_BufferType_Clear) {
-      LOGE("[%s(): CGMS required, but buffer is clear", log_string.c_str());
-      return OEMCrypto_ERROR_ANALOG_OUTPUT;
-    }
-    if (ce_->analog_display_active() && !ce_->cgms_a_active()) {
-      LOGE("[%s(): control bit says CGMS required", log_string.c_str());
-      return OEMCrypto_ERROR_ANALOG_OUTPUT;
-    }
-  }
  decrypt_started_ = true;  // First playback for session.
  return OEMCrypto_SUCCESS;
 }
@@ -1761,6 +1756,8 @@ OEMCryptoResult SessionContext::DecryptCTR(const uint8_t* key_u8,
                                           const uint8_t* cipher_data,
                                           size_t cipher_data_length,
                                           uint8_t* clear_data) {
+  if (block_offset >= AES_BLOCK_SIZE) return OEMCrypto_ERROR_INVALID_CONTEXT;
+
  // Local copy (will be modified).
  // Allocated as 64-bit ints to enforce 64-bit alignment for later access as a
  // 64-bit value.