Chromium Code Reviews Chromium Code Reviews
Issue 10535029:
Add support for encrypted WebM files as defined in the RFC. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| Index: media/crypto/aes_decryptor.cc |
| diff --git a/media/crypto/aes_decryptor.cc b/media/crypto/aes_decryptor.cc |
| index cbb75b37bd33457f74b9f540d652ae01bbd77c19..c70486ccf2d80c6dd0db6164a6135cc221e82c86 100644 |
| --- a/media/crypto/aes_decryptor.cc |
| +++ b/media/crypto/aes_decryptor.cc |
| @@ -8,35 +8,136 @@ |
| #include "base/stl_util.h" |
| #include "base/string_piece.h" |
| #include "crypto/encryptor.h" |
| +#include "crypto/hmac.h" |
| #include "crypto/symmetric_key.h" |
| -#include "media/base/decoder_buffer.h" |
| #include "media/base/decrypt_config.h" |
| namespace media { |
| -// TODO(xhwang): Get real IV from frames. |
| -static const char kInitialCounter[] = "0000000000000000"; |
| +// Derives a key from an HAMC using SHA1. |secret| is the base secret to derive |
|
Tom Finegan
2012/06/15 15:09:08
s/HAMC/HMAC
fgalligan1
2012/07/03 22:00:15
Done.
|
| +// the key from. |seed| is the knwon input to the HMAC. |key_size| is how many |
|
Tom Finegan
2012/06/15 15:09:08
s/knwon/known
fgalligan1
2012/07/03 22:00:15
Done.
|
| +// bytes are returned in the key. Returns a string containing the key on |
| +// success. Returns an empty string on failure. |
| +static std::string DeriveKey(const std::string& secret, |
| + const std::string& seed, |
| + int key_size) { |
| + CHECK(!secret.empty()); |
| + CHECK(!seed.empty()); |
| + CHECK_GT(key_size, 0); |
| + |
| + std::string key; |
| + crypto::HMAC hmac(crypto::HMAC::SHA1); |
| + if (!hmac.Init(reinterpret_cast<const uint8*>(secret.data()), |
| + secret.size())) { |
| + DVLOG(1) << "Could not initialize HMAC with secret data."; |
| + return key; |
| + } |
| + |
| + uint8 calculated_hmac[HmacAesDecryptor::kSha1DigestSize]; |
| + if (!hmac.Sign(seed, calculated_hmac, HmacAesDecryptor::kSha1DigestSize)) { |
| + DVLOG(1) << "Could not calculate HMAC."; |
| + return key; |
| + } |
| + key.assign(reinterpret_cast<const char*>(calculated_hmac), key_size); |
| + return key; |
| +} |
| + |
| +// Integrity check of |input|'s data. Checks that the first |
| +// |kWebMIntegrityCheckSize| in bytes of |ipunt| matches the rest of the data |
|
Tom Finegan
2012/06/15 15:09:08
s/ipunt/input
fgalligan1
2012/07/03 22:00:15
Done.
|
| +// in |input|. The check is using the SHA1 algorithm. |hmac_key| is the key of |
| +// the HMAC algorithm. Returns true if the integrity check passes. |
| +static bool CheckData(const DecoderBuffer& input, |
| + const std::string& hmac_key) { |
| + CHECK(input.GetDataSize()); |
| + CHECK(input.GetDecryptConfig()); |
| + CHECK(!hmac_key.empty()); |
| + |
| + crypto::HMAC hmac(crypto::HMAC::SHA1); |
| + if (!hmac.Init(reinterpret_cast<const uint8*>(hmac_key.data()), |
| + hmac_key.size())) { |
| + DVLOG(1) << "Could not initialize HMAC."; |
| + return false; |
| + } |
| + |
| + // The HMAC covers the IV and the frame data. |
| + base::StringPiece data_to_check( |
| + reinterpret_cast<const char*>(input.GetData()), input.GetDataSize()); |
| + |
| + uint8 calculated_hmac[HmacAesDecryptor::kSha1DigestSize]; |
| + if (!hmac.Sign(data_to_check, |
| + calculated_hmac, |
| + HmacAesDecryptor::kSha1DigestSize)) { |
| + DVLOG(1) << "Could not calculate HMAC."; |
| + return false; |
| + } |
| + |
| + if (memcmp(input.GetDecryptConfig()->data_to_verify(), |
| + calculated_hmac, |
| + input.GetDecryptConfig()->data_to_verify_size()) != 0) { |
| + DVLOG(1) << "Integrity check failure."; |
| + return false; |
| + } |
| + return true; |
| +} |
| + |
| +// Generates a 16 byte CTR counter block. The format is |
| +// | iv | block counter |. |iv| is a CTR IV. |iv_size| is the size |
| +// of |iv| in bytes. Returns counter block on success. Returns empty string |
| +// on failure. |
| +static std::string GenerateCounterBlock(const uint8* iv, int iv_size) { |
| + std::string counter_block; |
| + if (iv_size <= 0 || iv_size > HmacAesDecryptor::kKeySize) |
| + return counter_block; |
| + |
| + char counter_block_data[HmacAesDecryptor::kKeySize]; |
| + |
| + // Set the IV. |
| + memcpy(counter_block_data, iv, iv_size); |
| + |
| + // Set block counter to all 0's. |
| + memset(counter_block_data + iv_size, |
| + 0, |
| + HmacAesDecryptor::kKeySize - iv_size); |
| + |
| + counter_block.assign(counter_block_data, HmacAesDecryptor::kKeySize); |
| + return counter_block; |
| +} |
| -// Decrypt |input| using |key|. |
| +// Decrypt |input| using |key|. |offset| is the number of bytes into |input| |
| +// the encrypted data is. |
| // Return a DecoderBuffer with the decrypted data if decryption succeeded. |
| // Return NULL if decryption failed. |
| static scoped_refptr<DecoderBuffer> DecryptData(const DecoderBuffer& input, |
| - crypto::SymmetricKey* key) { |
| + crypto::SymmetricKey* key, |
| + int offset) { |
| CHECK(input.GetDataSize()); |
| + CHECK(input.GetDecryptConfig()); |
| CHECK(key); |
| // Initialize encryption data. |
| - // The IV must be exactly as long as the cipher block size. |
| crypto::Encryptor encryptor; |
| - if (!encryptor.Init(key, crypto::Encryptor::CBC, kInitialCounter)) { |
| + if (!encryptor.Init(key, crypto::Encryptor::CTR, "")) { |
| DVLOG(1) << "Could not initialize encryptor."; |
| return NULL; |
| } |
| + // Set the counter block. |
| + std::string counter_block = |
| + GenerateCounterBlock(input.GetDecryptConfig()->iv(), |
| + input.GetDecryptConfig()->iv_size()); |
| + if (counter_block.empty()) { |
| + DVLOG(1) << "Could not generate counter block."; |
| + return NULL; |
| + } |
| + if (!encryptor.SetCounter(counter_block)) { |
| + DVLOG(1) << "Could not set counter block."; |
| + return NULL; |
| + } |
| + |
| std::string decrypted_text; |
| - base::StringPiece encrypted_text( |
| - reinterpret_cast<const char*>(input.GetData()), |
| - input.GetDataSize()); |
| + const char* frame = reinterpret_cast<const char*>(input.GetData() + offset); |
| + int frame_size = input.GetDataSize() - offset; |
| + base::StringPiece encrypted_text(frame, frame_size); |
| if (!encryptor.Decrypt(encrypted_text, &decrypted_text)) { |
| DVLOG(1) << "Could not decrypt data."; |
| return NULL; |
| @@ -48,14 +149,17 @@ static scoped_refptr<DecoderBuffer> DecryptData(const DecoderBuffer& input, |
| decrypted_text.size()); |
| } |
| -AesDecryptor::AesDecryptor() {} |
| +const char HmacAesDecryptor::kHmacSeed[] = "hmac-key"; |
| +const char HmacAesDecryptor::kEncryptionSeed[] = "encryption-key"; |
| -AesDecryptor::~AesDecryptor() { |
| - STLDeleteValues(&key_map_); |
| +HmacAesDecryptor::HmacAesDecryptor() {} |
| + |
| +HmacAesDecryptor::~HmacAesDecryptor() { |
| + STLDeleteValues(&keys_map_); |
| } |
| -void AesDecryptor::AddKey(const uint8* key_id, int key_id_size, |
| - const uint8* key, int key_size) { |
| +void HmacAesDecryptor::AddKey(const uint8* key_id, int key_id_size, |
| + const uint8* key, int key_size) { |
| CHECK(key_id && key); |
| CHECK_GT(key_id_size, 0); |
| CHECK_GT(key_size, 0); |
| @@ -63,23 +167,27 @@ void AesDecryptor::AddKey(const uint8* key_id, int key_id_size, |
| std::string key_id_string(reinterpret_cast<const char*>(key_id), key_id_size); |
| std::string key_string(reinterpret_cast<const char*>(key) , key_size); |
| - crypto::SymmetricKey* symmetric_key = crypto::SymmetricKey::Import( |
| - crypto::SymmetricKey::AES, key_string); |
| - if (!symmetric_key) { |
| - DVLOG(1) << "Could not import key."; |
| + HmacEncryptionKeys* keys = new HmacEncryptionKeys(key_string); |
| + if (!keys) { |
| + DVLOG(1) << "Could not create keys."; |
| + return; |
| + } |
| + if (!keys->Init()) { |
| + delete keys; |
| + DVLOG(1) << "Could not create keys."; |
| return; |
| } |
| base::AutoLock auto_lock(lock_); |
| - KeyMap::iterator found = key_map_.find(key_id_string); |
| - if (found != key_map_.end()) { |
| + KeysMap::iterator found = keys_map_.find(key_id_string); |
| + if (found != keys_map_.end()) { |
| delete found->second; |
| - key_map_.erase(found); |
| + keys_map_.erase(found); |
| } |
| - key_map_[key_id_string] = symmetric_key; |
| + keys_map_[key_id_string] = keys; |
| } |
| -scoped_refptr<DecoderBuffer> AesDecryptor::Decrypt( |
| +scoped_refptr<DecoderBuffer> HmacAesDecryptor::Decrypt( |
| const scoped_refptr<DecoderBuffer>& encrypted) { |
| CHECK(encrypted->GetDecryptConfig()); |
| const uint8* key_id = encrypted->GetDecryptConfig()->key_id(); |
| @@ -88,19 +196,27 @@ scoped_refptr<DecoderBuffer> AesDecryptor::Decrypt( |
| // TODO(xhwang): Avoid always constructing a string with StringPiece? |
| std::string key_id_string(reinterpret_cast<const char*>(key_id), key_id_size); |
| - crypto::SymmetricKey* key = NULL; |
| + HmacEncryptionKeys* keys = NULL; |
| { |
| base::AutoLock auto_lock(lock_); |
| - KeyMap::const_iterator found = key_map_.find(key_id_string); |
| - if (found == key_map_.end()) { |
| + KeysMap::const_iterator found = keys_map_.find(key_id_string); |
| + if (found == keys_map_.end()) { |
| DVLOG(1) << "Could not find a matching key for given key ID."; |
| return NULL; |
| } |
| - key = found->second; |
| + keys = found->second; |
| } |
| - scoped_refptr<DecoderBuffer> decrypted = DecryptData(*encrypted, key); |
| + int verify_size = encrypted->GetDecryptConfig()->data_to_verify_size(); |
| + if (verify_size > 0 && !CheckData(*encrypted, keys->hmac_key())) { |
| + DVLOG(1) << "Integrity check failed."; |
| + return NULL; |
| + } |
| + scoped_refptr<DecoderBuffer> decrypted = |
| + DecryptData(*encrypted, |
| + keys->encryption_key(), |
| + encrypted->GetDecryptConfig()->offset_to_data()); |
| if (decrypted) { |
| decrypted->SetTimestamp(encrypted->GetTimestamp()); |
| decrypted->SetDuration(encrypted->GetDuration()); |
| @@ -109,4 +225,36 @@ scoped_refptr<DecoderBuffer> AesDecryptor::Decrypt( |
| return decrypted; |
| } |
| +HmacAesDecryptor::HmacEncryptionKeys::HmacEncryptionKeys( |
| + const std::string& secret) |
| + : secret_(secret) { |
| +} |
| + |
| +HmacAesDecryptor::HmacEncryptionKeys::~HmacEncryptionKeys() {} |
| + |
| +bool HmacAesDecryptor::HmacEncryptionKeys::Init() { |
| + CHECK(!secret_.empty()); |
| + |
| + std::string raw_key = DeriveKey(secret_, |
| + kEncryptionSeed, |
| + secret_.length()); |
| + if (raw_key.empty()) { |
| + DVLOG(1) << "Could not create encryption key."; |
| + return false; |
| + } |
| + encryption_key_.reset(crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, |
| + raw_key)); |
| + if (!encryption_key_.get()) { |
| + DVLOG(1) << "Could not create encryption key."; |
| + return false; |
| + } |
| + |
| + hmac_key_ = DeriveKey(secret_, kHmacSeed, kSha1DigestSize); |
| + if (hmac_key_.empty()) { |
| + DVLOG(1) << "Could not create HMAC key."; |
| + return false; |
| + } |
| + return true; |
| +} |
| + |
| } // namespace media |
