widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Prevent Nonce Flood"

Browse Source
This commit is contained in:
Jeff Tinker
2014-03-21 19:01:23 +00:00
committed by Android (Google) Code Review
parent d898c9e8ca fec3e87167
commit c149538125
2 changed files with 72 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
libwvdrmengine/oemcrypto/mock/src/oemcrypto_mock.cpp
View File

@@ -11,6 +11,7 @@
#include <iostream>
#include <cstring>
#include <stdio.h>
#include <time.h>
#include <string>
#include "log.h"
#include "oemcrypto_engine_mock.h"
@@ -139,11 +140,27 @@ OEMCryptoResult OEMCrypto_GenerateNonce(OEMCrypto_SESSION session,
return OEMCrypto_ERROR_INVALID_SESSION;
}
// Prevent nonce flood.
static time_t last_nonce_time = 0;
static int nonce_count = 0;
time_t now = time(NULL);
if (now == last_nonce_time) {
nonce_count++;
if (nonce_count > 20) {
LOGE("[OEMCrypto_GenerateNonce(): Nonce Flood detected]");
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
}
} else {
nonce_count = 1;
last_nonce_time = now;
}
uint32_t nonce_value;
uint8_t* nonce_string = reinterpret_cast<uint8_t*>(&nonce_value);
// Generate 4 bytes of random data
if (!RAND_bytes(nonce_string, 4)) {
LOGE("[OEMCrypto_GenerateNonce(): Random bytes failure]");
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
}
session_ctx->AddNonce(nonce_value);