[ Merge of http://go/wvgerrit/119843 ]
Creation and expiration times are extracted from the device DRM
certificate. They are reported as
* -1 if not set in the proto
* 0 if unlimited
* positive number otherwise
Bug: 169740403
Test: WV unit, integraiton tests
Change-Id: I9463954dfeb82b6a88ff5d608ed74d20f2424e83
[ Merge of http://go/wvgerrit/119684 ]
This allows for a default DRM certificate that includes an expiration
time and a legacy one without for each app+origin specific identifier.
Existing offline licenses/secure stops are not associated with a
certificate, and so we cannot delete legacy certificates even after
fetching a new one. New offline licenses/secure stops will be associated
with certificate information, so we will not have this problem going
forward.
Bug: 169740403
Test: WV unit/integration tests
Change-Id: I0f08f6bf98775fd43927243dc4a9f75f21bfbbcc
[ Merge of http://go/wvgerrit/119644 ]
This change includes additional fields in DeviceCertificate, License and
UsageInfo.
New DRM certificate will include a creation and expiration time.
In addition acquisition_time_seconds will allow the client to calulate
expiration time even when client and provisioning service clocks
are not in sync.
expiration_time_seconds will allow clients to expire DRM certificates
that do include an expiration time. A random value within a window
(4-8 months after update) will be calculated to avoid
a provisioning storm.
Drm certificate will be added to offline licenses. In a future release,
licenses will be removed on expiry and the certification information
that needs to be sent to the license service will be reduced.
This should reduce space overhead.
UsageInfo will use a certificate cache in case multiple usage info
entries use the same DRM certificate.
Bug: 169740403
Test: WV unit/integration tests
Change-Id: I2f34a1df526fa8168162a1b1ea930a2f257b87cd
[ Merge of http://go/wvgerrit/119804 ]
The coverage framework used by Android requires the process to call
exit() for coverage information to be dumped after the tests.
Android unit tests have been adapted to use the a new main module.
The core test_main.cpp used by integration tests has been updated to
call exit().
Bug: 138941105
Test: Linux and Android unittests
Change-Id: Ifffc7b8290c50dffe527738a36547c1d2fb90bd3
[ Merge of http://go/wvgerrit/119230 ]
This patch adds an annotation to the one place in the codebase where we
intentionally fall through between switch statement cases, in order to
appease stricter compilers.
Bug: 182058081
Test: compile, WV unit/integration tests
Change-Id: I004a6a6e61681fcf22c6bf25d9b0284b8b64e776
[ Merge of http://go/wvgerrit/119564 ]
This closes a crypto session when the provisioning request fails. We
cannot be as eager when handling the response as the app may have
multiple simultaneous provisioning attempts in flight. In this case
all provisioning responses except the one associated with the last
request will fail. If we close the session on error, even the one
associated with the last request may fail.
Bug: 180986725
Test: WV unit/integration tests
Change-Id: Ic3d33a374e442b5bf040e345bed829d91c4ef1dc
[ Merge of http://go/wvgerrit/119563 ]
This also increases the max log size from 1024 to 5120
Bug: 181642154
Test: WV unit/integration tests
Change-Id: Ifae90354dad1165f4d9fa3c9fe33a4dc14df1270
[ Merge of http://go/wvgerrit/118563 ]
Sync with the latest version of drm_certificate.proto to add in
certificate expiry time. Add in signed_drm_certificate.proto and remove
messages from device_certificate.proto.
SignedDrmDeviceCertificate and DrmDeviceCertificate are now named
SignedDrmCertificate and DrmCertificate. This necessitated non-proto
changes.
Bug: 169740403
Test: WV unit/integration tests
Change-Id: Ie5969ac7217a25eb075a41df59b77da2becd4545
The shared memory buffer used by srcPtr can be freed by another
thread because it is not protected by a mutex. Subsequently,
a use after free AIGABRT can occur in a race condition.
SafetyNet logging is not added to avoid log spamming. The
mutex lock is called to setup for decryption, which is
called frequently.
The crash was reproduced on the device before the fix.
Verified the test passes after the fix.
Test: sts
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176495665#testPocBug_176495665
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-176495665_sts64
Bug: 176495665
Bug: 176444161
Change-Id: Ie1aca0ceacb4b7a1b6e473b823541607a36d8cb4
Merged-In: If62b73a9c636048f942a2fc63a13b5bfd1e57b86
The shared memory buffer used by srcPtr can be freed by another
thread because it is not protected by a mutex. Subsequently,
a use after free AIGABRT can occur in a race condition.
SafetyNet logging is not added to avoid log spamming. The
mutex lock is called to setup for decryption, which is
called frequently.
The crash was reproduced on the device before the fix.
Verified the test passes after the fix.
Test: sts
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176495665#testPocBug_176495665
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-176495665_sts64
Bug: 176495665
Bug: 176444161
Change-Id: If62b73a9c636048f942a2fc63a13b5bfd1e57b86
The sc-dev branch on Android is out of sync with several important
changes on the CDM master branch. This changes copies several CLs.
[ Merge of http://go/wvgerrit/104524 ]
OEMCrypto unittest: generic crypto APIs
Add unit tests to verify that generic crypto APIs do not crash for large
input buffer lengths and signature lengths.
[ Merge of http://go/wvgerrit/106583 ]
Fix secure buffer tests in OEMCrypto testbed
The secure buffers were not being used correctly in the testbed, and
were failing OEMCryptoMemoryCopyBufferForHugeBufferLengths.
[ Merge of http://go/wvgerrit/109603 ]
Reject block_offsets of 16 or greater in OEC Ref
This is a potential security hole. We will be enforcing that OEMCrypto
rejects this in an upcoming test, so the Ref must be updated to reject
it.
[ Merge of http://go/wvgerrit/110165 ]
Fix Format String Signedness
See above for full description.
[ Merge of http://go/wvgerrit/111784 ]
Fix heap overflow test in L3 and OEMCrypto ref
Check the length of wrapped_rsa_key_length before casting to
WrappedRSAKey struct.
[ Merge of http://go/wvgerrit/113563 ]
Reword "blacklisted" to "forbidden"
[ Merge of http://go/wvgerrit/113583 ]
Use error code from RAND_bytes
The return code from RAND_bytes was not used correctly.
[ Merge of http://go/wvgerrit/113644 ]
Check for buffer overflow when computing subsample size
The test DecryptCENCForNumBytesClearPlusEncryptedOverflowsSize
cleverly picks num_bytes_clear + num_bytes_encrypted = 1 after integer
overflow. This is in the refernce code, level 3, and odkitee.
[ Merge of http://go/wvgerrit/113683 ]
OEMCrypto reference code: respect analog flags for clear buffers
The reference code should honor the analog_display_active flag for
both clear and secure buffers.
[ Merge of http://go/wvgerrit/114883 ]
Add size check for IV in OEMCrypto APIs
IV is supposed to be 16 bytes but the size is never checked before iv
gets used in LoadProvisioning.
Bug: 145026457
Bug: 147569428
Bug: 159847851
Bug: 162372059
Bug: 169278035
Bug: 169980065
Bug: 173460694
Bug: 173994023
Bug: 174523584
Bug: 175001473
Bug: 175041667
Test: No compiled files changed
Change-Id: If0ccd1cd3a56f72eedd2a6cb202a34bc7b43ca0d
[ Merge of http://go/wvgerrit/115549 ]
Our WV CRC-32 implementation is for CRC-32/MPEG-2 (rather than the
documented CRC-32-IEEE). The OEMCrypto document has been updated to
reflect the reference implementation.
Test: oemcrypto_partner_tests
Bug: 135283522
Change-Id: Iea8fc4ec500aec96bdb27102c51dfcca77d7bffb
[ Merge of http://go/wvgerrit/115548 ]
Create a small set of unittests to verify the functionality of OEM
Certificate.
This adds a test OEM Public Certificate and OEM Private Key.
Bug: 135283522
Test: oemcrypto_unittests
Change-Id: Iaa634543d9cb5005d91f1e7c528bf05b2b0c4d68
