Merge "Verify cipher block mode during decryption"
This commit is contained in:
Rahul Frias
@@ -134,6 +134,8 @@ class CryptoSession {
|
|||||||
uint64_t request_id_base_;
|
uint64_t request_id_base_;
|
||||||
static uint64_t request_id_index_;
|
static uint64_t request_id_index_;
|
||||||
|
|
||||||
|
CdmCipherMode cipher_mode_;
|
||||||
|
|
||||||
CORE_DISALLOW_COPY_AND_ASSIGN(CryptoSession);
|
CORE_DISALLOW_COPY_AND_ASSIGN(CryptoSession);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -214,6 +214,7 @@ enum CdmResponseType {
|
|||||||
LOAD_USAGE_INFO_FILE_ERROR,
|
LOAD_USAGE_INFO_FILE_ERROR,
|
||||||
LOAD_USAGE_INFO_MISSING,
|
LOAD_USAGE_INFO_MISSING,
|
||||||
SESSION_FILE_HANDLE_INIT_ERROR,
|
SESSION_FILE_HANDLE_INIT_ERROR,
|
||||||
|
INCORRECT_CRYPTO_MODE,
|
||||||
};
|
};
|
||||||
|
|
||||||
enum CdmKeyStatus {
|
enum CdmKeyStatus {
|
||||||
@@ -295,6 +296,7 @@ struct CdmCencPatternEncryptionDescriptor {
|
|||||||
struct CdmDecryptionParameters {
|
struct CdmDecryptionParameters {
|
||||||
bool is_encrypted;
|
bool is_encrypted;
|
||||||
bool is_secure;
|
bool is_secure;
|
||||||
|
CdmCipherMode cipher_mode;
|
||||||
const KeyId* key_id;
|
const KeyId* key_id;
|
||||||
const uint8_t* encrypt_buffer;
|
const uint8_t* encrypt_buffer;
|
||||||
size_t encrypt_length;
|
size_t encrypt_length;
|
||||||
@@ -309,6 +311,7 @@ struct CdmDecryptionParameters {
|
|||||||
CdmDecryptionParameters()
|
CdmDecryptionParameters()
|
||||||
: is_encrypted(true),
|
: is_encrypted(true),
|
||||||
is_secure(true),
|
is_secure(true),
|
||||||
|
cipher_mode(kCipherModeCtr),
|
||||||
key_id(NULL),
|
key_id(NULL),
|
||||||
encrypt_buffer(NULL),
|
encrypt_buffer(NULL),
|
||||||
encrypt_length(0),
|
encrypt_length(0),
|
||||||
@@ -325,6 +328,7 @@ struct CdmDecryptionParameters {
|
|||||||
size_t offset, void* decrypted_buffer)
|
size_t offset, void* decrypted_buffer)
|
||||||
: is_encrypted(true),
|
: is_encrypted(true),
|
||||||
is_secure(true),
|
is_secure(true),
|
||||||
|
cipher_mode(kCipherModeCtr),
|
||||||
key_id(key),
|
key_id(key),
|
||||||
encrypt_buffer(encrypted_buffer),
|
encrypt_buffer(encrypted_buffer),
|
||||||
encrypt_length(encrypted_length),
|
encrypt_length(encrypted_length),
|
||||||
|
|||||||
@@ -40,7 +40,8 @@ CryptoSession::CryptoSession()
|
|||||||
update_usage_table_after_close_session_(false),
|
update_usage_table_after_close_session_(false),
|
||||||
is_destination_buffer_type_valid_(false),
|
is_destination_buffer_type_valid_(false),
|
||||||
requested_security_level_(kLevelDefault),
|
requested_security_level_(kLevelDefault),
|
||||||
request_id_base_(0) {
|
request_id_base_(0),
|
||||||
|
cipher_mode_(kCipherModeCtr) {
|
||||||
Init();
|
Init();
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -415,6 +416,7 @@ CdmResponseType CryptoSession::LoadKeys(
|
|||||||
ko->cipher_mode = ki->cipher_mode() == kCipherModeCbc
|
ko->cipher_mode = ki->cipher_mode() == kCipherModeCbc
|
||||||
? OEMCrypto_CipherMode_CBC
|
? OEMCrypto_CipherMode_CBC
|
||||||
: OEMCrypto_CipherMode_CTR;
|
: OEMCrypto_CipherMode_CTR;
|
||||||
|
cipher_mode_ = ki->cipher_mode();
|
||||||
}
|
}
|
||||||
uint8_t* pst = NULL;
|
uint8_t* pst = NULL;
|
||||||
if (!provider_session_token.empty()) {
|
if (!provider_session_token.empty()) {
|
||||||
@@ -676,6 +678,9 @@ CdmResponseType CryptoSession::Decrypt(const CdmDecryptionParameters& params) {
|
|||||||
params.encrypt_buffer, params.encrypt_length,
|
params.encrypt_buffer, params.encrypt_length,
|
||||||
&buffer_descriptor, params.subsample_flags);
|
&buffer_descriptor, params.subsample_flags);
|
||||||
}
|
}
|
||||||
|
if (params.cipher_mode != cipher_mode_) {
|
||||||
|
return INCORRECT_CRYPTO_MODE;
|
||||||
|
}
|
||||||
if (params.is_encrypted || sts == OEMCrypto_ERROR_NOT_IMPLEMENTED) {
|
if (params.is_encrypted || sts == OEMCrypto_ERROR_NOT_IMPLEMENTED) {
|
||||||
OEMCrypto_CENCEncryptPatternDesc pattern_descriptor;
|
OEMCrypto_CENCEncryptPatternDesc pattern_descriptor;
|
||||||
pattern_descriptor.encrypt = params.pattern_descriptor.encrypt_blocks;
|
pattern_descriptor.encrypt = params.pattern_descriptor.encrypt_blocks;
|
||||||
|
|||||||
@@ -184,7 +184,8 @@ enum {
|
|||||||
kLoadUsageInfoFileError = ERROR_DRM_VENDOR_MIN + 170,
|
kLoadUsageInfoFileError = ERROR_DRM_VENDOR_MIN + 170,
|
||||||
kLoadUsageInfoMissing = ERROR_DRM_VENDOR_MIN + 171,
|
kLoadUsageInfoMissing = ERROR_DRM_VENDOR_MIN + 171,
|
||||||
kSessionFileHandleInitError = ERROR_DRM_VENDOR_MIN + 172,
|
kSessionFileHandleInitError = ERROR_DRM_VENDOR_MIN + 172,
|
||||||
kErrorWVDrmMaxErrorUsed = ERROR_DRM_VENDOR_MIN + 172,
|
kIncorrectCryptoMode = ERROR_DRM_VENDOR_MIN + 173,
|
||||||
|
kErrorWVDrmMaxErrorUsed = ERROR_DRM_VENDOR_MIN + 173,
|
||||||
|
|
||||||
// Used by crypto test mode
|
// Used by crypto test mode
|
||||||
kErrorTestMode = ERROR_DRM_VENDOR_MAX,
|
kErrorTestMode = ERROR_DRM_VENDOR_MAX,
|
||||||
|
|||||||
@@ -351,6 +351,8 @@ static android::status_t mapCdmResponseType(wvcdm::CdmResponseType res) {
|
|||||||
return kLoadUsageInfoMissing;
|
return kLoadUsageInfoMissing;
|
||||||
case wvcdm::SESSION_FILE_HANDLE_INIT_ERROR:
|
case wvcdm::SESSION_FILE_HANDLE_INIT_ERROR:
|
||||||
return kSessionFileHandleInitError;
|
return kSessionFileHandleInitError;
|
||||||
|
case wvcdm::INCORRECT_CRYPTO_MODE:
|
||||||
|
return kIncorrectCryptoMode;
|
||||||
case wvcdm::UNKNOWN_ERROR:
|
case wvcdm::UNKNOWN_ERROR:
|
||||||
return android::ERROR_DRM_UNKNOWN;
|
return android::ERROR_DRM_UNKNOWN;
|
||||||
case wvcdm::SECURE_BUFFER_REQUIRED:
|
case wvcdm::SECURE_BUFFER_REQUIRED:
|
||||||
|
|||||||
Reference in New Issue
Block a user