| OLD | NEW | 
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be | 
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. | 
| 4 | 4 | 
| 5 #include "media/crypto/aes_decryptor.h" | 5 #include "media/crypto/aes_decryptor.h" | 
| 6 | 6 | 
| 7 #include "base/logging.h" | 7 #include "base/logging.h" | 
| 8 #include "base/stl_util.h" | 8 #include "base/stl_util.h" | 
| 9 #include "base/string_number_conversions.h" | 9 #include "base/string_number_conversions.h" | 
| 10 #include "base/string_piece.h" |  | 
| 11 #include "crypto/encryptor.h" | 10 #include "crypto/encryptor.h" | 
|  | 11 #include "crypto/hmac.h" | 
| 12 #include "crypto/symmetric_key.h" | 12 #include "crypto/symmetric_key.h" | 
| 13 #include "media/base/decoder_buffer.h" | 13 #include "media/base/decoder_buffer.h" | 
| 14 #include "media/base/decrypt_config.h" | 14 #include "media/base/decrypt_config.h" | 
| 15 #include "media/base/decryptor_client.h" | 15 #include "media/base/decryptor_client.h" | 
| 16 | 16 | 
| 17 namespace media { | 17 namespace media { | 
| 18 | 18 | 
| 19 // TODO(xhwang): Get real IV from frames. | 19 // The size is from the WebM encrypted specification. Current encrypted WebM | 
| 20 static const char kInitialCounter[] = "0000000000000000"; | 20 // request for comments specification is here | 
|  | 21 // http://wiki.webmproject.org/encryption/webm-encryption-rfc | 
|  | 22 static const int kWebmSha1DigestSize = 20; | 
|  | 23 static const char kWebmHmacSeed[] = "hmac-key"; | 
|  | 24 static const char kWebmEncryptionSeed[] = "encryption-key"; | 
| 21 | 25 | 
| 22 uint32 AesDecryptor::next_session_id_ = 1; | 26 uint32 AesDecryptor::next_session_id_ = 1; | 
| 23 | 27 | 
| 24 // Decrypt |input| using |key|. | 28 // Derives a key using SHA1 HMAC. |secret| is the base secret to derive | 
| 25 // Return a DecoderBuffer with the decrypted data if decryption succeeded. | 29 // the key from. |seed| is the known message to the HMAC algorithm. |key_size| | 
| 26 // Return NULL if decryption failed. | 30 // is how many bytes are returned in the key. Returns a string containing the | 
|  | 31 // key on success. Returns an empty string on failure. | 
|  | 32 static std::string DeriveKey(const base::StringPiece& secret, | 
|  | 33                              const base::StringPiece& seed, | 
|  | 34                              int key_size) { | 
|  | 35   CHECK(!secret.empty()); | 
|  | 36   CHECK(!seed.empty()); | 
|  | 37   CHECK_GT(key_size, 0); | 
|  | 38 | 
|  | 39   crypto::HMAC hmac(crypto::HMAC::SHA1); | 
|  | 40   if (!hmac.Init(secret)) { | 
|  | 41     DVLOG(1) << "Could not initialize HMAC with secret data."; | 
|  | 42     return std::string(); | 
|  | 43   } | 
|  | 44 | 
|  | 45   scoped_array<uint8> calculated_hmac(new uint8[hmac.DigestLength()]); | 
|  | 46   if (!hmac.Sign(seed, calculated_hmac.get(), hmac.DigestLength())) { | 
|  | 47     DVLOG(1) << "Could not calculate HMAC."; | 
|  | 48     return std::string(); | 
|  | 49   } | 
|  | 50 | 
|  | 51   return std::string(reinterpret_cast<const char*>(calculated_hmac.get()), | 
|  | 52                      key_size); | 
|  | 53 } | 
|  | 54 | 
|  | 55 // Checks data in |input| matches the HMAC in |input|. The check is using the | 
|  | 56 // SHA1 algorithm. |hmac_key| is the key of the HMAC algorithm. Returns true if | 
|  | 57 // the integrity check passes. | 
|  | 58 static bool CheckData(const DecoderBuffer& input, | 
|  | 59                       const base::StringPiece& hmac_key) { | 
|  | 60   CHECK(input.GetDataSize()); | 
|  | 61   CHECK(input.GetDecryptConfig()); | 
|  | 62   CHECK_GT(input.GetDecryptConfig()->checksum_size(), 0); | 
|  | 63   CHECK(!hmac_key.empty()); | 
|  | 64 | 
|  | 65   crypto::HMAC hmac(crypto::HMAC::SHA1); | 
|  | 66   if (!hmac.Init(hmac_key)) | 
|  | 67     return false; | 
|  | 68 | 
|  | 69   // The HMAC covers the IV and the frame data. | 
|  | 70   base::StringPiece data_to_check( | 
|  | 71       reinterpret_cast<const char*>(input.GetData()), input.GetDataSize()); | 
|  | 72 | 
|  | 73   scoped_array<uint8> calculated_hmac(new uint8[hmac.DigestLength()]); | 
|  | 74   if (!hmac.Sign(data_to_check, calculated_hmac.get(), hmac.DigestLength())) | 
|  | 75     return false; | 
|  | 76 | 
|  | 77   DCHECK(input.GetDecryptConfig()->checksum_size() <= | 
|  | 78          static_cast<int>(hmac.DigestLength())); | 
|  | 79   if (memcmp(input.GetDecryptConfig()->checksum(), | 
|  | 80              calculated_hmac.get(), | 
|  | 81              input.GetDecryptConfig()->checksum_size()) != 0) | 
|  | 82     return false; | 
|  | 83   return true; | 
|  | 84 } | 
|  | 85 | 
|  | 86 // Decrypts |input| using |key|. |encrypted_data_offset| is the number of bytes | 
|  | 87 // into |input| that the encrypted data starts. | 
|  | 88 // Returns a DecoderBuffer with the decrypted data if decryption succeeded or | 
|  | 89 // NULL if decryption failed. | 
| 27 static scoped_refptr<DecoderBuffer> DecryptData(const DecoderBuffer& input, | 90 static scoped_refptr<DecoderBuffer> DecryptData(const DecoderBuffer& input, | 
| 28                                                 crypto::SymmetricKey* key) { | 91                                                 crypto::SymmetricKey* key, | 
|  | 92                                                 int encrypted_data_offset) { | 
| 29   CHECK(input.GetDataSize()); | 93   CHECK(input.GetDataSize()); | 
|  | 94   CHECK(input.GetDecryptConfig()); | 
| 30   CHECK(key); | 95   CHECK(key); | 
| 31 | 96 | 
| 32   // Initialize encryption data. | 97   // Initialize decryptor. | 
| 33   // The IV must be exactly as long as the cipher block size. |  | 
| 34   crypto::Encryptor encryptor; | 98   crypto::Encryptor encryptor; | 
| 35   if (!encryptor.Init(key, crypto::Encryptor::CBC, kInitialCounter)) { | 99   if (!encryptor.Init(key, crypto::Encryptor::CTR, "")) { | 
| 36     DVLOG(1) << "Could not initialize encryptor."; | 100     DVLOG(1) << "Could not initialize decryptor."; | 
|  | 101     return NULL; | 
|  | 102   } | 
|  | 103 | 
|  | 104   DCHECK_EQ(input.GetDecryptConfig()->iv_size(), | 
|  | 105             DecryptConfig::kDecryptionKeySize); | 
|  | 106   // Set the counter block. | 
|  | 107   base::StringPiece counter_block( | 
|  | 108       reinterpret_cast<const char*>(input.GetDecryptConfig()->iv()), | 
|  | 109       input.GetDecryptConfig()->iv_size()); | 
|  | 110   if (counter_block.empty()) { | 
|  | 111     DVLOG(1) << "Could not generate counter block."; | 
|  | 112     return NULL; | 
|  | 113   } | 
|  | 114   if (!encryptor.SetCounter(counter_block)) { | 
|  | 115     DVLOG(1) << "Could not set counter block."; | 
| 37     return NULL; | 116     return NULL; | 
| 38   } | 117   } | 
| 39 | 118 | 
| 40   std::string decrypted_text; | 119   std::string decrypted_text; | 
| 41   base::StringPiece encrypted_text( | 120   const char* frame = | 
| 42       reinterpret_cast<const char*>(input.GetData()), | 121       reinterpret_cast<const char*>(input.GetData() + encrypted_data_offset); | 
| 43       input.GetDataSize()); | 122   int frame_size = input.GetDataSize() - encrypted_data_offset; | 
|  | 123   base::StringPiece encrypted_text(frame, frame_size); | 
| 44   if (!encryptor.Decrypt(encrypted_text, &decrypted_text)) { | 124   if (!encryptor.Decrypt(encrypted_text, &decrypted_text)) { | 
| 45     DVLOG(1) << "Could not decrypt data."; | 125     DVLOG(1) << "Could not decrypt data."; | 
| 46     return NULL; | 126     return NULL; | 
| 47   } | 127   } | 
| 48 | 128 | 
| 49   // TODO(xhwang): Find a way to avoid this data copy. | 129   // TODO(xhwang): Find a way to avoid this data copy. | 
| 50   return DecoderBuffer::CopyFrom( | 130   return DecoderBuffer::CopyFrom( | 
| 51       reinterpret_cast<const uint8*>(decrypted_text.data()), | 131       reinterpret_cast<const uint8*>(decrypted_text.data()), | 
| 52       decrypted_text.size()); | 132       decrypted_text.size()); | 
| 53 } | 133 } | 
| (...skipping 24 matching lines...) Expand all  Loading... | 
| 78                           const uint8* key, | 158                           const uint8* key, | 
| 79                           int key_length, | 159                           int key_length, | 
| 80                           const uint8* init_data, | 160                           const uint8* init_data, | 
| 81                           int init_data_length, | 161                           int init_data_length, | 
| 82                           const std::string& session_id) { | 162                           const std::string& session_id) { | 
| 83   CHECK(key); | 163   CHECK(key); | 
| 84   CHECK_GT(key_length, 0); | 164   CHECK_GT(key_length, 0); | 
| 85 | 165 | 
| 86   // TODO(xhwang): Add |session_id| check after we figure out how: | 166   // TODO(xhwang): Add |session_id| check after we figure out how: | 
| 87   // https://www.w3.org/Bugs/Public/show_bug.cgi?id=16550 | 167   // https://www.w3.org/Bugs/Public/show_bug.cgi?id=16550 | 
| 88 | 168   if (key_length != DecryptConfig::kDecryptionKeySize) { | 
| 89   const int kSupportedKeyLength = 16;  // 128-bit key. |  | 
| 90   if (key_length != kSupportedKeyLength) { |  | 
| 91     DVLOG(1) << "Invalid key length: " << key_length; | 169     DVLOG(1) << "Invalid key length: " << key_length; | 
| 92     client_->KeyError(key_system, session_id, Decryptor::kUnknownError, 0); | 170     client_->KeyError(key_system, session_id, Decryptor::kUnknownError, 0); | 
| 93     return; | 171     return; | 
| 94   } | 172   } | 
| 95 | 173 | 
| 96   // TODO(xhwang): Fix the decryptor to accept no |init_data|. See | 174   // TODO(xhwang): Fix the decryptor to accept no |init_data|. See | 
| 97   // http://crbug.com/123265. Until then, ensure a non-empty value is passed. | 175   // http://crbug.com/123265. Until then, ensure a non-empty value is passed. | 
| 98   static const uint8 kDummyInitData[1] = { 0 }; | 176   static const uint8 kDummyInitData[1] = { 0 }; | 
| 99   if (!init_data) { | 177   if (!init_data) { | 
| 100     init_data = kDummyInitData; | 178     init_data = kDummyInitData; | 
| 101     init_data_length = arraysize(kDummyInitData); | 179     init_data_length = arraysize(kDummyInitData); | 
| 102   } | 180   } | 
| 103 | 181 | 
| 104   // TODO(xhwang): For now, use |init_data| for key ID. Make this more spec | 182   // TODO(xhwang): For now, use |init_data| for key ID. Make this more spec | 
| 105   // compliant later (http://crbug.com/123262, http://crbug.com/123265). | 183   // compliant later (http://crbug.com/123262, http://crbug.com/123265). | 
| 106   std::string key_id_string(reinterpret_cast<const char*>(init_data), | 184   std::string key_id_string(reinterpret_cast<const char*>(init_data), | 
| 107                             init_data_length); | 185                             init_data_length); | 
| 108   std::string key_string(reinterpret_cast<const char*>(key) , key_length); | 186   std::string key_string(reinterpret_cast<const char*>(key) , key_length); | 
| 109   crypto::SymmetricKey* symmetric_key = crypto::SymmetricKey::Import( | 187   scoped_ptr<DecryptionKey> decryption_key(new DecryptionKey(key_string)); | 
| 110       crypto::SymmetricKey::AES, key_string); | 188   if (!decryption_key.get()) { | 
| 111   if (!symmetric_key) { | 189     DVLOG(1) << "Could not create key."; | 
| 112     DVLOG(1) << "Could not import key."; |  | 
| 113     client_->KeyError(key_system, session_id, Decryptor::kUnknownError, 0); | 190     client_->KeyError(key_system, session_id, Decryptor::kUnknownError, 0); | 
| 114     return; | 191     return; | 
| 115   } | 192   } | 
|  | 193 | 
|  | 194   // TODO(fgalligan): When ISO is added we will need to figure out how to | 
|  | 195   // detect if the encrypted data will contain an HMAC. | 
|  | 196   if (!decryption_key->Init(true)) { | 
|  | 197     DVLOG(1) << "Could not initialize decryption key."; | 
|  | 198     client_->KeyError(key_system, session_id, Decryptor::kUnknownError, 0); | 
|  | 199     return; | 
|  | 200   } | 
| 116 | 201 | 
| 117   { | 202   { | 
| 118     base::AutoLock auto_lock(key_map_lock_); | 203     base::AutoLock auto_lock(key_map_lock_); | 
| 119     KeyMap::iterator found = key_map_.find(key_id_string); | 204     KeyMap::iterator found = key_map_.find(key_id_string); | 
| 120     if (found != key_map_.end()) { | 205     if (found != key_map_.end()) { | 
| 121       delete found->second; | 206       delete found->second; | 
| 122       key_map_.erase(found); | 207       key_map_.erase(found); | 
| 123     } | 208     } | 
| 124     key_map_[key_id_string] = symmetric_key; | 209     key_map_[key_id_string] = decryption_key.release(); | 
| 125   } | 210   } | 
| 126 | 211 | 
| 127   client_->KeyAdded(key_system, session_id); | 212   client_->KeyAdded(key_system, session_id); | 
| 128 } | 213 } | 
| 129 | 214 | 
| 130 void AesDecryptor::CancelKeyRequest(const std::string& key_system, | 215 void AesDecryptor::CancelKeyRequest(const std::string& key_system, | 
| 131                                     const std::string& session_id) { | 216                                     const std::string& session_id) { | 
| 132 } | 217 } | 
| 133 | 218 | 
| 134 void AesDecryptor::Decrypt(const scoped_refptr<DecoderBuffer>& encrypted, | 219 void AesDecryptor::Decrypt(const scoped_refptr<DecoderBuffer>& encrypted, | 
| 135                            const DecryptCB& decrypt_cb) { | 220                            const DecryptCB& decrypt_cb) { | 
| 136   CHECK(encrypted->GetDecryptConfig()); | 221   CHECK(encrypted->GetDecryptConfig()); | 
| 137   const uint8* key_id = encrypted->GetDecryptConfig()->key_id(); | 222   const uint8* key_id = encrypted->GetDecryptConfig()->key_id(); | 
| 138   const int key_id_size = encrypted->GetDecryptConfig()->key_id_size(); | 223   const int key_id_size = encrypted->GetDecryptConfig()->key_id_size(); | 
| 139 | 224 | 
| 140   // TODO(xhwang): Avoid always constructing a string with StringPiece? | 225   // TODO(xhwang): Avoid always constructing a string with StringPiece? | 
| 141   std::string key_id_string(reinterpret_cast<const char*>(key_id), key_id_size); | 226   std::string key_id_string(reinterpret_cast<const char*>(key_id), key_id_size); | 
| 142 | 227 | 
| 143   crypto::SymmetricKey* key = NULL; | 228   DecryptionKey* key = NULL; | 
| 144   { | 229   { | 
| 145     base::AutoLock auto_lock(key_map_lock_); | 230     base::AutoLock auto_lock(key_map_lock_); | 
| 146     KeyMap::const_iterator found = key_map_.find(key_id_string); | 231     KeyMap::const_iterator found = key_map_.find(key_id_string); | 
| 147     if (found != key_map_.end()) | 232     if (found != key_map_.end()) | 
| 148       key = found->second; | 233       key = found->second; | 
| 149   } | 234   } | 
| 150 | 235 | 
| 151   if (!key) { | 236   if (!key) { | 
|  | 237     // TODO(fgalligan): Fire a need_key event here and add a test. | 
| 152     DVLOG(1) << "Could not find a matching key for given key ID."; | 238     DVLOG(1) << "Could not find a matching key for given key ID."; | 
| 153     decrypt_cb.Run(kError, NULL); | 239     decrypt_cb.Run(kError, NULL); | 
| 154     return; | 240     return; | 
| 155   } | 241   } | 
| 156 | 242 | 
| 157   scoped_refptr<DecoderBuffer> decrypted = DecryptData(*encrypted, key); | 243   int checksum_size = encrypted->GetDecryptConfig()->checksum_size(); | 
|  | 244   // According to the WebM encrypted specification, it is an open question | 
|  | 245   // what should happen when a frame fails the integrity check. | 
|  | 246   // http://wiki.webmproject.org/encryption/webm-encryption-rfc | 
|  | 247   if (checksum_size > 0 && | 
|  | 248       !key->hmac_key().empty() && | 
|  | 249       !CheckData(*encrypted, key->hmac_key())) { | 
|  | 250     DVLOG(1) << "Integrity check failed."; | 
|  | 251     decrypt_cb.Run(kError, NULL); | 
|  | 252     return; | 
|  | 253   } | 
| 158 | 254 | 
|  | 255   scoped_refptr<DecoderBuffer> decrypted = | 
|  | 256       DecryptData(*encrypted, | 
|  | 257                   key->decryption_key(), | 
|  | 258                   encrypted->GetDecryptConfig()->encrypted_frame_offset()); | 
| 159   if (!decrypted) { | 259   if (!decrypted) { | 
| 160     DVLOG(1) << "Decryption failed."; | 260     DVLOG(1) << "Decryption failed."; | 
| 161     decrypt_cb.Run(kError, NULL); | 261     decrypt_cb.Run(kError, NULL); | 
| 162     return; | 262     return; | 
| 163   } | 263   } | 
| 164 | 264 | 
| 165   decrypted->SetTimestamp(encrypted->GetTimestamp()); | 265   decrypted->SetTimestamp(encrypted->GetTimestamp()); | 
| 166   decrypted->SetDuration(encrypted->GetDuration()); | 266   decrypted->SetDuration(encrypted->GetDuration()); | 
| 167   decrypt_cb.Run(kSuccess, decrypted); | 267   decrypt_cb.Run(kSuccess, decrypted); | 
| 168 } | 268 } | 
| 169 | 269 | 
|  | 270 AesDecryptor::DecryptionKey::DecryptionKey( | 
|  | 271     const std::string& secret) | 
|  | 272     : secret_(secret) { | 
|  | 273 } | 
|  | 274 | 
|  | 275 AesDecryptor::DecryptionKey::~DecryptionKey() {} | 
|  | 276 | 
|  | 277 bool AesDecryptor::DecryptionKey::Init(bool derive_webm_keys) { | 
|  | 278   CHECK(!secret_.empty()); | 
|  | 279 | 
|  | 280   if (derive_webm_keys) { | 
|  | 281     std::string raw_key = DeriveKey(secret_, | 
|  | 282                                     kWebmEncryptionSeed, | 
|  | 283                                     secret_.length()); | 
|  | 284     if (raw_key.empty()) { | 
|  | 285       return false; | 
|  | 286     } | 
|  | 287     decryption_key_.reset( | 
|  | 288         crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key)); | 
|  | 289     if (!decryption_key_.get()) { | 
|  | 290       return false; | 
|  | 291     } | 
|  | 292 | 
|  | 293     hmac_key_ = DeriveKey(secret_, kWebmHmacSeed, kWebmSha1DigestSize); | 
|  | 294     if (hmac_key_.empty()) { | 
|  | 295       return false; | 
|  | 296     } | 
|  | 297     return true; | 
|  | 298   } | 
|  | 299 | 
|  | 300   decryption_key_.reset( | 
|  | 301       crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, secret_)); | 
|  | 302   if (!decryption_key_.get()) { | 
|  | 303     return false; | 
|  | 304   } | 
|  | 305   return true; | 
|  | 306 } | 
|  | 307 | 
| 170 }  // namespace media | 308 }  // namespace media | 
| OLD | NEW | 
|---|