From daa6f5f73829bfd50f1f60a43d1832c3d65eade2 Mon Sep 17 00:00:00 2001 From: Matt Feddersen Date: Thu, 21 Mar 2024 14:11:23 -0700 Subject: [PATCH] Bump version to 19.1.0 and update OPK changelog Merged from https://widevine-internal-review.googlesource.com/194911 Change-Id: I366df6f46622d6333e7f77cbef3cb5dc9b1d2710 --- libwvdrmengine/oemcrypto/CHANGELOG.md | 49 +++++++++++++++++++ .../oemcrypto/include/OEMCryptoCENC.h | 2 +- .../oemcrypto/test/oemcrypto_basic_test.cpp | 4 +- 3 files changed, 52 insertions(+), 3 deletions(-) diff --git a/libwvdrmengine/oemcrypto/CHANGELOG.md b/libwvdrmengine/oemcrypto/CHANGELOG.md index 449db2c0..d13448ea 100644 --- a/libwvdrmengine/oemcrypto/CHANGELOG.md +++ b/libwvdrmengine/oemcrypto/CHANGELOG.md @@ -2,6 +2,54 @@ [TOC] +## [Version 19.1][v19.1] + +This is a minor release that includes a few security fixes and bug fixes. + +General + +- Change OEMCrypto_FreeSecureBuffer() |output_descriptor| parameter to be +[in,out] type. +- Use strlen() instead of sizeof() to get the length of BUILD_INFO. +- Add OEMCrypto_GetEmbeddedDrmCertificate() definition to OPK, with +OEMCrypto_ERROR_NOT_IMPLEMENTED. +- Remove default.h include file from wtpi_config, which was causing a mismatch +between reported config values and actual config values. +- Remove extra is_debug field and trailing comma from BuildInformation. +- Reduce trusted clock skew on restarts in wtpi_reference implementation. +- Remove -Wno-unused-parameter cflag. +- Increase transport buffer size from 32K to 34K to accommodate larger buffer +requirements from OEMCrypto_LoadProvisioning +- Fix BCC payload item count in wtpi_reference +- Add WTPI_DeriveNewAsymmetricKeyHandle() and +WTPI_CreateUDSDerivedAsymmetricKeyHandle() to wtpi_provisioning_4_interface.h. +These implementations are only required if you are using +wtpi_reference/wtpi_provisioning_4.c. + +OPK serialization layer + +- Avoid writing any value to output parameters if the OEMCryptoResult is not +OEMCrypto_SUCCESS. (Applies to [out] type only. Not [in] or [in,out]). This +avoids subtle bugs where the serialization logic may unexpectedly modify (eg +set to 0) an output parameter on failure. +- Initialize pointers in a few corner cases. + +Tests + +- Fix default cipher mode for CAS unit test. +- Skip entitlement session tests that are only supported on CAS devices. +- Don't force decrypt count to increase in unit tests. +- Skip some cast tests if not supported. + +OP-TEE port changes + +- Fix memory leaks on failure cases in AES decrypt, RSA key creation, and ECC +key creation. +- Check incoming message size from REE to avoid OOB. +- Generate ECC keypair and zero pad appropriately. +- Add file existence check in RPMB impl. +- Cleanup keybox and key handles consistently after use. + ## [Version 19.0][v19.0] This is the initial release of OPK v19.0, which implements OEMCrypto v19.0. @@ -542,3 +590,4 @@ Public release for OEMCrypto API and ODK library version 16.4. [v18.3]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v18.3 [v18.4]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v18.4 [v19.0]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v19.0 +[v19.1]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v19.1 diff --git a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h index a1f25831..f845a876 100644 --- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h +++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h @@ -3,7 +3,7 @@ // License Agreement. /** - * @mainpage OEMCrypto API v19.0 + * @mainpage OEMCrypto API v19.1 * * OEMCrypto is the low level library implemented by the OEM to provide key and * content protection, usually in a separate secure memory or process space. The diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_basic_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_basic_test.cpp index ef0f18ae..0d669262 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_basic_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_basic_test.cpp @@ -180,7 +180,7 @@ TEST_F(OEMCryptoClientTest, FreeUnallocatedSecureBufferNoFailure) { */ TEST_F(OEMCryptoClientTest, VersionNumber) { const std::string log_message = - "OEMCrypto unit tests for API 19.0. Tests last updated 2023-12-14"; + "OEMCrypto unit tests for API 19.1. Tests last updated 2024-03-25"; cout << " " << log_message << "\n"; cout << " " << "These tests are part of Android U." @@ -189,7 +189,7 @@ TEST_F(OEMCryptoClientTest, VersionNumber) { // If any of the following fail, then it is time to update the log message // above. EXPECT_EQ(ODK_MAJOR_VERSION, 19); - EXPECT_EQ(ODK_MINOR_VERSION, 0); + EXPECT_EQ(ODK_MINOR_VERSION, 1); EXPECT_EQ(kCurrentAPI, static_cast(ODK_MAJOR_VERSION)); OEMCrypto_Security_Level level = OEMCrypto_SecurityLevel(); EXPECT_GT(level, OEMCrypto_Level_Unknown);