diff --git a/libwvdrmengine/Android.bp b/libwvdrmengine/Android.bp index 3ddef22d..1cb3d02c 100644 --- a/libwvdrmengine/Android.bp +++ b/libwvdrmengine/Android.bp @@ -107,10 +107,10 @@ cc_defaults { "android.hardware.drm@1.2", "android.hardware.drm@1.3", "libbase", + "libbinder", "libhidlbase", "liblog", "libutils", - "libbinder", ], } @@ -131,7 +131,6 @@ cc_defaults { "libbase", "libbinder_ndk", "liblog", - "libhwbinder", "libutils", "libwvaidl", ], @@ -261,7 +260,11 @@ cc_binary { srcs: ["aidl_src/service.cpp"], - shared_libs: ["libbinder"], + include_dirs: [ + "frameworks/native/libs/binder/include", + ], + + shared_libs: ["libbinder_ndk"], init_rc: ["aidl_src/android.hardware.drm-service.widevine.rc"], vintf_fragments: ["manifest_android.hardware.drm-service.widevine.xml"], @@ -280,7 +283,11 @@ cc_binary { srcs: ["aidl_src/serviceLazy.cpp"], - shared_libs: ["libbinder"], + include_dirs: [ + "frameworks/native/libs/binder/include", + ], + + shared_libs: ["libbinder_ndk"], init_rc: ["aidl_src/android.hardware.drm-service-lazy.widevine.rc"], vintf_fragments: ["manifest_android.hardware.drm-service.widevine.xml"], @@ -324,7 +331,7 @@ cc_library_static { ], shared_libs: [ - "libbinder", + "libbinder_ndk", "libcrypto", "libhidlbase", "liblog", @@ -358,7 +365,7 @@ cc_library_static { ], shared_libs: [ - "libbinder", + "libbinder_ndk", "libcrypto", "libhidlbase", "liblog", @@ -520,7 +527,6 @@ cc_library_shared { shared_libs: [ "android.hardware.drm-V1-ndk", "libbase", - "libbinder", "libbinder_ndk", "libcrypto", "libcutils", diff --git a/libwvdrmengine/aidl_src/WVDrmFactory.cpp b/libwvdrmengine/aidl_src/WVDrmFactory.cpp index 537409cd..fed48a64 100644 --- a/libwvdrmengine/aidl_src/WVDrmFactory.cpp +++ b/libwvdrmengine/aidl_src/WVDrmFactory.cpp @@ -49,8 +49,7 @@ bool WVDrmFactory::isCryptoSchemeSupported(const Uuid& in_uuid) { const std::vector& in_initData, std::shared_ptr<::aidl::android::hardware::drm::ICryptoPlugin>* _aidl_return) { - const auto& self = android::IPCThreadState::self(); - const char* sid = self->getCallingSid(); + const char* sid = AIBinder_getCallingSid(); sid = sid ? (std::strstr(sid, "mediadrmserver") ? sid : "app") : "nullptr"; ALOGI("[%s] calling %s", sid, __PRETTY_FUNCTION__); @@ -73,8 +72,7 @@ bool WVDrmFactory::isCryptoSchemeSupported(const Uuid& in_uuid) { ::ndk::ScopedAStatus WVDrmFactory::createDrmPlugin( const Uuid& in_uuid, const string& in_appPackageName, std::shared_ptr<::aidl::android::hardware::drm::IDrmPlugin>* _aidl_return) { - const auto& self = ::android::IPCThreadState::self(); - const char* sid = self->getCallingSid(); + const char* sid = AIBinder_getCallingSid(); sid = sid ? (std::strstr(sid, "mediadrmserver") ? sid : "app") : "nullptr"; ALOGI("[%s][%s] calling %s", sid, in_appPackageName.c_str(), __PRETTY_FUNCTION__); diff --git a/libwvdrmengine/aidl_src/service.cpp b/libwvdrmengine/aidl_src/service.cpp index 5670fae2..d6f39630 100644 --- a/libwvdrmengine/aidl_src/service.cpp +++ b/libwvdrmengine/aidl_src/service.cpp @@ -19,7 +19,6 @@ #include #include #include -#include #include "WVCreatePluginFactories.h" #include "WVDrmFactory.h" @@ -31,6 +30,8 @@ int main(int /* argc */, char** /* argv */) { ABinderProcess_setThreadPoolMaxThreadCount(8); std::shared_ptr drmFactory = createDrmFactory(); + AIBinder_setRequestingSid(drmFactory->asBinder().get(), true); + const std::string drmInstance = std::string(WVDrmFactory::descriptor) + "/widevine"; binder_status_t status = AServiceManager_addService( diff --git a/libwvdrmengine/aidl_src/serviceLazy.cpp b/libwvdrmengine/aidl_src/serviceLazy.cpp index 33a082ad..0bbb00d9 100644 --- a/libwvdrmengine/aidl_src/serviceLazy.cpp +++ b/libwvdrmengine/aidl_src/serviceLazy.cpp @@ -19,7 +19,6 @@ #include #include #include -#include #include "WVCreatePluginFactories.h" #include "WVDrmFactory.h" @@ -31,6 +30,8 @@ int main(int /* argc */, char** /* argv */) { ABinderProcess_setThreadPoolMaxThreadCount(8); std::shared_ptr drmFactory = createDrmFactory(); + AIBinder_setRequestingSid(drmFactory->asBinder().get(), true); + const std::string drmInstance = std::string(WVDrmFactory::descriptor) + "/widevine"; binder_status_t status = AServiceManager_registerLazyService( diff --git a/libwvdrmengine/cdm/core/include/certificate_provisioning.h b/libwvdrmengine/cdm/core/include/certificate_provisioning.h index 05c0cad5..8189958b 100644 --- a/libwvdrmengine/cdm/core/include/certificate_provisioning.h +++ b/libwvdrmengine/cdm/core/include/certificate_provisioning.h @@ -82,12 +82,18 @@ class CertificateProvisioning { const std::string& origin, const std::string& spoid, CdmProvisioningRequest* request, std::string* default_url); CdmResponseType GetProvisioning40RequestInternal( - wvutil::FileSystem* file_system, CdmProvisioningRequest* request, + wvutil::FileSystem* file_system, const std::string& origin, + const std::string& spoid, CdmProvisioningRequest* request, std::string* default_url); CdmResponseType FillEncryptedClientId( const std::string& client_token, video_widevine::ProvisioningRequest& provisioning_request, const ServiceCertificate& service_certificate); + CdmResponseType FillEncryptedClientIdWithAdditionalParameter( + const std::string& client_token, + const CdmAppParameterMap& additional_parameter, + video_widevine::ProvisioningRequest& provisioning_request, + const ServiceCertificate& service_certificate); CdmResponseType HandleProvisioning40Response( wvutil::FileSystem* file_system, const std::string& response_message); diff --git a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp index 2f2f2339..50ae4410 100644 --- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp +++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp @@ -57,6 +57,11 @@ const std::string kCpProductionServiceCertificate = wvutil::a2bs_hex( "8598ed5751b38694419242a875d9e00d5a5832933024b934859ec8be78adccbb" "1ec7127ae9afeef9c5cd2e15bd3048e8ce652f7d8c5d595a0323238c598a28"); +// Used in provisioning 4 client identification name value pairs. +const std::string kKeyAppParameterSpoid = "spoid"; +const std::string kKeyAppParameterProviderId = "provider_id"; +const std::string kKeyAppParameterStableId = "stable_id"; + // Retrieves |stored_oem_cert| from |file_handle|, and load the OEM private key // to |crypto_session|. Returns true if all operations are successful. bool RetrieveOemCertificateAndLoadPrivateKey(CryptoSession& crypto_session, @@ -212,7 +217,8 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequestInternal( if (crypto_session_->GetPreProvisionTokenType() == kClientTokenBootCertChain) { - return GetProvisioning40RequestInternal(file_system, request, default_url); + return GetProvisioning40RequestInternal(file_system, origin, spoid, request, + default_url); } // Prepare device provisioning request. @@ -304,7 +310,8 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequestInternal( } CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal( - wvutil::FileSystem* file_system, CdmProvisioningRequest* request, + wvutil::FileSystem* file_system, const std::string& origin, + const std::string& spoid, CdmProvisioningRequest* request, std::string* default_url) { if (!crypto_session_->IsOpen()) { LOGE("Crypto session is not open"); @@ -340,7 +347,27 @@ CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal( } } - CdmResponseType status = NO_ERROR; + // Retrieve the Spoid, but put it to the client identification instead, so it + // is encrypted. + CdmAppParameterMap additional_parameter; + CdmResponseType status = + SetSpoidParameter(origin, spoid, &provisioning_request); + if (status != NO_ERROR) return status; + if (provisioning_request.has_spoid()) { + additional_parameter[kKeyAppParameterSpoid] = provisioning_request.spoid(); + provisioning_request.clear_spoid(); + } + if (provisioning_request.has_provider_id()) { + additional_parameter[kKeyAppParameterProviderId] = + provisioning_request.provider_id(); + provisioning_request.clear_provider_id(); + } + if (provisioning_request.has_stable_id()) { + additional_parameter[kKeyAppParameterStableId] = + provisioning_request.stable_id(); + provisioning_request.clear_stable_id(); + } + if (stored_oem_cert.empty()) { // This is the first stage provisioning. default_url->assign(kProvisioningServerUrl + @@ -354,16 +381,18 @@ CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal( // Since |stored_oem_cert| is empty, the client identification token will be // retrieved from OEMCrypto, which is the BCC in this case. - status = FillEncryptedClientId(stored_oem_cert, provisioning_request, - wv_service_cert); + status = FillEncryptedClientIdWithAdditionalParameter( + stored_oem_cert, additional_parameter, provisioning_request, + wv_service_cert); if (status != NO_ERROR) return status; } else { // This is the second stage provisioning. default_url->assign(kProvisioningServerUrl); // Since |stored_oem_cert| is non-empty, it will be used as the client // identification token. - status = FillEncryptedClientId(stored_oem_cert, provisioning_request, - *service_certificate_); + status = FillEncryptedClientIdWithAdditionalParameter( + stored_oem_cert, additional_parameter, provisioning_request, + *service_certificate_); if (status != NO_ERROR) return status; } @@ -408,6 +437,17 @@ CdmResponseType CertificateProvisioning::GetProvisioning40RequestInternal( CdmResponseType CertificateProvisioning::FillEncryptedClientId( const std::string& client_token, ProvisioningRequest& provisioning_request, const ServiceCertificate& service_certificate) { + CdmAppParameterMap app_parameter; + return FillEncryptedClientIdWithAdditionalParameter( + client_token, app_parameter, provisioning_request, service_certificate); +} + +CdmResponseType +CertificateProvisioning::FillEncryptedClientIdWithAdditionalParameter( + const std::string& client_token, + const CdmAppParameterMap& additional_parameter, + ProvisioningRequest& provisioning_request, + const ServiceCertificate& service_certificate) { if (!crypto_session_->IsOpen()) { return UNKNOWN_ERROR; } @@ -418,8 +458,7 @@ CdmResponseType CertificateProvisioning::FillEncryptedClientId( if (status != NO_ERROR) return status; video_widevine::ClientIdentification client_id; - CdmAppParameterMap app_parameter; - status = id.Prepare(app_parameter, kEmptyString, &client_id); + status = id.Prepare(additional_parameter, kEmptyString, &client_id); if (status != NO_ERROR) return status; if (!service_certificate.has_certificate()) { diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp index c4a65104..2c2c780d 100644 --- a/libwvdrmengine/cdm/core/src/crypto_session.cpp +++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp @@ -2099,6 +2099,11 @@ CdmResponseType CryptoSession::LoadProvisioning( metrics_, oemcrypto_load_provisioning_, status); }); + if (status == OEMCrypto_SUCCESS) { + wrapped_private_key->resize(wrapped_private_key_length); + return NO_ERROR; + } + wrapped_private_key->clear(); return MapOEMCryptoResult(status, LOAD_PROVISIONING_ERROR, "LoadProvisioning"); } @@ -2283,29 +2288,25 @@ bool CryptoSession::GetBuildInformation(RequestedSecurityLevel security_level, RequestedSecurityLevelToString(security_level)); RETURN_IF_UNINITIALIZED(false); RETURN_IF_NULL(info, false); - - OEMCryptoResult build_information; - std::string buf; - size_t buf_length = 0; - WithOecReadLock("GetBuildInformation", [&] { - build_information = - OEMCrypto_BuildInformation(&buf[0], &buf_length, security_level); + size_t info_length = 128; + info->assign(info_length, '\0'); + OEMCryptoResult result = WithOecReadLock("GetBuildInformation", [&] { + return OEMCrypto_BuildInformation(&info->front(), &info_length, + security_level); }); - if (build_information == OEMCrypto_ERROR_SHORT_BUFFER) { - buf.resize(buf_length); - WithOecReadLock("GetBuildInformation Attempt 2", [&] { - build_information = - OEMCrypto_BuildInformation(&buf[0], &buf_length, security_level); + if (result == OEMCrypto_ERROR_SHORT_BUFFER) { + info->assign(info_length, '\0'); + result = WithOecReadLock("GetBuildInformation Attempt 2", [&] { + return OEMCrypto_BuildInformation(&info->front(), &info_length, + security_level); }); } - - if (build_information == OEMCrypto_SUCCESS) { - *info = buf; - } else { - LOGE("Unexpected return value"); + if (result != OEMCrypto_SUCCESS) { + LOGE("GetBuildInformation failed: result = %d", result); + info->clear(); return false; } - + info->resize(info_length); return true; } diff --git a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp index 97c00d65..0a2ecc63 100644 --- a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp +++ b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp @@ -1737,14 +1737,19 @@ OEMCryptoResult OEMCrypto_BuildInformation( if (fcn->BuildInformation_V16 == nullptr) { return OEMCrypto_ERROR_NOT_IMPLEMENTED; } + if (buffer_length == nullptr) return OEMCrypto_ERROR_INVALID_CONTEXT; + if (buffer == nullptr && *buffer_length > 0) + return OEMCrypto_ERROR_INVALID_CONTEXT; + constexpr size_t kMaxBuildInfoLength = 128; const char* build_info = fcn->BuildInformation_V16(); - size_t max_length = strnlen(build_info, 128); - if (*buffer_length < max_length) { - *buffer_length = max_length; + if (build_info == nullptr) return OEMCrypto_ERROR_UNKNOWN_FAILURE; + const size_t build_info_length = strnlen(build_info, kMaxBuildInfoLength); + if (*buffer_length < build_info_length) { + *buffer_length = build_info_length; return OEMCrypto_ERROR_SHORT_BUFFER; } - *buffer_length = max_length; - memcpy(buffer, build_info, *buffer_length); + *buffer_length = build_info_length; + memcpy(buffer, build_info, build_info_length); return OEMCrypto_SUCCESS; } return fcn->BuildInformation(buffer, buffer_length); diff --git a/libwvdrmengine/cdm/test/coverage-test.mk b/libwvdrmengine/cdm/test/coverage-test.mk index d511a072..963ec633 100644 --- a/libwvdrmengine/cdm/test/coverage-test.mk +++ b/libwvdrmengine/cdm/test/coverage-test.mk @@ -9,7 +9,7 @@ HIDL_EXTENSION := _hidl LIB_BINDER := libhidlbase else HIDL_EXTENSION := -LIB_BINDER := libbinder +LIB_BINDER := libbinder_ndk endif LOCAL_LICENSE_CONDITIONS := by_exception_only diff --git a/libwvdrmengine/cdm/test/integration-test.mk b/libwvdrmengine/cdm/test/integration-test.mk index b5638969..3eb314c8 100644 --- a/libwvdrmengine/cdm/test/integration-test.mk +++ b/libwvdrmengine/cdm/test/integration-test.mk @@ -12,7 +12,7 @@ HIDL_EXTENSION := _hidl LIB_BINDER := libhidlbase else HIDL_EXTENSION := -LIB_BINDER := libbinder +LIB_BINDER := libbinder_ndk endif LOCAL_MODULE := $(test_name) diff --git a/libwvdrmengine/cdm/test/unit-test.mk b/libwvdrmengine/cdm/test/unit-test.mk index f0e26743..8b099d9c 100644 --- a/libwvdrmengine/cdm/test/unit-test.mk +++ b/libwvdrmengine/cdm/test/unit-test.mk @@ -12,7 +12,7 @@ HIDL_EXTENSION := _hidl LIB_BINDER := libhidlbase else HIDL_EXTENSION := -LIB_BINDER := libbinder +LIB_BINDER := libbinder_ndk endif LOCAL_MODULE := $(test_name) diff --git a/libwvdrmengine/cdm/util/src/log.cpp b/libwvdrmengine/cdm/util/src/log.cpp index d9fc58ae..c8598bf2 100644 --- a/libwvdrmengine/cdm/util/src/log.cpp +++ b/libwvdrmengine/cdm/util/src/log.cpp @@ -26,7 +26,7 @@ #ifdef IS_HIDL # include #else // AIDL is the default -# include +# include #endif #include #include @@ -82,10 +82,10 @@ uint32_t GetLoggingUid() { return tl_logging_uid_; } uint32_t GetIpcCallingUid() { #ifdef IS_HIDL const auto self = android::hardware::IPCThreadState::selfOrNull(); -#else // AIDL is the default - const auto self = android::IPCThreadState::selfOrNull(); -#endif return self ? self->getCallingUid() : UNKNOWN_UID; +#else // AIDL is the default + return AIBinder_getCallingUid(); +#endif } void InitLogging() {} diff --git a/libwvdrmengine/mediadrm/Android.bp b/libwvdrmengine/mediadrm/Android.bp index 091e5b0e..5552dede 100644 --- a/libwvdrmengine/mediadrm/Android.bp +++ b/libwvdrmengine/mediadrm/Android.bp @@ -102,7 +102,6 @@ cc_library_static { shared_libs: [ "libbase", - "libbinder", "libbinder_ndk", "libcrypto", "liblog", diff --git a/libwvdrmengine/mediadrm/aidl_src/WVDrmPlugin.cpp b/libwvdrmengine/mediadrm/aidl_src/WVDrmPlugin.cpp index 9556a8e0..8600c26d 100644 --- a/libwvdrmengine/mediadrm/aidl_src/WVDrmPlugin.cpp +++ b/libwvdrmengine/mediadrm/aidl_src/WVDrmPlugin.cpp @@ -10,6 +10,7 @@ #include "WVDrmPlugin.h" #include +#include #include #include #include @@ -1634,8 +1635,7 @@ Status WVDrmPlugin::unprovisionDevice() { return toNdkScopedAStatus(Status::BAD_VALUE); } - const auto& self = android::IPCThreadState::self(); - const char* sid = self->getCallingSid(); + const char* sid = AIBinder_getCallingSid(); if (!sid || (!strstr(sid, ":mediashell_app:") && !strstr(sid, ":mediadrmserver:") && !strstr(sid, ":setupwraith_app:"))) { diff --git a/libwvdrmengine/mediadrm/test/Android.mk b/libwvdrmengine/mediadrm/test/Android.mk index f9500ee4..41386199 100644 --- a/libwvdrmengine/mediadrm/test/Android.mk +++ b/libwvdrmengine/mediadrm/test/Android.mk @@ -39,7 +39,7 @@ LOCAL_SHARED_LIBRARIES := \ android.hardware.drm@1.3 \ android.hardware.drm@1.4 \ android.hidl.memory@1.0 \ - libbinder \ + libbinder_ndk \ libbase \ libcrypto \ libdl \ diff --git a/libwvdrmengine/oemcrypto/test/common.mk b/libwvdrmengine/oemcrypto/test/common.mk index 7b3991c9..fb173896 100644 --- a/libwvdrmengine/oemcrypto/test/common.mk +++ b/libwvdrmengine/oemcrypto/test/common.mk @@ -6,7 +6,7 @@ HIDL_EXTENSION := _hidl LIB_BINDER := libhidlbase else HIDL_EXTENSION := -LIB_BINDER := libbinder +LIB_BINDER := libbinder_ndk endif ifeq ($(filter mips mips64, $(TARGET_ARCH)),) diff --git a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp index a01c1fd3..5e6f7ec7 100644 --- a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp +++ b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp @@ -237,6 +237,9 @@ RoundTrip:: // We need to fill in core request and verify signature only for calls other // than OEMCryptoMemory buffer overflow test. Any test other than buffer // overflow will pass true. + if (result == OEMCrypto_SUCCESS) { + gen_signature.resize(gen_signature_length); + } if (!verify_request || result != OEMCrypto_SUCCESS) return result; if (global_features.api_version >= kCoreMessagesAPI) { std::string core_message(reinterpret_cast(data.data()), @@ -466,11 +469,14 @@ OEMCryptoResult ProvisioningRoundTrip::LoadResponse(Session* session) { sizeof(response_data_)); } size_t wrapped_key_length = 0; - const OEMCryptoResult sts = LoadResponseNoRetry(session, &wrapped_key_length); + OEMCryptoResult sts = LoadResponseNoRetry(session, &wrapped_key_length); if (sts != OEMCrypto_ERROR_SHORT_BUFFER) return sts; - wrapped_rsa_key_.clear(); wrapped_rsa_key_.assign(wrapped_key_length, 0); - return LoadResponseNoRetry(session, &wrapped_key_length); + sts = LoadResponseNoRetry(session, &wrapped_key_length); + if (sts == OEMCrypto_SUCCESS) { + wrapped_rsa_key_.resize(wrapped_key_length); + } + return sts; } #ifdef TEST_OEMCRYPTO_V15 @@ -1589,6 +1595,7 @@ void Session::LoadOEMCert(bool verify_cert) { public_cert.resize(public_cert_length); ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_GetOEMPublicCertificate( public_cert.data(), &public_cert_length)); + public_cert.resize(public_cert_length); ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_LoadOEMPrivateKey(session_id())); // The cert is a PKCS7 signed data type. First, parse it into an OpenSSL @@ -1871,6 +1878,8 @@ void Session::UpdateUsageEntry(std::vector* header_buffer) { OEMCrypto_UpdateUsageEntry( session_id(), header_buffer->data(), &header_buffer_length, encrypted_usage_entry_.data(), &entry_buffer_length)); + header_buffer->resize(header_buffer_length); + encrypted_usage_entry_.resize(entry_buffer_length); } void Session::LoadUsageEntry(uint32_t index, const vector& buffer) { @@ -1915,6 +1924,7 @@ void Session::GenerateReport(const std::string& pst, if (expected_result != OEMCrypto_SUCCESS) { return; } + pst_report_buffer_.resize(length); EXPECT_EQ(wvutil::Unpacked_PST_Report::report_size(pst.length()), length); vector computed_signature(SHA_DIGEST_LENGTH); key_deriver_.ClientSignPstReport(pst_report_buffer_, &computed_signature); diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp index c011dcdf..7a2e5147 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp @@ -308,6 +308,9 @@ TEST_F(OEMCryptoClientTest, VersionNumber) { sts = OEMCrypto_BuildInformation(&build_info[0], &buf_length); } ASSERT_EQ(OEMCrypto_SUCCESS, sts); + if (build_info.size() != buf_length) { + build_info.resize(buf_length); + } cout << " BuildInformation: " << build_info << endl; OEMCrypto_WatermarkingSupport support = OEMCrypto_GetWatermarkingSupport(); cout << " WatermarkingSupport: " << support << endl; @@ -484,7 +487,23 @@ TEST_F(OEMCryptoClientTest, CheckNullBuildInformationAPI17) { ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT, sts); size_t buf_length = 0; sts = OEMCrypto_BuildInformation(nullptr, &buf_length); - ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT, sts); + // Previous versions of the test expected the wrong error code. + // Although OEMCrypto_ERROR_INVALID_CONTEXT is still accepted by + // the tests, vendors should return OEMCrypto_ERROR_SHORT_BUFFER if + // |buffer| is null and |buf_length| is zero, assigning + // the correct length to |buf_length|. + // TODO(231514699): Remove case for ERROR_INVALID_CONTEXT. + ASSERT_TRUE(OEMCrypto_ERROR_SHORT_BUFFER == sts || + OEMCrypto_ERROR_INVALID_CONTEXT == sts); + if (sts == OEMCrypto_ERROR_INVALID_CONTEXT) { + printf( + "Warning: OEMCrypto_BuildInformation should return " + "ERROR_SHORT_BUFFER.\n"); + } + if (sts == OEMCrypto_ERROR_SHORT_BUFFER) { + constexpr size_t kZero = 0; + ASSERT_GT(buf_length, kZero); + } } TEST_F(OEMCryptoClientTest, CheckMaxNumberOfSessionsAPI10) { @@ -988,9 +1007,9 @@ TEST_F(OEMCryptoKeyboxTest, NormalGetDeviceId) { uint8_t dev_id[128] = {0}; size_t dev_id_len = 128; sts = OEMCrypto_GetDeviceID(dev_id, &dev_id_len); + ASSERT_EQ(OEMCrypto_SUCCESS, sts); cout << " NormalGetDeviceId: dev_id = " << MaybeHex(dev_id, dev_id_len) << " len = " << dev_id_len << endl; - ASSERT_EQ(OEMCrypto_SUCCESS, sts); } TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryGetDeviceIdForHugeIdLength) { @@ -1133,7 +1152,6 @@ TEST_F(OEMCryptoProv30Test, GetDeviceId) { dev_id.resize(dev_id_len); cout << " NormalGetDeviceId: dev_id = " << MaybeHex(dev_id) << " len = " << dev_id_len << endl; - ASSERT_EQ(OEMCrypto_SUCCESS, sts); } // The OEM certificate must be valid. @@ -1333,6 +1351,9 @@ TEST_F(OEMCryptoProv40Test, GenerateCertificateKeyPairSuccess) { public_key_signature.data(), &public_key_signature_size, wrapped_private_key.data(), &wrapped_private_key_size, &key_type), OEMCrypto_SUCCESS); + public_key.resize(public_key_size); + public_key_signature.resize(public_key_signature_size); + wrapped_private_key.resize(wrapped_private_key_size); // Parse the public key generated to make sure it is correctly formatted. if (key_type == OEMCrypto_PrivateKeyType::OEMCrypto_RSA_Private_Key) { ASSERT_NO_FATAL_FAILURE( @@ -1543,6 +1564,7 @@ class OEMCryptoSessionTests : public OEMCryptoClientTest { &header_buffer_length); if (expect_success) { ASSERT_EQ(OEMCrypto_SUCCESS, sts); + encrypted_usage_header_.resize(header_buffer_length); } else { ASSERT_NE(OEMCrypto_SUCCESS, sts); } @@ -6065,11 +6087,10 @@ TEST_F(OEMCryptoLoadsCertificate, RSAPerformance) { licenseRequest.size()); } - uint8_t* signature = new uint8_t[signature_length]; - sts = OEMCrypto_GenerateRSASignature(s.session_id(), licenseRequest.data(), - licenseRequest.size(), signature, - &signature_length, kSign_RSASSA_PSS); - delete[] signature; + std::vector signature(signature_length, 0); + sts = OEMCrypto_GenerateRSASignature( + s.session_id(), licenseRequest.data(), licenseRequest.size(), + signature.data(), &signature_length, kSign_RSASSA_PSS); ASSERT_EQ(OEMCrypto_SUCCESS, sts); count++; } @@ -6243,7 +6264,7 @@ class OEMCryptoLoadsCertificateAlternates : public OEMCryptoLoadsCertificate { EXPECT_NE(OEMCrypto_SUCCESS, sts) << "Signed with forbidden padding scheme=" << (int)scheme << ", size=" << (int)size; - vector zero(signature_length, 0); + const vector zero(signature.size(), 0); ASSERT_EQ(zero, signature); // signature should not be computed. } @@ -6265,19 +6286,19 @@ class OEMCryptoLoadsCertificateAlternates : public OEMCryptoLoadsCertificate { ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, sts); ASSERT_NE(static_cast(0), signature_length); - uint8_t* signature = new uint8_t[signature_length]; - sts = OEMCrypto_GenerateRSASignature(s.session_id(), licenseRequest.data(), - licenseRequest.size(), signature, - &signature_length, scheme); + std::vector signature(signature_length, 0); + sts = OEMCrypto_GenerateRSASignature( + s.session_id(), licenseRequest.data(), licenseRequest.size(), + signature.data(), &signature_length, scheme); ASSERT_EQ(OEMCrypto_SUCCESS, sts) << "Failed to sign with padding scheme=" << (int)scheme - << ", size=" << (int)size; + << ", size=" << size; + signature.resize(signature_length); ASSERT_NO_FATAL_FAILURE( s.PreparePublicKey(encoded_rsa_key_.data(), encoded_rsa_key_.size())); - ASSERT_NO_FATAL_FAILURE(s.VerifyRSASignature(licenseRequest, signature, - signature_length, scheme)); - delete[] signature; + ASSERT_NO_FATAL_FAILURE(s.VerifyRSASignature( + licenseRequest, signature.data(), signature_length, scheme)); } void DisallowDeriveKeys() { @@ -6622,7 +6643,8 @@ class OEMCryptoCastReceiverTest : public OEMCryptoLoadsCertificateAlternates { ASSERT_EQ(OEMCrypto_SUCCESS, sts) << "Failed to sign with padding scheme=" << (int)scheme - << ", size=" << (int)message.size(); + << ", size=" << message.size(); + signature.resize(signature_length); ASSERT_NO_FATAL_FAILURE( s.PreparePublicKey(encoded_rsa_key_.data(), encoded_rsa_key_.size())); @@ -9393,6 +9415,9 @@ class OEMCryptoUsageTableDefragTest : public OEMCryptoUsageTableTest { new_size, encrypted_usage_header_.data(), &header_buffer_length); // For the second call, we always demand the expected result. ASSERT_EQ(expected_result, sts); + if (sts == OEMCrypto_SUCCESS) { + encrypted_usage_header_.resize(header_buffer_length); + } } }; diff --git a/libwvdrmengine/vts/vendor_module/Android.bp b/libwvdrmengine/vts/vendor_module/Android.bp index c14e1f09..9610dfe6 100644 --- a/libwvdrmengine/vts/vendor_module/Android.bp +++ b/libwvdrmengine/vts/vendor_module/Android.bp @@ -57,7 +57,7 @@ cc_library_shared { shared_libs: [ "libbase", - "libbinder", + "libbinder_ndk", "libcrypto", "liblog", "libssl",