Add Common Encryption support to BMFF, including subsample decryption.

media/crypto/aes_decryptor.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "media/crypto/aes_decryptor.h"
 
 #include "base/logging.h"
 #include "base/stl_util.h"
 #include "base/string_number_conversions.h"
 #include "crypto/encryptor.h"
@@ skipping 41 matching lines @@
                      key_size);
 }
 
 // Checks data in |input| matches the HMAC in |input|. The check is using the
 // SHA1 algorithm. |hmac_key| is the key of the HMAC algorithm. Returns true if
 // the integrity check passes.
 static bool CheckData(const DecoderBuffer& input,
                       const base::StringPiece& hmac_key) {
   CHECK(input.GetDataSize());
   CHECK(input.GetDecryptConfig());
-  CHECK_GT(input.GetDecryptConfig()->checksum_size(), 0);
+  CHECK_GT(input.GetDecryptConfig()->checksum().size(), 0u);
   CHECK(!hmac_key.empty());
 
   crypto::HMAC hmac(crypto::HMAC::SHA1);
   if (!hmac.Init(hmac_key))
     return false;
 
   // The HMAC covers the IV and the frame data.
   base::StringPiece data_to_check(
       reinterpret_cast<const char*>(input.GetData()), input.GetDataSize());
 
   scoped_array<uint8> calculated_hmac(new uint8[hmac.DigestLength()]);
   if (!hmac.Sign(data_to_check, calculated_hmac.get(), hmac.DigestLength()))
     return false;
 
-  DCHECK(input.GetDecryptConfig()->checksum_size() <=
-         static_cast<int>(hmac.DigestLength()));
-  if (memcmp(input.GetDecryptConfig()->checksum(),
+  DCHECK(input.GetDecryptConfig()->checksum().size() <= hmac.DigestLength());
+  if (memcmp(input.GetDecryptConfig()->checksum().data(),

[ddorwin, 2012/07/24 01:00:10]

Please add:
TODO(fgalligan): Use hmac.Verify().

[strobe_, 2012/07/25 01:05:13]

Done.

              calculated_hmac.get(),
-             input.GetDecryptConfig()->checksum_size()) != 0)
+             input.GetDecryptConfig()->checksum().size()) != 0)
     return false;
   return true;
 }
 
-// Decrypts |input| using |key|. |encrypted_data_offset| is the number of bytes
-// into |input| that the encrypted data starts.
-// Returns a DecoderBuffer with the decrypted data if decryption succeeded or
-// NULL if decryption failed.
+enum ClearBytesBufferSel {
+  kSrcContainsClearBytes,
+  kDstContainsClearBytes,
+};
+
+static void CopySubsamples(const std::vector<SubsampleEntry>& subsamples,
+                           const ClearBytesBufferSel sel,
+                           const uint8* src,
+                           uint8* dst) {
+  for (size_t i = 0; i < subsamples.size(); i++) {
+    const SubsampleEntry& subsample = subsamples[i];
+    if (sel == kSrcContainsClearBytes) {
+      src += subsample.clear_bytes;
+    } else {
+      dst += subsample.clear_bytes;
+    }
+    memcpy(dst, src, subsample.cypher_bytes);
+    src += subsample.cypher_bytes;
+    dst += subsample.cypher_bytes;
+  }
+}
+
+// Decrypts |input| using |key|.  Returns a DecoderBuffer with the decrypted
+// data if decryption succeeded or NULL if decryption failed.
 static scoped_refptr<DecoderBuffer> DecryptData(const DecoderBuffer& input,
-                                                crypto::SymmetricKey* key,
-                                                int encrypted_data_offset) {
+                                                crypto::SymmetricKey* key) {
   CHECK(input.GetDataSize());
   CHECK(input.GetDecryptConfig());
   CHECK(key);
 
-  // Initialize decryptor.
   crypto::Encryptor encryptor;
   if (!encryptor.Init(key, crypto::Encryptor::CTR, "")) {
     DVLOG(1) << "Could not initialize decryptor.";
     return NULL;
   }
 
-  DCHECK_EQ(input.GetDecryptConfig()->iv_size(),
-            DecryptConfig::kDecryptionKeySize);
-  // Set the counter block.
-  base::StringPiece counter_block(
-      reinterpret_cast<const char*>(input.GetDecryptConfig()->iv()),
-      input.GetDecryptConfig()->iv_size());
-  if (counter_block.empty()) {
-    DVLOG(1) << "Could not generate counter block.";
-    return NULL;
-  }
-  if (!encryptor.SetCounter(counter_block)) {
+  DCHECK_EQ(input.GetDecryptConfig()->iv().size(),
+            static_cast<size_t>(DecryptConfig::kDecryptionKeySize));
+  if (!encryptor.SetCounter(input.GetDecryptConfig()->iv())) {
     DVLOG(1) << "Could not set counter block.";
     return NULL;
   }
 
+  const int data_offset = input.GetDecryptConfig()->data_offset();
+  const char* sample =
+      reinterpret_cast<const char*>(input.GetData() + data_offset);
+  int sample_size = input.GetDataSize() - data_offset;
+
+  if (input.GetDecryptConfig()->subsamples().empty()) {
+    std::string decrypted_text;
+    base::StringPiece encrypted_text(sample, sample_size);
+    if (!encryptor.Decrypt(encrypted_text, &decrypted_text)) {
+      DVLOG(1) << "Could not decrypt data.";
+      return NULL;
+    }
+
+    // TODO(xhwang): Find a way to avoid this data copy.
+    return DecoderBuffer::CopyFrom(
+        reinterpret_cast<const uint8*>(decrypted_text.data()),
+        decrypted_text.size());
+  }
+
+  const std::vector<SubsampleEntry>& subsamples =
+      input.GetDecryptConfig()->subsamples();
+
+  int total_clear_size = 0;
+  int total_encrypted_size = 0;
+  for (size_t i = 0; i < subsamples.size(); i++) {
+    total_clear_size += subsamples[i].clear_bytes;
+    total_encrypted_size += subsamples[i].cypher_bytes;
+  }
+  if (total_clear_size + total_encrypted_size != sample_size) {
+    DVLOG(1) << "Subsample sizes do not equal input size";
+    return NULL;
+  }
+
+  // The encrypted portions of all subsamples must form a contiguous block,
+  // such that an encrypted subsample that ends away from a block boundary is
+  // immediately followed by the start of the next encrypted subsample. We
+  // copy all encrypted subsamples to a contiguous buffer, decrypt them, then
+  // copy the decrypted bytes over the encrypted bytes in the output.
+  // TODO(strobe): attempt to reduce number of memory copies
+  scoped_array<uint8> encrypted_bytes(new uint8[total_encrypted_size]);
+  CopySubsamples(subsamples, kSrcContainsClearBytes,
+                 reinterpret_cast<const uint8*>(sample), encrypted_bytes.get());
+
+  base::StringPiece encrypted_text(
+      reinterpret_cast<const char*>(encrypted_bytes.get()),
+      total_encrypted_size);
   std::string decrypted_text;
-  const char* frame =
-      reinterpret_cast<const char*>(input.GetData() + encrypted_data_offset);
-  int frame_size = input.GetDataSize() - encrypted_data_offset;
-  base::StringPiece encrypted_text(frame, frame_size);
   if (!encryptor.Decrypt(encrypted_text, &decrypted_text)) {
     DVLOG(1) << "Could not decrypt data.";
     return NULL;
   }
 
-  // TODO(xhwang): Find a way to avoid this data copy.
-  return DecoderBuffer::CopyFrom(
-      reinterpret_cast<const uint8*>(decrypted_text.data()),
-      decrypted_text.size());
+  scoped_refptr<DecoderBuffer> output = DecoderBuffer::CopyFrom(
+      reinterpret_cast<const uint8*>(sample), sample_size);
+  CopySubsamples(subsamples, kDstContainsClearBytes,
+                 reinterpret_cast<const uint8*>(decrypted_text.data()),
+                 output->GetWritableData());
+  return output;
 }
 
 AesDecryptor::AesDecryptor(DecryptorClient* client)
     : client_(client) {
 }
 
 AesDecryptor::~AesDecryptor() {
   STLDeleteValues(&key_map_);
 }
 
@@ skipping 41 matching lines @@
   std::string key_id_string(reinterpret_cast<const char*>(init_data),
                             init_data_length);
   std::string key_string(reinterpret_cast<const char*>(key) , key_length);
   scoped_ptr<DecryptionKey> decryption_key(new DecryptionKey(key_string));
   if (!decryption_key.get()) {
     DVLOG(1) << "Could not create key.";
     client_->KeyError(key_system, session_id, Decryptor::kUnknownError, 0);
     return;
   }
 
   // TODO(fgalligan): When ISO is added we will need to figure out how to

[ddorwin, 2012/07/24 01:00:10]

This is probably redundant with the TODO below.

[strobe_, 2012/07/25 01:05:13]

Done.

   // detect if the encrypted data will contain an HMAC.
-  if (!decryption_key->Init(true)) {
+  if (!decryption_key->Init()) {
     DVLOG(1) << "Could not initialize decryption key.";
     client_->KeyError(key_system, session_id, Decryptor::kUnknownError, 0);
     return;
   }
 
   {
     base::AutoLock auto_lock(key_map_lock_);
     KeyMap::iterator found = key_map_.find(key_id_string);
     if (found != key_map_.end()) {
       delete found->second;
       key_map_.erase(found);
     }
     key_map_[key_id_string] = decryption_key.release();
   }
 
   client_->KeyAdded(key_system, session_id);
 }
 
 void AesDecryptor::CancelKeyRequest(const std::string& key_system,
                                     const std::string& session_id) {
 }
 
 void AesDecryptor::Decrypt(const scoped_refptr<DecoderBuffer>& encrypted,
                            const DecryptCB& decrypt_cb) {
   CHECK(encrypted->GetDecryptConfig());
-  const uint8* key_id = encrypted->GetDecryptConfig()->key_id();
-  const int key_id_size = encrypted->GetDecryptConfig()->key_id_size();
-
-  // TODO(xhwang): Avoid always constructing a string with StringPiece?
-  std::string key_id_string(reinterpret_cast<const char*>(key_id), key_id_size);
+  const std::string& key_id = encrypted->GetDecryptConfig()->key_id();
 
   DecryptionKey* key = NULL;
   {
     base::AutoLock auto_lock(key_map_lock_);
-    KeyMap::const_iterator found = key_map_.find(key_id_string);
+    KeyMap::const_iterator found = key_map_.find(key_id);
     if (found != key_map_.end())
       key = found->second;
   }
 
   if (!key) {
     // TODO(fgalligan): Fire a need_key event here and add a test.
     DVLOG(1) << "Could not find a matching key for given key ID.";
     decrypt_cb.Run(kError, NULL);
     return;
   }
 
-  int checksum_size = encrypted->GetDecryptConfig()->checksum_size();
+  int checksum_size = encrypted->GetDecryptConfig()->checksum().size();
   // According to the WebM encrypted specification, it is an open question
   // what should happen when a frame fails the integrity check.
   // http://wiki.webmproject.org/encryption/webm-encryption-rfc
   if (checksum_size > 0 &&
       !key->hmac_key().empty() &&
       !CheckData(*encrypted, key->hmac_key())) {
     DVLOG(1) << "Integrity check failed.";
     decrypt_cb.Run(kError, NULL);
     return;
   }
 
+  // TODO(strobe): Currently, presence of checksum is used to indicate the use
+  // of normal or WebM decryption keys. Consider a more explicit signaling
+  // mechanism.

[ddorwin, 2012/07/24 01:00:10]

... and remove the webm_ member.

[strobe_, 2012/07/25 01:05:13]

Done.

+  crypto::SymmetricKey* decryption_key = (checksum_size > 0) ?
+      key->webm_decryption_key() : key->decryption_key();
   scoped_refptr<DecoderBuffer> decrypted =
-      DecryptData(*encrypted,
-                  key->decryption_key(),
-                  encrypted->GetDecryptConfig()->encrypted_frame_offset());
+      DecryptData(*encrypted, decryption_key);
   if (!decrypted) {
     DVLOG(1) << "Decryption failed.";
     decrypt_cb.Run(kError, NULL);
     return;
   }
 
   decrypted->SetTimestamp(encrypted->GetTimestamp());
   decrypted->SetDuration(encrypted->GetDuration());
   decrypt_cb.Run(kSuccess, decrypted);
 }
 
 AesDecryptor::DecryptionKey::DecryptionKey(
     const std::string& secret)
     : secret_(secret) {
 }
 
 AesDecryptor::DecryptionKey::~DecryptionKey() {}
 
-bool AesDecryptor::DecryptionKey::Init(bool derive_webm_keys) {
+bool AesDecryptor::DecryptionKey::Init() {
   CHECK(!secret_.empty());
-
-  if (derive_webm_keys) {
-    std::string raw_key = DeriveKey(secret_,
-                                    kWebmEncryptionSeed,
-                                    secret_.length());
-    if (raw_key.empty()) {
-      return false;
-    }
-    decryption_key_.reset(
-        crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key));
-    if (!decryption_key_.get()) {
-      return false;
-    }
-
-    hmac_key_ = DeriveKey(secret_, kWebmHmacSeed, kWebmSha1DigestSize);
-    if (hmac_key_.empty()) {
-      return false;
-    }
-    return true;
-  }
-
   decryption_key_.reset(
       crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, secret_));
   if (!decryption_key_.get()) {
     return false;
   }
+
+  std::string raw_key = DeriveKey(secret_,
+                                  kWebmEncryptionSeed,
+                                  secret_.length());
+  if (raw_key.empty()) {
+    return false;
+  }
+  webm_decryption_key_.reset(
+      crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key));
+  if (!webm_decryption_key_.get()) {
+    return false;
+  }
+
+  hmac_key_ = DeriveKey(secret_, kWebmHmacSeed, kWebmSha1DigestSize);
+  if (hmac_key_.empty()) {
+    return false;
+  }
+
   return true;
 }
 
 }  // namespace media