Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(371)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: media/crypto/aes_decryptor.cc

Issue 10800091: Replace memcmp() with HMAC.VerifyTruncated() in aes_decryptor.cc (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Addressing comments from Patch Set 3. Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "media/crypto/aes_decryptor.h" 5 #include "media/crypto/aes_decryptor.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "base/stl_util.h" 8 #include "base/stl_util.h"
9 #include "base/string_number_conversions.h" 9 #include "base/string_number_conversions.h"
10 #include "crypto/encryptor.h" 10 #include "crypto/encryptor.h"
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
59 const base::StringPiece& hmac_key) { 59 const base::StringPiece& hmac_key) {
60 CHECK(input.GetDataSize()); 60 CHECK(input.GetDataSize());
61 CHECK(input.GetDecryptConfig()); 61 CHECK(input.GetDecryptConfig());
62 CHECK_GT(input.GetDecryptConfig()->checksum_size(), 0); 62 CHECK_GT(input.GetDecryptConfig()->checksum_size(), 0);
63 CHECK(!hmac_key.empty()); 63 CHECK(!hmac_key.empty());
64 64
65 crypto::HMAC hmac(crypto::HMAC::SHA1); 65 crypto::HMAC hmac(crypto::HMAC::SHA1);
66 if (!hmac.Init(hmac_key)) 66 if (!hmac.Init(hmac_key))
67 return false; 67 return false;
68 68
69 // The HMAC covers the IV and the frame data. 69 // The component that initializes |input.GetDecryptConfig()| is responsible
70 // for checking that |input.GetDecryptConfig()->checksum_size()| matches
71 // what is defined by the format.
72
73 // Here, check that checksum size is not greater than the hash
74 // algorithm's digest length.
75 DCHECK_LE(input.GetDecryptConfig()->checksum_size(),
76 static_cast<int>(hmac.DigestLength()));
77
70 base::StringPiece data_to_check( 78 base::StringPiece data_to_check(
71 reinterpret_cast<const char*>(input.GetData()), input.GetDataSize()); 79 reinterpret_cast<const char*>(input.GetData()), input.GetDataSize());
80 base::StringPiece digest(
81 reinterpret_cast<const char*>(input.GetDecryptConfig()->checksum()),
82 input.GetDecryptConfig()->checksum_size());
72 83
73 scoped_array<uint8> calculated_hmac(new uint8[hmac.DigestLength()]); 84 return hmac.VerifyTruncated(data_to_check, digest);
74 if (!hmac.Sign(data_to_check, calculated_hmac.get(), hmac.DigestLength()))
75 return false;
76
77 DCHECK(input.GetDecryptConfig()->checksum_size() <=
78 static_cast<int>(hmac.DigestLength()));
79 if (memcmp(input.GetDecryptConfig()->checksum(),
80 calculated_hmac.get(),
81 input.GetDecryptConfig()->checksum_size()) != 0)
82 return false;
83 return true;
84 } 85 }
85 86
86 // Decrypts |input| using |key|. |encrypted_data_offset| is the number of bytes 87 // Decrypts |input| using |key|. |encrypted_data_offset| is the number of bytes
87 // into |input| that the encrypted data starts. 88 // into |input| that the encrypted data starts.
88 // Returns a DecoderBuffer with the decrypted data if decryption succeeded or 89 // Returns a DecoderBuffer with the decrypted data if decryption succeeded or
89 // NULL if decryption failed. 90 // NULL if decryption failed.
90 static scoped_refptr<DecoderBuffer> DecryptData(const DecoderBuffer& input, 91 static scoped_refptr<DecoderBuffer> DecryptData(const DecoderBuffer& input,
91 crypto::SymmetricKey* key, 92 crypto::SymmetricKey* key,
92 int encrypted_data_offset) { 93 int encrypted_data_offset) {
93 CHECK(input.GetDataSize()); 94 CHECK(input.GetDataSize());
(...skipping 205 matching lines...) Expand 10 before | Expand all | Expand 10 after
299 300
300 decryption_key_.reset( 301 decryption_key_.reset(
301 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, secret_)); 302 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, secret_));
302 if (!decryption_key_.get()) { 303 if (!decryption_key_.get()) {
303 return false; 304 return false;
304 } 305 }
305 return true; 306 return true;
306 } 307 }
307 308
308 } // namespace media 309 } // namespace media
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698