Add support for encrypted WebM files as defined in the RFC.

media/crypto/aes_decryptor.h

Index: media/crypto/aes_decryptor.h
diff --git a/media/crypto/aes_decryptor.h b/media/crypto/aes_decryptor.h
index 72010526a90323430d716d349f63eec8b56d04cf..0b461706eb7d2adf1d64e94dc674136e917613ad 100644
--- a/media/crypto/aes_decryptor.h
+++ b/media/crypto/aes_decryptor.h
@@ -10,6 +10,7 @@
 #include "base/basictypes.h"
 #include "base/hash_tables.h"
 #include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
 #include "base/synchronization/lock.h"
 #include "media/base/decryptor.h"
 #include "media/base/media_export.h"
@@ -22,9 +23,18 @@ namespace media {
 
 class DecryptorClient;
 
-// Decryptor implementation that decrypts AES-encrypted buffer.
+// Checks the integrity of the encrypted data and decrypts the AES encrypted

[ddorwin, 2012/07/10 01:12:20]

Eventually, this should be "Optionally..."

[fgalligan1, 2012/07/11 22:06:33]

Done.

+// buffer into an unencrypted buffer.
 class MEDIA_EXPORT AesDecryptor : public Decryptor {
  public:
+  // The size is from the WebM encrypted specification. Current WebM
+  // encrypted request for comments specification is here
+  // http://wiki.webmproject.org/encryption/webm-encryption-rfc
+  static const int kSha1DigestSize = 20;

[ddorwin, 2012/07/10 01:12:20]

kWebMSha1DigestSize
Same for 35 and 36. Then 34 should be separate since it will be common for ISO
too.
Can we move these to WebMHmacEncryptionKeys or the .cc file?

[fgalligan1, 2012/07/11 22:06:33]

Added Webm to the consts. Moved the Webm consts to the .cc file. Moved kKeySize
to webm_cluster_parser.cc to behave more like the iso parser.

+  static const int kKeySize = 16;
+  static const char kHmacSeed[];
+  static const char kEncryptionSeed[];
+
   // The AesDecryptor does not take ownership of the |client|. The |client|
   // must be valid throughout the lifetime of the AesDecryptor.
   explicit AesDecryptor(DecryptorClient* client);
@@ -42,19 +52,48 @@ class MEDIA_EXPORT AesDecryptor : public Decryptor {
                       const std::string& session_id) OVERRIDE;
   virtual void CancelKeyRequest(const std::string& key_system,
                                 const std::string& session_id) OVERRIDE;
+
+  // Check and Decrypt |input| buffer. The |input| should not be NULL.

[xhwang, 2012/07/10 06:31:25]

"Checks and Decrypts"

[fgalligan1, 2012/07/11 22:06:33]

Done.

+  // Return a DecoderBuffer with the decrypted data if the check and

[ddorwin, 2012/07/10 01:12:20]

*integrity* check

[fgalligan1, 2012/07/11 22:06:33]

Done.

+  // decryption succeeded. Return NULL if check or decryption failed.
+  // TODO(fgalligan): Do we need to differentiate between a check failure

[ddorwin, 2012/07/10 01:12:20]

Not to the application. There is no error to report verification failure.

[fgalligan1, 2012/07/11 22:06:33]

Done.

+  // and a decryption failure?
   virtual scoped_refptr<DecoderBuffer> Decrypt(
       const scoped_refptr<DecoderBuffer>& input) OVERRIDE;
 
  private:
-  // KeyMap owns the crypto::SymmetricKey* and must delete them when they are
+  // Helper class that manages the HMAC and encryption keys.

[ddorwin, 2012/07/10 01:12:20]

It's probably worth referring to the RFC here.

[fgalligan1, 2012/07/11 22:06:33]

Done.

+  class HmacEncryptionKeys {

[ddorwin, 2012/07/10 01:12:20]

Since this uses WebM-specific constants, it should be named
WebMHmacEncryptionKeys.
Eventually (when adding ISO), I think we can create an interface (or base class
without HMAC) and only define that here and move this inside the .cc file.

[fgalligan1, 2012/07/11 22:06:33]

Done.

+   public:
+    explicit HmacEncryptionKeys(const std::string& secret);
+    ~HmacEncryptionKeys();
+
+    // Creates the HMAC and encryption key.
+    bool Init();
+
+    std::string hmac_key() { return hmac_key_; }

[xhwang, 2012/07/10 06:31:25]

We can return StringPiece here. Also see the comment on CheckData in
aes_decryptor.cc file.

[fgalligan1, 2012/07/11 22:06:33]

Done.

+    crypto::SymmetricKey* encryption_key() { return encryption_key_.get(); }

[ddorwin, 2012/07/10 01:12:20]

decryption_key seems better.

[fgalligan1, 2012/07/11 22:06:33]

Done.

+
+   private:
+    // The base secret that is used to derive the HMAC and encryption keys.
+    const std::string secret_;
+
+    // The key used to perform the intergrity check.

[xhwang, 2012/07/10 06:31:25]

s/intergrity/integrity

[fgalligan1, 2012/07/11 22:06:33]

Done.

+    std::string hmac_key_;
+
+    // The key used to decrypt the data.
+    scoped_ptr<crypto::SymmetricKey> encryption_key_;
+  };

[ddorwin, 2012/07/10 01:12:20]

DISALLOW_COPY_AND_ASSIGN

[fgalligan1, 2012/07/11 22:06:33]

Done.

+
+  // KeysMap owns the HmacEncryptionKeys* and must delete them when they are
   // not needed any more.
-  typedef base::hash_map<std::string, crypto::SymmetricKey*> KeyMap;
+  typedef base::hash_map<std::string, HmacEncryptionKeys*> KeysMap;
 
   // Since only Decrypt() is called off the renderer thread, we only need to
-  // protect |key_map_|, the only member variable that is shared between
+  // protect |keys_map_|, the only member variable that is shared between
   // Decrypt() and other methods.
-  KeyMap key_map_;  // Protected by the |key_map_lock_|.
-  base::Lock key_map_lock_;  // Protects the |key_map_|.
+  KeysMap keys_map_;  // Protected by the |keys_map_lock_|.
+  base::Lock keys_map_lock_;  // Protects the |keys_map_|.
 
   // Make session ID unique per renderer by making it static.
   // TODO(xhwang): Make session ID more strictly defined if needed:
@@ -68,4 +107,4 @@ class MEDIA_EXPORT AesDecryptor : public Decryptor {
 
 }  // namespace media
 
-#endif  // MEDIA_CRYPTO_AES_DECRYPTOR_H_
+#endif  // MEDIA_CRYPTO_HMAC_AES_DECRYPTOR_H_