1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #define LOG_TAG "[email protected]"
17 
18 #include "CryptoPlugin.h"
19 #include "TypeConvert.h"
20 
21 #include <android/hidl/memory/1.0/IMemory.h>
22 #include <hidlmemory/mapping.h>
23 #include <log/log.h>
24 #include <media/stagefright/foundation/AString.h>
25 
26 using android::hardware::hidl_memory;
27 using android::hidl::memory::V1_0::IMemory;
28 
29 namespace android {
30 namespace hardware {
31 namespace drm {
32 namespace V1_0 {
33 namespace implementation {
34 
35     // Methods from ::android::hardware::drm::V1_0::ICryptoPlugin follow
requiresSecureDecoderComponent(const hidl_string & mime)36     Return<bool> CryptoPlugin::requiresSecureDecoderComponent(
37             const hidl_string& mime) {
38         return mLegacyPlugin->requiresSecureDecoderComponent(mime.c_str());
39     }
40 
notifyResolution(uint32_t width,uint32_t height)41     Return<void> CryptoPlugin::notifyResolution(uint32_t width,
42             uint32_t height) {
43         mLegacyPlugin->notifyResolution(width, height);
44         return Void();
45     }
46 
setMediaDrmSession(const hidl_vec<uint8_t> & sessionId)47     Return<Status> CryptoPlugin::setMediaDrmSession(
48             const hidl_vec<uint8_t>& sessionId) {
49         return toStatus(mLegacyPlugin->setMediaDrmSession(toVector(sessionId)));
50     }
51 
setSharedBufferBase(const hidl_memory & base,uint32_t bufferId)52     Return<void> CryptoPlugin::setSharedBufferBase(const hidl_memory& base,
53             uint32_t bufferId) {
54         sp<IMemory> hidlMemory = mapMemory(base);
55 
56         // allow mapMemory to return nullptr
57         mSharedBufferMap[bufferId] = hidlMemory;
58         return Void();
59     }
60 
decrypt(bool secure,const hidl_array<uint8_t,16> & keyId,const hidl_array<uint8_t,16> & iv,Mode mode,const Pattern & pattern,const hidl_vec<SubSample> & subSamples,const SharedBuffer & source,uint64_t offset,const DestinationBuffer & destination,decrypt_cb _hidl_cb)61     Return<void> CryptoPlugin::decrypt(bool secure,
62             const hidl_array<uint8_t, 16>& keyId,
63             const hidl_array<uint8_t, 16>& iv, Mode mode,
64             const Pattern& pattern, const hidl_vec<SubSample>& subSamples,
65             const SharedBuffer& source, uint64_t offset,
66             const DestinationBuffer& destination,
67             decrypt_cb _hidl_cb) {
68 
69         if (mSharedBufferMap.find(source.bufferId) == mSharedBufferMap.end()) {
70             _hidl_cb(Status::ERROR_DRM_CANNOT_HANDLE, 0, "source decrypt buffer base not set");
71             return Void();
72         }
73 
74         if (destination.type == BufferType::SHARED_MEMORY) {
75             const SharedBuffer& dest = destination.nonsecureMemory;
76             if (mSharedBufferMap.find(dest.bufferId) == mSharedBufferMap.end()) {
77                 _hidl_cb(Status::ERROR_DRM_CANNOT_HANDLE, 0, "destination decrypt buffer base not set");
78                 return Void();
79             }
80         }
81 
82         android::CryptoPlugin::Mode legacyMode;
83         switch(mode) {
84         case Mode::UNENCRYPTED:
85             legacyMode = android::CryptoPlugin::kMode_Unencrypted;
86             break;
87         case Mode::AES_CTR:
88             legacyMode = android::CryptoPlugin::kMode_AES_CTR;
89             break;
90         case Mode::AES_CBC_CTS:
91             legacyMode = android::CryptoPlugin::kMode_AES_WV;
92             break;
93         case Mode::AES_CBC:
94             legacyMode = android::CryptoPlugin::kMode_AES_CBC;
95             break;
96         }
97         android::CryptoPlugin::Pattern legacyPattern;
98         legacyPattern.mEncryptBlocks = pattern.encryptBlocks;
99         legacyPattern.mSkipBlocks = pattern.skipBlocks;
100 
101         std::unique_ptr<android::CryptoPlugin::SubSample[]> legacySubSamples =
102                 std::make_unique<android::CryptoPlugin::SubSample[]>(subSamples.size());
103 
104         size_t destSize = 0;
105         for (size_t i = 0; i < subSamples.size(); i++) {
106             uint32_t numBytesOfClearData = subSamples[i].numBytesOfClearData;
107             legacySubSamples[i].mNumBytesOfClearData = numBytesOfClearData;
108             uint32_t numBytesOfEncryptedData = subSamples[i].numBytesOfEncryptedData;
109             legacySubSamples[i].mNumBytesOfEncryptedData = numBytesOfEncryptedData;
110             if (__builtin_add_overflow(destSize, numBytesOfClearData, &destSize)) {
111                 _hidl_cb(Status::BAD_VALUE, 0, "subsample clear size overflow");
112                 return Void();
113             }
114             if (__builtin_add_overflow(destSize, numBytesOfEncryptedData, &destSize)) {
115                 _hidl_cb(Status::BAD_VALUE, 0, "subsample encrypted size overflow");
116                 return Void();
117             }
118         }
119 
120         AString detailMessage;
121         sp<IMemory> sourceBase = mSharedBufferMap[source.bufferId];
122         if (sourceBase == nullptr) {
123             _hidl_cb(Status::ERROR_DRM_CANNOT_HANDLE, 0, "source is a nullptr");
124             return Void();
125         }
126 
127         if (source.offset + offset + source.size > sourceBase->getSize()) {
128             _hidl_cb(Status::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size");
129             return Void();
130         }
131 
132         uint8_t *base = static_cast<uint8_t *>
133                 (static_cast<void *>(sourceBase->getPointer()));
134         void *srcPtr = static_cast<void *>(base + source.offset + offset);
135 
136         void *destPtr = NULL;
137         if (destination.type == BufferType::SHARED_MEMORY) {
138             const SharedBuffer& destBuffer = destination.nonsecureMemory;
139             sp<IMemory> destBase = mSharedBufferMap[destBuffer.bufferId];
140             if (destBase == nullptr) {
141                 _hidl_cb(Status::ERROR_DRM_CANNOT_HANDLE, 0, "destination is a nullptr");
142                 return Void();
143             }
144 
145             if (destBuffer.offset + destBuffer.size > destBase->getSize()) {
146                 _hidl_cb(Status::ERROR_DRM_CANNOT_HANDLE, 0, "invalid buffer size");
147                 return Void();
148             }
149 
150             if (destSize > destBuffer.size) {
151                 _hidl_cb(Status::BAD_VALUE, 0, "subsample sum too large");
152                 return Void();
153             }
154 
155             base = static_cast<uint8_t *>(static_cast<void *>(destBase->getPointer()));
156             destPtr = static_cast<void *>(base + destination.nonsecureMemory.offset);
157         } else if (destination.type == BufferType::NATIVE_HANDLE) {
158             if (!secure) {
159                 _hidl_cb(Status::BAD_VALUE, 0, "native handle destination must be secure");
160                 return Void();
161             }
162             native_handle_t *handle = const_cast<native_handle_t *>(
163                     destination.secureMemory.getNativeHandle());
164             destPtr = static_cast<void *>(handle);
165         } else {
166             _hidl_cb(Status::BAD_VALUE, 0, "invalid destination type");
167             return Void();
168         }
169         ssize_t result = mLegacyPlugin->decrypt(secure, keyId.data(), iv.data(),
170                 legacyMode, legacyPattern, srcPtr, legacySubSamples.get(),
171                 subSamples.size(), destPtr, &detailMessage);
172 
173         uint32_t status;
174         uint32_t bytesWritten;
175 
176         if (result >= 0) {
177             status = android::OK;
178             bytesWritten = result;
179         } else {
180             status = result;
181             bytesWritten = 0;
182         }
183 
184         _hidl_cb(toStatus(status), bytesWritten, detailMessage.c_str());
185         return Void();
186     }
187 
188 } // namespace implementation
189 }  // namespace V1_0
190 }  // namespace drm
191 }  // namespace hardware
192 }  // namespace android
193