Add support for crypto HAL on L3 devices DO NOT MERGE

Includes widevine library release version 4.5.0.7571

Change-Id: I9e574d5606576aab376d0524a4bf1a81e5a61678
related-to-bug: 6427322
related-to-bug: 6427274

proprietary/cryptoPlugin/Android.mk

@@ -1,11 +1,17 @@
 LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
+include $(TOP)/vendor/widevine/proprietary/drmwvmplugin/oemcryptolevel.mk
 
-LOCAL_SRC_FILES:= \
-	WVCryptoPlugin.cpp
+ifeq ($(LOCAL_OEMCRYPTO_LEVEL),1)
+LOCAL_CFLAGS := -DREQUIRE_SECURE_BUFFERS
+endif
+
+LOCAL_SRC_FILES := \
+        WVCryptoPlugin.cpp
 
 LOCAL_C_INCLUDES := \
-        $(TOP)/vendor/widevine/proprietary/wvm/include  \
+        $(TOP)/vendor/widevine/proprietary/wvm/include \
+        $(TOP)/external/openssl/include
 
 LOCAL_MODULE:= libwvdecryptcommon
 LOCAL_MODULE_TAGS := optional

proprietary/cryptoPlugin/WVCryptoPlugin.cpp

@@ -16,16 +16,20 @@
 
 //#define LOG_NDEBUG 0
 #define LOG_TAG "wv_crypto_plugin"
+#include <cutils/properties.h>
 #include <utils/Log.h>
-
-#include "WVCryptoPlugin.h"
+#include <string.h>
+#include <openssl/md5.h>
 
 #include <media/stagefright/foundation/ADebug.h>
 #include <media/stagefright/foundation/hexdump.h>
+#include <media/stagefright/MediaErrors.h>
 
+#include "WVCryptoPlugin.h"
+
+#ifdef REQUIRE_SECURE_BUFFERS
 #include <OEMCrypto_L1.h>
-
-#include <string.h>
+#endif
 
 android::CryptoFactory *createCryptoFactory() {
     return new android::WVCryptoFactory;
@@ -40,30 +44,35 @@ const uint8_t WVCryptoFactory::kUUIDWidevine[16] = {
 };
 
 WVCryptoPlugin::WVCryptoPlugin(const void *data, size_t size)
-    : mInitCheck(NO_INIT) {
-
+    : mInitCheck(NO_INIT)
+{
     // not using data at this time, require
     // size to be zero.
     if (size > 0) {
         mInitCheck = -EINVAL;
     } else {
+        mInitCheck = OK;
+
+#ifdef REQUIRE_SECURE_BUFFERS
         OEMCryptoResult res = OEMCrypto_Initialize();
         if (res != OEMCrypto_SUCCESS) {
             ALOGE("OEMCrypto_Initialize failed: %d", res);
             mInitCheck = -EINVAL;
-        } else {
-            mInitCheck = OK;
         }
+#endif
     }
 }
 
 WVCryptoPlugin::~WVCryptoPlugin() {
+
+#ifdef REQUIRE_SECURE_BUFFERS
     if (mInitCheck == OK) {
         OEMCryptoResult res = OEMCrypto_Terminate();
         if (res != OEMCrypto_SUCCESS) {
             ALOGW("OEMCrypto_Terminate failed: %d", res);
         }
     }
+#endif
 }
 
 status_t WVCryptoPlugin::initCheck() const {
@@ -71,7 +80,11 @@ status_t WVCryptoPlugin::initCheck() const {
 }
 
 bool WVCryptoPlugin::requiresSecureDecoderComponent(const char *mime) const {
+#ifdef REQUIRE_SECURE_BUFFERS
     return !strncasecmp(mime, "video/", 6);
+#else
+    return false;
+#endif
 }
 
 status_t WVCryptoPlugin::decrypt(
@@ -85,7 +98,7 @@ status_t WVCryptoPlugin::decrypt(
         AString *errorDetailMsg) {
     Mutex::Autolock autoLock(mLock);
 
-    //ALOGD("mode=%d, secure=%d, numSubSamples=%d", mode, secure, numSubSamples);
+
     CHECK(mode == kMode_Unencrypted || mode == kMode_AES_WV);
 
     size_t offset = 0;
@@ -104,6 +117,8 @@ status_t WVCryptoPlugin::decrypt(
 
         //ALOGD("size[%d]=%d", i, srcSize);
 
+#ifdef REQUIRE_SECURE_BUFFERS
+        // decrypt using OEMCrypto API, used for L1 devices
         OEMCrypto_UINT32 dstLength = srcSize;
 
         OEMCryptoResult res;
@@ -141,10 +156,88 @@ status_t WVCryptoPlugin::decrypt(
         }
 
         offset += dstLength;
+#else
+        if (mode == kMode_Unencrypted) {
+            memcpy((char *)dstPtr + offset, (char *)srcPtr + offset, srcSize);
+        } else {
+            status_t status = decryptSW(key, (uint8_t *)dstPtr + offset,
+                                        (const uint8_t *)srcPtr + offset, srcSize);
+            if (status != OK) {
+                ALOGE("decryptSW returned %d", status);
+                return status;
+            }
+        }
+
+        offset += srcSize;
+#endif
     }
 
     return OK;
 }
 
+// SW AES CTS decrypt, used only for L3 devices
+status_t WVCryptoPlugin::decryptSW(const uint8_t *key, uint8_t *out,
+                                   const uint8_t *in, size_t length)
+{
+#ifndef REQUIRE_SECURE_BUFFERS
+    unsigned char iv[kAES128BlockSize] = {0};
+
+    if (memcmp(key, mEncKey, sizeof(mEncKey)) != 0) {
+        // key has changed, recompute mAesKey from key
+        uint8_t hash[MD5_DIGEST_LENGTH];
+        char value[PROPERTY_VALUE_MAX] = {0};
+        char seed[] = "34985woeirsdlkfjxc";
+
+        property_get("ro.serialno", value, NULL);
+
+        MD5_CTX ctx;
+        MD5_Init(&ctx);
+        MD5_Update(&ctx, (uint8_t *)seed, sizeof(seed));
+        MD5_Update(&ctx, (uint8_t *)value, strlen(value));
+        MD5_Final(hash, &ctx);
+
+        AES_KEY aesKey;
+        if (AES_set_decrypt_key(hash, sizeof(hash) * 8, &aesKey) == 0) {
+            uint8_t clearKey[kAES128BlockSize];
+            AES_ecb_encrypt(key, clearKey, &aesKey, 0);
+
+            if (AES_set_decrypt_key(clearKey, sizeof(hash) * 8, &mAesKey) == 0) {
+                memcpy(mEncKey, key, sizeof(mEncKey));
+            } else {
+                return -EINVAL;
+            }
+        } else {
+            return -EINVAL;
+        }
+    }
+
+    size_t k, r = length % kAES128BlockSize;
+
+    if (r) {
+        k = length - r - kAES128BlockSize;
+    } else {
+        k = length;
+    }
+
+    AES_cbc_encrypt(in, out, k, &mAesKey, iv, 0);
+
+    if (r) {
+        // cipher text stealing - Schneier Figure 9.5 p 196
+        unsigned char peniv[kAES128BlockSize] = {0};
+        memcpy(peniv, in + k + kAES128BlockSize, r);
+
+        AES_cbc_encrypt(in + k, out + k, kAES128BlockSize, &mAesKey, peniv, 0);
+
+        // exchange the final plaintext and ciphertext
+        for (size_t i = 0; i < r; i++) {
+            *(out + k + kAES128BlockSize + i) = *(out + k + i);
+            *(out + k + i) = *(in + k + kAES128BlockSize + i);
+        }
+        AES_cbc_encrypt(out + k, out + k, kAES128BlockSize, &mAesKey, iv, 0);
+    }
+#endif
+    return OK;
+}
+
 }  // namespace android
 

proprietary/cryptoPlugin/WVCryptoPlugin.h

@@ -20,6 +20,7 @@
 
 #include <media/hardware/CryptoAPI.h>
 #include <utils/threads.h>
+#include <openssl/aes.h>
 
 namespace android {
 
@@ -27,14 +28,16 @@ struct WVCryptoPlugin : public CryptoPlugin {
     WVCryptoPlugin(const void *data, size_t size);
     virtual ~WVCryptoPlugin();
 
+    const static size_t kAES128BlockSize = 16;
+
     status_t initCheck() const;
 
     virtual bool requiresSecureDecoderComponent(const char *mime) const;
 
     virtual status_t decrypt(
             bool secure,
-            const uint8_t key[16],
-            const uint8_t iv[16],
+            const uint8_t key[kAES128BlockSize],
+            const uint8_t iv[kAES128BlockSize],
             Mode mode,
             const void *srcPtr,
             const SubSample *subSamples, size_t numSubSamples,
@@ -42,9 +45,13 @@ struct WVCryptoPlugin : public CryptoPlugin {
             AString *errorDetailMsg);
 
 private:
+    status_t decryptSW(const uint8_t *key, uint8_t *out, const uint8_t *in, size_t length);
+
     Mutex mLock;
 
     status_t mInitCheck;
+    AES_KEY mAesKey;
+    uint8_t mEncKey[kAES128BlockSize];
 
     WVCryptoPlugin(const WVCryptoPlugin &);
     WVCryptoPlugin &operator=(const WVCryptoPlugin &);

proprietary/cryptoPlugin/decrypt-core.mk

@@ -8,10 +8,5 @@ include $(TOP)/vendor/widevine/proprietary/wvm/common.mk
 LOCAL_WHOLE_STATIC_LIBRARIES := \
 	libwvdecryptcommon
 
-LOCAL_SHARED_LIBRARIES := \
-        libstagefright_foundation       \
-        libutils                        \
-
 LOCAL_STATIC_LIBRARIES := \
-        liboemcrypto                    \
-
+        liboemcrypto