1 /*
2  * Copyright (C) 2018 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 //#define LOG_NDEBUG 0
18 #define LOG_TAG "hidl_ClearKeyCryptoPlugin"
19 #include <utils/Log.h>
20 
21 #include "CryptoPlugin.h"
22 #include "SessionLibrary.h"
23 #include "TypeConvert.h"
24 
25 #include <hidlmemory/mapping.h>
26 
27 namespace android {
28 namespace hardware {
29 namespace drm {
30 namespace V1_2 {
31 namespace clearkey {
32 
33 using ::android::hardware::drm::V1_0::BufferType;
34 
setSharedBufferBase(const hidl_memory & base,uint32_t bufferId)35 Return<void> CryptoPlugin::setSharedBufferBase(
36         const hidl_memory& base, uint32_t bufferId) {
37     sp<IMemory> hidlMemory = mapMemory(base);
38     ALOGE_IF(hidlMemory == nullptr, "mapMemory returns nullptr");
39 
40     // allow mapMemory to return nullptr
41     mSharedBufferMap[bufferId] = hidlMemory;
42     return Void();
43 }
44 
decrypt(bool secure,const hidl_array<uint8_t,16> & keyId,const hidl_array<uint8_t,16> & iv,Mode mode,const Pattern & pattern,const hidl_vec<SubSample> & subSamples,const SharedBuffer & source,uint64_t offset,const DestinationBuffer & destination,decrypt_cb _hidl_cb)45 Return<void> CryptoPlugin::decrypt(
46     bool secure,
47     const hidl_array<uint8_t, 16>& keyId,
48     const hidl_array<uint8_t, 16>& iv,
49     Mode mode,
50     const Pattern& pattern,
51     const hidl_vec<SubSample>& subSamples,
52     const SharedBuffer& source,
53     uint64_t offset,
54     const DestinationBuffer& destination,
55     decrypt_cb _hidl_cb) {
56 
57   Status status = Status::ERROR_DRM_UNKNOWN;
58   hidl_string detailedError;
59   uint32_t bytesWritten = 0;
60 
61   Return<void> hResult = decrypt_1_2(
62       secure, keyId, iv, mode, pattern, subSamples, source, offset, destination,
63       [&](Status_V1_2 hStatus, uint32_t hBytesWritten, hidl_string hDetailedError) {
64         status = toStatus_1_0(hStatus);
65         bytesWritten = hBytesWritten;
66         detailedError = hDetailedError;
67       }
68     );
69 
70   status = hResult.isOk() ? status : Status::ERROR_DRM_CANNOT_HANDLE;
71   _hidl_cb(status, bytesWritten, detailedError);
72   return Void();
73 }
74 
75 // Returns negative values for error code and positive values for the size of
76 // decrypted data.  In theory, the output size can be larger than the input
77 // size, but in practice this will never happen for AES-CTR.
decrypt_1_2(bool secure,const hidl_array<uint8_t,KEY_ID_SIZE> & keyId,const hidl_array<uint8_t,KEY_IV_SIZE> & iv,Mode mode,const Pattern & pattern,const hidl_vec<SubSample> & subSamples,const SharedBuffer & source,uint64_t offset,const DestinationBuffer & destination,decrypt_1_2_cb _hidl_cb)78 Return<void> CryptoPlugin::decrypt_1_2(
79         bool secure,
80         const hidl_array<uint8_t, KEY_ID_SIZE>& keyId,
81         const hidl_array<uint8_t, KEY_IV_SIZE>& iv,
82         Mode mode,
83         const Pattern& pattern,
84         const hidl_vec<SubSample>& subSamples,
85         const SharedBuffer& source,
86         uint64_t offset,
87         const DestinationBuffer& destination,
88         decrypt_1_2_cb _hidl_cb) {
89     UNUSED(pattern);
90 
91     if (secure) {
92         _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0,
93             "Secure decryption is not supported with ClearKey.");
94         return Void();
95     }
96 
97     if (mSharedBufferMap.find(source.bufferId) == mSharedBufferMap.end()) {
98       _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0,
99                "source decrypt buffer base not set");
100       return Void();
101     }
102 
103     if (destination.type == BufferType::SHARED_MEMORY) {
104       const SharedBuffer& dest = destination.nonsecureMemory;
105       if (mSharedBufferMap.find(dest.bufferId) == mSharedBufferMap.end()) {
106         _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0,
107                  "destination decrypt buffer base not set");
108         return Void();
109       }
110     } else {
111         _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0,
112                  "destination type not supported");
113         return Void();
114     }
115 
116     sp<IMemory> sourceBase = mSharedBufferMap[source.bufferId];
117     if (sourceBase == nullptr) {
118         _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0, "source is a nullptr");
119         return Void();
120     }
121 
122     if (source.offset + offset + source.size > sourceBase->getSize()) {
123         _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size");
124         return Void();
125     }
126 
127     uint8_t *base = static_cast<uint8_t *>
128             (static_cast<void *>(sourceBase->getPointer()));
129     uint8_t* srcPtr = static_cast<uint8_t *>(base + source.offset + offset);
130     void* destPtr = NULL;
131     // destination.type == BufferType::SHARED_MEMORY
132     const SharedBuffer& destBuffer = destination.nonsecureMemory;
133     sp<IMemory> destBase = mSharedBufferMap[destBuffer.bufferId];
134     if (destBase == nullptr) {
135         _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0, "destination is a nullptr");
136         return Void();
137     }
138 
139     if (destBuffer.offset + destBuffer.size > destBase->getSize()) {
140         _hidl_cb(Status_V1_2::ERROR_DRM_FRAME_TOO_LARGE, 0, "invalid buffer size");
141         return Void();
142     }
143     destPtr = static_cast<void *>(base + destination.nonsecureMemory.offset);
144 
145 
146     // Calculate the output buffer size and determine if any subsamples are
147     // encrypted.
148     size_t destSize = 0;
149     bool haveEncryptedSubsamples = false;
150     for (size_t i = 0; i < subSamples.size(); i++) {
151         const SubSample &subSample = subSamples[i];
152         if (__builtin_add_overflow(destSize, subSample.numBytesOfClearData, &destSize)) {
153             _hidl_cb(Status_V1_2::ERROR_DRM_FRAME_TOO_LARGE, 0, "subsample clear size overflow");
154             return Void();
155         }
156         if (__builtin_add_overflow(destSize, subSample.numBytesOfEncryptedData, &destSize)) {
157             _hidl_cb(Status_V1_2::ERROR_DRM_FRAME_TOO_LARGE, 0, "subsample encrypted size overflow");
158             return Void();
159         }
160         if (subSample.numBytesOfEncryptedData > 0) {
161         haveEncryptedSubsamples = true;
162         }
163     }
164 
165     if (destSize > destBuffer.size) {
166         _hidl_cb(Status_V1_2::ERROR_DRM_FRAME_TOO_LARGE, 0, "subsample sum too large");
167         return Void();
168     }
169 
170     if (mode == Mode::UNENCRYPTED) {
171         if (haveEncryptedSubsamples) {
172             _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0,
173                     "Encrypted subsamples found in allegedly unencrypted data.");
174             return Void();
175         }
176 
177         size_t offset = 0;
178         for (size_t i = 0; i < subSamples.size(); ++i) {
179             const SubSample& subSample = subSamples[i];
180             if (subSample.numBytesOfClearData != 0) {
181                 memcpy(reinterpret_cast<uint8_t*>(destPtr) + offset,
182                        reinterpret_cast<const uint8_t*>(srcPtr) + offset,
183                        subSample.numBytesOfClearData);
184                 offset += subSample.numBytesOfClearData;
185             }
186         }
187 
188         _hidl_cb(Status_V1_2::OK, static_cast<ssize_t>(offset), "");
189         return Void();
190     } else if (mode == Mode::AES_CTR) {
191         size_t bytesDecrypted;
192         Status_V1_2 res = mSession->decrypt(keyId.data(), iv.data(), srcPtr,
193                 static_cast<uint8_t*>(destPtr), toVector(subSamples), &bytesDecrypted);
194         if (res == Status_V1_2::OK) {
195             _hidl_cb(Status_V1_2::OK, static_cast<ssize_t>(bytesDecrypted), "");
196             return Void();
197         } else {
198             _hidl_cb(res, 0, "Decryption Error");
199             return Void();
200         }
201     } else {
202         _hidl_cb(Status_V1_2::ERROR_DRM_CANNOT_HANDLE, 0,
203                 "Selected encryption mode is not supported by the ClearKey DRM Plugin.");
204         return Void();
205     }
206 }
207 
setMediaDrmSession(const hidl_vec<uint8_t> & sessionId)208 Return<Status> CryptoPlugin::setMediaDrmSession(
209         const hidl_vec<uint8_t>& sessionId) {
210     if (!sessionId.size()) {
211         mSession = nullptr;
212     } else {
213         mSession = SessionLibrary::get()->findSession(sessionId);
214         if (!mSession.get()) {
215             return Status::ERROR_DRM_SESSION_NOT_OPENED;
216         }
217     }
218     return Status::OK;
219 }
220 
221 } // namespace clearkey
222 } // namespace V1_2
223 } // namespace drm
224 } // namespace hardware
225 } // namespace android
226