| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef MEDIA_CRYPTO_AES_DECRYPTOR_H_ | 5 #ifndef MEDIA_CRYPTO_AES_DECRYPTOR_H_ |
| 6 #define MEDIA_CRYPTO_AES_DECRYPTOR_H_ | 6 #define MEDIA_CRYPTO_AES_DECRYPTOR_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 11 #include "base/hash_tables.h" | 11 #include "base/hash_tables.h" |
| 12 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
| 13 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
| 14 #include "base/string_piece.h" | 14 #include "base/string_piece.h" |
| 15 #include "base/synchronization/lock.h" | 15 #include "base/synchronization/lock.h" |
| 16 #include "media/base/decryptor.h" | 16 #include "media/base/decryptor.h" |
| 17 #include "media/base/media_export.h" | 17 #include "media/base/media_export.h" |
| 18 | 18 |
| 19 namespace crypto { | 19 namespace crypto { |
| 20 class SymmetricKey; | 20 class SymmetricKey; |
| 21 } | 21 } |
| 22 | 22 |
| 23 namespace media { | 23 namespace media { |
| 24 | 24 |
| 25 class DecryptorClient; | 25 class DecryptorClient; |
| 26 | 26 |
| 27 // Decrypts an AES encrypted buffer into an unencrypted buffer. The AES | 27 // Decrypts an AES encrypted buffer into an unencrypted buffer. The AES |
| 28 // encryption must be CTR with a key size of 128bits. Optionally checks the | 28 // encryption must be CTR with a key size of 128bits. |
| 29 // integrity of the encrypted data. | |
| 30 class MEDIA_EXPORT AesDecryptor : public Decryptor { | 29 class MEDIA_EXPORT AesDecryptor : public Decryptor { |
| 31 public: | 30 public: |
| 32 // The AesDecryptor does not take ownership of the |client|. The |client| | 31 // The AesDecryptor does not take ownership of the |client|. The |client| |
| 33 // must be valid throughout the lifetime of the AesDecryptor. | 32 // must be valid throughout the lifetime of the AesDecryptor. |
| 34 explicit AesDecryptor(DecryptorClient* client); | 33 explicit AesDecryptor(DecryptorClient* client); |
| 35 virtual ~AesDecryptor(); | 34 virtual ~AesDecryptor(); |
| 36 | 35 |
| 37 // Decryptor implementation. | 36 // Decryptor implementation. |
| 38 virtual bool GenerateKeyRequest(const std::string& key_system, | 37 virtual bool GenerateKeyRequest(const std::string& key_system, |
| 39 const uint8* init_data, | 38 const uint8* init_data, |
| 40 int init_data_length) OVERRIDE; | 39 int init_data_length) OVERRIDE; |
| 41 virtual void AddKey(const std::string& key_system, | 40 virtual void AddKey(const std::string& key_system, |
| 42 const uint8* key, | 41 const uint8* key, |
| 43 int key_length, | 42 int key_length, |
| 44 const uint8* init_data, | 43 const uint8* init_data, |
| 45 int init_data_length, | 44 int init_data_length, |
| 46 const std::string& session_id) OVERRIDE; | 45 const std::string& session_id) OVERRIDE; |
| 47 virtual void CancelKeyRequest(const std::string& key_system, | 46 virtual void CancelKeyRequest(const std::string& key_system, |
| 48 const std::string& session_id) OVERRIDE; | 47 const std::string& session_id) OVERRIDE; |
| 49 // Decrypts |encrypted| buffer. |encrypted| should not be NULL. |encrypted| | 48 // Decrypts |encrypted| buffer. |encrypted| should not be NULL. Returns a |
| 50 // will signal if an integrity check must be performed before decryption. | 49 // DecoderBuffer with the decrypted data if the decryption succeeded through |
| 51 // Returns a DecoderBuffer with the decrypted data if the decryption | 50 // |decrypt_cb|. |
| 52 // succeeded through |decrypt_cb|. | |
| 53 virtual void Decrypt(const scoped_refptr<DecoderBuffer>& encrypted, | 51 virtual void Decrypt(const scoped_refptr<DecoderBuffer>& encrypted, |
| 54 const DecryptCB& decrypt_cb) OVERRIDE; | 52 const DecryptCB& decrypt_cb) OVERRIDE; |
| 55 virtual void Stop() OVERRIDE; | 53 virtual void Stop() OVERRIDE; |
| 56 | 54 |
| 57 private: | 55 private: |
| 58 // Helper class that manages the decryption key and HMAC key. The HMAC key | 56 // TODO(fgalligan): Remove this and change KeyMap to use crypto::SymmetricKey |
| 59 // may be NULL. | 57 // as there are no decryptors that are performing an integrity check. |
| 58 // Helper class that manages the decryption key. |
| 60 class DecryptionKey { | 59 class DecryptionKey { |
| 61 public: | 60 public: |
| 62 explicit DecryptionKey(const std::string& secret); | 61 explicit DecryptionKey(const std::string& secret); |
| 63 ~DecryptionKey(); | 62 ~DecryptionKey(); |
| 64 | 63 |
| 65 // Creates the encryption key, and derives the WebM decryption key and HMAC. | 64 // Creates the encryption key. |
| 66 bool Init(); | 65 bool Init(); |
| 67 | 66 |
| 68 crypto::SymmetricKey* decryption_key() { return decryption_key_.get(); } | 67 crypto::SymmetricKey* decryption_key() { return decryption_key_.get(); } |
| 69 crypto::SymmetricKey* webm_decryption_key() | |
| 70 { return webm_decryption_key_.get(); } | |
| 71 base::StringPiece hmac_key() { return base::StringPiece(hmac_key_); } | |
| 72 | 68 |
| 73 private: | 69 private: |
| 74 // The base secret that is used to derive the decryption key and optionally | 70 // The base secret that is used to create the decryption key. |
| 75 // the HMAC key. | |
| 76 const std::string secret_; | 71 const std::string secret_; |
| 77 | 72 |
| 78 // The key used to decrypt the data. | 73 // The key used to decrypt the data. |
| 79 scoped_ptr<crypto::SymmetricKey> decryption_key_; | 74 scoped_ptr<crypto::SymmetricKey> decryption_key_; |
| 80 | 75 |
| 81 // The key used for decryption of WebM media, derived from the secret. | |
| 82 scoped_ptr<crypto::SymmetricKey> webm_decryption_key_; | |
| 83 | |
| 84 // The key used to perform the integrity check. Currently the HMAC key is | |
| 85 // defined by the WebM encrypted specification. Current encrypted WebM | |
| 86 // request for comments specification is here | |
| 87 // http://wiki.webmproject.org/encryption/webm-encryption-rfc | |
| 88 std::string hmac_key_; | |
| 89 | |
| 90 DISALLOW_COPY_AND_ASSIGN(DecryptionKey); | 76 DISALLOW_COPY_AND_ASSIGN(DecryptionKey); |
| 91 }; | 77 }; |
| 92 | 78 |
| 93 // Sets |key| for |key_id|. The AesDecryptor takes the ownership of the |key|. | 79 // Sets |key| for |key_id|. The AesDecryptor takes the ownership of the |key|. |
| 94 void SetKey(const std::string& key_id, scoped_ptr<DecryptionKey> key); | 80 void SetKey(const std::string& key_id, scoped_ptr<DecryptionKey> key); |
| 95 | 81 |
| 96 // Gets a DecryptionKey associated with |key_id|. The AesDecryptor still owns | 82 // Gets a DecryptionKey associated with |key_id|. The AesDecryptor still owns |
| 97 // the key. Returns NULL if no key is associated with |key_id|. | 83 // the key. Returns NULL if no key is associated with |key_id|. |
| 98 DecryptionKey* GetKey(const std::string& key_id) const; | 84 DecryptionKey* GetKey(const std::string& key_id) const; |
| 99 | 85 |
| (...skipping 13 matching lines...) Expand all Loading... |
| 113 static uint32 next_session_id_; | 99 static uint32 next_session_id_; |
| 114 | 100 |
| 115 DecryptorClient* const client_; | 101 DecryptorClient* const client_; |
| 116 | 102 |
| 117 DISALLOW_COPY_AND_ASSIGN(AesDecryptor); | 103 DISALLOW_COPY_AND_ASSIGN(AesDecryptor); |
| 118 }; | 104 }; |
| 119 | 105 |
| 120 } // namespace media | 106 } // namespace media |
| 121 | 107 |
| 122 #endif // MEDIA_CRYPTO_AES_DECRYPTOR_H_ | 108 #endif // MEDIA_CRYPTO_AES_DECRYPTOR_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10917308:
Remove the checksum/HMAC code from the decryptor. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src