From ce62e1d7e709fcb49442cc81a4c29dea6432c930 Mon Sep 17 00:00:00 2001 From: Rahul Frias Date: Wed, 12 Apr 2017 13:20:44 -0700 Subject: [PATCH] Correct error returned when license is for the future [ Merge of http://go/wvgerrit/25721 ] Return CryptoException with errorCode ERROR_NO_KEY when an attempt is made to make use of a license whose start time is in the future. Test: Verified by WidevineDashPolicyTests#testL1LicenseStart2030 b/31914841 Change-Id: I2a157c227550a2391b6536365f34f1dfec3dea0c --- libwvdrmengine/include/WVErrors.h | 1 - libwvdrmengine/include/mapErrors-inl.h | 3 +- .../mediacrypto/src/WVCryptoPlugin.cpp | 55 +++++++++++-------- .../mediacrypto/src_hidl/WVCryptoPlugin.cpp | 55 +++++++++++-------- 4 files changed, 65 insertions(+), 49 deletions(-) diff --git a/libwvdrmengine/include/WVErrors.h b/libwvdrmengine/include/WVErrors.h index c7ea7e59..e14d6066 100644 --- a/libwvdrmengine/include/WVErrors.h +++ b/libwvdrmengine/include/WVErrors.h @@ -42,7 +42,6 @@ enum { kCryptoSessionOpenError3 = ERROR_DRM_VENDOR_MIN + 26, kCryptoSessionOpenError4 = ERROR_DRM_VENDOR_MIN + 27, kCryptoSessionOpenError5 = ERROR_DRM_VENDOR_MIN + 28, - kDecyrptNotReady = ERROR_DRM_VENDOR_MIN + 29, kDeviceCertificateError1 = ERROR_DRM_VENDOR_MIN + 30, kDeviceCertificateError2 = ERROR_DRM_VENDOR_MIN + 31, kDeviceCertificateError3 = ERROR_DRM_VENDOR_MIN + 32, diff --git a/libwvdrmengine/include/mapErrors-inl.h b/libwvdrmengine/include/mapErrors-inl.h index 2a6cdcd6..b1b33275 100644 --- a/libwvdrmengine/include/mapErrors-inl.h +++ b/libwvdrmengine/include/mapErrors-inl.h @@ -22,6 +22,7 @@ static android::status_t mapCdmResponseType(wvcdm::CdmResponseType res) { // success messages for certain CDM methods instead of NO_ERROR. return android::OK; case wvcdm::NEED_KEY: + case wvcdm::DECRYPT_NOT_READY: return android::ERROR_DRM_NO_LICENSE; case wvcdm::NEED_PROVISIONING: return android::ERROR_DRM_NOT_PROVISIONED; @@ -71,8 +72,6 @@ static android::status_t mapCdmResponseType(wvcdm::CdmResponseType res) { return kCryptoSessionOpenError4; case wvcdm::CRYPTO_SESSION_OPEN_ERROR_5: return kCryptoSessionOpenError5; - case wvcdm::DECRYPT_NOT_READY: - return kDecyrptNotReady; case wvcdm::DEVICE_CERTIFICATE_ERROR_1: return kDeviceCertificateError1; case wvcdm::DEVICE_CERTIFICATE_ERROR_2: diff --git a/libwvdrmengine/mediacrypto/src/WVCryptoPlugin.cpp b/libwvdrmengine/mediacrypto/src/WVCryptoPlugin.cpp index ffd1c2a8..f813c9d4 100644 --- a/libwvdrmengine/mediacrypto/src/WVCryptoPlugin.cpp +++ b/libwvdrmengine/mediacrypto/src/WVCryptoPlugin.cpp @@ -299,29 +299,38 @@ status_t WVCryptoPlugin::attemptDecrypt(const CdmDecryptionParameters& params, mSessionId.c_str(), params.is_encrypted ? "encrypted" : "unencrypted", res); - if (res == wvcdm::INSUFFICIENT_CRYPTO_RESOURCES) { - errorDetailMsg->setTo( - "Error decrypting data: insufficient crypto resources"); - // This error is actionable by the app and should be passed up. - return mapCdmResponseType(res); - } else if (res == wvcdm::NEED_KEY) { - errorDetailMsg->setTo( - "Error decrypting data: requested key has not been loaded"); - // This error is actionable by the app and should be passed up. - return mapCdmResponseType(res); - } else if (res == wvcdm::SESSION_NOT_FOUND_FOR_DECRYPT) { - errorDetailMsg->setTo( - "Error decrypting data: session not found, possibly reclaimed"); - // This error is actionable by the app and should be passed up. - return mapCdmResponseType(res); - } else if (res == wvcdm::DECRYPT_ERROR) { - errorDetailMsg->setTo( - "Error decrypting data: unspecified error"); - // This error is actionable by the app and should be passed up. - return mapCdmResponseType(res); - } else if (res == wvcdm::INSUFFICIENT_OUTPUT_PROTECTION) { - errorDetailMsg->setTo( - "Error decrypting data: insufficient output protection"); + bool actionableError = true; + switch (res) { + case wvcdm::INSUFFICIENT_CRYPTO_RESOURCES: + errorDetailMsg->setTo( + "Error decrypting data: insufficient crypto resources"); + break; + case wvcdm::NEED_KEY: + errorDetailMsg->setTo( + "Error decrypting data: requested key has not been loaded"); + break; + case wvcdm::DECRYPT_NOT_READY: + errorDetailMsg->setTo( + "Error decrypting data: license validity period is in the future"); + break; + case wvcdm::SESSION_NOT_FOUND_FOR_DECRYPT: + errorDetailMsg->setTo( + "Error decrypting data: session not found, possibly reclaimed"); + break; + case wvcdm::DECRYPT_ERROR: + errorDetailMsg->setTo( + "Error decrypting data: unspecified error"); + break; + case wvcdm::INSUFFICIENT_OUTPUT_PROTECTION: + errorDetailMsg->setTo( + "Error decrypting data: insufficient output protection"); + break; + default: + actionableError = false; + break; + } + + if (actionableError) { // This error is actionable by the app and should be passed up. return mapCdmResponseType(res); } else { diff --git a/libwvdrmengine/mediacrypto/src_hidl/WVCryptoPlugin.cpp b/libwvdrmengine/mediacrypto/src_hidl/WVCryptoPlugin.cpp index 45cfda82..570e54a7 100644 --- a/libwvdrmengine/mediacrypto/src_hidl/WVCryptoPlugin.cpp +++ b/libwvdrmengine/mediacrypto/src_hidl/WVCryptoPlugin.cpp @@ -331,29 +331,38 @@ status_t WVCryptoPlugin::attemptDecrypt(const CdmDecryptionParameters& params, mSessionId.c_str(), params.is_encrypted ? "encrypted" : "unencrypted", res); - if (res == wvcdm::INSUFFICIENT_CRYPTO_RESOURCES) { - errorDetailMsg->assign( - "Error decrypting data: insufficient crypto resources"); - // This error is actionable by the app and should be passed up. - return mapCdmResponseType(res); - } else if (res == wvcdm::NEED_KEY) { - errorDetailMsg->assign( - "Error decrypting data: requested key has not been loaded"); - // This error is actionable by the app and should be passed up. - return mapCdmResponseType(res); - } else if (res == wvcdm::SESSION_NOT_FOUND_FOR_DECRYPT) { - errorDetailMsg->assign( - "Error decrypting data: session not found, possibly reclaimed"); - // This error is actionable by the app and should be passed up. - return mapCdmResponseType(res); - } else if (res == wvcdm::DECRYPT_ERROR) { - errorDetailMsg->assign( - "Error decrypting data: unspecified error"); - // This error is actionable by the app and should be passed up. - return mapCdmResponseType(res); - } else if (res == wvcdm::INSUFFICIENT_OUTPUT_PROTECTION) { - errorDetailMsg->assign( - "Error decrypting data: insufficient output protection"); + bool actionableError = true; + switch (res) { + case wvcdm::INSUFFICIENT_CRYPTO_RESOURCES: + errorDetailMsg->assign( + "Error decrypting data: insufficient crypto resources"); + break; + case wvcdm::NEED_KEY: + errorDetailMsg->assign( + "Error decrypting data: requested key has not been loaded"); + break; + case wvcdm::DECRYPT_NOT_READY: + errorDetailMsg->assign( + "Error decrypting data: license validity period is in the future"); + break; + case wvcdm::SESSION_NOT_FOUND_FOR_DECRYPT: + errorDetailMsg->assign( + "Error decrypting data: session not found, possibly reclaimed"); + break; + case wvcdm::DECRYPT_ERROR: + errorDetailMsg->assign( + "Error decrypting data: unspecified error"); + break; + case wvcdm::INSUFFICIENT_OUTPUT_PROTECTION: + errorDetailMsg->assign( + "Error decrypting data: insufficient output protection"); + break; + default: + actionableError = false; + break; + } + + if (actionableError) { // This error is actionable by the app and should be passed up. return mapCdmResponseType(res); } else {