Issue 24: Sec_OpaqueBufferHandle_struct mutex not properly initialize… (

#25)
rdkcentral · Jan 27, 2023 · f062f75 · f062f75
1 parent 4d1dc1b
commit f062f75
Show file tree

Hide file tree

Showing 11 changed files with 86 additions and 130 deletions.
diff --git a/include/sec_security.h b/include/sec_security.h
@@ -1,5 +1,5 @@
 /**
- * Copyright 2020-2022 Comcast Cable Communications Management, LLC
+ * Copyright 2020-2023 Comcast Cable Communications Management, LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -948,9 +948,6 @@ Sec_Result SecOpaqueBuffer_Release(Sec_OpaqueBufferHandle* opaqueBufferHandle, S
 Sec_Result SecOpaqueBuffer_Copy(Sec_OpaqueBufferHandle* outOpaqueBufferHandle, SEC_SIZE out_offset,
         Sec_OpaqueBufferHandle* inOpaqueBufferHandle, SEC_SIZE in_offset, SEC_SIZE num_to_copy);
 
-Sec_Result SecOpaqueBuffer_Check(Sec_DigestAlgorithm digestAlgorithm, Sec_OpaqueBufferHandle* opaqueBufferHandle,
-        SEC_SIZE length, SEC_BYTE* expected, SEC_SIZE expectedLength);
-
 Sec_Result SecKeyExchange_GetInstance(Sec_ProcessorHandle* processorHandle, Sec_KeyExchangeAlgorithm exchangeType,
         void* exchangeParameters, Sec_KeyExchangeHandle** keyExchangeHandle);
 

diff --git a/include/sec_security_svp.h b/include/sec_security_svp.h
@@ -1,5 +1,5 @@
 /**
- * Copyright 2020 Comcast Cable Communications Management, LLC
+ * Copyright 2020-2023 Comcast Cable Communications Management, LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -45,6 +45,7 @@ typedef struct {
 
 Sec_Result SecOpaqueBuffer_CopyByIndex(Sec_OpaqueBufferHandle* outOpaqueBufferHandle,
         Sec_OpaqueBufferHandle* inOpaqueBufferHandle, SEC_CopyIndex* copyIndexArray, SEC_SIZE numOfIndexes);
+Sec_Result SecOpaqueBuffer_Create(Sec_OpaqueBufferHandle** opaqueBufferHandle, void* svp_memory, SEC_SIZE bufLength);
 sa_svp_buffer get_svp_buffer(Sec_ProcessorHandle* processorHandle, Sec_OpaqueBufferHandle* opaqueBufferHandle);
 void release_svp_buffer(Sec_ProcessorHandle* processorHandle, Sec_OpaqueBufferHandle* opaqueBufferHandle);
 

diff --git a/src/sec_adapter_cipher.c b/src/sec_adapter_cipher.c
@@ -1,5 +1,5 @@
 /**
- * Copyright 2020-2022 Comcast Cable Communications Management, LLC
+ * Copyright 2020-2023 Comcast Cable Communications Management, LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
  */
 
 #include "sec_adapter_cipher.h" // NOLINT
+#include "sa.h"
 #include "sa_cenc.h"
 #include <stdbool.h>
 
@@ -164,7 +165,7 @@ Sec_Result SecCipher_UpdateIV(Sec_CipherHandle* cipherHandle, SEC_BYTE* iv) {
     sa_status status;
     if (key_type == SEC_KEYTYPE_AES_128 || key_type == SEC_KEYTYPE_AES_256) {
         status = sa_invoke(cipherHandle->processorHandle, SA_CRYPTO_CIPHER_UPDATE_IV, cipherHandle->cipher.context, iv,
-                (size_t)SEC_AES_BLOCK_SIZE);
+                (size_t) SEC_AES_BLOCK_SIZE);
         CHECK_STATUS(status)
         return SEC_RESULT_SUCCESS;
     }
@@ -487,6 +488,12 @@ Sec_Result SecCipher_ProcessCtrWithOpaqueDataShift(Sec_CipherHandle* cipherHandl
  */
 Sec_Result SecCipher_KeyCheckOpaque(Sec_CipherHandle* cipherHandle, Sec_OpaqueBufferHandle* opaqueBufferHandle,
         SEC_SIZE checkLength, SEC_BYTE* expected) {
+
+#if (SA_SPECIFICATION_MAJOR >= 3 && \
+        ((SA_SPECIFICATION_MINOR == 1 && SA_SPECIFICATION_REVISION >= 2) || SA_SPECIFICATION_MINOR > 1))
+
+    return SEC_RESULT_UNIMPLEMENTED_FEATURE;
+#else
     if (opaqueBufferHandle == NULL) {
         SEC_LOG_ERROR("Null inputHandle");
         return SEC_RESULT_FAILURE;
@@ -515,10 +522,11 @@ Sec_Result SecCipher_KeyCheckOpaque(Sec_CipherHandle* cipherHandle, Sec_OpaqueBu
 
     const Sec_Key* key = get_key(cipherHandle->keyHandle);
     status = sa_invoke(cipherHandle->processorHandle, SA_SVP_KEY_CHECK, key->handle, &in_buffer,
-            (size_t)SEC_AES_BLOCK_SIZE, expected, (size_t)SEC_AES_BLOCK_SIZE);
+            (size_t) SEC_AES_BLOCK_SIZE, expected, (size_t) SEC_AES_BLOCK_SIZE);
 
     CHECK_STATUS(status)
     return SEC_RESULT_SUCCESS;
+#endif
 }
 
 /**
@@ -969,7 +977,7 @@ Sec_Result SecCipher_ProcessOpaqueWithMap(Sec_CipherHandle* cipherHandle, SEC_BY
     sample.out = &out_buffer;
     sample.in = &in_buffer;
 
-    sa_status status = sa_invoke(cipherHandle->processorHandle, SA_PROCESS_COMMON_ENCRYPTION, (size_t)1, &sample);
+    sa_status status = sa_invoke(cipherHandle->processorHandle, SA_PROCESS_COMMON_ENCRYPTION, (size_t) 1, &sample);
     free(subsample_lengths);
     if (status != SA_STATUS_OK) {
         SecOpaqueBuffer_Free(*opaqueBufferHandle);

diff --git a/src/sec_adapter_keyexchange.c b/src/sec_adapter_keyexchange.c
@@ -1,5 +1,5 @@
 /**
- * Copyright 2020-2022 Comcast Cable Communications Management, LLC
+ * Copyright 2020-2023 Comcast Cable Communications Management, LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -349,7 +349,7 @@ Sec_Result SecKeyExchange_ComputeSecret(Sec_KeyExchangeHandle* keyExchangeHandle
 
     sa_key shared_secret;
     sa_status status = sa_invoke(keyExchangeHandle->processorHandle, SA_KEY_EXCHANGE, &shared_secret, &rights,
-            algorithm, *keyExchangeHandle->key, public_key_bytes, (size_t)key_len, NULL);
+            algorithm, *keyExchangeHandle->key, public_key_bytes, (size_t) key_len, NULL);
     free(public_key_bytes);
     CHECK_STATUS(status)
 

diff --git a/src/sec_adapter_processor.c b/src/sec_adapter_processor.c
@@ -1,5 +1,5 @@
 /**
- * Copyright 2020-2022 Comcast Cable Communications Management, LLC
+ * Copyright 2020-2023 Comcast Cable Communications Management, LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -133,7 +133,7 @@ Sec_Result SecProcessor_GetInstance_Directories(Sec_ProcessorHandle** processorH
     }
 
     if (pthread_mutex_init(&(*processorHandle)->mutex, NULL) != 0) {
-        SEC_LOG_ERROR("Error creating app_dir");
+        SEC_LOG_ERROR("Error initializing mutex");
         SEC_FREE((*processorHandle)->app_dir);
         SEC_FREE((*processorHandle)->global_dir);
         SEC_FREE(*processorHandle);

diff --git a/src/sec_adapter_processor.h b/src/sec_adapter_processor.h
@@ -1,5 +1,5 @@
 /**
- * Copyright 2020 Comcast Cable Communications Management, LLC
+ * Copyright 2020-2023 Comcast Cable Communications Management, LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,8 +19,8 @@
 #ifndef SEC_ADAPTER_PROCESSOR_H
 #define SEC_ADAPTER_PROCESSOR_H
 
-#include "sa_types.h"
 #include "sa_ta_types.h"
+#include "sa_types.h"
 #include "sec_adapter_key.h"
 #include "sec_security.h"
 #include "sec_security_store.h"

diff --git a/src/sec_adapter_signature.c b/src/sec_adapter_signature.c
@@ -1,5 +1,5 @@
 /**
- * Copyright 2020-2022 Comcast Cable Communications Management, LLC
+ * Copyright 2020-2023 Comcast Cable Communications Management, LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -145,10 +145,10 @@ Sec_Result SecSignature_Process(Sec_SignatureHandle* signatureHandle, SEC_BYTE*
         const Sec_Key* key = get_key(signatureHandle->keyHandle);
         // Get the out_length since it is not given to us.
         sa_status status = sa_invoke(signatureHandle->processorHandle, SA_CRYPTO_SIGN, NULL, &out_length,
-                signature_algorithm, key->handle, input, (size_t)inputSize, parameters);
+                signature_algorithm, key->handle, input, (size_t) inputSize, parameters);
         CHECK_STATUS(status)
         status = sa_invoke(signatureHandle->processorHandle, SA_CRYPTO_SIGN, signature, &out_length,
-                signature_algorithm, key->handle, input, (size_t)inputSize, parameters);
+                signature_algorithm, key->handle, input, (size_t) inputSize, parameters);
         CHECK_STATUS(status)
         *signatureSize = out_length;
     } else {

diff --git a/src/sec_adapter_svp.c b/src/sec_adapter_svp.c
@@ -1,5 +1,5 @@
 /**
- * Copyright 2020-2021 Comcast Cable Communications Management, LLC
+ * Copyright 2020-2023 Comcast Cable Communications Management, LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -61,7 +61,7 @@ sa_svp_buffer get_svp_buffer(Sec_ProcessorHandle* processorHandle, Sec_OpaqueBuf
             (opaque_buffer_handle_entry*) calloc(1, sizeof(opaque_buffer_handle_entry));
     opaque_buffer_handle->opaqueBufferHandle = opaqueBufferHandle;
     opaque_buffer_handle->next = processorHandle->opaque_buffer_handle;
-    processorHandle->opaque_buffer_handle =  opaque_buffer_handle;
+    processorHandle->opaque_buffer_handle = opaque_buffer_handle;
     pthread_mutex_unlock(&processorHandle->mutex);
 
     return next_processor_buffer->svp_buffer;
@@ -123,33 +123,62 @@ Sec_Result Sec_OpaqueBufferMalloc(SEC_SIZE bufLength, void** handle, void* param
     return SecOpaqueBuffer_Malloc(bufLength, (Sec_OpaqueBufferHandle**) handle);
 }
 
-Sec_Result SecOpaqueBuffer_Malloc(SEC_SIZE bufLength, Sec_OpaqueBufferHandle** opaqueBufferHandle) {
-    if (bufLength == 0) {
-        SEC_LOG_ERROR("Argument `length' has value of 0");
-        return SEC_RESULT_FAILURE;
-    }
+Sec_Result SecOpaqueBuffer_Create(Sec_OpaqueBufferHandle** opaqueBufferHandle, void* svp_memory, SEC_SIZE bufLength) {
     if (opaqueBufferHandle == NULL) {
         SEC_LOG_ERROR("Argument `opaqueBufferHandle' has value of null");
         return SEC_RESULT_FAILURE;
     }
 
+    if (svp_memory == NULL) {
+        SEC_LOG_ERROR("Argument `svp_memory' has value of null");
+        return SEC_RESULT_FAILURE;
+    }
+
     *opaqueBufferHandle = (Sec_OpaqueBufferHandle*) calloc(1, sizeof(Sec_OpaqueBufferHandle));
     if (*opaqueBufferHandle == NULL) {
         SEC_LOG_ERROR("calloc failed");
         return SEC_RESULT_FAILURE;
     }
 
-    sa_status status = sa_svp_memory_alloc(&(*opaqueBufferHandle)->svp_memory, bufLength);
-    if (status != SA_STATUS_OK) {
-        SEC_LOG_ERROR("sa_svp_memory_alloc failed");
+    if (pthread_mutex_init(&(*opaqueBufferHandle)->mutex, NULL) != 0) {
+        SEC_LOG_ERROR("Error initializing mutex");
         free(*opaqueBufferHandle);
-        CHECK_STATUS(status)
+        return SEC_RESULT_FAILURE;
     }
 
+    (*opaqueBufferHandle)->svp_memory = svp_memory;
     (*opaqueBufferHandle)->size = bufLength;
     return SEC_RESULT_SUCCESS;
 }
 
+Sec_Result SecOpaqueBuffer_Malloc(SEC_SIZE bufLength, Sec_OpaqueBufferHandle** opaqueBufferHandle) {
+    if (bufLength == 0) {
+        SEC_LOG_ERROR("Argument `bufLength' has value of 0");
+        return SEC_RESULT_FAILURE;
+    }
+
+    if (opaqueBufferHandle == NULL) {
+        SEC_LOG_ERROR("Argument `opaqueBufferHandle' has value of null");
+        return SEC_RESULT_FAILURE;
+    }
+
+    void* svp_memory = NULL;
+    sa_status status = sa_svp_memory_alloc(&svp_memory, bufLength);
+    if (status != SA_STATUS_OK) {
+        SEC_LOG_ERROR("sa_svp_memory_alloc failed");
+        CHECK_STATUS(status)
+    }
+
+    Sec_Result result = SecOpaqueBuffer_Create(opaqueBufferHandle, svp_memory, bufLength);
+    if (result != SEC_RESULT_SUCCESS) {
+        SEC_LOG_ERROR("SecOpaqueBuffer_Create failed");
+        sa_svp_memory_free(svp_memory);
+        return result;
+    }
+
+    return result;
+}
+
 Sec_Result Sec_OpaqueBufferWrite(Sec_OpaqueBufferHandle* opaqueBufferHandle, SEC_SIZE offset, void* data,
         SEC_SIZE length) {
     return SecOpaqueBuffer_Write(opaqueBufferHandle, offset, data, length);
@@ -205,6 +234,7 @@ Sec_Result SecOpaqueBuffer_Free(Sec_OpaqueBufferHandle* opaqueBufferHandle) {
             release_svp_buffer(opaqueBufferHandle->handles->processorHandle, opaqueBufferHandle);
 
         sa_svp_memory_free(opaqueBufferHandle->svp_memory);
+        pthread_mutex_destroy(&opaqueBufferHandle->mutex);
         SEC_FREE(opaqueBufferHandle);
     }
 
@@ -269,66 +299,6 @@ Sec_Result SecOpaqueBuffer_Release(Sec_OpaqueBufferHandle* opaqueBufferHandle, S
     return SEC_RESULT_SUCCESS;
 }
 
-Sec_Result SecOpaqueBuffer_Check(Sec_DigestAlgorithm digestAlgorithm, Sec_OpaqueBufferHandle* opaqueBufferHandle,
-        SEC_SIZE length, SEC_BYTE* expected, SEC_SIZE expectedLength) {
-    if (opaqueBufferHandle == NULL) {
-        SEC_LOG_ERROR("Null pointer arg encountered");
-        return SEC_RESULT_FAILURE;
-    }
-
-    if (expected == NULL) {
-        SEC_LOG_ERROR("Null pointer arg encountered");
-        return SEC_RESULT_FAILURE;
-    }
-
-    sa_digest_algorithm algorithm;
-    switch (digestAlgorithm) {
-        case SEC_DIGESTALGORITHM_SHA1:
-            algorithm = SA_DIGEST_ALGORITHM_SHA1;
-            break;
-
-        case SEC_DIGESTALGORITHM_SHA256:
-            algorithm = SA_DIGEST_ALGORITHM_SHA256;
-            break;
-
-        default:
-            return SEC_RESULT_INVALID_PARAMETERS;
-    }
-
-    if (opaqueBufferHandle->handles != NULL) {
-        sa_status status = sa_invoke(opaqueBufferHandle->handles->processorHandle, SA_SVP_BUFFER_CHECK,
-                opaqueBufferHandle->handles->svp_buffer, (size_t) 0, (size_t) length, algorithm, expected,
-                (size_t) expectedLength);
-
-        // Ignore the result if not supported or allowed.
-        if (status == SA_STATUS_OPERATION_NOT_SUPPORTED || status == SA_STATUS_OPERATION_NOT_ALLOWED)
-            return SEC_RESULT_SUCCESS;
-
-        CHECK_STATUS(status)
-    } else {
-        sa_svp_buffer svp_buffer;
-        if (sa_svp_buffer_create(&svp_buffer, opaqueBufferHandle->svp_memory,
-                    opaqueBufferHandle->size) != SA_STATUS_OK) {
-            SEC_LOG_ERROR("sa_svp_buffer_create failed");
-            return SEC_RESULT_FAILURE;
-        }
-
-        sa_status status = sa_svp_buffer_check(svp_buffer, (size_t) 0, (size_t) length, algorithm, expected,
-                (size_t) expectedLength);
-        void* svp_memory;
-        size_t svp_size;
-        sa_svp_buffer_release(&svp_memory, &svp_size, svp_buffer);
-
-        // Ignore the result if not supported or allowed.
-        if (status == SA_STATUS_OPERATION_NOT_SUPPORTED || status == SA_STATUS_OPERATION_NOT_ALLOWED)
-            return SEC_RESULT_SUCCESS;
-
-        CHECK_STATUS(status)
-    }
-
-    return SEC_RESULT_SUCCESS;
-}
-
 /**
  * @brief Checks secure boot configuration to verify that Secure Boot is enabled.
  */

diff --git a/test/main/cpp/cipher.cpp b/test/main/cpp/cipher.cpp
@@ -1,5 +1,5 @@
 /**
- * Copyright 2020-2022 Comcast Cable Communications Management, LLC
+ * Copyright 2020-2023 Comcast Cable Communications Management, LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -1234,10 +1234,6 @@ Sec_Result testProcessOpaqueWithMap(SEC_OBJECTID id, TestKey key, TestKc kc, Sec
         return result;
     }
 
-    //check if results match
-    auto expected = digestOpenSSL(SEC_DIGESTALGORITHM_SHA256, clear);
-    result = SecOpaqueBuffer_Check(SEC_DIGESTALGORITHM_SHA256, opaqueBufferHandle, clear.size(), expected.data(),
-            expected.size());
     delete[] map;
     SecOpaqueBuffer_Free(opaqueBufferHandle);
     return result;
@@ -1329,10 +1325,6 @@ Sec_Result testProcessOpaqueWithMapVariable(SEC_OBJECTID id, TestKey key, TestKc
         return result;
     }
 
-    //check if results match
-    auto expected = digestOpenSSL(SEC_DIGESTALGORITHM_SHA256, clear);
-    result = SecOpaqueBuffer_Check(SEC_DIGESTALGORITHM_SHA256, opaqueBufferHandle, clear.size(), expected.data(),
-            expected.size());
     delete[] map;
     SecOpaqueBuffer_Free(opaqueBufferHandle);
     return result;

diff --git a/test/main/cpp/keyctrl.cpp b/test/main/cpp/keyctrl.cpp
@@ -1,5 +1,5 @@
 /**
- * Copyright 2020-2022 Comcast Cable Communications Management, LLC
+ * Copyright 2020-2023 Comcast Cable Communications Management, LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@
 
 #include "keyctrl.h" // NOLINT
 #include "jtype.h"
+#include "sa.h"
 #include "sec_security_comcastids.h"
 #include "sec_security_utils.h"
 #include "sign.h"
@@ -1611,6 +1612,10 @@ do {
 }
 
 Sec_Result testKeyCtrlSvpCheckOpaque(int version, const char* alg, TestKey contentKey) {
+#if (SA_SPECIFICATION_MAJOR >= 3 && \
+        ((SA_SPECIFICATION_MINOR == 1 && SA_SPECIFICATION_REVISION >= 2) || SA_SPECIFICATION_MINOR > 1))
+    return SEC_RESULT_SUCCESS;
+#else
     TestCtx ctx;
     Sec_Result result = SEC_RESULT_FAILURE;
     SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM];
@@ -1701,6 +1706,7 @@ Sec_Result testKeyCtrlSvpCheckOpaque(int version, const char* alg, TestKey conte
         SecKey_Release(keyHandle);
 
     return result;
+#endif
 }
 
 /* Only Opaque buffers can be used when SVP is required */