CryptoHal.cpp revision d07c92742fc5801cab8e99801f591365986acbe9
1/* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17//#define LOG_NDEBUG 0 18#define LOG_TAG "CryptoHal" 19#include <utils/Log.h> 20 21#include <android/hardware/drm/1.0/types.h> 22#include <android/hidl/manager/1.0/IServiceManager.h> 23 24#include <binder/IMemory.h> 25#include <cutils/native_handle.h> 26#include <media/CryptoHal.h> 27#include <media/hardware/CryptoAPI.h> 28#include <media/stagefright/foundation/ADebug.h> 29#include <media/stagefright/foundation/AString.h> 30#include <media/stagefright/foundation/hexdump.h> 31#include <media/stagefright/MediaErrors.h> 32 33using ::android::hardware::drm::V1_0::BufferType; 34using ::android::hardware::drm::V1_0::DestinationBuffer; 35using ::android::hardware::drm::V1_0::ICryptoFactory; 36using ::android::hardware::drm::V1_0::ICryptoPlugin; 37using ::android::hardware::drm::V1_0::Mode; 38using ::android::hardware::drm::V1_0::Pattern; 39using ::android::hardware::drm::V1_0::SharedBuffer; 40using ::android::hardware::drm::V1_0::Status; 41using ::android::hardware::drm::V1_0::SubSample; 42using ::android::hardware::hidl_array; 43using ::android::hardware::hidl_handle; 44using ::android::hardware::hidl_memory; 45using ::android::hardware::hidl_string; 46using ::android::hardware::hidl_vec; 47using ::android::hardware::Return; 48using ::android::hardware::Void; 49using ::android::hidl::manager::V1_0::IServiceManager; 50using ::android::sp; 51 52 53namespace android { 54 55static status_t toStatusT(Status status) { 56 switch (status) { 57 case Status::OK: 58 return OK; 59 case Status::ERROR_DRM_NO_LICENSE: 60 return ERROR_DRM_NO_LICENSE; 61 case Status::ERROR_DRM_LICENSE_EXPIRED: 62 return ERROR_DRM_LICENSE_EXPIRED; 63 case Status::ERROR_DRM_RESOURCE_BUSY: 64 return ERROR_DRM_RESOURCE_BUSY; 65 case Status::ERROR_DRM_INSUFFICIENT_OUTPUT_PROTECTION: 66 return ERROR_DRM_INSUFFICIENT_OUTPUT_PROTECTION; 67 case Status::ERROR_DRM_SESSION_NOT_OPENED: 68 return ERROR_DRM_SESSION_NOT_OPENED; 69 case Status::ERROR_DRM_CANNOT_HANDLE: 70 return ERROR_DRM_CANNOT_HANDLE; 71 case Status::ERROR_DRM_DECRYPT: 72 return ERROR_DRM_DECRYPT; 73 default: 74 return UNKNOWN_ERROR; 75 } 76} 77 78 79static hidl_vec<uint8_t> toHidlVec(const Vector<uint8_t> &vector) { 80 hidl_vec<uint8_t> vec; 81 vec.setToExternal(const_cast<uint8_t *>(vector.array()), vector.size()); 82 return vec; 83} 84 85static hidl_vec<uint8_t> toHidlVec(const void *ptr, size_t size) { 86 hidl_vec<uint8_t> vec; 87 vec.resize(size); 88 memcpy(vec.data(), ptr, size); 89 return vec; 90} 91 92static hidl_array<uint8_t, 16> toHidlArray16(const uint8_t *ptr) { 93 if (!ptr) { 94 return hidl_array<uint8_t, 16>(); 95 } 96 return hidl_array<uint8_t, 16>(ptr); 97} 98 99 100static String8 toString8(hidl_string hString) { 101 return String8(hString.c_str()); 102} 103 104 105CryptoHal::CryptoHal() 106 : mFactories(makeCryptoFactories()), 107 mInitCheck((mFactories.size() == 0) ? ERROR_UNSUPPORTED : NO_INIT), 108 mNextBufferId(0) { 109} 110 111CryptoHal::~CryptoHal() { 112} 113 114Vector<sp<ICryptoFactory>> CryptoHal::makeCryptoFactories() { 115 Vector<sp<ICryptoFactory>> factories; 116 117 auto manager = ::IServiceManager::getService(); 118 if (manager != NULL) { 119 manager->listByInterface(ICryptoFactory::descriptor, 120 [&factories](const hidl_vec<hidl_string> ®istered) { 121 for (const auto &instance : registered) { 122 auto factory = ICryptoFactory::getService(instance); 123 if (factory != NULL) { 124 factories.push_back(factory); 125 ALOGI("makeCryptoFactories: factory instance %s is %s", 126 instance.c_str(), 127 factory->isRemote() ? "Remote" : "Not Remote"); 128 } 129 } 130 } 131 ); 132 } 133 134 if (factories.size() == 0) { 135 // must be in passthrough mode, load the default passthrough service 136 auto passthrough = ICryptoFactory::getService("crypto"); 137 if (passthrough != NULL) { 138 ALOGI("makeCryptoFactories: using default crypto instance"); 139 factories.push_back(passthrough); 140 } else { 141 ALOGE("Failed to find any crypto factories"); 142 } 143 } 144 return factories; 145} 146 147sp<ICryptoPlugin> CryptoHal::makeCryptoPlugin(const sp<ICryptoFactory>& factory, 148 const uint8_t uuid[16], const void *initData, size_t initDataSize) { 149 150 sp<ICryptoPlugin> plugin; 151 Return<void> hResult = factory->createPlugin(toHidlArray16(uuid), 152 toHidlVec(initData, initDataSize), 153 [&](Status status, const sp<ICryptoPlugin>& hPlugin) { 154 if (status != Status::OK) { 155 ALOGE("Failed to make crypto plugin"); 156 return; 157 } 158 plugin = hPlugin; 159 } 160 ); 161 return plugin; 162} 163 164 165status_t CryptoHal::initCheck() const { 166 return mInitCheck; 167} 168 169 170bool CryptoHal::isCryptoSchemeSupported(const uint8_t uuid[16]) { 171 Mutex::Autolock autoLock(mLock); 172 173 for (size_t i = 0; i < mFactories.size(); i++) { 174 if (mFactories[i]->isCryptoSchemeSupported(uuid)) { 175 return true; 176 } 177 } 178 return false; 179} 180 181status_t CryptoHal::createPlugin(const uint8_t uuid[16], const void *data, 182 size_t size) { 183 Mutex::Autolock autoLock(mLock); 184 185 for (size_t i = 0; i < mFactories.size(); i++) { 186 if (mFactories[i]->isCryptoSchemeSupported(uuid)) { 187 mPlugin = makeCryptoPlugin(mFactories[i], uuid, data, size); 188 } 189 } 190 191 if (mPlugin == NULL) { 192 mInitCheck = ERROR_UNSUPPORTED; 193 } else { 194 mInitCheck = OK; 195 } 196 197 return mInitCheck; 198} 199 200status_t CryptoHal::destroyPlugin() { 201 Mutex::Autolock autoLock(mLock); 202 203 if (mInitCheck != OK) { 204 return mInitCheck; 205 } 206 207 mPlugin.clear(); 208 return OK; 209} 210 211bool CryptoHal::requiresSecureDecoderComponent(const char *mime) const { 212 Mutex::Autolock autoLock(mLock); 213 214 if (mInitCheck != OK) { 215 return mInitCheck; 216 } 217 218 return mPlugin->requiresSecureDecoderComponent(hidl_string(mime)); 219} 220 221 222/** 223 * If the heap base isn't set, get the heap base from the IMemory 224 * and send it to the HAL so it can map a remote heap of the same 225 * size. Once the heap base is established, shared memory buffers 226 * are sent by providing an offset into the heap and a buffer size. 227 */ 228void CryptoHal::setHeapBase(const sp<IMemoryHeap>& heap) { 229 native_handle_t* nativeHandle = native_handle_create(1, 0); 230 if (!nativeHandle) { 231 ALOGE("setHeapBase(), failed to create native handle"); 232 return; 233 } 234 if (heap == NULL) { 235 ALOGE("setHeapBase(): heap is NULL"); 236 return; 237 } 238 int fd = heap->getHeapID(); 239 nativeHandle->data[0] = fd; 240 auto hidlHandle = hidl_handle(nativeHandle); 241 auto hidlMemory = hidl_memory("ashmem", hidlHandle, heap->getSize()); 242 mHeapBases.add(heap->getBase(), mNextBufferId); 243 Return<void> hResult = mPlugin->setSharedBufferBase(hidlMemory, mNextBufferId++); 244 ALOGE_IF(!hResult.isOk(), "setSharedBufferBase(): remote call failed"); 245} 246 247void CryptoHal::clearHeapBase(const sp<IMemoryHeap>& heap) { 248 mHeapBases.removeItem(heap->getBase()); 249} 250 251status_t CryptoHal::toSharedBuffer(const sp<IMemory>& memory, ::SharedBuffer* buffer) { 252 ssize_t offset; 253 size_t size; 254 255 if (memory == NULL && buffer == NULL) { 256 return UNEXPECTED_NULL; 257 } 258 259 sp<IMemoryHeap> heap = memory->getMemory(&offset, &size); 260 if (heap == NULL) { 261 return UNEXPECTED_NULL; 262 } 263 264 // memory must be in the declared heap 265 CHECK(mHeapBases.indexOfKey(heap->getBase()) >= 0); 266 267 buffer->bufferId = mHeapBases.valueFor(heap->getBase()); 268 buffer->offset = offset >= 0 ? offset : 0; 269 buffer->size = size; 270 return OK; 271} 272 273ssize_t CryptoHal::decrypt(const uint8_t keyId[16], const uint8_t iv[16], 274 CryptoPlugin::Mode mode, const CryptoPlugin::Pattern &pattern, 275 const sp<IMemory> &source, size_t offset, 276 const CryptoPlugin::SubSample *subSamples, size_t numSubSamples, 277 const ICrypto::DestinationBuffer &destination, AString *errorDetailMsg) { 278 Mutex::Autolock autoLock(mLock); 279 280 if (mInitCheck != OK) { 281 return mInitCheck; 282 } 283 284 Mode hMode; 285 switch(mode) { 286 case CryptoPlugin::kMode_Unencrypted: 287 hMode = Mode::UNENCRYPTED ; 288 break; 289 case CryptoPlugin::kMode_AES_CTR: 290 hMode = Mode::AES_CTR; 291 break; 292 case CryptoPlugin::kMode_AES_WV: 293 hMode = Mode::AES_CBC_CTS; 294 break; 295 case CryptoPlugin::kMode_AES_CBC: 296 hMode = Mode::AES_CBC; 297 break; 298 default: 299 return UNKNOWN_ERROR; 300 } 301 302 Pattern hPattern; 303 hPattern.encryptBlocks = pattern.mEncryptBlocks; 304 hPattern.skipBlocks = pattern.mSkipBlocks; 305 306 std::vector<SubSample> stdSubSamples; 307 for (size_t i = 0; i < numSubSamples; i++) { 308 SubSample subSample; 309 subSample.numBytesOfClearData = subSamples[i].mNumBytesOfClearData; 310 subSample.numBytesOfEncryptedData = subSamples[i].mNumBytesOfEncryptedData; 311 stdSubSamples.push_back(subSample); 312 } 313 auto hSubSamples = hidl_vec<SubSample>(stdSubSamples); 314 315 bool secure; 316 ::DestinationBuffer hDestination; 317 if (destination.mType == kDestinationTypeSharedMemory) { 318 hDestination.type = BufferType::SHARED_MEMORY; 319 status_t status = toSharedBuffer(destination.mSharedMemory, 320 &hDestination.nonsecureMemory); 321 if (status != OK) { 322 return status; 323 } 324 secure = false; 325 } else { 326 hDestination.type = BufferType::NATIVE_HANDLE; 327 hDestination.secureMemory = hidl_handle(destination.mHandle); 328 secure = true; 329 } 330 331 ::SharedBuffer hSource; 332 status_t status = toSharedBuffer(source, &hSource); 333 if (status != OK) { 334 return status; 335 } 336 337 status_t err = UNKNOWN_ERROR; 338 uint32_t bytesWritten = 0; 339 340 Return<void> hResult = mPlugin->decrypt(secure, toHidlArray16(keyId), toHidlArray16(iv), hMode, 341 hPattern, hSubSamples, hSource, offset, hDestination, 342 [&](Status status, uint32_t hBytesWritten, hidl_string hDetailedError) { 343 if (status == Status::OK) { 344 bytesWritten = hBytesWritten; 345 *errorDetailMsg = toString8(hDetailedError); 346 } 347 err = toStatusT(status); 348 } 349 ); 350 351 if (!hResult.isOk()) { 352 err = DEAD_OBJECT; 353 } 354 355 if (err == OK) { 356 return bytesWritten; 357 } 358 return err; 359} 360 361void CryptoHal::notifyResolution(uint32_t width, uint32_t height) { 362 Mutex::Autolock autoLock(mLock); 363 364 if (mInitCheck != OK) { 365 return; 366 } 367 368 mPlugin->notifyResolution(width, height); 369} 370 371status_t CryptoHal::setMediaDrmSession(const Vector<uint8_t> &sessionId) { 372 Mutex::Autolock autoLock(mLock); 373 374 if (mInitCheck != OK) { 375 return mInitCheck; 376 } 377 378 return toStatusT(mPlugin->setMediaDrmSession(toHidlVec(sessionId))); 379} 380 381} // namespace android 382