| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "media/crypto/aes_decryptor.h" | 5 #include "media/crypto/aes_decryptor.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| 11 #include "base/string_number_conversions.h" | 11 #include "base/string_number_conversions.h" |
| 12 #include "crypto/encryptor.h" | 12 #include "crypto/encryptor.h" |
| 13 #include "crypto/hmac.h" | |
| 14 #include "crypto/symmetric_key.h" | 13 #include "crypto/symmetric_key.h" |
| 15 #include "media/base/decoder_buffer.h" | 14 #include "media/base/decoder_buffer.h" |
| 16 #include "media/base/decrypt_config.h" | 15 #include "media/base/decrypt_config.h" |
| 17 #include "media/base/decryptor_client.h" | 16 #include "media/base/decryptor_client.h" |
| 18 | 17 |
| 19 namespace media { | 18 namespace media { |
| 20 | 19 |
| 21 // The size is from the WebM encrypted specification. Current encrypted WebM | |
| 22 // request for comments specification is here | |
| 23 // http://wiki.webmproject.org/encryption/webm-encryption-rfc | |
| 24 static const int kWebmSha1DigestSize = 20; | |
| 25 static const char kWebmHmacSeed[] = "hmac-key"; | |
| 26 static const char kWebmEncryptionSeed[] = "encryption-key"; | |
| 27 | |
| 28 uint32 AesDecryptor::next_session_id_ = 1; | 20 uint32 AesDecryptor::next_session_id_ = 1; |
| 29 | 21 |
| 30 // Derives a key using SHA1 HMAC. |secret| is the base secret to derive | |
| 31 // the key from. |seed| is the known message to the HMAC algorithm. |key_size| | |
| 32 // is how many bytes are returned in the key. Returns a string containing the | |
| 33 // key on success. Returns an empty string on failure. | |
| 34 static std::string DeriveKey(const base::StringPiece& secret, | |
| 35 const base::StringPiece& seed, | |
| 36 int key_size) { | |
| 37 CHECK(!secret.empty()); | |
| 38 CHECK(!seed.empty()); | |
| 39 CHECK_GT(key_size, 0); | |
| 40 | |
| 41 crypto::HMAC hmac(crypto::HMAC::SHA1); | |
| 42 if (!hmac.Init(secret)) { | |
| 43 DVLOG(1) << "Could not initialize HMAC with secret data."; | |
| 44 return std::string(); | |
| 45 } | |
| 46 | |
| 47 scoped_array<uint8> calculated_hmac(new uint8[hmac.DigestLength()]); | |
| 48 if (!hmac.Sign(seed, calculated_hmac.get(), hmac.DigestLength())) { | |
| 49 DVLOG(1) << "Could not calculate HMAC."; | |
| 50 return std::string(); | |
| 51 } | |
| 52 | |
| 53 return std::string(reinterpret_cast<const char*>(calculated_hmac.get()), | |
| 54 key_size); | |
| 55 } | |
| 56 | |
| 57 // Checks data in |input| matches the HMAC in |input|. The check is using the | |
| 58 // SHA1 algorithm. |hmac_key| is the key of the HMAC algorithm. Returns true if | |
| 59 // the integrity check passes. | |
| 60 static bool CheckData(const DecoderBuffer& input, | |
| 61 const base::StringPiece& hmac_key) { | |
| 62 CHECK(input.GetDataSize()); | |
| 63 CHECK(input.GetDecryptConfig()); | |
| 64 CHECK_GT(input.GetDecryptConfig()->checksum().size(), 0u); | |
| 65 CHECK(!hmac_key.empty()); | |
| 66 | |
| 67 crypto::HMAC hmac(crypto::HMAC::SHA1); | |
| 68 if (!hmac.Init(hmac_key)) | |
| 69 return false; | |
| 70 | |
| 71 // The component that initializes |input.GetDecryptConfig()| is responsible | |
| 72 // for checking that |input.GetDecryptConfig()->checksum_size()| matches | |
| 73 // what is defined by the format. | |
| 74 | |
| 75 // Here, check that checksum size is not greater than the hash | |
| 76 // algorithm's digest length. | |
| 77 DCHECK_LE(input.GetDecryptConfig()->checksum().size(), | |
| 78 hmac.DigestLength()); | |
| 79 | |
| 80 base::StringPiece data_to_check( | |
| 81 reinterpret_cast<const char*>(input.GetData()), input.GetDataSize()); | |
| 82 | |
| 83 return hmac.VerifyTruncated(data_to_check, | |
| 84 input.GetDecryptConfig()->checksum()); | |
| 85 } | |
| 86 | |
| 87 enum ClearBytesBufferSel { | 22 enum ClearBytesBufferSel { |
| 88 kSrcContainsClearBytes, | 23 kSrcContainsClearBytes, |
| 89 kDstContainsClearBytes | 24 kDstContainsClearBytes |
| 90 }; | 25 }; |
| 91 | 26 |
| 92 static void CopySubsamples(const std::vector<SubsampleEntry>& subsamples, | 27 static void CopySubsamples(const std::vector<SubsampleEntry>& subsamples, |
| 93 const ClearBytesBufferSel sel, | 28 const ClearBytesBufferSel sel, |
| 94 const uint8* src, | 29 const uint8* src, |
| 95 uint8* dst) { | 30 uint8* dst) { |
| 96 for (size_t i = 0; i < subsamples.size(); i++) { | 31 for (size_t i = 0; i < subsamples.size(); i++) { |
| (...skipping 169 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 266 CHECK(encrypted->GetDecryptConfig()); | 201 CHECK(encrypted->GetDecryptConfig()); |
| 267 const std::string& key_id = encrypted->GetDecryptConfig()->key_id(); | 202 const std::string& key_id = encrypted->GetDecryptConfig()->key_id(); |
| 268 | 203 |
| 269 DecryptionKey* key = GetKey(key_id); | 204 DecryptionKey* key = GetKey(key_id); |
| 270 if (!key) { | 205 if (!key) { |
| 271 DVLOG(1) << "Could not find a matching key for the given key ID."; | 206 DVLOG(1) << "Could not find a matching key for the given key ID."; |
| 272 decrypt_cb.Run(kNoKey, NULL); | 207 decrypt_cb.Run(kNoKey, NULL); |
| 273 return; | 208 return; |
| 274 } | 209 } |
| 275 | 210 |
| 276 int checksum_size = encrypted->GetDecryptConfig()->checksum().size(); | |
| 277 // According to the WebM encrypted specification, it is an open question | |
| 278 // what should happen when a frame fails the integrity check. | |
| 279 // http://wiki.webmproject.org/encryption/webm-encryption-rfc | |
| 280 if (checksum_size > 0 && | |
| 281 !key->hmac_key().empty() && | |
| 282 !CheckData(*encrypted, key->hmac_key())) { | |
| 283 DVLOG(1) << "Integrity check failed."; | |
| 284 decrypt_cb.Run(kError, NULL); | |
| 285 return; | |
| 286 } | |
| 287 | |
| 288 scoped_refptr<DecoderBuffer> decrypted; | 211 scoped_refptr<DecoderBuffer> decrypted; |
| 289 // An empty iv string signals that the frame is unencrypted. | 212 // An empty iv string signals that the frame is unencrypted. |
| 290 if (encrypted->GetDecryptConfig()->iv().empty()) { | 213 if (encrypted->GetDecryptConfig()->iv().empty()) { |
| 291 int data_offset = encrypted->GetDecryptConfig()->data_offset(); | 214 int data_offset = encrypted->GetDecryptConfig()->data_offset(); |
| 292 decrypted = DecoderBuffer::CopyFrom(encrypted->GetData() + data_offset, | 215 decrypted = DecoderBuffer::CopyFrom(encrypted->GetData() + data_offset, |
| 293 encrypted->GetDataSize() - data_offset); | 216 encrypted->GetDataSize() - data_offset); |
| 294 } else { | 217 } else { |
| 295 // TODO(strobe): Currently, presence of checksum is used to indicate the use | 218 crypto::SymmetricKey* decryption_key = key->decryption_key(); |
| 296 // of normal or WebM decryption keys. Consider a more explicit signaling | |
| 297 // mechanism and the removal of the webm_decryption_key member. | |
| 298 crypto::SymmetricKey* decryption_key = (checksum_size > 0) ? | |
| 299 key->webm_decryption_key() : key->decryption_key(); | |
| 300 decrypted = DecryptData(*encrypted, decryption_key); | 219 decrypted = DecryptData(*encrypted, decryption_key); |
| 301 if (!decrypted) { | 220 if (!decrypted) { |
| 302 DVLOG(1) << "Decryption failed."; | 221 DVLOG(1) << "Decryption failed."; |
| 303 decrypt_cb.Run(kError, NULL); | 222 decrypt_cb.Run(kError, NULL); |
| 304 return; | 223 return; |
| 305 } | 224 } |
| 306 } | 225 } |
| 307 | 226 |
| 308 decrypted->SetTimestamp(encrypted->GetTimestamp()); | 227 decrypted->SetTimestamp(encrypted->GetTimestamp()); |
| 309 decrypted->SetDuration(encrypted->GetDuration()); | 228 decrypted->SetDuration(encrypted->GetDuration()); |
| (...skipping 29 matching lines...) Expand all Loading... |
| 339 } | 258 } |
| 340 | 259 |
| 341 AesDecryptor::DecryptionKey::~DecryptionKey() {} | 260 AesDecryptor::DecryptionKey::~DecryptionKey() {} |
| 342 | 261 |
| 343 bool AesDecryptor::DecryptionKey::Init() { | 262 bool AesDecryptor::DecryptionKey::Init() { |
| 344 CHECK(!secret_.empty()); | 263 CHECK(!secret_.empty()); |
| 345 decryption_key_.reset(crypto::SymmetricKey::Import( | 264 decryption_key_.reset(crypto::SymmetricKey::Import( |
| 346 crypto::SymmetricKey::AES, secret_)); | 265 crypto::SymmetricKey::AES, secret_)); |
| 347 if (!decryption_key_.get()) | 266 if (!decryption_key_.get()) |
| 348 return false; | 267 return false; |
| 349 | |
| 350 std::string raw_key = DeriveKey(secret_, | |
| 351 kWebmEncryptionSeed, | |
| 352 secret_.length()); | |
| 353 if (raw_key.empty()) | |
| 354 return false; | |
| 355 | |
| 356 webm_decryption_key_.reset(crypto::SymmetricKey::Import( | |
| 357 crypto::SymmetricKey::AES, raw_key)); | |
| 358 if (!webm_decryption_key_.get()) | |
| 359 return false; | |
| 360 | |
| 361 hmac_key_ = DeriveKey(secret_, kWebmHmacSeed, kWebmSha1DigestSize); | |
| 362 if (hmac_key_.empty()) | |
| 363 return false; | |
| 364 | |
| 365 return true; | 268 return true; |
| 366 } | 269 } |
| 367 | 270 |
| 368 } // namespace media | 271 } // namespace media |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10917308:
Remove the checksum/HMAC code from the decryptor. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src