media/crypto/aes_decryptor.cc - Issue 10535029: Add support for encrypted WebM files as defined in the RFC.

Unified Diff: media/crypto/aes_decryptor.cc

Issue 10535029: Add support for encrypted WebM files as defined in the RFC. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master

Patch Set: Addressing comments from Patch Set 12. Created 8 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: media/crypto/aes_decryptor.cc

diff --git a/media/crypto/aes_decryptor.cc b/media/crypto/aes_decryptor.cc

index 129bc330131585c2a77a66dc7ab8b96fb96c76e6..c77ad5244c8a91f4d86f2549cbbd17a12ee24af3 100644

--- a/media/crypto/aes_decryptor.cc

+++ b/media/crypto/aes_decryptor.cc

@@ -7,8 +7,8 @@

#include "base/logging.h"

#include "base/stl_util.h"

#include "base/string_number_conversions.h"

-#include "base/string_piece.h"

#include "crypto/encryptor.h"

+#include "crypto/hmac.h"

#include "crypto/symmetric_key.h"

#include "media/base/decoder_buffer.h"

#include "media/base/decrypt_config.h"

@@ -16,31 +16,110 @@

namespace media {

-// TODO(xhwang): Get real IV from frames.

-static const char kInitialCounter[] = "0000000000000000";

+// The size is from the WebM encrypted specification. Current encrypted WebM

+// request for comments specification is here

+// http://wiki.webmproject.org/encryption/webm-encryption-rfc

+static const int kWebmSha1DigestSize = 20;

+static const char kWebmHmacSeed[] = "hmac-key";

+static const char kWebmEncryptionSeed[] = "encryption-key";

uint32 AesDecryptor::next_session_id_ = 1;

-// Decrypt |input| using |key|.

-// Return a DecoderBuffer with the decrypted data if decryption succeeded.

-// Return NULL if decryption failed.

+// Derives a key using SHA1 HMAC. |secret| is the base secret to derive

+// the key from. |seed| is the known message to the HMAC algorithm. |key_size|

+// is how many bytes are returned in the key. Returns a string containing the

+// key on success. Returns an empty string on failure.

+static std::string DeriveKey(const base::StringPiece& secret,

+ const base::StringPiece& seed,

+ int key_size) {

+ CHECK(!secret.empty());

+ CHECK(!seed.empty());

+ CHECK_GT(key_size, 0);

+ crypto::HMAC hmac(crypto::HMAC::SHA1);

+ if (!hmac.Init(secret)) {

+ DVLOG(1) << "Could not initialize HMAC with secret data.";

+ return std::string();

+ }

+ scoped_array<uint8> calculated_hmac(new uint8[hmac.DigestLength()]);

+ if (!hmac.Sign(seed, calculated_hmac.get(), hmac.DigestLength())) {

+ DVLOG(1) << "Could not calculate HMAC.";

+ return std::string();

+ }

+ return std::string(reinterpret_cast<const char*>(calculated_hmac.get()),

+ key_size);

+// Checks data in |input| matches the HMAC in |input|. The check is using the

+// SHA1 algorithm. |hmac_key| is the key of the HMAC algorithm. Returns true if

+// the integrity check passes.

+static bool CheckData(const DecoderBuffer& input,

+ const base::StringPiece& hmac_key) {

+ CHECK(input.GetDataSize());

+ CHECK(input.GetDecryptConfig());

+ CHECK_GT(input.GetDecryptConfig()->checksum_size(), 0);

+ CHECK(!hmac_key.empty());

+ crypto::HMAC hmac(crypto::HMAC::SHA1);

+ if (!hmac.Init(hmac_key))

+ return false;

+ // The HMAC covers the IV and the frame data.

+ base::StringPiece data_to_check(

+ reinterpret_cast<const char*>(input.GetData()), input.GetDataSize());

+ scoped_array<uint8> calculated_hmac(new uint8[hmac.DigestLength()]);

+ if (!hmac.Sign(data_to_check, calculated_hmac.get(), hmac.DigestLength()))

+ return false;

+ DCHECK(input.GetDecryptConfig()->checksum_size() <=

+ static_cast<int>(hmac.DigestLength()));

+ if (memcmp(input.GetDecryptConfig()->checksum(),

+ calculated_hmac.get(),

+ input.GetDecryptConfig()->checksum_size()) != 0)

+ return false;

+ return true;

+// into |input| that the encrypted data starts.

+// Returns a DecoderBuffer with the decrypted data if decryption succeeded or

+// NULL if decryption failed.

static scoped_refptr<DecoderBuffer> DecryptData(const DecoderBuffer& input,

- crypto::SymmetricKey* key) {

+ crypto::SymmetricKey* key,

+ int encrypted_data_offset) {

CHECK(input.GetDataSize());

+ CHECK(input.GetDecryptConfig());

CHECK(key);

- // Initialize encryption data.

- // The IV must be exactly as long as the cipher block size.

+ // Initialize decryptor.

crypto::Encryptor encryptor;

- if (!encryptor.Init(key, crypto::Encryptor::CBC, kInitialCounter)) {

- DVLOG(1) << "Could not initialize encryptor.";

+ if (!encryptor.Init(key, crypto::Encryptor::CTR, "")) {

+ DVLOG(1) << "Could not initialize decryptor.";

+ return NULL;

+ }

+ DCHECK_EQ(input.GetDecryptConfig()->iv_size(), 16);

ddorwin 2012/07/14 00:50:31 magic #

fgalligan1 2012/07/16 23:51:42 Done.

+ // Set the counter block.

+ base::StringPiece counter_block(

+ reinterpret_cast<const char*>(input.GetDecryptConfig()->iv()),

+ input.GetDecryptConfig()->iv_size());

+ if (counter_block.empty()) {

+ DVLOG(1) << "Could not generate counter block.";

+ return NULL;

+ }

+ if (!encryptor.SetCounter(counter_block)) {

+ DVLOG(1) << "Could not set counter block.";

return NULL;

}

std::string decrypted_text;

- base::StringPiece encrypted_text(

- reinterpret_cast<const char*>(input.GetData()),

- input.GetDataSize());

+ const char* frame =

+ reinterpret_cast<const char*>(input.GetData() + encrypted_data_offset);

+ int frame_size = input.GetDataSize() - encrypted_data_offset;

+ base::StringPiece encrypted_text(frame, frame_size);

if (!encryptor.Decrypt(encrypted_text, &decrypted_text)) {

DVLOG(1) << "Could not decrypt data.";

return NULL;

@@ -106,10 +185,17 @@ void AesDecryptor::AddKey(const std::string& key_system,

std::string key_id_string(reinterpret_cast<const char*>(init_data),

init_data_length);

std::string key_string(reinterpret_cast<const char*>(key) , key_length);

- crypto::SymmetricKey* symmetric_key = crypto::SymmetricKey::Import(

- crypto::SymmetricKey::AES, key_string);

- if (!symmetric_key) {

- DVLOG(1) << "Could not import key.";

+ scoped_ptr<DecryptionKey> decryption_key(new DecryptionKey(key_string));

+ if (!decryption_key.get()) {

+ DVLOG(1) << "Could not create key.";

+ client_->KeyError(key_system, session_id, Decryptor::kUnknownError, 0);

+ return;

+ }

+ // TODO(fgalligan): When ISO is added we will need to figure out how to

+ // detect if the encrypted data will contain an HMAC.

+ if (!decryption_key->Init(true)) {

+ DVLOG(1) << "Could not initialize decryption key.";

client_->KeyError(key_system, session_id, Decryptor::kUnknownError, 0);

return;

}

@@ -121,7 +207,7 @@ void AesDecryptor::AddKey(const std::string& key_system,

delete found->second;

key_map_.erase(found);

}

- key_map_[key_id_string] = symmetric_key;

+ key_map_[key_id_string] = decryption_key.release();

}

client_->KeyAdded(key_system, session_id);

@@ -140,19 +226,33 @@ scoped_refptr<DecoderBuffer> AesDecryptor::Decrypt(

// TODO(xhwang): Avoid always constructing a string with StringPiece?

std::string key_id_string(reinterpret_cast<const char*>(key_id), key_id_size);

- crypto::SymmetricKey* key = NULL;

+ DecryptionKey* key = NULL;

{

base::AutoLock auto_lock(key_map_lock_);

KeyMap::const_iterator found = key_map_.find(key_id_string);

if (found == key_map_.end()) {

+ // TODO(fgalligan): Fire a need_key event here.

ddorwin 2012/07/14 00:50:31 Hmm, I just realized that for this event, we _only

fgalligan1 2012/07/16 23:51:42 Done.

DVLOG(1) << "Could not find a matching key for given key ID.";

return NULL;

}

key = found->second;

}

- scoped_refptr<DecoderBuffer> decrypted = DecryptData(*encrypted, key);

+ int checksum_size = encrypted->GetDecryptConfig()->checksum_size();

+ // According to the WebM encrypted specification, it is an open question

+ // what should happen when a frame fails the integrity check.

+ // http://wiki.webmproject.org/encryption/webm-encryption-rfc

+ if (checksum_size > 0 &&

+ !key->hmac_key().empty() &&

+ !CheckData(*encrypted, key->hmac_key())) {

+ DVLOG(1) << "Integrity check failed.";

+ return NULL;

ddorwin 2012/07/14 00:50:31 Until the open question above is resolved, let's f

xhwang 2012/07/14 01:02:31 Currently when the decoder sees NULL it will fire

fgalligan1 2012/07/16 23:51:42 Is this fine for now?

+ }

+ scoped_refptr<DecoderBuffer> decrypted =

+ DecryptData(*encrypted,

+ key->decryption_key(),

+ encrypted->GetDecryptConfig()->encrypted_frame_offset());

if (decrypted) {

decrypted->SetTimestamp(encrypted->GetTimestamp());

decrypted->SetDuration(encrypted->GetDuration());

@@ -161,4 +261,42 @@ scoped_refptr<DecoderBuffer> AesDecryptor::Decrypt(

return decrypted;

}

+AesDecryptor::DecryptionKey::DecryptionKey(

+ const std::string& secret)

+ : secret_(secret) {

+AesDecryptor::DecryptionKey::~DecryptionKey() {}

+bool AesDecryptor::DecryptionKey::Init(bool derive_webm_keys) {

+ CHECK(!secret_.empty());

+ if (derive_webm_keys) {

+ std::string raw_key = DeriveKey(secret_,

+ kWebmEncryptionSeed,

+ secret_.length());

+ if (raw_key.empty()) {

+ return false;

+ }

+ decryption_key_.reset(

+ crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key));

+ if (!decryption_key_.get()) {

+ return false;

+ }

+ hmac_key_ = DeriveKey(secret_, kWebmHmacSeed, kWebmSha1DigestSize);

+ if (hmac_key_.empty()) {

+ return false;

+ }

xhwang 2012/07/14 00:05:22 nit: return true here and eliminate the following

fgalligan1 2012/07/16 23:51:42 Done.

+ } else {

+ decryption_key_.reset(

+ crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, secret_));

+ if (!decryption_key_.get()) {

+ return false;

+ }

+ return true;

} // namespace media

« media/crypto/aes_decryptor.h ('K') | « media/crypto/aes_decryptor.h ('k') | media/crypto/aes_decryptor_unittest.cc » ('j') | media/filters/ffmpeg_video_decoder_unittest.cc » ('J')