There is a potential integer overflow to bypass the
destination base size check in decrypt. The destPtr
can then point to the outside of the destination buffer.
Test: sts-tradefed
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176444622#testPocBug_176444622
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-17644462264
Bug: 176444622
Bug: 176496353
Change-Id: Id3aece61d46d548c304782d4e1dc3a4747795c01
[ Merge of http://go/wvgerrit/110923 ]
The CDM is responsible for telling OEMCrypto the underlying DRM
private key type when loading it into a session. To do this, the
CDM must determine and store the key type of a successfully loaded
provisioning response. The type of key is available from the
DRM certificate proto that is provided in the reponse.
This change introduces a class to contain the wrapped key and
type together. To store the type, the CDM device files have been
updated to include a key type with the DRM certificate and to
store from and load to the new class.
Unittests have been updated for using the new class where the
wrapped key was used before.
Test: Linux unit tests
Bug: 140813486
Change-Id: I09249afe9c291632fb651ecd00eac697d6939ec7
(cherry picked from commit 6c457402e944079271cef488aa4699f986da6a2e)
Merged-In: I09249afe9c291632fb651ecd00eac697d6939ec7
[ Merge of http://go/wvgerrit/110824 ]
When generating a provisioning request, the CDM includes the different
certificate key types that are supported.
This change will enable the reporting of ECC certificate types if
OEMCrypto supports them.
Test: Linux unit tests and Android integration test
Bug: 140813486
Change-Id: I713ff1c469dff5c8a41461727ce63486d962575e
(cherry picked from commit 547d2f8775)
Merged-In: I713ff1c469dff5c8a41461727ce63486d962575e
[ Merge of http://go/wvgerrit/110823 ]
DrmDeviceCertificate is the CDM's reduced version of DrmCertificate
used in the backend. With the introduction of ECC, the CDM needs to
extract the signature algorithm to determine how to handle the wrapped
private key used by OEMCrypto post-provisioning.
This change brings the DrmDeviceCertificate in line with the
provisioning service's DrmCertificate message as the new source of
truth.
Bug: 140813486
Test: Compiled proto
Change-Id: I164a1c9266fb74b6cdd0ff35f1986ca032033bba
(cherry picked from commit 667c672c80)
Merged-In: I164a1c9266fb74b6cdd0ff35f1986ca032033bba
[ Merge of http://go/wvgerrit/111903 ]
CDM metrics has been updated to include the DRM key type. The CDM
session records the key type when the wrapped DRM key is successfully
loaded into an OEMCrypto session.
Now that the API refers to a general DRM key rather than an RSA key,
the timer metric for loading the DRM key has been renamed on the client
to reflect this.
Test: Metric unit tests
Bug: 140813486
Change-Id: I9069f13ac7c979cc8556e08591e1cf8f623d0a84
[ Merge of http://go/wvgerrit/110923 ]
The CDM is responsible for telling OEMCrypto the underlying DRM
private key type when loading it into a session. To do this, the
CDM must determine and store the key type of a successfully loaded
provisioning response. The type of key is available from the
DRM certificate proto that is provided in the reponse.
This change introduces a class to contain the wrapped key and
type together. To store the type, the CDM device files have been
updated to include a key type with the DRM certificate and to
store from and load to the new class.
Unittests have been updated for using the new class where the
wrapped key was used before.
Test: Linux unit tests
Bug: 140813486
Change-Id: I09249afe9c291632fb651ecd00eac697d6939ec7
Merged from http://go/wvgerrit/114903
There is a potential integer overflow to bypass the
source base size check in decrypt. The source pointer
can then point to the outside of the source buffer,
which could potentially leak arbitrary memory content
to destination pointer.
Test: sts-tradefed
sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Bug_176496160#testPocBug_176496160
Test: push to device with target_hwasan-userdebug build
adb shell /data/local/tmp/Bug-17649616064
Bug: 176496160
Bug: 176444786
Change-Id: I208e0d5d949e8ef003fcf7d6f129eab66b9b3656
[ Merge of http://go/wvgerrit/110824 ]
When generating a provisioning request, the CDM includes the different
certificate key types that are supported.
This change will enable the reporting of ECC certificate types if
OEMCrypto supports them.
Test: Linux unit tests and Android integration test
Bug: 140813486
Change-Id: I713ff1c469dff5c8a41461727ce63486d962575e
[ Merge of http://go/wvgerrit/110823 ]
DrmDeviceCertificate is the CDM's reduced version of DrmCertificate
used in the backend. With the introduction of ECC, the CDM needs to
extract the signature algorithm to determine how to handle the wrapped
private key used by OEMCrypto post-provisioning.
This change brings the DrmDeviceCertificate in line with the
provisioning service's DrmCertificate message as the new source of
truth.
Bug: 140813486
Test: Compiled proto
Change-Id: I164a1c9266fb74b6cdd0ff35f1986ca032033bba
