Verify cipher block mode during decryption

[ Merge from http://go/wvgerrit/16498 ] The CDM now supports AES CTR and CBC block cipher modes. The license specifies the mode to be used in the key container. The mode is also specified in mediaCrypto when calling decrypt. This adds verification for the cipher block mode. Change-Id: I2587fc1e4b6d77161f2f8653f8516024c73dd8ac
2016-01-19 16:23:40 -08:00
parent f07494fce9
commit ae99bb6d11
5 changed files with 16 additions and 2 deletions
--- a/libwvdrmengine/cdm/core/src/crypto_session.cpp
+++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp
@@ -40,7 +40,8 @@ CryptoSession::CryptoSession()
      update_usage_table_after_close_session_(false),
      is_destination_buffer_type_valid_(false),
      requested_security_level_(kLevelDefault),
-      request_id_base_(0) {
+      request_id_base_(0),
+      cipher_mode_(kCipherModeCtr) {
  Init();
 }

@@ -415,6 +416,7 @@ CdmResponseType CryptoSession::LoadKeys(
    ko->cipher_mode = ki->cipher_mode() == kCipherModeCbc
                          ? OEMCrypto_CipherMode_CBC
                          : OEMCrypto_CipherMode_CTR;
+    cipher_mode_ = ki->cipher_mode();
  }
  uint8_t* pst = NULL;
  if (!provider_session_token.empty()) {
@@ -674,6 +676,9 @@ CdmResponseType CryptoSession::Decrypt(const CdmDecryptionParameters& params) {
                               params.encrypt_buffer, params.encrypt_length,
                               &buffer_descriptor, params.subsample_flags);
  }
+  if (params.cipher_mode != cipher_mode_) {
+    return INCORRECT_CRYPTO_MODE;
+  }
  if (params.is_encrypted || sts == OEMCrypto_ERROR_NOT_IMPLEMENTED) {
    OEMCrypto_CENCEncryptPatternDesc pattern_descriptor;
    pattern_descriptor.encrypt = params.pattern_descriptor.encrypt_blocks;