[ Merge of http://go/wvgerrit/110823 ]
DrmDeviceCertificate is the CDM's reduced version of DrmCertificate
used in the backend. With the introduction of ECC, the CDM needs to
extract the signature algorithm to determine how to handle the wrapped
private key used by OEMCrypto post-provisioning.
This change brings the DrmDeviceCertificate in line with the
provisioning service's DrmCertificate message as the new source of
truth.
Bug: 140813486
Test: Compiled proto
Change-Id: I164a1c9266fb74b6cdd0ff35f1986ca032033bba
(cherry picked from commit 667c672c80)
Merged-In: I164a1c9266fb74b6cdd0ff35f1986ca032033bba
Merged from http://go/wvgerrit/114903
There is a potential integer overflow to bypass the
source base size check in decrypt. The source pointer
can then point to the outside of the source buffer,
which could potentially leak arbitrary memory content
to destination pointer.
Test: sts-tradefed
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176496160#testPocBug_176496160
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-17649616064
Bug: 176496160
Bug: 176444786
Change-Id: I0a15d86a87fbf590f39ddf2ce218c83eacb0174e
Merged from http://go/wvgerrit/114903
There is a potential integer overflow to bypass the
source base size check in decrypt. The source pointer
can then point to the outside of the source buffer,
which could potentially leak arbitrary memory content
to destination pointer.
Test: sts-tradefed
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176496160#testPocBug_176496160
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-17649616064
Bug: 176496160
Bug: 176444786
Change-Id: I208e0d5d949e8ef003fcf7d6f129eab66b9b3656
Merged from http://go/wvgerrit/114903
There is a potential integer overflow to bypass the
source base size check in decrypt. The source pointer
can then point to the outside of the source buffer,
which could potentially leak arbitrary memory content
to destination pointer.
Test: sts-tradefed
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176496160#testPocBug_176496160
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-17649616064
Bug: 176496160
Bug: 176444786
Change-Id: I208e0d5d949e8ef003fcf7d6f129eab66b9b3656
[ Merge of http://go/wvgerrit/108904 ]
Client ID name-value fields in the license request share the same
namespace with app parameters and WV standard device information. As
a result, it was possible for applications to provide parameters that
could potentially fool the license server with spoof values.
This CL restricts the use of the fields that are common across both the
Android CDM and CE CDM. Currently, Android specific fields are
restricted by the MediaDrmPlugin layer, and there are no CE CDM
specific fields currently defined.
The non-HIDL DRM plugin does not restrict these fields; however, it
will be removed in S.
Bug: 171723566
Test: Android integration test
Change-Id: I5ad9ead73c5aff712dff8133953de5ddc3296452
[ Merge of http://go/wvgerrit/110603 and http://go/ag/13139808 ]
Qualcomm SoC may report 10085 (RSASSA-PSS signature error) when
OEMCrypto_PrepareAndSignLicenseRequest is called. The app needs to
reprovision (or the user needs to factory reset their device) in order
to recover.
If the 10085 error is returned, the app currently will get a
MediaDrmStateException. The app has no way to be able to tell
whether this is due to the 10085 error or some other error.
This change returns a NEED_PROVISIONING error at the CDM level, which
will result in the app receiving a NotProvisionedException when
MediaDrm.getKeyRequest is called.
Bug: 174375589
Test: GtsMediaTestCases, WV unit/integration tests
Change-Id: I4f2884c8a5fd88ab2e9bfbc0731a20e58cec0f36
