Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(201)

Side by Side Diff: media/crypto/aes_decryptor.cc

Issue 10535029: Add support for encrypted WebM files as defined in the RFC. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Addressing comments in the CL. Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "media/crypto/aes_decryptor.h" 5 #include "media/crypto/aes_decryptor.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "base/stl_util.h" 8 #include "base/stl_util.h"
9 #include "base/string_number_conversions.h" 9 #include "base/string_number_conversions.h"
10 #include "base/string_piece.h"
11 #include "crypto/encryptor.h" 10 #include "crypto/encryptor.h"
11 #include "crypto/hmac.h"
12 #include "crypto/symmetric_key.h" 12 #include "crypto/symmetric_key.h"
13 #include "media/base/decoder_buffer.h" 13 #include "media/base/decoder_buffer.h"
14 #include "media/base/decrypt_config.h" 14 #include "media/base/decrypt_config.h"
15 #include "media/base/decryptor_client.h" 15 #include "media/base/decryptor_client.h"
16 16
17 namespace media { 17 namespace media {
18 18
19 // TODO(xhwang): Get real IV from frames. 19 // The size is from the WebM encrypted specification. Current encrypted WebM
20 static const char kInitialCounter[] = "0000000000000000"; 20 // request for comments specification is here
21 // http://wiki.webmproject.org/encryption/webm-encryption-rfc
22 static const int kWebmSha1DigestSize = 20;
23 static const char kWebmHmacSeed[] = "hmac-key";
24 static const char kWebmEncryptionSeed[] = "encryption-key";
21 25
22 uint32 AesDecryptor::next_session_id_ = 1; 26 uint32 AesDecryptor::next_session_id_ = 1;
23 27
24 // Decrypt |input| using |key|. 28 // Derives a key using SHA1 HMAC. |secret| is the base secret to derive
29 // the key from. |seed| is the known message to the HMAC algorithm. |key_size|
30 // is how many bytes are returned in the key. Returns a string containing the
31 // key on success. Returns an empty string on failure.
32 static std::string DeriveKey(const base::StringPiece& secret,
33 const base::StringPiece& seed,
34 int key_size) {
35 CHECK(!secret.empty());
36 CHECK(!seed.empty());
37 CHECK_GT(key_size, 0);
38
39 crypto::HMAC hmac(crypto::HMAC::SHA1);
40 if (!hmac.Init(secret)) {
41 DVLOG(1) << "Could not initialize HMAC with secret data.";
42 return std::string();
43 }
44
45 scoped_array<uint8> calculated_hmac(new uint8[hmac.DigestLength()]);
46 if (!hmac.Sign(seed, calculated_hmac.get(), hmac.DigestLength())) {
47 DVLOG(1) << "Could not calculate HMAC.";
48 return std::string();
49 }
50
51 return std::string(reinterpret_cast<const char*>(calculated_hmac.get()),
52 key_size);
53 }
54
55 // Checks data in |input| matches the HMAC in |input|. The check is using the
56 // SHA1 algorithm. |hmac_key| is the key of the HMAC algorithm. Returns true if
57 // the integrity check passes.
58 static bool CheckData(const DecoderBuffer& input,
59 const base::StringPiece& hmac_key) {
60 CHECK(input.GetDataSize());
61 CHECK(input.GetDecryptConfig());
62 CHECK_GT(input.GetDecryptConfig()->checksum_size(), 0);
63 CHECK(!hmac_key.empty());
64
65 crypto::HMAC hmac(crypto::HMAC::SHA1);
66 if (!hmac.Init(hmac_key))
67 return false;
68
69 // The HMAC covers the IV and the frame data.
70 base::StringPiece data_to_check(
71 reinterpret_cast<const char*>(input.GetData()), input.GetDataSize());
72
73 scoped_array<uint8> calculated_hmac(new uint8[hmac.DigestLength()]);
74 if (!hmac.Sign(data_to_check, calculated_hmac.get(), hmac.DigestLength()))
75 return false;
76
77 CHECK(input.GetDecryptConfig()->checksum_size() <=
ddorwin 2012/07/13 00:48:00 DCHECK? Do we need this in opt builds?
fgalligan1 2012/07/13 21:40:41 Done.
78 static_cast<int>(hmac.DigestLength()));
79 if (memcmp(input.GetDecryptConfig()->checksum(),
80 calculated_hmac.get(),
81 input.GetDecryptConfig()->checksum_size()) != 0)
82 return false;
83 return true;
84 }
85
86 // Decrypt |input| using |key|. |encrypted_data_offset| is the number of bytes
ddorwin 2012/07/13 00:48:00 Decrypts... Returns...
fgalligan1 2012/07/13 21:40:41 Done.
87 // into |input| that the encrypted data starts.
25 // Return a DecoderBuffer with the decrypted data if decryption succeeded. 88 // Return a DecoderBuffer with the decrypted data if decryption succeeded.
26 // Return NULL if decryption failed. 89 // Return NULL if decryption failed.
27 static scoped_refptr<DecoderBuffer> DecryptData(const DecoderBuffer& input, 90 static scoped_refptr<DecoderBuffer> DecryptData(const DecoderBuffer& input,
28 crypto::SymmetricKey* key) { 91 crypto::SymmetricKey* key,
92 int encrypted_data_offset) {
29 CHECK(input.GetDataSize()); 93 CHECK(input.GetDataSize());
94 CHECK(input.GetDecryptConfig());
30 CHECK(key); 95 CHECK(key);
31 96
32 // Initialize encryption data. 97 // Initialize decryptor.
33 // The IV must be exactly as long as the cipher block size.
34 crypto::Encryptor encryptor; 98 crypto::Encryptor encryptor;
35 if (!encryptor.Init(key, crypto::Encryptor::CBC, kInitialCounter)) { 99 if (!encryptor.Init(key, crypto::Encryptor::CTR, "")) {
36 DVLOG(1) << "Could not initialize encryptor."; 100 DVLOG(1) << "Could not initialize decryptor.";
101 return NULL;
102 }
103
104 // Set the counter block.
105 base::StringPiece counter_block(
106 reinterpret_cast<const char*>(input.GetDecryptConfig()->iv()),
107 input.GetDecryptConfig()->iv_size());
108 if (counter_block.empty()) {
109 DVLOG(1) << "Could not generate counter block.";
110 return NULL;
111 }
112 if (!encryptor.SetCounter(counter_block)) {
ddorwin 2012/07/13 00:48:00 This version handles smaller IVs so we don't need
fgalligan1 2012/07/13 21:40:41 The latter. This code could handle larger or small
113 DVLOG(1) << "Could not set counter block.";
37 return NULL; 114 return NULL;
38 } 115 }
39 116
40 std::string decrypted_text; 117 std::string decrypted_text;
41 base::StringPiece encrypted_text( 118 const char* frame =
42 reinterpret_cast<const char*>(input.GetData()), 119 reinterpret_cast<const char*>(input.GetData() + encrypted_data_offset);
43 input.GetDataSize()); 120 int frame_size = input.GetDataSize() - encrypted_data_offset;
121 base::StringPiece encrypted_text(frame, frame_size);
44 if (!encryptor.Decrypt(encrypted_text, &decrypted_text)) { 122 if (!encryptor.Decrypt(encrypted_text, &decrypted_text)) {
45 DVLOG(1) << "Could not decrypt data."; 123 DVLOG(1) << "Could not decrypt data.";
46 return NULL; 124 return NULL;
47 } 125 }
48 126
49 // TODO(xhwang): Find a way to avoid this data copy. 127 // TODO(xhwang): Find a way to avoid this data copy.
50 return DecoderBuffer::CopyFrom( 128 return DecoderBuffer::CopyFrom(
51 reinterpret_cast<const uint8*>(decrypted_text.data()), 129 reinterpret_cast<const uint8*>(decrypted_text.data()),
52 decrypted_text.size()); 130 decrypted_text.size());
53 } 131 }
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after
99 if (!init_data) { 177 if (!init_data) {
100 init_data = kDummyInitData; 178 init_data = kDummyInitData;
101 init_data_length = arraysize(kDummyInitData); 179 init_data_length = arraysize(kDummyInitData);
102 } 180 }
103 181
104 // TODO(xhwang): For now, use |init_data| for key ID. Make this more spec 182 // TODO(xhwang): For now, use |init_data| for key ID. Make this more spec
105 // compliant later (http://crbug.com/123262, http://crbug.com/123265). 183 // compliant later (http://crbug.com/123262, http://crbug.com/123265).
106 std::string key_id_string(reinterpret_cast<const char*>(init_data), 184 std::string key_id_string(reinterpret_cast<const char*>(init_data),
107 init_data_length); 185 init_data_length);
108 std::string key_string(reinterpret_cast<const char*>(key) , key_length); 186 std::string key_string(reinterpret_cast<const char*>(key) , key_length);
109 crypto::SymmetricKey* symmetric_key = crypto::SymmetricKey::Import( 187 DecryptionKey* decrypt_key = new DecryptionKey(key_string);
ddorwin 2012/07/13 00:48:00 decryption_key for consistency?
fgalligan1 2012/07/13 21:40:41 Done.
110 crypto::SymmetricKey::AES, key_string); 188 if (!decrypt_key) {
111 if (!symmetric_key) { 189 DVLOG(1) << "Could not create key.";
112 DVLOG(1) << "Could not import key.";
113 client_->KeyError(key_system, session_id, Decryptor::kUnknownError, 0); 190 client_->KeyError(key_system, session_id, Decryptor::kUnknownError, 0);
114 return; 191 return;
115 } 192 }
116 193
117 { 194 {
118 base::AutoLock auto_lock(key_map_lock_); 195 base::AutoLock auto_lock(key_map_lock_);
119 KeyMap::iterator found = key_map_.find(key_id_string); 196 KeyMap::iterator found = key_map_.find(key_id_string);
120 if (found != key_map_.end()) { 197 if (found != key_map_.end()) {
121 delete found->second; 198 delete found->second;
122 key_map_.erase(found); 199 key_map_.erase(found);
123 } 200 }
124 key_map_[key_id_string] = symmetric_key; 201 key_map_[key_id_string] = decrypt_key;
125 } 202 }
126 203
127 client_->KeyAdded(key_system, session_id); 204 client_->KeyAdded(key_system, session_id);
128 } 205 }
129 206
130 void AesDecryptor::CancelKeyRequest(const std::string& key_system, 207 void AesDecryptor::CancelKeyRequest(const std::string& key_system,
131 const std::string& session_id) { 208 const std::string& session_id) {
132 } 209 }
133 210
134 scoped_refptr<DecoderBuffer> AesDecryptor::Decrypt( 211 scoped_refptr<DecoderBuffer> AesDecryptor::Decrypt(
135 const scoped_refptr<DecoderBuffer>& encrypted) { 212 const scoped_refptr<DecoderBuffer>& encrypted) {
136 CHECK(encrypted->GetDecryptConfig()); 213 CHECK(encrypted->GetDecryptConfig());
137 const uint8* key_id = encrypted->GetDecryptConfig()->key_id(); 214 const uint8* key_id = encrypted->GetDecryptConfig()->key_id();
138 const int key_id_size = encrypted->GetDecryptConfig()->key_id_size(); 215 const int key_id_size = encrypted->GetDecryptConfig()->key_id_size();
139 216
140 // TODO(xhwang): Avoid always constructing a string with StringPiece? 217 // TODO(xhwang): Avoid always constructing a string with StringPiece?
141 std::string key_id_string(reinterpret_cast<const char*>(key_id), key_id_size); 218 std::string key_id_string(reinterpret_cast<const char*>(key_id), key_id_size);
142 219
143 crypto::SymmetricKey* key = NULL; 220 DecryptionKey* key = NULL;
144 { 221 {
145 base::AutoLock auto_lock(key_map_lock_); 222 base::AutoLock auto_lock(key_map_lock_);
146 KeyMap::const_iterator found = key_map_.find(key_id_string); 223 KeyMap::const_iterator found = key_map_.find(key_id_string);
147 if (found == key_map_.end()) { 224 if (found == key_map_.end()) {
225 // TODO(fgalligan): Should this throw a decryptor error here?
ddorwin 2012/07/13 00:48:00 That or needkey. There is some debate about which
xhwang 2012/07/13 01:23:21 Yeah, either way. Based on the spec, we should fir
fgalligan1 2012/07/13 21:40:41 Added a TODO to fire a need_key event here.
148 DVLOG(1) << "Could not find a matching key for given key ID."; 226 DVLOG(1) << "Could not find a matching key for given key ID.";
149 return NULL; 227 return NULL;
150 } 228 }
151 key = found->second; 229 key = found->second;
152 } 230 }
153 231
154 scoped_refptr<DecoderBuffer> decrypted = DecryptData(*encrypted, key); 232 int checksum_size = encrypted->GetDecryptConfig()->checksum_size();
233 if (!key->initialized()) {
234 if (!key->Init(checksum_size > 0)) {
ddorwin 2012/07/13 00:48:00 As mentioned in a reply, I don't think this should
fgalligan1 2012/07/13 21:40:41 Done.
235 base::AutoLock auto_lock(key_map_lock_);
236 KeyMap::iterator found = key_map_.find(key_id_string);
237 if (found != key_map_.end()) {
238 delete found->second;
239 key_map_.erase(found);
240 }
241 DVLOG(1) << "Could not initialize decryption key.";
242 // TODO(fgalligan): Should this throw a decryptor error here?
243 return NULL;
244 }
245 }
155 246
247 // According to the WebM encrypted specification, if an encrypted frame fails
248 // the integrity check the media system should drop that encrypted frame and
249 // continue with the next frame.
ddorwin 2012/07/13 00:48:00 Hmm. What is the reason for that? Dealing with net
fgalligan1 2012/07/13 21:40:41 This was requested by one of the security guys, bu
250 // http://wiki.webmproject.org/encryption/webm-encryption-rfc
251 if (checksum_size > 0 && !CheckData(*encrypted, key->hmac_key())) {
252 DVLOG(1) << "Integrity check failed.";
253 return NULL;
254 }
255
256 scoped_refptr<DecoderBuffer> decrypted =
257 DecryptData(*encrypted,
258 key->decryption_key(),
259 encrypted->GetDecryptConfig()->encrypted_frame_offset());
156 if (decrypted) { 260 if (decrypted) {
157 decrypted->SetTimestamp(encrypted->GetTimestamp()); 261 decrypted->SetTimestamp(encrypted->GetTimestamp());
158 decrypted->SetDuration(encrypted->GetDuration()); 262 decrypted->SetDuration(encrypted->GetDuration());
159 } 263 }
160 264
161 return decrypted; 265 return decrypted;
162 } 266 }
163 267
268 AesDecryptor::DecryptionKey::DecryptionKey(
269 const std::string& secret)
270 : initialized_(false),
271 secret_(secret) {
272 }
273
274 AesDecryptor::DecryptionKey::~DecryptionKey() {}
275
276 bool AesDecryptor::DecryptionKey::Init(bool derive_hmac) {
ddorwin 2012/07/13 00:48:00 derive_webm_keys It's not really deriving an hmac
fgalligan1 2012/07/13 21:40:41 Right, I was just trying to keep webm name out of
277 CHECK(!initialized_);
278 CHECK(!secret_.empty());
279
280 if (!derive_hmac) {
ddorwin 2012/07/13 00:48:00 nit: Prefer positive logic when there is an if-els
fgalligan1 2012/07/13 21:40:41 Done.
281 decryption_key_.reset(
282 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, secret_));
283 if (!decryption_key_.get()) {
284 return false;
285 }
286 } else {
287 std::string raw_key = DeriveKey(secret_,
288 kWebmEncryptionSeed,
289 secret_.length());
290 if (raw_key.empty()) {
291 return false;
292 }
293 decryption_key_.reset(
294 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key));
295 if (!decryption_key_.get()) {
296 return false;
297 }
298
299 hmac_key_ = DeriveKey(secret_, kWebmHmacSeed, kWebmSha1DigestSize);
300 if (hmac_key_.empty()) {
301 return false;
302 }
303 }
304
305 initialized_ = true;
306 return true;
307 }
308
164 } // namespace media 309 } // namespace media
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698