Add decrypt hash support

[ Merge of http://go/wvgerrit/68083 ]

Add ability to query decrypt hash support, set a hash computed over a frame
and retrieve the last error at a later point.

Bug: 34080802
Test: WV unit/integration tests. New tests added to cdm_engine_test,
      libwvdrmdrmplugin_hidl_test and request_license_test.

Change-Id: I7548c8798c873a6af3e1cfc0df57c117e1e474a6

libwvdrmengine/cdm/core/src/cdm_engine.cpp

@@ -676,6 +676,8 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
       LOGW("CdmEngine::QueryStatus: GetBuildInformation failed");
       return UNKNOWN_ERROR;
     }
+  } else if (query_token == QUERY_KEY_DECRYPT_HASH_SUPPORT) {
+    *query_response = std::to_string(crypto_session->IsDecryptHashSupported());
   } else {
     LOGW("CdmEngine::QueryStatus: Unknown status requested, token = %s",
          query_token.c_str());
@@ -1643,6 +1645,86 @@ CdmResponseType CdmEngine::GenericVerify(
   return session->GenericVerify(message, key_id, algorithm, signature);
 }
 
+CdmResponseType CdmEngine::ParseDecryptHashString(
+    const std::string& hash_string,
+    CdmSessionId* session_id,
+    uint32_t* frame_number,
+    std::string* hash) {
+  if (session_id == nullptr) {
+    LOGE("CdmEngine::ParseDecryptHashString: |session_id| was not provided");
+    return PARAMETER_NULL;
+  }
+  if (frame_number == nullptr) {
+    LOGE("CdmEngine::ParseDecryptHashString: |frame_number| was not provided");
+    return PARAMETER_NULL;
+  }
+  if (hash == nullptr) {
+    LOGE("CdmEngine::ParseDecryptHashString: |hash| was not provided");
+    return PARAMETER_NULL;
+  }
+  std::stringstream ss;
+  std::string token;
+  std::vector<std::string> tokens;
+  ss.str(hash_string);
+  while (getline(ss, token, ',')) {
+    tokens.push_back(token);
+  }
+  if (tokens.size() != 3) {
+    LOGE("CdmEngine::ParseDecryptHashString: |hash_string| has invalid format, "
+         "unexpected number of tokens: %d (%s)",
+         tokens.size(), hash_string.c_str());
+    return INVALID_DECRYPT_HASH_FORMAT;
+  }
+
+  for (size_t i = 0; i < tokens.size(); ++i) {
+    if (tokens[i].empty()) {
+      LOGE("CdmEngine::ParseDecryptHashString: |hash_string| has invalid "
+           "format, token %d of length 0: %s", i, hash_string.c_str());
+      return INVALID_DECRYPT_HASH_FORMAT;
+    }
+  }
+
+  *session_id = tokens[0];
+  std::istringstream iss(tokens[1]);
+  if (!(iss >> *frame_number)) {
+    LOGE("CdmEngine::ParseDecryptHashString: error while trying to convert "
+         "frame number to a numeric format: %s", hash_string.c_str());
+    return INVALID_DECRYPT_HASH_FORMAT;
+  }
+
+  std::vector<uint8_t> hash_vec = wvcdm::Base64Decode(tokens[2]);
+  if (hash_vec.empty()) {
+    LOGE("CdmEngine::ParseDecryptHashString: malformed hash: %s",
+         hash_string.c_str());
+    return INVALID_DECRYPT_HASH_FORMAT;
+  }
+  hash->assign(hash_vec.begin(), hash_vec.end());
+  return NO_ERROR;
+}
+
+CdmResponseType CdmEngine::SetDecryptHash(
+    const CdmSessionId& session_id,
+    uint32_t frame_number,
+    const std::string& hash) {
+  LOGI("CdmEngine::SetDecryptHash");
+  std::shared_ptr<CdmSession> session;
+  if (!session_map_.FindSession(session_id, &session)) {
+    return SESSION_NOT_FOUND_20;
+  }
+  return session->SetDecryptHash(frame_number, hash);
+}
+
+CdmResponseType CdmEngine::GetDecryptHashError(
+    const CdmSessionId& session_id,
+    std::string* error_string) {
+  LOGI("CdmEngine::GetDecryptHashError");
+  std::shared_ptr<CdmSession> session;
+  if (!session_map_.FindSession(session_id, &session)) {
+    return SESSION_NOT_FOUND_20;
+  }
+  return session->GetDecryptHashError(error_string);
+}
+
 // TODO(gmorgan) Used? Delete if unused.
 bool CdmEngine::IsKeyLoaded(const KeyId& key_id) {
   CdmSessionList sessions;

libwvdrmengine/cdm/core/src/cdm_session.cpp

@@ -1068,6 +1068,16 @@ CdmResponseType CdmSession::GenericVerify(const std::string& message,
   return sts;
 }
 
+CdmResponseType CdmSession::SetDecryptHash(uint32_t frame_number,
+                                           const std::string& hash) {
+  return crypto_session_->SetDecryptHash(frame_number, hash);
+}
+
+CdmResponseType CdmSession::GetDecryptHashError(
+    std::string* error_string) {
+  return crypto_session_->GetDecryptHashError(error_string);
+}
+
 bool CdmSession::UpdateUsageInfo() {
   std::string app_id;
   GetApplicationId(&app_id);

libwvdrmengine/cdm/core/src/crypto_session.cpp

@@ -1810,6 +1810,70 @@ bool CryptoSession::GetBuildInformation(std::string* info) {
   return true;
 }
 
+uint32_t CryptoSession::IsDecryptHashSupported() {
+  LOGV("IsDecryptHashSupported");
+  if (!initialized_) return false;
+
+  uint32_t secure_decrypt_support =
+      OEMCrypto_SupportsDecryptHash(requested_security_level_);
+  switch (secure_decrypt_support) {
+    case OEMCrypto_Hash_Not_Supported:
+    case OEMCrypto_CRC_Clear_Buffer:
+    case OEMCrypto_Partner_Defined_Hash:
+      break;
+    default:
+      LOGW("OEMCrypto_SupportsDecryptHash returned unexpected result: %d",
+           secure_decrypt_support);
+      secure_decrypt_support = OEMCrypto_Hash_Not_Supported;
+      break;
+  }
+  return secure_decrypt_support;
+}
+
+CdmResponseType CryptoSession::SetDecryptHash(
+    uint32_t frame_number,
+    const std::string& hash) {
+  LOGV("SetDecryptHash");
+  OEMCryptoResult sts = OEMCrypto_SetDecryptHash(
+          oec_session_id_, frame_number,
+          reinterpret_cast<const uint8_t*>(hash.data()), hash.size());
+  if (OEMCrypto_SUCCESS != sts) {
+    LOGE("SetSecureDecryptHash: failed with error %d", sts);
+    return SET_DECRYPT_HASH_ERROR;
+  }
+  return NO_ERROR;
+}
+
+CdmResponseType CryptoSession::GetDecryptHashError(std::string* error_string) {
+  LOGV("GetDecryptHashError");
+  if (error_string == nullptr) {
+    LOGE("CryptoSession::GetDecryptHashError: |error_string| not provided");
+    return PARAMETER_NULL;
+  }
+  error_string->clear();
+
+  uint32_t failed_frame_number;
+  OEMCryptoResult sts = OEMCrypto_GetHashErrorCode(
+          oec_session_id_, &failed_frame_number);
+  error_string->assign(std::to_string(sts));
+
+  switch (sts) {
+    case OEMCrypto_SUCCESS:
+    case OEMCrypto_ERROR_BAD_HASH:
+    case OEMCrypto_ERROR_SESSION_LOST_STATE:
+    case OEMCrypto_ERROR_SYSTEM_INVALIDATED:
+      error_string->assign(std::to_string(sts));
+      error_string->append(",");
+      error_string->append(std::to_string(failed_frame_number));
+      return NO_ERROR;
+    case OEMCrypto_ERROR_UNKNOWN_FAILURE:
+    case OEMCrypto_ERROR_NOT_IMPLEMENTED:
+    default:
+      LOGE("GetDecryptHashError: failed with error %d", sts);
+      return GET_DECRYPT_HASH_ERROR;
+  }
+}
+
 CdmResponseType CryptoSession::GenericEncrypt(const std::string& in_buffer,
                                               const std::string& key_id,
                                               const std::string& iv,