Add support for encrypted WebM files as defined in the RFC.

media/crypto/hmac_aes_decryptor.h

Index: media/crypto/hmac_aes_decryptor.h
diff --git a/media/crypto/hmac_aes_decryptor.h b/media/crypto/hmac_aes_decryptor.h
new file mode 100755
index 0000000000000000000000000000000000000000..2b4fa9cfcf4f6672f325903f141abd494acbf915
--- /dev/null
+++ b/media/crypto/hmac_aes_decryptor.h
@@ -0,0 +1,88 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef MEDIA_CRYPTO_HMAC_AES_DECRYPTOR_H_
+#define MEDIA_CRYPTO_HMAC_AES_DECRYPTOR_H_
+
+#include <string>
+
+#include "base/basictypes.h"
+#include "base/hash_tables.h"
+#include "base/memory/scoped_ptr.h"
+#include "media/base/media_export.h"
+#include "media/crypto/decryptor.h"
+
+namespace crypto {
+class SymmetricKey;
+}
+
+namespace media {
+
+class DecoderBuffer;
+
+// Checks the integrity of the encrypted data and decrypts the AES encrypted
+// buffer into an unencrypted buffer.
+class MEDIA_EXPORT HmacAesDecryptor : public Decryptor {
+ public:
+  // The size is from the WebM encrypted specification. Current WebM
+  // encrypted request for comments specification is here
+  // http://wiki.webmproject.org/encryption/webm-encryption-rfc.
+  static const int kSha1DigestSize = 20;
+  static const char kHmacSeed[];
+  static const char kEncryptionSeed[];
+
+  HmacAesDecryptor();
+  virtual ~HmacAesDecryptor();
+
+  // Decryptor implementation.
+  // Add a |key_id| and |key| pair to the key system. The key is not limited to
+  // a decryption key. It can be any data that the key system accepts, such as
+  // a license. If multiple calls of this function set different keys for the
+  // same |key_id|, the older key will be replaced by the newer key.
+  virtual void AddKey(const uint8* key_id, int key_id_size,
+                      const uint8* key, int key_size) OVERRIDE;
+
+  // Check and Decrypt |input| buffer. The |input| should not be NULL.
+  // Return a DecoderBuffer with the decrypted data if the check and
+  // decryption succeeded. Return NULL if check or decryption failed.
+  // TODO(fgalligan): Do we need to differentiate between a check failure
+  // and a decryption failure?
+  virtual scoped_refptr<DecoderBuffer> Decrypt(
+      const scoped_refptr<DecoderBuffer>& input) OVERRIDE;
+
+ private:
+  // Helper class that manages the HMAC and encryption keys.
+  class HmacEncryptionKeys {
+   public:
+    explicit HmacEncryptionKeys(const std::string& secret);
+    ~HmacEncryptionKeys();
+
+    // Creates the HMAC and encryption key.
+    bool Init();
+
+    std::string hmac_key() { return hmac_key_; }
+    crypto::SymmetricKey* encryption_key() { return encryption_key_.get(); }
+
+   private:
+    // The base secret that is used to derive the HMAC and encryption keys.
+    const std::string secret_;
+
+    // The key used to perform the intergrity check.
+    std::string hmac_key_;
+
+    // The key used to decrypt the data.
+    scoped_ptr<crypto::SymmetricKey> encryption_key_;
+  };
+
+  // KeysMap owns the HmacEncryptionKeys* and must delete them when they are
+  // not needed any more.
+  typedef base::hash_map<std::string, HmacEncryptionKeys*> KeysMap;
+  KeysMap keys_map_;
+
+  DISALLOW_COPY_AND_ASSIGN(HmacAesDecryptor);
+};
+
+}  // namespace media
+
+#endif  // MEDIA_CRYPTO_HMAC_AES_DECRYPTOR_H_