OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef MEDIA_CRYPTO_AES_DECRYPTOR_H_ | 5 #ifndef MEDIA_CRYPTO_AES_DECRYPTOR_H_ |
6 #define MEDIA_CRYPTO_AES_DECRYPTOR_H_ | 6 #define MEDIA_CRYPTO_AES_DECRYPTOR_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
11 #include "base/hash_tables.h" | 11 #include "base/hash_tables.h" |
12 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
13 #include "base/memory/scoped_ptr.h" | |
14 #include "base/string_piece.h" | |
13 #include "base/synchronization/lock.h" | 15 #include "base/synchronization/lock.h" |
14 #include "media/base/decryptor.h" | 16 #include "media/base/decryptor.h" |
15 #include "media/base/media_export.h" | 17 #include "media/base/media_export.h" |
16 | 18 |
17 namespace crypto { | 19 namespace crypto { |
18 class SymmetricKey; | 20 class SymmetricKey; |
19 } | 21 } |
20 | 22 |
21 namespace media { | 23 namespace media { |
22 | 24 |
23 class DecryptorClient; | 25 class DecryptorClient; |
24 | 26 |
25 // Decryptor implementation that decrypts AES-encrypted buffer. | 27 // Decrypts an AES encrypted buffer into an unencrypted buffer. The AES |
28 // encryption must be CTR with a key size of 128bits. Optionally checks the | |
29 // integrity of the encrypted data. | |
26 class MEDIA_EXPORT AesDecryptor : public Decryptor { | 30 class MEDIA_EXPORT AesDecryptor : public Decryptor { |
27 public: | 31 public: |
28 // The AesDecryptor does not take ownership of the |client|. The |client| | 32 // The AesDecryptor does not take ownership of the |client|. The |client| |
29 // must be valid throughout the lifetime of the AesDecryptor. | 33 // must be valid throughout the lifetime of the AesDecryptor. |
30 explicit AesDecryptor(DecryptorClient* client); | 34 explicit AesDecryptor(DecryptorClient* client); |
31 virtual ~AesDecryptor(); | 35 virtual ~AesDecryptor(); |
32 | 36 |
33 // Decryptor implementation. | 37 // Decryptor implementation. |
34 virtual void GenerateKeyRequest(const std::string& key_system, | 38 virtual void GenerateKeyRequest(const std::string& key_system, |
35 const uint8* init_data, | 39 const uint8* init_data, |
36 int init_data_length) OVERRIDE; | 40 int init_data_length) OVERRIDE; |
37 virtual void AddKey(const std::string& key_system, | 41 virtual void AddKey(const std::string& key_system, |
38 const uint8* key, | 42 const uint8* key, |
39 int key_length, | 43 int key_length, |
40 const uint8* init_data, | 44 const uint8* init_data, |
41 int init_data_length, | 45 int init_data_length, |
42 const std::string& session_id) OVERRIDE; | 46 const std::string& session_id) OVERRIDE; |
43 virtual void CancelKeyRequest(const std::string& key_system, | 47 virtual void CancelKeyRequest(const std::string& key_system, |
44 const std::string& session_id) OVERRIDE; | 48 const std::string& session_id) OVERRIDE; |
49 | |
50 // Decrypts |input| buffer. |input| should not be NULL. |input| will signal | |
51 // if an integrity check must be performed before decryption. Return a | |
52 // DecoderBuffer with the decrypted data if the decryption succeeded. Return | |
53 // NULL if the integrity check or decryption failed. | |
45 virtual scoped_refptr<DecoderBuffer> Decrypt( | 54 virtual scoped_refptr<DecoderBuffer> Decrypt( |
46 const scoped_refptr<DecoderBuffer>& input) OVERRIDE; | 55 const scoped_refptr<DecoderBuffer>& input) OVERRIDE; |
47 | 56 |
48 private: | 57 private: |
49 // KeyMap owns the crypto::SymmetricKey* and must delete them when they are | 58 // Helper class that manages the decryption key and HMAC key. The HMAC key |
59 // may be NULL. | |
60 class DecryptionKey { | |
61 public: | |
62 explicit DecryptionKey(const std::string& secret); | |
63 ~DecryptionKey(); | |
64 | |
65 // Creates the HMAC and encryption key. | |
66 bool Init(bool derive_hmac); | |
67 | |
68 bool initialized() { return initialized_; } | |
ddorwin
2012/07/13 00:48:00
is_initialized for both.
fgalligan1
2012/07/13 21:40:41
Done.
| |
69 base::StringPiece hmac_key() { return base::StringPiece(hmac_key_); } | |
ddorwin
2012/07/13 00:48:00
nit: swap with below since it is common. swap the
fgalligan1
2012/07/13 21:40:41
Done.
| |
70 crypto::SymmetricKey* decryption_key() { return decryption_key_.get(); } | |
71 | |
72 private: | |
73 // Flag telling if the object was initialized. | |
ddorwin
2012/07/13 00:48:00
unnecessary
fgalligan1
2012/07/13 21:40:41
Done.
| |
74 bool initialized_; | |
75 | |
76 // The base secret that is used to derive the decryption key and optionally | |
77 // the HMAC key. | |
78 const std::string secret_; | |
79 | |
80 // The key used to perform the integrity check. Currently the HMAC key is | |
81 // defined by the WebM encrypted specification. Current encrypted WebM | |
82 // request for comments specification is here | |
83 // http://wiki.webmproject.org/encryption/webm-encryption-rfc | |
84 std::string hmac_key_; | |
85 | |
86 // The key used to decrypt the data. | |
87 scoped_ptr<crypto::SymmetricKey> decryption_key_; | |
88 | |
89 DISALLOW_COPY_AND_ASSIGN(DecryptionKey); | |
90 }; | |
91 | |
92 // KeyMap owns the DecryptionKey* and must delete them when they are | |
50 // not needed any more. | 93 // not needed any more. |
51 typedef base::hash_map<std::string, crypto::SymmetricKey*> KeyMap; | 94 typedef base::hash_map<std::string, DecryptionKey*> KeyMap; |
52 | 95 |
53 // Since only Decrypt() is called off the renderer thread, we only need to | 96 // Since only Decrypt() is called off the renderer thread, we only need to |
54 // protect |key_map_|, the only member variable that is shared between | 97 // protect |key_map_|, the only member variable that is shared between |
55 // Decrypt() and other methods. | 98 // Decrypt() and other methods. |
56 KeyMap key_map_; // Protected by the |key_map_lock_|. | 99 KeyMap key_map_; // Protected by the |key_map_lock_|. |
57 base::Lock key_map_lock_; // Protects the |key_map_|. | 100 base::Lock key_map_lock_; // Protects the |key_map_|. |
58 | 101 |
59 // Make session ID unique per renderer by making it static. | 102 // Make session ID unique per renderer by making it static. |
60 // TODO(xhwang): Make session ID more strictly defined if needed: | 103 // TODO(xhwang): Make session ID more strictly defined if needed: |
61 // https://www.w3.org/Bugs/Public/show_bug.cgi?id=16739#c0 | 104 // https://www.w3.org/Bugs/Public/show_bug.cgi?id=16739#c0 |
62 static uint32 next_session_id_; | 105 static uint32 next_session_id_; |
63 | 106 |
64 DecryptorClient* const client_; | 107 DecryptorClient* const client_; |
65 | 108 |
66 DISALLOW_COPY_AND_ASSIGN(AesDecryptor); | 109 DISALLOW_COPY_AND_ASSIGN(AesDecryptor); |
67 }; | 110 }; |
68 | 111 |
69 } // namespace media | 112 } // namespace media |
70 | 113 |
71 #endif // MEDIA_CRYPTO_AES_DECRYPTOR_H_ | 114 #endif // MEDIA_CRYPTO_AES_DECRYPTOR_H_ |
OLD | NEW |