Chromium Code Reviews Chromium Code Reviews
Issue 10535029:
Add support for encrypted WebM files as defined in the RFC. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "media/crypto/aes_decryptor.h" | 5 #include "media/crypto/aes_decryptor.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/stl_util.h" | 8 #include "base/stl_util.h" |
| 9 #include "base/string_piece.h" | 9 #include "base/string_piece.h" |
| 10 #include "crypto/encryptor.h" | 10 #include "crypto/encryptor.h" |
| 11 #include "crypto/hmac.h" | |
| 11 #include "crypto/symmetric_key.h" | 12 #include "crypto/symmetric_key.h" |
| 12 #include "media/base/decoder_buffer.h" | |
| 13 #include "media/base/decrypt_config.h" | 13 #include "media/base/decrypt_config.h" |
| 14 | 14 |
| 15 namespace media { | 15 namespace media { |
| 16 | 16 |
| 17 // TODO(xhwang): Get real IV from frames. | 17 // Derives a key from an HAMC using SHA1. |secret| is the base secret to derive |
|
Tom Finegan
2012/06/15 15:09:08
s/HAMC/HMAC
fgalligan1
2012/07/03 22:00:15
Done.
| |
| 18 static const char kInitialCounter[] = "0000000000000000"; | 18 // the key from. |seed| is the knwon input to the HMAC. |key_size| is how many |
|
Tom Finegan
2012/06/15 15:09:08
s/knwon/known
fgalligan1
2012/07/03 22:00:15
Done.
| |
| 19 // bytes are returned in the key. Returns a string containing the key on | |
| 20 // success. Returns an empty string on failure. | |
| 21 static std::string DeriveKey(const std::string& secret, | |
| 22 const std::string& seed, | |
| 23 int key_size) { | |
| 24 CHECK(!secret.empty()); | |
| 25 CHECK(!seed.empty()); | |
| 26 CHECK_GT(key_size, 0); | |
| 19 | 27 |
| 20 // Decrypt |input| using |key|. | 28 std::string key; |
| 29 crypto::HMAC hmac(crypto::HMAC::SHA1); | |
| 30 if (!hmac.Init(reinterpret_cast<const uint8*>(secret.data()), | |
| 31 secret.size())) { | |
| 32 DVLOG(1) << "Could not initialize HMAC with secret data."; | |
| 33 return key; | |
| 34 } | |
| 35 | |
| 36 uint8 calculated_hmac[HmacAesDecryptor::kSha1DigestSize]; | |
| 37 if (!hmac.Sign(seed, calculated_hmac, HmacAesDecryptor::kSha1DigestSize)) { | |
| 38 DVLOG(1) << "Could not calculate HMAC."; | |
| 39 return key; | |
| 40 } | |
| 41 key.assign(reinterpret_cast<const char*>(calculated_hmac), key_size); | |
| 42 return key; | |
| 43 } | |
| 44 | |
| 45 // Integrity check of |input|'s data. Checks that the first | |
| 46 // |kWebMIntegrityCheckSize| in bytes of |ipunt| matches the rest of the data | |
|
Tom Finegan
2012/06/15 15:09:08
s/ipunt/input
fgalligan1
2012/07/03 22:00:15
Done.
| |
| 47 // in |input|. The check is using the SHA1 algorithm. |hmac_key| is the key of | |
| 48 // the HMAC algorithm. Returns true if the integrity check passes. | |
| 49 static bool CheckData(const DecoderBuffer& input, | |
| 50 const std::string& hmac_key) { | |
| 51 CHECK(input.GetDataSize()); | |
| 52 CHECK(input.GetDecryptConfig()); | |
| 53 CHECK(!hmac_key.empty()); | |
| 54 | |
| 55 crypto::HMAC hmac(crypto::HMAC::SHA1); | |
| 56 if (!hmac.Init(reinterpret_cast<const uint8*>(hmac_key.data()), | |
| 57 hmac_key.size())) { | |
| 58 DVLOG(1) << "Could not initialize HMAC."; | |
| 59 return false; | |
| 60 } | |
| 61 | |
| 62 // The HMAC covers the IV and the frame data. | |
| 63 base::StringPiece data_to_check( | |
| 64 reinterpret_cast<const char*>(input.GetData()), input.GetDataSize()); | |
| 65 | |
| 66 uint8 calculated_hmac[HmacAesDecryptor::kSha1DigestSize]; | |
| 67 if (!hmac.Sign(data_to_check, | |
| 68 calculated_hmac, | |
| 69 HmacAesDecryptor::kSha1DigestSize)) { | |
| 70 DVLOG(1) << "Could not calculate HMAC."; | |
| 71 return false; | |
| 72 } | |
| 73 | |
| 74 if (memcmp(input.GetDecryptConfig()->data_to_verify(), | |
| 75 calculated_hmac, | |
| 76 input.GetDecryptConfig()->data_to_verify_size()) != 0) { | |
| 77 DVLOG(1) << "Integrity check failure."; | |
| 78 return false; | |
| 79 } | |
| 80 return true; | |
| 81 } | |
| 82 | |
| 83 // Generates a 16 byte CTR counter block. The format is | |
| 84 // | iv | block counter |. |iv| is a CTR IV. |iv_size| is the size | |
| 85 // of |iv| in bytes. Returns counter block on success. Returns empty string | |
| 86 // on failure. | |
| 87 static std::string GenerateCounterBlock(const uint8* iv, int iv_size) { | |
| 88 std::string counter_block; | |
| 89 if (iv_size <= 0 || iv_size > HmacAesDecryptor::kKeySize) | |
| 90 return counter_block; | |
| 91 | |
| 92 char counter_block_data[HmacAesDecryptor::kKeySize]; | |
| 93 | |
| 94 // Set the IV. | |
| 95 memcpy(counter_block_data, iv, iv_size); | |
| 96 | |
| 97 // Set block counter to all 0's. | |
| 98 memset(counter_block_data + iv_size, | |
| 99 0, | |
| 100 HmacAesDecryptor::kKeySize - iv_size); | |
| 101 | |
| 102 counter_block.assign(counter_block_data, HmacAesDecryptor::kKeySize); | |
| 103 return counter_block; | |
| 104 } | |
| 105 | |
| 106 // Decrypt |input| using |key|. |offset| is the number of bytes into |input| | |
| 107 // the encrypted data is. | |
| 21 // Return a DecoderBuffer with the decrypted data if decryption succeeded. | 108 // Return a DecoderBuffer with the decrypted data if decryption succeeded. |
| 22 // Return NULL if decryption failed. | 109 // Return NULL if decryption failed. |
| 23 static scoped_refptr<DecoderBuffer> DecryptData(const DecoderBuffer& input, | 110 static scoped_refptr<DecoderBuffer> DecryptData(const DecoderBuffer& input, |
| 24 crypto::SymmetricKey* key) { | 111 crypto::SymmetricKey* key, |
| 112 int offset) { | |
| 25 CHECK(input.GetDataSize()); | 113 CHECK(input.GetDataSize()); |
| 114 CHECK(input.GetDecryptConfig()); | |
| 26 CHECK(key); | 115 CHECK(key); |
| 27 | 116 |
| 28 // Initialize encryption data. | 117 // Initialize encryption data. |
| 29 // The IV must be exactly as long as the cipher block size. | |
| 30 crypto::Encryptor encryptor; | 118 crypto::Encryptor encryptor; |
| 31 if (!encryptor.Init(key, crypto::Encryptor::CBC, kInitialCounter)) { | 119 if (!encryptor.Init(key, crypto::Encryptor::CTR, "")) { |
| 32 DVLOG(1) << "Could not initialize encryptor."; | 120 DVLOG(1) << "Could not initialize encryptor."; |
| 33 return NULL; | 121 return NULL; |
| 34 } | 122 } |
| 35 | 123 |
| 124 // Set the counter block. | |
| 125 std::string counter_block = | |
| 126 GenerateCounterBlock(input.GetDecryptConfig()->iv(), | |
| 127 input.GetDecryptConfig()->iv_size()); | |
| 128 if (counter_block.empty()) { | |
| 129 DVLOG(1) << "Could not generate counter block."; | |
| 130 return NULL; | |
| 131 } | |
| 132 if (!encryptor.SetCounter(counter_block)) { | |
| 133 DVLOG(1) << "Could not set counter block."; | |
| 134 return NULL; | |
| 135 } | |
| 136 | |
| 36 std::string decrypted_text; | 137 std::string decrypted_text; |
| 37 base::StringPiece encrypted_text( | 138 const char* frame = reinterpret_cast<const char*>(input.GetData() + offset); |
| 38 reinterpret_cast<const char*>(input.GetData()), | 139 int frame_size = input.GetDataSize() - offset; |
| 39 input.GetDataSize()); | 140 base::StringPiece encrypted_text(frame, frame_size); |
| 40 if (!encryptor.Decrypt(encrypted_text, &decrypted_text)) { | 141 if (!encryptor.Decrypt(encrypted_text, &decrypted_text)) { |
| 41 DVLOG(1) << "Could not decrypt data."; | 142 DVLOG(1) << "Could not decrypt data."; |
| 42 return NULL; | 143 return NULL; |
| 43 } | 144 } |
| 44 | 145 |
| 45 // TODO(xhwang): Find a way to avoid this data copy. | 146 // TODO(xhwang): Find a way to avoid this data copy. |
| 46 return DecoderBuffer::CopyFrom( | 147 return DecoderBuffer::CopyFrom( |
| 47 reinterpret_cast<const uint8*>(decrypted_text.data()), | 148 reinterpret_cast<const uint8*>(decrypted_text.data()), |
| 48 decrypted_text.size()); | 149 decrypted_text.size()); |
| 49 } | 150 } |
| 50 | 151 |
| 51 AesDecryptor::AesDecryptor() {} | 152 const char HmacAesDecryptor::kHmacSeed[] = "hmac-key"; |
| 153 const char HmacAesDecryptor::kEncryptionSeed[] = "encryption-key"; | |
| 52 | 154 |
| 53 AesDecryptor::~AesDecryptor() { | 155 HmacAesDecryptor::HmacAesDecryptor() {} |
| 54 STLDeleteValues(&key_map_); | 156 |
| 157 HmacAesDecryptor::~HmacAesDecryptor() { | |
| 158 STLDeleteValues(&keys_map_); | |
| 55 } | 159 } |
| 56 | 160 |
| 57 void AesDecryptor::AddKey(const uint8* key_id, int key_id_size, | 161 void HmacAesDecryptor::AddKey(const uint8* key_id, int key_id_size, |
| 58 const uint8* key, int key_size) { | 162 const uint8* key, int key_size) { |
| 59 CHECK(key_id && key); | 163 CHECK(key_id && key); |
| 60 CHECK_GT(key_id_size, 0); | 164 CHECK_GT(key_id_size, 0); |
| 61 CHECK_GT(key_size, 0); | 165 CHECK_GT(key_size, 0); |
| 62 | 166 |
| 63 std::string key_id_string(reinterpret_cast<const char*>(key_id), key_id_size); | 167 std::string key_id_string(reinterpret_cast<const char*>(key_id), key_id_size); |
| 64 std::string key_string(reinterpret_cast<const char*>(key) , key_size); | 168 std::string key_string(reinterpret_cast<const char*>(key) , key_size); |
| 65 | 169 |
| 66 crypto::SymmetricKey* symmetric_key = crypto::SymmetricKey::Import( | 170 HmacEncryptionKeys* keys = new HmacEncryptionKeys(key_string); |
| 67 crypto::SymmetricKey::AES, key_string); | 171 if (!keys) { |
| 68 if (!symmetric_key) { | 172 DVLOG(1) << "Could not create keys."; |
| 69 DVLOG(1) << "Could not import key."; | 173 return; |
| 174 } | |
| 175 if (!keys->Init()) { | |
| 176 delete keys; | |
| 177 DVLOG(1) << "Could not create keys."; | |
| 70 return; | 178 return; |
| 71 } | 179 } |
| 72 | 180 |
| 73 base::AutoLock auto_lock(lock_); | 181 base::AutoLock auto_lock(lock_); |
| 74 KeyMap::iterator found = key_map_.find(key_id_string); | 182 KeysMap::iterator found = keys_map_.find(key_id_string); |
| 75 if (found != key_map_.end()) { | 183 if (found != keys_map_.end()) { |
| 76 delete found->second; | 184 delete found->second; |
| 77 key_map_.erase(found); | 185 keys_map_.erase(found); |
| 78 } | 186 } |
| 79 key_map_[key_id_string] = symmetric_key; | 187 keys_map_[key_id_string] = keys; |
| 80 } | 188 } |
| 81 | 189 |
| 82 scoped_refptr<DecoderBuffer> AesDecryptor::Decrypt( | 190 scoped_refptr<DecoderBuffer> HmacAesDecryptor::Decrypt( |
| 83 const scoped_refptr<DecoderBuffer>& encrypted) { | 191 const scoped_refptr<DecoderBuffer>& encrypted) { |
| 84 CHECK(encrypted->GetDecryptConfig()); | 192 CHECK(encrypted->GetDecryptConfig()); |
| 85 const uint8* key_id = encrypted->GetDecryptConfig()->key_id(); | 193 const uint8* key_id = encrypted->GetDecryptConfig()->key_id(); |
| 86 const int key_id_size = encrypted->GetDecryptConfig()->key_id_size(); | 194 const int key_id_size = encrypted->GetDecryptConfig()->key_id_size(); |
| 87 | 195 |
| 88 // TODO(xhwang): Avoid always constructing a string with StringPiece? | 196 // TODO(xhwang): Avoid always constructing a string with StringPiece? |
| 89 std::string key_id_string(reinterpret_cast<const char*>(key_id), key_id_size); | 197 std::string key_id_string(reinterpret_cast<const char*>(key_id), key_id_size); |
| 90 | 198 |
| 91 crypto::SymmetricKey* key = NULL; | 199 HmacEncryptionKeys* keys = NULL; |
| 92 { | 200 { |
| 93 base::AutoLock auto_lock(lock_); | 201 base::AutoLock auto_lock(lock_); |
| 94 KeyMap::const_iterator found = key_map_.find(key_id_string); | 202 KeysMap::const_iterator found = keys_map_.find(key_id_string); |
| 95 if (found == key_map_.end()) { | 203 if (found == keys_map_.end()) { |
| 96 DVLOG(1) << "Could not find a matching key for given key ID."; | 204 DVLOG(1) << "Could not find a matching key for given key ID."; |
| 97 return NULL; | 205 return NULL; |
| 98 } | 206 } |
| 99 key = found->second; | 207 keys = found->second; |
| 100 } | 208 } |
| 101 | 209 |
| 102 scoped_refptr<DecoderBuffer> decrypted = DecryptData(*encrypted, key); | 210 int verify_size = encrypted->GetDecryptConfig()->data_to_verify_size(); |
| 211 if (verify_size > 0 && !CheckData(*encrypted, keys->hmac_key())) { | |
| 212 DVLOG(1) << "Integrity check failed."; | |
| 213 return NULL; | |
| 214 } | |
| 103 | 215 |
| 216 scoped_refptr<DecoderBuffer> decrypted = | |
| 217 DecryptData(*encrypted, | |
| 218 keys->encryption_key(), | |
| 219 encrypted->GetDecryptConfig()->offset_to_data()); | |
| 104 if (decrypted) { | 220 if (decrypted) { |
| 105 decrypted->SetTimestamp(encrypted->GetTimestamp()); | 221 decrypted->SetTimestamp(encrypted->GetTimestamp()); |
| 106 decrypted->SetDuration(encrypted->GetDuration()); | 222 decrypted->SetDuration(encrypted->GetDuration()); |
| 107 } | 223 } |
| 108 | 224 |
| 109 return decrypted; | 225 return decrypted; |
| 110 } | 226 } |
| 111 | 227 |
| 228 HmacAesDecryptor::HmacEncryptionKeys::HmacEncryptionKeys( | |
| 229 const std::string& secret) | |
| 230 : secret_(secret) { | |
| 231 } | |
| 232 | |
| 233 HmacAesDecryptor::HmacEncryptionKeys::~HmacEncryptionKeys() {} | |
| 234 | |
| 235 bool HmacAesDecryptor::HmacEncryptionKeys::Init() { | |
| 236 CHECK(!secret_.empty()); | |
| 237 | |
| 238 std::string raw_key = DeriveKey(secret_, | |
| 239 kEncryptionSeed, | |
| 240 secret_.length()); | |
| 241 if (raw_key.empty()) { | |
| 242 DVLOG(1) << "Could not create encryption key."; | |
| 243 return false; | |
| 244 } | |
| 245 encryption_key_.reset(crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, | |
| 246 raw_key)); | |
| 247 if (!encryption_key_.get()) { | |
| 248 DVLOG(1) << "Could not create encryption key."; | |
| 249 return false; | |
| 250 } | |
| 251 | |
| 252 hmac_key_ = DeriveKey(secret_, kHmacSeed, kSha1DigestSize); | |
| 253 if (hmac_key_.empty()) { | |
| 254 DVLOG(1) << "Could not create HMAC key."; | |
| 255 return false; | |
| 256 } | |
| 257 return true; | |
| 258 } | |
| 259 | |
| 112 } // namespace media | 260 } // namespace media |
| OLD | NEW |
