| /* |
| * Copyright (C) 2021 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| #define LOG_TAG "clearkey-CryptoPlugin" |
| |
| #include <utils/Log.h> |
| #include <cerrno> |
| #include <cstring> |
| |
| #include "CryptoPlugin.h" |
| #include "SessionLibrary.h" |
| #include "AidlUtils.h" |
| |
| namespace aidl { |
| namespace android { |
| namespace hardware { |
| namespace drm { |
| namespace clearkey { |
| |
| using ::aidl::android::hardware::drm::Status; |
| |
| ::ndk::ScopedAStatus CryptoPlugin::decrypt(const DecryptArgs& in_args, int32_t* _aidl_return) { |
| const char* detailedError = ""; |
| |
| *_aidl_return = 0; |
| if (in_args.secure) { |
| detailedError = "secure decryption is not supported with ClearKey"; |
| return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); |
| } |
| |
| std::lock_guard<std::mutex> shared_buffer_lock(mSharedBufferLock); |
| if (mSharedBufferMap.find(in_args.source.bufferId) == mSharedBufferMap.end()) { |
| detailedError = "source decrypt buffer base not set"; |
| return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); |
| } |
| |
| const auto NON_SECURE = DestinationBuffer::Tag::nonsecureMemory; |
| if (in_args.destination.getTag() != NON_SECURE) { |
| detailedError = "destination type not supported"; |
| return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); |
| } |
| |
| const SharedBuffer& destBuffer = in_args.destination.get<NON_SECURE>(); |
| if (mSharedBufferMap.find(destBuffer.bufferId) == mSharedBufferMap.end()) { |
| detailedError = "destination decrypt buffer base not set"; |
| return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); |
| } |
| |
| auto src = mSharedBufferMap[in_args.source.bufferId]; |
| if (src->mBase == nullptr) { |
| detailedError = "source is a nullptr"; |
| return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); |
| } |
| |
| size_t totalSize = 0; |
| if (__builtin_add_overflow(in_args.source.offset, in_args.offset, &totalSize) || |
| __builtin_add_overflow(totalSize, in_args.source.size, &totalSize) || |
| totalSize > src->mSize) { |
| android_errorWriteLog(0x534e4554, "176496160"); |
| detailedError = "invalid buffer size"; |
| return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); |
| } |
| |
| // destination type must be non-secure shared memory |
| auto dest = mSharedBufferMap[destBuffer.bufferId]; |
| if (dest->mBase == nullptr) { |
| detailedError = "destination is a nullptr"; |
| return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); |
| } |
| |
| totalSize = 0; |
| if (__builtin_add_overflow(destBuffer.offset, destBuffer.size, &totalSize) || |
| totalSize > dest->mSize) { |
| android_errorWriteLog(0x534e4554, "176444622"); |
| detailedError = "invalid buffer size"; |
| return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE, detailedError); |
| } |
| |
| // Calculate the output buffer size and determine if any subsamples are |
| // encrypted. |
| uint8_t* srcPtr = src->mBase + in_args.source.offset + in_args.offset; |
| uint8_t* destPtr = dest->mBase + destBuffer.offset; |
| size_t destSize = 0; |
| size_t srcSize = 0; |
| bool haveEncryptedSubsamples = false; |
| for (size_t i = 0; i < in_args.subSamples.size(); i++) { |
| const SubSample& subSample = in_args.subSamples[i]; |
| if (__builtin_add_overflow(destSize, subSample.numBytesOfClearData, &destSize) || |
| __builtin_add_overflow(srcSize, subSample.numBytesOfClearData, &srcSize)) { |
| detailedError = "subsample clear size overflow"; |
| return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE, detailedError); |
| } |
| if (__builtin_add_overflow(destSize, subSample.numBytesOfEncryptedData, &destSize) || |
| __builtin_add_overflow(srcSize, subSample.numBytesOfEncryptedData, &srcSize)) { |
| detailedError = "subsample encrypted size overflow"; |
| return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE, detailedError); |
| } |
| if (subSample.numBytesOfEncryptedData > 0) { |
| haveEncryptedSubsamples = true; |
| } |
| } |
| |
| if (destSize > destBuffer.size || srcSize > in_args.source.size) { |
| detailedError = "subsample sum too large"; |
| return toNdkScopedAStatus(Status::ERROR_DRM_FRAME_TOO_LARGE, detailedError); |
| } |
| |
| if (in_args.mode == Mode::UNENCRYPTED) { |
| if (haveEncryptedSubsamples) { |
| detailedError = "Encrypted subsamples found in allegedly unencrypted data."; |
| return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); |
| } |
| |
| size_t offset = 0; |
| for (size_t i = 0; i < in_args.subSamples.size(); ++i) { |
| const SubSample& subSample = in_args.subSamples[i]; |
| if (subSample.numBytesOfClearData != 0) { |
| memcpy(reinterpret_cast<uint8_t*>(destPtr) + offset, |
| reinterpret_cast<const uint8_t*>(srcPtr) + offset, |
| subSample.numBytesOfClearData); |
| offset += subSample.numBytesOfClearData; |
| } |
| } |
| |
| *_aidl_return = static_cast<ssize_t>(offset); |
| return toNdkScopedAStatus(Status::OK); |
| } else if (in_args.mode == Mode::AES_CTR) { |
| size_t bytesDecrypted{}; |
| std::vector<int32_t> clearDataLengths; |
| std::vector<int32_t> encryptedDataLengths; |
| for (auto ss : in_args.subSamples) { |
| clearDataLengths.push_back(ss.numBytesOfClearData); |
| encryptedDataLengths.push_back(ss.numBytesOfEncryptedData); |
| } |
| if (in_args.keyId.size() != kBlockSize || in_args.iv.size() != kBlockSize) { |
| android_errorWriteLog(0x534e4554, "244569759"); |
| detailedError = "invalid decrypt parameter size"; |
| return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); |
| } |
| auto res = |
| mSession->decrypt(in_args.keyId.data(), in_args.iv.data(), |
| srcPtr, static_cast<uint8_t*>(destPtr), |
| clearDataLengths, encryptedDataLengths, |
| &bytesDecrypted); |
| if (res == clearkeydrm::OK) { |
| *_aidl_return = static_cast<ssize_t>(bytesDecrypted); |
| return toNdkScopedAStatus(Status::OK); |
| } else { |
| *_aidl_return = 0; |
| detailedError = "Decryption Error"; |
| return toNdkScopedAStatus(static_cast<Status>(res), detailedError); |
| } |
| } else { |
| *_aidl_return = 0; |
| detailedError = "selected encryption mode is not supported by the ClearKey DRM Plugin"; |
| return toNdkScopedAStatus(Status::ERROR_DRM_CANNOT_HANDLE, detailedError); |
| } |
| } |
| |
| ::ndk::ScopedAStatus CryptoPlugin::getLogMessages( |
| std::vector<::aidl::android::hardware::drm::LogMessage>* _aidl_return) { |
| using std::chrono::duration_cast; |
| using std::chrono::milliseconds; |
| using std::chrono::system_clock; |
| |
| auto timeMillis = duration_cast<milliseconds>(system_clock::now().time_since_epoch()).count(); |
| |
| std::vector<::aidl::android::hardware::drm::LogMessage> logs = { |
| {timeMillis, ::aidl::android::hardware::drm::LogPriority::ERROR, |
| std::string("Not implemented")}}; |
| *_aidl_return = logs; |
| return toNdkScopedAStatus(Status::OK); |
| } |
| |
| ::ndk::ScopedAStatus CryptoPlugin::notifyResolution(int32_t in_width, int32_t in_height) { |
| UNUSED(in_width); |
| UNUSED(in_height); |
| return ::ndk::ScopedAStatus::ok(); |
| } |
| |
| ::ndk::ScopedAStatus CryptoPlugin::requiresSecureDecoderComponent(const std::string& in_mime, |
| bool* _aidl_return) { |
| UNUSED(in_mime); |
| *_aidl_return = false; |
| return ::ndk::ScopedAStatus::ok(); |
| } |
| |
| ::ndk::ScopedAStatus CryptoPlugin::setMediaDrmSession(const std::vector<uint8_t>& in_sessionId) { |
| Status status = Status::OK; |
| if (!in_sessionId.size()) { |
| mSession = nullptr; |
| } else { |
| mSession = SessionLibrary::get()->findSession(in_sessionId); |
| if (!mSession.get()) { |
| status = Status::ERROR_DRM_SESSION_NOT_OPENED; |
| } |
| } |
| return toNdkScopedAStatus(status); |
| } |
| |
| ::ndk::ScopedAStatus CryptoPlugin::setSharedBufferBase(const SharedBuffer& in_base) { |
| std::lock_guard<std::mutex> shared_buffer_lock(mSharedBufferLock); |
| mSharedBufferMap[in_base.bufferId] = std::make_shared<SharedBufferBase>(in_base); |
| return ::ndk::ScopedAStatus::ok(); |
| } |
| |
| SharedBufferBase::SharedBufferBase(const SharedBuffer& mem) |
| : mBase(nullptr), |
| mSize(mem.size) { |
| if (mem.handle.fds.empty()) { |
| return; |
| } |
| auto fd = mem.handle.fds[0].get(); |
| auto addr = mmap(nullptr, mem.size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); |
| if (addr == MAP_FAILED) { |
| ALOGE("mmap err: fd %d; errno %s", fd, strerror(errno)); |
| } else { |
| mBase = static_cast<uint8_t*>(addr); |
| } |
| } |
| |
| SharedBufferBase::~SharedBufferBase() { |
| if (mBase && munmap(mBase, mSize)) { |
| ALOGE("munmap err: base %p; errno %s", |
| mBase, strerror(errno)); |
| } |
| } |
| } // namespace clearkey |
| } // namespace drm |
| } // namespace hardware |
| } // namespace android |
| } // namespace aidl |