Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(91)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: media/crypto/aes_decryptor.h

Issue 10535029: Add support for encrypted WebM files as defined in the RFC. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Fix uint64 literal. Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « media/base/decrypt_config.cc ('k') | media/crypto/aes_decryptor.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef MEDIA_CRYPTO_AES_DECRYPTOR_H_ 5 #ifndef MEDIA_CRYPTO_AES_DECRYPTOR_H_
6 #define MEDIA_CRYPTO_AES_DECRYPTOR_H_ 6 #define MEDIA_CRYPTO_AES_DECRYPTOR_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
11 #include "base/hash_tables.h" 11 #include "base/hash_tables.h"
12 #include "base/memory/ref_counted.h" 12 #include "base/memory/ref_counted.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/string_piece.h"
13 #include "base/synchronization/lock.h" 15 #include "base/synchronization/lock.h"
14 #include "media/base/decryptor.h" 16 #include "media/base/decryptor.h"
15 #include "media/base/media_export.h" 17 #include "media/base/media_export.h"
16 18
17 namespace crypto { 19 namespace crypto {
18 class SymmetricKey; 20 class SymmetricKey;
19 } 21 }
20 22
21 namespace media { 23 namespace media {
22 24
23 class DecryptorClient; 25 class DecryptorClient;
24 26
25 // Decryptor implementation that decrypts AES-encrypted buffer. 27 // Decrypts an AES encrypted buffer into an unencrypted buffer. The AES
28 // encryption must be CTR with a key size of 128bits. Optionally checks the
29 // integrity of the encrypted data.
26 class MEDIA_EXPORT AesDecryptor : public Decryptor { 30 class MEDIA_EXPORT AesDecryptor : public Decryptor {
27 public: 31 public:
28 // The AesDecryptor does not take ownership of the |client|. The |client| 32 // The AesDecryptor does not take ownership of the |client|. The |client|
29 // must be valid throughout the lifetime of the AesDecryptor. 33 // must be valid throughout the lifetime of the AesDecryptor.
30 explicit AesDecryptor(DecryptorClient* client); 34 explicit AesDecryptor(DecryptorClient* client);
31 virtual ~AesDecryptor(); 35 virtual ~AesDecryptor();
32 36
33 // Decryptor implementation. 37 // Decryptor implementation.
34 virtual void GenerateKeyRequest(const std::string& key_system, 38 virtual void GenerateKeyRequest(const std::string& key_system,
35 const uint8* init_data, 39 const uint8* init_data,
36 int init_data_length) OVERRIDE; 40 int init_data_length) OVERRIDE;
37 virtual void AddKey(const std::string& key_system, 41 virtual void AddKey(const std::string& key_system,
38 const uint8* key, 42 const uint8* key,
39 int key_length, 43 int key_length,
40 const uint8* init_data, 44 const uint8* init_data,
41 int init_data_length, 45 int init_data_length,
42 const std::string& session_id) OVERRIDE; 46 const std::string& session_id) OVERRIDE;
43 virtual void CancelKeyRequest(const std::string& key_system, 47 virtual void CancelKeyRequest(const std::string& key_system,
44 const std::string& session_id) OVERRIDE; 48 const std::string& session_id) OVERRIDE;
49 // Decrypts |encrypted| buffer. |encrypted| should not be NULL. |encrypted|
50 // will signal if an integrity check must be performed before decryption.
51 // Returns a DecoderBuffer with the decrypted data if the decryption
52 // succeeded through |decrypt_cb|.
45 virtual void Decrypt(const scoped_refptr<DecoderBuffer>& encrypted, 53 virtual void Decrypt(const scoped_refptr<DecoderBuffer>& encrypted,
46 const DecryptCB& decrypt_cb) OVERRIDE; 54 const DecryptCB& decrypt_cb) OVERRIDE;
47 55
48 private: 56 private:
49 // KeyMap owns the crypto::SymmetricKey* and must delete them when they are 57 // Helper class that manages the decryption key and HMAC key. The HMAC key
58 // may be NULL.
59 class DecryptionKey {
60 public:
61 explicit DecryptionKey(const std::string& secret);
62 ~DecryptionKey();
63
64 // Creates the encryption key and HMAC. If |derive_webm_keys| is true then
65 // the object will derive the decryption key and the HMAC key from
66 // |secret_|.
67 bool Init(bool derive_webm_keys);
68
69 crypto::SymmetricKey* decryption_key() { return decryption_key_.get(); }
70 base::StringPiece hmac_key() { return base::StringPiece(hmac_key_); }
71
72 private:
73 // The base secret that is used to derive the decryption key and optionally
74 // the HMAC key.
75 const std::string secret_;
76
77 // The key used to decrypt the data.
78 scoped_ptr<crypto::SymmetricKey> decryption_key_;
79
80 // The key used to perform the integrity check. Currently the HMAC key is
81 // defined by the WebM encrypted specification. Current encrypted WebM
82 // request for comments specification is here
83 // http://wiki.webmproject.org/encryption/webm-encryption-rfc
84 std::string hmac_key_;
85
86 DISALLOW_COPY_AND_ASSIGN(DecryptionKey);
87 };
88
89 // KeyMap owns the DecryptionKey* and must delete them when they are
50 // not needed any more. 90 // not needed any more.
51 typedef base::hash_map<std::string, crypto::SymmetricKey*> KeyMap; 91 typedef base::hash_map<std::string, DecryptionKey*> KeyMap;
52 92
53 // Since only Decrypt() is called off the renderer thread, we only need to 93 // Since only Decrypt() is called off the renderer thread, we only need to
54 // protect |key_map_|, the only member variable that is shared between 94 // protect |key_map_|, the only member variable that is shared between
55 // Decrypt() and other methods. 95 // Decrypt() and other methods.
56 KeyMap key_map_; // Protected by the |key_map_lock_|. 96 KeyMap key_map_; // Protected by the |key_map_lock_|.
57 base::Lock key_map_lock_; // Protects the |key_map_|. 97 base::Lock key_map_lock_; // Protects the |key_map_|.
58 98
59 // Make session ID unique per renderer by making it static. 99 // Make session ID unique per renderer by making it static.
60 // TODO(xhwang): Make session ID more strictly defined if needed: 100 // TODO(xhwang): Make session ID more strictly defined if needed:
61 // https://www.w3.org/Bugs/Public/show_bug.cgi?id=16739#c0 101 // https://www.w3.org/Bugs/Public/show_bug.cgi?id=16739#c0
62 static uint32 next_session_id_; 102 static uint32 next_session_id_;
63 103
64 DecryptorClient* const client_; 104 DecryptorClient* const client_;
65 105
66 DISALLOW_COPY_AND_ASSIGN(AesDecryptor); 106 DISALLOW_COPY_AND_ASSIGN(AesDecryptor);
67 }; 107 };
68 108
69 } // namespace media 109 } // namespace media
70 110
71 #endif // MEDIA_CRYPTO_AES_DECRYPTOR_H_ 111 #endif // MEDIA_CRYPTO_AES_DECRYPTOR_H_
OLDNEW
« no previous file with comments | « media/base/decrypt_config.cc ('k') | media/crypto/aes_decryptor.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698