widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Avoid setting OEMCrypto_Algorithm enum vars with invalid values"

Browse Source
This commit is contained in:
TreeHugger Robot
2020-11-03 00:49:11 +00:00
committed by Android (Google) Code Review
parent 712784055b 5151daec19
commit 4447748573
2 changed files with 39 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
libwvdrmengine/cdm/core/include/crypto_session.h
View File

@@ -325,14 +325,6 @@ class CryptoSession {
CdmResponseType SelectKey(const std::string& key_id, CdmResponseType SelectKey(const std::string& key_id,
CdmCipherMode cipher_mode); CdmCipherMode cipher_mode);
static const OEMCrypto_Algorithm kInvalidAlgorithm =
static_cast<OEMCrypto_Algorithm>(-1);
OEMCrypto_Algorithm GenericSigningAlgorithm(CdmSigningAlgorithm algorithm);
OEMCrypto_Algorithm GenericEncryptionAlgorithm(
CdmEncryptionAlgorithm algorithm);
size_t GenericEncryptionBlockSize(CdmEncryptionAlgorithm algorithm);
// These methods fall back into each other in the order given, depending on // These methods fall back into each other in the order given, depending on
// how much data they were given and how much data OEMCrypto can accept in one // how much data they were given and how much data OEMCrypto can accept in one
// call. // call.
@@ -408,10 +400,6 @@ class CryptoSession {
static bool IsInitialized(); static bool IsInitialized();
// Constants
static const size_t kAes128BlockSize = 16; // Block size for AES_CBC_128
static const size_t kSignatureSize = 32; // size for HMAC-SHA256 signature
// The locking methods above should be used in preference to taking these // The locking methods above should be used in preference to taking these
// mutexes directly. If code takes these manually and needs to take more // mutexes directly. If code takes these manually and needs to take more
// than one, it must *always* take them in the order they are defined here. // than one, it must *always* take them in the order they are defined here.

74
libwvdrmengine/cdm/core/src/crypto_session.cpp
View File

@@ -57,6 +57,7 @@ constexpr size_t MiB = 1024 * 1024;
constexpr uint32_t kRsaSignatureLength = 256; constexpr uint32_t kRsaSignatureLength = 256;
constexpr size_t kEstimatedInitialUsageTableHeader = 40; constexpr size_t kEstimatedInitialUsageTableHeader = 40;
const size_t kAes128BlockSize = 16;
// Constants and utility objects relating to OEM Certificates // Constants and utility objects relating to OEM Certificates
constexpr const char* kWidevineSystemIdExtensionOid = "1.3.6.1.4.1.11129.4.1.1"; constexpr const char* kWidevineSystemIdExtensionOid = "1.3.6.1.4.1.11129.4.1.1";
@@ -128,6 +129,36 @@ void AdvanceDestBuffer(OEMCrypto_DestBufferDesc* dest_buffer, size_t bytes) {
LOGE("Unrecognized OEMCryptoBufferType %u - doing nothing", LOGE("Unrecognized OEMCryptoBufferType %u - doing nothing",
dest_buffer->type); dest_buffer->type);
} }
bool GetGenericSigningAlgorithm(CdmSigningAlgorithm algorithm,
OEMCrypto_Algorithm* oec_algorithm) {
RETURN_IF_NULL(oec_algorithm, false);
if (kSigningAlgorithmHmacSha256 != algorithm) {
LOGW("Unrecognized signing algorithm: %d", algorithm);
return false;
}
*oec_algorithm = OEMCrypto_HMAC_SHA256;
return true;
}
bool GetGenericEncryptionAlgorithm(CdmEncryptionAlgorithm algorithm,
OEMCrypto_Algorithm* oec_algorithm) {
RETURN_IF_NULL(oec_algorithm, false);
if (kEncryptionAlgorithmAesCbc128 != algorithm) {
LOGW("Unrecognized encryption algorithm: %d", algorithm);
return false;
}
*oec_algorithm = OEMCrypto_AES_CBC_128_NO_PADDING;
return true;
}
size_t GenericEncryptionBlockSize(CdmEncryptionAlgorithm algorithm) {
if (kEncryptionAlgorithmAesCbc128 != algorithm) {
LOGW("Unrecognized encryption algorithm: %d", algorithm);
return 0;
}
return kAes128BlockSize;
}
} // namespace } // namespace
shared_mutex CryptoSession::static_field_mutex_; shared_mutex CryptoSession::static_field_mutex_;
@@ -2121,9 +2152,9 @@ CdmResponseType CryptoSession::GenericEncrypt(const std::string& in_buffer,
LOGV("Generic encrypt: id = %u", oec_session_id_); LOGV("Generic encrypt: id = %u", oec_session_id_);
RETURN_IF_NULL(out_buffer, PARAMETER_NULL); RETURN_IF_NULL(out_buffer, PARAMETER_NULL);
OEMCrypto_Algorithm oec_algorithm = GenericEncryptionAlgorithm(algorithm); OEMCrypto_Algorithm oec_algorithm = OEMCrypto_AES_CBC_128_NO_PADDING;
if (iv.size() != GenericEncryptionBlockSize(algorithm) || if (iv.size() != GenericEncryptionBlockSize(algorithm) ||
oec_algorithm == kInvalidAlgorithm) { !GetGenericEncryptionAlgorithm(algorithm, &oec_algorithm)) {
return INVALID_PARAMETERS_ENG_13; return INVALID_PARAMETERS_ENG_13;
} }
@@ -2182,9 +2213,9 @@ CdmResponseType CryptoSession::GenericDecrypt(const std::string& in_buffer,
LOGV("Generic decrypt: id = %u", oec_session_id_); LOGV("Generic decrypt: id = %u", oec_session_id_);
RETURN_IF_NULL(out_buffer, PARAMETER_NULL); RETURN_IF_NULL(out_buffer, PARAMETER_NULL);
OEMCrypto_Algorithm oec_algorithm = GenericEncryptionAlgorithm(algorithm); OEMCrypto_Algorithm oec_algorithm = OEMCrypto_AES_CBC_128_NO_PADDING;
if (iv.size() != GenericEncryptionBlockSize(algorithm) || if (iv.size() != GenericEncryptionBlockSize(algorithm) ||
oec_algorithm == kInvalidAlgorithm) { !GetGenericEncryptionAlgorithm(algorithm, &oec_algorithm)) {
return INVALID_PARAMETERS_ENG_14; return INVALID_PARAMETERS_ENG_14;
} }
@@ -2242,8 +2273,8 @@ CdmResponseType CryptoSession::GenericSign(const std::string& message,
LOGV("Generic sign: id = %u", oec_session_id_); LOGV("Generic sign: id = %u", oec_session_id_);
RETURN_IF_NULL(signature, PARAMETER_NULL); RETURN_IF_NULL(signature, PARAMETER_NULL);
OEMCrypto_Algorithm oec_algorithm = GenericSigningAlgorithm(algorithm); OEMCrypto_Algorithm oec_algorithm = OEMCrypto_HMAC_SHA256;
if (oec_algorithm == kInvalidAlgorithm) { if (!GetGenericSigningAlgorithm(algorithm, &oec_algorithm)) {
return INVALID_PARAMETERS_ENG_15; return INVALID_PARAMETERS_ENG_15;
} }
@@ -2308,8 +2339,8 @@ CdmResponseType CryptoSession::GenericVerify(const std::string& message,
const std::string& signature) { const std::string& signature) {
LOGV("Generic verify: id = %u", oec_session_id_); LOGV("Generic verify: id = %u", oec_session_id_);
OEMCrypto_Algorithm oec_algorithm = GenericSigningAlgorithm(algorithm); OEMCrypto_Algorithm oec_algorithm = OEMCrypto_HMAC_SHA256;
if (oec_algorithm == kInvalidAlgorithm) { if (!GetGenericSigningAlgorithm(algorithm, &oec_algorithm)) {
return INVALID_PARAMETERS_ENG_16; return INVALID_PARAMETERS_ENG_16;
} }
@@ -2660,33 +2691,6 @@ bool CryptoSession::GetAnalogOutputCapabilities(bool* can_support_output,
return true; return true;
} }
OEMCrypto_Algorithm CryptoSession::GenericSigningAlgorithm(
CdmSigningAlgorithm algorithm) {
if (kSigningAlgorithmHmacSha256 == algorithm) {
return OEMCrypto_HMAC_SHA256;
} else {
return kInvalidAlgorithm;
}
}
OEMCrypto_Algorithm CryptoSession::GenericEncryptionAlgorithm(
CdmEncryptionAlgorithm algorithm) {
if (kEncryptionAlgorithmAesCbc128 == algorithm) {
return OEMCrypto_AES_CBC_128_NO_PADDING;
} else {
return kInvalidAlgorithm;
}
}
size_t CryptoSession::GenericEncryptionBlockSize(
CdmEncryptionAlgorithm algorithm) {
if (kEncryptionAlgorithmAesCbc128 == algorithm) {
return kAes128BlockSize;
} else {
return 0;
}
}
// OEMCryptoResult OEMCrypto_DecryptCENC( // OEMCryptoResult OEMCrypto_DecryptCENC(
// OEMCrypto_SESSION session, // OEMCrypto_SESSION session,
// const OEMCrypto_SampleDescription* samples, // an array of samples. // const OEMCrypto_SampleDescription* samples, // an array of samples.