Add Common Encryption support to BMFF, including subsample decryption.

media/crypto/aes_decryptor.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "media/crypto/aes_decryptor.h"
 
 #include "base/logging.h"
 #include "base/stl_util.h"
 #include "base/string_number_conversions.h"
 #include "base/string_piece.h"
 #include "crypto/encryptor.h"
 #include "crypto/symmetric_key.h"
 #include "media/base/decoder_buffer.h"
 #include "media/base/decrypt_config.h"
 #include "media/base/decryptor_client.h"
 
 namespace media {
 
-// TODO(xhwang): Get real IV from frames.
-static const char kInitialCounter[] = "0000000000000000";
-
 uint32 AesDecryptor::next_session_id_ = 1;
 
 // Decrypt |input| using |key|.
 // Return a DecoderBuffer with the decrypted data if decryption succeeded.
 // Return NULL if decryption failed.
 static scoped_refptr<DecoderBuffer> DecryptData(const DecoderBuffer& input,
                                                 crypto::SymmetricKey* key) {
   CHECK(input.GetDataSize());
   CHECK(key);
 
+  base::StringPiece iv(
+      reinterpret_cast<const char*>(input.GetDecryptConfig()->iv()),
+      input.GetDecryptConfig()->iv_size());

[xhwang, 2012/06/27 19:37:43]

Life will be easier here if we use std::string for IV.

[strobe_, 2012/07/13 00:47:07]

Done.

+
   // Initialize encryption data.
   // The IV must be exactly as long as the cipher block size.
   crypto::Encryptor encryptor;
-  if (!encryptor.Init(key, crypto::Encryptor::CBC, kInitialCounter)) {
-    DVLOG(1) << "Could not initialize encryptor.";
-    return NULL;
+  if (input.GetDecryptConfig()->use_cbc()) {
+    if (!encryptor.Init(key, crypto::Encryptor::CBC, iv)) {
+      DVLOG(1) << "Could not initialize encryptor.";
+      return NULL;
+    }
+  } else {
+    if (!encryptor.Init(key, crypto::Encryptor::CTR, base::StringPiece()) ||
+        !encryptor.SetCounter(iv)) {
+      DVLOG(1) << "Could not initialize encryptor.";
+      return NULL;
+    }
   }
 
-  std::string decrypted_text;
-  base::StringPiece encrypted_text(
-      reinterpret_cast<const char*>(input.GetData()),
-      input.GetDataSize());
-  if (!encryptor.Decrypt(encrypted_text, &decrypted_text)) {
-    DVLOG(1) << "Could not decrypt data.";
-    return NULL;
+  if (!input.GetDecryptConfig()->subsamples().empty()) {
+    // XXX(strobe): factor out and test before final commit

[ddorwin, 2012/07/03 21:03:47]

XXX? TODO?

[strobe_, 2012/07/13 00:47:07]

Done.

+    const std::vector<SubsampleEntry> subsamples =

[ddorwin, 2012/07/03 21:03:47]

const ref instead of copying

[strobe_, 2012/07/13 00:47:07]

Done.

+        input.GetDecryptConfig()->subsamples();
+
+    int total_encrypted_subsample_size = 0;
+    for (size_t i = 0; i < subsamples.size(); i++)
+      total_encrypted_subsample_size += subsamples[i].cypher_bytes;
+
+    if (total_encrypted_subsample_size > input.GetDataSize()) {

[ddorwin, 2012/07/03 21:03:47]

Should we also check that enc plus unenc are == data size?
I guess that requires a second total_ value, but it prevents generation/use of
corrupted data, which is usually a good thing.
If this is checked below, maybe a comment about this is sufficient.
If so, is this check really necessary other than optimizing to return quickly in
an error case.

[strobe_, 2012/07/13 00:47:07]

Done.

+      DVLOG(1) << "Subsample encrypted size larger than input size";
+      return NULL;
+    }
+
+    // The encrypted portion of each subsample must form a contiguous block,

[ddorwin, 2012/07/03 21:03:47]

This line seems to discuss a single subsample rather than all subsamples.

s/each subsample/all subsamples/ ?
I'm not sure that's the best way to say it but at least it references all
subsamples.

[strobe_, 2012/07/13 00:47:07]

Done.

+    // such that an encrypted subsample that ends away from a block boundary is
+    // immediately followed by the start of the next encrypted subsample. We
+    // copy all encrypted subsamples to a contiguous buffer, decrypt them, then
+    // copy the decrypted bytes over the encrypted bytes in the output.
+    // TODO(strobe): attempt to reduce number of memory copies
+    scoped_array<uint8> encrypted_bytes(
+        new uint8[total_encrypted_subsample_size]);
+    int in_pos = 0, out_pos = 0;

[xhwang, 2012/06/27 19:37:43]

Prefer to declaring variables on separate lines. I am surprised that this isn't
specified explicitly in the style guide, but I seldom see this pattern in
chromium code.

[strobe_, 2012/07/13 00:47:07]

Done.

+    for (size_t i = 0; i < subsamples.size(); i++) {
+      const SubsampleEntry& subsample = subsamples[i];
+      in_pos += subsample.clear_bytes;
+      if (in_pos + subsample.cypher_bytes > input.GetDataSize()) {
+        DVLOG(1) << "Subsample total size larger than input size";
+        return NULL;
+      }
+      memcpy(encrypted_bytes.get() + out_pos, input.GetData() + in_pos,
+             subsample.cypher_bytes);
+      in_pos += subsample.cypher_bytes;
+      out_pos += subsample.cypher_bytes;
+    }
+
+    std::string decrypted_text;
+    base::StringPiece encrypted_text(
+        reinterpret_cast<const char*>(encrypted_bytes.get()),
+        total_encrypted_subsample_size);
+    if (!encryptor.Decrypt(encrypted_text, &decrypted_text)) {
+      DVLOG(1) << "Could not decrypt data.";
+      return NULL;
+    }
+
+    scoped_refptr<DecoderBuffer> output = DecoderBuffer::CopyFrom(
+        input.GetData(), input.GetDataSize());
+    in_pos = 0;
+    out_pos = 0;
+    for (size_t i = 0; i < subsamples.size(); i++) {
+      const SubsampleEntry& subsample = subsamples[i];
+      out_pos += subsample.clear_bytes;
+      memcpy(output->GetWritableData() + out_pos,
+             reinterpret_cast<const uint8*>(decrypted_text.data()) + in_pos,
+             subsample.cypher_bytes);
+      in_pos += subsample.cypher_bytes;
+      out_pos += subsample.cypher_bytes;

[xhwang, 2012/06/27 19:37:43]

This part is so similar to the block starting from line 72. Can we have a help
function to do that?

[strobe_, 2012/07/13 00:47:07]

Done.

+    }
+    return output;
+  } else {

[xhwang, 2012/06/27 19:37:43]

nit: we don't need this "else" since "if" will always "return".

e.g.

if (...) {
...
return;
}

do_something_else

[strobe_, 2012/07/13 00:47:07]

Done.

+    std::string decrypted_text;
+    base::StringPiece encrypted_text(
+        reinterpret_cast<const char*>(input.GetData()),
+        input.GetDataSize());
+    if (!encryptor.Decrypt(encrypted_text, &decrypted_text)) {
+      DVLOG(1) << "Could not decrypt data.";
+      return NULL;
+    }
+
+    // TODO(xhwang): Find a way to avoid this data copy.
+    return DecoderBuffer::CopyFrom(
+        reinterpret_cast<const uint8*>(decrypted_text.data()),
+        decrypted_text.size());
   }
-
-  // TODO(xhwang): Find a way to avoid this data copy.
-  return DecoderBuffer::CopyFrom(
-      reinterpret_cast<const uint8*>(decrypted_text.data()),
-      decrypted_text.size());
 }
 
 AesDecryptor::AesDecryptor(DecryptorClient* client)
     : client_(client) {
 }
 
 AesDecryptor::~AesDecryptor() {
   STLDeleteValues(&key_map_);
 }
 
@@ skipping 92 matching lines @@
 
   if (decrypted) {
     decrypted->SetTimestamp(encrypted->GetTimestamp());
     decrypted->SetDuration(encrypted->GetDuration());
   }
 
   return decrypted;
 }
 
 }  // namespace media