media/cdm/aes_decryptor.cc - Issue 77413005: Remove support for non-JSON keys in AesDecryptor

Side by Side Diff: media/cdm/aes_decryptor.cc

Issue 77413005: Remove support for non-JSON keys in AesDecryptor (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "media/cdm/aes_decryptor.h"	5 #include "media/cdm/aes_decryptor.h"

6	6

7 #include <vector>	7 #include <vector>

8	8

9 #include "base/base64.h"	9 #include "base/base64.h"

10 #include "base/json/json_reader.h"	10 #include "base/json/json_reader.h"

(...skipping 283 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
294 }	294 }

295	295

296 void AesDecryptor::AddKey(uint32 reference_id,	296 void AesDecryptor::AddKey(uint32 reference_id,

297 const uint8* key,	297 const uint8* key,

298 int key_length,	298 int key_length,

299 const uint8* init_data,	299 const uint8* init_data,

300 int init_data_length) {	300 int init_data_length) {

301 CHECK(key);	301 CHECK(key);

302 CHECK_GT(key_length, 0);	302 CHECK_GT(key_length, 0);

303	303

	304 // Since \|key\| represents valid JSON, init_data must be empty.
	ddorwin 2013/11/22 04:38:26 You can probably remove this comment now. You can probably remove this comment now. jrummell 2013/11/22 18:53:11 Done. Show quoted text On 2013/11/22 04:38:26, ddorwin wrote: > You can probably remove this comment now. Done.
	305 DCHECK(!init_data);

	306 DCHECK_EQ(init_data_length, 0);

	307

304 // AddKey() is called from update(), where the key(s) are passed as a JSON	308 // AddKey() is called from update(), where the key(s) are passed as a JSON

305 // Web Key (JWK) set. Each JWK needs to be a symmetric key ('kty' = "oct"),	309 // Web Key (JWK) set. Each JWK needs to be a symmetric key ('kty' = "oct"),

306 // with 'kid' being the base64-encoded key id, and 'k' being the	310 // with 'kid' being the base64-encoded key id, and 'k' being the

307 // base64-encoded key.	311 // base64-encoded key.

308 //

309 // For backwards compatibility with v0.1b of the spec (where \|key\| is the raw

310 // key and \|init_data\| is the key id), if \|key\| is not valid JSON, then

311 // attempt to process it as a raw key.

312

313 std::string key_string(reinterpret_cast<const char*>(key), key_length);	312 std::string key_string(reinterpret_cast<const char*>(key), key_length);

314 JWKKeys jwk_keys;	313 JWKKeys jwk_keys;

315 if (ExtractJWKKeys(key_string, &jwk_keys)) {	314 if (!ExtractJWKKeys(key_string, &jwk_keys)) {

316 // Since \|key\| represents valid JSON, init_data must be empty.	315 key_error_cb_.Run(reference_id, MediaKeys::kUnknownError, 0);

317 DCHECK(!init_data);	316 return;

318 DCHECK_EQ(init_data_length, 0);	317 }

319	318

320 // Make sure that at least one key was extracted.	319 // Make sure that at least one key was extracted.

321 if (jwk_keys.empty()) {	320 if (jwk_keys.empty()) {

	321 key_error_cb_.Run(reference_id, MediaKeys::kUnknownError, 0);

	322 return;

	323 }

	324

	325 for (JWKKeys::iterator it = jwk_keys.begin() ; it != jwk_keys.end(); ++it) {

	326 if (!AddDecryptionKey(it->first, it->second)) {

322 key_error_cb_.Run(reference_id, MediaKeys::kUnknownError, 0);	327 key_error_cb_.Run(reference_id, MediaKeys::kUnknownError, 0);

323 return;	328 return;

324 }	329 }

325 for (JWKKeys::iterator it = jwk_keys.begin() ; it != jwk_keys.end(); ++it) {

326 if (!AddDecryptionKey(it->first, it->second)) {

327 key_error_cb_.Run(reference_id, MediaKeys::kUnknownError, 0);

328 return;

329 }

330 }

331 } else {

332 // v0.1b backwards compatibility support.

333 // TODO(jrummell): Remove this code once v0.1b no longer supported.

334

335 if (key_string.length() !=

336 static_cast<size_t>(DecryptConfig::kDecryptionKeySize)) {
ddorwin 2013/11/22 04:38:26 Are we checking the key size anywhere? I think the Are we checking the key size anywhere? I think the layout tests use this to test the keyerror event.. jrummell 2013/11/22 18:53:11 There is (AesDecryptorTest.WrongSizedKey). Interes Show quoted text On 2013/11/22 04:38:26, ddorwin wrote: > Are we checking the key size anywhere? I think the layout tests use this to test > the keyerror event.. There is (AesDecryptorTest.WrongSizedKey). Interesting that it didn't fail. Added test back. ddorwin 2013/11/22 20:17:12 Maybe we check the kid size too somewhere? We shou Show quoted text On 2013/11/22 18:53:11, jrummell wrote: > On 2013/11/22 04:38:26, ddorwin wrote: > > Are we checking the key size anywhere? I think the layout tests use this to > test > > the keyerror event.. > > There is (AesDecryptorTest.WrongSizedKey). Interesting that it didn't fail. > Added test back. Maybe we check the kid size too somewhere? We should find out why this was passing. We might need separate wrong size kid and key JWKs.
337 DVLOG(1) << "Invalid key length: " << key_string.length();

338 key_error_cb_.Run(reference_id, MediaKeys::kUnknownError, 0);

339 return;

340 }

341

342 // TODO(xhwang): Fix the decryptor to accept no \|init_data\|. See

343 // http://crbug.com/123265. Until then, ensure a non-empty value is passed.

344 static const uint8 kDummyInitData[1] = {0};

345 if (!init_data) {

346 init_data = kDummyInitData;

347 init_data_length = arraysize(kDummyInitData);

348 }

349

350 // TODO(xhwang): For now, use \|init_data\| for key ID. Make this more spec

351 // compliant later (http://crbug.com/123262, http://crbug.com/123265).

352 std::string key_id_string(reinterpret_cast<const char*>(init_data),

353 init_data_length);

354 if (!AddDecryptionKey(key_id_string, key_string)) {

355 // Error logged in AddDecryptionKey()

356 key_error_cb_.Run(reference_id, MediaKeys::kUnknownError, 0);

357 return;

358 }

359 }	330 }

360	331

361 if (!new_audio_key_cb_.is_null())	332 if (!new_audio_key_cb_.is_null())

362 new_audio_key_cb_.Run();	333 new_audio_key_cb_.Run();

363	334

364 if (!new_video_key_cb_.is_null())	335 if (!new_video_key_cb_.is_null())

365 new_video_key_cb_.Run();	336 new_video_key_cb_.Run();

366	337

367 key_added_cb_.Run(reference_id);	338 key_added_cb_.Run(reference_id);

368 }	339 }

(...skipping 131 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
500 bool AesDecryptor::DecryptionKey::Init() {	471 bool AesDecryptor::DecryptionKey::Init() {

501 CHECK(!secret_.empty());	472 CHECK(!secret_.empty());

502 decryption_key_.reset(crypto::SymmetricKey::Import(	473 decryption_key_.reset(crypto::SymmetricKey::Import(

503 crypto::SymmetricKey::AES, secret_));	474 crypto::SymmetricKey::AES, secret_));

504 if (!decryption_key_)	475 if (!decryption_key_)

505 return false;	476 return false;

506 return true;	477 return true;

507 }	478 }

508	479

509 } // namespace media	480 } // namespace media

OLD	NEW

« no previous file with comments | « content/renderer/media/crypto/proxy_decryptor.cc ('k') | media/cdm/aes_decryptor_unittest.cc » ('j') | no next file with comments »