The sc-dev branch on Android is out of sync with several important
changes on the CDM master branch. This changes copies several CLs.
[ Merge of http://go/wvgerrit/104524 ]
OEMCrypto unittest: generic crypto APIs
Add unit tests to verify that generic crypto APIs do not crash for large
input buffer lengths and signature lengths.
[ Merge of http://go/wvgerrit/106583 ]
Fix secure buffer tests in OEMCrypto testbed
The secure buffers were not being used correctly in the testbed, and
were failing OEMCryptoMemoryCopyBufferForHugeBufferLengths.
[ Merge of http://go/wvgerrit/109603 ]
Reject block_offsets of 16 or greater in OEC Ref
This is a potential security hole. We will be enforcing that OEMCrypto
rejects this in an upcoming test, so the Ref must be updated to reject
it.
[ Merge of http://go/wvgerrit/110165 ]
Fix Format String Signedness
See above for full description.
[ Merge of http://go/wvgerrit/111784 ]
Fix heap overflow test in L3 and OEMCrypto ref
Check the length of wrapped_rsa_key_length before casting to
WrappedRSAKey struct.
[ Merge of http://go/wvgerrit/113563 ]
Reword "blacklisted" to "forbidden"
[ Merge of http://go/wvgerrit/113583 ]
Use error code from RAND_bytes
The return code from RAND_bytes was not used correctly.
[ Merge of http://go/wvgerrit/113644 ]
Check for buffer overflow when computing subsample size
The test DecryptCENCForNumBytesClearPlusEncryptedOverflowsSize
cleverly picks num_bytes_clear + num_bytes_encrypted = 1 after integer
overflow. This is in the refernce code, level 3, and odkitee.
[ Merge of http://go/wvgerrit/113683 ]
OEMCrypto reference code: respect analog flags for clear buffers
The reference code should honor the analog_display_active flag for
both clear and secure buffers.
[ Merge of http://go/wvgerrit/114883 ]
Add size check for IV in OEMCrypto APIs
IV is supposed to be 16 bytes but the size is never checked before iv
gets used in LoadProvisioning.
Bug: 145026457
Bug: 147569428
Bug: 159847851
Bug: 162372059
Bug: 169278035
Bug: 169980065
Bug: 173460694
Bug: 173994023
Bug: 174523584
Bug: 175001473
Bug: 175041667
Test: No compiled files changed
Change-Id: If0ccd1cd3a56f72eedd2a6cb202a34bc7b43ca0d
[ Merge of http://go/wvgerrit/115549 ]
Our WV CRC-32 implementation is for CRC-32/MPEG-2 (rather than the
documented CRC-32-IEEE). The OEMCrypto document has been updated to
reflect the reference implementation.
Test: oemcrypto_partner_tests
Bug: 135283522
Change-Id: Iea8fc4ec500aec96bdb27102c51dfcca77d7bffb
[ Merge of http://go/wvgerrit/115548 ]
Create a small set of unittests to verify the functionality of OEM
Certificate.
This adds a test OEM Public Certificate and OEM Private Key.
Bug: 135283522
Test: oemcrypto_unittests
Change-Id: Iaa634543d9cb5005d91f1e7c528bf05b2b0c4d68
[ Merge of http://go/wvgerrit/115547 ]
The functionality of OEM Certificates are being abstracted away. This
is to help with the integration of ECC-based DRM certificates and in
preparation for ECC-based OEM Certificates.
Summary of OEM Certificate functionality:
- Parsing OEM Public Certs (PKCS7 signedData)
- Parsing OEM Private Key (PKCS8 PrivateKey)
- Public cert getter
- Implements most of OEMCrypto_GetOEMPublicCertificate()
- Certificate validation
- Implements most of OEMCrypto_IsKeyboxOrOEMCertValid() for OEM
Certificates
- Checking public-private key pairing
Bug: 135283522
Test: Future CL
Change-Id: Ib9580bd83641865c53dd829ff09b142bf111768c
[ Merge of http://go/wvgerrit/115546 ]
Included a set of unittests for RSA keys which ensure client-server
RSA operations work as expected.
Bug: 135283522
Test: oemcrypto_unittests
Change-Id: I8363a82403d0780f3074a05c64c804e700c2b779
[ Merge of http://go/wvgerrit/115545 ]
This change wraps the RSA key in a public and private key class that is
similar to how ECC keys are wrapped.
This new wrapper replaces deprecated OpenSSL/BoringSSL RSA signing and
signature verification API and uses the generic key digest context for
RSASSA-PSS signatures.
Bug: 135283522
Test: Future CL
Change-Id: Ifff649a3abcca127cc539f937c429c7da8acdcc6
[ Merge of http://go/wvgerrit/114284 ]
The unittests check that the ECC keys are being created as expected
and that they can perform their basic operations.
Bug: 135283522
Test: oemcrypto_unittests
Change-Id: I1bdb26421ba47e1ab135f5ce5a54da304627a7c3
[ Merge of http://go/wvgerrit/117787 ]
The CdmResponseType code CERT_PROVISIONING_RESPONSE_ERROR_9 was
created while the discussion of mapping the other codes to 1.4 HAL
codes. CERT_PROVISIONING_RESPONSE_ERROR_9 should be mapped to the HAL
code PROVISIONING_PARSE_ERROR.
Bug: 180579631
Change-Id: Iba51511bfea3139b3b0d9e3022be17375812b671
This commit is a combination of the following:
* http://go/wvgerrit/117003
* http://go/wvgerrit/118303
Bug: 162255728
Test: MediaDrmTest#testGetLogMessages
Change-Id: I5699b64d5c4bab463e5b587595fa7d324dc1d93f
[ Merge of http://go/wvgerrit/113750 ]
This introduces two classes EccPublicKey and EccPrivateKey which
perform all ECC-specific crypto operations. The main operations
required by ECC are:
- Load/serialize keys from/to X.509 DER formats
- Generate ECC signatures
- Verify ECC signatures
- Derive session keys used by other OEMCrypto operations
These new classes still need to be plugged into rest of the reference
OEMCrypto implementation.
Bug: 135283522
Test: Future CL
Change-Id: Id071cad9129f95a6eb08662322154ba7d1548d40
[ Merge of http://go/wvgerrit/117267 ]
The client will now advertise the ability to handle provisioning errors
by a minor version updated to the provisioning protocol version.
The provisioning service may indicate that the individual device
is revoked or all devices with the same make/model have been revoked.
If the provisoning service has not been upgraded, the protocol version
field in the request will be ignored. The provisioning service/SDK
will respond with an HTTP 400 error to a provisioning request from
a revoked device.
Bug: 174174765
Test: WvCdmRequestLicenseTest.ProvisioningRevocationTest,
WV unit/integration tests
Change-Id: I5ff61496685f310de6704a90452b8b76b3505cbb
[ Merge of http://go/wvgerrit/117266 ]
These changes facilitate communication of provisioning errors from
provisioning service/SDK to the client.
Clients will indicate in the SignedProvisioningMessage whether they
support handling of error information in the ProvisioningResponse.
The provisioning service/SDK can then indicate why the provisioning
request is being rejected.
The protocol_version field from SignedProvisioningMessage has also been
broken into separate protocol version and provisioning type fields.
This will support changes planned for future releases.
Bug: 174174765
Test: WV unit/integration tests
Change-Id: Ic1a41ed8f83b69697300c586a78266fac20298fb
If not argument is given, the app just sits and wait
for stdin input, this can be confusing for the user.
Add logic to display menu if no argument is given.
Test: metrics_dump
display menu
Test: metrics_dump [bugreport from sabrina-q.gz]
display mediadrm and widevine metrics
Test: metrics_dump --mediadrm [adb shell dumpsys media.metrics output]
display mediadrm metrics
Test: metrics_dump --widevine [adb shell dumpsys media.metrics output]
display widevine metrics
Test: metrics_dump [bugreport from sabrina-q.gz] --widevine
display menu because the order is app_name, options, input file
Bug: 180983850
Change-Id: I9b35f782d8f59663661148d3950f89e4724b6bce
Merged-In: I9b35f782d8f59663661148d3950f89e4724b6bce
[ Merge of http://go/wvgerrit/110923 ]
The CDM is responsible for telling OEMCrypto the underlying DRM
private key type when loading it into a session. To do this, the
CDM must determine and store the key type of a successfully loaded
provisioning response. The type of key is available from the
DRM certificate proto that is provided in the reponse.
This change introduces a class to contain the wrapped key and
type together. To store the type, the CDM device files have been
updated to include a key type with the DRM certificate and to
store from and load to the new class.
Unittests have been updated for using the new class where the
wrapped key was used before.
Test: Linux unit tests
Bug: 140813486
Change-Id: I09249afe9c291632fb651ecd00eac697d6939ec7
(cherry picked from commit 6c457402e944079271cef488aa4699f986da6a2e)
Merged-In: I09249afe9c291632fb651ecd00eac697d6939ec7
[ Merge of http://go/wvgerrit/110824 ]
When generating a provisioning request, the CDM includes the different
certificate key types that are supported.
This change will enable the reporting of ECC certificate types if
OEMCrypto supports them.
Test: Linux unit tests and Android integration test
Bug: 140813486
Change-Id: I713ff1c469dff5c8a41461727ce63486d962575e
(cherry picked from commit 547d2f8775)
Merged-In: I713ff1c469dff5c8a41461727ce63486d962575e
[ Merge of http://go/wvgerrit/110823 ]
DrmDeviceCertificate is the CDM's reduced version of DrmCertificate
used in the backend. With the introduction of ECC, the CDM needs to
extract the signature algorithm to determine how to handle the wrapped
private key used by OEMCrypto post-provisioning.
This change brings the DrmDeviceCertificate in line with the
provisioning service's DrmCertificate message as the new source of
truth.
Bug: 140813486
Test: Compiled proto
Change-Id: I164a1c9266fb74b6cdd0ff35f1986ca032033bba
(cherry picked from commit 667c672c80)
Merged-In: I164a1c9266fb74b6cdd0ff35f1986ca032033bba
Merged from http://go/wvgerrit/114903
There is a potential integer overflow to bypass the
source base size check in decrypt. The source pointer
can then point to the outside of the source buffer,
which could potentially leak arbitrary memory content
to destination pointer.
Test: sts-tradefed
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176496160#testPocBug_176496160
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-17649616064
Bug: 176496160
Bug: 176444786
Change-Id: I208e0d5d949e8ef003fcf7d6f129eab66b9b3656
