widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use Inheritence for OEMCrypto Mock Properties

Browse Source 
Merge from Widevine repo of http://go/wvgerrit/24728

We use compiler options to set different properties in the oemcrypto
mock.  With this CL, we define a base class that has default
properties.  All other variants need only define the properties that
they change.

b/35141278
b/37353534

Change-Id: Id38ec5bf35dcd83cea9a066ebe201e6da7c1a2b0
This commit is contained in:
Fred Gylys-Colwell
2017-04-14 13:47:02 -07:00
parent 86db60d097
commit ab0d00b92a
8 changed files with 215 additions and 349 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_device_properties.cpp
View File

@@ -6,67 +6,8 @@
namespace wvoec_mock { namespace wvoec_mock {
// Configuration constants for CryptoEngine behavior CryptoEngine* CryptoEngine::MakeCryptoEngine(wvcdm::FileSystem* file_system) {
return new CryptoEngine(file_system);
// If config_local_display_only() returns true, we pretend we are using a
// built-in display, instead of HDMI or WiFi output.
bool CryptoEngine::config_local_display_only() {
return false;
}
// A closed platform is permitted to use clear buffers.
bool CryptoEngine::config_closed_platform() {
return false;
}
// Returns the HDCP version currently in use.
OEMCrypto_HDCP_Capability CryptoEngine::config_current_hdcp_capability() {
return config_local_display_only() ? HDCP_NO_DIGITAL_OUTPUT : HDCP_V1;
}
// Returns the max HDCP version supported.
OEMCrypto_HDCP_Capability CryptoEngine::config_maximum_hdcp_capability() {
return HDCP_V2;
}
// Returns true if the client supports persistent storage of
// offline usage table information.
bool CryptoEngine::config_supports_usage_table() {
return true;
}
// Returns true if the client uses a keybox as the root of trust.
bool CryptoEngine::config_supports_keybox() {
return true;
}
// This version uses a keybox.
OEMCrypto_ProvisioningMethod CryptoEngine::config_provisioning_method() {
return OEMCrypto_Keybox;
}
OEMCryptoResult CryptoEngine::get_oem_certificate(SessionContext *session,
uint8_t *public_cert,
size_t *public_cert_length) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
// Returns false for mock library to indicate the client does not support
// anti-rollback hardware.
bool CryptoEngine::config_is_anti_rollback_hw_present() {
return false;
}
// Returns "L3" for a software only library. L1 is for hardware protected
// data paths.
const char* CryptoEngine::config_security_level() {
return "L3";
}
// This should start at 0, and be incremented only when a security patch has
// been applied to the device that fixes a security bug.
uint8_t CryptoEngine::config_security_patch_level() {
return 0;
} }
} // namespace wvoec_mock } // namespace wvoec_mock

68
libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_device_properties_L1.cpp
View File

@@ -8,64 +8,28 @@
namespace wvoec_mock { namespace wvoec_mock {
// If config_local_display_only() returns true, we pretend we are using a class L1CryptoEngine : public CryptoEngine {
// built-in display, instead of HDMI or WiFi output. public:
bool CryptoEngine::config_local_display_only() { explicit L1CryptoEngine(wvcdm::FileSystem* file_system)
return true; : CryptoEngine(file_system) {}
}
// A closed platform is permitted to use clear buffers. bool config_local_display_only() { return true; }
bool CryptoEngine::config_closed_platform() {
return false;
}
// Returns the HDCP version currently in use. OEMCrypto_HDCP_Capability config_maximum_hdcp_capability() {
OEMCrypto_HDCP_Capability CryptoEngine::config_current_hdcp_capability() { return HDCP_V2;
return config_local_display_only() ? HDCP_NO_DIGITAL_OUTPUT : HDCP_V1; }
}
// Returns the max HDCP version supported. bool config_is_anti_rollback_hw_present() { return true; }
OEMCrypto_HDCP_Capability CryptoEngine::config_maximum_hdcp_capability() {
return HDCP_NO_DIGITAL_OUTPUT;
}
// Returns true if the client supports persistent storage of const char* config_security_level() { return "L1"; }
// offline usage table information.
bool CryptoEngine::config_supports_usage_table() {
return true;
}
// Returns true if the client uses a keybox as the root of trust. // This should start at 0, and be incremented only when a security patch has
bool CryptoEngine::config_supports_keybox() { // been applied to the device that fixes a security bug.
return true; uint8_t config_security_patch_level() { return 3; }
} };
// This version uses a keybox. CryptoEngine* CryptoEngine::MakeCryptoEngine(wvcdm::FileSystem* file_system) {
OEMCrypto_ProvisioningMethod CryptoEngine::config_provisioning_method() { return new L1CryptoEngine(file_system);
return OEMCrypto_Keybox;
}
OEMCryptoResult CryptoEngine::get_oem_certificate(SessionContext *session,
uint8_t *public_cert,
size_t *public_cert_length) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
// Returns true to indicate the client does support anti-rollback hardware.
bool CryptoEngine::config_is_anti_rollback_hw_present() {
return true;
}
// Returns "L3" for a software only library. L1 is for hardware protected
// data paths.
const char* CryptoEngine::config_security_level() {
return "L1";
}
// This should start at 0, and be incremented only when a security patch has
// been applied to the device that fixes a security bug.
uint8_t CryptoEngine::config_security_patch_level() {
return 3;
} }
} // namespace wvoec_mock } // namespace wvoec_mock

75
libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_device_properties_cert.cpp
View File

@@ -2,72 +2,33 @@
// //
// Mock implementation of OEMCrypto APIs // Mock implementation of OEMCrypto APIs
// //
// This file contains oemcrypto engine properties that would be for a // This file contains oemcrypto engine properties that would be for a device
// level 2 device that does not have persistant storage or a keybox. // that does not have persistant storage or a keybox.
// Note: this is for illustration only. Production devices are rarely level 2. //
// Note: We also define it to be L2 for illustration only. Production devices
// are rarely level 2.
#include "oemcrypto_engine_mock.h" #include "oemcrypto_engine_mock.h"
namespace wvoec_mock { namespace wvoec_mock {
// If config_local_display_only() returns true, we pretend we are using a class CertOnlyCryptoEngine : public CryptoEngine {
// built-in display, instead of HDMI or WiFi output. public:
bool CryptoEngine::config_local_display_only() { explicit CertOnlyCryptoEngine(wvcdm::FileSystem* file_system)
return true; : CryptoEngine(file_system) {}
}
// A closed platform is permitted to use clear buffers. bool config_local_display_only() { return true; }
bool CryptoEngine::config_closed_platform() {
return false;
}
// Returns the HDCP version currently in use. bool config_supports_usage_table() { return false; }
OEMCrypto_HDCP_Capability CryptoEngine::config_current_hdcp_capability() {
return config_local_display_only() ? HDCP_NO_DIGITAL_OUTPUT : HDCP_V1;
}
// Returns the max HDCP version supported. OEMCrypto_ProvisioningMethod config_provisioning_method() {
OEMCrypto_HDCP_Capability CryptoEngine::config_maximum_hdcp_capability() { return OEMCrypto_DrmCertificate;
return HDCP_NO_DIGITAL_OUTPUT; }
}
// Returns true if the client supports persistent storage of const char* config_security_level() { return "L2"; }
// offline usage table information. };
bool CryptoEngine::config_supports_usage_table() {
return false;
}
// Returns true if the client uses a keybox as the root of trust. CryptoEngine* CryptoEngine::MakeCryptoEngine(wvcdm::FileSystem* file_system) {
bool CryptoEngine::config_supports_keybox() { return new CertOnlyCryptoEngine(file_system);
return false;
}
// This version uses a baked in DRM certificate.
OEMCrypto_ProvisioningMethod CryptoEngine::config_provisioning_method() {
return OEMCrypto_DrmCertificate;
}
OEMCryptoResult CryptoEngine::get_oem_certificate(SessionContext *session,
uint8_t *public_cert,
size_t *public_cert_length) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
// Returns true to indicate the client does support anti-rollback hardware.
bool CryptoEngine::config_is_anti_rollback_hw_present() {
return false;
}
// Returns "L3" for a software only library. L1 is for hardware protected keys
// and data paths. L2 is for hardware protected keys but no data path
// protection.
const char* CryptoEngine::config_security_level() {
return "L2";
}
// This should start at 0, and be incremented only when a security patch has
// been applied to the device that fixes a security bug.
uint8_t CryptoEngine::config_security_patch_level() {
return 0;
} }
} // namespace wvoec_mock } // namespace wvoec_mock

108
libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_device_properties_prov30.cpp
View File

@@ -14,84 +14,52 @@
namespace wvoec_mock { namespace wvoec_mock {
// If config_local_display_only() returns true, we pretend we are using a class Prov30CryptoEngine : public CryptoEngine {
// built-in display, instead of HDMI or WiFi output. public:
bool CryptoEngine::config_local_display_only() { explicit Prov30CryptoEngine(wvcdm::FileSystem* file_system)
return true; : CryptoEngine(file_system) {}
}
// A closed platform is permitted to use clear buffers. bool config_local_display_only() { return true; }
bool CryptoEngine::config_closed_platform() {
return false;
}
// Returns the HDCP version currently in use. bool config_supports_usage_table() { return false; }
OEMCrypto_HDCP_Capability CryptoEngine::config_current_hdcp_capability() {
return config_local_display_only() ? HDCP_NO_DIGITAL_OUTPUT : HDCP_V1;
}
// Returns the max HDCP version supported. OEMCrypto_ProvisioningMethod config_provisioning_method() {
OEMCrypto_HDCP_Capability CryptoEngine::config_maximum_hdcp_capability() { return OEMCrypto_OEMCertificate;
return HDCP_NO_DIGITAL_OUTPUT;
}
// Returns true if the client supports persistent storage of
// offline usage table information.
bool CryptoEngine::config_supports_usage_table() {
return false;
}
// Returns true if the client uses a keybox as the root of trust.
bool CryptoEngine::config_supports_keybox() {
return false;
}
// This version uses a keybox.
OEMCrypto_ProvisioningMethod CryptoEngine::config_provisioning_method() {
return OEMCrypto_OEMCertificate;
}
OEMCryptoResult CryptoEngine::get_oem_certificate(SessionContext *session,
uint8_t *public_cert,
size_t *public_cert_length) {
if (kOEMPublicCertSize == 0) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
} }
if (public_cert_length == NULL) {
return OEMCrypto_ERROR_UNKNOWN_FAILURE; OEMCryptoResult get_oem_certificate(SessionContext* session,
} uint8_t* public_cert,
if (*public_cert_length < kOEMPublicCertSize) { size_t* public_cert_length) {
if (kOEMPublicCertSize == 0) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
if (public_cert_length == NULL) {
return OEMCrypto_ERROR_UNKNOWN_FAILURE;
}
if (*public_cert_length < kOEMPublicCertSize) {
*public_cert_length = kOEMPublicCertSize;
return OEMCrypto_ERROR_SHORT_BUFFER;
}
*public_cert_length = kOEMPublicCertSize; *public_cert_length = kOEMPublicCertSize;
return OEMCrypto_ERROR_SHORT_BUFFER; if (public_cert == NULL) {
return OEMCrypto_ERROR_SHORT_BUFFER;
}
memcpy(public_cert, kOEMPublicCert, kOEMPublicCertSize);
if (!session->LoadRSAKey(kOEMPrivateKey, kOEMPrivateKeySize)) {
LOGE("Private RSA Key did not load correctly.");
return OEMCrypto_ERROR_INVALID_RSA_KEY;
}
return OEMCrypto_SUCCESS;
} }
*public_cert_length = kOEMPublicCertSize;
if (public_cert == NULL) {
return OEMCrypto_ERROR_SHORT_BUFFER;
}
memcpy(public_cert, kOEMPublicCert, kOEMPublicCertSize);
if (!session->LoadRSAKey(kOEMPrivateKey, kOEMPrivateKeySize)) {
LOGE("Private RSA Key did not load correctly.");
return OEMCrypto_ERROR_INVALID_RSA_KEY;
}
return OEMCrypto_SUCCESS;
}
// Returns true to indicate the client does support anti-rollback hardware. // Returns "L3" for a software only library. L1 is for hardware protected
bool CryptoEngine::config_is_anti_rollback_hw_present() { // keys and data paths. L2 is for hardware protected keys but no data path
return false; // protection.
} const char* config_security_level() { return "L2"; }
};
// Returns "L3" for a software only library. L1 is for hardware protected keys CryptoEngine* CryptoEngine::MakeCryptoEngine(wvcdm::FileSystem* file_system) {
// and data paths. L2 is for hardware protected keys but no data path return new Prov30CryptoEngine(file_system);
// protection.
const char* CryptoEngine::config_security_level() {
return "L2";
}
// This should start at 0, and be incremented only when a security patch has
// been applied to the device that fixes a security bug.
uint8_t CryptoEngine::config_security_patch_level() {
return 0;
} }
} // namespace wvoec_mock } // namespace wvoec_mock

47
libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.cpp
View File

@@ -43,8 +43,6 @@ CryptoEngine::~CryptoEngine() {
sessions_.clear(); sessions_.clear();
} }
void CryptoEngine::Terminate() {}
SessionId CryptoEngine::CreateSession() { SessionId CryptoEngine::CreateSession() {
wvcdm::AutoLock lock(session_table_lock_); wvcdm::AutoLock lock(session_table_lock_);
static int unique_id = 1; static int unique_id = 1;
@@ -76,4 +74,49 @@ SessionContext* CryptoEngine::FindSession(SessionId sid) {
return NULL; return NULL;
} }
OEMCrypto_HDCP_Capability CryptoEngine::config_current_hdcp_capability() {
return config_local_display_only() ? HDCP_NO_DIGITAL_OUTPUT : HDCP_V1;
}
OEMCrypto_HDCP_Capability CryptoEngine::config_maximum_hdcp_capability() {
return HDCP_NO_DIGITAL_OUTPUT;
}
OEMCryptoResult CryptoEngine::SetDestination(
OEMCrypto_DestBufferDesc* out_description, size_t data_length,
uint8_t subsample_flags) {
size_t max_length = 0;
switch (out_description->type) {
case OEMCrypto_BufferType_Clear:
destination_ = out_description->buffer.clear.address;
max_length = out_description->buffer.clear.max_length;
break;
case OEMCrypto_BufferType_Secure:
destination_ =
reinterpret_cast<uint8_t*>(out_description->buffer.secure.handle) +
out_description->buffer.secure.offset;
max_length = out_description->buffer.secure.max_length -
out_description->buffer.secure.offset;
break;
case OEMCrypto_BufferType_Direct:
// Direct buffer type is only used on some specialized devices where
// oemcrypto has a direct connection to the screen buffer. It is not,
// for example, supported on Android.
destination_ = NULL;
break;
default:
return OEMCrypto_ERROR_INVALID_CONTEXT;
}
if (out_description->type != OEMCrypto_BufferType_Direct &&
max_length < data_length) {
LOGE("[SetDestination(): OEMCrypto_ERROR_SHORT_BUFFER]");
return OEMCrypto_ERROR_SHORT_BUFFER;
}
if ((out_description->type != OEMCrypto_BufferType_Direct) &&
(destination_ == NULL)) {
return OEMCrypto_ERROR_INVALID_CONTEXT;
}
return OEMCrypto_SUCCESS;
}
} // namespace wvoec_mock } // namespace wvoec_mock

76
libwvdrmengine/oemcrypto/mock/src/oemcrypto_engine_mock.h
View File

@@ -28,10 +28,14 @@ typedef std::map<SessionId, SessionContext*> ActiveSessions;
class CryptoEngine { class CryptoEngine {
public: public:
CryptoEngine(wvcdm::FileSystem* file_system); // This is like a factory method, except we choose which version to use at
~CryptoEngine(); // compile time. It is defined in several source files. The build system
// should choose which one to use by only linking in the correct one.
static CryptoEngine* MakeCryptoEngine(wvcdm::FileSystem* file_system);
bool Initialized() { return true; } virtual ~CryptoEngine();
virtual bool Initialize() { return true; }
bool ValidRootOfTrust() { return root_of_trust_.Validate(); } bool ValidRootOfTrust() { return root_of_trust_.Validate(); }
@@ -59,7 +63,7 @@ class CryptoEngine {
return root_of_trust_.DeviceToken(); return root_of_trust_.DeviceToken();
} }
void Terminate(); virtual void Terminate() {}
SessionId CreateSession(); SessionId CreateSession();
@@ -75,24 +79,60 @@ class CryptoEngine {
return kMaxSupportedOEMCryptoSessions; return kMaxSupportedOEMCryptoSessions;
} }
// Configuration constants - controls behavior of this CryptoEngine // Returns the HDCP version currently in use.
OEMCrypto_HDCP_Capability config_current_hdcp_capability(); virtual OEMCrypto_HDCP_Capability config_current_hdcp_capability();
OEMCrypto_HDCP_Capability config_maximum_hdcp_capability();
// Returns the max HDCP version supported.
virtual OEMCrypto_HDCP_Capability config_maximum_hdcp_capability();
UsageTable& usage_table() { return usage_table_; } UsageTable& usage_table() { return usage_table_; }
wvcdm::FileSystem* file_system() { return file_system_; } wvcdm::FileSystem* file_system() { return file_system_; }
bool config_local_display_only(); // If config_local_display_only() returns true, we pretend we are using a
bool config_closed_platform(); // built-in display, instead of HDMI or WiFi output.
bool config_supports_usage_table(); virtual bool config_local_display_only() { return false; }
bool config_supports_keybox();
OEMCrypto_ProvisioningMethod config_provisioning_method(); // A closed platform is permitted to use clear buffers.
OEMCryptoResult get_oem_certificate(SessionContext* session, virtual bool config_closed_platform() { return false; }
uint8_t* public_cert,
size_t* public_cert_length); // Returns true if the client supports persistent storage of
bool config_is_anti_rollback_hw_present(); // offline usage table information.
const char* config_security_level(); virtual bool config_supports_usage_table() { return true; }
uint8_t config_security_patch_level();
virtual OEMCrypto_ProvisioningMethod config_provisioning_method() {
return OEMCrypto_Keybox;
}
virtual OEMCryptoResult get_oem_certificate(SessionContext* session,
uint8_t* public_cert,
size_t* public_cert_length) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED;
}
// Used for OEMCrypto_IsAntiRollbackHwPresent.
virtual bool config_is_anti_rollback_hw_present() { return false; }
// Returns "L3" for a software only library. L1 is for hardware protected
// data paths.
virtual const char* config_security_level() { return "L3"; }
// This should start at 0, and be incremented only when a security patch has
// been applied to the device that fixes a security bug.
virtual uint8_t config_security_patch_level() { return 0; }
// If 0 no restriction, otherwise it's the max buffer for DecryptCENC.
virtual size_t max_buffer_size() { return 1024 * 100; } // 100 KiB.
// Set destination pointer based on the output destination description.
OEMCryptoResult SetDestination(OEMCrypto_DestBufferDesc* out_description,
size_t data_length, uint8_t subsample_flags);
// The current destination.
uint8_t* destination() { return destination_; }
protected:
explicit CryptoEngine(wvcdm::FileSystem* file_system);
uint8_t* destination_;
private: private:
ActiveSessions sessions_; ActiveSessions sessions_;

117
libwvdrmengine/oemcrypto/mock/src/oemcrypto_mock.cpp
View File

@@ -28,7 +28,6 @@
namespace { namespace {
const uint8_t kBakedInCertificateMagicBytes[] = {0xDE, 0xAD, 0xBE, 0xEF}; const uint8_t kBakedInCertificateMagicBytes[] = {0xDE, 0xAD, 0xBE, 0xEF};
const size_t kMaxBufferSize = 1024 * 100; // 100KiB
} // namespace } // namespace
namespace wvoec_mock { namespace wvoec_mock {
@@ -48,17 +47,14 @@ extern "C" OEMCryptoResult OEMCrypto_Initialize(void) {
} }
if (crypto_engine) { if (crypto_engine) {
LOGE("------------------------- Calling Initialize without Terminate\n"); LOGE("------------------------- Calling Initialize without Terminate\n");
if (crypto_engine->Initialized()) {
crypto_engine->Terminate();
}
delete crypto_engine; delete crypto_engine;
crypto_engine = NULL; crypto_engine = NULL;
} }
// NOTE: This requires a compatible Filesystem implementation. // NOTE: This requires a compatible Filesystem implementation.
wvcdm::FileSystem* fs = new wvcdm::FileSystem(); wvcdm::FileSystem* fs = new wvcdm::FileSystem();
crypto_engine = new CryptoEngine(fs); crypto_engine = CryptoEngine::MakeCryptoEngine(fs);
if (!crypto_engine || !crypto_engine->Initialized()) { if (!crypto_engine || !crypto_engine->Initialize()) {
LOGE("[OEMCrypto_Initialize(): failed]"); LOGE("[OEMCrypto_Initialize(): failed]");
return OEMCrypto_ERROR_INIT_FAILED; return OEMCrypto_ERROR_INIT_FAILED;
} }
@@ -74,13 +70,10 @@ extern "C" OEMCryptoResult OEMCrypto_Terminate(void) {
} }
if (!crypto_engine) { if (!crypto_engine) {
LOGE("[OEMCrypto_Terminate(): failed]"); LOGE("[OEMCrypto_Terminate(): not initialized]");
return OEMCrypto_ERROR_TERMINATE_FAILED; return OEMCrypto_ERROR_TERMINATE_FAILED;
} }
crypto_engine->Terminate();
if (crypto_engine->Initialized()) {
crypto_engine->Terminate();
}
delete crypto_engine; delete crypto_engine;
crypto_engine = NULL; crypto_engine = NULL;
@@ -151,7 +144,7 @@ extern "C" OEMCryptoResult OEMCrypto_GenerateDerivedKeys(
LOGE("OEMCrypto_GenerateDerivedKeys: OEMCrypto not initialized."); LOGE("OEMCrypto_GenerateDerivedKeys: OEMCrypto not initialized.");
return OEMCrypto_ERROR_UNKNOWN_FAILURE; return OEMCrypto_ERROR_UNKNOWN_FAILURE;
} }
if (!crypto_engine->config_supports_keybox()) { if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED; return OEMCrypto_ERROR_NOT_IMPLEMENTED;
} }
if (!crypto_engine->ValidRootOfTrust()) { if (!crypto_engine->ValidRootOfTrust()) {
@@ -475,11 +468,8 @@ extern "C" OEMCryptoResult OEMCrypto_QueryKeyControl(
OEMCrypto_SESSION session, const uint8_t* key_id, size_t key_id_length, OEMCrypto_SESSION session, const uint8_t* key_id, size_t key_id_length,
uint8_t* key_control_block, size_t* key_control_block_length) { uint8_t* key_control_block, size_t* key_control_block_length) {
if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) { if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
LOGI("-- OEMCryptoResult OEMCrypto_QueryKeyControl" LOGI("-- OEMCryptoResult OEMCrypto_QueryKeyControl(%d, id=%s)", session,
"(const OEMCrypto_SESSION session)\n"); wvcdm::HexEncode(key_id, key_id_length).c_str());
if (wvcdm::g_cutoff >= wvcdm::LOG_VERBOSE) {
dump_hex("key_id", key_id, key_id_length);
}
} }
if (!crypto_engine) { if (!crypto_engine) {
LOGE("OEMCrypto_QueryKeyControl: OEMCrypto Not Initialized."); LOGE("OEMCrypto_QueryKeyControl: OEMCrypto Not Initialized.");
@@ -516,11 +506,8 @@ extern "C" OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
const uint8_t* key_id, const uint8_t* key_id,
size_t key_id_length) { size_t key_id_length) {
if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) { if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
LOGI("-- OEMCryptoResult OEMCrypto_SelectKey" LOGI("-- OEMCryptoResult OEMCrypto_SelectKey(%d, id=%s)", session,
"(const OEMCrypto_SESSION session,\n"); wvcdm::HexEncode(key_id, key_id_length).c_str());
if (wvcdm::g_cutoff >= wvcdm::LOG_VERBOSE) {
dump_hex("key_id", key_id, key_id_length);
}
} }
#ifndef NDEBUG #ifndef NDEBUG
if (!crypto_engine->ValidRootOfTrust()) { if (!crypto_engine->ValidRootOfTrust()) {
@@ -540,41 +527,6 @@ extern "C" OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
return session_ctx->SelectContentKey(key_id_str); return session_ctx->SelectContentKey(key_id_str);
} }
OEMCryptoResult SetDestination(OEMCrypto_DestBufferDesc* out_buffer,
size_t data_length, uint8_t** destination,
size_t* max_length) {
switch (out_buffer->type) {
case OEMCrypto_BufferType_Clear:
*destination = out_buffer->buffer.clear.address;
*max_length = out_buffer->buffer.clear.max_length;
break;
case OEMCrypto_BufferType_Secure:
*destination =
reinterpret_cast<uint8_t*>(out_buffer->buffer.secure.handle) +
out_buffer->buffer.secure.offset;
*max_length = out_buffer->buffer.secure.max_length;
break;
case OEMCrypto_BufferType_Direct:
*destination = NULL;
break;
default:
return OEMCrypto_ERROR_INVALID_CONTEXT;
}
if (out_buffer->type != OEMCrypto_BufferType_Direct &&
*max_length < data_length) {
LOGE("[SetDestination(): OEMCrypto_ERROR_SHORT_BUFFER]");
return OEMCrypto_ERROR_SHORT_BUFFER;
}
if ((out_buffer->type != OEMCrypto_BufferType_Direct) &&
(*destination == NULL)) {
return OEMCrypto_ERROR_INVALID_CONTEXT;
}
return OEMCrypto_SUCCESS;
}
extern "C" OEMCryptoResult OEMCrypto_DecryptCENC( extern "C" OEMCryptoResult OEMCrypto_DecryptCENC(
OEMCrypto_SESSION session, const uint8_t* data_addr, size_t data_length, OEMCrypto_SESSION session, const uint8_t* data_addr, size_t data_length,
bool is_encrypted, const uint8_t* iv, size_t block_offset, bool is_encrypted, const uint8_t* iv, size_t block_offset,
@@ -592,18 +544,19 @@ extern "C" OEMCryptoResult OEMCrypto_DecryptCENC(
LOGE("[OEMCrypto_DecryptCENC(): OEMCrypto_ERROR_INVALID_CONTEXT]"); LOGE("[OEMCrypto_DecryptCENC(): OEMCrypto_ERROR_INVALID_CONTEXT]");
return OEMCrypto_ERROR_INVALID_CONTEXT; return OEMCrypto_ERROR_INVALID_CONTEXT;
} }
if (data_length > kMaxBufferSize) { if (crypto_engine->max_buffer_size() > 0 &&
data_length > crypto_engine->max_buffer_size()) {
// For testing reasons only, pretend that this integration only supports // For testing reasons only, pretend that this integration only supports
// the minimum possible buffer size. // the minimum possible buffer size.
LOGE("[OEMCrypto_DecryptCENC(): OEMCrypto_ERROR_BUFFER_TOO_LARGE]"); LOGE("[OEMCrypto_DecryptCENC(): OEMCrypto_ERROR_BUFFER_TOO_LARGE]");
return OEMCrypto_ERROR_BUFFER_TOO_LARGE; return OEMCrypto_ERROR_BUFFER_TOO_LARGE;
} }
uint8_t* destination = NULL; OEMCryptoResult status =
size_t max_length = 0; crypto_engine->SetDestination(out_buffer, data_length, subsample_flags);
OEMCryptoResult sts = if (status != OEMCrypto_SUCCESS) {
SetDestination(out_buffer, data_length, &destination, &max_length); LOGE("[OEMCrypto_DecryptCENC(): destination status: %d]", status);
if (sts != OEMCrypto_SUCCESS) return sts; return status;
}
#ifndef NDEBUG #ifndef NDEBUG
if (!crypto_engine->ValidRootOfTrust()) { if (!crypto_engine->ValidRootOfTrust()) {
LOGE("[OEMCrypto_DecryptCENC(): ERROR_KEYBOX_INVALID]"); LOGE("[OEMCrypto_DecryptCENC(): ERROR_KEYBOX_INVALID]");
@@ -617,9 +570,9 @@ extern "C" OEMCryptoResult OEMCrypto_DecryptCENC(
return OEMCrypto_ERROR_INVALID_SESSION; return OEMCrypto_ERROR_INVALID_SESSION;
} }
return session_ctx->DecryptCENC(iv, block_offset, pattern, data_addr, return session_ctx->DecryptCENC(
data_length, is_encrypted, destination, iv, block_offset, pattern, data_addr, data_length, is_encrypted,
out_buffer->type); crypto_engine->destination(), out_buffer->type);
} }
extern "C" OEMCryptoResult OEMCrypto_CopyBuffer( extern "C" OEMCryptoResult OEMCrypto_CopyBuffer(
@@ -636,19 +589,19 @@ extern "C" OEMCryptoResult OEMCrypto_CopyBuffer(
LOGE("[OEMCrypto_CopyBuffer(): OEMCrypto_ERROR_INVALID_CONTEXT]"); LOGE("[OEMCrypto_CopyBuffer(): OEMCrypto_ERROR_INVALID_CONTEXT]");
return OEMCrypto_ERROR_INVALID_CONTEXT; return OEMCrypto_ERROR_INVALID_CONTEXT;
} }
if (data_length > kMaxBufferSize) { if (crypto_engine->max_buffer_size() > 0 &&
data_length > crypto_engine->max_buffer_size()) {
// For testing reasons only, pretend that this integration only supports // For testing reasons only, pretend that this integration only supports
// the minimum possible buffer size. // the minimum possible buffer size.
LOGE("[OEMCrypto_CopyBuffer(): OEMCrypto_ERROR_BUFFER_TOO_LARGE]"); LOGE("[OEMCrypto_CopyBuffer(): OEMCrypto_ERROR_BUFFER_TOO_LARGE]");
return OEMCrypto_ERROR_BUFFER_TOO_LARGE; return OEMCrypto_ERROR_BUFFER_TOO_LARGE;
} }
uint8_t* destination = NULL; OEMCryptoResult status =
size_t max_length = 0; crypto_engine->SetDestination(out_buffer, data_length, subsample_flags);
OEMCryptoResult sts = if (status != OEMCrypto_SUCCESS) return status;
SetDestination(out_buffer, data_length, &destination, &max_length); if (crypto_engine->destination() != NULL) {
if (sts != OEMCrypto_SUCCESS) return sts; memcpy(crypto_engine->destination(), data_addr, data_length);
}
if (destination != NULL) memcpy(destination, data_addr, data_length);
return OEMCrypto_SUCCESS; return OEMCrypto_SUCCESS;
} }
@@ -661,7 +614,7 @@ extern "C" OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox,
if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) { if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) {
LOGI("-- OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t *keybox,\n"); LOGI("-- OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t *keybox,\n");
} }
if (!crypto_engine->config_supports_keybox()) { if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED; return OEMCrypto_ERROR_NOT_IMPLEMENTED;
} }
if (!keybox || !wrappedKeybox || !wrappedKeyBoxLength || if (!keybox || !wrappedKeybox || !wrappedKeyBoxLength ||
@@ -683,7 +636,7 @@ extern "C" OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
LOGE("OEMCrypto_InstallKeybox: OEMCrypto Not Initialized."); LOGE("OEMCrypto_InstallKeybox: OEMCrypto Not Initialized.");
return OEMCrypto_ERROR_UNKNOWN_FAILURE; return OEMCrypto_ERROR_UNKNOWN_FAILURE;
} }
if (!crypto_engine->config_supports_keybox()) { if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED; return OEMCrypto_ERROR_NOT_IMPLEMENTED;
} }
if (crypto_engine->InstallKeybox(keybox, keyBoxLength)) { if (crypto_engine->InstallKeybox(keybox, keyBoxLength)) {
@@ -700,7 +653,7 @@ extern "C" OEMCryptoResult OEMCrypto_LoadTestKeybox() {
LOGE("OEMCrypto_LoadTestKeybox: OEMCrypto Not Initialized."); LOGE("OEMCrypto_LoadTestKeybox: OEMCrypto Not Initialized.");
return OEMCrypto_ERROR_UNKNOWN_FAILURE; return OEMCrypto_ERROR_UNKNOWN_FAILURE;
} }
if (!crypto_engine->config_supports_keybox()) { if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED; return OEMCrypto_ERROR_NOT_IMPLEMENTED;
} }
crypto_engine->UseTestKeybox(); crypto_engine->UseTestKeybox();
@@ -715,7 +668,7 @@ extern "C" OEMCryptoResult OEMCrypto_IsKeyboxValid(void) {
LOGE("OEMCrypto_IsKeyboxValid: OEMCrypto Not Initialized."); LOGE("OEMCrypto_IsKeyboxValid: OEMCrypto Not Initialized.");
return OEMCrypto_ERROR_UNKNOWN_FAILURE; return OEMCrypto_ERROR_UNKNOWN_FAILURE;
} }
if (!crypto_engine->config_supports_keybox()) { if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED; return OEMCrypto_ERROR_NOT_IMPLEMENTED;
} }
switch (crypto_engine->ValidateKeybox()) { switch (crypto_engine->ValidateKeybox()) {
@@ -776,7 +729,7 @@ extern "C" OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID,
LOGE("OEMCrypto_GetDeviceID: OEMCrypto Not Initialized."); LOGE("OEMCrypto_GetDeviceID: OEMCrypto Not Initialized.");
return OEMCrypto_ERROR_UNKNOWN_FAILURE; return OEMCrypto_ERROR_UNKNOWN_FAILURE;
} }
if (!crypto_engine->config_supports_keybox()) { if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED; return OEMCrypto_ERROR_NOT_IMPLEMENTED;
} }
// Devices that do not support a keybox should use some other method to // Devices that do not support a keybox should use some other method to
@@ -811,7 +764,7 @@ extern "C" OEMCryptoResult OEMCrypto_GetKeyData(uint8_t* keyData,
LOGE("OEMCrypto_GetKeyData: OEMCrypto Not Initialized."); LOGE("OEMCrypto_GetKeyData: OEMCrypto Not Initialized.");
return OEMCrypto_ERROR_UNKNOWN_FAILURE; return OEMCrypto_ERROR_UNKNOWN_FAILURE;
} }
if (!crypto_engine->config_supports_keybox()) { if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED; return OEMCrypto_ERROR_NOT_IMPLEMENTED;
} }
size_t length = crypto_engine->DeviceRootTokenLength(); size_t length = crypto_engine->DeviceRootTokenLength();
@@ -1003,7 +956,7 @@ extern "C" OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey(
LOGE("OEMCrypto_RewrapDeviceRSAKey: OEMCrypto Not Initialized."); LOGE("OEMCrypto_RewrapDeviceRSAKey: OEMCrypto Not Initialized.");
return OEMCrypto_ERROR_UNKNOWN_FAILURE; return OEMCrypto_ERROR_UNKNOWN_FAILURE;
} }
if (!crypto_engine->config_supports_keybox()) { if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
return OEMCrypto_ERROR_NOT_IMPLEMENTED; return OEMCrypto_ERROR_NOT_IMPLEMENTED;
} }
if (wrapped_rsa_key_length == NULL) { if (wrapped_rsa_key_length == NULL) {

10
libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.cpp
View File

@@ -524,6 +524,9 @@ OEMCryptoResult SessionContext::InstallKey(
return OEMCrypto_ERROR_UNKNOWN_FAILURE; return OEMCrypto_ERROR_UNKNOWN_FAILURE;
} }
if (LogCategoryEnabled(kLoggingDumpKeyControlBlocks)) {
LOGD("Key ID: %s", wvcdm::b2a_hex(key_id).c_str());
}
KeyControlBlock key_control_block(key_control_str); KeyControlBlock key_control_block(key_control_str);
if (!key_control_block.valid()) { if (!key_control_block.valid()) {
LOGE("Error parsing key control."); LOGE("Error parsing key control.");
@@ -543,13 +546,11 @@ OEMCryptoResult SessionContext::InstallKey(
OEMCrypto_Security_Patch_Level(), minimum_patch_level); OEMCrypto_Security_Patch_Level(), minimum_patch_level);
return OEMCrypto_ERROR_UNKNOWN_FAILURE; return OEMCrypto_ERROR_UNKNOWN_FAILURE;
} }
OEMCryptoResult result = CheckNonceOrEntry(key_control_block); OEMCryptoResult result = CheckNonceOrEntry(key_control_block);
if (result != OEMCrypto_SUCCESS) { if (result != OEMCrypto_SUCCESS) {
LOGE("LoadKeys: Failed Nonce/PST check."); LOGE("LoadKeys: Failed Nonce/PST check.");
return result; return result;
} }
if (key_control_block.control_bits() & kSharedLicense) { if (key_control_block.control_bits() & kSharedLicense) {
if (!second_license) { if (!second_license) {
LOGE("LoadKeys: Shared License, but no keys previously loaded."); LOGE("LoadKeys: Shared License, but no keys previously loaded.");
@@ -1109,11 +1110,6 @@ OEMCryptoResult SessionContext::DecryptCENC(
return OEMCrypto_SUCCESS; return OEMCrypto_SUCCESS;
} }
if (buffer_type == OEMCrypto_BufferType_Secure) {
// For reference implementation, we also quietly drop secure data.
return OEMCrypto_SUCCESS;
}
if (!current_content_key()->ctr_mode()) { if (!current_content_key()->ctr_mode()) {
if (block_offset > 0) return OEMCrypto_ERROR_INVALID_CONTEXT; if (block_offset > 0) return OEMCrypto_ERROR_INVALID_CONTEXT;
return DecryptCBC(key_u8, iv, pattern, cipher_data, cipher_data_length, return DecryptCBC(key_u8, iv, pattern, cipher_data, cipher_data_length,