Loosen KCB encryption checks in L3
This is a merge from: https://widevine-internal-review.googlesource.com/c/cdm/+/152372 The L3 source change which produced these libraries is: https://widevine-internal-review.googlesource.com/c/cdm/+/152371/ Original commit message: To address the bug with certain 16.4.x SDK versions returning a clear key control block (KCB) for clients newer than 16.5, the exact version check to determine whether key control blocks are clear or not has been loosened. Original behavior: - ODK version >= 16.5.x --> Assume clear - ODK version <= 16.4.x --> Assume encrypted New behavior: - No KCB IV --> Assume clear - Otherwise --> Assume encrypted This CL also includes a change to oemcrypto/include/OEMCryptoCENC.h The changes to OEMCryptoCENC.h in the CL are comments or variable name change. So it should be safe. This change was merged to wv tm-dev here: https://widevine-internal-review.googlesource.com/c/cdm/+/148411 So, adding it to Android tm-dev. Test: run_level3_static_tests, CdmDecryptTest/CdmTestWithDecryptParam.* against LS SDK 16.4.2 & 17.0 Bug: 232557453 Change-Id: I2bbb5ab3ea33a16bd6c198077e5aefe960737ea0
This commit is contained in:
Cong Lin
@@ -4765,13 +4765,13 @@ OEMCryptoResult OEMCrypto_ShrinkUsageTableHeader(uint32_t new_entry_count,
|
||||
*
|
||||
* @param[out] bcc: pointer to the buffer that receives the serialized boot
|
||||
* certificate chain in CBOR format.
|
||||
* @param[in,out] bcc_size - on input, size of the caller's bcc buffer. On
|
||||
* @param[in,out] bcc_length - on input, size of the caller's bcc buffer. On
|
||||
* output, the number of bytes written into the buffer.
|
||||
* @param[out] additional_signature: pointer to the buffer that receives
|
||||
* additional device key signature (certificate chain). This field is only
|
||||
* used by the signing model where a vendor certificate is available on the
|
||||
* device.
|
||||
* @param[in,out] additional_signature_size - on input, size of the caller's
|
||||
* @param[in,out] additional_signature_length - on input, size of the caller's
|
||||
* additional_signature buffer. On output, the number of bytes written into
|
||||
* the buffer.
|
||||
*
|
||||
@@ -4790,8 +4790,8 @@ OEMCryptoResult OEMCrypto_ShrinkUsageTableHeader(uint32_t new_entry_count,
|
||||
* This method is new in API version 17.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_GetBootCertificateChain(
|
||||
uint8_t* bcc, size_t* bcc_size, uint8_t* additional_signature,
|
||||
size_t* additional_signature_size);
|
||||
uint8_t* bcc, size_t* bcc_length, uint8_t* additional_signature,
|
||||
size_t* additional_signature_length);
|
||||
|
||||
/**
|
||||
* Generates a key pair used in OEM and DRM certificate provisioning. The public
|
||||
@@ -4808,7 +4808,7 @@ OEMCryptoResult OEMCrypto_GetBootCertificateChain(
|
||||
* @param[out] public_key: pointer to the buffer that receives the public key
|
||||
* that is to be certified by the server. The key must be an ASN.1
|
||||
* DER-encoded SubjectPublicKeyInfo as specified in RFC 5280.
|
||||
* @param[in,out] public_key_size: on input, size of the caller's public_key
|
||||
* @param[in,out] public_key_length: on input, size of the caller's public_key
|
||||
* buffer. On output, the number of bytes written into the buffer.
|
||||
* @param[out] public_key_signature: pointer to the buffer that receives the
|
||||
* signature of the public key.
|
||||
@@ -4816,12 +4816,12 @@ OEMCryptoResult OEMCrypto_GetBootCertificateChain(
|
||||
* key. The signature must be in COSE_SIGN1 format as specified in RFC 8152.
|
||||
* If an OEM private key is available: it is signed by the OEM private key.
|
||||
* The signature must be raw signature bytes.
|
||||
* @param[in,out] public_key_signature_size: on input, size of the caller's
|
||||
* @param[in,out] public_key_signature_length: on input, size of the caller's
|
||||
* public_key_signature buffer. On output, the number of bytes written into
|
||||
* the buffer.
|
||||
* @param[out] wrapped_private_key: pointer to the buffer that receives the
|
||||
* encrypted private key. It is encrypted by the device encryption key.
|
||||
* @param[in,out] wrapped_private_key_size: on input, size of the caller's
|
||||
* @param[in,out] wrapped_private_key_length: on input, size of the caller's
|
||||
* wrapped_private_key buffer. On output, the number of bytes written into
|
||||
* the buffer.
|
||||
* @param[out] key_type: the type of the generated key pair (RSA or ECC).
|
||||
@@ -4844,9 +4844,9 @@ OEMCryptoResult OEMCrypto_GetBootCertificateChain(
|
||||
* This method is new in API version 17.
|
||||
*/
|
||||
OEMCryptoResult OEMCrypto_GenerateCertificateKeyPair(
|
||||
OEMCrypto_SESSION session, uint8_t* public_key, size_t* public_key_size,
|
||||
uint8_t* public_key_signature, size_t* public_key_signature_size,
|
||||
uint8_t* wrapped_private_key, size_t* wrapped_private_key_size,
|
||||
OEMCrypto_SESSION session, uint8_t* public_key, size_t* public_key_length,
|
||||
uint8_t* public_key_signature, size_t* public_key_signature_length,
|
||||
uint8_t* wrapped_private_key, size_t* wrapped_private_key_length,
|
||||
OEMCrypto_PrivateKeyType* key_type);
|
||||
|
||||
/// @}
|
||||
|
||||
Reference in New Issue
Block a user