Avoid setting OEMCrypto_Algorithm enum vars with invalid values
[ Merge of http://go/wvgerrit/106203 ] CdmSigningAlgorithm are converted into OEMCrypto_Algorithm enums before being passed as parameters to OEMCrypto generic crypto functions. The OEMCrypto_Algorithm variables should never be set to values not specified in the enum declaration. These private methods have also been moved to the anonymous namespace. Bug: 168774486 Test: WV unit/integration tests Change-Id: Ie570a3cf4447b6c133076baa0909d562824c8e4a
This commit is contained in:
Rahul Frias
@@ -325,14 +325,6 @@ class CryptoSession {
|
||||
CdmResponseType SelectKey(const std::string& key_id,
|
||||
CdmCipherMode cipher_mode);
|
||||
|
||||
static const OEMCrypto_Algorithm kInvalidAlgorithm =
|
||||
static_cast<OEMCrypto_Algorithm>(-1);
|
||||
|
||||
OEMCrypto_Algorithm GenericSigningAlgorithm(CdmSigningAlgorithm algorithm);
|
||||
OEMCrypto_Algorithm GenericEncryptionAlgorithm(
|
||||
CdmEncryptionAlgorithm algorithm);
|
||||
size_t GenericEncryptionBlockSize(CdmEncryptionAlgorithm algorithm);
|
||||
|
||||
// These methods fall back into each other in the order given, depending on
|
||||
// how much data they were given and how much data OEMCrypto can accept in one
|
||||
// call.
|
||||
@@ -408,10 +400,6 @@ class CryptoSession {
|
||||
|
||||
static bool IsInitialized();
|
||||
|
||||
// Constants
|
||||
static const size_t kAes128BlockSize = 16; // Block size for AES_CBC_128
|
||||
static const size_t kSignatureSize = 32; // size for HMAC-SHA256 signature
|
||||
|
||||
// The locking methods above should be used in preference to taking these
|
||||
// mutexes directly. If code takes these manually and needs to take more
|
||||
// than one, it must *always* take them in the order they are defined here.
|
||||
|
||||
@@ -57,6 +57,7 @@ constexpr size_t MiB = 1024 * 1024;
|
||||
|
||||
constexpr uint32_t kRsaSignatureLength = 256;
|
||||
constexpr size_t kEstimatedInitialUsageTableHeader = 40;
|
||||
const size_t kAes128BlockSize = 16;
|
||||
|
||||
// Constants and utility objects relating to OEM Certificates
|
||||
constexpr const char* kWidevineSystemIdExtensionOid = "1.3.6.1.4.1.11129.4.1.1";
|
||||
@@ -128,6 +129,36 @@ void AdvanceDestBuffer(OEMCrypto_DestBufferDesc* dest_buffer, size_t bytes) {
|
||||
LOGE("Unrecognized OEMCryptoBufferType %u - doing nothing",
|
||||
dest_buffer->type);
|
||||
}
|
||||
|
||||
bool GetGenericSigningAlgorithm(CdmSigningAlgorithm algorithm,
|
||||
OEMCrypto_Algorithm* oec_algorithm) {
|
||||
RETURN_IF_NULL(oec_algorithm, false);
|
||||
if (kSigningAlgorithmHmacSha256 != algorithm) {
|
||||
LOGW("Unrecognized signing algorithm: %d", algorithm);
|
||||
return false;
|
||||
}
|
||||
*oec_algorithm = OEMCrypto_HMAC_SHA256;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool GetGenericEncryptionAlgorithm(CdmEncryptionAlgorithm algorithm,
|
||||
OEMCrypto_Algorithm* oec_algorithm) {
|
||||
RETURN_IF_NULL(oec_algorithm, false);
|
||||
if (kEncryptionAlgorithmAesCbc128 != algorithm) {
|
||||
LOGW("Unrecognized encryption algorithm: %d", algorithm);
|
||||
return false;
|
||||
}
|
||||
*oec_algorithm = OEMCrypto_AES_CBC_128_NO_PADDING;
|
||||
return true;
|
||||
}
|
||||
|
||||
size_t GenericEncryptionBlockSize(CdmEncryptionAlgorithm algorithm) {
|
||||
if (kEncryptionAlgorithmAesCbc128 != algorithm) {
|
||||
LOGW("Unrecognized encryption algorithm: %d", algorithm);
|
||||
return 0;
|
||||
}
|
||||
return kAes128BlockSize;
|
||||
}
|
||||
} // namespace
|
||||
|
||||
shared_mutex CryptoSession::static_field_mutex_;
|
||||
@@ -2121,9 +2152,9 @@ CdmResponseType CryptoSession::GenericEncrypt(const std::string& in_buffer,
|
||||
LOGV("Generic encrypt: id = %u", oec_session_id_);
|
||||
RETURN_IF_NULL(out_buffer, PARAMETER_NULL);
|
||||
|
||||
OEMCrypto_Algorithm oec_algorithm = GenericEncryptionAlgorithm(algorithm);
|
||||
OEMCrypto_Algorithm oec_algorithm = OEMCrypto_AES_CBC_128_NO_PADDING;
|
||||
if (iv.size() != GenericEncryptionBlockSize(algorithm) ||
|
||||
oec_algorithm == kInvalidAlgorithm) {
|
||||
!GetGenericEncryptionAlgorithm(algorithm, &oec_algorithm)) {
|
||||
return INVALID_PARAMETERS_ENG_13;
|
||||
}
|
||||
|
||||
@@ -2182,9 +2213,9 @@ CdmResponseType CryptoSession::GenericDecrypt(const std::string& in_buffer,
|
||||
LOGV("Generic decrypt: id = %u", oec_session_id_);
|
||||
RETURN_IF_NULL(out_buffer, PARAMETER_NULL);
|
||||
|
||||
OEMCrypto_Algorithm oec_algorithm = GenericEncryptionAlgorithm(algorithm);
|
||||
OEMCrypto_Algorithm oec_algorithm = OEMCrypto_AES_CBC_128_NO_PADDING;
|
||||
if (iv.size() != GenericEncryptionBlockSize(algorithm) ||
|
||||
oec_algorithm == kInvalidAlgorithm) {
|
||||
!GetGenericEncryptionAlgorithm(algorithm, &oec_algorithm)) {
|
||||
return INVALID_PARAMETERS_ENG_14;
|
||||
}
|
||||
|
||||
@@ -2242,8 +2273,8 @@ CdmResponseType CryptoSession::GenericSign(const std::string& message,
|
||||
LOGV("Generic sign: id = %u", oec_session_id_);
|
||||
RETURN_IF_NULL(signature, PARAMETER_NULL);
|
||||
|
||||
OEMCrypto_Algorithm oec_algorithm = GenericSigningAlgorithm(algorithm);
|
||||
if (oec_algorithm == kInvalidAlgorithm) {
|
||||
OEMCrypto_Algorithm oec_algorithm = OEMCrypto_HMAC_SHA256;
|
||||
if (!GetGenericSigningAlgorithm(algorithm, &oec_algorithm)) {
|
||||
return INVALID_PARAMETERS_ENG_15;
|
||||
}
|
||||
|
||||
@@ -2308,8 +2339,8 @@ CdmResponseType CryptoSession::GenericVerify(const std::string& message,
|
||||
const std::string& signature) {
|
||||
LOGV("Generic verify: id = %u", oec_session_id_);
|
||||
|
||||
OEMCrypto_Algorithm oec_algorithm = GenericSigningAlgorithm(algorithm);
|
||||
if (oec_algorithm == kInvalidAlgorithm) {
|
||||
OEMCrypto_Algorithm oec_algorithm = OEMCrypto_HMAC_SHA256;
|
||||
if (!GetGenericSigningAlgorithm(algorithm, &oec_algorithm)) {
|
||||
return INVALID_PARAMETERS_ENG_16;
|
||||
}
|
||||
|
||||
@@ -2660,33 +2691,6 @@ bool CryptoSession::GetAnalogOutputCapabilities(bool* can_support_output,
|
||||
return true;
|
||||
}
|
||||
|
||||
OEMCrypto_Algorithm CryptoSession::GenericSigningAlgorithm(
|
||||
CdmSigningAlgorithm algorithm) {
|
||||
if (kSigningAlgorithmHmacSha256 == algorithm) {
|
||||
return OEMCrypto_HMAC_SHA256;
|
||||
} else {
|
||||
return kInvalidAlgorithm;
|
||||
}
|
||||
}
|
||||
|
||||
OEMCrypto_Algorithm CryptoSession::GenericEncryptionAlgorithm(
|
||||
CdmEncryptionAlgorithm algorithm) {
|
||||
if (kEncryptionAlgorithmAesCbc128 == algorithm) {
|
||||
return OEMCrypto_AES_CBC_128_NO_PADDING;
|
||||
} else {
|
||||
return kInvalidAlgorithm;
|
||||
}
|
||||
}
|
||||
|
||||
size_t CryptoSession::GenericEncryptionBlockSize(
|
||||
CdmEncryptionAlgorithm algorithm) {
|
||||
if (kEncryptionAlgorithmAesCbc128 == algorithm) {
|
||||
return kAes128BlockSize;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
// OEMCryptoResult OEMCrypto_DecryptCENC(
|
||||
// OEMCrypto_SESSION session,
|
||||
// const OEMCrypto_SampleDescription* samples, // an array of samples.
|
||||
|
||||
Reference in New Issue
Block a user