Add recoverable errors
[ Merge of http://go/wvgerrit/71326 ] Nonce flood, frame size, session and system invalidation errors will now bubble up to the app. OEMCrypto v15 returns OEMCrypto_ERROR_BUFFER_TOO_LARGE, OEMCrypto_ERROR_SESSION_LOST_STATE, OEMCrypto_ERROR_SYSTEM_INVALIDATED and a variety of nonce errors. These will be reported to HIDL as OUTPUT_TOO_LARGE_ERROR, ERROR_DRM_SESSION_LOST_STATE, ERROR_DRM_INVALID_STATE and ERROR_DRM_RESOURCE_CONTENTION. Bug: 120572706 Test: Unit/Integration tests Change-Id: Ida177300046327ce81592a273028ef6c3a0d9fd9
This commit is contained in:
Rahul Frias
@@ -47,8 +47,10 @@ class CertificateProvisioning {
|
||||
std::string* cert, std::string* wrapped_key);
|
||||
|
||||
private:
|
||||
bool SetSpoidParameter(const std::string& origin, const std::string& spoid,
|
||||
video_widevine::ProvisioningRequest* request);
|
||||
CdmResponseType SetSpoidParameter(
|
||||
const std::string& origin,
|
||||
const std::string& spoid,
|
||||
video_widevine::ProvisioningRequest* request);
|
||||
|
||||
video_widevine::SignedProvisioningMessage::ProtocolVersion
|
||||
GetProtocolVersion();
|
||||
|
||||
@@ -23,11 +23,11 @@ class ContentKeySession : public KeySession {
|
||||
KeySessionType Type() override { return kDefault; }
|
||||
|
||||
// Generate Derived Keys for ContentKeySession
|
||||
bool GenerateDerivedKeys(const std::string& message) override;
|
||||
OEMCryptoResult GenerateDerivedKeys(const std::string& message) override;
|
||||
|
||||
// Generate Derived Keys (from session key) for ContentKeySession
|
||||
bool GenerateDerivedKeys(const std::string& message,
|
||||
const std::string& session_key) override;
|
||||
OEMCryptoResult GenerateDerivedKeys(const std::string& message,
|
||||
const std::string& session_key) override;
|
||||
|
||||
// Load Keys for ContentKeySession
|
||||
OEMCryptoResult LoadKeys(const std::string& message,
|
||||
|
||||
@@ -63,7 +63,7 @@ class CryptoSession {
|
||||
|
||||
virtual ~CryptoSession();
|
||||
|
||||
virtual bool GetProvisioningToken(std::string* client_token);
|
||||
virtual CdmResponseType GetProvisioningToken(std::string* client_token);
|
||||
virtual CdmClientTokenType GetPreProvisionTokenType() {
|
||||
return pre_provision_token_type_;
|
||||
}
|
||||
@@ -75,10 +75,10 @@ class CryptoSession {
|
||||
virtual bool GetApiVersion(uint32_t* version);
|
||||
virtual bool GetApiVersion(SecurityLevel requested_level, uint32_t* version);
|
||||
|
||||
virtual bool GetInternalDeviceUniqueId(std::string* device_id);
|
||||
virtual bool GetExternalDeviceUniqueId(std::string* device_id);
|
||||
virtual CdmResponseType GetInternalDeviceUniqueId(std::string* device_id);
|
||||
virtual CdmResponseType GetExternalDeviceUniqueId(std::string* device_id);
|
||||
virtual bool GetSystemId(uint32_t* system_id);
|
||||
virtual bool GetProvisioningId(std::string* provisioning_id);
|
||||
virtual CdmResponseType GetProvisioningId(std::string* provisioning_id);
|
||||
virtual uint8_t GetSecurityPatchLevel();
|
||||
|
||||
virtual CdmResponseType Open() { return Open(kLevelDefault); }
|
||||
@@ -90,10 +90,11 @@ class CryptoSession {
|
||||
|
||||
// Key request/response
|
||||
virtual const std::string& request_id() { return request_id_; }
|
||||
virtual bool PrepareRequest(const std::string& key_deriv_message,
|
||||
bool is_provisioning, std::string* signature);
|
||||
virtual bool PrepareRenewalRequest(const std::string& message,
|
||||
std::string* signature);
|
||||
virtual CdmResponseType PrepareRequest(const std::string& key_deriv_message,
|
||||
bool is_provisioning,
|
||||
std::string* signature);
|
||||
virtual CdmResponseType PrepareRenewalRequest(const std::string& message,
|
||||
std::string* signature);
|
||||
virtual CdmResponseType LoadKeys(
|
||||
const std::string& message, const std::string& signature,
|
||||
const std::string& mac_key_iv, const std::string& mac_key,
|
||||
@@ -103,21 +104,23 @@ class CryptoSession {
|
||||
CdmLicenseKeyType key_type);
|
||||
virtual CdmResponseType LoadEntitledContentKeys(
|
||||
const std::vector<CryptoKey>& key_array);
|
||||
virtual bool LoadCertificatePrivateKey(std::string& wrapped_key);
|
||||
virtual bool RefreshKeys(const std::string& message,
|
||||
const std::string& signature, int num_keys,
|
||||
const CryptoKey* key_array);
|
||||
virtual bool GenerateNonce(uint32_t* nonce);
|
||||
virtual bool GenerateDerivedKeys(const std::string& message);
|
||||
virtual bool GenerateDerivedKeys(const std::string& message,
|
||||
const std::string& session_key);
|
||||
virtual bool RewrapCertificate(const std::string& signed_message,
|
||||
const std::string& signature,
|
||||
const std::string& nonce,
|
||||
const std::string& private_key,
|
||||
const std::string& iv,
|
||||
const std::string& wrapping_key,
|
||||
std::string* wrapped_private_key);
|
||||
virtual CdmResponseType LoadCertificatePrivateKey(std::string& wrapped_key);
|
||||
virtual CdmResponseType RefreshKeys(const std::string& message,
|
||||
const std::string& signature,
|
||||
int num_keys,
|
||||
const CryptoKey* key_array);
|
||||
virtual CdmResponseType GenerateNonce(uint32_t* nonce);
|
||||
virtual CdmResponseType GenerateDerivedKeys(const std::string& message);
|
||||
virtual CdmResponseType GenerateDerivedKeys(const std::string& message,
|
||||
const std::string& session_key);
|
||||
virtual CdmResponseType RewrapCertificate(
|
||||
const std::string& signed_message,
|
||||
const std::string& signature,
|
||||
const std::string& nonce,
|
||||
const std::string& private_key,
|
||||
const std::string& iv,
|
||||
const std::string& wrapping_key,
|
||||
std::string* wrapped_private_key);
|
||||
|
||||
// Media data path
|
||||
virtual CdmResponseType Decrypt(const CdmDecryptionParameters& params);
|
||||
@@ -151,25 +154,25 @@ class CryptoSession {
|
||||
|
||||
// The overloaded methods with |security_level| may be called without a
|
||||
// preceding call to Open. The other methods must call Open first.
|
||||
virtual bool GetHdcpCapabilities(HdcpCapability* current,
|
||||
HdcpCapability* max);
|
||||
virtual bool GetHdcpCapabilities(SecurityLevel security_level,
|
||||
HdcpCapability* current,
|
||||
HdcpCapability* max);
|
||||
virtual CdmResponseType GetHdcpCapabilities(HdcpCapability* current,
|
||||
HdcpCapability* max);
|
||||
virtual CdmResponseType GetHdcpCapabilities(SecurityLevel security_level,
|
||||
HdcpCapability* current,
|
||||
HdcpCapability* max);
|
||||
virtual bool GetResourceRatingTier(uint32_t* tier);
|
||||
virtual bool GetResourceRatingTier(SecurityLevel security_level,
|
||||
uint32_t* tier);
|
||||
|
||||
virtual bool GetSupportedCertificateTypes(SupportedCertificateTypes* support);
|
||||
virtual bool GetRandom(size_t data_length, uint8_t* random_data);
|
||||
virtual bool GetNumberOfOpenSessions(SecurityLevel security_level,
|
||||
size_t* count);
|
||||
virtual bool GetMaxNumberOfSessions(SecurityLevel security_level,
|
||||
size_t* max);
|
||||
virtual CdmResponseType GetRandom(size_t data_length, uint8_t* random_data);
|
||||
virtual CdmResponseType GetNumberOfOpenSessions(SecurityLevel security_level,
|
||||
size_t* count);
|
||||
virtual CdmResponseType GetMaxNumberOfSessions(SecurityLevel security_level,
|
||||
size_t* max);
|
||||
|
||||
virtual bool GetSrmVersion(uint16_t* srm_version);
|
||||
virtual CdmResponseType GetSrmVersion(uint16_t* srm_version);
|
||||
virtual bool IsSrmUpdateSupported();
|
||||
virtual bool LoadSrm(const std::string& srm);
|
||||
virtual CdmResponseType LoadSrm(const std::string& srm);
|
||||
|
||||
virtual bool GetBuildInformation(SecurityLevel security_level,
|
||||
std::string* info);
|
||||
@@ -259,29 +262,31 @@ class CryptoSession {
|
||||
|
||||
void Init();
|
||||
void Terminate();
|
||||
bool GetTokenFromKeybox(std::string* token);
|
||||
bool GetTokenFromOemCert(std::string* token);
|
||||
CdmResponseType GetTokenFromKeybox(std::string* token);
|
||||
CdmResponseType GetTokenFromOemCert(std::string* token);
|
||||
static bool ExtractSystemIdFromOemCert(const std::string& oem_cert,
|
||||
uint32_t* system_id);
|
||||
bool GetSystemIdInternal(uint32_t* system_id);
|
||||
bool GenerateSignature(const std::string& message, std::string* signature);
|
||||
bool GenerateRsaSignature(const std::string& message, std::string* signature);
|
||||
CdmResponseType GetSystemIdInternal(uint32_t* system_id);
|
||||
CdmResponseType GenerateSignature(
|
||||
const std::string& message, std::string* signature);
|
||||
CdmResponseType GenerateRsaSignature(const std::string& message,
|
||||
std::string* signature);
|
||||
|
||||
bool SetDestinationBufferType();
|
||||
|
||||
bool RewrapDeviceRSAKey(const std::string& message,
|
||||
const std::string& signature,
|
||||
const std::string& nonce,
|
||||
const std::string& enc_rsa_key,
|
||||
const std::string& rsa_key_iv,
|
||||
std::string* wrapped_rsa_key);
|
||||
CdmResponseType RewrapDeviceRSAKey(const std::string& message,
|
||||
const std::string& signature,
|
||||
const std::string& nonce,
|
||||
const std::string& enc_rsa_key,
|
||||
const std::string& rsa_key_iv,
|
||||
std::string* wrapped_rsa_key);
|
||||
|
||||
bool RewrapDeviceRSAKey30(const std::string& message,
|
||||
const std::string& nonce,
|
||||
const std::string& private_key,
|
||||
const std::string& iv,
|
||||
const std::string& wrapping_key,
|
||||
std::string* wrapped_private_key);
|
||||
CdmResponseType RewrapDeviceRSAKey30(const std::string& message,
|
||||
const std::string& nonce,
|
||||
const std::string& private_key,
|
||||
const std::string& iv,
|
||||
const std::string& wrapping_key,
|
||||
std::string* wrapped_private_key);
|
||||
|
||||
CdmResponseType SelectKey(const std::string& key_id,
|
||||
CdmCipherMode cipher_mode);
|
||||
|
||||
@@ -23,9 +23,10 @@ class KeySession {
|
||||
typedef enum { kDefault, kEntitlement } KeySessionType;
|
||||
virtual ~KeySession() {}
|
||||
virtual KeySessionType Type() = 0;
|
||||
virtual bool GenerateDerivedKeys(const std::string& message) = 0;
|
||||
virtual bool GenerateDerivedKeys(const std::string& message,
|
||||
const std::string& session_key) = 0;
|
||||
virtual OEMCryptoResult GenerateDerivedKeys(const std::string& message) = 0;
|
||||
virtual OEMCryptoResult GenerateDerivedKeys(
|
||||
const std::string& message,
|
||||
const std::string& session_key) = 0;
|
||||
virtual OEMCryptoResult LoadKeys(const std::string& message,
|
||||
const std::string& signature,
|
||||
const std::string& mac_key_iv,
|
||||
|
||||
@@ -59,11 +59,11 @@ enum CdmResponseType {
|
||||
INSUFFICIENT_CRYPTO_RESOURCES = 9,
|
||||
ADD_KEY_ERROR = 10,
|
||||
CERT_PROVISIONING_GET_KEYBOX_ERROR_1 = 11,
|
||||
CERT_PROVISIONING_GET_KEYBOX_ERROR_2 = 12,
|
||||
/* previously CERT_PROVISIONING_GET_KEYBOX_ERROR_2 = 12 */
|
||||
CERT_PROVISIONING_INVALID_CERT_TYPE = 13,
|
||||
CERT_PROVISIONING_REQUEST_ERROR_1 = 14,
|
||||
CERT_PROVISIONING_NONCE_GENERATION_ERROR = 15,
|
||||
CERT_PROVISIONING_REQUEST_ERROR_3 = 16,
|
||||
/* previously CERT_PROVISIONING_REQUEST_ERROR_3 = 16 */
|
||||
CERT_PROVISIONING_REQUEST_ERROR_4 = 17,
|
||||
CERT_PROVISIONING_RESPONSE_ERROR_1 = 18,
|
||||
CERT_PROVISIONING_RESPONSE_ERROR_2 = 19,
|
||||
@@ -158,7 +158,7 @@ enum CdmResponseType {
|
||||
RELEASE_USAGE_INFO_ERROR = 108,
|
||||
RENEW_KEY_ERROR_1 = 109,
|
||||
RENEW_KEY_ERROR_2 = 110,
|
||||
LICENSE_RENEWAL_SIGNING_ERROR = 111,
|
||||
/* previously LICENSE_RENEWAL_SIGNING_ERROR = 111 */
|
||||
/* previously RESTORE_OFFLINE_LICENSE_ERROR_1 = 112 */
|
||||
RESTORE_OFFLINE_LICENSE_ERROR_2 = 113,
|
||||
NOT_INITIALIZED_ERROR = 114, /* prior to pi, SESSION_INIT_ERROR_1 = 114 */
|
||||
@@ -211,7 +211,7 @@ enum CdmResponseType {
|
||||
PREPARE_WEBM_CONTENT_ID_FAILED = 160,
|
||||
UNSUPPORTED_INIT_DATA_FORMAT = 161,
|
||||
LICENSE_REQUEST_NONCE_GENERATION_ERROR = 162,
|
||||
LICENSE_REQUEST_SIGNING_ERROR = 163,
|
||||
/* previously LICENSE_REQUEST_SIGNING_ERROR = 163, */
|
||||
EMPTY_LICENSE_REQUEST = 164,
|
||||
SECURE_BUFFER_REQUIRED = 165,
|
||||
DUPLICATE_SESSION_ID_SPECIFIED = 166,
|
||||
@@ -257,7 +257,7 @@ enum CdmResponseType {
|
||||
INVALID_PARAMETERS_ENG_16 = 206,
|
||||
/* previously DEVICE_CERTIFICATE_ERROR_5 = 207 */
|
||||
CLIENT_IDENTIFICATION_TOKEN_ERROR_1 = 208,
|
||||
CLIENT_IDENTIFICATION_TOKEN_ERROR_2 = 209,
|
||||
/* previously CLIENT_IDENTIFICATION_TOKEN_ERROR_2 = 209 */
|
||||
/* previously LICENSING_CLIENT_TOKEN_ERROR_1 = 210 */
|
||||
ANALOG_OUTPUT_ERROR = 211,
|
||||
UNKNOWN_SELECT_KEY_ERROR_1 = 212,
|
||||
@@ -366,6 +366,35 @@ enum CdmResponseType {
|
||||
REMOVE_OFFLINE_LICENSE_ERROR_1 = 315,
|
||||
REMOVE_OFFLINE_LICENSE_ERROR_2 = 316,
|
||||
SESSION_NOT_FOUND_21 = 317,
|
||||
OUTPUT_TOO_LARGE_ERROR = 318,
|
||||
SESSION_LOST_STATE_ERROR = 319,
|
||||
GENERATE_DERIVED_KEYS_ERROR_2 = 320,
|
||||
LOAD_DEVICE_RSA_KEY_ERROR = 321,
|
||||
NONCE_GENERATION_ERROR = 322,
|
||||
GENERATE_SIGNATURE_ERROR = 323,
|
||||
UNKNOWN_CLIENT_TOKEN_TYPE = 324,
|
||||
DEACTIVATE_USAGE_ENTRY_ERROR = 325,
|
||||
SERVICE_CERTIFICATE_PROVIDER_ID_EMPTY = 326,
|
||||
SYSTEM_INVALIDATED_ERROR = 327,
|
||||
OPEN_CRYPTO_SESSION_ERROR = 328,
|
||||
LOAD_SRM_ERROR = 329,
|
||||
RANDOM_GENERATION_ERROR = 330,
|
||||
CRYPTO_SESSION_NOT_INITIALIZED = 331,
|
||||
GET_DEVICE_ID_ERROR = 332,
|
||||
GET_TOKEN_FROM_OEM_CERT_ERROR = 333,
|
||||
CRYPTO_SESSION_NOT_OPEN = 334,
|
||||
GET_TOKEN_FROM_KEYBOX_ERROR = 335,
|
||||
KEYBOX_TOKEN_TOO_SHORT = 336,
|
||||
EXTRACT_SYSTEM_ID_FROM_OEM_CERT_ERROR = 337,
|
||||
RSA_SIGNATURE_GENERATION_ERROR = 338,
|
||||
GET_HDCP_CAPABILITY_FAILED = 339,
|
||||
GET_NUMBER_OF_OPEN_SESSIONS_ERROR = 340,
|
||||
GET_MAX_NUMBER_OF_OPEN_SESSIONS_ERROR = 341,
|
||||
NOT_IMPLEMENTED_ERROR = 342,
|
||||
GET_SRM_VERSION_ERROR = 343,
|
||||
REWRAP_DEVICE_RSA_KEY_ERROR = 344,
|
||||
REWRAP_DEVICE_RSA_KEY_30_ERROR = 345,
|
||||
INVALID_SRM_LIST = 346,
|
||||
// Don't forget to add new values to ../test/test_printers.cpp.
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user