widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Skip key padding better

Browse Source 
(This is a merge of http://go/wvgerrit/151112.)

The Widevine CDMs have never validated the padding on AES keys. However,
the code to ignore the padding was unusual and based on the assumption
the keys would always have either 0 or 16 bytes of padding and did not
handle other cases correctly. This patch updates the padding-ignoring
code to just do the obvious thing: Reject keys that are too small and
ignore all extra bytes regardless of count.

Bug: 114159862
Test: x86-64
Change-Id: Ic48010477e4cb5f7d2afbde25cf2f098e3470089
This commit is contained in:
John "Juce" Bruce
2022-04-29 11:19:35 -07:00
committed by John Bruce
parent c9c897408a
commit 30a3da1b83
2 changed files with 21 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
libwvdrmengine/cdm/core/include/wv_cdm_constants.h
View File

@@ -15,6 +15,7 @@ static const size_t KEY_PAD_SIZE = 16;
static const size_t CONTENT_KEY_SIZE = 16;
static const size_t SERVICE_KEY_SIZE = 16;
static const size_t MAC_KEY_SIZE = 32;
static const size_t ENTITLEMENT_KEY_SIZE = 32;
static const size_t KEYBOX_KEY_DATA_SIZE = 72;
static const size_t SRM_REQUIREMENT_SIZE = 12;