1 /*
2  * Copyright (C) 2018 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 //#define LOG_NDEBUG 0
18 #define LOG_TAG "hidl_ClearKeyCryptoPlugin"
19 #include <utils/Log.h>
20 
21 #include "CryptoPlugin.h"
22 #include "SessionLibrary.h"
23 #include "TypeConvert.h"
24 
25 #include <hidlmemory/mapping.h>
26 
27 namespace android {
28 namespace hardware {
29 namespace drm {
30 namespace V1_2 {
31 namespace clearkey {
32 
33 using ::android::hardware::drm::V1_0::BufferType;
34 
setSharedBufferBase(const hidl_memory & base,uint32_t bufferId)35 Return<void> CryptoPlugin::setSharedBufferBase(
36         const hidl_memory& base, uint32_t bufferId) {
37     sp<IMemory> hidlMemory = mapMemory(base);
38     ALOGE_IF(hidlMemory == nullptr, "mapMemory returns nullptr");
39 
40     // allow mapMemory to return nullptr
41     mSharedBufferMap[bufferId] = hidlMemory;
42     return Void();
43 }
44 
decrypt(bool secure,const hidl_array<uint8_t,16> & keyId,const hidl_array<uint8_t,16> & iv,Mode mode,const Pattern & pattern,const hidl_vec<SubSample> & subSamples,const SharedBuffer & source,uint64_t offset,const DestinationBuffer & destination,decrypt_cb _hidl_cb)45 Return<void> CryptoPlugin::decrypt(
46     bool secure,
47     const hidl_array<uint8_t, 16>& keyId,
48     const hidl_array<uint8_t, 16>& iv,
49     Mode mode,
50     const Pattern& pattern,
51     const hidl_vec<SubSample>& subSamples,
52     const SharedBuffer& source,
53     uint64_t offset,
54     const DestinationBuffer& destination,
55     decrypt_cb _hidl_cb) {
56 
57   Status status = Status::ERROR_DRM_UNKNOWN;
58   hidl_string detailedError;
59   uint32_t bytesWritten = 0;
60 
61   Return<void> hResult = decrypt_1_2(
62       secure, keyId, iv, mode, pattern, subSamples, source, offset, destination,
63       [&](Status_V1_2 hStatus, uint32_t hBytesWritten, hidl_string hDetailedError) {
64         status = toStatus_1_0(hStatus);
65         bytesWritten = hBytesWritten;
66         detailedError = hDetailedError;
67       }
68     );
69 
70   status = hResult.isOk() ? status : Status::ERROR_DRM_CANNOT_HANDLE;
71   _hidl_cb(status, bytesWritten, detailedError);
72   return Void();
73 }
74 
75 // Returns negative values for error code and positive values for the size of
76 // decrypted data.  In theory, the output size can be larger than the input
77 // size, but in practice this will never happen for AES-CTR.
decrypt_1_2(bool secure,const hidl_array<uint8_t,KEY_ID_SIZE> & keyId,const hidl_array<uint8_t,KEY_IV_SIZE> & iv,Mode mode,const Pattern & pattern,const hidl_vec<SubSample> & subSamples,const SharedBuffer & source,uint64_t offset,const DestinationBuffer & destination,decrypt_1_2_cb _hidl_cb)78 Return<void> CryptoPlugin::decrypt_1_2(
79         bool secure,
80         const hidl_array<uint8_t, KEY_ID_SIZE>& keyId,
81         const hidl_array<uint8_t, KEY_IV_SIZE>& iv,
82         Mode mode,
83         const Pattern& pattern,
84         const hidl_vec<SubSample>& subSamples,
85         const SharedBuffer& source,
86         uint64_t offset,
87         const DestinationBuffer& destination,
88         decrypt_1_2_cb _hidl_cb) {
89     UNUSED(pattern);
90 
91     if (secure) {
92         _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0,
93             "Secure decryption is not supported with ClearKey.");
94         return Void();
95     }
96 
97     if (mSharedBufferMap.find(source.bufferId) == mSharedBufferMap.end()) {
98       _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0,
99                "source decrypt buffer base not set");
100       return Void();
101     }
102 
103     if (destination.type == BufferType::SHARED_MEMORY) {
104       const SharedBuffer& dest = destination.nonsecureMemory;
105       if (mSharedBufferMap.find(dest.bufferId) == mSharedBufferMap.end()) {
106         _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0,
107                  "destination decrypt buffer base not set");
108         return Void();
109       }
110     } else {
111         _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0,
112                  "destination type not supported");
113         return Void();
114     }
115 
116     sp<IMemory> sourceBase = mSharedBufferMap[source.bufferId];
117     if (sourceBase == nullptr) {
118         _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0, "source is a nullptr");
119         return Void();
120     }
121 
122     if (source.offset + offset + source.size > sourceBase->getSize()) {
123         _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size");
124         return Void();
125     }
126 
127     uint8_t *base = static_cast<uint8_t *>
128             (static_cast<void *>(sourceBase->getPointer()));
129     uint8_t* srcPtr = static_cast<uint8_t *>(base + source.offset + offset);
130     void* destPtr = NULL;
131     // destination.type == BufferType::SHARED_MEMORY
132     const SharedBuffer& destBuffer = destination.nonsecureMemory;
133     sp<IMemory> destBase = mSharedBufferMap[destBuffer.bufferId];
134     if (destBase == nullptr) {
135         _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0, "destination is a nullptr");
136         return Void();
137     }
138 
139     base = static_cast<uint8_t *>(static_cast<void *>(destBase->getPointer()));
140 
141     if (destBuffer.offset + destBuffer.size > destBase->getSize()) {
142         _hidl_cb(Status_V1_2::ERROR_DRM_FRAME_TOO_LARGE, 0, "invalid buffer size");
143         return Void();
144     }
145     destPtr = static_cast<void *>(base + destination.nonsecureMemory.offset);
146 
147 
148     // Calculate the output buffer size and determine if any subsamples are
149     // encrypted.
150     size_t destSize = 0;
151     size_t srcSize = 0;
152     bool haveEncryptedSubsamples = false;
153     for (size_t i = 0; i < subSamples.size(); i++) {
154         const SubSample &subSample = subSamples[i];
155         if (__builtin_add_overflow(destSize, subSample.numBytesOfClearData, &destSize) ||
156             __builtin_add_overflow(srcSize, subSample.numBytesOfClearData, &srcSize)) {
157             _hidl_cb(Status_V1_2::ERROR_DRM_FRAME_TOO_LARGE, 0, "subsample clear size overflow");
158             return Void();
159         }
160         if (__builtin_add_overflow(destSize, subSample.numBytesOfEncryptedData, &destSize) ||
161             __builtin_add_overflow(srcSize, subSample.numBytesOfEncryptedData, &srcSize)) {
162             _hidl_cb(Status_V1_2::ERROR_DRM_FRAME_TOO_LARGE, 0, "subsample encrypted size overflow");
163             return Void();
164         }
165         if (subSample.numBytesOfEncryptedData > 0) {
166         haveEncryptedSubsamples = true;
167         }
168     }
169 
170     if (destSize > destBuffer.size || srcSize > source.size) {
171         _hidl_cb(Status_V1_2::ERROR_DRM_FRAME_TOO_LARGE, 0, "subsample sum too large");
172         return Void();
173     }
174 
175     if (mode == Mode::UNENCRYPTED) {
176         if (haveEncryptedSubsamples) {
177             _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0,
178                     "Encrypted subsamples found in allegedly unencrypted data.");
179             return Void();
180         }
181 
182         size_t offset = 0;
183         for (size_t i = 0; i < subSamples.size(); ++i) {
184             const SubSample& subSample = subSamples[i];
185             if (subSample.numBytesOfClearData != 0) {
186                 memcpy(reinterpret_cast<uint8_t*>(destPtr) + offset,
187                        reinterpret_cast<const uint8_t*>(srcPtr) + offset,
188                        subSample.numBytesOfClearData);
189                 offset += subSample.numBytesOfClearData;
190             }
191         }
192 
193         _hidl_cb(Status_V1_2::OK, static_cast<ssize_t>(offset), "");
194         return Void();
195     } else if (mode == Mode::AES_CTR) {
196         size_t bytesDecrypted;
197         Status_V1_2 res = mSession->decrypt(keyId.data(), iv.data(), srcPtr,
198                 static_cast<uint8_t*>(destPtr), toVector(subSamples), &bytesDecrypted);
199         if (res == Status_V1_2::OK) {
200             _hidl_cb(Status_V1_2::OK, static_cast<ssize_t>(bytesDecrypted), "");
201             return Void();
202         } else {
203             _hidl_cb(res, 0, "Decryption Error");
204             return Void();
205         }
206     } else {
207         _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0,
208                 "Selected encryption mode is not supported by the ClearKey DRM Plugin.");
209         return Void();
210     }
211 }
212 
setMediaDrmSession(const hidl_vec<uint8_t> & sessionId)213 Return<Status> CryptoPlugin::setMediaDrmSession(
214         const hidl_vec<uint8_t>& sessionId) {
215     if (!sessionId.size()) {
216         mSession = nullptr;
217     } else {
218         mSession = SessionLibrary::get()->findSession(sessionId);
219         if (!mSession.get()) {
220             return Status::ERROR_DRM_SESSION_NOT_OPENED;
221         }
222     }
223     return Status::OK;
224 }
225 
226 } // namespace clearkey
227 } // namespace V1_2
228 } // namespace drm
229 } // namespace hardware
230 } // namespace android
231