widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Optimize Status Queries in WVCryptoPlugin By Deleting Them

Browse Source 
Removes the status query from WVCryptoPlugin's decrypt method.  It was not
providing any additional security since it was not cryptographically secure,
and querying status is an expensive operation on some devices.  It should not
be done on a frequent basis, such as in every decrypt call.

Bug: 8667365

Merge of https://widevine-internal-review.googlesource.com/#/c/5121/
from widevine CDM repository to android repository.

Change-Id: Id9a877c5655cb8dbee7e97f983d43ec2ab6acc6e
This commit is contained in:
Jeff Tinker
2013-04-19 16:34:57 -07:00
parent 87c3f5652f
commit 36aeacde48
3 changed files with 1 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libwvdrmengine/include/WVErrors.h
View File

@@ -16,8 +16,7 @@ enum {
kErrorIncorrectBufferSize = ERROR_DRM_VENDOR_MIN, kErrorIncorrectBufferSize = ERROR_DRM_VENDOR_MIN,
kErrorCDMGeneric = ERROR_DRM_VENDOR_MIN + 1, kErrorCDMGeneric = ERROR_DRM_VENDOR_MIN + 1,
kErrorUnsupportedCrypto = ERROR_DRM_VENDOR_MIN + 2, kErrorUnsupportedCrypto = ERROR_DRM_VENDOR_MIN + 2,
kErrorCannotGuaranteeSecurity = ERROR_DRM_VENDOR_MIN + 3, kErrorExpectedUnencrypted = ERROR_DRM_VENDOR_MIN + 3,
kErrorExpectedUnencrypted = ERROR_DRM_VENDOR_MIN + 4,
// Used by crypto test mode // Used by crypto test mode
kErrorTestMode = ERROR_DRM_VENDOR_MAX, kErrorTestMode = ERROR_DRM_VENDOR_MAX,

17
libwvdrmengine/mediacrypto/src/WVCryptoPlugin.cpp
View File

@@ -76,23 +76,6 @@ ssize_t WVCryptoPlugin::decrypt(bool secure, const uint8_t key[KEY_ID_SIZE],
return kErrorUnsupportedCrypto; return kErrorUnsupportedCrypto;
} }
// If the caller requested secure decrypt, verify that we can comply.
if (secure) {
CdmQueryMap status;
CdmResponseType res = mCDM->QueryStatus(&status);
if (!isCdmResponseTypeSuccess(res)) {
ALOGE("Error querying CDM status: %u", res);
errorDetailMsg->setTo("Unable to verify ability to decode securely.");
return kErrorCannotGuaranteeSecurity;
} else if (status[QUERY_KEY_SECURITY_LEVEL] !=
QUERY_VALUE_SECURITY_LEVEL_L1) {
errorDetailMsg->setTo("Secure decode is not supported on this device.");
return kErrorCannotGuaranteeSecurity;
}
}
// Convert parameters to the form the CDM wishes to consume them in. // Convert parameters to the form the CDM wishes to consume them in.
const KeyId keyId(reinterpret_cast<const char*>(key), KEY_ID_SIZE); const KeyId keyId(reinterpret_cast<const char*>(key), KEY_ID_SIZE);
const vector<uint8_t> ivVector(iv, iv + KEY_IV_SIZE); const vector<uint8_t> ivVector(iv, iv + KEY_IV_SIZE);

29
libwvdrmengine/mediacrypto/test/WVCryptoPlugin_test.cpp
View File

@@ -91,35 +91,6 @@ TEST_F(WVCryptoPluginTest, CorrectlyReportsSecureBuffers) {
"WVCryptoPlugin incorrectly expects a secure audio decoder"; "WVCryptoPlugin incorrectly expects a secure audio decoder";
} }
TEST_F(WVCryptoPluginTest, RejectsSecureDecodeOnL3) {
MockCDM cdm;
WVCryptoPlugin plugin(sessionId, kSessionIdSize, &cdm);
CdmQueryMap l3Map;
l3Map[QUERY_KEY_SECURITY_LEVEL] = QUERY_VALUE_SECURITY_LEVEL_L3;
// Decrypt should not be called because we specified an unsupported
// security level
EXPECT_CALL(cdm, Decrypt(_, _, _, _, _, _, _, _))
.Times(0);
EXPECT_CALL(cdm, QueryStatus(_))
.WillOnce(DoAll(SetArgPointee<0>(l3Map),
Return(wvcdm::NO_ERROR)));
AString errorDetailMessage;
ssize_t res = plugin.decrypt(true, keyId, iv, CryptoPlugin::kMode_AES_CTR,
in, subSamples, kSubSampleCount, out,
&errorDetailMessage);
EXPECT_LT(res, 0) <<
"WVCryptoPlugin allowed decryption to proceed despite being asked for an "
"unsupported security level";
EXPECT_GT(errorDetailMessage.size(), 0u) <<
"WVCryptoPlugin did not report a detailed error message.";
}
TEST_F(WVCryptoPluginTest, AttemptsToDecrypt) { TEST_F(WVCryptoPluginTest, AttemptsToDecrypt) {
MockCDM cdm; MockCDM cdm;
WVCryptoPlugin plugin(sessionId, kSessionIdSize, &cdm); WVCryptoPlugin plugin(sessionId, kSessionIdSize, &cdm);