widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync Android reference with CDM reference.

Browse Source 
The sc-dev branch on Android is out of sync with several important
changes on the CDM master branch.  This changes copies several CLs.

[ Merge of http://go/wvgerrit/104524 ]

OEMCrypto unittest: generic crypto APIs

Add unit tests to verify that generic crypto APIs do not crash for large
input buffer lengths and signature lengths.

[ Merge of http://go/wvgerrit/106583 ]

Fix secure buffer tests in OEMCrypto testbed

The secure buffers were not being used correctly in the testbed, and
were failing OEMCryptoMemoryCopyBufferForHugeBufferLengths.

[ Merge of http://go/wvgerrit/109603 ]

Reject block_offsets of 16 or greater in OEC Ref

This is a potential security hole. We will be enforcing that OEMCrypto
rejects this in an upcoming test, so the Ref must be updated to reject
it.

[ Merge of http://go/wvgerrit/110165 ]

Fix Format String Signedness

See above for full description.

[ Merge of http://go/wvgerrit/111784 ]

Fix heap overflow test in L3 and OEMCrypto ref

Check the length of wrapped_rsa_key_length before casting to
WrappedRSAKey struct.

[ Merge of http://go/wvgerrit/113563 ]

Reword "blacklisted" to "forbidden"

[ Merge of http://go/wvgerrit/113583 ]

Use error code from RAND_bytes

The return code from RAND_bytes was not used correctly.

[ Merge of http://go/wvgerrit/113644 ]

Check for buffer overflow when computing subsample size

The test DecryptCENCForNumBytesClearPlusEncryptedOverflowsSize
cleverly picks num_bytes_clear + num_bytes_encrypted = 1 after integer
overflow. This is in the refernce code, level 3, and odkitee.

[ Merge of http://go/wvgerrit/113683 ]

OEMCrypto reference code: respect analog flags for clear buffers

The reference code should honor the analog_display_active flag for
both clear and secure buffers.

[ Merge of http://go/wvgerrit/114883 ]

Add size check for IV in OEMCrypto APIs

IV is supposed to be 16 bytes but the size is never checked before iv
gets used in LoadProvisioning.

Bug: 145026457
Bug: 147569428
Bug: 159847851
Bug: 162372059
Bug: 169278035
Bug: 169980065
Bug: 173460694
Bug: 173994023
Bug: 174523584
Bug: 175001473
Bug: 175041667
Test: No compiled files changed
Change-Id: If0ccd1cd3a56f72eedd2a6cb202a34bc7b43ca0d
This commit is contained in:
Alex Dale
2021-02-19 17:16:32 -08:00
parent eb56801fdb
commit 23f7cd60a7
5 changed files with 167 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
libwvdrmengine/oemcrypto/ref/src/oemcrypto_usage_table_ref.cpp
View File

@@ -209,7 +209,10 @@ OEMCryptoResult UsageTableEntry::SaveData(CryptoEngine* ce,
}
// Encrypt the entry.
RAND_bytes(encrypted->iv, wvoec::KEY_IV_SIZE);
if (RAND_bytes(encrypted->iv, wvoec::KEY_IV_SIZE) != 1) {
LOGE("SaveUsageEntry: Could not generate iv.");
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
}
uint8_t iv_buffer[wvoec::KEY_IV_SIZE]; // working iv buffer.
memcpy(iv_buffer, encrypted->iv, wvoec::KEY_IV_SIZE);
AES_KEY aes_key;
@@ -292,7 +295,7 @@ OEMCryptoResult UsageTableEntry::LoadData(CryptoEngine* ce, uint32_t index,
// Check that the index is correct.
if (index != clear->data.index) {
LOGE("LoadUsageEntry: entry says index is %d, not %d", clear->data.index,
LOGE("LoadUsageEntry: entry says index is %u, not %u", clear->data.index,
index);
return OEMCrypto_ERROR_INVALID_SESSION;
}
@@ -386,7 +389,7 @@ OEMCryptoResult UsageTable::LoadUsageEntry(
if (index >= generation_numbers_.size())
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
if (sessions_[index]) {
LOGE("LoadUsageEntry: index %d used by other session.", index);
LOGE("LoadUsageEntry: index %u used by other session.", index);
return OEMCrypto_ERROR_INVALID_SESSION;
}
const size_t max = ce_->max_usage_table_size();
@@ -479,7 +482,10 @@ OEMCryptoResult UsageTable::SaveUsageTableHeader(uint8_t* signed_buffer,
}
// Encrypt the entry.
RAND_bytes(encrypted->iv, wvoec::KEY_IV_SIZE);
if (RAND_bytes(encrypted->iv, wvoec::KEY_IV_SIZE) != 1) {
LOGE("SaveUsageHeader: Could not generate iv entry.");
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
}
uint8_t iv_buffer[wvoec::KEY_IV_SIZE]; // working iv buffer.
memcpy(iv_buffer, encrypted->iv, wvoec::KEY_IV_SIZE);
AES_KEY aes_key;
@@ -667,9 +673,8 @@ bool UsageTable::LoadGenerationNumber(bool or_make_new_one) {
auto file = file_system->Open(filename, wvcdm::FileSystem::kReadOnly);
if (!file) {
if (or_make_new_one) {
RAND_bytes(reinterpret_cast<uint8_t*>(&master_generation_number_),
sizeof(int64_t));
return true;
return RAND_bytes(reinterpret_cast<uint8_t*>(&master_generation_number_),
sizeof(int64_t)) == 1;
}
LOGE("UsageTable: File open failed: %s (clearing table)", path.c_str());
master_generation_number_ = 0;