widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Loosen KCB encryption checks in L3

Browse Source 
This is a merge from:
https://widevine-internal-review.googlesource.com/c/cdm/+/152372

The L3 source change which produced these libraries is:
https://widevine-internal-review.googlesource.com/c/cdm/+/152371/

Original commit message:
To address the bug with certain 16.4.x SDK versions returning a
clear key control block (KCB) for clients newer than 16.5, the
exact version check to determine whether key control blocks are
clear or not has been loosened.

Original behavior:
- ODK version >= 16.5.x --> Assume clear
- ODK version <= 16.4.x --> Assume encrypted
New behavior:
- No KCB IV --> Assume clear
- Otherwise --> Assume encrypted

This CL also includes a change to oemcrypto/include/OEMCryptoCENC.h
The changes to OEMCryptoCENC.h in the CL are comments or variable name
change. So it should be safe.
This change was merged to wv tm-dev here:
https://widevine-internal-review.googlesource.com/c/cdm/+/148411
So, adding it to Android tm-dev.

Test: run_level3_static_tests, CdmDecryptTest/CdmTestWithDecryptParam.* against LS SDK 16.4.2 & 17.0
Bug: 232557453
Change-Id: I2bbb5ab3ea33a16bd6c198077e5aefe960737ea0
This commit is contained in:
Cong Lin
2022-05-20 15:09:19 -07:00
parent 186e489562
commit 9935fae50d
5 changed files with 294600 additions and 294355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155871
libwvdrmengine/level3/arm/libl3oemcrypto.cpp
View File

File diff suppressed because it is too large Load Diff

152611
libwvdrmengine/level3/arm64/libl3oemcrypto.cpp
View File

File diff suppressed because it is too large Load Diff

143985
libwvdrmengine/level3/x86/libl3oemcrypto.cpp
View File

File diff suppressed because it is too large Load Diff

136468
libwvdrmengine/level3/x86_64/libl3oemcrypto.cpp
View File

File diff suppressed because it is too large Load Diff

20
libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
View File

@@ -4765,13 +4765,13 @@ OEMCryptoResult OEMCrypto_ShrinkUsageTableHeader(uint32_t new_entry_count,
*
* @param[out] bcc: pointer to the buffer that receives the serialized boot
* certificate chain in CBOR format.
* @param[in,out] bcc_size - on input, size of the caller's bcc buffer. On
* @param[in,out] bcc_length - on input, size of the caller's bcc buffer. On
* output, the number of bytes written into the buffer.
* @param[out] additional_signature: pointer to the buffer that receives
* additional device key signature (certificate chain). This field is only
* used by the signing model where a vendor certificate is available on the
* device.
* @param[in,out] additional_signature_size - on input, size of the caller's
* @param[in,out] additional_signature_length - on input, size of the caller's
* additional_signature buffer. On output, the number of bytes written into
* the buffer.
*
@@ -4790,8 +4790,8 @@ OEMCryptoResult OEMCrypto_ShrinkUsageTableHeader(uint32_t new_entry_count,
* This method is new in API version 17.
*/
OEMCryptoResult OEMCrypto_GetBootCertificateChain(
uint8_t* bcc, size_t* bcc_size, uint8_t* additional_signature,
size_t* additional_signature_size);
uint8_t* bcc, size_t* bcc_length, uint8_t* additional_signature,
size_t* additional_signature_length);
/**
* Generates a key pair used in OEM and DRM certificate provisioning. The public
@@ -4808,7 +4808,7 @@ OEMCryptoResult OEMCrypto_GetBootCertificateChain(
* @param[out] public_key: pointer to the buffer that receives the public key
* that is to be certified by the server. The key must be an ASN.1
* DER-encoded SubjectPublicKeyInfo as specified in RFC 5280.
* @param[in,out] public_key_size: on input, size of the caller's public_key
* @param[in,out] public_key_length: on input, size of the caller's public_key
* buffer. On output, the number of bytes written into the buffer.
* @param[out] public_key_signature: pointer to the buffer that receives the
* signature of the public key.
@@ -4816,12 +4816,12 @@ OEMCryptoResult OEMCrypto_GetBootCertificateChain(
* key. The signature must be in COSE_SIGN1 format as specified in RFC 8152.
* If an OEM private key is available: it is signed by the OEM private key.
* The signature must be raw signature bytes.
* @param[in,out] public_key_signature_size: on input, size of the caller's
* @param[in,out] public_key_signature_length: on input, size of the caller's
* public_key_signature buffer. On output, the number of bytes written into
* the buffer.
* @param[out] wrapped_private_key: pointer to the buffer that receives the
* encrypted private key. It is encrypted by the device encryption key.
* @param[in,out] wrapped_private_key_size: on input, size of the caller's
* @param[in,out] wrapped_private_key_length: on input, size of the caller's
* wrapped_private_key buffer. On output, the number of bytes written into
* the buffer.
* @param[out] key_type: the type of the generated key pair (RSA or ECC).
@@ -4844,9 +4844,9 @@ OEMCryptoResult OEMCrypto_GetBootCertificateChain(
* This method is new in API version 17.
*/
OEMCryptoResult OEMCrypto_GenerateCertificateKeyPair(
OEMCrypto_SESSION session, uint8_t* public_key, size_t* public_key_size,
uint8_t* public_key_signature, size_t* public_key_signature_size,
uint8_t* wrapped_private_key, size_t* wrapped_private_key_size,
OEMCrypto_SESSION session, uint8_t* public_key, size_t* public_key_length,
uint8_t* public_key_signature, size_t* public_key_signature_length,
uint8_t* wrapped_private_key, size_t* wrapped_private_key_length,
OEMCrypto_PrivateKeyType* key_type);
/// @}