Revert 147169 - Add support for encrypted WebM files as defined in the RFC.

media/crypto/aes_decryptor.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "media/crypto/aes_decryptor.h"
 
 #include "base/logging.h"
 #include "base/stl_util.h"
 #include "base/string_number_conversions.h"
+#include "base/string_piece.h"
 #include "crypto/encryptor.h"
-#include "crypto/hmac.h"
 #include "crypto/symmetric_key.h"
 #include "media/base/decoder_buffer.h"
 #include "media/base/decrypt_config.h"
 #include "media/base/decryptor_client.h"
 
 namespace media {
 
-// The size is from the WebM encrypted specification. Current encrypted WebM
-// request for comments specification is here
-// http://wiki.webmproject.org/encryption/webm-encryption-rfc
-static const int kWebmSha1DigestSize = 20;
-static const char kWebmHmacSeed[] = "hmac-key";
-static const char kWebmEncryptionSeed[] = "encryption-key";
+// TODO(xhwang): Get real IV from frames.
+static const char kInitialCounter[] = "0000000000000000";
 
 uint32 AesDecryptor::next_session_id_ = 1;
 
-// Derives a key using SHA1 HMAC. |secret| is the base secret to derive
-// the key from. |seed| is the known message to the HMAC algorithm. |key_size|
-// is how many bytes are returned in the key. Returns a string containing the
-// key on success. Returns an empty string on failure.
-static std::string DeriveKey(const base::StringPiece& secret,
-                             const base::StringPiece& seed,
-                             int key_size) {
-  CHECK(!secret.empty());
-  CHECK(!seed.empty());
-  CHECK_GT(key_size, 0);
-
-  crypto::HMAC hmac(crypto::HMAC::SHA1);
-  if (!hmac.Init(secret)) {
-    DVLOG(1) << "Could not initialize HMAC with secret data.";
-    return std::string();
-  }
-
-  scoped_array<uint8> calculated_hmac(new uint8[hmac.DigestLength()]);
-  if (!hmac.Sign(seed, calculated_hmac.get(), hmac.DigestLength())) {
-    DVLOG(1) << "Could not calculate HMAC.";
-    return std::string();
-  }
-
-  return std::string(reinterpret_cast<const char*>(calculated_hmac.get()),
-                     key_size);
-}
-
-// Checks data in |input| matches the HMAC in |input|. The check is using the
-// SHA1 algorithm. |hmac_key| is the key of the HMAC algorithm. Returns true if
-// the integrity check passes.
-static bool CheckData(const DecoderBuffer& input,
-                      const base::StringPiece& hmac_key) {
+// Decrypt |input| using |key|.
+// Return a DecoderBuffer with the decrypted data if decryption succeeded.
+// Return NULL if decryption failed.
+static scoped_refptr<DecoderBuffer> DecryptData(const DecoderBuffer& input,
+                                                crypto::SymmetricKey* key) {
   CHECK(input.GetDataSize());
-  CHECK(input.GetDecryptConfig());
-  CHECK_GT(input.GetDecryptConfig()->checksum_size(), 0);
-  CHECK(!hmac_key.empty());
-
-  crypto::HMAC hmac(crypto::HMAC::SHA1);
-  if (!hmac.Init(hmac_key))
-    return false;
-
-  // The HMAC covers the IV and the frame data.
-  base::StringPiece data_to_check(
-      reinterpret_cast<const char*>(input.GetData()), input.GetDataSize());
-
-  scoped_array<uint8> calculated_hmac(new uint8[hmac.DigestLength()]);
-  if (!hmac.Sign(data_to_check, calculated_hmac.get(), hmac.DigestLength()))
-    return false;
-
-  DCHECK(input.GetDecryptConfig()->checksum_size() <=
-         static_cast<int>(hmac.DigestLength()));
-  if (memcmp(input.GetDecryptConfig()->checksum(),
-             calculated_hmac.get(),
-             input.GetDecryptConfig()->checksum_size()) != 0)
-    return false;
-  return true;
-}
-
-// Decrypts |input| using |key|. |encrypted_data_offset| is the number of bytes
-// into |input| that the encrypted data starts.
-// Returns a DecoderBuffer with the decrypted data if decryption succeeded or
-// NULL if decryption failed.
-static scoped_refptr<DecoderBuffer> DecryptData(const DecoderBuffer& input,
-                                                crypto::SymmetricKey* key,
-                                                int encrypted_data_offset) {
-  CHECK(input.GetDataSize());
-  CHECK(input.GetDecryptConfig());
   CHECK(key);
 
-  // Initialize decryptor.
+  // Initialize encryption data.
+  // The IV must be exactly as long as the cipher block size.
   crypto::Encryptor encryptor;
-  if (!encryptor.Init(key, crypto::Encryptor::CTR, "")) {
-    DVLOG(1) << "Could not initialize decryptor.";
-    return NULL;
-  }
-
-  DCHECK_EQ(input.GetDecryptConfig()->iv_size(),
-            DecryptConfig::kDecryptionKeySize);
-  // Set the counter block.
-  base::StringPiece counter_block(
-      reinterpret_cast<const char*>(input.GetDecryptConfig()->iv()),
-      input.GetDecryptConfig()->iv_size());
-  if (counter_block.empty()) {
-    DVLOG(1) << "Could not generate counter block.";
-    return NULL;
-  }
-  if (!encryptor.SetCounter(counter_block)) {
-    DVLOG(1) << "Could not set counter block.";
+  if (!encryptor.Init(key, crypto::Encryptor::CBC, kInitialCounter)) {
+    DVLOG(1) << "Could not initialize encryptor.";
     return NULL;
   }
 
   std::string decrypted_text;
-  const char* frame =
-      reinterpret_cast<const char*>(input.GetData() + encrypted_data_offset);
-  int frame_size = input.GetDataSize() - encrypted_data_offset;
-  base::StringPiece encrypted_text(frame, frame_size);
+  base::StringPiece encrypted_text(
+      reinterpret_cast<const char*>(input.GetData()),
+      input.GetDataSize());
   if (!encryptor.Decrypt(encrypted_text, &decrypted_text)) {
     DVLOG(1) << "Could not decrypt data.";
     return NULL;
   }
 
   // TODO(xhwang): Find a way to avoid this data copy.
   return DecoderBuffer::CopyFrom(
       reinterpret_cast<const uint8*>(decrypted_text.data()),
       decrypted_text.size());
 }
@@ skipping 24 matching lines @@
                           const uint8* key,
                           int key_length,
                           const uint8* init_data,
                           int init_data_length,
                           const std::string& session_id) {
   CHECK(key);
   CHECK_GT(key_length, 0);
 
   // TODO(xhwang): Add |session_id| check after we figure out how:
   // https://www.w3.org/Bugs/Public/show_bug.cgi?id=16550
-  if (key_length != DecryptConfig::kDecryptionKeySize) {
+
+  const int kSupportedKeyLength = 16;  // 128-bit key.
+  if (key_length != kSupportedKeyLength) {
     DVLOG(1) << "Invalid key length: " << key_length;
     client_->KeyError(key_system, session_id, Decryptor::kUnknownError, 0);
     return;
   }
 
   // TODO(xhwang): Fix the decryptor to accept no |init_data|. See
   // http://crbug.com/123265. Until then, ensure a non-empty value is passed.
   static const uint8 kDummyInitData[1] = { 0 };
   if (!init_data) {
     init_data = kDummyInitData;
     init_data_length = arraysize(kDummyInitData);
   }
 
   // TODO(xhwang): For now, use |init_data| for key ID. Make this more spec
   // compliant later (http://crbug.com/123262, http://crbug.com/123265).
   std::string key_id_string(reinterpret_cast<const char*>(init_data),
                             init_data_length);
   std::string key_string(reinterpret_cast<const char*>(key) , key_length);
-  scoped_ptr<DecryptionKey> decryption_key(new DecryptionKey(key_string));
-  if (!decryption_key.get()) {
-    DVLOG(1) << "Could not create key.";
-    client_->KeyError(key_system, session_id, Decryptor::kUnknownError, 0);
-    return;
-  }
-
-  // TODO(fgalligan): When ISO is added we will need to figure out how to
-  // detect if the encrypted data will contain an HMAC.
-  if (!decryption_key->Init(true)) {
-    DVLOG(1) << "Could not initialize decryption key.";
+  crypto::SymmetricKey* symmetric_key = crypto::SymmetricKey::Import(
+      crypto::SymmetricKey::AES, key_string);
+  if (!symmetric_key) {
+    DVLOG(1) << "Could not import key.";
     client_->KeyError(key_system, session_id, Decryptor::kUnknownError, 0);
     return;
   }
 
   {
     base::AutoLock auto_lock(key_map_lock_);
     KeyMap::iterator found = key_map_.find(key_id_string);
     if (found != key_map_.end()) {
       delete found->second;
       key_map_.erase(found);
     }
-    key_map_[key_id_string] = decryption_key.release();
+    key_map_[key_id_string] = symmetric_key;
   }
 
   client_->KeyAdded(key_system, session_id);
 }
 
 void AesDecryptor::CancelKeyRequest(const std::string& key_system,
                                     const std::string& session_id) {
 }
 
 void AesDecryptor::Decrypt(const scoped_refptr<DecoderBuffer>& encrypted,
                            const DecryptCB& decrypt_cb) {
   CHECK(encrypted->GetDecryptConfig());
   const uint8* key_id = encrypted->GetDecryptConfig()->key_id();
   const int key_id_size = encrypted->GetDecryptConfig()->key_id_size();
 
   // TODO(xhwang): Avoid always constructing a string with StringPiece?
   std::string key_id_string(reinterpret_cast<const char*>(key_id), key_id_size);
 
-  DecryptionKey* key = NULL;
+  crypto::SymmetricKey* key = NULL;
   {
     base::AutoLock auto_lock(key_map_lock_);
     KeyMap::const_iterator found = key_map_.find(key_id_string);
     if (found != key_map_.end())
       key = found->second;
   }
 
   if (!key) {
-    // TODO(fgalligan): Fire a need_key event here and add a test.
     DVLOG(1) << "Could not find a matching key for given key ID.";
     decrypt_cb.Run(kError, NULL);
     return;
   }
 
-  int checksum_size = encrypted->GetDecryptConfig()->checksum_size();
-  // According to the WebM encrypted specification, it is an open question
-  // what should happen when a frame fails the integrity check.
-  // http://wiki.webmproject.org/encryption/webm-encryption-rfc
-  if (checksum_size > 0 &&
-      !key->hmac_key().empty() &&
-      !CheckData(*encrypted, key->hmac_key())) {
-    DVLOG(1) << "Integrity check failed.";
-    decrypt_cb.Run(kError, NULL);
-    return;
-  }
+  scoped_refptr<DecoderBuffer> decrypted = DecryptData(*encrypted, key);
 
-  scoped_refptr<DecoderBuffer> decrypted =
-      DecryptData(*encrypted,
-                  key->decryption_key(),
-                  encrypted->GetDecryptConfig()->encrypted_frame_offset());
   if (!decrypted) {
     DVLOG(1) << "Decryption failed.";
     decrypt_cb.Run(kError, NULL);
     return;
   }
 
   decrypted->SetTimestamp(encrypted->GetTimestamp());
   decrypted->SetDuration(encrypted->GetDuration());
   decrypt_cb.Run(kSuccess, decrypted);
 }
 
-AesDecryptor::DecryptionKey::DecryptionKey(
-    const std::string& secret)
-    : secret_(secret) {
-}
-
-AesDecryptor::DecryptionKey::~DecryptionKey() {}
-
-bool AesDecryptor::DecryptionKey::Init(bool derive_webm_keys) {
-  CHECK(!secret_.empty());
-
-  if (derive_webm_keys) {
-    std::string raw_key = DeriveKey(secret_,
-                                    kWebmEncryptionSeed,
-                                    secret_.length());
-    if (raw_key.empty()) {
-      return false;
-    }
-    decryption_key_.reset(
-        crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key));
-    if (!decryption_key_.get()) {
-      return false;
-    }
-
-    hmac_key_ = DeriveKey(secret_, kWebmHmacSeed, kWebmSha1DigestSize);
-    if (hmac_key_.empty()) {
-      return false;
-    }
-    return true;
-  }
-
-  decryption_key_.reset(
-      crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, secret_));
-  if (!decryption_key_.get()) {
-    return false;
-  }
-  return true;
-}
-
 }  // namespace media