diff --git a/libwvdrmengine/cdm/core/include/crypto_session.h b/libwvdrmengine/cdm/core/include/crypto_session.h index 1e8d52c2..0b9d0527 100644 --- a/libwvdrmengine/cdm/core/include/crypto_session.h +++ b/libwvdrmengine/cdm/core/include/crypto_session.h @@ -134,6 +134,8 @@ class CryptoSession { uint64_t request_id_base_; static uint64_t request_id_index_; + CdmCipherMode cipher_mode_; + CORE_DISALLOW_COPY_AND_ASSIGN(CryptoSession); }; diff --git a/libwvdrmengine/cdm/core/include/wv_cdm_types.h b/libwvdrmengine/cdm/core/include/wv_cdm_types.h index 456597f4..b638f577 100644 --- a/libwvdrmengine/cdm/core/include/wv_cdm_types.h +++ b/libwvdrmengine/cdm/core/include/wv_cdm_types.h @@ -214,6 +214,7 @@ enum CdmResponseType { LOAD_USAGE_INFO_FILE_ERROR, LOAD_USAGE_INFO_MISSING, SESSION_FILE_HANDLE_INIT_ERROR, + INCORRECT_CRYPTO_MODE, }; enum CdmKeyStatus { @@ -295,6 +296,7 @@ struct CdmCencPatternEncryptionDescriptor { struct CdmDecryptionParameters { bool is_encrypted; bool is_secure; + CdmCipherMode cipher_mode; const KeyId* key_id; const uint8_t* encrypt_buffer; size_t encrypt_length; @@ -309,6 +311,7 @@ struct CdmDecryptionParameters { CdmDecryptionParameters() : is_encrypted(true), is_secure(true), + cipher_mode(kCipherModeCtr), key_id(NULL), encrypt_buffer(NULL), encrypt_length(0), @@ -325,6 +328,7 @@ struct CdmDecryptionParameters { size_t offset, void* decrypted_buffer) : is_encrypted(true), is_secure(true), + cipher_mode(kCipherModeCtr), key_id(key), encrypt_buffer(encrypted_buffer), encrypt_length(encrypted_length), diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp index 7b4c9001..9cb3dacc 100644 --- a/libwvdrmengine/cdm/core/src/crypto_session.cpp +++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp @@ -40,7 +40,8 @@ CryptoSession::CryptoSession() update_usage_table_after_close_session_(false), is_destination_buffer_type_valid_(false), requested_security_level_(kLevelDefault), - request_id_base_(0) { + request_id_base_(0), + cipher_mode_(kCipherModeCtr) { Init(); } @@ -415,6 +416,7 @@ CdmResponseType CryptoSession::LoadKeys( ko->cipher_mode = ki->cipher_mode() == kCipherModeCbc ? OEMCrypto_CipherMode_CBC : OEMCrypto_CipherMode_CTR; + cipher_mode_ = ki->cipher_mode(); } uint8_t* pst = NULL; if (!provider_session_token.empty()) { @@ -676,6 +678,9 @@ CdmResponseType CryptoSession::Decrypt(const CdmDecryptionParameters& params) { params.encrypt_buffer, params.encrypt_length, &buffer_descriptor, params.subsample_flags); } + if (params.cipher_mode != cipher_mode_) { + return INCORRECT_CRYPTO_MODE; + } if (params.is_encrypted || sts == OEMCrypto_ERROR_NOT_IMPLEMENTED) { OEMCrypto_CENCEncryptPatternDesc pattern_descriptor; pattern_descriptor.encrypt = params.pattern_descriptor.encrypt_blocks; diff --git a/libwvdrmengine/include/WVErrors.h b/libwvdrmengine/include/WVErrors.h index a05f25de..ee5e18b4 100644 --- a/libwvdrmengine/include/WVErrors.h +++ b/libwvdrmengine/include/WVErrors.h @@ -184,7 +184,8 @@ enum { kLoadUsageInfoFileError = ERROR_DRM_VENDOR_MIN + 170, kLoadUsageInfoMissing = ERROR_DRM_VENDOR_MIN + 171, kSessionFileHandleInitError = ERROR_DRM_VENDOR_MIN + 172, - kErrorWVDrmMaxErrorUsed = ERROR_DRM_VENDOR_MIN + 172, + kIncorrectCryptoMode = ERROR_DRM_VENDOR_MIN + 173, + kErrorWVDrmMaxErrorUsed = ERROR_DRM_VENDOR_MIN + 173, // Used by crypto test mode kErrorTestMode = ERROR_DRM_VENDOR_MAX, diff --git a/libwvdrmengine/include/mapErrors-inl.h b/libwvdrmengine/include/mapErrors-inl.h index fcd8868f..eef2a875 100644 --- a/libwvdrmengine/include/mapErrors-inl.h +++ b/libwvdrmengine/include/mapErrors-inl.h @@ -351,6 +351,8 @@ static android::status_t mapCdmResponseType(wvcdm::CdmResponseType res) { return kLoadUsageInfoMissing; case wvcdm::SESSION_FILE_HANDLE_INIT_ERROR: return kSessionFileHandleInitError; + case wvcdm::INCORRECT_CRYPTO_MODE: + return kIncorrectCryptoMode; case wvcdm::UNKNOWN_ERROR: return android::ERROR_DRM_UNKNOWN; case wvcdm::SECURE_BUFFER_REQUIRED: