widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Part of Qualcomm L1 OEMCrypto integration on mako

Browse Source 
bug: 8621521

This fixes a problem where insecure audio buffers were being
passed incorrectly as secure buffers to the trusted
environment's OEMCrypto_DecryptCTR.

This is a merge of the following changes from the widevine
git repository to android git repository:

https://widevine-internal-review.googlesource.com/#/c/5163/2
Allow selection of secure/non-secure buffers

https://widevine-internal-review.googlesource.com/#/c/5164/
Pass Secure Buffer Request to CDM

Change-Id: Iec1192a216305c6cf92c359b15b148eccc6ce6ce
This commit is contained in:
Jeff Tinker
2013-04-22 17:50:38 -07:00
parent e4181922af
commit 3a28eeeb68
11 changed files with 122 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
libwvdrmengine/cdm/core/include/cdm_engine.h
View File

@@ -85,6 +85,7 @@ class CdmEngine : public TimerHandler {
// Accept encrypted buffer and return decrypted data.
CdmResponseType Decrypt(const CdmSessionId& session_id,
bool is_encrypted,
bool is_secure,
const KeyId& key_id,
const uint8_t* encrypt_buffer,
size_t encrypt_length,

1
libwvdrmengine/cdm/core/include/cdm_session.h
View File

@@ -52,6 +52,7 @@ class CdmSession {
// Decrypt() - Accept encrypted buffer and return decrypted data.
CdmResponseType Decrypt(bool is_encrypted,
bool is_secure,
const KeyId& key_id,
const uint8_t* encrypt_buffer,
size_t encrypt_length,

1
libwvdrmengine/cdm/core/include/crypto_session.h
View File

@@ -66,6 +66,7 @@ class CryptoSession {
// Media data path
bool SelectKey(const std::string& key_id);
CdmResponseType Decrypt(bool is_encrypted,
bool is_secure,
const uint8_t* encrypt_buffer,
size_t encrypt_length,
const std::vector<uint8_t>& iv,

3
libwvdrmengine/cdm/core/src/cdm_engine.cpp
View File

@@ -670,6 +670,7 @@ CdmResponseType CdmEngine::ReleaseSecureStops(
CdmResponseType CdmEngine::Decrypt(
const CdmSessionId& session_id,
bool is_encrypted,
bool is_secure,
const KeyId& key_id,
const uint8_t* encrypt_buffer,
size_t encrypt_length,
@@ -684,7 +685,7 @@ CdmResponseType CdmEngine::Decrypt(
return KEY_ERROR;
}
return iter->second->Decrypt(is_encrypted, key_id, encrypt_buffer,
return iter->second->Decrypt(is_encrypted, is_secure, key_id, encrypt_buffer,
encrypt_length, iv, block_offset,
decrypt_buffer, decrypt_buffer_offset,
is_video);

8
libwvdrmengine/cdm/core/src/cdm_session.cpp
View File

@@ -145,6 +145,7 @@ CdmResponseType CdmSession::CancelKeyRequest() {
// Decrypt() - Accept encrypted buffer and return decrypted data.
CdmResponseType CdmSession::Decrypt(bool is_encrypted,
bool is_secure,
const KeyId& key_id,
const uint8_t* encrypt_buffer,
size_t encrypt_length,
@@ -168,9 +169,10 @@ CdmResponseType CdmSession::Decrypt(bool is_encrypted,
}
}
return crypto_session_->Decrypt(is_encrypted, encrypt_buffer, encrypt_length,
iv, block_offset, decrypt_buffer,
decrypt_buffer_offset, is_video);
return crypto_session_->Decrypt(is_encrypted, is_secure, encrypt_buffer,
encrypt_length, iv, block_offset,
decrypt_buffer, decrypt_buffer_offset,
is_video);
}
// License renewal

4
libwvdrmengine/cdm/core/src/crypto_session.cpp
View File

@@ -387,6 +387,7 @@ bool CryptoSession::GenerateSignature(const std::string& message,
}
CdmResponseType CryptoSession::Decrypt(bool is_encrypted,
bool is_secure,
const uint8_t* encrypt_buffer,
size_t encrypt_length,
const std::vector<uint8_t>& iv,
@@ -400,7 +401,8 @@ CdmResponseType CryptoSession::Decrypt(bool is_encrypted,
}
OEMCrypto_DestBufferDesc buffer_descriptor;
buffer_descriptor.type = destination_buffer_type_;
buffer_descriptor.type =
is_secure ? destination_buffer_type_: OEMCrypto_BufferType_Clear;
switch (buffer_descriptor.type) {
case OEMCrypto_BufferType_Clear:

1
libwvdrmengine/cdm/include/wv_content_decryption_module.h
View File

@@ -63,6 +63,7 @@ class WvContentDecryptionModule {
// Accept encrypted buffer and return decrypted data.
virtual CdmResponseType Decrypt(const CdmSessionId& session_id,
bool is_encrypted,
bool is_secure,
const KeyId& key_id,
const uint8_t* encrypt_buffer,
size_t encrypt_length,

3
libwvdrmengine/cdm/src/wv_content_decryption_module.cpp
View File

@@ -97,6 +97,7 @@ CdmResponseType WvContentDecryptionModule::ReleaseSecureStops(
CdmResponseType WvContentDecryptionModule::Decrypt(
const CdmSessionId& session_id,
bool is_encrypted,
bool is_secure,
const KeyId& key_id,
const uint8_t* encrypt_buffer,
size_t encrypt_length,
@@ -104,7 +105,7 @@ CdmResponseType WvContentDecryptionModule::Decrypt(
size_t block_offset,
void* decrypt_buffer,
size_t decrypt_buffer_offset) {
return cdm_engine_->Decrypt(session_id, is_encrypted, key_id,
return cdm_engine_->Decrypt(session_id, is_encrypted, is_secure, key_id,
encrypt_buffer, encrypt_length, iv,
block_offset, decrypt_buffer,
decrypt_buffer_offset, true);

16
libwvdrmengine/cdm/test/request_license_test.cpp
View File

@@ -29,6 +29,7 @@ namespace wvcdm {
typedef struct DecryptionData {
bool is_encrypted;
bool is_secure;
wvcdm::KeyId key_id;
std::vector<uint8_t> encrypt_data;
std::vector<uint8_t> iv;
@@ -252,6 +253,7 @@ TEST_F(WvCdmRequestLicenseTest, ClearDecryptionTest) {
// key 1, clear, 256b
DecryptionData data;
data.is_encrypted = false;
data.is_secure = false;
data.key_id = wvcdm::a2bs_hex("E02562E04CD55351B14B3D748D36ED8E");
data.encrypt_data = wvcdm::a2b_hex(
"9da401105ab8da443e93e6fe089dfc69e00a9a51690d406872f338c5fa7dd3d5"
@@ -280,6 +282,7 @@ TEST_F(WvCdmRequestLicenseTest, ClearDecryptionTest) {
EXPECT_EQ(NO_ERROR, decryptor_.Decrypt(session_id_,
data.is_encrypted,
data.is_secure,
data.key_id,
&data.encrypt_data.front(),
encrypt_length,
@@ -299,6 +302,7 @@ TEST_F(WvCdmRequestLicenseTest, ClearDecryptionNoKeyTest) {
// key 1, clear, 256b
DecryptionData data;
data.is_encrypted = false;
data.is_secure = false;
data.key_id = wvcdm::a2bs_hex("77777777777777777777777777777777");
data.encrypt_data = wvcdm::a2b_hex(
"9da401105ab8da443e93e6fe089dfc69e00a9a51690d406872f338c5fa7dd3d5"
@@ -327,6 +331,7 @@ TEST_F(WvCdmRequestLicenseTest, ClearDecryptionNoKeyTest) {
EXPECT_EQ(NO_ERROR, decryptor_.Decrypt(session_id_,
data.is_encrypted,
data.is_secure,
data.key_id,
&data.encrypt_data.front(),
encrypt_length,
@@ -348,6 +353,7 @@ TEST_F(WvCdmRequestLicenseTest, DecryptionTest) {
// key 1, encrypted, 256b
DecryptionData data;
data.is_encrypted = true;
data.is_secure = false;
data.key_id = wvcdm::a2bs_hex("E02562E04CD55351B14B3D748D36ED8E");
data.encrypt_data = wvcdm::a2b_hex(
"3b2cbde084973539329bd5656da22d20396249bf4a18a51c38c4743360cc9fea"
@@ -376,6 +382,7 @@ TEST_F(WvCdmRequestLicenseTest, DecryptionTest) {
EXPECT_EQ(NO_ERROR, decryptor_.Decrypt(session_id_,
data.is_encrypted,
data.is_secure,
data.key_id,
&data.encrypt_data.front(),
encrypt_length,
@@ -399,6 +406,7 @@ TEST_F(WvCdmRequestLicenseTest, SwitchKeyDecryptionTest) {
// block 0, key 1, encrypted, 256b
data[0].is_encrypted = true;
data[0].is_secure = false;
data[0].key_id = wvcdm::a2bs_hex("E02562E04CD55351B14B3D748D36ED8E");
data[0].encrypt_data = wvcdm::a2b_hex(
"3b2cbde084973539329bd5656da22d20396249bf4a18a51c38c4743360cc9fea"
@@ -423,6 +431,7 @@ TEST_F(WvCdmRequestLicenseTest, SwitchKeyDecryptionTest) {
// block 1, key 3, encrypted, 256b
data[1].is_encrypted = true;
data[1].is_secure = false;
data[1].key_id = wvcdm::a2bs_hex("0065901A64A25899A5193664ABF9AF62");
data[1].encrypt_data = wvcdm::a2b_hex(
"337f294addb4c16d1015fd839e80314472432eda503bd0529422318bec7d2b34"
@@ -452,6 +461,7 @@ TEST_F(WvCdmRequestLicenseTest, SwitchKeyDecryptionTest) {
EXPECT_EQ(NO_ERROR, decryptor_.Decrypt(session_id_,
data[i].is_encrypted,
data[i].is_secure,
data[i].key_id,
&data[i].encrypt_data.front(),
encrypt_length,
@@ -475,6 +485,7 @@ TEST_F(WvCdmRequestLicenseTest, PartialBlockDecryptionTest) {
// key 3, encrypted, 125b, offset 0
DecryptionData data;
data.is_encrypted = true;
data.is_secure = false;
data.key_id = wvcdm::a2bs_hex("0065901A64A25899A5193664ABF9AF62");
data.encrypt_data = wvcdm::a2b_hex(
"337f294addb4c16d1015fd839e80314472432eda503bd0529422318bec7d2b34"
@@ -495,6 +506,7 @@ TEST_F(WvCdmRequestLicenseTest, PartialBlockDecryptionTest) {
EXPECT_EQ(NO_ERROR, decryptor_.Decrypt(session_id_,
data.is_encrypted,
data.is_secure,
data.key_id,
&data.encrypt_data.front(),
encrypt_length,
@@ -516,6 +528,7 @@ TEST_F(WvCdmRequestLicenseTest, PartialBlockWithOffsetDecryptionTest) {
// key 3, encrypted, 123b, offset 5
DecryptionData data;
data.is_encrypted = true;
data.is_secure = false;
data.key_id = wvcdm::a2bs_hex("0065901A64A25899A5193664ABF9AF62");
data.encrypt_data = wvcdm::a2b_hex(
"97f39b919ba56f3c3a51ecdcd7318bc130f054320c74db3990f925"
@@ -536,6 +549,7 @@ TEST_F(WvCdmRequestLicenseTest, PartialBlockWithOffsetDecryptionTest) {
EXPECT_EQ(NO_ERROR, decryptor_.Decrypt(session_id_,
data.is_encrypted,
data.is_secure,
data.key_id,
&data.encrypt_data.front(),
encrypt_length,
@@ -561,6 +575,7 @@ TEST_F(WvCdmRequestLicenseTest, KeyControlBlockDecryptionTest) {
// block 4, key 2, encrypted
data.is_encrypted = true;
data.is_secure = false;
data.key_id = wvcdm::a2bs_hex("0915007CAA9B5931B76A3A85F046523E");
data.encrypt_data = wvcdm::a2b_hex(
"6758ac1c6ccf5d08479e3bfc62bbc0fd154aff4415aa7ed53d89e3983248d117"
@@ -589,6 +604,7 @@ TEST_F(WvCdmRequestLicenseTest, KeyControlBlockDecryptionTest) {
EXPECT_EQ(NO_ERROR, decryptor_.Decrypt(session_id_,
data.is_encrypted,
data.is_secure,
data.key_id,
&data.encrypt_data.front(),
encrypt_length,