Cast: Added support for AES-CTR crypto.

media/cast/audio_receiver/audio_receiver.cc

Index: media/cast/audio_receiver/audio_receiver.cc
diff --git a/media/cast/audio_receiver/audio_receiver.cc b/media/cast/audio_receiver/audio_receiver.cc
index c3dc3937b9acf176364fcc8aa5dbe3a16461da3a..5793b1a70acf57ff05e549ff605810c31e837fb7 100644
--- a/media/cast/audio_receiver/audio_receiver.cc
+++ b/media/cast/audio_receiver/audio_receiver.cc
@@ -7,6 +7,7 @@
 #include "base/bind.h"
 #include "base/logging.h"
 #include "base/message_loop/message_loop.h"
+#include "crypto/symmetric_key.h"
 #include "media/cast/audio_receiver/audio_decoder.h"
 #include "media/cast/framer/framer.h"
 #include "media/cast/rtcp/rtcp.h"
@@ -99,6 +100,19 @@ AudioReceiver::AudioReceiver(scoped_refptr<CastEnvironment> cast_environment,
   } else {
     audio_decoder_ = new AudioDecoder(audio_config);
   }
+  if (audio_config.aes_iv_mask.size() == kAesBlockSize * 2 &&
+      audio_config.aes_key.size() == kAesBlockSize * 2) {

[wtc, 2013/11/07 01:00:36]

Block size and key size are different quantities, so I recommend that you add a
new constant kAes128KeySize (= 16), even though it happens to be equal to
kAesBlockSize.

(AES key size can also be 192 bits and 256 bits.)

[pwestin, 2013/11/07 17:16:04]

Done.

+    iv_mask_ = ConvertFromBase16String(audio_config.aes_iv_mask);
+    crypto::SymmetricKey* key = crypto::SymmetricKey::Import(
+        crypto::SymmetricKey::AES,
+        ConvertFromBase16String(audio_config.aes_key));
+    decryptor_.reset(new crypto::Encryptor());
+    decryptor_->Init(key, crypto::Encryptor::CTR, std::string());
+  } else if (audio_config.aes_iv_mask.size() != 0 ||
+             audio_config.aes_iv_mask.size() != 0) {

[wtc, 2013/11/07 01:00:36]

BUG: the second one should test audio_config.aes_key.size() != 0.

[pwestin, 2013/11/07 17:16:04]

Done.

+    DCHECK(false) << "Invalid crypto configuration";
+  }
+
   rtp_receiver_.reset(new RtpReceiver(cast_environment->Clock(),
                                       &audio_config,
                                       NULL,
@@ -135,8 +149,25 @@ void AudioReceiver::IncomingParsedRtpPacket(const uint8* payload_data,
 
   if (audio_decoder_) {
     DCHECK(!audio_buffer_) << "Invalid internal state";
-    audio_decoder_->IncomingParsedRtpPacket(payload_data, payload_size,
-                                            rtp_header);
+    if (decryptor_) {
+      // TODO(pwestin): we need to change to 32 bits frame id.
+      decryptor_->SetCounter(GetAesNounce(rtp_header.frame_id, iv_mask_));
+      std::string plaintext;
+      if (decryptor_->Decrypt(
+          base::StringPiece(reinterpret_cast<const char*>(payload_data),

[Alpha Left Google, 2013/11/07 01:10:11]

nit: indent 4 spaces.

[pwestin, 2013/11/07 17:16:04]

Done.

+                            payload_size),
+          &plaintext)) {

[Alpha Left Google, 2013/11/07 01:10:11]

nit: indent 4 spaces as well.

[pwestin, 2013/11/07 17:16:04]

Done.

+        audio_decoder_->IncomingParsedRtpPacket(
+            reinterpret_cast<const uint8*>(plaintext.data()), plaintext.size(),
+            rtp_header);
+      } else {
+        DCHECK(false) << "Decryption error";
+        return;
+      }
+    } else {
+      audio_decoder_->IncomingParsedRtpPacket(payload_data, payload_size,
+                                              rtp_header);
+    }
     return;
   }
   DCHECK(audio_buffer_) << "Invalid internal state";
@@ -209,6 +240,18 @@ void AudioReceiver::PlayoutTimeout() {
     VLOG(1) << "Failed to retrieved a complete frame at this point in time";
     return;
   }
+
+  if (decryptor_) {
+    EncodedAudioFrame* decrypted_audio_frame = new EncodedAudioFrame();

[Alpha Left Google, 2013/11/07 01:10:11]

We should use a scoped_ptr<T> here.

[pwestin, 2013/11/07 17:16:04]

Done.

+    if (DecryptAudioFrame(encoded_frame.get(), decrypted_audio_frame)) {
+      encoded_frame.reset(decrypted_audio_frame);
+    } else {
+      DCHECK(false) << "Decryption error";
+      delete decrypted_audio_frame;
+      return;
+    }
+  }
+
   if (PostEncodedAudioFrame(queued_encoded_callbacks_.front(), rtp_timestamp,
                             next_frame, &encoded_frame)) {
     // Call succeed remove callback from list.
@@ -231,6 +274,16 @@ void AudioReceiver::GetEncodedAudioFrame(
     queued_encoded_callbacks_.push_back(callback);
     return;
   }
+  if (decryptor_) {
+    EncodedAudioFrame* decrypted_audio_frame = new EncodedAudioFrame();

[Alpha Left Google, 2013/11/07 01:10:11]

Use scoped_ptr<T>.

[pwestin, 2013/11/07 17:16:04]

Done.

+    if (DecryptAudioFrame(encoded_frame.get(), decrypted_audio_frame)) {
+      encoded_frame.reset(decrypted_audio_frame);
+    } else {
+      DCHECK(false) << "Decryption error";
+      delete decrypted_audio_frame;
+      return;
+    }
+  }
   if (!PostEncodedAudioFrame(callback, rtp_timestamp, next_frame,
                              &encoded_frame)) {
     // We have an audio frame; however we are missing packets and we have time
@@ -314,6 +367,21 @@ base::TimeTicks AudioReceiver::GetPlayoutTime(base::TimeTicks now,
     now;
 }
 
+bool AudioReceiver::DecryptAudioFrame(const EncodedAudioFrame* encrypted_frame,
+                                      EncodedAudioFrame* audio_frame) {
+  DCHECK(decryptor_) << "Invalid state";
+
+  DCHECK(false);

[Alpha Left Google, 2013/11/07 01:10:11]

Why?

[pwestin, 2013/11/07 17:16:04]

No idea how that ended up there

+
+  // TODO(pwestin): the frame id must be a 32 bit number.
+  decryptor_->SetCounter(GetAesNounce(audio_frame->frame_id, iv_mask_));
+
+  audio_frame->codec = encrypted_frame->codec;
+  audio_frame->frame_id = encrypted_frame->frame_id;
+
+  return decryptor_->Decrypt(encrypted_frame->data, &audio_frame->data);
+}
+
 void AudioReceiver::ScheduleNextRtcpReport() {
   base::TimeDelta time_to_send = rtcp_->TimeToSendNextRtcpReport() -
       cast_environment_->Clock()->NowTicks();