From 272e60db27304219c0dbd370f45469840a118916 Mon Sep 17 00:00:00 2001 From: Rahul Frias Date: Wed, 30 Jan 2019 02:15:52 -0800 Subject: [PATCH] Add recoverable errors [ Merge of http://go/wvgerrit/71326 ] Nonce flood, frame size, session and system invalidation errors will now bubble up to the app. OEMCrypto v15 returns OEMCrypto_ERROR_BUFFER_TOO_LARGE, OEMCrypto_ERROR_SESSION_LOST_STATE, OEMCrypto_ERROR_SYSTEM_INVALIDATED and a variety of nonce errors. These will be reported to HIDL as OUTPUT_TOO_LARGE_ERROR, ERROR_DRM_SESSION_LOST_STATE, ERROR_DRM_INVALID_STATE and ERROR_DRM_RESOURCE_CONTENTION. Bug: 120572706 Test: Unit/Integration tests Change-Id: Ida177300046327ce81592a273028ef6c3a0d9fd9 --- .../core/include/certificate_provisioning.h | 6 +- .../cdm/core/include/content_key_session.h | 6 +- .../cdm/core/include/crypto_session.h | 109 +-- libwvdrmengine/cdm/core/include/key_session.h | 7 +- .../cdm/core/include/wv_cdm_types.h | 39 +- libwvdrmengine/cdm/core/src/cdm_engine.cpp | 59 +- libwvdrmengine/cdm/core/src/cdm_session.cpp | 15 +- .../cdm/core/src/certificate_provisioning.cpp | 47 +- .../cdm/core/src/client_identification.cpp | 13 +- .../cdm/core/src/content_key_session.cpp | 14 +- .../cdm/core/src/crypto_session.cpp | 815 ++++++++++-------- libwvdrmengine/cdm/core/src/license.cpp | 71 +- libwvdrmengine/cdm/core/src/policy_engine.cpp | 4 +- .../cdm/core/src/service_certificate.cpp | 24 +- .../cdm/core/test/cdm_session_unittest.cpp | 12 +- .../cdm/core/test/crypto_session_unittest.cpp | 2 +- .../cdm/core/test/license_unittest.cpp | 20 +- .../policy_engine_constraints_unittest.cpp | 23 +- .../cdm/core/test/policy_engine_unittest.cpp | 107 +-- libwvdrmengine/cdm/core/test/test_base.cpp | 10 +- libwvdrmengine/cdm/core/test/test_base.h | 2 +- .../cdm/core/test/test_printers.cpp | 103 ++- .../cdm/metrics/include/metrics_collections.h | 7 +- .../test/metrics_collections_unittest.cpp | 16 +- .../cdm/test/request_license_test.cpp | 2 +- libwvdrmengine/include/mapErrors-inl.h | 39 +- libwvdrmengine/include_hidl/mapErrors-inl.h | 53 +- 27 files changed, 977 insertions(+), 648 deletions(-) diff --git a/libwvdrmengine/cdm/core/include/certificate_provisioning.h b/libwvdrmengine/cdm/core/include/certificate_provisioning.h index b0aeaef6..d97256b4 100644 --- a/libwvdrmengine/cdm/core/include/certificate_provisioning.h +++ b/libwvdrmengine/cdm/core/include/certificate_provisioning.h @@ -47,8 +47,10 @@ class CertificateProvisioning { std::string* cert, std::string* wrapped_key); private: - bool SetSpoidParameter(const std::string& origin, const std::string& spoid, - video_widevine::ProvisioningRequest* request); + CdmResponseType SetSpoidParameter( + const std::string& origin, + const std::string& spoid, + video_widevine::ProvisioningRequest* request); video_widevine::SignedProvisioningMessage::ProtocolVersion GetProtocolVersion(); diff --git a/libwvdrmengine/cdm/core/include/content_key_session.h b/libwvdrmengine/cdm/core/include/content_key_session.h index 3a2e75cc..fc3f3570 100644 --- a/libwvdrmengine/cdm/core/include/content_key_session.h +++ b/libwvdrmengine/cdm/core/include/content_key_session.h @@ -23,11 +23,11 @@ class ContentKeySession : public KeySession { KeySessionType Type() override { return kDefault; } // Generate Derived Keys for ContentKeySession - bool GenerateDerivedKeys(const std::string& message) override; + OEMCryptoResult GenerateDerivedKeys(const std::string& message) override; // Generate Derived Keys (from session key) for ContentKeySession - bool GenerateDerivedKeys(const std::string& message, - const std::string& session_key) override; + OEMCryptoResult GenerateDerivedKeys(const std::string& message, + const std::string& session_key) override; // Load Keys for ContentKeySession OEMCryptoResult LoadKeys(const std::string& message, diff --git a/libwvdrmengine/cdm/core/include/crypto_session.h b/libwvdrmengine/cdm/core/include/crypto_session.h index 27e36f05..a3769473 100644 --- a/libwvdrmengine/cdm/core/include/crypto_session.h +++ b/libwvdrmengine/cdm/core/include/crypto_session.h @@ -63,7 +63,7 @@ class CryptoSession { virtual ~CryptoSession(); - virtual bool GetProvisioningToken(std::string* client_token); + virtual CdmResponseType GetProvisioningToken(std::string* client_token); virtual CdmClientTokenType GetPreProvisionTokenType() { return pre_provision_token_type_; } @@ -75,10 +75,10 @@ class CryptoSession { virtual bool GetApiVersion(uint32_t* version); virtual bool GetApiVersion(SecurityLevel requested_level, uint32_t* version); - virtual bool GetInternalDeviceUniqueId(std::string* device_id); - virtual bool GetExternalDeviceUniqueId(std::string* device_id); + virtual CdmResponseType GetInternalDeviceUniqueId(std::string* device_id); + virtual CdmResponseType GetExternalDeviceUniqueId(std::string* device_id); virtual bool GetSystemId(uint32_t* system_id); - virtual bool GetProvisioningId(std::string* provisioning_id); + virtual CdmResponseType GetProvisioningId(std::string* provisioning_id); virtual uint8_t GetSecurityPatchLevel(); virtual CdmResponseType Open() { return Open(kLevelDefault); } @@ -90,10 +90,11 @@ class CryptoSession { // Key request/response virtual const std::string& request_id() { return request_id_; } - virtual bool PrepareRequest(const std::string& key_deriv_message, - bool is_provisioning, std::string* signature); - virtual bool PrepareRenewalRequest(const std::string& message, - std::string* signature); + virtual CdmResponseType PrepareRequest(const std::string& key_deriv_message, + bool is_provisioning, + std::string* signature); + virtual CdmResponseType PrepareRenewalRequest(const std::string& message, + std::string* signature); virtual CdmResponseType LoadKeys( const std::string& message, const std::string& signature, const std::string& mac_key_iv, const std::string& mac_key, @@ -103,21 +104,23 @@ class CryptoSession { CdmLicenseKeyType key_type); virtual CdmResponseType LoadEntitledContentKeys( const std::vector& key_array); - virtual bool LoadCertificatePrivateKey(std::string& wrapped_key); - virtual bool RefreshKeys(const std::string& message, - const std::string& signature, int num_keys, - const CryptoKey* key_array); - virtual bool GenerateNonce(uint32_t* nonce); - virtual bool GenerateDerivedKeys(const std::string& message); - virtual bool GenerateDerivedKeys(const std::string& message, - const std::string& session_key); - virtual bool RewrapCertificate(const std::string& signed_message, - const std::string& signature, - const std::string& nonce, - const std::string& private_key, - const std::string& iv, - const std::string& wrapping_key, - std::string* wrapped_private_key); + virtual CdmResponseType LoadCertificatePrivateKey(std::string& wrapped_key); + virtual CdmResponseType RefreshKeys(const std::string& message, + const std::string& signature, + int num_keys, + const CryptoKey* key_array); + virtual CdmResponseType GenerateNonce(uint32_t* nonce); + virtual CdmResponseType GenerateDerivedKeys(const std::string& message); + virtual CdmResponseType GenerateDerivedKeys(const std::string& message, + const std::string& session_key); + virtual CdmResponseType RewrapCertificate( + const std::string& signed_message, + const std::string& signature, + const std::string& nonce, + const std::string& private_key, + const std::string& iv, + const std::string& wrapping_key, + std::string* wrapped_private_key); // Media data path virtual CdmResponseType Decrypt(const CdmDecryptionParameters& params); @@ -151,25 +154,25 @@ class CryptoSession { // The overloaded methods with |security_level| may be called without a // preceding call to Open. The other methods must call Open first. - virtual bool GetHdcpCapabilities(HdcpCapability* current, - HdcpCapability* max); - virtual bool GetHdcpCapabilities(SecurityLevel security_level, - HdcpCapability* current, - HdcpCapability* max); + virtual CdmResponseType GetHdcpCapabilities(HdcpCapability* current, + HdcpCapability* max); + virtual CdmResponseType GetHdcpCapabilities(SecurityLevel security_level, + HdcpCapability* current, + HdcpCapability* max); virtual bool GetResourceRatingTier(uint32_t* tier); virtual bool GetResourceRatingTier(SecurityLevel security_level, uint32_t* tier); virtual bool GetSupportedCertificateTypes(SupportedCertificateTypes* support); - virtual bool GetRandom(size_t data_length, uint8_t* random_data); - virtual bool GetNumberOfOpenSessions(SecurityLevel security_level, - size_t* count); - virtual bool GetMaxNumberOfSessions(SecurityLevel security_level, - size_t* max); + virtual CdmResponseType GetRandom(size_t data_length, uint8_t* random_data); + virtual CdmResponseType GetNumberOfOpenSessions(SecurityLevel security_level, + size_t* count); + virtual CdmResponseType GetMaxNumberOfSessions(SecurityLevel security_level, + size_t* max); - virtual bool GetSrmVersion(uint16_t* srm_version); + virtual CdmResponseType GetSrmVersion(uint16_t* srm_version); virtual bool IsSrmUpdateSupported(); - virtual bool LoadSrm(const std::string& srm); + virtual CdmResponseType LoadSrm(const std::string& srm); virtual bool GetBuildInformation(SecurityLevel security_level, std::string* info); @@ -259,29 +262,31 @@ class CryptoSession { void Init(); void Terminate(); - bool GetTokenFromKeybox(std::string* token); - bool GetTokenFromOemCert(std::string* token); + CdmResponseType GetTokenFromKeybox(std::string* token); + CdmResponseType GetTokenFromOemCert(std::string* token); static bool ExtractSystemIdFromOemCert(const std::string& oem_cert, uint32_t* system_id); - bool GetSystemIdInternal(uint32_t* system_id); - bool GenerateSignature(const std::string& message, std::string* signature); - bool GenerateRsaSignature(const std::string& message, std::string* signature); + CdmResponseType GetSystemIdInternal(uint32_t* system_id); + CdmResponseType GenerateSignature( + const std::string& message, std::string* signature); + CdmResponseType GenerateRsaSignature(const std::string& message, + std::string* signature); bool SetDestinationBufferType(); - bool RewrapDeviceRSAKey(const std::string& message, - const std::string& signature, - const std::string& nonce, - const std::string& enc_rsa_key, - const std::string& rsa_key_iv, - std::string* wrapped_rsa_key); + CdmResponseType RewrapDeviceRSAKey(const std::string& message, + const std::string& signature, + const std::string& nonce, + const std::string& enc_rsa_key, + const std::string& rsa_key_iv, + std::string* wrapped_rsa_key); - bool RewrapDeviceRSAKey30(const std::string& message, - const std::string& nonce, - const std::string& private_key, - const std::string& iv, - const std::string& wrapping_key, - std::string* wrapped_private_key); + CdmResponseType RewrapDeviceRSAKey30(const std::string& message, + const std::string& nonce, + const std::string& private_key, + const std::string& iv, + const std::string& wrapping_key, + std::string* wrapped_private_key); CdmResponseType SelectKey(const std::string& key_id, CdmCipherMode cipher_mode); diff --git a/libwvdrmengine/cdm/core/include/key_session.h b/libwvdrmengine/cdm/core/include/key_session.h index 7c119b85..84744210 100644 --- a/libwvdrmengine/cdm/core/include/key_session.h +++ b/libwvdrmengine/cdm/core/include/key_session.h @@ -23,9 +23,10 @@ class KeySession { typedef enum { kDefault, kEntitlement } KeySessionType; virtual ~KeySession() {} virtual KeySessionType Type() = 0; - virtual bool GenerateDerivedKeys(const std::string& message) = 0; - virtual bool GenerateDerivedKeys(const std::string& message, - const std::string& session_key) = 0; + virtual OEMCryptoResult GenerateDerivedKeys(const std::string& message) = 0; + virtual OEMCryptoResult GenerateDerivedKeys( + const std::string& message, + const std::string& session_key) = 0; virtual OEMCryptoResult LoadKeys(const std::string& message, const std::string& signature, const std::string& mac_key_iv, diff --git a/libwvdrmengine/cdm/core/include/wv_cdm_types.h b/libwvdrmengine/cdm/core/include/wv_cdm_types.h index 2a6dbeb1..066cadbe 100644 --- a/libwvdrmengine/cdm/core/include/wv_cdm_types.h +++ b/libwvdrmengine/cdm/core/include/wv_cdm_types.h @@ -59,11 +59,11 @@ enum CdmResponseType { INSUFFICIENT_CRYPTO_RESOURCES = 9, ADD_KEY_ERROR = 10, CERT_PROVISIONING_GET_KEYBOX_ERROR_1 = 11, - CERT_PROVISIONING_GET_KEYBOX_ERROR_2 = 12, + /* previously CERT_PROVISIONING_GET_KEYBOX_ERROR_2 = 12 */ CERT_PROVISIONING_INVALID_CERT_TYPE = 13, CERT_PROVISIONING_REQUEST_ERROR_1 = 14, CERT_PROVISIONING_NONCE_GENERATION_ERROR = 15, - CERT_PROVISIONING_REQUEST_ERROR_3 = 16, + /* previously CERT_PROVISIONING_REQUEST_ERROR_3 = 16 */ CERT_PROVISIONING_REQUEST_ERROR_4 = 17, CERT_PROVISIONING_RESPONSE_ERROR_1 = 18, CERT_PROVISIONING_RESPONSE_ERROR_2 = 19, @@ -158,7 +158,7 @@ enum CdmResponseType { RELEASE_USAGE_INFO_ERROR = 108, RENEW_KEY_ERROR_1 = 109, RENEW_KEY_ERROR_2 = 110, - LICENSE_RENEWAL_SIGNING_ERROR = 111, + /* previously LICENSE_RENEWAL_SIGNING_ERROR = 111 */ /* previously RESTORE_OFFLINE_LICENSE_ERROR_1 = 112 */ RESTORE_OFFLINE_LICENSE_ERROR_2 = 113, NOT_INITIALIZED_ERROR = 114, /* prior to pi, SESSION_INIT_ERROR_1 = 114 */ @@ -211,7 +211,7 @@ enum CdmResponseType { PREPARE_WEBM_CONTENT_ID_FAILED = 160, UNSUPPORTED_INIT_DATA_FORMAT = 161, LICENSE_REQUEST_NONCE_GENERATION_ERROR = 162, - LICENSE_REQUEST_SIGNING_ERROR = 163, + /* previously LICENSE_REQUEST_SIGNING_ERROR = 163, */ EMPTY_LICENSE_REQUEST = 164, SECURE_BUFFER_REQUIRED = 165, DUPLICATE_SESSION_ID_SPECIFIED = 166, @@ -257,7 +257,7 @@ enum CdmResponseType { INVALID_PARAMETERS_ENG_16 = 206, /* previously DEVICE_CERTIFICATE_ERROR_5 = 207 */ CLIENT_IDENTIFICATION_TOKEN_ERROR_1 = 208, - CLIENT_IDENTIFICATION_TOKEN_ERROR_2 = 209, + /* previously CLIENT_IDENTIFICATION_TOKEN_ERROR_2 = 209 */ /* previously LICENSING_CLIENT_TOKEN_ERROR_1 = 210 */ ANALOG_OUTPUT_ERROR = 211, UNKNOWN_SELECT_KEY_ERROR_1 = 212, @@ -366,6 +366,35 @@ enum CdmResponseType { REMOVE_OFFLINE_LICENSE_ERROR_1 = 315, REMOVE_OFFLINE_LICENSE_ERROR_2 = 316, SESSION_NOT_FOUND_21 = 317, + OUTPUT_TOO_LARGE_ERROR = 318, + SESSION_LOST_STATE_ERROR = 319, + GENERATE_DERIVED_KEYS_ERROR_2 = 320, + LOAD_DEVICE_RSA_KEY_ERROR = 321, + NONCE_GENERATION_ERROR = 322, + GENERATE_SIGNATURE_ERROR = 323, + UNKNOWN_CLIENT_TOKEN_TYPE = 324, + DEACTIVATE_USAGE_ENTRY_ERROR = 325, + SERVICE_CERTIFICATE_PROVIDER_ID_EMPTY = 326, + SYSTEM_INVALIDATED_ERROR = 327, + OPEN_CRYPTO_SESSION_ERROR = 328, + LOAD_SRM_ERROR = 329, + RANDOM_GENERATION_ERROR = 330, + CRYPTO_SESSION_NOT_INITIALIZED = 331, + GET_DEVICE_ID_ERROR = 332, + GET_TOKEN_FROM_OEM_CERT_ERROR = 333, + CRYPTO_SESSION_NOT_OPEN = 334, + GET_TOKEN_FROM_KEYBOX_ERROR = 335, + KEYBOX_TOKEN_TOO_SHORT = 336, + EXTRACT_SYSTEM_ID_FROM_OEM_CERT_ERROR = 337, + RSA_SIGNATURE_GENERATION_ERROR = 338, + GET_HDCP_CAPABILITY_FAILED = 339, + GET_NUMBER_OF_OPEN_SESSIONS_ERROR = 340, + GET_MAX_NUMBER_OF_OPEN_SESSIONS_ERROR = 341, + NOT_IMPLEMENTED_ERROR = 342, + GET_SRM_VERSION_ERROR = 343, + REWRAP_DEVICE_RSA_KEY_ERROR = 344, + REWRAP_DEVICE_RSA_KEY_30_ERROR = 345, + INVALID_SRM_LIST = 346, // Don't forget to add new values to ../test/test_printers.cpp. }; diff --git a/libwvdrmengine/cdm/core/src/cdm_engine.cpp b/libwvdrmengine/cdm/core/src/cdm_engine.cpp index 3dec9c9e..110bd223 100644 --- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp +++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp @@ -565,10 +565,12 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level, query_token == QUERY_KEY_MAX_HDCP_LEVEL) { CryptoSession::HdcpCapability current_hdcp; CryptoSession::HdcpCapability max_hdcp; - if (!crypto_session->GetHdcpCapabilities(security_level, ¤t_hdcp, - &max_hdcp)) { - LOGW("CdmEngine::QueryStatus: GetHdcpCapabilities failed"); - return UNKNOWN_ERROR; + status = crypto_session->GetHdcpCapabilities(security_level, ¤t_hdcp, + &max_hdcp); + + if (status != NO_ERROR) { + LOGW("CdmEngine::QueryStatus: GetHdcpCapabilities failed: %d", status); + return status; } *query_response = MapHdcpVersion(query_token == QUERY_KEY_CURRENT_HDCP_LEVEL ? @@ -594,20 +596,26 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level, return NO_ERROR; } else if (query_token == QUERY_KEY_NUMBER_OF_OPEN_SESSIONS) { size_t number_of_open_sessions; - if (!crypto_session->GetNumberOfOpenSessions(security_level, - &number_of_open_sessions)) { - LOGW("CdmEngine::QueryStatus: GetNumberOfOpenSessions failed"); - return UNKNOWN_ERROR; + status = crypto_session->GetNumberOfOpenSessions(security_level, + &number_of_open_sessions); + if (status != NO_ERROR) { + LOGW("CdmEngine::QueryStatus: GetNumberOfOpenSessions failed: %d", + status); + return status; } *query_response = std::to_string(number_of_open_sessions); return NO_ERROR; } else if (query_token == QUERY_KEY_MAX_NUMBER_OF_SESSIONS) { size_t maximum_number_of_sessions = 0; - if (!crypto_session->GetMaxNumberOfSessions(security_level, - &maximum_number_of_sessions)) { - LOGW("CdmEngine::QueryStatus: GetMaxNumberOfOpenSessions failed"); - return UNKNOWN_ERROR; + status = + crypto_session->GetMaxNumberOfSessions(security_level, + &maximum_number_of_sessions); + + if (status != NO_ERROR) { + LOGW("CdmEngine::QueryStatus: GetMaxNumberOfOpenSessions failed: %d", + status); + return status; } *query_response = std::to_string(maximum_number_of_sessions); @@ -623,9 +631,10 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level, return NO_ERROR; } else if (query_token == QUERY_KEY_CURRENT_SRM_VERSION) { uint16_t current_srm_version; - if (!crypto_session->GetSrmVersion(¤t_srm_version)) { - LOGW("CdmEngine::QueryStatus: GetCurrentSRMVersion failed"); - return UNKNOWN_ERROR; + status = crypto_session->GetSrmVersion(¤t_srm_version); + if (status != NO_ERROR) { + LOGW("CdmEngine::QueryStatus: GetCurrentSRMVersion failed: %d", status); + return status; } *query_response = std::to_string(current_srm_version); @@ -672,19 +681,16 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level, crypto_session_open_, status, security_level); - if (status != NO_ERROR) - return status; + + if (status != NO_ERROR) return status; // Add queries here, that need an open session before they can be answered if (query_token == QUERY_KEY_DEVICE_ID) { std::string deviceId; - bool got_id = crypto_session->GetExternalDeviceUniqueId(&deviceId); + status = crypto_session->GetExternalDeviceUniqueId(&deviceId); metrics_.GetCryptoMetrics()->crypto_session_get_device_unique_id_ - .Increment(got_id); - if (!got_id) { - LOGW("CdmEngine::QueryStatus: QUERY_KEY_DEVICE_ID unknown failure"); - return UNKNOWN_ERROR; - } + .Increment(status); + if (status != NO_ERROR) return status; *query_response = deviceId; } else if (query_token == QUERY_KEY_SYSTEM_ID) { @@ -698,9 +704,10 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level, *query_response = std::to_string(system_id); } else if (query_token == QUERY_KEY_PROVISIONING_ID) { std::string provisioning_id; - if (!crypto_session->GetProvisioningId(&provisioning_id)) { - LOGW("CdmEngine::QueryStatus: GetProvisioningId failed"); - return UNKNOWN_ERROR; + status = crypto_session->GetProvisioningId(&provisioning_id); + if (status != NO_ERROR) { + LOGW("CdmEngine::QueryStatus: GetProvisioningId failed: %d", status); + return status; } *query_response = provisioning_id; diff --git a/libwvdrmengine/cdm/core/src/cdm_session.cpp b/libwvdrmengine/cdm/core/src/cdm_session.cpp index b42ff1cd..5a6e668b 100644 --- a/libwvdrmengine/cdm/core/src/cdm_session.cpp +++ b/libwvdrmengine/cdm/core/src/cdm_session.cpp @@ -138,14 +138,20 @@ CdmResponseType CdmSession::Init(CdmClientPropertySet* cdm_client_property_set, &serial_number, NULL)) { return NEED_PROVISIONING; } - bool load_cert_sts; + CdmResponseType load_cert_sts; M_TIME( load_cert_sts = crypto_session_->LoadCertificatePrivateKey(wrapped_key), crypto_metrics_, crypto_session_load_certificate_private_key_, load_cert_sts); - if (!load_cert_sts) { - return NEED_PROVISIONING; + switch (load_cert_sts) { + case NO_ERROR: break; + case SESSION_LOST_STATE_ERROR: + case SYSTEM_INVALIDATED_ERROR: + return load_cert_sts; + default: + return NEED_PROVISIONING; } + client_token_type = kClientTokenDrmCert; // Session is provisioned with certificate needed to construct @@ -792,7 +798,8 @@ bool CdmSession::GenerateKeySetId(CdmKeySetId* key_set_id) { (kKeySetIdLength - sizeof(KEY_SET_ID_PREFIX)) / 2, 0); while (key_set_id->empty()) { - if (!crypto_session_->GetRandom(random_data.size(), &random_data[0])) { + if (crypto_session_->GetRandom(random_data.size(), &random_data[0]) + != NO_ERROR) { return false; } diff --git a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp index 300b8b0f..bf0a23bb 100644 --- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp +++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp @@ -122,13 +122,13 @@ CdmResponseType CertificateProvisioning::Init( * server for determining a unique per origin ID for the device. * It is also valid (though deprecated) to leave the settings unset. */ -bool CertificateProvisioning::SetSpoidParameter( +CdmResponseType CertificateProvisioning::SetSpoidParameter( const std::string& origin, const std::string& spoid, ProvisioningRequest* request) { if (!request) { LOGE("CertificateProvisioning::SetSpoidParameter: No request buffer " "passed to method."); - return false; + return PARAMETER_NULL; } if (!spoid.empty()) { // Use the SPOID that has been pre-provided @@ -139,19 +139,22 @@ bool CertificateProvisioning::SetSpoidParameter( } else { LOGE("CertificateProvisioning::SetSpoidParameter: Failure getting " "provider ID"); - return false; + return SERVICE_CERTIFICATE_PROVIDER_ID_EMPTY; } } else if (origin != EMPTY_ORIGIN) { // Legacy behavior - Concatenate Unique ID with Origin std::string device_unique_id; - if (!crypto_session_->GetInternalDeviceUniqueId(&device_unique_id)) { + CdmResponseType status = + crypto_session_->GetInternalDeviceUniqueId(&device_unique_id); + + if (status != NO_ERROR) { LOGE("CertificateProvisioning::SetSpoidParameter: Failure getting " "device unique ID"); - return false; + return status; } request->set_stable_id(device_unique_id + origin); } // No else clause, by design. It is valid to do nothing. - return true; + return NO_ERROR; } /* @@ -219,9 +222,12 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest( provisioning_request.clear_client_id(); uint32_t nonce; - if (!crypto_session_->GenerateNonce(&nonce)) { - LOGE("GetProvisioningRequest: fails to generate a nonce"); - return CERT_PROVISIONING_NONCE_GENERATION_ERROR; + status = crypto_session_->GenerateNonce(&nonce); + + if (status != NO_ERROR) { + LOGE("GetProvisioningRequest: fails to generate a nonce: %d", status); + return status == NONCE_GENERATION_ERROR ? + CERT_PROVISIONING_NONCE_GENERATION_ERROR : status; } // The provisioning server does not convert the nonce to uint32_t, it just @@ -247,20 +253,22 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest( cert_type_ = cert_type; options->set_certificate_authority(cert_authority); - if (!SetSpoidParameter(origin, spoid, &provisioning_request)) { - return CERT_PROVISIONING_GET_KEYBOX_ERROR_2; - } + status = SetSpoidParameter(origin, spoid, &provisioning_request); + if (status != NO_ERROR) return status; std::string serialized_message; provisioning_request.SerializeToString(&serialized_message); // Derives signing and encryption keys and constructs signature. std::string request_signature; - if (!crypto_session_->PrepareRequest(serialized_message, true, - &request_signature)) { + status = crypto_session_->PrepareRequest(serialized_message, true, + &request_signature); + + if (status != NO_ERROR) { LOGE("GetProvisioningRequest: fails to prepare request"); - return CERT_PROVISIONING_REQUEST_ERROR_3; + return status; } + if (request_signature.empty()) { LOGE("GetProvisioningRequest: request signature is empty"); return CERT_PROVISIONING_REQUEST_ERROR_4; @@ -371,11 +379,14 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse( std::string wrapped_private_key; - if (!crypto_session_->RewrapCertificate(signed_message, signature, nonce, + CdmResponseType status = + crypto_session_->RewrapCertificate(signed_message, signature, nonce, new_private_key, iv, wrapping_key, - &wrapped_private_key)) { + &wrapped_private_key); + + if (status != NO_ERROR) { LOGE("HandleProvisioningResponse: RewrapCertificate fails"); - return CERT_PROVISIONING_RESPONSE_ERROR_6; + return status; } CdmSecurityLevel security_level = crypto_session_->GetSecurityLevel(); diff --git a/libwvdrmengine/cdm/core/src/client_identification.cpp b/libwvdrmengine/cdm/core/src/client_identification.cpp index 447a276c..3dd220da 100644 --- a/libwvdrmengine/cdm/core/src/client_identification.cpp +++ b/libwvdrmengine/cdm/core/src/client_identification.cpp @@ -90,9 +90,11 @@ CdmResponseType ClientIdentification::Prepare( client_id->set_type(token_type); std::string token; - if (!crypto_session_->GetProvisioningToken(&token)) { - LOGE("ClientIdentification::Prepare: failure getting provisioning token"); - return CLIENT_IDENTIFICATION_TOKEN_ERROR_2; + CdmResponseType status = crypto_session_->GetProvisioningToken(&token); + if (status != NO_ERROR) { + LOGE("ClientIdentification::Prepare: failure getting provisioning token: " + "%d", status); + return status; } client_id->set_token(token); } @@ -172,7 +174,8 @@ CdmResponseType ClientIdentification::Prepare( if (is_license_request_) { CryptoSession::HdcpCapability current_version, max_version; - if (crypto_session_->GetHdcpCapabilities(¤t_version, &max_version)) { + if (crypto_session_->GetHdcpCapabilities(¤t_version, &max_version) == + NO_ERROR) { switch (max_version) { case HDCP_NONE: client_capabilities->set_max_hdcp_version( @@ -235,7 +238,7 @@ CdmResponseType ClientIdentification::Prepare( client_capabilities->set_can_update_srm( crypto_session_->IsSrmUpdateSupported()); uint16_t srm_version; - if (crypto_session_->GetSrmVersion(&srm_version)) + if (crypto_session_->GetSrmVersion(&srm_version) == NO_ERROR) client_capabilities->set_srm_version(srm_version); } bool can_support_output; diff --git a/libwvdrmengine/cdm/core/src/content_key_session.cpp b/libwvdrmengine/cdm/core/src/content_key_session.cpp index 3c7c8413..11431a74 100644 --- a/libwvdrmengine/cdm/core/src/content_key_session.cpp +++ b/libwvdrmengine/cdm/core/src/content_key_session.cpp @@ -11,7 +11,8 @@ namespace wvcdm { // Generate Derived Keys for ContentKeySession -bool ContentKeySession::GenerateDerivedKeys(const std::string& message) { +OEMCryptoResult ContentKeySession::GenerateDerivedKeys( + const std::string& message) { std::string mac_deriv_message; std::string enc_deriv_message; GenerateMacContext(message, &mac_deriv_message); @@ -28,15 +29,15 @@ bool ContentKeySession::GenerateDerivedKeys(const std::string& message) { metrics_, oemcrypto_generate_derived_keys_, sts); if (OEMCrypto_SUCCESS != sts) { LOGE("GenerateDerivedKeys: OEMCrypto_GenerateDerivedKeys error=%d", sts); - return false; } - return true; + return sts; } // Generate Derived Keys (from session key) for ContentKeySession -bool ContentKeySession::GenerateDerivedKeys(const std::string& message, - const std::string& session_key) { +OEMCryptoResult ContentKeySession::GenerateDerivedKeys( + const std::string& message, + const std::string& session_key) { std::string mac_deriv_message; std::string enc_deriv_message; GenerateMacContext(message, &mac_deriv_message); @@ -56,10 +57,9 @@ bool ContentKeySession::GenerateDerivedKeys(const std::string& message, if (OEMCrypto_SUCCESS != sts) { LOGE("GenerateDerivedKeys: OEMCrypto_DeriveKeysFromSessionKey err=%d", sts); - return false; } - return true; + return sts; } // Load Keys for ContentKeySession diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp index 0796359e..6b4a8c04 100644 --- a/libwvdrmengine/cdm/core/src/crypto_session.cpp +++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp @@ -72,7 +72,7 @@ void DeleteX509Stack(STACK_OF(X509)* stack) { sk_X509_pop_free(stack, X509_free); } -} +} // namespace namespace wvcdm { std::mutex CryptoSession::crypto_lock_; @@ -156,6 +156,33 @@ OEMCryptoCipherMode ToOEMCryptoCipherMode(CdmCipherMode cipher_mode) { ? OEMCrypto_CipherMode_CTR : OEMCrypto_CipherMode_CBC; } +// This maps a few common OEMCryptoResult to CdmResponseType. Many mappings +// are not universal but are OEMCrypto method specific. Those will be +// specified in the CryptoSession method rather than here. +CdmResponseType MapOEMCryptoResult( + OEMCryptoResult result, + CdmResponseType default_status, + const char* error_string) { + if (result != OEMCrypto_SUCCESS) { + LOGE("%s: error %d", error_string, result); + } + + switch (result) { + case OEMCrypto_SUCCESS: + return NO_ERROR; + case OEMCrypto_ERROR_NOT_IMPLEMENTED: + return NOT_IMPLEMENTED_ERROR; + case OEMCrypto_ERROR_TOO_MANY_SESSIONS: + return INSUFFICIENT_CRYPTO_RESOURCES; + case OEMCrypto_ERROR_SESSION_LOST_STATE: + return SESSION_LOST_STATE_ERROR; + case OEMCrypto_ERROR_SYSTEM_INVALIDATED: + return SYSTEM_INVALIDATED_ERROR; + default: + return default_status; + } +} + CryptoSession::CryptoSession(metrics::CryptoMetrics* metrics) : metrics_(metrics), system_id_(-1), @@ -258,10 +285,10 @@ void CryptoSession::Terminate() { initialized_ = false; } -bool CryptoSession::GetTokenFromKeybox(std::string* token) { - if (token == NULL) { +CdmResponseType CryptoSession::GetTokenFromKeybox(std::string* token) { + if (token == nullptr) { LOGE("CryptoSession::GetTokenFromKeybox: token not provided"); - return false; + return PARAMETER_NULL; } std::string temp_buffer(KEYBOX_KEY_DATA_SIZE, '\0'); // lock is held by caller @@ -272,23 +299,24 @@ bool CryptoSession::GetTokenFromKeybox(std::string* token) { M_TIME( status = OEMCrypto_GetKeyData(buf, &buf_size, requested_security_level_), metrics_, oemcrypto_get_key_data_, status, metrics::Pow2Bucket(buf_size)); + if (OEMCrypto_SUCCESS == status) { token->swap(temp_buffer); - return true; } - LOGE("CryptoSession::GetTokenFromKeybox : error %d.", status); - return false; + + return MapOEMCryptoResult( + status, GET_TOKEN_FROM_KEYBOX_ERROR, "GetTokenFromKeybox"); } -bool CryptoSession::GetTokenFromOemCert(std::string* token) { - if (token == NULL) { +CdmResponseType CryptoSession::GetTokenFromOemCert(std::string* token) { + if (token == nullptr) { LOGE("CryptoSession::GetTokenFromOemCert: token not provided "); - return false; + return PARAMETER_NULL; } OEMCryptoResult status; if (!oem_token_.empty()) { token->assign(oem_token_); - return true; + return NO_ERROR; } std::string temp_buffer(CERTIFICATE_DATA_SIZE, '\0'); // lock is held by caller @@ -298,44 +326,48 @@ bool CryptoSession::GetTokenFromOemCert(std::string* token) { uint8_t* buf = reinterpret_cast(&temp_buffer[0]); status = OEMCrypto_GetOEMPublicCertificate(oec_session_id_, buf, &buf_size); metrics_->oemcrypto_get_oem_public_certificate_.Increment(status); + if (OEMCrypto_SUCCESS == status) { temp_buffer.resize(buf_size); oem_token_.assign(temp_buffer); token->assign(temp_buffer); - return true; + return NO_ERROR; } + if (status == OEMCrypto_ERROR_SHORT_BUFFER && !retrying) { temp_buffer.resize(buf_size); retrying = true; continue; } - LOGE("CryptoSession::GetTokenFromOemCert : error %d.", status); - return false; + + return MapOEMCryptoResult( + status, GET_TOKEN_FROM_OEM_CERT_ERROR, "GetTokenFromOemCert"); } } -bool CryptoSession::GetProvisioningToken(std::string* token) { - if (!token) { +CdmResponseType CryptoSession::GetProvisioningToken(std::string* token) { + if (token == nullptr) { LOGE("CryptoSession::GetProvisioningToken : No token passed to method."); - metrics_->crypto_session_get_token_.Increment(false); - return false; + metrics_->crypto_session_get_token_.Increment(PARAMETER_NULL); + return PARAMETER_NULL; } LOGV("CryptoSession::GetProvisioningToken: Lock"); std::unique_lock auto_lock(crypto_lock_); if (!initialized_) { - metrics_->crypto_session_get_token_.Increment(false); - return false; + metrics_->crypto_session_get_token_.Increment( + CRYPTO_SESSION_NOT_INITIALIZED); + return CRYPTO_SESSION_NOT_INITIALIZED; } - bool result = false; + CdmResponseType status = UNKNOWN_CLIENT_TOKEN_TYPE; if (pre_provision_token_type_ == kClientTokenKeybox) { - result = GetTokenFromKeybox(token); + status = GetTokenFromKeybox(token); } else if (pre_provision_token_type_ == kClientTokenOemCert) { - result = GetTokenFromOemCert(token); + status = GetTokenFromOemCert(token); } - metrics_->crypto_session_get_token_.Increment(result); - return result; + metrics_->crypto_session_get_token_.Increment(status); + return status; } CdmSecurityLevel CryptoSession::GetSecurityLevel() { @@ -380,18 +412,20 @@ CdmSecurityLevel CryptoSession::GetSecurityLevel( return cdm_security_level; } -bool CryptoSession::GetInternalDeviceUniqueId(std::string* device_id) { - if (!device_id) { +CdmResponseType CryptoSession::GetInternalDeviceUniqueId( + std::string* device_id) { + if (device_id == nullptr) { LOGE( "CryptoSession::GetInternalDeviceUniqueId : No buffer passed to " "method."); - return false; + return PARAMETER_NULL; } LOGV("CryptoSession::GetInternalDeviceUniqueId: Lock"); std::unique_lock auto_lock(crypto_lock_); if (!initialized_) { - return false; + LOGE("CryptoSession::GetInternalDeviceUniqueId: not initialized"); + return CRYPTO_SESSION_NOT_INITIALIZED; } std::vector id; @@ -418,23 +452,25 @@ bool CryptoSession::GetInternalDeviceUniqueId(std::string* device_id) { // 3.0 would have a new device ID, which would affect SPOID calculation. // In order to resolve this, we use OEMCrypto_GetDeviceID if it is // implemented, so the OEMCrypto can continue to report the same device ID. - if (OEMCrypto_SUCCESS != sts) { - // If there is no device ID to be reported, let the call fail. - return false; + if (sts == OEMCrypto_SUCCESS) { + device_id->assign(reinterpret_cast(&id[0]), id_length); } - device_id->assign(reinterpret_cast(&id[0]), id_length); - return true; + return MapOEMCryptoResult( + sts, GET_DEVICE_ID_ERROR, "GetInternalDeviceUniqueId"); } } -bool CryptoSession::GetExternalDeviceUniqueId(std::string* device_id) { +CdmResponseType CryptoSession::GetExternalDeviceUniqueId( + std::string* device_id) { if (device_id == NULL) { LOGE("CryptoSession::GetExternalDeviceUniqueId: device_id not provided"); - return false; + return PARAMETER_NULL; } std::string temp; - if (!GetInternalDeviceUniqueId(&temp)) return false; + CdmResponseType status = GetInternalDeviceUniqueId(&temp); + + if (status != NO_ERROR) return status; size_t id_length = 0; OEMCryptoResult sts = @@ -455,7 +491,7 @@ bool CryptoSession::GetExternalDeviceUniqueId(std::string* device_id) { } *device_id = temp; - return true; + return NO_ERROR; } bool CryptoSession::GetApiVersion(uint32_t* version) { @@ -505,49 +541,50 @@ bool CryptoSession::GetSystemId(uint32_t* system_id) { // This method gets the system id from the keybox key data. // This method assumes that OEMCrypto has been initialized and that // the caller has acquired the crypto_lock_ before making this call. -bool CryptoSession::GetSystemIdInternal(uint32_t* system_id) { - if (!system_id) { +CdmResponseType CryptoSession::GetSystemIdInternal(uint32_t* system_id) { + if (system_id == nullptr) { LOGE("CryptoSession::GetSystemIdInternal: No system_id passed to method."); - return false; + return PARAMETER_NULL; } if (pre_provision_token_type_ == kClientTokenKeybox) { - uint8_t buf[KEYBOX_KEY_DATA_SIZE]; - size_t buf_size = sizeof(buf); + std::string token; + CdmResponseType status = GetTokenFromKeybox(&token); - OEMCryptoResult sts; - M_TIME( - sts = OEMCrypto_GetKeyData(buf, &buf_size, requested_security_level_), - metrics_, oemcrypto_get_key_data_, sts, metrics::Pow2Bucket(buf_size)); + if (status != NO_ERROR) return status; - if (OEMCrypto_SUCCESS != sts) { - LOGE("CryptoSession::GetSystemIdInternal: " - "OEMCrypto_GetKeyData failed with %d", sts); - return false; + if (token.size() < 2*sizeof(uint32_t)) { + LOGE("CryptoSession::GetSystemIdInternal: Keybox token too small: %d", + token.size()); + return KEYBOX_TOKEN_TOO_SHORT; } // Decode 32-bit int encoded as network-byte-order byte array starting at // index 4. - uint32_t* id = reinterpret_cast(&buf[4]); - + uint32_t* id = reinterpret_cast(&token[4]); *system_id = ntohl(*id); - return true; + return NO_ERROR; + } else if (pre_provision_token_type_ == kClientTokenOemCert) { // Get the OEM Cert std::string oem_cert; - if (GetTokenFromOemCert(&oem_cert)) { - return ExtractSystemIdFromOemCert(oem_cert, system_id); - } else { - return false; - } + CdmResponseType status = GetTokenFromOemCert(&oem_cert); + + if (status != NO_ERROR) return status; + + if (!ExtractSystemIdFromOemCert(oem_cert, system_id)) + return EXTRACT_SYSTEM_ID_FROM_OEM_CERT_ERROR; + + return NO_ERROR; + + // TODO(blueeyes): Support loading the system id from a pre-provisioned + // Drm certificate. } else if (pre_provision_token_type_ == kClientTokenDrmCert) { - // TODO(blueeyes): Support loading the system id from a pre-provisioned - // Drm certificate. - return true; + return NO_ERROR; } else { LOGE("CryptoSession::GetSystemIdInternal: " "Unsupported pre-provision token type %d", pre_provision_token_type_); - return false; + return UNKNOWN_CLIENT_TOKEN_TYPE; } } @@ -652,20 +689,17 @@ bool CryptoSession::ExtractSystemIdFromOemCert(const std::string& oem_cert, return false; } -bool CryptoSession::GetProvisioningId(std::string* provisioning_id) { - if (!provisioning_id) { +CdmResponseType CryptoSession::GetProvisioningId(std::string* provisioning_id) { + if (provisioning_id == nullptr) { LOGE("CryptoSession::GetProvisioningId : No buffer passed to method."); - return false; + return PARAMETER_NULL; } - uint8_t buf[KEYBOX_KEY_DATA_SIZE]; - size_t buf_size = sizeof(buf); - { LOGV("CryptoSession::GetProvisioningId: Lock"); std::unique_lock auto_lock(crypto_lock_); if (!initialized_) { - return false; + return CRYPTO_SESSION_NOT_INITIALIZED; } } @@ -673,27 +707,36 @@ bool CryptoSession::GetProvisioningId(std::string* provisioning_id) { // OEM Cert devices have no provisioning-unique ID embedded in them, so we // synthesize one by using the External Device-Unique ID and inverting all // the bits. - if (!GetExternalDeviceUniqueId(provisioning_id)) return false; + CdmResponseType status = GetExternalDeviceUniqueId(provisioning_id); + + if (status != NO_ERROR) return status; for (size_t i = 0; i < provisioning_id->size(); ++i) { char value = (*provisioning_id)[i]; (*provisioning_id)[i] = ~value; } - return true; - } else { - OEMCryptoResult sts; + return NO_ERROR; + } else if (pre_provision_token_type_ == kClientTokenKeybox) { LOGV("CryptoSession::GetProvisioningId: Lock"); std::unique_lock auto_lock(crypto_lock_); - M_TIME( - sts = OEMCrypto_GetKeyData(buf, &buf_size, requested_security_level_), - metrics_, oemcrypto_get_key_data_, sts, metrics::Pow2Bucket(buf_size)); - if (OEMCrypto_SUCCESS != sts) { - return false; + std::string token; + CdmResponseType status = GetTokenFromKeybox(&token); + + if (status != NO_ERROR) return status; + + if (token.size() < 24) { + LOGE("CryptoSession::GetProvisioningId: token size too small: %d", + token.size()); + return KEYBOX_TOKEN_TOO_SHORT; } - provisioning_id->assign(reinterpret_cast(&buf[8]), 16); - return true; + provisioning_id->assign(reinterpret_cast(&token[8]), 16); + return NO_ERROR; + } else { + LOGE("CryptoSession::GetProvisioningId: unsupported token type: %d", + pre_provision_token_type_); + return UNKNOWN_CLIENT_TOKEN_TYPE; } } @@ -724,23 +767,19 @@ CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) { OEMCrypto_SESSION sid; requested_security_level_ = requested_security_level; OEMCryptoResult sts = OEMCrypto_OpenSession(&sid, requested_security_level); - if (OEMCrypto_SUCCESS == sts) { - oec_session_id_ = static_cast(sid); - LOGV("OpenSession: id= %lu", oec_session_id_); - open_ = true; - } else if (OEMCrypto_ERROR_TOO_MANY_SESSIONS == sts) { + + if (sts != OEMCrypto_SUCCESS) { LOGE("OEMCrypto_Open failed: %d, open sessions: %ld, initialized: %d", sts, session_count_, (int)initialized_); - return INSUFFICIENT_CRYPTO_RESOURCES; - } - if (!open_) { - LOGE("OEMCrypto_Open failed: %d, open sessions: %ld, initialized: %d", sts, - session_count_, (int)initialized_); - return UNKNOWN_ERROR; + return MapOEMCryptoResult(sts, OPEN_CRYPTO_SESSION_ERROR, "Open"); } + oec_session_id_ = static_cast(sid); + LOGV("OpenSession: id= %lu", oec_session_id_); + open_ = true; + // Get System ID and save it. - if (GetSystemIdInternal(&system_id_)) { + if (GetSystemIdInternal(&system_id_) == NO_ERROR) { metrics_->crypto_session_system_id_.Record(system_id_); } else { LOGE("CryptoSession::Open: Failed to fetch system id."); @@ -824,45 +863,41 @@ void CryptoSession::Close() { } } -bool CryptoSession::PrepareRequest(const std::string& message, +CdmResponseType CryptoSession::PrepareRequest(const std::string& message, bool is_provisioning, std::string* signature) { LOGV("CryptoSession::PrepareRequest: Lock"); std::unique_lock auto_lock(crypto_lock_); - if (!signature) { + if (signature == nullptr) { LOGE("CryptoSession::PrepareRequest : No output destination provided."); - return false; + return PARAMETER_NULL; } if (is_provisioning && (pre_provision_token_type_ == kClientTokenKeybox)) { - if (!GenerateDerivedKeys(message)) return false; + CdmResponseType status = GenerateDerivedKeys(message); - if (!GenerateSignature(message, signature)) return false; + if (status != NO_ERROR) return status; + + return GenerateSignature(message, signature); } else { - if (!GenerateRsaSignature(message, signature)) return false; + return GenerateRsaSignature(message, signature); } - - return true; } -bool CryptoSession::PrepareRenewalRequest(const std::string& message, - std::string* signature) { +CdmResponseType CryptoSession::PrepareRenewalRequest(const std::string& message, + std::string* signature) { LOGV("CryptoSession::PrepareRenewalRequest: Lock"); std::unique_lock auto_lock(crypto_lock_); - if (!signature) { + if (signature == nullptr) { LOGE( "CryptoSession::PrepareRenewalRequest : No output destination " "provided."); - return false; + return PARAMETER_NULL; } - if (!GenerateSignature(message, signature)) { - return false; - } - - return true; + return GenerateSignature(message, signature); } CdmResponseType CryptoSession::LoadKeys( @@ -886,20 +921,29 @@ CdmResponseType CryptoSession::LoadKeys( message, signature, mac_key_iv, mac_key, keys, provider_session_token, &cipher_mode_, srm_requirement); - if (OEMCrypto_SUCCESS == sts) { - if (!provider_session_token.empty()) - update_usage_table_after_close_session_ = true; - result = KEY_ADDED; - } else if (OEMCrypto_ERROR_TOO_MANY_KEYS == sts) { + if (sts != OEMCrypto_SUCCESS) { LOGE("CryptoSession::LoadKeys: OEMCrypto_LoadKeys error=%d", sts); - result = INSUFFICIENT_CRYPTO_RESOURCES_4; - } else if (OEMCrypto_ERROR_USAGE_TABLE_UNRECOVERABLE == sts) { - // Handle vendor specific error - LOGE("CryptoSession::LoadKeys: OEMCrypto_LoadKeys error=%d", sts); - result = NEED_PROVISIONING; - } else { - LOGE("CryptoSession::LoadKeys: OEMCrypto_LoadKeys error=%d", sts); - result = LOAD_KEY_ERROR; + } + + switch (sts) { + case OEMCrypto_SUCCESS: + if (!provider_session_token.empty()) + update_usage_table_after_close_session_ = true; + result = KEY_ADDED; + break; + case OEMCrypto_ERROR_TOO_MANY_KEYS: + result = INSUFFICIENT_CRYPTO_RESOURCES_4; + break; + case OEMCrypto_ERROR_USAGE_TABLE_UNRECOVERABLE: + // Handle vendor specific error + return NEED_PROVISIONING; + case OEMCrypto_ERROR_SESSION_LOST_STATE: + return SESSION_LOST_STATE_ERROR; + case OEMCrypto_ERROR_SYSTEM_INVALIDATED: + return SYSTEM_INVALIDATED_ERROR; + default: + result = LOAD_KEY_ERROR; + break; } } // Release crypto_lock_ @@ -917,20 +961,26 @@ CdmResponseType CryptoSession::LoadEntitledContentKeys( OEMCryptoResult sts = key_session_->LoadEntitledContentKeys(key_array); - if (OEMCrypto_SUCCESS == sts) { - return KEY_ADDED; - } else if (OEMCrypto_ERROR_INSUFFICIENT_RESOURCES == sts) { - return INSUFFICIENT_CRYPTO_RESOURCES_6; - } else if (OEMCrypto_ERROR_INVALID_CONTEXT == sts) { - return NOT_AN_ENTITLEMENT_SESSION; - } else if (OEMCrypto_KEY_NOT_ENTITLED == sts) { - return NO_MATCHING_ENTITLEMENT_KEY; - } else { - return LOAD_ENTITLED_CONTENT_KEYS_ERROR; + switch (sts) { + case OEMCrypto_SUCCESS: + return KEY_ADDED; + case OEMCrypto_ERROR_INSUFFICIENT_RESOURCES: + return INSUFFICIENT_CRYPTO_RESOURCES_6; + case OEMCrypto_ERROR_INVALID_CONTEXT: + return NOT_AN_ENTITLEMENT_SESSION; + case OEMCrypto_KEY_NOT_ENTITLED: + return NO_MATCHING_ENTITLEMENT_KEY; + case OEMCrypto_ERROR_SESSION_LOST_STATE: + return SESSION_LOST_STATE_ERROR; + case OEMCrypto_ERROR_SYSTEM_INVALIDATED: + return SYSTEM_INVALIDATED_ERROR; + default: + return LOAD_ENTITLED_CONTENT_KEYS_ERROR; } } -bool CryptoSession::LoadCertificatePrivateKey(std::string& wrapped_key) { +CdmResponseType CryptoSession::LoadCertificatePrivateKey( + std::string& wrapped_key) { LOGV("CryptoSession::LoadCertificatePrivateKey: Lock"); std::unique_lock auto_lock(crypto_lock_); @@ -950,17 +1000,14 @@ bool CryptoSession::LoadCertificatePrivateKey(std::string& wrapped_key) { wrapped_key.size()), metrics_, oemcrypto_load_device_rsa_key_, sts); - if (OEMCrypto_SUCCESS != sts) { - LOGE("LoadCertificatePrivateKey: OEMCrypto_LoadDeviceRSAKey error=%d", sts); - return false; - } - - return true; + return MapOEMCryptoResult( + sts, LOAD_DEVICE_RSA_KEY_ERROR, "LoadCertificatePrivateKey"); } -bool CryptoSession::RefreshKeys(const std::string& message, - const std::string& signature, int num_keys, - const CryptoKey* key_array) { +CdmResponseType CryptoSession::RefreshKeys(const std::string& message, + const std::string& signature, + int num_keys, + const CryptoKey* key_array) { LOGV("CryptoSession::RefreshKeys: Lock"); std::unique_lock auto_lock(crypto_lock_); @@ -983,7 +1030,11 @@ bool CryptoSession::RefreshKeys(const std::string& message, reinterpret_cast(signature.data()), signature.size(), num_keys, &load_key_array[0]), metrics_, oemcrypto_refresh_keys_, refresh_sts); - return OEMCrypto_SUCCESS == refresh_sts; + + if (refresh_sts == OEMCrypto_SUCCESS) return KEY_ADDED; + + return MapOEMCryptoResult( + refresh_sts, REFRESH_KEYS_ERROR, "RefreshKeys"); } CdmResponseType CryptoSession::SelectKey(const std::string& key_id, @@ -1013,6 +1064,10 @@ CdmResponseType CryptoSession::SelectKey(const std::string& key_id, return INSUFFICIENT_CRYPTO_RESOURCES_2; case OEMCrypto_ERROR_UNKNOWN_FAILURE: return UNKNOWN_SELECT_KEY_ERROR_1; + case OEMCrypto_ERROR_SESSION_LOST_STATE: + return SESSION_LOST_STATE_ERROR; + case OEMCrypto_ERROR_SYSTEM_INVALIDATED: + return SYSTEM_INVALIDATED_ERROR; case OEMCrypto_ERROR_CONTROL_INVALID: case OEMCrypto_ERROR_KEYBOX_INVALID: default: @@ -1020,21 +1075,27 @@ CdmResponseType CryptoSession::SelectKey(const std::string& key_id, } } -bool CryptoSession::GenerateDerivedKeys(const std::string& message) { - return key_session_->GenerateDerivedKeys(message); +CdmResponseType CryptoSession::GenerateDerivedKeys(const std::string& message) { + OEMCryptoResult sts = key_session_->GenerateDerivedKeys(message); + + return MapOEMCryptoResult( + sts, GENERATE_DERIVED_KEYS_ERROR_2, "GenerateDerivedKeys"); } -bool CryptoSession::GenerateDerivedKeys(const std::string& message, +CdmResponseType CryptoSession::GenerateDerivedKeys(const std::string& message, const std::string& session_key) { - return key_session_->GenerateDerivedKeys(message, session_key); + OEMCryptoResult sts = key_session_->GenerateDerivedKeys(message, session_key); + + return MapOEMCryptoResult( + sts, GENERATE_DERIVED_KEYS_ERROR, "GenerateDerivedKeys"); } -bool CryptoSession::GenerateSignature(const std::string& message, - std::string* signature) { +CdmResponseType CryptoSession::GenerateSignature(const std::string& message, + std::string* signature) { LOGV("GenerateSignature: id=%lu", oec_session_id_); - if (!signature) { + if (signature == nullptr) { LOGE("GenerateSignature: null signature string"); - return false; + return PARAMETER_NULL; } OEMCryptoResult sts; @@ -1053,7 +1114,7 @@ bool CryptoSession::GenerateSignature(const std::string& message, if (OEMCrypto_SUCCESS == sts) { // Trim signature buffer and done signature->resize(length); - return true; + return NO_ERROR; } if (OEMCrypto_ERROR_SHORT_BUFFER != sts) { break; @@ -1063,16 +1124,16 @@ bool CryptoSession::GenerateSignature(const std::string& message, signature->resize(length); } - LOGE("GenerateSignature: OEMCrypto_GenerateSignature err=%d", sts); - return false; + return MapOEMCryptoResult( + sts, GENERATE_SIGNATURE_ERROR, "GenerateSignature"); } -bool CryptoSession::GenerateRsaSignature(const std::string& message, - std::string* signature) { +CdmResponseType CryptoSession::GenerateRsaSignature(const std::string& message, + std::string* signature) { LOGV("GenerateRsaSignature: id=%lu", oec_session_id_); - if (!signature) { + if (signature == nullptr) { LOGE("GenerateRsaSignature: null signature string"); - return false; + return PARAMETER_NULL; } OEMCryptoResult sts; @@ -1093,7 +1154,7 @@ bool CryptoSession::GenerateRsaSignature(const std::string& message, if (OEMCrypto_SUCCESS == sts) { // Trim signature buffer and done signature->resize(length); - return true; + return NO_ERROR; } if (OEMCrypto_ERROR_SHORT_BUFFER != sts) { break; @@ -1103,8 +1164,8 @@ bool CryptoSession::GenerateRsaSignature(const std::string& message, signature->resize(length); } - LOGE("GenerateRsaSignature: OEMCrypto_GenerateRSASignature err=%d", sts); - return false; + return MapOEMCryptoResult( + sts, RSA_SIGNATURE_GENERATION_ERROR, "OEMCrypto_GenerateRSASignature"); } CdmResponseType CryptoSession::Decrypt(const CdmDecryptionParameters& params) { @@ -1212,6 +1273,12 @@ CdmResponseType CryptoSession::Decrypt(const CdmDecryptionParameters& params) { return INSUFFICIENT_OUTPUT_PROTECTION; case OEMCrypto_ERROR_ANALOG_OUTPUT: return ANALOG_OUTPUT_ERROR; + case OEMCrypto_ERROR_OUTPUT_TOO_LARGE: + return OUTPUT_TOO_LARGE_ERROR; + case OEMCrypto_ERROR_SESSION_LOST_STATE: + return SESSION_LOST_STATE_ERROR; + case OEMCrypto_ERROR_SYSTEM_INVALIDATED: + return SYSTEM_INVALIDATED_ERROR; default: return UNKNOWN_ERROR; } @@ -1271,15 +1338,21 @@ CdmResponseType CryptoSession::DeactivateUsageInformation( oec_session_id_, pst, provider_session_token.length()); metrics_->oemcrypto_deactivate_usage_entry_.Increment(status); + if (status != OEMCrypto_SUCCESS) { + LOGE("CryptoSession::DeactivateUsageInformation: error=%ld", status); + } + switch (status) { case OEMCrypto_SUCCESS: return NO_ERROR; case OEMCrypto_ERROR_INVALID_CONTEXT: - LOGE("CryptoSession::DeactivateUsageInformation: invalid context error"); return KEY_CANCELED; + case OEMCrypto_ERROR_SESSION_LOST_STATE: + return SESSION_LOST_STATE_ERROR; + case OEMCrypto_ERROR_SYSTEM_INVALIDATED: + return SYSTEM_INVALIDATED_ERROR; default: - LOGE("CryptoSession::DeactivateUsageInformation: error=%ld", status); - return UNKNOWN_ERROR; + return DEACTIVATE_USAGE_ENTRY_ERROR; } } @@ -1289,9 +1362,9 @@ CdmResponseType CryptoSession::GenerateUsageReport( int64_t* seconds_since_last_played) { LOGV("GenerateUsageReport: id=%lu", oec_session_id_); - if (NULL == usage_report) { + if (nullptr == usage_report) { LOGE("CryptoSession::GenerateUsageReport: usage_report parameter is null"); - return UNKNOWN_ERROR; + return PARAMETER_NULL; } std::unique_lock auto_lock(crypto_lock_); @@ -1304,12 +1377,9 @@ CdmResponseType CryptoSession::GenerateUsageReport( &usage_length); metrics_->oemcrypto_report_usage_.Increment(status); - if (OEMCrypto_SUCCESS != status) { - if (OEMCrypto_ERROR_SHORT_BUFFER != status) { - LOGE("CryptoSession::GenerateUsageReport: Report Usage error=%ld", - status); - return UNKNOWN_ERROR; - } + if (status != OEMCrypto_SUCCESS && status != OEMCrypto_ERROR_SHORT_BUFFER) { + return MapOEMCryptoResult( + status, GENERATE_USAGE_REPORT_ERROR, "GenerateUsageReport"); } std::vector buffer(usage_length); @@ -1319,9 +1389,9 @@ CdmResponseType CryptoSession::GenerateUsageReport( &usage_length); metrics_->oemcrypto_report_usage_.Increment(status); - if (OEMCrypto_SUCCESS != status) { - LOGE("CryptoSession::GenerateUsageReport: Report Usage error=%ld", status); - return UNKNOWN_ERROR; + if (status != OEMCrypto_SUCCESS) { + return MapOEMCryptoResult( + status, GENERATE_USAGE_REPORT_ERROR, "OEMCrypto_ReportUsage"); } if (usage_length != buffer.size()) { @@ -1479,10 +1549,10 @@ bool CryptoSession::IsAntiRollbackHwPresent() { return is_present; } -bool CryptoSession::GenerateNonce(uint32_t* nonce) { - if (!nonce) { +CdmResponseType CryptoSession::GenerateNonce(uint32_t* nonce) { + if (nonce == nullptr) { LOGE("input parameter is null"); - return false; + return PARAMETER_NULL; } LOGV("CryptoSession::GenerateNonce: Lock"); @@ -1490,7 +1560,8 @@ bool CryptoSession::GenerateNonce(uint32_t* nonce) { OEMCryptoResult result = OEMCrypto_GenerateNonce(oec_session_id_, nonce); metrics_->oemcrypto_generate_nonce_.Increment(result); - return OEMCrypto_SUCCESS == result; + + return MapOEMCryptoResult(result, NONCE_GENERATION_ERROR, "GenerateNonce"); } bool CryptoSession::SetDestinationBufferType() { @@ -1512,13 +1583,14 @@ bool CryptoSession::SetDestinationBufferType() { return true; } -bool CryptoSession::RewrapCertificate(const std::string& signed_message, - const std::string& signature, - const std::string& nonce, - const std::string& private_key, - const std::string& iv, - const std::string& wrapping_key, - std::string* wrapped_private_key) { +CdmResponseType CryptoSession::RewrapCertificate( + const std::string& signed_message, + const std::string& signature, + const std::string& nonce, + const std::string& private_key, + const std::string& iv, + const std::string& wrapping_key, + std::string* wrapped_private_key) { LOGV("CryptoSession::RewrapCertificate, session id=%lu", oec_session_id_); if (pre_provision_token_type_ == kClientTokenKeybox) { @@ -1534,16 +1606,17 @@ bool CryptoSession::RewrapCertificate(const std::string& signed_message, "CryptoSession::RewrapCertificate, Bad pre-provision type=%d: " "session id=%lu", pre_provision_token_type_, oec_session_id_); - return false; + return UNKNOWN_CLIENT_TOKEN_TYPE; } } -bool CryptoSession::RewrapDeviceRSAKey(const std::string& message, - const std::string& signature, - const std::string& nonce, - const std::string& enc_rsa_key, - const std::string& rsa_key_iv, - std::string* wrapped_rsa_key) { +CdmResponseType CryptoSession::RewrapDeviceRSAKey( + const std::string& message, + const std::string& signature, + const std::string& nonce, + const std::string& enc_rsa_key, + const std::string& rsa_key_iv, + std::string* wrapped_rsa_key) { LOGV("CryptoSession::RewrapDeviceRSAKey, session id=%lu", oec_session_id_); const uint8_t* signed_msg = reinterpret_cast(message.data()); @@ -1567,9 +1640,10 @@ bool CryptoSession::RewrapDeviceRSAKey(const std::string& message, signature.size(), msg_nonce, msg_rsa_key, enc_rsa_key.size(), msg_rsa_key_iv, NULL, &wrapped_rsa_key_length), metrics_, oemcrypto_rewrap_device_rsa_key_, status); + if (status != OEMCrypto_ERROR_SHORT_BUFFER) { - LOGE("OEMCrypto_RewrapDeviceRSAKey fails to get wrapped_rsa_key_length"); - return false; + return MapOEMCryptoResult( + status, REWRAP_DEVICE_RSA_KEY_ERROR, "RewrapDeviceRSAKey"); } wrapped_rsa_key->resize(wrapped_rsa_key_length); @@ -1583,20 +1657,17 @@ bool CryptoSession::RewrapDeviceRSAKey(const std::string& message, wrapped_rsa_key->resize(wrapped_rsa_key_length); - if (OEMCrypto_SUCCESS != status) { - LOGE("OEMCrypto_RewrapDeviceRSAKey fails with %d", status); - return false; - } - - return true; + return MapOEMCryptoResult( + status, REWRAP_DEVICE_RSA_KEY_ERROR, "RewrapDeviceRSAKey"); } -bool CryptoSession::RewrapDeviceRSAKey30(const std::string& message, - const std::string& nonce, - const std::string& private_key, - const std::string& iv, - const std::string& wrapping_key, - std::string* wrapped_private_key) { +CdmResponseType CryptoSession::RewrapDeviceRSAKey30( + const std::string& message, + const std::string& nonce, + const std::string& private_key, + const std::string& iv, + const std::string& wrapping_key, + std::string* wrapped_private_key) { LOGV("CryptoSession::RewrapDeviceRSAKey30, session id=%lu", oec_session_id_); @@ -1627,8 +1698,8 @@ bool CryptoSession::RewrapDeviceRSAKey30(const std::string& message, status); if (status != OEMCrypto_ERROR_SHORT_BUFFER) { - LOGE("OEMCrypto_RewrapDeviceRSAKey30 failed getting wrapped key length"); - return false; + return MapOEMCryptoResult( + status, REWRAP_DEVICE_RSA_KEY_30_ERROR, "RewrapDeviceRSAKey30"); } wrapped_private_key->resize(wrapped_private_key_length); @@ -1644,49 +1715,47 @@ bool CryptoSession::RewrapDeviceRSAKey30(const std::string& message, wrapped_private_key->resize(wrapped_private_key_length); - if (OEMCrypto_SUCCESS != status) { - LOGE("OEMCrypto_RewrapDeviceRSAKey30 fails with %d", status); - return false; - } - return true; + return MapOEMCryptoResult( + status, REWRAP_DEVICE_RSA_KEY_30_ERROR, "RewrapDeviceRSAKey30"); } -bool CryptoSession::GetHdcpCapabilities(HdcpCapability* current, - HdcpCapability* max) { +CdmResponseType CryptoSession::GetHdcpCapabilities(HdcpCapability* current, + HdcpCapability* max) { LOGV("CryptoSession::GetHdcpCapabilities: id=%lu", oec_session_id_); if (!open_) { LOGW("CryptoSession::GetHdcpCapabilities: session not open"); - return false; + return CRYPTO_SESSION_NOT_OPEN; } return GetHdcpCapabilities(requested_security_level_, current, max); } -bool CryptoSession::GetHdcpCapabilities(SecurityLevel security_level, - HdcpCapability* current, - HdcpCapability* max) { +CdmResponseType CryptoSession::GetHdcpCapabilities(SecurityLevel security_level, + HdcpCapability* current, + HdcpCapability* max) { LOGV("CryptoSession::GetHdcpCapabilities"); if (!initialized_) { LOGW("CryptoSession::GetHdcpCapabilities: not initialized"); - return false; + return CRYPTO_SESSION_NOT_INITIALIZED; } - if (current == NULL || max == NULL) { + if (current == nullptr || max == nullptr) { LOGE( "CryptoSession::GetHdcpCapabilities: |current|, |max| cannot be " "NULL"); - return false; + return PARAMETER_NULL; } OEMCryptoResult status = OEMCrypto_GetHDCPCapability(security_level, current, max); - if (OEMCrypto_SUCCESS != status) { + if (OEMCrypto_SUCCESS == status) { + metrics_->oemcrypto_current_hdcp_capability_.Record(*current); + metrics_->oemcrypto_max_hdcp_capability_.Record(*max); + } else { metrics_->oemcrypto_current_hdcp_capability_.SetError(status); metrics_->oemcrypto_max_hdcp_capability_.SetError(status); - LOGW("OEMCrypto_GetHDCPCapability fails with %d", status); - return false; } - metrics_->oemcrypto_current_hdcp_capability_.Record(*current); - metrics_->oemcrypto_max_hdcp_capability_.Record(*max); - return true; + + return MapOEMCryptoResult( + status, GET_HDCP_CAPABILITY_FAILED, "GetHDCPCapability"); } bool CryptoSession::GetSupportedCertificateTypes( @@ -1708,94 +1777,87 @@ bool CryptoSession::GetSupportedCertificateTypes( return true; } -bool CryptoSession::GetRandom(size_t data_length, uint8_t* random_data) { - if (random_data == NULL) { +CdmResponseType CryptoSession::GetRandom(size_t data_length, + uint8_t* random_data) { + if (random_data == nullptr) { LOGE("CryptoSession::GetRandom: random data destination not provided"); - return false; + return PARAMETER_NULL; } OEMCryptoResult sts = OEMCrypto_GetRandom(random_data, data_length); metrics_->oemcrypto_get_random_.Increment(sts); - if (sts != OEMCrypto_SUCCESS) { - LOGE("OEMCrypto_GetRandom fails with %d", sts); - return false; - } - - return true; + return MapOEMCryptoResult(sts, RANDOM_GENERATION_ERROR, "GetRandom"); } -bool CryptoSession::GetNumberOfOpenSessions(SecurityLevel security_level, - size_t* count) { +CdmResponseType CryptoSession::GetNumberOfOpenSessions( + SecurityLevel security_level, + size_t* count) { LOGV("GetNumberOfOpenSessions"); if (!initialized_) { LOGW("CryptoSession::GetNumberOfOpenSessions: not initialized"); - return false; + return CRYPTO_SESSION_NOT_INITIALIZED; } - if (count == NULL) { + if (count == nullptr) { LOGE("CryptoSession::GetNumberOfOpenSessions: |count| cannot be NULL"); - return false; + return PARAMETER_NULL; } size_t sessions_count; OEMCryptoResult status = OEMCrypto_GetNumberOfOpenSessions( security_level, &sessions_count); - if (OEMCrypto_SUCCESS != status) { - LOGW("OEMCrypto_GetNumberOfOpenSessions fails with %d", status); + if (OEMCrypto_SUCCESS == status) { + metrics_->oemcrypto_number_of_open_sessions_.Record(sessions_count); + *count = sessions_count; + } else { metrics_->oemcrypto_number_of_open_sessions_.SetError(status); - return false; } - metrics_->oemcrypto_number_of_open_sessions_.Record(sessions_count); - *count = sessions_count; - return true; + return MapOEMCryptoResult( + status, GET_NUMBER_OF_OPEN_SESSIONS_ERROR, "GetNumberOfOpenSessions"); } -bool CryptoSession::GetMaxNumberOfSessions(SecurityLevel security_level, - size_t* max) { +CdmResponseType CryptoSession::GetMaxNumberOfSessions( + SecurityLevel security_level, + size_t* max) { LOGV("GetMaxNumberOfSessions"); if (!initialized_) { LOGW("CryptoSession::GetMaxNumberOfSessions: not initialized"); - return false; + return CRYPTO_SESSION_NOT_INITIALIZED; } - if (max == NULL) { + if (max == nullptr) { LOGE("CryptoSession::GetMaxNumberOfSessions: |max| cannot be NULL"); - return false; + return PARAMETER_NULL; } size_t max_sessions = 0; OEMCryptoResult status = OEMCrypto_GetMaxNumberOfSessions( security_level, &max_sessions); - if (OEMCrypto_SUCCESS != status) { - LOGW("OEMCrypto_GetMaxNumberOfSessions fails with %d", status); + + if (OEMCrypto_SUCCESS == status) { + metrics_->oemcrypto_max_number_of_sessions_.Record(max_sessions); + *max = max_sessions; + } else { metrics_->oemcrypto_max_number_of_sessions_.SetError(status); - return false; } - metrics_->oemcrypto_max_number_of_sessions_.Record(max_sessions); - *max = max_sessions; - return true; + return MapOEMCryptoResult(status, GET_MAX_NUMBER_OF_OPEN_SESSIONS_ERROR, + "GetMaxNumberOfOpenSessions"); } -bool CryptoSession::GetSrmVersion(uint16_t* srm_version) { +CdmResponseType CryptoSession::GetSrmVersion(uint16_t* srm_version) { LOGV("GetSrmVersion"); - if (!initialized_) return false; - if (srm_version == NULL) { + if (!initialized_) return CRYPTO_SESSION_NOT_INITIALIZED; + if (srm_version == nullptr) { LOGE("CryptoSession::GetSrmVersion: |srm_version| cannot be NULL"); - return false; + return PARAMETER_NULL; } OEMCryptoResult status = OEMCrypto_GetCurrentSRMVersion(srm_version); - switch (status) { - case OEMCrypto_SUCCESS: - return true; - case OEMCrypto_ERROR_NOT_IMPLEMENTED: - return false; - default: - LOGW("OEMCrypto_GetCurrentSRMVersion fails with %d", status); - return false; - } + + return MapOEMCryptoResult( + status, GET_SRM_VERSION_ERROR, "GetCurrentSRMVersion"); } bool CryptoSession::IsSrmUpdateSupported() { @@ -1804,21 +1866,18 @@ bool CryptoSession::IsSrmUpdateSupported() { return OEMCrypto_IsSRMUpdateSupported(); } -bool CryptoSession::LoadSrm(const std::string& srm) { +CdmResponseType CryptoSession::LoadSrm(const std::string& srm) { LOGV("LoadSrm"); - if (!initialized_) return false; + if (!initialized_) return CRYPTO_SESSION_NOT_INITIALIZED; if (srm.empty()) { LOGE("CryptoSession::LoadSrm: |srm| cannot be empty"); - return false; + return INVALID_SRM_LIST; } OEMCryptoResult status = OEMCrypto_LoadSRM( reinterpret_cast(srm.data()), srm.size()); - if (OEMCrypto_SUCCESS != status) { - LOGW("OEMCrypto_LoadSRM fails with %d", status); - return false; - } - return true; + + return MapOEMCryptoResult(status, LOAD_SRM_ERROR, "LoadSRM"); } bool CryptoSession::GetResourceRatingTier(uint32_t* tier) { @@ -1905,11 +1964,8 @@ CdmResponseType CryptoSession::SetDecryptHash( OEMCryptoResult sts = OEMCrypto_SetDecryptHash( oec_session_id_, frame_number, reinterpret_cast(hash.data()), hash.size()); - if (OEMCrypto_SUCCESS != sts) { - LOGE("SetSecureDecryptHash: failed with error %d", sts); - return SET_DECRYPT_HASH_ERROR; - } - return NO_ERROR; + + return MapOEMCryptoResult(sts, SET_DECRYPT_HASH_ERROR, "SetDecryptHash"); } CdmResponseType CryptoSession::GetDecryptHashError(std::string* error_string) { @@ -1925,19 +1981,24 @@ CdmResponseType CryptoSession::GetDecryptHashError(std::string* error_string) { oec_session_id_, &failed_frame_number); error_string->assign(std::to_string(sts)); + if (sts != OEMCrypto_SUCCESS) { + LOGE("GetDecryptHashError: failed with error %d", sts); + } + switch (sts) { case OEMCrypto_SUCCESS: case OEMCrypto_ERROR_BAD_HASH: - case OEMCrypto_ERROR_SESSION_LOST_STATE: - case OEMCrypto_ERROR_SYSTEM_INVALIDATED: error_string->assign(std::to_string(sts)); error_string->append(","); error_string->append(std::to_string(failed_frame_number)); return NO_ERROR; + case OEMCrypto_ERROR_SESSION_LOST_STATE: + return SESSION_LOST_STATE_ERROR; + case OEMCrypto_ERROR_SYSTEM_INVALIDATED: + return SYSTEM_INVALIDATED_ERROR; case OEMCrypto_ERROR_UNKNOWN_FAILURE: case OEMCrypto_ERROR_NOT_IMPLEMENTED: default: - LOGE("GetDecryptHashError: failed with error %d", sts); return GET_DECRYPT_HASH_ERROR; } } @@ -1948,7 +2009,7 @@ CdmResponseType CryptoSession::GenericEncrypt(const std::string& in_buffer, CdmEncryptionAlgorithm algorithm, std::string* out_buffer) { LOGV("GenericEncrypt: id=%lu", oec_session_id_); - if (!out_buffer) { + if (out_buffer == nullptr) { LOGE("CryptoSession::GenericEncrypt: out_buffer not provided"); return PARAMETER_NULL; } @@ -1983,16 +2044,25 @@ CdmResponseType CryptoSession::GenericEncrypt(const std::string& in_buffer, if (OEMCrypto_SUCCESS != sts) { LOGE("GenericEncrypt: OEMCrypto_Generic_Encrypt err=%d", sts); - if (OEMCrypto_ERROR_KEY_EXPIRED == sts) { - return NEED_KEY; - } else if (OEMCrypto_ERROR_NO_CONTENT_KEY == sts - || OEMCrypto_KEY_NOT_LOADED == sts) { // obsolete in v15. - return KEY_NOT_FOUND_3; - } else { - return UNKNOWN_ERROR; - } } - return NO_ERROR; + + switch (sts) { + case OEMCrypto_SUCCESS: + return NO_ERROR; + case OEMCrypto_ERROR_KEY_EXPIRED: + return NEED_KEY; + case OEMCrypto_ERROR_NO_CONTENT_KEY: + case OEMCrypto_KEY_NOT_LOADED: // obsolete in v15. + return KEY_NOT_FOUND_3; + case OEMCrypto_ERROR_OUTPUT_TOO_LARGE: + return OUTPUT_TOO_LARGE_ERROR; + case OEMCrypto_ERROR_SESSION_LOST_STATE: + return SESSION_LOST_STATE_ERROR; + case OEMCrypto_ERROR_SYSTEM_INVALIDATED: + return SYSTEM_INVALIDATED_ERROR; + default: + return UNKNOWN_ERROR; + } } CdmResponseType CryptoSession::GenericDecrypt(const std::string& in_buffer, @@ -2001,7 +2071,7 @@ CdmResponseType CryptoSession::GenericDecrypt(const std::string& in_buffer, CdmEncryptionAlgorithm algorithm, std::string* out_buffer) { LOGV("GenericDecrypt: id=%lu", oec_session_id_); - if (!out_buffer) { + if (out_buffer == nullptr) { LOGE("CryptoSession::GenericDecrypt: out_buffer not provided"); return PARAMETER_NULL; } @@ -2036,16 +2106,25 @@ CdmResponseType CryptoSession::GenericDecrypt(const std::string& in_buffer, if (OEMCrypto_SUCCESS != sts) { LOGE("GenericDecrypt: OEMCrypto_Generic_Decrypt err=%d", sts); - if (OEMCrypto_ERROR_KEY_EXPIRED == sts) { - return NEED_KEY; - } else if (OEMCrypto_ERROR_NO_CONTENT_KEY == sts - || OEMCrypto_KEY_NOT_LOADED == sts) { // obsolete in v15. - return KEY_NOT_FOUND_4; - } else { - return UNKNOWN_ERROR; - } } - return NO_ERROR; + + switch (sts) { + case OEMCrypto_SUCCESS: + return NO_ERROR; + case OEMCrypto_ERROR_KEY_EXPIRED: + return NEED_KEY; + case OEMCrypto_ERROR_NO_CONTENT_KEY: + case OEMCrypto_KEY_NOT_LOADED: // obsolete in v15. + return KEY_NOT_FOUND_4; + case OEMCrypto_ERROR_OUTPUT_TOO_LARGE: + return OUTPUT_TOO_LARGE_ERROR; + case OEMCrypto_ERROR_SESSION_LOST_STATE: + return SESSION_LOST_STATE_ERROR; + case OEMCrypto_ERROR_SYSTEM_INVALIDATED: + return SYSTEM_INVALIDATED_ERROR; + default: + return UNKNOWN_ERROR; + } } CdmResponseType CryptoSession::GenericSign(const std::string& message, @@ -2053,7 +2132,7 @@ CdmResponseType CryptoSession::GenericSign(const std::string& message, CdmSigningAlgorithm algorithm, std::string* signature) { LOGV("GenericSign: id=%lu", oec_session_id_); - if (!signature) { + if (signature == nullptr) { LOGE("CryptoSession::GenericSign: signature not provided"); return PARAMETER_NULL; } @@ -2099,13 +2178,21 @@ CdmResponseType CryptoSession::GenericSign(const std::string& message, } LOGE("GenericSign: OEMCrypto_Generic_Sign err=%d", sts); - if (OEMCrypto_ERROR_KEY_EXPIRED == sts) { - return NEED_KEY; - } else if (OEMCrypto_ERROR_NO_CONTENT_KEY == sts - || OEMCrypto_KEY_NOT_LOADED == sts) { // obsolete in v15. - return KEY_NOT_FOUND_5; - } else { - return UNKNOWN_ERROR; + + switch (sts) { + case OEMCrypto_ERROR_KEY_EXPIRED: + return NEED_KEY; + case OEMCrypto_ERROR_NO_CONTENT_KEY: + case OEMCrypto_KEY_NOT_LOADED: // obsolete in v15. + return KEY_NOT_FOUND_5; + case OEMCrypto_ERROR_OUTPUT_TOO_LARGE: + return OUTPUT_TOO_LARGE_ERROR; + case OEMCrypto_ERROR_SESSION_LOST_STATE: + return SESSION_LOST_STATE_ERROR; + case OEMCrypto_ERROR_SYSTEM_INVALIDATED: + return SYSTEM_INVALIDATED_ERROR; + default: + return UNKNOWN_ERROR; } } @@ -2138,16 +2225,25 @@ CdmResponseType CryptoSession::GenericVerify(const std::string& message, if (OEMCrypto_SUCCESS != sts) { LOGE("GenericVerify: OEMCrypto_Generic_Verify err=%d", sts); - if (OEMCrypto_ERROR_KEY_EXPIRED == sts) { - return NEED_KEY; - } else if (OEMCrypto_ERROR_NO_CONTENT_KEY == sts - || OEMCrypto_KEY_NOT_LOADED == sts) { // obsolete in v15. - return KEY_NOT_FOUND_6; - } else { - return UNKNOWN_ERROR; - } } - return NO_ERROR; + + switch (sts) { + case OEMCrypto_SUCCESS: + return NO_ERROR; + case OEMCrypto_ERROR_KEY_EXPIRED: + return NEED_KEY; + case OEMCrypto_ERROR_NO_CONTENT_KEY: + case OEMCrypto_KEY_NOT_LOADED: // obsolete in v15. + return KEY_NOT_FOUND_6; + case OEMCrypto_ERROR_OUTPUT_TOO_LARGE: + return OUTPUT_TOO_LARGE_ERROR; + case OEMCrypto_ERROR_SESSION_LOST_STATE: + return SESSION_LOST_STATE_ERROR; + case OEMCrypto_ERROR_SYSTEM_INVALIDATED: + return SYSTEM_INVALIDATED_ERROR; + default: + return UNKNOWN_ERROR; + } } CdmResponseType CryptoSession::GetUsageSupportType( @@ -2208,14 +2304,12 @@ CdmResponseType CryptoSession::CreateUsageTableHeader( &usage_table_header_size); } - if (result != OEMCrypto_SUCCESS) { - LOGE("CreateUsageTableHeader: usage table header creation failed: %d", - result); - return CREATE_USAGE_TABLE_ERROR; + if (result == OEMCrypto_SUCCESS) { + usage_table_header->resize(usage_table_header_size); } - usage_table_header->resize(usage_table_header_size); - return NO_ERROR; + return MapOEMCryptoResult(result, CREATE_USAGE_TABLE_ERROR, + "CreateUsageTableHeader"); } CdmResponseType CryptoSession::LoadUsageTableHeader( @@ -2248,6 +2342,8 @@ CdmResponseType CryptoSession::LoadUsageTableHeader( return LOAD_USAGE_HEADER_SIGNATURE_FAILURE; case OEMCrypto_ERROR_BAD_MAGIC: return LOAD_USAGE_HEADER_BAD_MAGIC; + case OEMCrypto_ERROR_SYSTEM_INVALIDATED: + return SYSTEM_INVALIDATED_ERROR; case OEMCrypto_ERROR_UNKNOWN_FAILURE: default: return LOAD_USAGE_HEADER_UNKNOWN_ERROR; @@ -2265,16 +2361,20 @@ CdmResponseType CryptoSession::CreateUsageEntry(uint32_t* entry_number) { OEMCryptoResult result = OEMCrypto_CreateNewUsageEntry(oec_session_id_, entry_number); + if (result != OEMCrypto_SUCCESS) { + LOGE("CreateUsageEntry: OEMCrypto_CreateNewUsageEntry error: %d", result); + } + switch (result) { case OEMCrypto_SUCCESS: return NO_ERROR; case OEMCrypto_ERROR_INSUFFICIENT_RESOURCES: - LOGE( - "CreateUsageEntry: OEMCrypto_CreateNewUsageEntry error: " - "Insufficient resources"); return INSUFFICIENT_CRYPTO_RESOURCES_3; + case OEMCrypto_ERROR_SESSION_LOST_STATE: + return SESSION_LOST_STATE_ERROR; + case OEMCrypto_ERROR_SYSTEM_INVALIDATED: + return SYSTEM_INVALIDATED_ERROR; default: - LOGE("CreateUsageEntry: OEMCrypto_CreateNewUsageEntry error: %d", result); return CREATE_USAGE_ENTRY_UNKNOWN_ERROR; } } @@ -2305,6 +2405,10 @@ CdmResponseType CryptoSession::LoadUsageEntry( return LOAD_USAGE_ENTRY_SIGNATURE_FAILURE; case OEMCrypto_ERROR_INSUFFICIENT_RESOURCES: return INSUFFICIENT_CRYPTO_RESOURCES_3; + case OEMCrypto_ERROR_SESSION_LOST_STATE: + return SESSION_LOST_STATE_ERROR; + case OEMCrypto_ERROR_SYSTEM_INVALIDATED: + return SYSTEM_INVALIDATED_ERROR; default: return LOAD_USAGE_ENTRY_UNKNOWN_ERROR; } @@ -2344,14 +2448,13 @@ CdmResponseType CryptoSession::UpdateUsageEntry( metrics_->oemcrypto_update_usage_entry_.Increment(result); } - if (result != OEMCrypto_SUCCESS) { - LOGE("UpdateUsageEntry: OEMCrypto_UpdateUsageEntry error: %d", result); - return UPDATE_USAGE_ENTRY_UNKNOWN_ERROR; + if (result == OEMCrypto_SUCCESS) { + usage_table_header->resize(usage_table_header_len); + usage_entry->resize(usage_entry_len); } - usage_table_header->resize(usage_table_header_len); - usage_entry->resize(usage_entry_len); - return NO_ERROR; + return MapOEMCryptoResult(result, UPDATE_USAGE_ENTRY_UNKNOWN_ERROR, + "UpdateUsageEntry"); } CdmResponseType CryptoSession::ShrinkUsageTableHeader( @@ -2378,14 +2481,12 @@ CdmResponseType CryptoSession::ShrinkUsageTableHeader( &usage_table_header_len); } - if (result != OEMCrypto_SUCCESS) { - LOGE("ShrinkUsageTableHeader: OEMCrypto_ShrinkUsageTableHeader error: %d", - result); - return SHRINK_USAGE_TABLER_HEADER_UNKNOWN_ERROR; + if (result == OEMCrypto_SUCCESS) { + usage_table_header->resize(usage_table_header_len); } - usage_table_header->resize(usage_table_header_len); - return NO_ERROR; + return MapOEMCryptoResult(result, SHRINK_USAGE_TABLER_HEADER_UNKNOWN_ERROR, + "ShrinkUsageTableHeader"); } CdmResponseType CryptoSession::MoveUsageEntry(uint32_t new_entry_number) { @@ -2394,12 +2495,8 @@ CdmResponseType CryptoSession::MoveUsageEntry(uint32_t new_entry_number) { OEMCryptoResult result = OEMCrypto_MoveEntry(oec_session_id_, new_entry_number); - if (result != OEMCrypto_SUCCESS) { - LOGE("MoveUsageEntry: OEMCrypto_MoveEntry error: %d", result); - return MOVE_USAGE_ENTRY_UNKNOWN_ERROR; - } - - return NO_ERROR; + return MapOEMCryptoResult( + result, MOVE_USAGE_ENTRY_UNKNOWN_ERROR, "MoveUsageEntry"); } bool CryptoSession::CreateOldUsageEntry( @@ -2461,12 +2558,8 @@ CdmResponseType CryptoSession::CopyOldUsageEntry( reinterpret_cast(provider_session_token.data()), provider_session_token.size()); - if (result != OEMCrypto_SUCCESS) { - LOGE("CopyOldUsageEntry: OEMCrypto_CopyOldUsageEntry error: %d", result); - return COPY_OLD_USAGE_ENTRY_UNKNOWN_ERROR; - } - - return NO_ERROR; + return MapOEMCryptoResult( + result, COPY_OLD_USAGE_ENTRY_UNKNOWN_ERROR, "CopyOldUsageEntry"); } bool CryptoSession::GetAnalogOutputCapabilities(bool* can_support_output, diff --git a/libwvdrmengine/cdm/core/src/license.cpp b/libwvdrmengine/cdm/core/src/license.cpp index 9df3017e..63d3d550 100644 --- a/libwvdrmengine/cdm/core/src/license.cpp +++ b/libwvdrmengine/cdm/core/src/license.cpp @@ -321,8 +321,16 @@ CdmResponseType CdmLicense::PrepareKeyRequest( // Get/set the nonce. This value will be reflected in the Key Control Block // of the license response. uint32_t nonce; - if (!crypto_session_->GenerateNonce(&nonce)) { - return LICENSE_REQUEST_NONCE_GENERATION_ERROR; + status = crypto_session_->GenerateNonce(&nonce); + + switch (status) { + case NO_ERROR: + break; + case SESSION_LOST_STATE_ERROR: + case SYSTEM_INVALIDATED_ERROR: + return status; + default: + return LICENSE_REQUEST_NONCE_GENERATION_ERROR; } license_request.set_key_control_nonce(nonce); LOGD("PrepareKeyRequest: nonce=%u", nonce); @@ -337,10 +345,12 @@ CdmResponseType CdmLicense::PrepareKeyRequest( // Derive signing and encryption keys and construct signature. std::string license_request_signature; - if (!crypto_session_->PrepareRequest(serialized_license_req, false, - &license_request_signature)) { + status = crypto_session_->PrepareRequest(serialized_license_req, false, + &license_request_signature); + + if (status != NO_ERROR) { signed_request->clear(); - return LICENSE_REQUEST_SIGNING_ERROR; + return status; } if (license_request_signature.empty()) { @@ -455,8 +465,16 @@ CdmResponseType CdmLicense::PrepareKeyUpdateRequest( // Get/set the nonce. This value will be reflected in the Key Control Block // of the license response. uint32_t nonce; - if (!crypto_session_->GenerateNonce(&nonce)) { - return LICENSE_RENEWAL_NONCE_GENERATION_ERROR; + CdmResponseType status = crypto_session_->GenerateNonce(&nonce); + + switch (status) { + case NO_ERROR: + break; + case SESSION_LOST_STATE_ERROR: + case SYSTEM_INVALIDATED_ERROR: + return status; + default: + return LICENSE_RENEWAL_NONCE_GENERATION_ERROR; } license_request.set_key_control_nonce(nonce); LOGD("PrepareKeyUpdateRequest: nonce=%u", nonce); @@ -468,9 +486,9 @@ CdmResponseType CdmLicense::PrepareKeyUpdateRequest( // Construct signature. std::string license_request_signature; - if (!crypto_session_->PrepareRenewalRequest(serialized_license_req, - &license_request_signature)) - return LICENSE_RENEWAL_SIGNING_ERROR; + status = crypto_session_->PrepareRenewalRequest(serialized_license_req, + &license_request_signature); + if (status != NO_ERROR) return status; if (license_request_signature.empty()) { LOGE( @@ -544,9 +562,11 @@ CdmResponseType CdmLicense::HandleKeyResponse( LOGE("CdmLicense::HandleKeyResponse: no session keys present"); return SESSION_KEYS_NOT_FOUND; } - if (!crypto_session_->GenerateDerivedKeys(key_request_, - signed_response.session_key())) - return GENERATE_DERIVED_KEYS_ERROR; + CdmResponseType status = + crypto_session_->GenerateDerivedKeys(key_request_, + signed_response.session_key()); + + if (status != NO_ERROR) return status; // Extract mac key std::string mac_key_iv; @@ -584,7 +604,17 @@ CdmResponseType CdmLicense::HandleKeyResponse( license_key_type_ = key_type; provider_client_token_ = license.provider_client_token(); - if (license.has_srm_update()) crypto_session_->LoadSrm(license.srm_update()); + if (license.has_srm_update()) { + CdmResponseType status = crypto_session_->LoadSrm(license.srm_update()); + switch (status) { + case NO_ERROR: + break; + case SYSTEM_INVALIDATED_ERROR: + return status; + default: + break; // Ignore + } + } if (license.id().type() == video_widevine::OFFLINE && license.policy().can_persist()) @@ -689,15 +719,16 @@ CdmResponseType CdmLicense::HandleKeyUpdateResponse( std::vector key_array = ExtractContentKeys(license); - if (crypto_session_->RefreshKeys(signed_response.msg(), + CdmResponseType status = + crypto_session_->RefreshKeys(signed_response.msg(), signed_response.signature(), - key_array.size(), &key_array[0])) { - policy_engine_->UpdateLicense(license); + key_array.size(), &key_array[0]); - return KEY_ADDED; - } else { - return REFRESH_KEYS_ERROR; + if (status == KEY_ADDED) { + policy_engine_->UpdateLicense(license); } + + return status; } CdmResponseType CdmLicense::HandleEmbeddedKeyData( diff --git a/libwvdrmengine/cdm/core/src/policy_engine.cpp b/libwvdrmengine/cdm/core/src/policy_engine.cpp index b01a6a58..9efa4a2c 100644 --- a/libwvdrmengine/cdm/core/src/policy_engine.cpp +++ b/libwvdrmengine/cdm/core/src/policy_engine.cpp @@ -83,7 +83,9 @@ void PolicyEngine::CheckDeviceHdcpStatus() { if (!license_keys_->Empty()) { CryptoSession::HdcpCapability current_hdcp_level; CryptoSession::HdcpCapability ignored; - if (!crypto_session_->GetHdcpCapabilities(¤t_hdcp_level, &ignored)) { + CdmResponseType status = + crypto_session_->GetHdcpCapabilities(¤t_hdcp_level, &ignored); + if (status != NO_ERROR) { current_hdcp_level = HDCP_NONE; } license_keys_->ApplyConstraints(current_resolution_, current_hdcp_level); diff --git a/libwvdrmengine/cdm/core/src/service_certificate.cpp b/libwvdrmengine/cdm/core/src/service_certificate.cpp index 56d1bb10..e839e674 100644 --- a/libwvdrmengine/cdm/core/src/service_certificate.cpp +++ b/libwvdrmengine/cdm/core/src/service_certificate.cpp @@ -228,12 +228,24 @@ CdmResponseType ServiceCertificate::EncryptClientId( std::string iv(KEY_IV_SIZE, 0); std::string key(SERVICE_KEY_SIZE, 0); - if (!crypto_session->GetRandom(key.size(), - reinterpret_cast(&key[0]))) - return CLIENT_ID_GENERATE_RANDOM_ERROR; - if (!crypto_session->GetRandom(iv.size(), - reinterpret_cast(&iv[0]))) - return CLIENT_ID_GENERATE_RANDOM_ERROR; + CdmResponseType status = + crypto_session->GetRandom(key.size(), + reinterpret_cast(&key[0])); + + if (status != NO_ERROR) { + LOGE("ServiceCertificate::EncryptClientId: GetRandom error: %d", status); + return status == RANDOM_GENERATION_ERROR ? + CLIENT_ID_GENERATE_RANDOM_ERROR : status; + } + + status = crypto_session->GetRandom(iv.size(), + reinterpret_cast(&iv[0])); + + if (status != NO_ERROR) { + LOGE("ServiceCertificate::EncryptClientId: GetRandom error: %d", status); + return status == RANDOM_GENERATION_ERROR ? + CLIENT_ID_GENERATE_RANDOM_ERROR : status; + } std::string id, enc_id, enc_key; clear_client_id->SerializeToString(&id); diff --git a/libwvdrmengine/cdm/core/test/cdm_session_unittest.cpp b/libwvdrmengine/cdm/core/test/cdm_session_unittest.cpp index 81cd260b..1b825a05 100644 --- a/libwvdrmengine/cdm/core/test/cdm_session_unittest.cpp +++ b/libwvdrmengine/cdm/core/test/cdm_session_unittest.cpp @@ -135,12 +135,12 @@ class MockCryptoSession : public TestCryptoSession { Invoke(this, &MockCryptoSession::BaseGetUsageSupportType)); } MOCK_METHOD1(GetClientToken, bool(std::string*)); - MOCK_METHOD1(GetProvisioningToken, bool(std::string*)); + MOCK_METHOD1(GetProvisioningToken, CdmResponseType(std::string*)); MOCK_METHOD0(GetPreProvisionTokenType, CdmClientTokenType()); MOCK_METHOD0(GetSecurityLevel, CdmSecurityLevel()); MOCK_METHOD0(Open, CdmResponseType()); MOCK_METHOD1(Open, CdmResponseType(SecurityLevel)); - MOCK_METHOD1(LoadCertificatePrivateKey, bool(std::string&)); + MOCK_METHOD1(LoadCertificatePrivateKey, CdmResponseType(std::string&)); MOCK_METHOD0(DeleteAllUsageReports, CdmResponseType()); MOCK_METHOD1(GetUsageSupportType, CdmResponseType(CdmUsageSupportType* type)); MOCK_METHOD0(GetUsageTableHeader, UsageTableHeader*()); @@ -219,7 +219,7 @@ TEST_F(CdmSessionTest, InitWithBuiltInCertificate) { Return(true))); EXPECT_CALL(*crypto_session_, LoadCertificatePrivateKey(StrEq(kWrappedKey))) .InSequence(crypto_session_seq) - .WillOnce(Return(true)); + .WillOnce(Return(NO_ERROR)); EXPECT_CALL(*file_handle_, Init(Eq(level))).WillOnce(Return(true)); EXPECT_CALL(*license_parser_, Init(Eq(kToken), Eq(kClientTokenDrmCert), Eq(kEmptyString), @@ -248,7 +248,7 @@ TEST_F(CdmSessionTest, InitWithCertificate) { Return(true))); EXPECT_CALL(*crypto_session_, LoadCertificatePrivateKey(StrEq(kWrappedKey))) .InSequence(crypto_session_seq) - .WillOnce(Return(true)); + .WillOnce(Return(NO_ERROR)); EXPECT_CALL(*license_parser_, Init(Eq(kToken), Eq(kClientTokenDrmCert), Eq(kEmptyString), false, Eq(kEmptyString), Eq(crypto_session_), @@ -276,7 +276,7 @@ TEST_F(CdmSessionTest, ReInitFail) { Return(true))); EXPECT_CALL(*crypto_session_, LoadCertificatePrivateKey(StrEq(kWrappedKey))) .InSequence(crypto_session_seq) - .WillOnce(Return(true)); + .WillOnce(Return(NO_ERROR)); EXPECT_CALL(*license_parser_, Init(Eq(kToken), Eq(kClientTokenDrmCert), Eq(kEmptyString), false, Eq(kEmptyString), Eq(crypto_session_), Eq(policy_engine_))) @@ -331,7 +331,7 @@ TEST_F(CdmSessionTest, UpdateUsageEntry) { Return(true))); EXPECT_CALL(*crypto_session_, LoadCertificatePrivateKey(StrEq(kWrappedKey))) .InSequence(crypto_session_seq) - .WillOnce(Return(true)); + .WillOnce(Return(NO_ERROR)); EXPECT_CALL(*crypto_session_, GetUsageTableHeader()) .WillOnce(Return(&usage_table_header_)); EXPECT_CALL(*license_parser_, diff --git a/libwvdrmengine/cdm/core/test/crypto_session_unittest.cpp b/libwvdrmengine/cdm/core/test/crypto_session_unittest.cpp index 463cc87c..af4b9165 100644 --- a/libwvdrmengine/cdm/core/test/crypto_session_unittest.cpp +++ b/libwvdrmengine/cdm/core/test/crypto_session_unittest.cpp @@ -352,7 +352,7 @@ TEST_F(CryptoSessionMetricsTest, GetProvisioningTokenValidMetrics) { // token. Otherwise, we should be able to fetch the token. std::string token; if (token_type != kClientTokenDrmCert) { - ASSERT_TRUE(session->GetProvisioningToken(&token)); + ASSERT_EQ(NO_ERROR, session->GetProvisioningToken(&token)); } drm_metrics::WvCdmMetrics::CryptoMetrics metrics_proto; diff --git a/libwvdrmengine/cdm/core/test/license_unittest.cpp b/libwvdrmengine/cdm/core/test/license_unittest.cpp index 6cc2e02b..6f54b464 100644 --- a/libwvdrmengine/cdm/core/test/license_unittest.cpp +++ b/libwvdrmengine/cdm/core/test/license_unittest.cpp @@ -140,11 +140,13 @@ class MockCryptoSession : public TestCryptoSession { MOCK_METHOD0(IsOpen, bool()); MOCK_METHOD0(request_id, const std::string&()); MOCK_METHOD1(UsageInformationSupport, bool(bool*)); - MOCK_METHOD2(GetHdcpCapabilities, bool(HdcpCapability*, HdcpCapability*)); + MOCK_METHOD2(GetHdcpCapabilities, + CdmResponseType(HdcpCapability*, HdcpCapability*)); MOCK_METHOD1(GetSupportedCertificateTypes, bool(SupportedCertificateTypes*)); MOCK_METHOD1(GetApiVersion, bool(uint32_t*)); - MOCK_METHOD1(GenerateNonce, bool(uint32_t*)); - MOCK_METHOD3(PrepareRequest, bool(const std::string&, bool, std::string*)); + MOCK_METHOD1(GenerateNonce, CdmResponseType(uint32_t*)); + MOCK_METHOD3(PrepareRequest, + CdmResponseType(const std::string&, bool, std::string*)); MOCK_METHOD1(LoadEntitledContentKeys, CdmResponseType(const std::vector& key_array)); MOCK_METHOD1(GetResourceRatingTier, bool(uint32_t*)); @@ -318,7 +320,7 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidation) { DoAll(SetArgPointee<0>(usage_information_support), Return(true))); EXPECT_CALL(*crypto_session_, GetHdcpCapabilities(NotNull(), NotNull())) .WillOnce(DoAll(SetArgPointee<0>(current_hdcp_version), - SetArgPointee<1>(max_hdcp_version), Return(true))); + SetArgPointee<1>(max_hdcp_version), Return(NO_ERROR))); EXPECT_CALL(*crypto_session_, GetSupportedCertificateTypes(NotNull())); EXPECT_CALL(*crypto_session_, GetApiVersion(NotNull())) .Times(2) @@ -326,10 +328,10 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidation) { DoAll(SetArgPointee<0>(crypto_session_api_version), Return(true))); EXPECT_CALL(*clock_, GetCurrentTime()).WillOnce(Return(kLicenseStartTime)); EXPECT_CALL(*crypto_session_, GenerateNonce(NotNull())) - .WillOnce(DoAll(SetArgPointee<0>(kNonce), Return(true))); + .WillOnce(DoAll(SetArgPointee<0>(kNonce), Return(NO_ERROR))); EXPECT_CALL(*crypto_session_, PrepareRequest(_, Eq(false), NotNull())) .WillOnce( - DoAll(SetArgPointee<2>(kLicenseRequestSignature), Return(true))); + DoAll(SetArgPointee<2>(kLicenseRequestSignature), Return(NO_ERROR))); CreateCdmLicense(); EXPECT_TRUE(cdm_license_->Init( @@ -438,7 +440,7 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidationV15) { DoAll(SetArgPointee<0>(usage_information_support), Return(true))); EXPECT_CALL(*crypto_session_, GetHdcpCapabilities(NotNull(), NotNull())) .WillOnce(DoAll(SetArgPointee<0>(current_hdcp_version), - SetArgPointee<1>(max_hdcp_version), Return(true))); + SetArgPointee<1>(max_hdcp_version), Return(NO_ERROR))); EXPECT_CALL(*crypto_session_, GetSupportedCertificateTypes(NotNull())); EXPECT_CALL(*crypto_session_, GetApiVersion(NotNull())) .Times(2) @@ -449,10 +451,10 @@ TEST_F(CdmLicenseTest, PrepareKeyRequestValidationV15) { DoAll(SetArgPointee<0>(resource_rating_tier), Return(true))); EXPECT_CALL(*clock_, GetCurrentTime()).WillOnce(Return(kLicenseStartTime)); EXPECT_CALL(*crypto_session_, GenerateNonce(NotNull())) - .WillOnce(DoAll(SetArgPointee<0>(kNonce), Return(true))); + .WillOnce(DoAll(SetArgPointee<0>(kNonce), Return(NO_ERROR))); EXPECT_CALL(*crypto_session_, PrepareRequest(_, Eq(false), NotNull())) .WillOnce( - DoAll(SetArgPointee<2>(kLicenseRequestSignature), Return(true))); + DoAll(SetArgPointee<2>(kLicenseRequestSignature), Return(NO_ERROR))); CreateCdmLicense(); EXPECT_TRUE(cdm_license_->Init( diff --git a/libwvdrmengine/cdm/core/test/policy_engine_constraints_unittest.cpp b/libwvdrmengine/cdm/core/test/policy_engine_constraints_unittest.cpp index 34fcc190..1f5c1c6d 100644 --- a/libwvdrmengine/cdm/core/test/policy_engine_constraints_unittest.cpp +++ b/libwvdrmengine/cdm/core/test/policy_engine_constraints_unittest.cpp @@ -70,7 +70,8 @@ class HdcpOnlyMockCryptoSession : public TestCryptoSession { HdcpOnlyMockCryptoSession(metrics::CryptoMetrics* crypto_metrics) : TestCryptoSession(crypto_metrics) { } - MOCK_METHOD2(GetHdcpCapabilities, bool(HdcpCapability*, HdcpCapability*)); + MOCK_METHOD2(GetHdcpCapabilities, + CdmResponseType(HdcpCapability*, HdcpCapability*)); }; class MockCdmEventListener : public WvCdmEventListener { @@ -240,7 +241,7 @@ TEST_F(PolicyEngineConstraintsTest, IsPermissiveWithoutAResolution) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); policy_engine_->OnTimerEvent(); @@ -273,7 +274,7 @@ TEST_F(PolicyEngineConstraintsTest, HandlesResolutionsBasedOnConstraints) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(true))); + Return(NO_ERROR))); policy_engine_->SetLicense(license_); policy_engine_->NotifyResolution(1, kTargetRes1); @@ -321,10 +322,10 @@ TEST_F(PolicyEngineConstraintsTest, EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillOnce( DoAll(SetArgPointee<0>(HDCP_V2_2), - Return(false))) + Return(GET_HDCP_CAPABILITY_FAILED))) .WillOnce( DoAll(SetArgPointee<0>(HDCP_V2_2), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); } int64_t start_time = current_time_ + 5; { @@ -332,17 +333,17 @@ TEST_F(PolicyEngineConstraintsTest, EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillOnce( DoAll(SetArgPointee<0>(HDCP_V2_2), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); EXPECT_CALL(*mock_clock_, GetCurrentTime()) .WillOnce(Return(start_time + kHdcpInterval / 2)) .WillOnce(Return(start_time + kHdcpInterval)); EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillOnce( DoAll(SetArgPointee<0>(HDCP_V2_2), - Return(false))) + Return(GET_HDCP_CAPABILITY_FAILED))) .WillOnce( DoAll(SetArgPointee<0>(HDCP_V2_2), - Return(true))); + Return(NO_ERROR))); } policy_engine_->NotifyResolution(1, kTargetRes1); @@ -380,7 +381,7 @@ TEST_F(PolicyEngineConstraintsTest, HandlesConstraintOverridingHdcp) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_V2), - Return(true))); + Return(NO_ERROR))); policy_engine_->SetLicense(license_); policy_engine_->NotifyResolution(1, kTargetRes1); @@ -425,7 +426,7 @@ TEST_F(PolicyEngineConstraintsTest, HandlesNoHdcp) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NONE), - Return(true))); + Return(NO_ERROR))); policy_engine_->SetLicense(license_); @@ -470,7 +471,7 @@ TEST_F(PolicyEngineConstraintsTest, UsesDefaultHdcpWhenResolutionNotSet) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); policy_engine_->OnTimerEvent(); diff --git a/libwvdrmengine/cdm/core/test/policy_engine_unittest.cpp b/libwvdrmengine/cdm/core/test/policy_engine_unittest.cpp index 3319c5fe..f3a848c1 100644 --- a/libwvdrmengine/cdm/core/test/policy_engine_unittest.cpp +++ b/libwvdrmengine/cdm/core/test/policy_engine_unittest.cpp @@ -63,8 +63,9 @@ class HdcpOnlyMockCryptoSession : public TestCryptoSession { HdcpOnlyMockCryptoSession(metrics::CryptoMetrics* metrics) : TestCryptoSession(metrics) {} - MOCK_METHOD2(GetHdcpCapabilities, bool(HdcpCapability*, HdcpCapability*)); - bool DoRealGetHdcpCapabilities(HdcpCapability* current, + MOCK_METHOD2(GetHdcpCapabilities, + CdmResponseType(HdcpCapability*, HdcpCapability*)); + CdmResponseType DoRealGetHdcpCapabilities(HdcpCapability* current, HdcpCapability* max) { return CryptoSession::GetHdcpCapabilities(current, max); } @@ -209,7 +210,7 @@ TEST_F(PolicyEngineTest, PlaybackSuccess_OfflineLicense) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(true))); + Return(NO_ERROR))); policy_engine_->SetLicense(license_); policy_engine_->BeginDecryption(); @@ -234,7 +235,7 @@ TEST_F(PolicyEngineTest, PlaybackSuccess_EntitlementLicense) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(true))); + Return(NO_ERROR))); License::KeyContainer* key = license_.mutable_key(0); key->set_type(License::KeyContainer::ENTITLEMENT); @@ -302,7 +303,7 @@ TEST_F(PolicyEngineTest, PlaybackSuccess_StreamingLicense) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); policy_engine_->BeginDecryption(); @@ -325,7 +326,7 @@ TEST_F(PolicyEngineTest, PlaybackFailed_CanPlayFalse) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); EXPECT_FALSE(policy_engine_->CanDecryptContent(kKeyId)); @@ -350,7 +351,7 @@ TEST_F(PolicyEngineTest, LicenseExpired_RentalDurationExpiredWithoutPlayback) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -385,7 +386,7 @@ TEST_F(PolicyEngineTest, PlaybackOk_RentalDurationPassedWithPlayback) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -420,7 +421,7 @@ TEST_F(PolicyEngineTest, PlaybackFails_PlaybackDurationExpired) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -457,7 +458,7 @@ TEST_F(PolicyEngineTest, LicenseExpired_LicenseDurationExpiredWithoutPlayback) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -493,7 +494,7 @@ TEST_F(PolicyEngineTest, PlaybackFails_ExpiryBeforeRenewalDelay_Offline) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -533,7 +534,7 @@ TEST_F(PolicyEngineTest, PlaybackFails_ExpiryBeforeRenewalDelay_Streaming) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -568,7 +569,7 @@ TEST_F(PolicyEngineTest, PlaybackOk_RentalDuration0) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -605,7 +606,7 @@ TEST_F(PolicyEngineTest, PlaybackOk_PlaybackDuration0) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -644,7 +645,7 @@ TEST_F(PolicyEngineTest, PlaybackOk_LicenseDuration0) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -686,7 +687,7 @@ TEST_F(PolicyEngineTest, PlaybackOk_PlaybackAndRental0) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); policy_engine_->BeginDecryption(); @@ -836,12 +837,12 @@ TEST_F(PolicyEngineTest, PlaybackOk_Durations0) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); @@ -864,7 +865,7 @@ TEST_F(PolicyEngineTest, PlaybackOk_LicenseWithFutureStartTime) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusPending, false); @@ -903,7 +904,7 @@ TEST_F(PolicyEngineTest, PlaybackFailed_CanRenewFalse) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -949,7 +950,7 @@ TEST_F(PolicyEngineTest, PlaybackOk_RenewSuccess) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -1006,7 +1007,7 @@ TEST_F(PolicyEngineTest, PlaybackOk_RenewSuccess_WithFutureStartTime) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -1063,7 +1064,7 @@ TEST_F(PolicyEngineTest, LicenseExpired_RenewFailedVersionNotUpdated) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -1126,7 +1127,7 @@ TEST_F(PolicyEngineTest, PlaybackFailed_RepeatedRenewFailures) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -1187,7 +1188,7 @@ TEST_F(PolicyEngineTest, PlaybackOk_RenewSuccessAfterExpiry) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -1262,7 +1263,7 @@ TEST_F(PolicyEngineTest, PlaybackOk_RenewSuccessAfterFailures) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -1321,7 +1322,7 @@ TEST_F(PolicyEngineTest, PlaybackOk_RenewedWithUsage) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence s; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -1384,7 +1385,7 @@ TEST_F(PolicyEngineTest, MultipleKeysInLicense) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); ExpectSessionKeysChange(kKeyStatusUsable, kKeyStatusUsable, true); EXPECT_CALL(mock_event_listener_, OnExpirationUpdate(_, _)); @@ -1411,7 +1412,7 @@ TEST_F(PolicyEngineTest, PlaybackOk_SoftEnforcePlaybackDuration) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence seq; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -1449,7 +1450,7 @@ TEST_F(PolicyEngineTest, LicenseExpired_SoftEnforceLoadBeforeExpire) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence seq; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -1478,7 +1479,7 @@ TEST_F(PolicyEngineTest, LicenseExpired_SoftEnforceLoadAfterExpire) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence seq; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -1512,7 +1513,7 @@ TEST_F(PolicyEngineTest, PlaybackOk_GracePeriod) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence seq; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -1556,7 +1557,7 @@ TEST_F(PolicyEngineTest, PlaybackOk_GracePeriodWithLoad) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence seq; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -1599,7 +1600,7 @@ TEST_F(PolicyEngineTest, PlaybackOk_GracePeriodWithExpiredLoad) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence seq; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -1631,7 +1632,7 @@ TEST_F(PolicyEngineTest, PlaybackOk_CanStoreGracePeriod) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); InSequence seq; ExpectSessionKeysChange(kKeyStatusUsable, true); @@ -1842,7 +1843,7 @@ TEST_F(PolicyEngineKeyAllowedUsageTest, AllowedUsageBasic) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); ExpectSessionKeysChange(kKeyStatusUsable, kKeyStatusUsable, true); EXPECT_CALL(mock_event_listener_, OnExpirationUpdate(_, _)); @@ -1902,7 +1903,7 @@ TEST_F(PolicyEngineKeyAllowedUsageTest, AllowedUsageGeneric) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); ExpectSessionKeysChange(kKeyStatusUsable, kKeyStatusUsable, true); EXPECT_CALL(mock_event_listener_, OnExpirationUpdate(_, _)); @@ -1970,7 +1971,7 @@ TEST_F(PolicyEngineQueryTest, QuerySuccess) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); @@ -1997,7 +1998,7 @@ TEST_F(PolicyEngineQueryTest, QuerySuccess_PlaybackNotBegun) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); @@ -2038,7 +2039,7 @@ TEST_F(PolicyEngineQueryTest, QuerySuccess_PlaybackBegun) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(true))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); @@ -2092,7 +2093,7 @@ TEST_F(PolicyEngineQueryTest, QuerySuccess_Offline) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); @@ -2179,7 +2180,7 @@ TEST_F(PolicyEngineQueryTest, QuerySuccess_CanPlayFalse) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); EXPECT_FALSE(policy_engine_->CanDecryptContent(kKeyId)); @@ -2219,7 +2220,7 @@ TEST_F(PolicyEngineQueryTest, QuerySuccess_RentalDurationExpired) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); @@ -2262,7 +2263,7 @@ TEST_F(PolicyEngineQueryTest, QuerySuccess_PlaybackDurationExpired) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); @@ -2301,7 +2302,7 @@ TEST_F(PolicyEngineQueryTest, QuerySuccess_LicenseDurationExpired) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); @@ -2344,7 +2345,7 @@ TEST_F(PolicyEngineQueryTest, QuerySuccess_RentalDuration0) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); @@ -2390,7 +2391,7 @@ TEST_F(PolicyEngineQueryTest, QuerySuccess_PlaybackDuration0) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); @@ -2447,7 +2448,7 @@ TEST_F(PolicyEngineQueryTest, QuerySuccess_LicenseDuration0) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); @@ -2786,7 +2787,7 @@ TEST_F(PolicyEngineQueryTest, QuerySuccess_Durations0) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); @@ -2824,7 +2825,7 @@ TEST_F(PolicyEngineQueryTest, QuerySuccess_LicenseWithFutureStartTime) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); @@ -2880,7 +2881,7 @@ TEST_F(PolicyEngineQueryTest, QuerySuccess_Renew) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); @@ -2938,7 +2939,7 @@ TEST_F(PolicyEngineQueryTest, QuerySuccess_RenewWithFutureStartTime) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); @@ -3018,7 +3019,7 @@ TEST_F(PolicyEngineTest, SetLicenseForReleaseAfterSetLicense) { EXPECT_CALL(crypto_session_, GetHdcpCapabilities(_, _)) .WillRepeatedly( DoAll(SetArgPointee<0>(HDCP_NO_DIGITAL_OUTPUT), - Return(false))); + Return(GET_HDCP_CAPABILITY_FAILED))); policy_engine_->SetLicense(license_); policy_engine_->BeginDecryption(); diff --git a/libwvdrmengine/cdm/core/test/test_base.cpp b/libwvdrmengine/cdm/core/test/test_base.cpp index d6a1f794..b9b2d07d 100644 --- a/libwvdrmengine/cdm/core/test/test_base.cpp +++ b/libwvdrmengine/cdm/core/test/test_base.cpp @@ -186,13 +186,15 @@ TestCryptoSession::TestCryptoSession(metrics::CryptoMetrics* crypto_metrics) } } -bool TestCryptoSession::GenerateNonce(uint32_t* nonce) { - for (int i = 0; !CryptoSession::GenerateNonce(nonce); i++) { +CdmResponseType TestCryptoSession::GenerateNonce(uint32_t* nonce) { + CdmResponseType status = CryptoSession::GenerateNonce(nonce); + for (int i = 0; status != NO_ERROR; i++) { LOGV("Recovering from nonce flood."); - if (i > 2) return false; + if (i > 2) return status; sleep(1); + status = CryptoSession::GenerateNonce(nonce); } - return true; + return NO_ERROR; } class TestCryptoSessionFactory : public CryptoSessionFactory { diff --git a/libwvdrmengine/cdm/core/test/test_base.h b/libwvdrmengine/cdm/core/test/test_base.h index de9dd633..c93c5365 100644 --- a/libwvdrmengine/cdm/core/test/test_base.h +++ b/libwvdrmengine/cdm/core/test/test_base.h @@ -71,7 +71,7 @@ class TestCryptoSession : public CryptoSession { explicit TestCryptoSession(metrics::CryptoMetrics* crypto_metrics); // This intercepts nonce flood errors, which is useful for tests that request // many nonces and are not time critical. - bool GenerateNonce(uint32_t* nonce); + CdmResponseType GenerateNonce(uint32_t* nonce); }; // A holder for a license. Users of this class will first open a session with diff --git a/libwvdrmengine/cdm/core/test/test_printers.cpp b/libwvdrmengine/cdm/core/test/test_printers.cpp index 8ad974d6..fe30366d 100644 --- a/libwvdrmengine/cdm/core/test/test_printers.cpp +++ b/libwvdrmengine/cdm/core/test/test_printers.cpp @@ -46,9 +46,6 @@ void PrintTo(const enum CdmResponseType& value, ::std::ostream* os) { case CERT_PROVISIONING_GET_KEYBOX_ERROR_1: *os << "CERT_PROVISIONING_GET_KEYBOX_ERROR_1"; break; - case CERT_PROVISIONING_GET_KEYBOX_ERROR_2: - *os << "CERT_PROVISIONING_GET_KEYBOX_ERROR_2"; - break; case CERT_PROVISIONING_INVALID_CERT_TYPE: *os << "CERT_PROVISIONING_INVALID_CERT_TYPE"; break; @@ -58,9 +55,6 @@ void PrintTo(const enum CdmResponseType& value, ::std::ostream* os) { case CERT_PROVISIONING_NONCE_GENERATION_ERROR: *os << "CERT_PROVISIONING_NONCE_GENERATION_ERROR"; break; - case CERT_PROVISIONING_REQUEST_ERROR_3: - *os << "CERT_PROVISIONING_REQUEST_ERROR_3"; - break; case CERT_PROVISIONING_REQUEST_ERROR_4: *os << "CERT_PROVISIONING_REQUEST_ERROR_4"; break; @@ -325,9 +319,6 @@ void PrintTo(const enum CdmResponseType& value, ::std::ostream* os) { case RENEW_KEY_ERROR_2: *os << "RENEW_KEY_ERROR_2"; break; - case LICENSE_RENEWAL_SIGNING_ERROR: - *os << "LICENSE_RENEWAL_SIGNING_ERROR"; - break; case RESTORE_OFFLINE_LICENSE_ERROR_2: *os << "RESTORE_OFFLINE_LICENSE_ERROR_2"; break; @@ -451,9 +442,6 @@ void PrintTo(const enum CdmResponseType& value, ::std::ostream* os) { case LICENSE_REQUEST_NONCE_GENERATION_ERROR: *os << "LICENSE_REQUEST_NONCE_GENERATION_ERROR"; break; - case LICENSE_REQUEST_SIGNING_ERROR: - *os << "LICENSE_REQUEST_SIGNING_ERROR"; - break; case EMPTY_LICENSE_REQUEST: *os << "EMPTY_LICENSE_REQUEST"; break; @@ -553,9 +541,6 @@ void PrintTo(const enum CdmResponseType& value, ::std::ostream* os) { case CLIENT_IDENTIFICATION_TOKEN_ERROR_1: *os << "CLIENT_IDENTIFICATION_TOKEN_ERROR_1"; break; - case CLIENT_IDENTIFICATION_TOKEN_ERROR_2: - *os << "CLIENT_IDENTIFICATION_TOKEN_ERROR_2"; - break; case ANALOG_OUTPUT_ERROR: *os << "ANALOG_OUTPUT_ERROR"; break; @@ -834,12 +819,100 @@ void PrintTo(const enum CdmResponseType& value, ::std::ostream* os) { break; case SESSION_KEYS_NOT_FOUND_2: *os << "SESSION_KEYS_NOT_FOUND_2"; + break; case REMOVE_OFFLINE_LICENSE_ERROR_1: *os << "REMOVE_OFFLINE_LICENSE_ERROR_1"; break; case REMOVE_OFFLINE_LICENSE_ERROR_2: *os << "REMOVE_OFFLINE_LICENSE_ERROR_2"; break; + case OUTPUT_TOO_LARGE_ERROR: + *os << "OUTPUT_TOO_LARGE_ERROR"; + break; + case SESSION_LOST_STATE_ERROR: + *os << "SESSION_LOST_STATE_ERROR"; + break; + case GENERATE_DERIVED_KEYS_ERROR_2: + *os << "GENERATE_DERIVED_KEYS_ERROR_2"; + break; + case LOAD_DEVICE_RSA_KEY_ERROR: + *os << "LOAD_DEVICE_RSA_KEY_ERROR"; + break; + case NONCE_GENERATION_ERROR: + *os << "NONCE_GENERATION_ERROR"; + break; + case GENERATE_SIGNATURE_ERROR: + *os << "GENERATE_SIGNATURE_ERROR"; + break; + case UNKNOWN_CLIENT_TOKEN_TYPE: + *os << "UNKNOWN_CLIENT_TOKEN_TYPE"; + break; + case DEACTIVATE_USAGE_ENTRY_ERROR: + *os << "DEACTIVATE_USAGE_ENTRY_ERROR"; + break; + case SYSTEM_INVALIDATED_ERROR: + *os << "SYSTEM_INVALIDATED_ERROR"; + break; + case OPEN_CRYPTO_SESSION_ERROR: + *os << "OPEN_CRYPTO_SESSION_ERROR"; + break; + case LOAD_SRM_ERROR: + *os << "LOAD_SRM_ERROR"; + break; + case RANDOM_GENERATION_ERROR: + *os << "RANDOM_GENERATION_ERROR"; + break; + case CRYPTO_SESSION_NOT_INITIALIZED: + *os << "CRYPTO_SESSION_NOT_INITIALIZED"; + break; + case GET_DEVICE_ID_ERROR: + *os << "GET_DEVICE_ID_ERROR"; + break; + case GET_TOKEN_FROM_OEM_CERT_ERROR: + *os << "GET_TOKEN_FROM_OEM_CERT_ERROR"; + break; + case CRYPTO_SESSION_NOT_OPEN: + *os << "CRYPTO_SESSION_NOT_OPEN"; + break; + case GET_TOKEN_FROM_KEYBOX_ERROR: + *os << "GET_TOKEN_FROM_KEYBOX_ERROR"; + break; + case KEYBOX_TOKEN_TOO_SHORT: + *os << "KEYBOX_TOKEN_TOO_SHORT"; + break; + case EXTRACT_SYSTEM_ID_FROM_OEM_CERT_ERROR: + *os << "EXTRACT_SYSTEM_ID_FROM_OEM_CERT_ERROR"; + break; + case RSA_SIGNATURE_GENERATION_ERROR: + *os << "RSA_SIGNATURE_GENERATION_ERROR"; + break; + case GET_HDCP_CAPABILITY_FAILED: + *os << "GET_HDCP_CAPABILITY_FAILED"; + break; + case GET_NUMBER_OF_OPEN_SESSIONS_ERROR: + *os << "GET_NUMBER_OF_OPEN_SESSIONS_ERROR"; + break; + case GET_MAX_NUMBER_OF_OPEN_SESSIONS_ERROR: + *os << "GET_MAX_NUMBER_OF_OPEN_SESSIONS_ERROR"; + break; + case NOT_IMPLEMENTED_ERROR: + *os << "NOT_IMPLEMENTED_ERROR"; + break; + case GET_SRM_VERSION_ERROR: + *os << "GET_SRM_VERSION_ERROR"; + break; + case REWRAP_DEVICE_RSA_KEY_ERROR: + *os << "REWRAP_DEVICE_RSA_KEY_ERROR"; + break; + case REWRAP_DEVICE_RSA_KEY_30_ERROR: + *os << "REWRAP_DEVICE_RSA_KEY_30_ERROR"; + break; + case SERVICE_CERTIFICATE_PROVIDER_ID_EMPTY: + *os << "SERVICE_CERTIFICATE_PROVIDER_ID_EMPTY"; + break; + case INVALID_SRM_LIST: + *os << "INVALID_SRM_LIST"; + break; default: *os << "Unknown CdmResponseType"; break; diff --git a/libwvdrmengine/cdm/metrics/include/metrics_collections.h b/libwvdrmengine/cdm/metrics/include/metrics_collections.h index cbfc2828..b9e70b46 100644 --- a/libwvdrmengine/cdm/metrics/include/metrics_collections.h +++ b/libwvdrmengine/cdm/metrics/include/metrics_collections.h @@ -145,11 +145,12 @@ class CryptoMetrics { EventMetric crypto_session_generic_verify_; - CounterMetric + CounterMetric crypto_session_get_device_unique_id_; - CounterMetric crypto_session_get_token_; + CounterMetric + crypto_session_get_token_; ValueMetric crypto_session_life_span_; - EventMetric + EventMetric crypto_session_load_certificate_private_key_; // This uses the requested security level. EventMetriccrypto_session_get_device_unique_id_.Increment(true); + crypto_metrics->crypto_session_get_device_unique_id_.Increment(NO_ERROR); crypto_metrics->crypto_session_generic_decrypt_ .Record(2.0, NO_ERROR, Pow2Bucket(1025), kEncryptionAlgorithmAesCbc128); @@ -123,9 +123,9 @@ TEST_F(EngineMetricsTest, EngineAndCryptoMetrics) { EXPECT_EQ(1, actual_metrics.engine_metrics().crypto_metrics() .crypto_session_get_device_unique_id(0) .count()); - EXPECT_EQ(true, actual_metrics.engine_metrics().crypto_metrics() - .crypto_session_get_device_unique_id(0) - .attributes().error_code_bool()); + EXPECT_EQ(NO_ERROR, actual_metrics.engine_metrics().crypto_metrics() + .crypto_session_get_device_unique_id(0) + .attributes().error_code()); ASSERT_EQ(1, actual_metrics.engine_metrics().crypto_metrics() .crypto_session_generic_decrypt_time_us_size()); EXPECT_EQ(2.0, actual_metrics.engine_metrics().crypto_metrics() @@ -153,7 +153,7 @@ TEST_F(EngineMetricsTest, EngineMetricsWithSessions) { // Set a values in an engine metric and in a crypto metric. engine_metrics.cdm_engine_add_key_.Record(1.0, KEY_ADDED, kLicenseTypeRelease); engine_metrics.GetCryptoMetrics() - ->crypto_session_load_certificate_private_key_.Record(2.0, true); + ->crypto_session_load_certificate_private_key_.Record(2.0, NO_ERROR); // Create two sessions and record some metrics. SessionMetrics* session_metrics_1 = engine_metrics.AddSession(); @@ -297,11 +297,11 @@ TEST_F(CryptoMetricsTest, AllCryptoMetrics) { .Record(2.0, NO_ERROR, Pow2Bucket(1025), kSigningAlgorithmHmacSha256); crypto_metrics.crypto_session_generic_verify_ .Record(2.0, NO_ERROR, Pow2Bucket(1025), kSigningAlgorithmHmacSha256); - crypto_metrics.crypto_session_get_device_unique_id_.Increment(true); - crypto_metrics.crypto_session_get_token_.Increment(true); + crypto_metrics.crypto_session_get_device_unique_id_.Increment(NO_ERROR); + crypto_metrics.crypto_session_get_token_.Increment(NO_ERROR); crypto_metrics.crypto_session_life_span_.Record(1.0); crypto_metrics.crypto_session_load_certificate_private_key_ - .Record(1.0, true); + .Record(1.0, NO_ERROR); crypto_metrics.crypto_session_open_.Record(1.0, NO_ERROR, kLevelDefault); crypto_metrics.crypto_session_update_usage_information_ .Record(1.0, NO_ERROR); diff --git a/libwvdrmengine/cdm/test/request_license_test.cpp b/libwvdrmengine/cdm/test/request_license_test.cpp index 61ca9d1a..2484fc0c 100644 --- a/libwvdrmengine/cdm/test/request_license_test.cpp +++ b/libwvdrmengine/cdm/test/request_license_test.cpp @@ -1960,7 +1960,7 @@ TEST_F(WvCdmRequestLicenseTest, ProvisioningInterspersedRetryTest) { std::string response = GetCertRequestResponse(config_.provisioning_server()); EXPECT_NE(0, static_cast(response.size())); - EXPECT_EQ(wvcdm::CERT_PROVISIONING_RESPONSE_ERROR_6, + EXPECT_EQ(wvcdm::REWRAP_DEVICE_RSA_KEY_ERROR, decryptor_.HandleProvisioningResponse(kDefaultCdmIdentifier, response, &cert, &wrapped_key)); diff --git a/libwvdrmengine/include/mapErrors-inl.h b/libwvdrmengine/include/mapErrors-inl.h index 327d5a80..846128e6 100644 --- a/libwvdrmengine/include/mapErrors-inl.h +++ b/libwvdrmengine/include/mapErrors-inl.h @@ -39,16 +39,12 @@ static android::status_t mapCdmResponseType(wvcdm::CdmResponseType res) { return kAddKeyError; case wvcdm::CERT_PROVISIONING_GET_KEYBOX_ERROR_1: return kCertProvisioningGetKeyboxError1; - case wvcdm::CERT_PROVISIONING_GET_KEYBOX_ERROR_2: - return kCertProvisioningGetKeyboxError2; case wvcdm::CERT_PROVISIONING_INVALID_CERT_TYPE: return kCertProvisioningInvalidCertType; case wvcdm::CERT_PROVISIONING_REQUEST_ERROR_1: return kCertProvisioningRequestError1; case wvcdm::CERT_PROVISIONING_NONCE_GENERATION_ERROR: return kCertProvisioningRequestNonceGenerationError; - case wvcdm::CERT_PROVISIONING_REQUEST_ERROR_3: - return kCertProvisioningRequestError3; case wvcdm::CERT_PROVISIONING_REQUEST_ERROR_4: return kCertProvisioningRequestError4; case wvcdm::CERT_PROVISIONING_RESPONSE_ERROR_1: @@ -213,8 +209,6 @@ static android::status_t mapCdmResponseType(wvcdm::CdmResponseType res) { return kRenewKeyError1; case wvcdm::RENEW_KEY_ERROR_2: return kRenewKeyError2; - case wvcdm::LICENSE_RENEWAL_SIGNING_ERROR: - return kLicenseRenewalSigningError; case wvcdm::RESTORE_OFFLINE_LICENSE_ERROR_2: return kRestoreOfflineLicenseError2; case wvcdm::NOT_INITIALIZED_ERROR: @@ -301,8 +295,6 @@ static android::status_t mapCdmResponseType(wvcdm::CdmResponseType res) { return kUnsupportedInitDataFormat; case wvcdm::LICENSE_REQUEST_NONCE_GENERATION_ERROR: return kLicenseRequestNonceGenerationError; - case wvcdm::LICENSE_REQUEST_SIGNING_ERROR: - return kLicenseRequestSigningError; case wvcdm::EMPTY_LICENSE_REQUEST: return kEmptyLicenseRequest; case wvcdm::DUPLICATE_SESSION_ID_SPECIFIED: @@ -382,8 +374,6 @@ static android::status_t mapCdmResponseType(wvcdm::CdmResponseType res) { return kInvalidParametersEng19; case wvcdm::CLIENT_IDENTIFICATION_TOKEN_ERROR_1: return kClientIdentificationTokenError1; - case wvcdm::CLIENT_IDENTIFICATION_TOKEN_ERROR_2: - return kClientIdentificationTokenError2; case wvcdm::UNKNOWN_SELECT_KEY_ERROR_1: return kUnknownSelectKeyError1; case wvcdm::UNKNOWN_SELECT_KEY_ERROR_2: @@ -566,6 +556,35 @@ static android::status_t mapCdmResponseType(wvcdm::CdmResponseType res) { case wvcdm::GET_OFFLINE_LICENSE_STATE_ERROR_2: case wvcdm::REMOVE_OFFLINE_LICENSE_ERROR_1: case wvcdm::REMOVE_OFFLINE_LICENSE_ERROR_2: + case wvcdm::OUTPUT_TOO_LARGE_ERROR: + case wvcdm::SESSION_LOST_STATE_ERROR: + case wvcdm::GENERATE_DERIVED_KEYS_ERROR_2: + case wvcdm::LOAD_DEVICE_RSA_KEY_ERROR: + case wvcdm::NONCE_GENERATION_ERROR: + case wvcdm::GENERATE_SIGNATURE_ERROR: + case wvcdm::UNKNOWN_CLIENT_TOKEN_TYPE: + case wvcdm::DEACTIVATE_USAGE_ENTRY_ERROR: + case wvcdm::SYSTEM_INVALIDATED_ERROR: + case wvcdm::OPEN_CRYPTO_SESSION_ERROR: + case wvcdm::LOAD_SRM_ERROR: + case wvcdm::RANDOM_GENERATION_ERROR: + case wvcdm::CRYPTO_SESSION_NOT_INITIALIZED: + case wvcdm::GET_DEVICE_ID_ERROR: + case wvcdm::GET_TOKEN_FROM_OEM_CERT_ERROR: + case wvcdm::CRYPTO_SESSION_NOT_OPEN: + case wvcdm::GET_TOKEN_FROM_KEYBOX_ERROR: + case wvcdm::KEYBOX_TOKEN_TOO_SHORT: + case wvcdm::EXTRACT_SYSTEM_ID_FROM_OEM_CERT_ERROR: + case wvcdm::RSA_SIGNATURE_GENERATION_ERROR: + case wvcdm::GET_HDCP_CAPABILITY_FAILED: + case wvcdm::GET_NUMBER_OF_OPEN_SESSIONS_ERROR: + case wvcdm::GET_MAX_NUMBER_OF_OPEN_SESSIONS_ERROR: + case wvcdm::NOT_IMPLEMENTED_ERROR: + case wvcdm::GET_SRM_VERSION_ERROR: + case wvcdm::REWRAP_DEVICE_RSA_KEY_ERROR: + case wvcdm::REWRAP_DEVICE_RSA_KEY_30_ERROR: + case wvcdm::SERVICE_CERTIFICATE_PROVIDER_ID_EMPTY: + case wvcdm::INVALID_SRM_LIST: return android::ERROR_DRM_UNKNOWN; } diff --git a/libwvdrmengine/include_hidl/mapErrors-inl.h b/libwvdrmengine/include_hidl/mapErrors-inl.h index 31cc509f..763dfa8e 100644 --- a/libwvdrmengine/include_hidl/mapErrors-inl.h +++ b/libwvdrmengine/include_hidl/mapErrors-inl.h @@ -46,6 +46,7 @@ static Status mapCdmResponseType(wvcdm::CdmResponseType res) { case wvcdm::RELEASE_USAGE_INFO_ERROR: case wvcdm::RELEASE_USAGE_INFO_FAILED: + case wvcdm::SYSTEM_INVALIDATED_ERROR: return Status::ERROR_DRM_INVALID_STATE; case wvcdm::SESSION_NOT_FOUND_FOR_DECRYPT: @@ -81,11 +82,9 @@ static Status mapCdmResponseType(wvcdm::CdmResponseType res) { case wvcdm::ADD_KEY_ERROR: case wvcdm::CERT_PROVISIONING_EMPTY_SERVICE_CERTIFICATE: case wvcdm::CERT_PROVISIONING_GET_KEYBOX_ERROR_1: - case wvcdm::CERT_PROVISIONING_GET_KEYBOX_ERROR_2: case wvcdm::CERT_PROVISIONING_INVALID_CERT_TYPE: case wvcdm::CERT_PROVISIONING_REQUEST_ERROR_1: case wvcdm::CERT_PROVISIONING_NONCE_GENERATION_ERROR: - case wvcdm::CERT_PROVISIONING_REQUEST_ERROR_3: case wvcdm::CERT_PROVISIONING_REQUEST_ERROR_4: case wvcdm::CERT_PROVISIONING_RESPONSE_ERROR_1: case wvcdm::CERT_PROVISIONING_RESPONSE_ERROR_2: @@ -165,7 +164,6 @@ static Status mapCdmResponseType(wvcdm::CdmResponseType res) { case wvcdm::RELEASE_LICENSE_ERROR_2: case wvcdm::RENEW_KEY_ERROR_1: case wvcdm::RENEW_KEY_ERROR_2: - case wvcdm::LICENSE_RENEWAL_SIGNING_ERROR: case wvcdm::RESTORE_OFFLINE_LICENSE_ERROR_2: case wvcdm::NOT_INITIALIZED_ERROR: case wvcdm::REINIT_ERROR: @@ -198,7 +196,6 @@ static Status mapCdmResponseType(wvcdm::CdmResponseType res) { case wvcdm::UNSUPPORTED_INIT_DATA_FORMAT: case wvcdm::LICENSE_REQUEST_NONCE_GENERATION_ERROR: case wvcdm::LICENSE_REQUEST_SERVICE_CERTIFICATE_GENERATION_ERROR: - case wvcdm::LICENSE_REQUEST_SIGNING_ERROR: case wvcdm::EMPTY_LICENSE_REQUEST: case wvcdm::DUPLICATE_SESSION_ID_SPECIFIED: case wvcdm::LICENSE_RENEWAL_PROHIBITED: @@ -233,7 +230,6 @@ static Status mapCdmResponseType(wvcdm::CdmResponseType res) { case wvcdm::INVALID_PARAMETERS_ENG_15: case wvcdm::INVALID_PARAMETERS_ENG_16: case wvcdm::CLIENT_IDENTIFICATION_TOKEN_ERROR_1: - case wvcdm::CLIENT_IDENTIFICATION_TOKEN_ERROR_2: case wvcdm::UNKNOWN_SELECT_KEY_ERROR_1: case wvcdm::UNKNOWN_SELECT_KEY_ERROR_2: case wvcdm::CREATE_USAGE_TABLE_ERROR: @@ -326,6 +322,35 @@ static Status mapCdmResponseType(wvcdm::CdmResponseType res) { case wvcdm::GET_OFFLINE_LICENSE_STATE_ERROR_2: case wvcdm::REMOVE_OFFLINE_LICENSE_ERROR_1: case wvcdm::REMOVE_OFFLINE_LICENSE_ERROR_2: + case wvcdm::OUTPUT_TOO_LARGE_ERROR: + case wvcdm::SESSION_LOST_STATE_ERROR: + case wvcdm::GENERATE_DERIVED_KEYS_ERROR_2: + case wvcdm::LOAD_DEVICE_RSA_KEY_ERROR: + case wvcdm::NONCE_GENERATION_ERROR: + case wvcdm::GENERATE_SIGNATURE_ERROR: + case wvcdm::UNKNOWN_CLIENT_TOKEN_TYPE: + case wvcdm::DEACTIVATE_USAGE_ENTRY_ERROR: + case wvcdm::SERVICE_CERTIFICATE_PROVIDER_ID_EMPTY: + case wvcdm::OPEN_CRYPTO_SESSION_ERROR: + case wvcdm::LOAD_SRM_ERROR: + case wvcdm::RANDOM_GENERATION_ERROR: + case wvcdm::CRYPTO_SESSION_NOT_INITIALIZED: + case wvcdm::GET_DEVICE_ID_ERROR: + case wvcdm::GET_TOKEN_FROM_OEM_CERT_ERROR: + case wvcdm::CRYPTO_SESSION_NOT_OPEN: + case wvcdm::GET_TOKEN_FROM_KEYBOX_ERROR: + case wvcdm::KEYBOX_TOKEN_TOO_SHORT: + case wvcdm::EXTRACT_SYSTEM_ID_FROM_OEM_CERT_ERROR: + case wvcdm::RSA_SIGNATURE_GENERATION_ERROR: + case wvcdm::GET_HDCP_CAPABILITY_FAILED: + case wvcdm::GET_NUMBER_OF_OPEN_SESSIONS_ERROR: + case wvcdm::GET_MAX_NUMBER_OF_OPEN_SESSIONS_ERROR: + case wvcdm::NOT_IMPLEMENTED_ERROR: + case wvcdm::GET_SRM_VERSION_ERROR: + case wvcdm::REWRAP_DEVICE_RSA_KEY_ERROR: + case wvcdm::REWRAP_DEVICE_RSA_KEY_30_ERROR: + case wvcdm::INVALID_SRM_LIST: + ALOGW("Returns UNKNOWN error for legacy status: %d", res); return Status::ERROR_DRM_UNKNOWN; @@ -343,14 +368,16 @@ static Status_V1_2 mapCdmResponseType_1_2( switch(res) { case wvcdm::KEY_PROHIBITED_FOR_SECURITY_LEVEL: return Status_V1_2::ERROR_DRM_INSUFFICIENT_SECURITY; - -// TODO(b/120572706): define in CDM -// case wvcdm::xxx: -// return Status_V1_2::ERROR_DRM_FRAME_TOO_LARGE; -// case wvcdm::xxx: -// return Status_V1_2::ERROR_DRM_SESSION_LOST_STATE; -// case wvcdm::xxx: -// return Status_V1_2::ERROR_DRM_RESOURCE_CONTENTION; + case wvcdm::OUTPUT_TOO_LARGE_ERROR: + return Status_V1_2::ERROR_DRM_FRAME_TOO_LARGE; + case wvcdm::SESSION_LOST_STATE_ERROR: + return Status_V1_2::ERROR_DRM_SESSION_LOST_STATE; + case wvcdm::LICENSE_REQUEST_NONCE_GENERATION_ERROR: + case wvcdm::LICENSE_RENEWAL_NONCE_GENERATION_ERROR: + case wvcdm::CERT_PROVISIONING_NONCE_GENERATION_ERROR: + case wvcdm::NONCE_GENERATION_ERROR: + // These are likely nonce flood errors + return Status_V1_2::ERROR_DRM_RESOURCE_CONTENTION; default: return static_cast(mapCdmResponseType(res));