widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DRM Pluging uses CDM core's generic crypto API.

Browse Source 
[ Merge of http://go/wvgerrit/173170 ]

This CL updates the Widevine's Android DRM plugin to use the generic
crypto operations provided by CDM core rather than its own
implementation.

Bug: 274984456
Test: atest WvtsDeviceTestCases
Change-Id: I94e1c92c7da577aad5ec43bd3bf0bb380b607b80
This commit is contained in:
Alex Dale
2023-05-01 11:08:32 -07:00
parent 37f125a491
commit 628d1ac38c
4 changed files with 199 additions and 356 deletions
Download Patch File Download Diff File Expand all files Collapse all files

277
libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp
View File

@@ -162,7 +162,6 @@ WVDrmPlugin::WVDrmPlugin(const android::sp<WvContentDecryptionModule>& cdm,
: mCdmIdentifierBuilder(useSpoid, *this, appPackageName),
mCDM(cdm),
mCrypto(crypto),
mCryptoSessions(),
mAppPackageName(appPackageName) {
Terminator::Register(this);
}
@@ -174,17 +173,14 @@ WVDrmPlugin::~WVDrmPlugin() {
}
void WVDrmPlugin::Close() {
typedef std::map<CdmSessionId, std::shared_ptr<CryptoSession>>::iterator mapIterator;
auto cryptoSessions = mCryptoSessions.clear();
for (mapIterator iter = cryptoSessions.begin();
iter != cryptoSessions.end(); ++iter) {
CdmResponseType res = mCDM->CloseSession(iter->first);
const auto sessionKeys = mSessionInfoMap.getKeysAndClear();
for (const auto& sessionKey : sessionKeys) {
const CdmResponseType res = mCDM->CloseSession(sessionKey);
if (!isCdmResponseTypeSuccess(res)) {
ALOGE("Failed to close session while destroying WVDrmPlugin");
ALOGE("Failed to close session while destroying WVDrmPlugin: sid = %s",
sessionKey.c_str());
}
}
// clear local copy of cryptoSessions map
cryptoSessions.clear();
if (mCdmIdentifierBuilder.is_sealed()) {
CdmIdentifier identifier;
@@ -219,15 +215,15 @@ WvStatus WVDrmPlugin::openSessionCommon(vector<uint8_t>& sessionId) {
bool success = false;
// Construct a CryptoSession
// Construct a SessionInfo
CdmQueryMap info;
res = mCDM->QueryOemCryptoSessionId(cdmSessionId, &info);
if (isCdmResponseTypeSuccess(res) &&
info.count(wvcdm::QUERY_KEY_OEMCRYPTO_SESSION_ID)) {
OEMCrypto_SESSION oecSessionId =
const OEMCrypto_SESSION oecSessionId =
std::stoul(info[wvcdm::QUERY_KEY_OEMCRYPTO_SESSION_ID]);
mCryptoSessions.insert(cdmSessionId, oecSessionId);
mSessionInfoMap.insert(cdmSessionId, oecSessionId);
success = true;
} else {
ALOGE("Unable to query key control info.");
@@ -325,7 +321,7 @@ SecurityLevel WVDrmPlugin::mapSecurityLevel(const std::string& level) {
}
CdmSessionId cdmSessionId(in_sessionId.begin(), in_sessionId.end());
CdmResponseType res = mCDM->CloseSession(cdmSessionId);
mCryptoSessions.erase(cdmSessionId);
mSessionInfoMap.erase(cdmSessionId);
if (!isCdmResponseTypeSuccess(res)) {
return toNdkScopedAStatus(Status::ERROR_DRM_SESSION_NOT_OPENED);
}
@@ -1223,7 +1219,7 @@ Status WVDrmPlugin::unprovisionDevice() {
std::string _value(in_value.c_str());
if (name == "securityLevel") {
if (mCryptoSessions.empty()) {
if (mSessionInfoMap.empty()) {
if (_value == wvcdm::QUERY_VALUE_SECURITY_LEVEL_L3.c_str()) {
mPropertySet.set_security_level(wvcdm::QUERY_VALUE_SECURITY_LEVEL_L3);
} else if (_value == wvcdm::QUERY_VALUE_SECURITY_LEVEL_L1.c_str()) {
@@ -1263,7 +1259,7 @@ Status WVDrmPlugin::unprovisionDevice() {
return toNdkScopedAStatus(Status::BAD_VALUE);
}
} else if (name == "sessionSharing") {
if (mCryptoSessions.empty()) {
if (mSessionInfoMap.empty()) {
if (_value == kEnable) {
mPropertySet.set_is_session_sharing_enabled(true);
} else if (_value == kDisable) {
@@ -1278,7 +1274,7 @@ Status WVDrmPlugin::unprovisionDevice() {
return toNdkScopedAStatus(Status::ERROR_DRM_UNKNOWN);
}
} else if (name == "appId") {
if (mCryptoSessions.empty()) {
if (mSessionInfoMap.empty()) {
mPropertySet.set_app_id(_value.c_str());
} else {
ALOGE("App tried to set the application id while sessions are opened.");
@@ -1286,7 +1282,7 @@ Status WVDrmPlugin::unprovisionDevice() {
return toNdkScopedAStatus(Status::ERROR_DRM_UNKNOWN);
}
} else if (name == "origin") {
if (!mCryptoSessions.empty()) {
if (!mSessionInfoMap.empty()) {
ALOGE("App tried to set the origin while sessions are opened.");
ALOGW("Returns UNKNOWN error for legacy status kErrorSessionIsOpen");
return toNdkScopedAStatus(Status::ERROR_DRM_UNKNOWN);
@@ -1408,46 +1404,42 @@ Status WVDrmPlugin::unprovisionDevice() {
::ndk::ScopedAStatus WVDrmPlugin::setCipherAlgorithm(
const vector<uint8_t>& in_sessionId, const std::string& in_algorithm) {
if (in_sessionId.size() == 0 || in_algorithm.size() == 0) {
if (in_sessionId.empty() || in_algorithm.empty()) {
return toNdkScopedAStatus(Status::BAD_VALUE);
}
std::string algo(in_algorithm.c_str());
const std::string algo(in_algorithm.c_str());
CdmSessionId cdmSessionId(in_sessionId.begin(), in_sessionId.end());
shared_ptr<CryptoSession> cryptoSession = mCryptoSessions.get(cdmSessionId);
if (cryptoSession == nullptr) {
const CdmSessionId cdmSessionId(in_sessionId.begin(), in_sessionId.end());
shared_ptr<SessionInfo> sessionInfo = mSessionInfoMap.get(cdmSessionId);
if (!sessionInfo) {
return toNdkScopedAStatus(Status::ERROR_DRM_SESSION_NOT_OPENED);
}
if (algo == "AES/CBC/NoPadding") {
cryptoSession->setCipherAlgorithm(OEMCrypto_AES_CBC_128_NO_PADDING);
} else {
return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE);
sessionInfo->setEncryptionAlgorithm(wvcdm::kEncryptionAlgorithmAesCbc128);
return toNdkScopedAStatus(Status::OK);
}
return toNdkScopedAStatus(Status::OK);
return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE);
}
::ndk::ScopedAStatus WVDrmPlugin::setMacAlgorithm(
const vector<uint8_t>& in_sessionId, const std::string& in_algorithm) {
if (in_sessionId.size() == 0 || in_algorithm.size() == 0) {
if (in_sessionId.empty() || in_algorithm.empty()) {
return toNdkScopedAStatus(Status::BAD_VALUE);
}
std::string algo(in_algorithm.c_str());
const std::string algo(in_algorithm.c_str());
CdmSessionId cdmSessionId(in_sessionId.begin(), in_sessionId.end());
shared_ptr<CryptoSession> cryptoSession = mCryptoSessions.get(cdmSessionId);
if (cryptoSession == nullptr) {
const CdmSessionId cdmSessionId(in_sessionId.begin(), in_sessionId.end());
shared_ptr<SessionInfo> sessionInfo = mSessionInfoMap.get(cdmSessionId);
if (!sessionInfo) {
return toNdkScopedAStatus(Status::ERROR_DRM_SESSION_NOT_OPENED);
}
if (algo == "HmacSHA256") {
cryptoSession->setMacAlgorithm(OEMCrypto_HMAC_SHA256);
} else {
return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE);
sessionInfo->setSigningAlgorithm(wvcdm::kSigningAlgorithmHmacSha256);
return toNdkScopedAStatus(Status::OK);
}
return toNdkScopedAStatus(Status::OK);
return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE);
}
::ndk::ScopedAStatus WVDrmPlugin::encrypt(const vector<uint8_t>& in_sessionId,
@@ -1455,43 +1447,32 @@ Status WVDrmPlugin::unprovisionDevice() {
const vector<uint8_t>& in_input,
const vector<uint8_t>& in_iv,
vector<uint8_t>* _aidl_return) {
vector<uint8_t> output;
*_aidl_return = output;
CdmSessionId cdmSessionId(in_sessionId.begin(), in_sessionId.end());
const shared_ptr<CryptoSession> cryptoSession = mCryptoSessions.get(cdmSessionId);
if (cryptoSession == nullptr) {
_aidl_return->clear();
const CdmSessionId cdmSessionId(in_sessionId.begin(), in_sessionId.end());
shared_ptr<SessionInfo> sessionInfo = mSessionInfoMap.get(cdmSessionId);
if (!sessionInfo) {
return toNdkScopedAStatus(Status::ERROR_DRM_SESSION_NOT_OPENED);
}
if (cryptoSession->cipherAlgorithm() == kInvalidCryptoAlgorithm) {
ALOGW("Returns UNKNOWN error for legacy status NO_INIT");
if (!sessionInfo->hasEncryptionAlgorithm()) {
ALOGW("Encryption algorithm not set");
return toNdkScopedAStatus(Status::ERROR_DRM_UNKNOWN);
}
OEMCryptoResult res = mCrypto->selectKey(cryptoSession->oecSessionId(),
in_keyId.data(), in_keyId.size());
std::string output;
const CdmResponseType result = mCDM->GenericEncrypt(
cdmSessionId, KeyId(in_keyId.begin(), in_keyId.end()),
std::string(in_input.begin(), in_input.end()),
std::string(in_iv.begin(), in_iv.end()),
sessionInfo->getEncryptionAlgorithm(), &output);
if (res != OEMCrypto_SUCCESS) {
ALOGE("OEMCrypto_SelectKey failed with %u", res);
return toNdkScopedAStatus(mapAndNotifyOfOEMCryptoResult(in_sessionId, res));
if (!result.IsOk()) {
ALOGE("Generic encryption failed: %s", result.ToString().c_str());
return toNdkScopedAStatus(
mapAndNotifyOfCdmResponseType(in_sessionId, result));
}
output.resize(in_input.size());
Status status = Status::OK;
res = mCrypto->encrypt(cryptoSession->oecSessionId(), in_input.data(),
in_input.size(), in_iv.data(),
cryptoSession->cipherAlgorithm(), output.data());
*_aidl_return = output;
if (res == OEMCrypto_SUCCESS) {
status = Status::OK;
} else {
ALOGE("OEMCrypto_Generic_Encrypt failed with %u", res);
status = mapAndNotifyOfOEMCryptoResult(in_sessionId, res);
}
return toNdkScopedAStatus(status);
_aidl_return->assign(output.begin(), output.end());
return toNdkScopedAStatus(Status::OK);
}
::ndk::ScopedAStatus WVDrmPlugin::decrypt(const vector<uint8_t>& in_sessionId,
@@ -1499,105 +1480,63 @@ Status WVDrmPlugin::unprovisionDevice() {
const vector<uint8_t>& in_input,
const vector<uint8_t>& in_iv,
vector<uint8_t>* _aidl_return) {
vector<uint8_t> output;
*_aidl_return = output;
CdmSessionId cdmSessionId(in_sessionId.begin(), in_sessionId.end());
const shared_ptr<CryptoSession> cryptoSession = mCryptoSessions.get(cdmSessionId);
if (cryptoSession == nullptr) {
_aidl_return->clear();
const CdmSessionId cdmSessionId(in_sessionId.begin(), in_sessionId.end());
shared_ptr<SessionInfo> sessionInfo = mSessionInfoMap.get(cdmSessionId);
if (!sessionInfo) {
return toNdkScopedAStatus(Status::ERROR_DRM_SESSION_NOT_OPENED);
}
if (cryptoSession->cipherAlgorithm() == kInvalidCryptoAlgorithm) {
ALOGW("Returns UNKNOWN error for legacy status NO_INIT");
if (!sessionInfo->hasEncryptionAlgorithm()) {
ALOGW("Encryption algorithm not set");
return toNdkScopedAStatus(Status::ERROR_DRM_UNKNOWN);
}
OEMCryptoResult res = mCrypto->selectKey(cryptoSession->oecSessionId(),
in_keyId.data(), in_keyId.size());
std::string output;
const CdmResponseType result = mCDM->GenericDecrypt(
cdmSessionId, KeyId(in_keyId.begin(), in_keyId.end()),
std::string(in_input.begin(), in_input.end()),
std::string(in_iv.begin(), in_iv.end()),
sessionInfo->getEncryptionAlgorithm(), &output);
if (res != OEMCrypto_SUCCESS) {
ALOGE("OEMCrypto_SelectKey failed with %u", res);
return toNdkScopedAStatus(mapAndNotifyOfOEMCryptoResult(in_sessionId, res));
if (!result.IsOk()) {
ALOGE("Generic decryption failed: %s", result.ToString().c_str());
return toNdkScopedAStatus(
mapAndNotifyOfCdmResponseType(in_sessionId, result));
}
output.resize(in_input.size());
Status status = Status::OK;
res = mCrypto->decrypt(cryptoSession->oecSessionId(), in_input.data(),
in_input.size(), in_iv.data(),
cryptoSession->cipherAlgorithm(), output.data());
*_aidl_return = output;
if (res == OEMCrypto_SUCCESS) {
status = Status::OK;
} else {
ALOGE("OEMCrypto_Generic_Decrypt failed with %u", res);
status = mapAndNotifyOfOEMCryptoResult(in_sessionId, res);
}
return toNdkScopedAStatus(status);
_aidl_return->assign(output.begin(), output.end());
return toNdkScopedAStatus(Status::OK);
}
::ndk::ScopedAStatus WVDrmPlugin::sign(const vector<uint8_t>& in_sessionId,
const vector<uint8_t>& in_keyId,
const vector<uint8_t>& in_message,
vector<uint8_t>* _aidl_return) {
vector<uint8_t> signature;
*_aidl_return = signature;
CdmSessionId cdmSessionId(in_sessionId.begin(), in_sessionId.end());
const shared_ptr<CryptoSession> cryptoSession = mCryptoSessions.get(cdmSessionId);
if (cryptoSession == nullptr) {
_aidl_return->clear();
const CdmSessionId cdmSessionId(in_sessionId.begin(), in_sessionId.end());
shared_ptr<SessionInfo> sessionInfo = mSessionInfoMap.get(cdmSessionId);
if (!sessionInfo) {
return toNdkScopedAStatus(Status::ERROR_DRM_SESSION_NOT_OPENED);
}
if (cryptoSession->macAlgorithm() == kInvalidCryptoAlgorithm) {
ALOGW("Returns UNKNOWN error for legacy status NO_INIT");
if (!sessionInfo->hasSigningAlgorithm()) {
ALOGW("Signing algorithm not set");
return toNdkScopedAStatus(Status::ERROR_DRM_UNKNOWN);
}
OEMCryptoResult res = mCrypto->selectKey(cryptoSession->oecSessionId(),
in_keyId.data(), in_keyId.size());
std::string signature;
const CdmResponseType result =
mCDM->GenericSign(cdmSessionId, KeyId(in_keyId.begin(), in_keyId.end()),
std::string(in_message.begin(), in_message.end()),
sessionInfo->getSigningAlgorithm(), &signature);
if (res != OEMCrypto_SUCCESS) {
ALOGE("OEMCrypto_SelectKey failed with %u", res);
return toNdkScopedAStatus(mapAndNotifyOfOEMCryptoResult(in_sessionId, res));
if (!result.IsOk()) {
ALOGE("Generic signature failed: %s", result.ToString().c_str());
return toNdkScopedAStatus(
mapAndNotifyOfCdmResponseType(in_sessionId, result));
}
size_t signatureSize = 0;
res = mCrypto->sign(cryptoSession->oecSessionId(), in_message.data(),
in_message.size(), cryptoSession->macAlgorithm(), nullptr,
&signatureSize);
Status status = Status::OK;
if (res != OEMCrypto_ERROR_SHORT_BUFFER) {
ALOGE(
"OEMCrypto_Generic_Sign failed with %u when requesting signature "
"size",
res);
if (res != OEMCrypto_SUCCESS) {
status = mapAndNotifyOfOEMCryptoResult(in_sessionId, res);
} else {
status = Status::ERROR_DRM_UNKNOWN;
}
return toNdkScopedAStatus(status);
}
signature.resize(signatureSize);
res = mCrypto->sign(cryptoSession->oecSessionId(), in_message.data(),
in_message.size(), cryptoSession->macAlgorithm(),
signature.data(), &signatureSize);
*_aidl_return = signature;
if (res == OEMCrypto_SUCCESS) {
status = Status::OK;
} else {
ALOGE("OEMCrypto_Generic_Sign failed with %u", res);
status = mapAndNotifyOfOEMCryptoResult(in_sessionId, res);
}
return toNdkScopedAStatus(status);
_aidl_return->assign(signature.begin(), signature.end());
return toNdkScopedAStatus(Status::OK);
}
::ndk::ScopedAStatus WVDrmPlugin::verify(const vector<uint8_t>& in_sessionId,
@@ -1605,46 +1544,38 @@ Status WVDrmPlugin::unprovisionDevice() {
const vector<uint8_t>& in_message,
const vector<uint8_t>& in_signature,
bool* _aidl_return) {
bool match = false;
*_aidl_return = match;
CdmSessionId cdmSessionId(in_sessionId.begin(), in_sessionId.end());
const shared_ptr<CryptoSession> cryptoSession = mCryptoSessions.get(cdmSessionId);
if (cryptoSession == nullptr) {
*_aidl_return = false;
const CdmSessionId cdmSessionId(in_sessionId.begin(), in_sessionId.end());
shared_ptr<SessionInfo> sessionInfo = mSessionInfoMap.get(cdmSessionId);
if (!sessionInfo) {
return toNdkScopedAStatus(Status::ERROR_DRM_SESSION_NOT_OPENED);
}
if (cryptoSession->macAlgorithm() == kInvalidCryptoAlgorithm) {
ALOGW("Returns UNKNOWN error for legacy status NO_INIT");
if (!sessionInfo->hasSigningAlgorithm()) {
ALOGW("Signing algorithm not set");
return toNdkScopedAStatus(Status::ERROR_DRM_UNKNOWN);
}
OEMCryptoResult res = mCrypto->selectKey(cryptoSession->oecSessionId(),
in_keyId.data(), in_keyId.size());
const CdmResponseType result = mCDM->GenericVerify(
cdmSessionId, KeyId(in_keyId.begin(), in_keyId.end()),
std::string(in_message.begin(), in_message.end()),
sessionInfo->getSigningAlgorithm(),
std::string(in_signature.begin(), in_signature.end()));
if (res != OEMCrypto_SUCCESS) {
ALOGE("OEMCrypto_SelectKey failed with %u", res);
return toNdkScopedAStatus(mapAndNotifyOfOEMCryptoResult(in_sessionId, res));
if (result.IsOk()) {
*_aidl_return = true;
return toNdkScopedAStatus(Status::OK);
}
res = mCrypto->verify(cryptoSession->oecSessionId(), in_message.data(),
in_message.size(), cryptoSession->macAlgorithm(),
in_signature.data(), in_signature.size());
Status status = Status::OK;
if (res == OEMCrypto_SUCCESS) {
match = true;
status = Status::OK;
} else if (res == OEMCrypto_ERROR_SIGNATURE_FAILURE) {
match = false;
status = Status::OK;
} else {
ALOGE("OEMCrypto_Generic_Verify failed with %u", res);
match = false;
status = mapAndNotifyOfOEMCryptoResult(in_sessionId, res);
if (result == wvcdm::UNKNOWN_ERROR &&
result.oemc_result() == OEMCrypto_ERROR_SIGNATURE_FAILURE) {
// TODO(b/279245250): Use a better error code.
return toNdkScopedAStatus(Status::OK);
}
*_aidl_return = match;
return toNdkScopedAStatus(status);
ALOGE("Generic verify failed: %s", result.ToString().c_str());
return toNdkScopedAStatus(
mapAndNotifyOfCdmResponseType(in_sessionId, result));
}
::ndk::ScopedAStatus WVDrmPlugin::signRSA(const vector<uint8_t>& in_sessionId,