widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Widevine Metrics System

Browse Source 
This change is the complete Widevine metrics system. It will
measure and record runtime information about what is happening
in the CDM - such as errors and throughput.

Bug: 33745339
Bug: 26027857
Change-Id: Ic9a82074f1e2b72c72d751b235f8ae361232787d
This commit is contained in:
Aaron Vaage
2017-01-17 18:31:25 -08:00
parent ee5aff7706
commit edb9f00df7
39 changed files with 2969 additions and 258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

386
libwvdrmengine/cdm/core/src/cdm_engine.cpp
View File

@@ -14,6 +14,7 @@
#include "file_store.h"
#include "license_protocol.pb.h"
#include "log.h"
#include "metrics_front_end.h"
#include "properties.h"
#include "string_conversions.h"
#include "wv_cdm_constants.h"
@@ -73,6 +74,8 @@ CdmEngine::CdmEngine(FileSystem* file_system, const std::string& spoid)
srand(clock_.GetCurrentTime());
seeded_ = true;
}
life_span_.Start();
}
CdmEngine::~CdmEngine() {
@@ -82,6 +85,8 @@ CdmEngine::~CdmEngine() {
delete i->second;
}
sessions_.clear();
M_RECORD(&metrics_, cdm_engine_life_span_, life_span_.AsMs());
}
CdmResponseType CdmEngine::OpenSession(const CdmKeySystem& key_system,
@@ -278,7 +283,13 @@ CdmResponseType CdmEngine::GenerateKeyRequest(
if (license_type == kLicenseTypeRelease &&
!iter->second->license_received()) {
sts = iter->second->RestoreOfflineSession(key_set_id, kLicenseTypeRelease);
M_TIME(
sts = iter->second->RestoreOfflineSession(
key_set_id,
kLicenseTypeRelease),
iter->second->GetMetrics(),
cdm_session_restore_offline_session_,
sts);
if (sts != KEY_ADDED) {
LOGE("CdmEngine::GenerateKeyRequest: key release restoration failed,"
"sts = %d", static_cast<int>(sts));
@@ -286,13 +297,24 @@ CdmResponseType CdmEngine::GenerateKeyRequest(
}
}
sts = iter->second->GenerateKeyRequest(
init_data, license_type, app_parameters, key_request);
M_TIME(
sts = iter->second->GenerateKeyRequest(
init_data,
license_type,
app_parameters,
key_request),
iter->second->GetMetrics(),
cdm_session_generate_key_request_,
sts);
if (KEY_MESSAGE != sts) {
if (sts == NEED_PROVISIONING) {
cert_provisioning_requested_security_level_ =
iter->second->GetRequestedSecurityLevel();
M_TIME(
cert_provisioning_requested_security_level_ =
iter->second->GetRequestedSecurityLevel(),
iter->second->GetMetrics(),
cdm_session_get_requested_security_level_,
cert_provisioning_requested_security_level_);
}
LOGE("CdmEngine::GenerateKeyRequest: key request generation failed, "
"sts = %d", static_cast<int>(sts));
@@ -347,7 +369,13 @@ CdmResponseType CdmEngine::AddKey(const CdmSessionId& session_id,
return EMPTY_KEY_DATA_1;
}
CdmResponseType sts = iter->second->AddKey(key_data);
CdmResponseType sts;
M_TIME(
sts = iter->second->AddKey(
key_data),
iter->second->GetMetrics(),
cdm_session_add_key_,
sts);
if (key_set_id) {
*key_set_id = iter->second->key_set_id();
}
@@ -382,11 +410,21 @@ CdmResponseType CdmEngine::RestoreKey(const CdmSessionId& session_id,
return SESSION_NOT_FOUND_4;
}
CdmResponseType sts =
iter->second->RestoreOfflineSession(key_set_id, kLicenseTypeOffline);
CdmResponseType sts;
M_TIME(
sts = iter->second->RestoreOfflineSession(
key_set_id,
kLicenseTypeOffline),
iter->second->GetMetrics(),
cdm_session_restore_offline_session_,
sts);
if (sts == NEED_PROVISIONING) {
cert_provisioning_requested_security_level_ =
iter->second->GetRequestedSecurityLevel();
M_TIME(
cert_provisioning_requested_security_level_ =
iter->second->GetRequestedSecurityLevel(),
iter->second->GetMetrics(),
cdm_session_get_requested_security_level_,
cert_provisioning_requested_security_level_);
}
if (sts != KEY_ADDED && sts != GET_RELEASED_LICENSE_ERROR) {
LOGE("CdmEngine::RestoreKey: restore offline session failed = %d", sts);
@@ -404,7 +442,11 @@ CdmResponseType CdmEngine::RemoveKeys(const CdmSessionId& session_id) {
return SESSION_NOT_FOUND_5;
}
iter->second->ReleaseCrypto();
M_TIME(
iter->second->ReleaseCrypto(),
iter->second->GetMetrics(),
cdm_session_release_crypto_);
return NO_ERROR;
}
@@ -426,7 +468,13 @@ CdmResponseType CdmEngine::GenerateRenewalRequest(
key_request->message.clear();
CdmResponseType sts = iter->second->GenerateRenewalRequest(key_request);
CdmResponseType sts;
M_TIME(
sts= iter->second->GenerateRenewalRequest(
key_request),
iter->second->GetMetrics(),
cdm_session_generate_renewal_request_,
sts);
if (KEY_MESSAGE != sts) {
LOGE("CdmEngine::GenerateRenewalRequest: key request gen. failed, sts=%d",
@@ -452,7 +500,13 @@ CdmResponseType CdmEngine::RenewKey(const CdmSessionId& session_id,
return EMPTY_KEY_DATA_2;
}
CdmResponseType sts = iter->second->RenewKey(key_data);
CdmResponseType sts;
M_TIME(
sts = iter->second->RenewKey(
key_data),
iter->second->GetMetrics(),
cdm_session_renew_key_,
sts);
if (KEY_ADDED != sts) {
LOGE("CdmEngine::RenewKey: keys not added, sts=%d", static_cast<int>(sts));
return sts;
@@ -465,9 +519,16 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
const std::string& query_token,
std::string* query_response) {
LOGI("CdmEngine::QueryStatus");
CryptoSession crypto_session;
CryptoSession crypto_session(&metrics_);
if (security_level == kLevel3) {
CdmResponseType status = crypto_session.Open(kLevel3);
CdmResponseType status;
M_TIME(
status = crypto_session.Open(
kLevel3),
&metrics_,
crypto_session_open_,
status,
kLevel3);
if (NO_ERROR != status) return INVALID_QUERY_STATUS;
}
@@ -477,7 +538,12 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
}
if (query_token == QUERY_KEY_SECURITY_LEVEL) {
CdmSecurityLevel security_level = crypto_session.GetSecurityLevel();
CdmSecurityLevel security_level;
M_TIME(
security_level = crypto_session.GetSecurityLevel(),
&metrics_,
crypto_session_get_security_level_,
security_level);
switch (security_level) {
case kSecurityLevelL1:
*query_response = QUERY_VALUE_SECURITY_LEVEL_L1;
@@ -499,7 +565,14 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
}
} else if (query_token == QUERY_KEY_DEVICE_ID) {
std::string deviceId;
if (!crypto_session.GetDeviceUniqueId(&deviceId)) {
bool got_id;
M_TIME(
got_id = crypto_session.GetDeviceUniqueId(
&deviceId),
&metrics_,
crypto_session_get_device_unique_id_,
got_id);
if (!got_id) {
LOGW("CdmEngine::QueryStatus: QUERY_KEY_DEVICE_ID unknown failure");
return UNKNOWN_ERROR;
}
@@ -507,7 +580,15 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
*query_response = deviceId;
} else if (query_token == QUERY_KEY_SYSTEM_ID) {
uint32_t system_id;
if (!crypto_session.GetSystemId(&system_id)) {
bool got_id;
M_TIME(
got_id = crypto_session.GetSystemId(
&system_id),
&metrics_,
crypto_session_get_system_id_,
got_id,
system_id);
if (!got_id) {
LOGW("CdmEngine::QueryStatus: QUERY_KEY_SYSTEM_ID unknown failure");
return UNKNOWN_ERROR;
}
@@ -517,7 +598,14 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
*query_response = system_id_stream.str();
} else if (query_token == QUERY_KEY_PROVISIONING_ID) {
std::string provisioning_id;
if (!crypto_session.GetProvisioningId(&provisioning_id)) {
bool got_id;
M_TIME(
got_id = crypto_session.GetProvisioningId(
&provisioning_id),
&metrics_,
crypto_session_get_provisioning_id_,
got_id);
if (!got_id) {
LOGW("CdmEngine::QueryStatus: GetProvisioningId failed");
return UNKNOWN_ERROR;
}
@@ -527,7 +615,15 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
query_token == QUERY_KEY_MAX_HDCP_LEVEL) {
CryptoSession::HdcpCapability current_hdcp;
CryptoSession::HdcpCapability max_hdcp;
if (!crypto_session.GetHdcpCapabilities(&current_hdcp, &max_hdcp)) {
bool got_hdcp;
M_TIME(
got_hdcp = crypto_session.GetHdcpCapabilities(
&current_hdcp,
&max_hdcp),
&metrics_,
crypto_session_get_hdcp_capabilities_,
got_hdcp);
if (!got_hdcp) {
LOGW("CdmEngine::QueryStatus: GetHdcpCapabilities failed");
return UNKNOWN_ERROR;
}
@@ -536,7 +632,14 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
current_hdcp : max_hdcp);
} else if (query_token == QUERY_KEY_USAGE_SUPPORT) {
bool supports_usage_reporting;
if (!crypto_session.UsageInformationSupport(&supports_usage_reporting)) {
bool got_info;
M_TIME(
got_info = crypto_session.UsageInformationSupport(
&supports_usage_reporting),
&metrics_,
crypto_session_usage_information_support_,
got_info);
if (!got_info) {
LOGW("CdmEngine::QueryStatus: UsageInformationSupport failed");
return UNKNOWN_ERROR;
}
@@ -545,7 +648,14 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
supports_usage_reporting ? QUERY_VALUE_TRUE : QUERY_VALUE_FALSE;
} else if (query_token == QUERY_KEY_NUMBER_OF_OPEN_SESSIONS) {
size_t number_of_open_sessions;
if (!crypto_session.GetNumberOfOpenSessions(&number_of_open_sessions)) {
bool got_num;
M_TIME(
got_num = crypto_session.GetNumberOfOpenSessions(
&number_of_open_sessions),
&metrics_,
crypto_session_get_number_of_open_sessions_,
got_num);
if (!got_num) {
LOGW("CdmEngine::QueryStatus: GetNumberOfOpenSessions failed");
return UNKNOWN_ERROR;
}
@@ -555,7 +665,14 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
*query_response = open_sessions_stream.str();
} else if (query_token == QUERY_KEY_MAX_NUMBER_OF_SESSIONS) {
size_t maximum_number_of_sessions;
if (!crypto_session.GetMaxNumberOfSessions(&maximum_number_of_sessions)) {
bool got_num;
M_TIME(
got_num = crypto_session.GetMaxNumberOfSessions(
&maximum_number_of_sessions),
&metrics_,
crypto_session_get_max_number_of_sessions_,
got_num);
if (!got_num) {
LOGW("CdmEngine::QueryStatus: GetMaxNumberOfOpenSessions failed");
return UNKNOWN_ERROR;
}
@@ -565,7 +682,14 @@ CdmResponseType CdmEngine::QueryStatus(SecurityLevel security_level,
*query_response = max_sessions_stream.str();
} else if (query_token == QUERY_KEY_OEMCRYPTO_API_VERSION) {
uint32_t api_version;
if (!crypto_session.GetApiVersion(&api_version)) {
bool got_version;
M_TIME(
got_version = crypto_session.GetApiVersion(
&api_version),
&metrics_,
crypto_session_get_api_version_,
got_version);
if (!got_version) {
LOGW("CdmEngine::QueryStatus: GetApiVersion failed");
return UNKNOWN_ERROR;
}
@@ -591,7 +715,15 @@ CdmResponseType CdmEngine::QuerySessionStatus(const CdmSessionId& session_id,
session_id.c_str());
return SESSION_NOT_FOUND_8;
}
return iter->second->QueryStatus(query_response);
CdmResponseType sts;
M_TIME(
sts = iter->second->QueryStatus(
query_response),
iter->second->GetMetrics(),
cdm_session_query_status_,
sts);
return sts;
}
bool CdmEngine::IsReleaseSession(const CdmSessionId& session_id) {
@@ -625,7 +757,14 @@ CdmResponseType CdmEngine::QueryKeyStatus(const CdmSessionId& session_id,
session_id.c_str());
return SESSION_NOT_FOUND_9;
}
return iter->second->QueryKeyStatus(query_response);
CdmResponseType sts;
M_TIME(
sts = iter->second->QueryKeyStatus(
query_response),
iter->second->GetMetrics(),
cdm_session_query_key_status_,
sts);
return sts;
}
CdmResponseType CdmEngine::QueryKeyAllowedUsage(const CdmSessionId& session_id,
@@ -642,7 +781,15 @@ CdmResponseType CdmEngine::QueryKeyAllowedUsage(const CdmSessionId& session_id,
session_id.c_str());
return SESSION_NOT_FOUND_12;
}
return iter->second->QueryKeyAllowedUsage(key_id, key_usage);
CdmResponseType sts;
M_TIME(
sts = iter->second->QueryKeyAllowedUsage(
key_id,
key_usage),
iter->second->GetMetrics(),
cdm_session_query_key_allowed_usage_,
sts);
return sts;
}
CdmResponseType CdmEngine::QueryKeyAllowedUsage(const std::string& key_id,
@@ -658,8 +805,13 @@ CdmResponseType CdmEngine::QueryKeyAllowedUsage(const std::string& key_id,
key_usage->Clear();
for (CdmSessionMap::iterator iter = sessions_.begin();
iter != sessions_.end(); ++iter) {
session_sts = iter->second->QueryKeyAllowedUsage(key_id,
&found_in_this_session);
M_TIME(
session_sts = iter->second->QueryKeyAllowedUsage(
key_id,
&found_in_this_session),
iter->second->GetMetrics(),
cdm_session_query_key_allowed_usage_,
session_sts);
if (session_sts == NO_ERROR) {
if (found) {
// Found another key. If usage settings do not match, fail.
@@ -690,7 +842,14 @@ CdmResponseType CdmEngine::QueryOemCryptoSessionId(
session_id.c_str());
return SESSION_NOT_FOUND_10;
}
return iter->second->QueryOemCryptoSessionId(query_response);
CdmResponseType sts;
M_TIME(
sts = iter->second->QueryOemCryptoSessionId(
query_response),
iter->second->GetMetrics(),
cdm_session_query_oemcrypto_session_id_,
sts);
return sts;
}
/*
@@ -715,7 +874,7 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
DeleteAllUsageReportsUponFactoryReset();
if (NULL == cert_provisioning_.get()) {
cert_provisioning_.reset(new CertificateProvisioning());
cert_provisioning_.reset(new CertificateProvisioning(&metrics_));
}
CdmResponseType ret = cert_provisioning_->GetProvisioningRequest(
cert_provisioning_requested_security_level_, cert_type, cert_authority,
@@ -757,16 +916,27 @@ CdmResponseType CdmEngine::HandleProvisioningResponse(
if (NULL == cert_provisioning_.get()) {
// Certificate provisioning object has been released. Check if a concurrent
// provisioning attempt has succeeded before declaring failure.
CryptoSession crypto_session;
CdmResponseType status =
crypto_session.Open(cert_provisioning_requested_security_level_);
CryptoSession crypto_session(&metrics_);
CdmResponseType status;
M_TIME(
status = crypto_session.Open(
cert_provisioning_requested_security_level_),
&metrics_,
crypto_session_open_,
status,
cert_provisioning_requested_security_level_);
if (NO_ERROR != status) {
LOGE(
"CdmEngine::HandleProvisioningResponse: provisioning object "
"missing and crypto session open failed.");
return EMPTY_PROVISIONING_CERTIFICATE_2;
}
CdmSecurityLevel security_level = crypto_session.GetSecurityLevel();
CdmSecurityLevel security_level;
M_TIME(
security_level = crypto_session.GetSecurityLevel(),
&metrics_,
crypto_session_get_security_level_,
security_level);
if (!IsProvisioned(security_level)) {
LOGE(
"CdmEngine::HandleProvisioningResponse: provisioning object "
@@ -814,14 +984,26 @@ CdmResponseType CdmEngine::Unprovision(CdmSecurityLevel security_level) {
return UNPROVISION_ERROR_3;
}
CryptoSession crypto_session;
CdmResponseType status = crypto_session.Open(
CryptoSession crypto_session(&metrics_);
CdmResponseType status;
M_TIME(
status = crypto_session.Open(
security_level == kSecurityLevelL3 ?
kLevel3 :
kLevelDefault),
&metrics_,
crypto_session_open_,
status,
security_level == kSecurityLevelL3 ? kLevel3 : kLevelDefault);
if (NO_ERROR != status) {
LOGE("CdmEngine::Unprovision: error opening crypto session: %d", status);
return UNPROVISION_ERROR_4;
}
status = crypto_session.DeleteAllUsageReports();
M_TIME(
status = crypto_session.DeleteAllUsageReports(),
&metrics_,
crypto_session_delete_all_usage_reports_,
status);
if (status != NO_ERROR) {
LOGE("CdmEngine::Unprovision: error deleteing usage reports: %d", status);
}
@@ -1093,22 +1275,38 @@ CdmResponseType CdmEngine::LoadUsageSession(const CdmKeySetId& key_set_id,
return LOAD_USAGE_INFO_MISSING;
}
CdmResponseType status =
iter->second->RestoreUsageSession(key_message, key_response);
CdmResponseType status;
M_TIME(
status = iter->second->RestoreUsageSession(
key_message,
key_response),
iter->second->GetMetrics(),
cdm_session_restore_usage_session_,
status);
if (KEY_ADDED != status) {
LOGE("CdmEngine::LoadUsageSession: usage session error %ld", status);
return status;
}
CdmKeyRequest request;
status = iter->second->GenerateReleaseRequest(&request);
M_TIME(
status = iter->second->GenerateReleaseRequest(
&request),
iter->second->GetMetrics(),
cdm_session_generate_release_request_,
status);
*release_message = request.message;
switch (status) {
case KEY_MESSAGE:
break;
case KEY_CANCELED: // usage information not present in
iter->second->DeleteLicense(); // OEMCrypto, delete and try again
case KEY_CANCELED:
/* usage information not present in OEMCrypto, delete and try again */
M_TIME(
iter->second->DeleteLicense(),
iter->second->GetMetrics(),
cdm_session_delete_license_);
break;
default:
LOGE("CdmEngine::LoadUsageSession: generate release request error: %d",
@@ -1151,7 +1349,15 @@ CdmResponseType CdmEngine::Decrypt(const CdmSessionId& session_id,
int64_t seconds_remaining = 0;
for (CdmSessionMap::iterator iter = sessions_.begin();
iter != sessions_.end(); ++iter) {
if (iter->second->IsKeyLoaded(*parameters.key_id)) {
bool is_key_loaded;
M_TIME(
is_key_loaded = iter->second->IsKeyLoaded(
*parameters.key_id),
iter->second->GetMetrics(),
cdm_session_is_key_loaded_,
is_key_loaded);
if (is_key_loaded) {
int64_t duration = iter->second->GetDurationRemaining();
if (duration > seconds_remaining) {
session_iter = iter;
@@ -1168,7 +1374,14 @@ CdmResponseType CdmEngine::Decrypt(const CdmSessionId& session_id,
return SESSION_NOT_FOUND_FOR_DECRYPT;
}
return session_iter->second->Decrypt(parameters);
CdmResponseType decrypt_sts;
M_TIME(
decrypt_sts = session_iter->second->Decrypt(
parameters),
session_iter->second->GetMetrics(),
cdm_session_decrypt_,
decrypt_sts);
return decrypt_sts;
}
CdmResponseType CdmEngine::GenericEncrypt(
@@ -1181,8 +1394,20 @@ CdmResponseType CdmEngine::GenericEncrypt(
session_id.c_str());
return SESSION_NOT_FOUND_13;
}
return iter->second->GenericEncrypt(in_buffer, key_id, iv, algorithm,
out_buffer);
CdmResponseType sts;
M_TIME(
sts = iter->second->GenericEncrypt(
in_buffer,
key_id,
iv,
algorithm,
out_buffer),
iter->second->GetMetrics(),
cdm_session_generic_encrypt_,
sts,
metrics::Pow2Bucket(in_buffer.size()),
algorithm);
return sts;
}
CdmResponseType CdmEngine::GenericDecrypt(
@@ -1196,8 +1421,20 @@ CdmResponseType CdmEngine::GenericDecrypt(
session_id.c_str());
return SESSION_NOT_FOUND_14;
}
return iter->second->GenericDecrypt(in_buffer, key_id, iv, algorithm,
out_buffer);
CdmResponseType sts;
M_TIME(
sts = iter->second->GenericDecrypt(
in_buffer,
key_id,
iv,
algorithm,
out_buffer),
iter->second->GetMetrics(),
cdm_session_generic_decrypt_,
sts,
metrics::Pow2Bucket(in_buffer.size()),
algorithm);
return sts;
}
CdmResponseType CdmEngine::GenericSign(
@@ -1210,7 +1447,19 @@ CdmResponseType CdmEngine::GenericSign(
session_id.c_str());
return SESSION_NOT_FOUND_15;
}
return iter->second->GenericSign(message, key_id, algorithm, signature);
CdmResponseType sts;
M_TIME(
sts = iter->second->GenericSign(
message,
key_id,
algorithm,
signature),
iter->second->GetMetrics(),
cdm_session_generic_sign_,
sts,
metrics::Pow2Bucket(message.size()),
algorithm);
return sts;
}
CdmResponseType CdmEngine::GenericVerify(
@@ -1223,7 +1472,19 @@ CdmResponseType CdmEngine::GenericVerify(
session_id.c_str());
return SESSION_NOT_FOUND_16;
}
return iter->second->GenericVerify(message, key_id, algorithm, signature);
CdmResponseType sts;
M_TIME(
sts = iter->second->GenericVerify(
message,
key_id,
algorithm,
signature),
iter->second->GetMetrics(),
cdm_session_generic_verify_,
sts,
metrics::Pow2Bucket(message.size()),
algorithm);
return sts;
}
bool CdmEngine::IsKeyLoaded(const KeyId& key_id) {
@@ -1318,7 +1579,12 @@ void CdmEngine::OnTimerEvent() {
if (!has_usage_been_updated) {
// usage is updated for all sessions so this needs to be
// called only once per update usage information period
CdmResponseType status = iter->second->UpdateUsageInformation();
CdmResponseType status;
M_TIME(
status = iter->second->UpdateUsageInformation(),
iter->second->GetMetrics(),
cdm_session_update_usage_information_,
status);
if (NO_ERROR != status) {
LOGW("Update usage information failed: %d", status);
} else {
@@ -1391,11 +1657,21 @@ void CdmEngine::DeleteAllUsageReportsUponFactoryReset() {
if (!file_system_->Exists(device_base_path_level1) &&
!file_system_->Exists(device_base_path_level3)) {
scoped_ptr<CryptoSession> crypto_session(new CryptoSession());
CdmResponseType status = crypto_session->Open(
scoped_ptr<CryptoSession> crypto_session(new CryptoSession(&metrics_));
CdmResponseType status;
M_TIME(
status = crypto_session->Open(
cert_provisioning_requested_security_level_),
&metrics_,
crypto_session_open_,
status,
cert_provisioning_requested_security_level_);
if (NO_ERROR == status) {
status = crypto_session->DeleteAllUsageReports();
M_TIME(
status = crypto_session->DeleteAllUsageReports(),
&metrics_,
crypto_session_delete_all_usage_reports_,
status);
if (NO_ERROR != status) {
LOGW(
"CdmEngine::GetProvisioningRequest: "

153
libwvdrmengine/cdm/core/src/cdm_session.cpp
View File

@@ -12,6 +12,7 @@
#include "clock.h"
#include "file_store.h"
#include "log.h"
#include "metrics_front_end.h"
#include "properties.h"
#include "string_conversions.h"
#include "wv_cdm_constants.h"
@@ -25,7 +26,6 @@ namespace wvcdm {
CdmSession::CdmSession(FileSystem* file_system) :
initialized_(false),
crypto_session_(new CryptoSession),
file_handle_(new DeviceFiles(file_system)),
license_received_(false),
is_offline_(false),
@@ -38,7 +38,10 @@ CdmSession::CdmSession(FileSystem* file_system) :
is_initial_usage_update_(true),
is_usage_update_needed_(false),
mock_license_parser_in_use_(false),
mock_policy_engine_in_use_(false) {}
mock_policy_engine_in_use_(false),
crypto_session_(new CryptoSession(&metrics_)) {
life_span_.Start();
}
CdmSession::~CdmSession() {
if (!key_set_id_.empty()) {
@@ -46,6 +49,8 @@ CdmSession::~CdmSession() {
file_handle_->UnreserveLicenseId(key_set_id_);
}
Properties::RemoveSessionPropertySet(session_id_);
M_RECORD(&metrics_, cdm_session_life_span_, life_span_.AsMs());
}
CdmResponseType CdmSession::Init(
@@ -67,10 +72,20 @@ CdmResponseType CdmSession::Init(CdmClientPropertySet* cdm_client_property_set,
requested_security_level_ = kLevel3;
security_level_ = kSecurityLevelL3;
}
CdmResponseType sts = crypto_session_->Open(requested_security_level_);
CdmResponseType sts;
M_TIME(
sts = crypto_session_->Open(
requested_security_level_),
&metrics_,
crypto_session_open_,
sts,
requested_security_level_);
if (NO_ERROR != sts) return sts;
security_level_ = crypto_session_->GetSecurityLevel();
M_TIME(
security_level_ = crypto_session_->GetSecurityLevel(),
&metrics_,
crypto_session_get_security_level_,
security_level_);
if (!file_handle_->Init(security_level_)) {
LOGE("CdmSession::Init: Unable to initialize file handle");
return SESSION_FILE_HANDLE_INIT_ERROR;
@@ -90,15 +105,32 @@ CdmResponseType CdmSession::Init(CdmClientPropertySet* cdm_client_property_set,
// Keybox is client token.
LOGW("CdmSession::Init: Properties::use_certificates_as_identification() "
"is not set - using Keybox for license requests (not recommended).");
if (!crypto_session_->GetClientToken(&client_token)) {
bool get_client_token_sts;
M_TIME(
get_client_token_sts = crypto_session_->GetClientToken(
&client_token),
&metrics_,
crypto_session_get_token_,
get_client_token_sts);
if (!get_client_token_sts) {
return SESSION_INIT_ERROR_1;
}
} else {
// License server client ID token is a stored certificate. Stage it or
// indicate that provisioning is needed. Get token from stored certificate
std::string wrapped_key;
if (!file_handle_->RetrieveCertificate(&client_token, &wrapped_key) ||
!crypto_session_->LoadCertificatePrivateKey(wrapped_key)) {
if (!file_handle_->RetrieveCertificate(&client_token, &wrapped_key)) {
return NEED_PROVISIONING;
}
bool load_cert_sts;
M_TIME(
load_cert_sts = crypto_session_->LoadCertificatePrivateKey(
wrapped_key),
&metrics_,
crypto_session_load_certificate_private_key_,
load_cert_sts);
if(!load_cert_sts) {
return NEED_PROVISIONING;
}
client_token_type = kClientTokenDrmCert;
@@ -417,7 +449,13 @@ CdmResponseType CdmSession::Decrypt(const CdmDecryptionParameters& params) {
return policy_engine_->IsLicenseForFuture() ? DECRYPT_NOT_READY : NEED_KEY;
}
CdmResponseType status = crypto_session_->Decrypt(params);
CdmResponseType status;
M_TIME(
status = crypto_session_->Decrypt(
params),
&metrics_, crypto_session_decrypt_,
status);
if (status == NO_ERROR) {
if (is_initial_decryption_) {
@@ -526,8 +564,19 @@ bool CdmSession::GenerateKeySetId(CdmKeySetId* key_set_id) {
(kKeySetIdLength - sizeof(KEY_SET_ID_PREFIX)) / 2, 0);
while (key_set_id->empty()) {
if (!crypto_session_->GetRandom(random_data.size(), &random_data[0]))
bool sts;
M_TIME(
sts = crypto_session_->GetRandom(
random_data.size(),
&random_data[0]),
&metrics_,
crypto_session_get_random_,
sts,
metrics::Pow2Bucket(random_data.size()));
if (!sts) {
return false;
}
*key_set_id = KEY_SET_ID_PREFIX + b2a_hex(random_data);
@@ -595,7 +644,11 @@ bool CdmSession::StoreLicense(DeviceFiles::LicenseState state) {
}
CdmResponseType CdmSession::ReleaseCrypto() {
crypto_session_->Close();
M_TIME(
crypto_session_->Close(),
&metrics_,
crypto_session_close_);
return NO_ERROR;
}
@@ -642,12 +695,24 @@ void CdmSession::GetApplicationId(std::string* app_id) {
CdmResponseType CdmSession::DeleteMultipleUsageInformation(
const std::vector<std::string>& provider_session_tokens) {
return crypto_session_->DeleteMultipleUsageInformation(
provider_session_tokens);
CdmResponseType sts;
M_TIME(
sts = crypto_session_->DeleteMultipleUsageInformation(
provider_session_tokens),
&metrics_,
crypto_session_delete_multiple_usage_information_,
sts);
return sts;
}
CdmResponseType CdmSession::UpdateUsageInformation() {
return crypto_session_->UpdateUsageInformation();
CdmResponseType sts;
M_TIME(
sts = crypto_session_->UpdateUsageInformation(),
&metrics_,
crypto_session_update_usage_information_,
sts);
return sts;
}
CdmResponseType CdmSession::GenericEncrypt(const std::string& in_buffer,
@@ -659,8 +724,20 @@ CdmResponseType CdmSession::GenericEncrypt(const std::string& in_buffer,
LOGE("CdmSession::GenericEncrypt: No output destination provided");
return INVALID_PARAMETERS_ENG_6;
}
return crypto_session_->GenericEncrypt(in_buffer, key_id, iv, algorithm,
out_buffer);
CdmResponseType sts;
M_TIME(
sts = crypto_session_->GenericEncrypt(
in_buffer,
key_id,
iv,
algorithm,
out_buffer),
&metrics_,
crypto_session_generic_encrypt_,
sts,
metrics::Pow2Bucket(in_buffer.size()),
algorithm);
return sts;
}
CdmResponseType CdmSession::GenericDecrypt(const std::string& in_buffer,
@@ -672,8 +749,20 @@ CdmResponseType CdmSession::GenericDecrypt(const std::string& in_buffer,
LOGE("CdmSession::GenericDecrypt: No output destination provided");
return INVALID_PARAMETERS_ENG_7;
}
return crypto_session_->GenericDecrypt(in_buffer, key_id, iv, algorithm,
out_buffer);
CdmResponseType sts;
M_TIME(
sts = crypto_session_->GenericDecrypt(
in_buffer,
key_id,
iv,
algorithm,
out_buffer),
&metrics_,
crypto_session_generic_decrypt_,
sts,
metrics::Pow2Bucket(in_buffer.size()),
algorithm);
return sts;
}
CdmResponseType CdmSession::GenericSign(const std::string& message,
@@ -684,14 +773,38 @@ CdmResponseType CdmSession::GenericSign(const std::string& message,
LOGE("CdmSession::GenericSign: No output destination provided");
return INVALID_PARAMETERS_ENG_8;
}
return crypto_session_->GenericSign(message, key_id, algorithm, signature);
CdmResponseType sts;
M_TIME(
sts = crypto_session_->GenericSign(
message,
key_id,
algorithm,
signature),
&metrics_,
crypto_session_generic_sign_,
sts,
metrics::Pow2Bucket(message.size()),
algorithm);
return sts;
}
CdmResponseType CdmSession::GenericVerify(const std::string& message,
const std::string& key_id,
CdmSigningAlgorithm algorithm,
const std::string& signature) {
return crypto_session_->GenericVerify(message, key_id, algorithm, signature);
CdmResponseType sts;
M_TIME(
sts = crypto_session_->GenericVerify(
message,
key_id,
algorithm,
signature),
&metrics_,
crypto_session_generic_verify_,
sts,
metrics::Pow2Bucket(message.size()),
algorithm);
return sts;
}
// For testing only - takes ownership of pointers

667
libwvdrmengine/cdm/core/src/crypto_session.cpp
View File

@@ -12,6 +12,7 @@
#include "crypto_key.h"
#include "log.h"
#include "metrics_front_end.h"
#include "properties.h"
#include "pst_report.h"
#include "string_conversions.h"
@@ -39,14 +40,16 @@ bool CryptoSession::initialized_ = false;
int CryptoSession::session_count_ = 0;
uint64_t CryptoSession::request_id_index_ = 0;
CryptoSession::CryptoSession()
: open_(false),
CryptoSession::CryptoSession(metrics::MetricsGroup* metrics)
: metrics_(metrics),
open_(false),
update_usage_table_after_close_session_(false),
is_destination_buffer_type_valid_(false),
requested_security_level_(kLevelDefault),
request_id_base_(0),
cipher_mode_(kCipherModeCtr) {
Init();
life_span_.Start();
}
CryptoSession::~CryptoSession() {
@@ -54,6 +57,7 @@ CryptoSession::~CryptoSession() {
Close();
}
Terminate();
M_RECORD(metrics_, crypto_session_life_span_, life_span_.AsMs());
}
bool CryptoSession::GetProvisioningMethod(CdmClientTokenType* token_type) {
@@ -81,7 +85,12 @@ void CryptoSession::Init() {
AutoLock auto_lock(crypto_lock_);
session_count_ += 1;
if (!initialized_) {
OEMCryptoResult sts = OEMCrypto_Initialize();
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_Initialize(),
metrics_,
oemcrypto_initialize_,
sts);
if (OEMCrypto_SUCCESS != sts) {
LOGE("OEMCrypto_Initialize failed: %d", sts);
return;
@@ -116,8 +125,19 @@ bool CryptoSession::GetTokenFromKeybox(std::string* token) {
// lock is held by caller
size_t buf_size = temp_buffer.size();
uint8_t* buf = reinterpret_cast<uint8_t*>(&temp_buffer[0]);
status = OEMCrypto_GetKeyData(buf, &buf_size, requested_security_level_);
if (status == OEMCrypto_SUCCESS) {
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_GetKeyData(
buf,
&buf_size,
requested_security_level_),
metrics_,
oemcrypto_get_key_data_,
sts,
metrics::Pow2Bucket(buf_size),
requested_security_level_);
if (OEMCrypto_SUCCESS == sts) {
token->swap(temp_buffer);
return true;
}
@@ -158,7 +178,6 @@ bool CryptoSession::GetClientToken(std::string* token) {
if (!initialized_) {
return false;
}
// Only keybox is used for client token. All other cases use DRM Cert.
if (pre_provision_token_type_ != kClientTokenKeybox) {
return false;
@@ -194,8 +213,14 @@ CdmSecurityLevel CryptoSession::GetSecurityLevel() {
return kSecurityLevelUninitialized;
}
std::string security_level =
OEMCrypto_SecurityLevel(requested_security_level_);
std::string security_level;
M_TIME(
security_level = OEMCrypto_SecurityLevel(
requested_security_level_),
metrics_,
oemcrypto_security_level_,
security_level,
requested_security_level_);
if ((security_level.size() != 2) || (security_level.at(0) != 'L')) {
return kSecurityLevelUnknown;
@@ -234,8 +259,16 @@ bool CryptoSession::GetDeviceUniqueId(std::string* device_id) {
size_t id_length = 32;
id.resize(id_length);
OEMCryptoResult sts =
OEMCrypto_GetDeviceID(&id[0], &id_length, requested_security_level_);
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_GetDeviceID(
&id[0],
&id_length,
requested_security_level_),
metrics_,
oemcrypto_get_device_id_,
sts,
requested_security_level_);
if (OEMCrypto_SUCCESS != sts) {
return false;
@@ -255,7 +288,13 @@ bool CryptoSession::GetApiVersion(uint32_t* version) {
if (!initialized_) {
return false;
}
*version = OEMCrypto_APIVersion(requested_security_level_);
M_TIME(
*version = OEMCrypto_APIVersion(requested_security_level_),
metrics_,
oemcrypto_api_version_,
*version,
requested_security_level_);
return true;
}
@@ -273,8 +312,17 @@ bool CryptoSession::GetSystemId(uint32_t* system_id) {
if (!initialized_) {
return false;
}
OEMCryptoResult sts =
OEMCrypto_GetKeyData(buf, &buf_size, requested_security_level_);
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_GetKeyData(
buf,
&buf_size,
requested_security_level_),
metrics_,
oemcrypto_get_key_data_,
sts,
metrics::Pow2Bucket(buf_size),
requested_security_level_);
if (OEMCrypto_SUCCESS != sts) {
return false;
@@ -302,9 +350,17 @@ bool CryptoSession::GetProvisioningId(std::string* provisioning_id) {
if (!initialized_) {
return false;
}
OEMCryptoResult sts =
OEMCrypto_GetKeyData(buf, &buf_size, requested_security_level_);
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_GetKeyData(
buf,
&buf_size,
requested_security_level_),
metrics_,
oemcrypto_get_key_data_,
sts,
metrics::Pow2Bucket(buf_size),
requested_security_level_);
if (OEMCrypto_SUCCESS != sts) {
return false;
}
@@ -314,7 +370,15 @@ bool CryptoSession::GetProvisioningId(std::string* provisioning_id) {
}
uint8_t CryptoSession::GetSecurityPatchLevel() {
return OEMCrypto_Security_Patch_Level(requested_security_level_);
uint8_t patch;
M_TIME(
patch = OEMCrypto_Security_Patch_Level(
requested_security_level_),
metrics_,
oemcrypto_security_patch_level_,
patch,
requested_security_level_);
return patch;
}
CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) {
@@ -325,7 +389,15 @@ CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) {
OEMCrypto_SESSION sid;
requested_security_level_ = requested_security_level;
OEMCryptoResult sts = OEMCrypto_OpenSession(&sid, requested_security_level);
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_OpenSession(
&sid,
requested_security_level),
metrics_,
oemcrypto_open_session_,
sts,
requested_security_level);
if (OEMCrypto_SUCCESS == sts) {
oec_session_id_ = static_cast<CryptoSessionId>(sid);
LOGV("OpenSession: id= %ld", (uint32_t)oec_session_id_);
@@ -340,8 +412,15 @@ CdmResponseType CryptoSession::Open(SecurityLevel requested_security_level) {
sts, session_count_, (int)initialized_);
return UNKNOWN_ERROR;
}
OEMCrypto_GetRandom(reinterpret_cast<uint8_t*>(&request_id_base_),
sizeof(request_id_base_));
OEMCryptoResult random_sts;
M_TIME(
random_sts = OEMCrypto_GetRandom(
reinterpret_cast<uint8_t*>(&request_id_base_),
sizeof(request_id_base_)),
metrics_,
oemcrypto_get_random_,
random_sts,
metrics::Pow2Bucket(sizeof(request_id_base_)));
++request_id_index_;
return NO_ERROR;
}
@@ -351,12 +430,25 @@ void CryptoSession::Close() {
open_ ? "true" : "false");
AutoLock auto_lock(crypto_lock_);
if (!open_) return;
if (OEMCrypto_SUCCESS == OEMCrypto_CloseSession(oec_session_id_)) {
OEMCryptoResult close_sts;
M_TIME(
close_sts = OEMCrypto_CloseSession(
oec_session_id_),
metrics_,
oemcrypto_close_session_,
close_sts);
if (OEMCrypto_SUCCESS == close_sts) {
open_ = false;
if (update_usage_table_after_close_session_) {
OEMCryptoResult sts = OEMCrypto_UpdateUsageTable();
if (sts != OEMCrypto_SUCCESS)
LOGW("CryptoSession::Close: OEMCrypto_UpdateUsageTable error=%ld", sts);
OEMCryptoResult update_sts;
M_TIME(
update_sts = OEMCrypto_UpdateUsageTable(),
metrics_,
oemcrypto_update_usage_table_,
update_sts);
if ( update_sts != OEMCrypto_SUCCESS)
LOGW("CryptoSession::Close: OEMCrypto_UpdateUsageTable error=%ld", update_sts);
}
}
}
@@ -504,24 +596,39 @@ CdmResponseType CryptoSession::LoadKeys(
}
uint8_t* pst = NULL;
if (!provider_session_token.empty()) {
pst =
const_cast<uint8_t*>(msg) + GetOffset(message, provider_session_token);
pst = const_cast<uint8_t*>(msg) + GetOffset(message, provider_session_token);
}
uint8_t* srm_req = NULL;
if (!srm_requirement.empty())
srm_req = const_cast<uint8_t*>(msg) + GetOffset(message, srm_requirement);
LOGV("LoadKeys: id=%ld", (uint32_t)oec_session_id_);
OEMCryptoResult sts = OEMCrypto_LoadKeys(
oec_session_id_, msg, message.size(),
reinterpret_cast<const uint8_t*>(signature.data()), signature.size(),
enc_mac_key_iv, enc_mac_key, keys.size(), &load_keys[0], pst,
provider_session_token.length(), srm_req);
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_LoadKeys(
oec_session_id_,
msg,
message.size(),
reinterpret_cast<const uint8_t*>(signature.data()),
signature.size(),
enc_mac_key_iv,
enc_mac_key,
keys.size(),
&load_keys[0],
pst,
provider_session_token.length(),
srm_req),
metrics_,
oemcrypto_load_keys_,
sts);
if (OEMCrypto_SUCCESS == sts) {
if (!provider_session_token.empty()) {
update_usage_table_after_close_session_ = true;
sts = OEMCrypto_UpdateUsageTable();
M_TIME(
sts = OEMCrypto_UpdateUsageTable(),
metrics_,
oemcrypto_update_usage_table_,
sts);
if (sts != OEMCrypto_SUCCESS) {
LOGW("CryptoSession::LoadKeys: OEMCrypto_UpdateUsageTable error=%ld",
sts);
@@ -542,10 +649,15 @@ bool CryptoSession::LoadCertificatePrivateKey(std::string& wrapped_key) {
AutoLock auto_lock(crypto_lock_);
LOGV("LoadDeviceRSAKey: id=%ld", (uint32_t)oec_session_id_);
OEMCryptoResult sts = OEMCrypto_LoadDeviceRSAKey(
oec_session_id_, reinterpret_cast<const uint8_t*>(wrapped_key.data()),
wrapped_key.size());
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_LoadDeviceRSAKey(
oec_session_id_,
reinterpret_cast<const uint8_t*>(wrapped_key.data()),
wrapped_key.size()),
metrics_,
oemcrypto_load_device_rsa_key_,
sts);
if (OEMCrypto_SUCCESS != sts) {
LOGE("LoadCertificatePrivateKey: OEMCrypto_LoadDeviceRSAKey error=%d", sts);
return false;
@@ -583,11 +695,20 @@ bool CryptoSession::RefreshKeys(const std::string& message,
}
}
LOGV("RefreshKeys: id=%ld", static_cast<uint32_t>(oec_session_id_));
return (
OEMCrypto_SUCCESS ==
OEMCrypto_RefreshKeys(oec_session_id_, msg, message.size(),
reinterpret_cast<const uint8_t*>(signature.data()),
signature.size(), num_keys, &load_key_array[0]));
OEMCryptoResult refresh_sts;
M_TIME(
refresh_sts = OEMCrypto_RefreshKeys(
oec_session_id_,
msg,
message.size(),
reinterpret_cast<const uint8_t*>(signature.data()),
signature.size(),
num_keys,
&load_key_array[0]),
metrics_,
oemcrypto_refresh_keys_,
refresh_sts);
return OEMCrypto_SUCCESS == refresh_sts;
}
CdmResponseType CryptoSession::SelectKey(const std::string& key_id) {
@@ -602,10 +723,21 @@ CdmResponseType CryptoSession::SelectKey(const std::string& key_id) {
const uint8_t* key_id_string =
reinterpret_cast<const uint8_t*>(cached_key_id_.data());
OEMCryptoResult sts =
OEMCrypto_SelectKey(oec_session_id_, key_id_string,
cached_key_id_.size());
if (OEMCrypto_SUCCESS != sts) cached_key_id_.clear();
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_SelectKey(
oec_session_id_,
key_id_string,
cached_key_id_.size()),
metrics_,
oemcrypto_select_key_,
sts);
if (OEMCrypto_SUCCESS != sts) {
cached_key_id_.clear();
}
switch (sts) {
case OEMCrypto_SUCCESS:
@@ -640,13 +772,17 @@ bool CryptoSession::GenerateDerivedKeys(const std::string& message) {
GenerateEncryptContext(message, &enc_deriv_message);
LOGV("GenerateDerivedKeys: id=%ld", (uint32_t)oec_session_id_);
OEMCryptoResult sts = OEMCrypto_GenerateDerivedKeys(
oec_session_id_,
reinterpret_cast<const uint8_t*>(mac_deriv_message.data()),
mac_deriv_message.size(),
reinterpret_cast<const uint8_t*>(enc_deriv_message.data()),
enc_deriv_message.size());
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_GenerateDerivedKeys(
oec_session_id_,
reinterpret_cast<const uint8_t*>(mac_deriv_message.data()),
mac_deriv_message.size(),
reinterpret_cast<const uint8_t*>(enc_deriv_message.data()),
enc_deriv_message.size()),
metrics_,
oemcrypto_generate_derived_keys_,
sts);
if (OEMCrypto_SUCCESS != sts) {
LOGE("GenerateDerivedKeys: OEMCrypto_GenerateDerivedKeys error=%d", sts);
return false;
@@ -663,13 +799,19 @@ bool CryptoSession::GenerateDerivedKeys(const std::string& message,
GenerateEncryptContext(message, &enc_deriv_message);
LOGV("GenerateDerivedKeys: id=%ld", (uint32_t)oec_session_id_);
OEMCryptoResult sts = OEMCrypto_DeriveKeysFromSessionKey(
oec_session_id_, reinterpret_cast<const uint8_t*>(session_key.data()),
session_key.size(),
reinterpret_cast<const uint8_t*>(mac_deriv_message.data()),
mac_deriv_message.size(),
reinterpret_cast<const uint8_t*>(enc_deriv_message.data()),
enc_deriv_message.size());
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_DeriveKeysFromSessionKey(
oec_session_id_,
reinterpret_cast<const uint8_t*>(session_key.data()),
session_key.size(),
reinterpret_cast<const uint8_t*>(mac_deriv_message.data()),
mac_deriv_message.size(),
reinterpret_cast<const uint8_t*>(enc_deriv_message.data()),
enc_deriv_message.size()),
metrics_,
oemcrypto_derive_keys_from_session_key_,
sts);
if (OEMCrypto_SUCCESS != sts) {
LOGE("GenerateDerivedKeys: OEMCrypto_DeriveKeysFromSessionKey err=%d", sts);
@@ -693,12 +835,17 @@ bool CryptoSession::GenerateSignature(const std::string& message,
// At most two attempts.
// The first attempt may fail due to buffer too short
for (int i = 0; i < 2; ++i) {
sts = OEMCrypto_GenerateSignature(
oec_session_id_, reinterpret_cast<const uint8_t*>(message.data()),
message.size(),
reinterpret_cast<uint8_t*>(const_cast<char*>(signature->data())),
&length);
M_TIME(
sts = OEMCrypto_GenerateSignature(
oec_session_id_,
reinterpret_cast<const uint8_t*>(message.data()),
message.size(),
reinterpret_cast<uint8_t*>(const_cast<char*>(signature->data())),
&length),
metrics_,
oemcrypto_generate_signature_,
sts,
metrics::Pow2Bucket(length));
if (OEMCrypto_SUCCESS == sts) {
// Trim signature buffer and done
signature->resize(length);
@@ -731,11 +878,18 @@ bool CryptoSession::GenerateRsaSignature(const std::string& message,
// At most two attempts.
// The first attempt may fail due to buffer too short
for (int i = 0; i < 2; ++i) {
sts = OEMCrypto_GenerateRSASignature(
oec_session_id_, reinterpret_cast<const uint8_t*>(message.data()),
message.size(),
reinterpret_cast<uint8_t*>(const_cast<char*>(signature->data())),
&length, kSign_RSASSA_PSS);
M_TIME(
sts = OEMCrypto_GenerateRSASignature(
oec_session_id_,
reinterpret_cast<const uint8_t*>(message.data()),
message.size(),
reinterpret_cast<uint8_t*>(const_cast<char*>(signature->data())),
&length,
kSign_RSASSA_PSS),
metrics_,
oemcrypto_generate_rsa_signature_,
sts,
metrics::Pow2Bucket(length));
if (OEMCrypto_SUCCESS == sts) {
// Trim signature buffer and done
@@ -791,9 +945,19 @@ CdmResponseType CryptoSession::Decrypt(const CdmDecryptionParameters& params) {
if (!params.is_encrypted &&
params.subsample_flags ==
(OEMCrypto_FirstSubsample | OEMCrypto_LastSubsample)) {
sts = OEMCrypto_CopyBuffer(requested_security_level_,
params.encrypt_buffer, params.encrypt_length,
&buffer_descriptor, params.subsample_flags);
M_TIME(
sts = OEMCrypto_CopyBuffer(
requested_security_level_,
params.encrypt_buffer,
params.encrypt_length,
&buffer_descriptor,
params.subsample_flags),
metrics_,
oemcrypto_copy_buffer_,
sts,
requested_security_level_,
metrics::Pow2Bucket(params.encrypt_length));
if (sts == OEMCrypto_ERROR_BUFFER_TOO_LARGE &&
params.encrypt_length > kMaximumChunkSize) {
@@ -816,11 +980,22 @@ CdmResponseType CryptoSession::Decrypt(const CdmDecryptionParameters& params) {
CdmResponseType result = SelectKey(*params.key_id);
if (result != NO_ERROR) return result;
}
sts = OEMCrypto_DecryptCENC(
oec_session_id_, params.encrypt_buffer, params.encrypt_length,
params.is_encrypted, &(*params.iv).front(), params.block_offset,
&buffer_descriptor, &pattern_descriptor, params.subsample_flags);
M_TIME(
sts = OEMCrypto_DecryptCENC(
oec_session_id_,
params.encrypt_buffer,
params.encrypt_length,
params.is_encrypted,
&(*params.iv).front(),
params.block_offset,
&buffer_descriptor,
&pattern_descriptor,
params.subsample_flags),
metrics_,
oemcrypto_decrypt_cenc_,
sts,
metrics::Pow2Bucket(params.encrypt_length));
if (sts == OEMCrypto_ERROR_BUFFER_TOO_LARGE) {
// OEMCrypto_DecryptCENC rejected the buffer as too large, so chunk it up
@@ -876,7 +1051,12 @@ CdmResponseType CryptoSession::UpdateUsageInformation() {
AutoLock auto_lock(crypto_lock_);
if (!initialized_) return UNKNOWN_ERROR;
OEMCryptoResult status = OEMCrypto_UpdateUsageTable();
OEMCryptoResult status;
M_TIME(
status = OEMCrypto_UpdateUsageTable(),
metrics_,
oemcrypto_update_usage_table_,
status);
if (status != OEMCrypto_SUCCESS) {
LOGE("CryptoSession::UsageUsageInformation: error=%ld", status);
return UNKNOWN_ERROR;
@@ -893,9 +1073,15 @@ CdmResponseType CryptoSession::DeactivateUsageInformation(
const_cast<char*>(provider_session_token.data()));
// TODO(fredgc or rfrias): make sure oec_session_id_ is valid.
OEMCryptoResult status =
OEMCrypto_DeactivateUsageEntry((uint32_t)oec_session_id_,
pst, provider_session_token.length());
OEMCryptoResult status;
M_TIME(
status = OEMCrypto_DeactivateUsageEntry(
(uint32_t)oec_session_id_,
pst,
provider_session_token.length()),
metrics_,
oemcrypto_deactivate_usage_entry_,
status);
switch (status) {
case OEMCrypto_SUCCESS:
@@ -925,9 +1111,17 @@ CdmResponseType CryptoSession::GenerateUsageReport(
const_cast<char*>(provider_session_token.data()));
size_t usage_length = 0;
OEMCryptoResult status = OEMCrypto_ReportUsage(
oec_session_id_, pst, provider_session_token.length(), NULL,
&usage_length);
OEMCryptoResult status;
M_TIME(
status = OEMCrypto_ReportUsage(
oec_session_id_,
pst,
provider_session_token.length(),
NULL,
&usage_length),
metrics_,
oemcrypto_report_usage_,
status);
if (OEMCrypto_SUCCESS != status) {
if (OEMCrypto_ERROR_SHORT_BUFFER != status) {
@@ -938,9 +1132,17 @@ CdmResponseType CryptoSession::GenerateUsageReport(
}
std::vector<uint8_t> buffer(usage_length);
status = OEMCrypto_ReportUsage(oec_session_id_, pst,
provider_session_token.length(),
&buffer[0], &usage_length);
M_TIME(
status = OEMCrypto_ReportUsage(
oec_session_id_,
pst,
provider_session_token.length(),
&buffer[0],
&usage_length),
metrics_,
oemcrypto_report_usage_,
status);
if (OEMCrypto_SUCCESS != status) {
LOGE("CryptoSession::GenerateUsageReport: Report Usage error=%ld", status);
@@ -1008,16 +1210,30 @@ CdmResponseType CryptoSession::ReleaseUsageInformation(
const uint8_t* sig = reinterpret_cast<const uint8_t*>(signature.data());
const uint8_t* pst = msg + GetOffset(message, provider_session_token);
OEMCryptoResult status = OEMCrypto_DeleteUsageEntry(
oec_session_id_, pst, provider_session_token.length(), msg,
message.length(), sig, signature.length());
OEMCryptoResult status;
M_TIME(
status = OEMCrypto_DeleteUsageEntry(
oec_session_id_,
pst,
provider_session_token.length(),
msg,
message.length(),
sig,
signature.length()),
metrics_,
oemcrypto_delete_usage_entry_,
status);
if (OEMCrypto_SUCCESS != status) {
LOGE("CryptoSession::ReleaseUsageInformation: Report Usage error=%ld",
status);
return UNKNOWN_ERROR;
}
status = OEMCrypto_UpdateUsageTable();
M_TIME(
status = OEMCrypto_UpdateUsageTable(),
metrics_,
oemcrypto_update_usage_table_,
status);
if (status != OEMCrypto_SUCCESS) {
LOGW("CryptoSession::ReleaseUsageInformation: update table error=%ld",
status);
@@ -1030,15 +1246,24 @@ CdmResponseType CryptoSession::DeleteUsageInformation(
const std::string& provider_session_token) {
CdmResponseType response = NO_ERROR;
LOGV("CryptoSession::DeleteUsageInformation");
OEMCryptoResult status = OEMCrypto_ForceDeleteUsageEntry(
reinterpret_cast<const uint8_t*>(provider_session_token.c_str()),
provider_session_token.length());
OEMCryptoResult status;
M_TIME(
status = OEMCrypto_ForceDeleteUsageEntry(
reinterpret_cast<const uint8_t*>(provider_session_token.c_str()),
provider_session_token.length()),
metrics_,
oemcrypto_force_delete_usage_entry_,
status);
if (OEMCrypto_SUCCESS != status) {
LOGE("CryptoSession::DeleteUsageInformation: Delete Usage Table error =%ld",
status);
response = UNKNOWN_ERROR;
}
status = OEMCrypto_UpdateUsageTable();
M_TIME(
status = OEMCrypto_UpdateUsageTable(),
metrics_,
oemcrypto_update_usage_table_,
status);
if (status != OEMCrypto_SUCCESS) {
LOGE("CryptoSession::DeleteUsageInformation: update table error=%ld",
status);
@@ -1052,16 +1277,26 @@ CdmResponseType CryptoSession::DeleteMultipleUsageInformation(
LOGV("CryptoSession::DeleteMultipleUsageInformation");
CdmResponseType response = NO_ERROR;
for (size_t i=0; i < provider_session_tokens.size(); ++i) {
OEMCryptoResult status = OEMCrypto_ForceDeleteUsageEntry(
reinterpret_cast<const uint8_t*>(provider_session_tokens[i].c_str()),
provider_session_tokens[i].length());
OEMCryptoResult status;
M_TIME(
status = OEMCrypto_ForceDeleteUsageEntry(
reinterpret_cast<const uint8_t*>(provider_session_tokens[i].c_str()),
provider_session_tokens[i].length()),
metrics_,
oemcrypto_force_delete_usage_entry_,
status);
if (OEMCrypto_SUCCESS != status) {
LOGW("CryptoSession::DeleteMultipleUsageInformation: "
"Delete Usage Table error =%ld", status);
response = UNKNOWN_ERROR;
}
}
OEMCryptoResult status = OEMCrypto_UpdateUsageTable();
OEMCryptoResult status;
M_TIME(
status = OEMCrypto_UpdateUsageTable(),
metrics_,
oemcrypto_update_usage_table_,
status);
if (status != OEMCrypto_SUCCESS) {
LOGE("CryptoSession::DeleteMultipleUsageInformation: update table error=%ld",
status);
@@ -1072,14 +1307,22 @@ CdmResponseType CryptoSession::DeleteMultipleUsageInformation(
CdmResponseType CryptoSession::DeleteAllUsageReports() {
LOGV("DeleteAllUsageReports");
OEMCryptoResult status = OEMCrypto_DeleteOldUsageTable();
OEMCryptoResult status;
M_TIME(
status = OEMCrypto_DeleteOldUsageTable(),
metrics_,
oemcrypto_delete_usage_table_,
status);
if (OEMCrypto_SUCCESS != status) {
LOGE("CryptoSession::DeleteAllUsageReports: Delete Usage Table error =%ld",
status);
}
status = OEMCrypto_UpdateUsageTable();
M_TIME(
status = OEMCrypto_UpdateUsageTable(),
metrics_,
oemcrypto_update_usage_table_,
status);
if (status != OEMCrypto_SUCCESS) {
LOGE("CryptoSession::DeletaAllUsageReports: update table error=%ld",
status);
@@ -1089,7 +1332,14 @@ CdmResponseType CryptoSession::DeleteAllUsageReports() {
}
bool CryptoSession::IsAntiRollbackHwPresent() {
return OEMCrypto_IsAntiRollbackHwPresent(requested_security_level_);
bool is_present;
M_TIME(
is_present = OEMCrypto_IsAntiRollbackHwPresent(requested_security_level_),
metrics_,
oemcrypto_is_anti_rollback_hw_present_,
is_present,
requested_security_level_);
return is_present;
}
bool CryptoSession::GenerateNonce(uint32_t* nonce) {
@@ -1101,7 +1351,15 @@ bool CryptoSession::GenerateNonce(uint32_t* nonce) {
LOGV("CryptoSession::GenerateNonce: Lock");
AutoLock auto_lock(crypto_lock_);
return (OEMCrypto_SUCCESS == OEMCrypto_GenerateNonce(oec_session_id_, nonce));
OEMCryptoResult result;
M_TIME(
result = OEMCrypto_GenerateNonce(
oec_session_id_,
nonce),
metrics_,
oemcrypto_generate_nonce_,
result);
return OEMCrypto_SUCCESS == result;
}
bool CryptoSession::SetDestinationBufferType() {
@@ -1146,23 +1404,45 @@ bool CryptoSession::RewrapDeviceRSAKey(const std::string& message,
// Gets wrapped_rsa_key_length by passing NULL as uint8_t* wrapped_rsa_key
// and 0 as wrapped_rsa_key_length.
size_t wrapped_rsa_key_length = 0;
OEMCryptoResult status = OEMCrypto_RewrapDeviceRSAKey(
oec_session_id_, signed_msg, message.size(),
reinterpret_cast<const uint8_t*>(signature.data()), signature.size(),
msg_nonce, msg_rsa_key, enc_rsa_key.size(), msg_rsa_key_iv, NULL,
&wrapped_rsa_key_length);
OEMCryptoResult status;
M_TIME(
status = OEMCrypto_RewrapDeviceRSAKey(
oec_session_id_,
signed_msg,
message.size(),
reinterpret_cast<const uint8_t*>(signature.data()),
signature.size(),
msg_nonce,
msg_rsa_key,
enc_rsa_key.size(),
msg_rsa_key_iv,
NULL,
&wrapped_rsa_key_length),
metrics_,
oemcrypto_rewrap_device_rsa_key_,
status);
if (status != OEMCrypto_ERROR_SHORT_BUFFER) {
LOGE("OEMCrypto_RewrapDeviceRSAKey fails to get wrapped_rsa_key_length");
return false;
}
wrapped_rsa_key->resize(wrapped_rsa_key_length);
status = OEMCrypto_RewrapDeviceRSAKey(
oec_session_id_, signed_msg, message.size(),
reinterpret_cast<const uint8_t*>(signature.data()), signature.size(),
msg_nonce, msg_rsa_key, enc_rsa_key.size(), msg_rsa_key_iv,
reinterpret_cast<uint8_t*>(&(*wrapped_rsa_key)[0]),
&wrapped_rsa_key_length);
M_TIME(
status = OEMCrypto_RewrapDeviceRSAKey(
oec_session_id_,
signed_msg,
message.size(),
reinterpret_cast<const uint8_t*>(signature.data()),
signature.size(),
msg_nonce,
msg_rsa_key,
enc_rsa_key.size(),
msg_rsa_key_iv,
reinterpret_cast<uint8_t*>(&(*wrapped_rsa_key)[0]),
&wrapped_rsa_key_length),
metrics_,
oemcrypto_rewrap_device_rsa_key_,
status);
wrapped_rsa_key->resize(wrapped_rsa_key_length);
@@ -1182,8 +1462,16 @@ bool CryptoSession::GetHdcpCapabilities(HdcpCapability* current,
LOGE("CryptoSession::GetHdcpCapabilities: |current|, |max| cannot be NULL");
return false;
}
OEMCryptoResult status = OEMCrypto_GetHDCPCapability(
requested_security_level_, current, max);
OEMCryptoResult status;
M_TIME(
status = OEMCrypto_GetHDCPCapability(
requested_security_level_,
current,
max),
metrics_,
oemcrypto_get_hdcp_capability_,
status,
requested_security_level_);
if (OEMCrypto_SUCCESS != status) {
LOGW("OEMCrypto_GetHDCPCapability fails with %d", status);
return false;
@@ -1214,7 +1502,15 @@ bool CryptoSession::GetRandom(size_t data_length, uint8_t* random_data) {
LOGE("CryptoSession::GetRandom: random data destination not provided");
return false;
}
OEMCryptoResult sts = OEMCrypto_GetRandom(random_data, data_length);
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_GetRandom(
random_data,
data_length),
metrics_,
oemcrypto_get_random_,
sts,
metrics::Pow2Bucket(data_length));
if (sts != OEMCrypto_SUCCESS) {
LOGE("OEMCrypto_GetRandom fails with %d", sts);
@@ -1233,8 +1529,15 @@ bool CryptoSession::GetNumberOfOpenSessions(size_t* count) {
}
size_t sessions_count;
OEMCryptoResult status = OEMCrypto_GetNumberOfOpenSessions(
requested_security_level_, &sessions_count);
OEMCryptoResult status;
M_TIME(
status = OEMCrypto_GetNumberOfOpenSessions(
requested_security_level_,
&sessions_count),
metrics_,
oemcrypto_get_number_of_open_sessions_,
status,
requested_security_level_);
if (OEMCrypto_SUCCESS != status) {
LOGW("OEMCrypto_GetNumberOfOpenSessions fails with %d", status);
return false;
@@ -1252,8 +1555,16 @@ bool CryptoSession::GetMaxNumberOfSessions(size_t* max) {
}
size_t max_sessions;
OEMCryptoResult status = OEMCrypto_GetMaxNumberOfSessions(
requested_security_level_, &max_sessions);
OEMCryptoResult status;
M_TIME(
status = OEMCrypto_GetMaxNumberOfSessions(
requested_security_level_,
&max_sessions),
metrics_,
oemcrypto_get_max_number_of_sessions_,
status,
requested_security_level_);
if (OEMCrypto_SUCCESS != status) {
LOGW("OEMCrypto_GetMaxNumberOfSessions fails with %d", status);
return false;
@@ -1323,11 +1634,20 @@ CdmResponseType CryptoSession::GenericEncrypt(const std::string& in_buffer,
CdmResponseType result = SelectKey(key_id);
if (result != NO_ERROR) return result;
OEMCryptoResult sts = OEMCrypto_Generic_Encrypt(
oec_session_id_, reinterpret_cast<const uint8_t*>(in_buffer.data()),
in_buffer.size(), reinterpret_cast<const uint8_t*>(iv.data()),
oec_algorithm,
reinterpret_cast<uint8_t*>(const_cast<char*>(out_buffer->data())));
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_Generic_Encrypt(
oec_session_id_,
reinterpret_cast<const uint8_t*>(in_buffer.data()),
in_buffer.size(),
reinterpret_cast<const uint8_t*>(iv.data()),
oec_algorithm,
reinterpret_cast<uint8_t*>(const_cast<char*>(out_buffer->data()))),
metrics_,
oemcrypto_generic_encrypt_,
sts,
metrics::Pow2Bucket(in_buffer.size()));
if (OEMCrypto_SUCCESS != sts) {
LOGE("GenericEncrypt: OEMCrypto_Generic_Encrypt err=%d", sts);
@@ -1363,11 +1683,20 @@ CdmResponseType CryptoSession::GenericDecrypt(const std::string& in_buffer,
CdmResponseType result = SelectKey(key_id);
if (result != NO_ERROR) return result;
OEMCryptoResult sts = OEMCrypto_Generic_Decrypt(
oec_session_id_, reinterpret_cast<const uint8_t*>(in_buffer.data()),
in_buffer.size(), reinterpret_cast<const uint8_t*>(iv.data()),
oec_algorithm,
reinterpret_cast<uint8_t*>(const_cast<char*>(out_buffer->data())));
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_Generic_Decrypt(
oec_session_id_,
reinterpret_cast<const uint8_t*>(in_buffer.data()),
in_buffer.size(),
reinterpret_cast<const uint8_t*>(iv.data()),
oec_algorithm,
reinterpret_cast<uint8_t*>(const_cast<char*>(out_buffer->data()))),
metrics_,
oemcrypto_generic_decrypt_,
sts,
metrics::Pow2Bucket(in_buffer.size()));
if (OEMCrypto_SUCCESS != sts) {
LOGE("GenericDecrypt: OEMCrypto_Generic_Decrypt err=%d", sts);
@@ -1406,11 +1735,18 @@ CdmResponseType CryptoSession::GenericSign(const std::string& message,
// At most two attempts.
// The first attempt may fail due to buffer too short
for (int i = 0; i < 2; ++i) {
sts = OEMCrypto_Generic_Sign(
oec_session_id_, reinterpret_cast<const uint8_t*>(message.data()),
message.size(), oec_algorithm,
reinterpret_cast<uint8_t*>(const_cast<char*>(signature->data())),
&length);
M_TIME(
sts = OEMCrypto_Generic_Sign(
oec_session_id_,
reinterpret_cast<const uint8_t*>(message.data()),
message.size(),
oec_algorithm,
reinterpret_cast<uint8_t*>(const_cast<char*>(signature->data())),
&length),
metrics_,
oemcrypto_generic_sign_,
sts,
metrics::Pow2Bucket(message.size()));
if (OEMCrypto_SUCCESS == sts) {
// Trim signature buffer and done
@@ -1449,10 +1785,19 @@ CdmResponseType CryptoSession::GenericVerify(const std::string& message,
CdmResponseType result = SelectKey(key_id);
if (result != NO_ERROR) return result;
OEMCryptoResult sts = OEMCrypto_Generic_Verify(
oec_session_id_, reinterpret_cast<const uint8_t*>(message.data()),
message.size(), oec_algorithm,
reinterpret_cast<const uint8_t*>(signature.data()), signature.size());
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_Generic_Verify(
oec_session_id_,
reinterpret_cast<const uint8_t*>(message.data()),
message.size(),
oec_algorithm,
reinterpret_cast<const uint8_t*>(signature.data()),
signature.size()),
metrics_,
oemcrypto_generic_verify_,
sts,
metrics::Pow2Bucket(signature.size()));
if (OEMCrypto_SUCCESS != sts) {
LOGE("GenericVerify: OEMCrypto_Generic_Verify err=%d", sts);
@@ -1772,9 +2117,20 @@ OEMCryptoResult CryptoSession::CopyBufferInChunks(
subsample_flags |= OEMCrypto_LastSubsample;
}
OEMCryptoResult sts = OEMCrypto_CopyBuffer(
requested_security_level_, params.encrypt_buffer + additional_offset,
chunk_size, &buffer_descriptor, subsample_flags);
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_CopyBuffer(
requested_security_level_,
params.encrypt_buffer + additional_offset,
chunk_size,
&buffer_descriptor,
subsample_flags),
metrics_,
oemcrypto_copy_buffer_,
sts,
requested_security_level_,
metrics::Pow2Bucket(chunk_size));
if (sts != OEMCrypto_SUCCESS) {
return sts;
}
@@ -1841,10 +2197,23 @@ OEMCryptoResult CryptoSession::DecryptInChunks(
// max_chunk_size is guaranteed to be an even multiple of the
// pattern length long, which is also guaranteed to be an exact number
// of AES blocks long.
OEMCryptoResult sts = OEMCrypto_DecryptCENC(
oec_session_id_, params.encrypt_buffer + additional_offset,
chunk_size, params.is_encrypted, &iv.front(), params.block_offset,
&buffer_descriptor, &pattern_descriptor, subsample_flags);
OEMCryptoResult sts;
M_TIME(
sts = OEMCrypto_DecryptCENC(
oec_session_id_,
params.encrypt_buffer + additional_offset,
chunk_size,
params.is_encrypted,
&iv.front(),
params.block_offset,
&buffer_descriptor,
&pattern_descriptor,
subsample_flags),
metrics_,
oemcrypto_decrypt_cenc_,
sts,
metrics::Pow2Bucket(chunk_size));
if (sts != OEMCrypto_SUCCESS) {
return sts;
}