Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(85)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: media/crypto/aes_decryptor.h

Issue 10535029: Add support for encrypted WebM files as defined in the RFC. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Addressing comments from Patch Set 13. Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« media/base/decrypt_config.h ('K') | « media/base/decrypt_config.cc ('k') | media/crypto/aes_decryptor.cc » ('j') | media/filters/ffmpeg_video_decoder_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef MEDIA_CRYPTO_AES_DECRYPTOR_H_ 5 #ifndef MEDIA_CRYPTO_AES_DECRYPTOR_H_
6 #define MEDIA_CRYPTO_AES_DECRYPTOR_H_ 6 #define MEDIA_CRYPTO_AES_DECRYPTOR_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
11 #include "base/hash_tables.h" 11 #include "base/hash_tables.h"
12 #include "base/memory/ref_counted.h" 12 #include "base/memory/ref_counted.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/string_piece.h"
13 #include "base/synchronization/lock.h" 15 #include "base/synchronization/lock.h"
14 #include "media/base/decryptor.h" 16 #include "media/base/decryptor.h"
15 #include "media/base/media_export.h" 17 #include "media/base/media_export.h"
16 18
17 namespace crypto { 19 namespace crypto {
18 class SymmetricKey; 20 class SymmetricKey;
19 } 21 }
20 22
21 namespace media { 23 namespace media {
22 24
23 class DecryptorClient; 25 class DecryptorClient;
24 26
25 // Decryptor implementation that decrypts AES-encrypted buffer. 27 // Decrypts an AES encrypted buffer into an unencrypted buffer. The AES
28 // encryption must be CTR with a key size of 128bits. Optionally checks the
29 // integrity of the encrypted data.
26 class MEDIA_EXPORT AesDecryptor : public Decryptor { 30 class MEDIA_EXPORT AesDecryptor : public Decryptor {
27 public: 31 public:
28 // The AesDecryptor does not take ownership of the |client|. The |client| 32 // The AesDecryptor does not take ownership of the |client|. The |client|
29 // must be valid throughout the lifetime of the AesDecryptor. 33 // must be valid throughout the lifetime of the AesDecryptor.
30 explicit AesDecryptor(DecryptorClient* client); 34 explicit AesDecryptor(DecryptorClient* client);
31 virtual ~AesDecryptor(); 35 virtual ~AesDecryptor();
32 36
33 // Decryptor implementation. 37 // Decryptor implementation.
34 virtual void GenerateKeyRequest(const std::string& key_system, 38 virtual void GenerateKeyRequest(const std::string& key_system,
35 const uint8* init_data, 39 const uint8* init_data,
36 int init_data_length) OVERRIDE; 40 int init_data_length) OVERRIDE;
37 virtual void AddKey(const std::string& key_system, 41 virtual void AddKey(const std::string& key_system,
38 const uint8* key, 42 const uint8* key,
39 int key_length, 43 int key_length,
40 const uint8* init_data, 44 const uint8* init_data,
41 int init_data_length, 45 int init_data_length,
42 const std::string& session_id) OVERRIDE; 46 const std::string& session_id) OVERRIDE;
43 virtual void CancelKeyRequest(const std::string& key_system, 47 virtual void CancelKeyRequest(const std::string& key_system,
44 const std::string& session_id) OVERRIDE; 48 const std::string& session_id) OVERRIDE;
49
50 // Decrypts |input| buffer. |input| should not be NULL. |input| will signal
51 // if an integrity check must be performed before decryption. Return a
52 // DecoderBuffer with the decrypted data if the decryption succeeded. Return
53 // NULL if the integrity check or decryption failed.
45 virtual scoped_refptr<DecoderBuffer> Decrypt( 54 virtual scoped_refptr<DecoderBuffer> Decrypt(
46 const scoped_refptr<DecoderBuffer>& input) OVERRIDE; 55 const scoped_refptr<DecoderBuffer>& input) OVERRIDE;
47 56
48 private: 57 private:
49 // KeyMap owns the crypto::SymmetricKey* and must delete them when they are 58 // Helper class that manages the decryption key and HMAC key. The HMAC key
59 // may be NULL.
60 class DecryptionKey {
61 public:
62 explicit DecryptionKey(const std::string& secret);
63 ~DecryptionKey();
64
65 // Creates the encryption key and HMAC. If |derive_webm_keys| is true then
66 // the object will derive the decryption key and the HMAC key from
67 // |secret_|.
68 bool Init(bool derive_webm_keys);
69
70 crypto::SymmetricKey* decryption_key() { return decryption_key_.get(); }
71 base::StringPiece hmac_key() { return base::StringPiece(hmac_key_); }
72
73 private:
74 // The base secret that is used to derive the decryption key and optionally
75 // the HMAC key.
76 const std::string secret_;
77
78 // The key used to decrypt the data.
79 scoped_ptr<crypto::SymmetricKey> decryption_key_;
80
81 // The key used to perform the integrity check. Currently the HMAC key is
82 // defined by the WebM encrypted specification. Current encrypted WebM
83 // request for comments specification is here
84 // http://wiki.webmproject.org/encryption/webm-encryption-rfc
85 std::string hmac_key_;
86
87 DISALLOW_COPY_AND_ASSIGN(DecryptionKey);
88 };
89
90 // KeyMap owns the DecryptionKey* and must delete them when they are
50 // not needed any more. 91 // not needed any more.
51 typedef base::hash_map<std::string, crypto::SymmetricKey*> KeyMap; 92 typedef base::hash_map<std::string, DecryptionKey*> KeyMap;
52 93
53 // Since only Decrypt() is called off the renderer thread, we only need to 94 // Since only Decrypt() is called off the renderer thread, we only need to
54 // protect |key_map_|, the only member variable that is shared between 95 // protect |key_map_|, the only member variable that is shared between
55 // Decrypt() and other methods. 96 // Decrypt() and other methods.
56 KeyMap key_map_; // Protected by the |key_map_lock_|. 97 KeyMap key_map_; // Protected by the |key_map_lock_|.
57 base::Lock key_map_lock_; // Protects the |key_map_|. 98 base::Lock key_map_lock_; // Protects the |key_map_|.
58 99
59 // Make session ID unique per renderer by making it static. 100 // Make session ID unique per renderer by making it static.
60 // TODO(xhwang): Make session ID more strictly defined if needed: 101 // TODO(xhwang): Make session ID more strictly defined if needed:
61 // https://www.w3.org/Bugs/Public/show_bug.cgi?id=16739#c0 102 // https://www.w3.org/Bugs/Public/show_bug.cgi?id=16739#c0
62 static uint32 next_session_id_; 103 static uint32 next_session_id_;
63 104
64 DecryptorClient* const client_; 105 DecryptorClient* const client_;
65 106
66 DISALLOW_COPY_AND_ASSIGN(AesDecryptor); 107 DISALLOW_COPY_AND_ASSIGN(AesDecryptor);
67 }; 108 };
68 109
69 } // namespace media 110 } // namespace media
70 111
71 #endif // MEDIA_CRYPTO_AES_DECRYPTOR_H_ 112 #endif // MEDIA_CRYPTO_AES_DECRYPTOR_H_
OLDNEW
« media/base/decrypt_config.h ('K') | « media/base/decrypt_config.cc ('k') | media/crypto/aes_decryptor.cc » ('j') | media/filters/ffmpeg_video_decoder_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698