1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
/*
* Copyright 2015, Mozilla Foundation and contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <assert.h>
#include <stdio.h>
#include <string.h>
#include <vector>
#include <string>
#include "ClearKeyCDM.h"
#include "ClearKeySessionManager.h"
// This include is required in order for content_decryption_module to work
// on Unix systems.
#include "stddef.h"
#include "content_decryption_module.h"
#include "content_decryption_module_ext.h"
#include "nss.h"
#ifndef XP_WIN
# include <sys/types.h>
# include <sys/stat.h>
# include <unistd.h>
#endif
#ifdef ENABLE_WMF
# include "WMFUtils.h"
#endif // ENABLE_WMF
extern "C" {
CDM_API
void INITIALIZE_CDM_MODULE() {}
static bool sCanReadHostVerificationFiles = false;
CDM_API
void* CreateCdmInstance(int cdm_interface_version, const char* key_system,
uint32_t key_system_size,
GetCdmHostFunc get_cdm_host_func, void* user_data) {
CK_LOGE("ClearKey CreateCDMInstance");
if (cdm_interface_version != cdm::ContentDecryptionModule_10::kVersion) {
CK_LOGE(
"ClearKey CreateCDMInstance failed due to requesting unsupported "
"version %d.",
cdm_interface_version);
return nullptr;
}
#ifdef ENABLE_WMF
if (!wmf::EnsureLibs()) {
CK_LOGE("Required libraries were not found");
return nullptr;
}
#endif
if (NSS_NoDB_Init(nullptr) == SECFailure) {
CK_LOGE("Unable to initialize NSS");
return nullptr;
}
#ifdef MOZILLA_OFFICIAL
// Test that we're able to read the host files.
if (!sCanReadHostVerificationFiles) {
return nullptr;
}
#endif
cdm::Host_10* host = static_cast<cdm::Host_10*>(
get_cdm_host_func(cdm_interface_version, user_data));
ClearKeyCDM* clearKey = new ClearKeyCDM(host);
CK_LOGE("Created ClearKeyCDM instance!");
return clearKey;
}
const size_t TEST_READ_SIZE = 16 * 1024;
bool CanReadSome(cdm::PlatformFile aFile) {
std::vector<uint8_t> data;
data.resize(TEST_READ_SIZE);
#ifdef XP_WIN
DWORD bytesRead = 0;
return ReadFile(aFile, &data.front(), TEST_READ_SIZE, &bytesRead, nullptr) &&
bytesRead > 0;
#else
return read(aFile, &data.front(), TEST_READ_SIZE) > 0;
#endif
}
void ClosePlatformFile(cdm::PlatformFile aFile) {
#ifdef XP_WIN
CloseHandle(aFile);
#else
close(aFile);
#endif
}
static uint32_t NumExpectedHostFiles(const cdm::HostFile* aHostFiles,
uint32_t aNumFiles) {
#if !defined(XP_WIN)
// We expect 4 binaries: clearkey, libxul, plugin-container, and Firefox.
return 4;
#else
// Windows running x64 or x86 natively should also have 4 as above.
// For Windows on ARM64, we run an x86 plugin-contianer process under
// emulation, and so we expect one additional binary; the x86
// xul.dll used by plugin-container.exe.
bool i686underAArch64 = false;
// Assume that we're running under x86 emulation on an aarch64 host if
// one of the paths ends with the x86 plugin-container path we'd expect.
const std::wstring plugincontainer = L"i686\\plugin-container.exe";
for (uint32_t i = 0; i < aNumFiles; i++) {
const cdm::HostFile& hostFile = aHostFiles[i];
if (hostFile.file != cdm::kInvalidPlatformFile) {
std::wstring path = hostFile.file_path;
auto offset = path.find(plugincontainer);
if (offset != std::string::npos &&
offset == path.size() - plugincontainer.size()) {
i686underAArch64 = true;
break;
}
}
}
return i686underAArch64 ? 5 : 4;
#endif
}
CDM_API
bool VerifyCdmHost_0(const cdm::HostFile* aHostFiles, uint32_t aNumFiles) {
// Check that we've received the expected number of host files.
bool rv = (aNumFiles == NumExpectedHostFiles(aHostFiles, aNumFiles));
// Verify that each binary is readable inside the sandbox,
// and close the handle.
for (uint32_t i = 0; i < aNumFiles; i++) {
const cdm::HostFile& hostFile = aHostFiles[i];
if (hostFile.file != cdm::kInvalidPlatformFile) {
if (!CanReadSome(hostFile.file)) {
rv = false;
}
ClosePlatformFile(hostFile.file);
}
if (hostFile.sig_file != cdm::kInvalidPlatformFile) {
ClosePlatformFile(hostFile.sig_file);
}
}
sCanReadHostVerificationFiles = rv;
return rv;
}
} // extern "C".
|