CryptoHal.cpp revision d07c92742fc5801cab8e99801f591365986acbe9 
1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17//#define LOG_NDEBUG 0
18#define LOG_TAG "CryptoHal"
19#include <utils/Log.h>
20
21#include <android/hardware/drm/1.0/types.h>
22#include <android/hidl/manager/1.0/IServiceManager.h>
23
24#include <binder/IMemory.h>
25#include <cutils/native_handle.h>
26#include <media/CryptoHal.h>
27#include <media/hardware/CryptoAPI.h>
28#include <media/stagefright/foundation/ADebug.h>
29#include <media/stagefright/foundation/AString.h>
30#include <media/stagefright/foundation/hexdump.h>
31#include <media/stagefright/MediaErrors.h>
32
33using ::android::hardware::drm::V1_0::BufferType;
34using ::android::hardware::drm::V1_0::DestinationBuffer;
35using ::android::hardware::drm::V1_0::ICryptoFactory;
36using ::android::hardware::drm::V1_0::ICryptoPlugin;
37using ::android::hardware::drm::V1_0::Mode;
38using ::android::hardware::drm::V1_0::Pattern;
39using ::android::hardware::drm::V1_0::SharedBuffer;
40using ::android::hardware::drm::V1_0::Status;
41using ::android::hardware::drm::V1_0::SubSample;
42using ::android::hardware::hidl_array;
43using ::android::hardware::hidl_handle;
44using ::android::hardware::hidl_memory;
45using ::android::hardware::hidl_string;
46using ::android::hardware::hidl_vec;
47using ::android::hardware::Return;
48using ::android::hardware::Void;
49using ::android::hidl::manager::V1_0::IServiceManager;
50using ::android::sp;
51
52
53namespace android {
54
55static status_t toStatusT(Status status) {
56    switch (status) {
57    case Status::OK:
58        return OK;
59    case Status::ERROR_DRM_NO_LICENSE:
60        return ERROR_DRM_NO_LICENSE;
61    case Status::ERROR_DRM_LICENSE_EXPIRED:
62        return ERROR_DRM_LICENSE_EXPIRED;
63    case Status::ERROR_DRM_RESOURCE_BUSY:
64        return ERROR_DRM_RESOURCE_BUSY;
65    case Status::ERROR_DRM_INSUFFICIENT_OUTPUT_PROTECTION:
66        return ERROR_DRM_INSUFFICIENT_OUTPUT_PROTECTION;
67    case Status::ERROR_DRM_SESSION_NOT_OPENED:
68        return ERROR_DRM_SESSION_NOT_OPENED;
69    case Status::ERROR_DRM_CANNOT_HANDLE:
70        return ERROR_DRM_CANNOT_HANDLE;
71    case Status::ERROR_DRM_DECRYPT:
72        return ERROR_DRM_DECRYPT;
73    default:
74        return UNKNOWN_ERROR;
75    }
76}
77
78
79static hidl_vec<uint8_t> toHidlVec(const Vector<uint8_t> &vector) {
80    hidl_vec<uint8_t> vec;
81    vec.setToExternal(const_cast<uint8_t *>(vector.array()), vector.size());
82    return vec;
83}
84
85static hidl_vec<uint8_t> toHidlVec(const void *ptr, size_t size) {
86    hidl_vec<uint8_t> vec;
87    vec.resize(size);
88    memcpy(vec.data(), ptr, size);
89    return vec;
90}
91
92static hidl_array<uint8_t, 16> toHidlArray16(const uint8_t *ptr) {
93    if (!ptr) {
94        return hidl_array<uint8_t, 16>();
95    }
96    return hidl_array<uint8_t, 16>(ptr);
97}
98
99
100static String8 toString8(hidl_string hString) {
101    return String8(hString.c_str());
102}
103
104
105CryptoHal::CryptoHal()
106    : mFactories(makeCryptoFactories()),
107      mInitCheck((mFactories.size() == 0) ? ERROR_UNSUPPORTED : NO_INIT),
108      mNextBufferId(0) {
109}
110
111CryptoHal::~CryptoHal() {
112}
113
114Vector<sp<ICryptoFactory>> CryptoHal::makeCryptoFactories() {
115    Vector<sp<ICryptoFactory>> factories;
116
117    auto manager = ::IServiceManager::getService();
118    if (manager != NULL) {
119        manager->listByInterface(ICryptoFactory::descriptor,
120                [&factories](const hidl_vec<hidl_string> &registered) {
121                    for (const auto &instance : registered) {
122                        auto factory = ICryptoFactory::getService(instance);
123                        if (factory != NULL) {
124                            factories.push_back(factory);
125                            ALOGI("makeCryptoFactories: factory instance %s is %s",
126                                    instance.c_str(),
127                                    factory->isRemote() ? "Remote" : "Not Remote");
128                        }
129                    }
130                }
131            );
132    }
133
134    if (factories.size() == 0) {
135        // must be in passthrough mode, load the default passthrough service
136        auto passthrough = ICryptoFactory::getService("crypto");
137        if (passthrough != NULL) {
138            ALOGI("makeCryptoFactories: using default crypto instance");
139            factories.push_back(passthrough);
140        } else {
141            ALOGE("Failed to find any crypto factories");
142        }
143    }
144    return factories;
145}
146
147sp<ICryptoPlugin> CryptoHal::makeCryptoPlugin(const sp<ICryptoFactory>& factory,
148        const uint8_t uuid[16], const void *initData, size_t initDataSize) {
149
150    sp<ICryptoPlugin> plugin;
151    Return<void> hResult = factory->createPlugin(toHidlArray16(uuid),
152            toHidlVec(initData, initDataSize),
153            [&](Status status, const sp<ICryptoPlugin>& hPlugin) {
154                if (status != Status::OK) {
155                    ALOGE("Failed to make crypto plugin");
156                    return;
157                }
158                plugin = hPlugin;
159            }
160        );
161    return plugin;
162}
163
164
165status_t CryptoHal::initCheck() const {
166    return mInitCheck;
167}
168
169
170bool CryptoHal::isCryptoSchemeSupported(const uint8_t uuid[16]) {
171    Mutex::Autolock autoLock(mLock);
172
173    for (size_t i = 0; i < mFactories.size(); i++) {
174        if (mFactories[i]->isCryptoSchemeSupported(uuid)) {
175            return true;
176        }
177    }
178    return false;
179}
180
181status_t CryptoHal::createPlugin(const uint8_t uuid[16], const void *data,
182        size_t size) {
183    Mutex::Autolock autoLock(mLock);
184
185    for (size_t i = 0; i < mFactories.size(); i++) {
186        if (mFactories[i]->isCryptoSchemeSupported(uuid)) {
187            mPlugin = makeCryptoPlugin(mFactories[i], uuid, data, size);
188        }
189    }
190
191    if (mPlugin == NULL) {
192        mInitCheck = ERROR_UNSUPPORTED;
193    } else {
194        mInitCheck = OK;
195    }
196
197    return mInitCheck;
198}
199
200status_t CryptoHal::destroyPlugin() {
201    Mutex::Autolock autoLock(mLock);
202
203    if (mInitCheck != OK) {
204        return mInitCheck;
205    }
206
207    mPlugin.clear();
208    return OK;
209}
210
211bool CryptoHal::requiresSecureDecoderComponent(const char *mime) const {
212    Mutex::Autolock autoLock(mLock);
213
214    if (mInitCheck != OK) {
215        return mInitCheck;
216    }
217
218    return mPlugin->requiresSecureDecoderComponent(hidl_string(mime));
219}
220
221
222/**
223 * If the heap base isn't set, get the heap base from the IMemory
224 * and send it to the HAL so it can map a remote heap of the same
225 * size.  Once the heap base is established, shared memory buffers
226 * are sent by providing an offset into the heap and a buffer size.
227 */
228void CryptoHal::setHeapBase(const sp<IMemoryHeap>& heap) {
229    native_handle_t* nativeHandle = native_handle_create(1, 0);
230    if (!nativeHandle) {
231        ALOGE("setHeapBase(), failed to create native handle");
232        return;
233    }
234    if (heap == NULL) {
235        ALOGE("setHeapBase(): heap is NULL");
236        return;
237    }
238    int fd = heap->getHeapID();
239    nativeHandle->data[0] = fd;
240    auto hidlHandle = hidl_handle(nativeHandle);
241    auto hidlMemory = hidl_memory("ashmem", hidlHandle, heap->getSize());
242    mHeapBases.add(heap->getBase(), mNextBufferId);
243    Return<void> hResult = mPlugin->setSharedBufferBase(hidlMemory, mNextBufferId++);
244    ALOGE_IF(!hResult.isOk(), "setSharedBufferBase(): remote call failed");
245}
246
247void CryptoHal::clearHeapBase(const sp<IMemoryHeap>& heap) {
248    mHeapBases.removeItem(heap->getBase());
249}
250
251status_t CryptoHal::toSharedBuffer(const sp<IMemory>& memory, ::SharedBuffer* buffer) {
252    ssize_t offset;
253    size_t size;
254
255    if (memory == NULL && buffer == NULL) {
256        return UNEXPECTED_NULL;
257    }
258
259    sp<IMemoryHeap> heap = memory->getMemory(&offset, &size);
260    if (heap == NULL) {
261        return UNEXPECTED_NULL;
262    }
263
264    // memory must be in the declared heap
265    CHECK(mHeapBases.indexOfKey(heap->getBase()) >= 0);
266
267    buffer->bufferId = mHeapBases.valueFor(heap->getBase());
268    buffer->offset = offset >= 0 ? offset : 0;
269    buffer->size = size;
270    return OK;
271}
272
273ssize_t CryptoHal::decrypt(const uint8_t keyId[16], const uint8_t iv[16],
274        CryptoPlugin::Mode mode, const CryptoPlugin::Pattern &pattern,
275        const sp<IMemory> &source, size_t offset,
276        const CryptoPlugin::SubSample *subSamples, size_t numSubSamples,
277        const ICrypto::DestinationBuffer &destination, AString *errorDetailMsg) {
278    Mutex::Autolock autoLock(mLock);
279
280    if (mInitCheck != OK) {
281        return mInitCheck;
282    }
283
284    Mode hMode;
285    switch(mode) {
286    case CryptoPlugin::kMode_Unencrypted:
287        hMode = Mode::UNENCRYPTED ;
288        break;
289    case CryptoPlugin::kMode_AES_CTR:
290        hMode = Mode::AES_CTR;
291        break;
292    case CryptoPlugin::kMode_AES_WV:
293        hMode = Mode::AES_CBC_CTS;
294        break;
295    case CryptoPlugin::kMode_AES_CBC:
296        hMode = Mode::AES_CBC;
297        break;
298    default:
299        return UNKNOWN_ERROR;
300    }
301
302    Pattern hPattern;
303    hPattern.encryptBlocks = pattern.mEncryptBlocks;
304    hPattern.skipBlocks = pattern.mSkipBlocks;
305
306    std::vector<SubSample> stdSubSamples;
307    for (size_t i = 0; i < numSubSamples; i++) {
308        SubSample subSample;
309        subSample.numBytesOfClearData = subSamples[i].mNumBytesOfClearData;
310        subSample.numBytesOfEncryptedData = subSamples[i].mNumBytesOfEncryptedData;
311        stdSubSamples.push_back(subSample);
312    }
313    auto hSubSamples = hidl_vec<SubSample>(stdSubSamples);
314
315    bool secure;
316    ::DestinationBuffer hDestination;
317    if (destination.mType == kDestinationTypeSharedMemory) {
318        hDestination.type = BufferType::SHARED_MEMORY;
319        status_t status = toSharedBuffer(destination.mSharedMemory,
320                &hDestination.nonsecureMemory);
321        if (status != OK) {
322            return status;
323        }
324        secure = false;
325    } else {
326        hDestination.type = BufferType::NATIVE_HANDLE;
327        hDestination.secureMemory = hidl_handle(destination.mHandle);
328        secure = true;
329    }
330
331    ::SharedBuffer hSource;
332    status_t status = toSharedBuffer(source, &hSource);
333    if (status != OK) {
334        return status;
335    }
336
337    status_t err = UNKNOWN_ERROR;
338    uint32_t bytesWritten = 0;
339
340    Return<void> hResult = mPlugin->decrypt(secure, toHidlArray16(keyId), toHidlArray16(iv), hMode,
341            hPattern, hSubSamples, hSource, offset, hDestination,
342            [&](Status status, uint32_t hBytesWritten, hidl_string hDetailedError) {
343                if (status == Status::OK) {
344                    bytesWritten = hBytesWritten;
345                    *errorDetailMsg = toString8(hDetailedError);
346                }
347                err = toStatusT(status);
348            }
349        );
350
351    if (!hResult.isOk()) {
352        err = DEAD_OBJECT;
353    }
354
355    if (err == OK) {
356        return bytesWritten;
357    }
358    return err;
359}
360
361void CryptoHal::notifyResolution(uint32_t width, uint32_t height) {
362    Mutex::Autolock autoLock(mLock);
363
364    if (mInitCheck != OK) {
365        return;
366    }
367
368    mPlugin->notifyResolution(width, height);
369}
370
371status_t CryptoHal::setMediaDrmSession(const Vector<uint8_t> &sessionId) {
372    Mutex::Autolock autoLock(mLock);
373
374    if (mInitCheck != OK) {
375        return mInitCheck;
376    }
377
378    return toStatusT(mPlugin->setMediaDrmSession(toHidlVec(sessionId)));
379}
380
381}  // namespace android
382