// Copyright 2013 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef MEDIA_CDM_AES_DECRYPTOR_H_ #define MEDIA_CDM_AES_DECRYPTOR_H_ #include #include #include #include #include #include #include "base/macros.h" #include "base/memory/ref_counted.h" #include "base/synchronization/lock.h" #include "media/base/cdm_context.h" #include "media/base/cdm_key_information.h" #include "media/base/cdm_promise.h" #include "media/base/content_decryption_module.h" #include "media/base/decryptor.h" #include "media/base/media_export.h" namespace crypto { class SymmetricKey; } namespace media { // Decrypts an AES encrypted buffer into an unencrypted buffer. The AES // encryption must be CTR with a key size of 128bits. class MEDIA_EXPORT AesDecryptor : public ContentDecryptionModule, public CdmContext, public Decryptor { public: AesDecryptor(const SessionMessageCB& session_message_cb, const SessionClosedCB& session_closed_cb, const SessionKeysChangeCB& session_keys_change_cb, const SessionExpirationUpdateCB& session_expiration_update_cb); // ContentDecryptionModule implementation. void SetServerCertificate(const std::vector& certificate, std::unique_ptr promise) override; void CreateSessionAndGenerateRequest( CdmSessionType session_type, EmeInitDataType init_data_type, const std::vector& init_data, std::unique_ptr promise) override; void LoadSession(CdmSessionType session_type, const std::string& session_id, std::unique_ptr promise) override; void UpdateSession(const std::string& session_id, const std::vector& response, std::unique_ptr promise) override; void CloseSession(const std::string& session_id, std::unique_ptr promise) override; void RemoveSession(const std::string& session_id, std::unique_ptr promise) override; CdmContext* GetCdmContext() override; // CdmContext implementation. Decryptor* GetDecryptor() override; int GetCdmId() const override; // Decryptor implementation. void RegisterNewKeyCB(StreamType stream_type, const NewKeyCB& key_added_cb) override; void Decrypt(StreamType stream_type, scoped_refptr encrypted, const DecryptCB& decrypt_cb) override; void CancelDecrypt(StreamType stream_type) override; void InitializeAudioDecoder(const AudioDecoderConfig& config, const DecoderInitCB& init_cb) override; void InitializeVideoDecoder(const VideoDecoderConfig& config, const DecoderInitCB& init_cb) override; void DecryptAndDecodeAudio(scoped_refptr encrypted, const AudioDecodeCB& audio_decode_cb) override; void DecryptAndDecodeVideo(scoped_refptr encrypted, const VideoDecodeCB& video_decode_cb) override; void ResetDecoder(StreamType stream_type) override; void DeinitializeDecoder(StreamType stream_type) override; private: friend class ClearKeyPersistentSessionCdm; // Internally this class supports persistent license type sessions so that // it can be used by ClearKeyPersistentSessionCdm. The following methods // will be used from ClearKeyPersistentSessionCdm to create and update // persistent sessions. Note that ClearKeyPersistentSessionCdm is only used // for testing, so persistent sessions will not be available generally. // Creates a new session with ID |session_id| and type |session_type|, and // adds it to the list of active sessions. Returns false if the session ID // is already in the list. bool CreateSession(const std::string& session_id, CdmSessionType session_type); // Gets the state of the session |session_id| as a JWK. std::string GetSessionStateAsJWK(const std::string& session_id); // Update session |session_id| with the JWK provided in |json_web_key_set|. // Returns true and sets |key_added| if successful, otherwise returns false // and |error_message| is the reason for failure. bool UpdateSessionWithJWK(const std::string& session_id, const std::string& json_web_key_set, bool* key_added, CdmPromise::Exception* exception, std::string* error_message); // Performs the final steps of UpdateSession (notify any listeners for keys // changed, resolve the promise, and generate a keys change event). void FinishUpdate(const std::string& session_id, bool key_added, std::unique_ptr promise); // TODO(fgalligan): Remove this and change KeyMap to use crypto::SymmetricKey // as there are no decryptors that are performing an integrity check. // Helper class that manages the decryption key. class DecryptionKey { public: explicit DecryptionKey(const std::string& secret); ~DecryptionKey(); // Creates the encryption key. bool Init(); const std::string& secret() { return secret_; } crypto::SymmetricKey* decryption_key() { return decryption_key_.get(); } private: // The base secret that is used to create the decryption key. const std::string secret_; // The key used to decrypt the data. std::unique_ptr decryption_key_; DISALLOW_COPY_AND_ASSIGN(DecryptionKey); }; // Keep track of the keys for a key ID. If multiple sessions specify keys // for the same key ID, then the last key inserted is used. The structure is // optimized so that Decrypt() has fast access, at the cost of slow deletion // of keys when a session is released. class SessionIdDecryptionKeyMap; // Key ID <-> SessionIdDecryptionKeyMap map. using KeyIdToSessionKeysMap = std::unordered_map>; ~AesDecryptor() override; // Creates a DecryptionKey using |key_string| and associates it with |key_id|. // Returns true if successful. bool AddDecryptionKey(const std::string& session_id, const std::string& key_id, const std::string& key_string); // Gets a DecryptionKey associated with |key_id|. The AesDecryptor still owns // the key. Returns NULL if no key is associated with |key_id|. DecryptionKey* GetKey_Locked(const std::string& key_id) const; // Determines if |key_id| is already specified for |session_id|. bool HasKey(const std::string& session_id, const std::string& key_id); // Deletes all keys associated with |session_id|. void DeleteKeysForSession(const std::string& session_id); CdmKeysInfo GenerateKeysInfoList(const std::string& session_id, CdmKeyInformation::KeyStatus status); // Callbacks for firing session events. SessionMessageCB session_message_cb_; SessionClosedCB session_closed_cb_; SessionKeysChangeCB session_keys_change_cb_; SessionExpirationUpdateCB session_expiration_update_cb_; // Since only Decrypt() is called off the renderer thread, we only need to // protect |key_map_|, the only member variable that is shared between // Decrypt() and other methods. KeyIdToSessionKeysMap key_map_; // Protected by |key_map_lock_|. mutable base::Lock key_map_lock_; // Protects the |key_map_|. // Keeps track of current open sessions and their type. Although publicly // AesDecryptor only supports temporary sessions, ClearKeyPersistentSessionCdm // uses this class to also support persistent sessions, so save the // CdmSessionType for each session. std::map open_sessions_; NewKeyCB new_audio_key_cb_; NewKeyCB new_video_key_cb_; // Protect |new_audio_key_cb_| and |new_video_key_cb_| as they are set on the // main thread but called on the media thread. mutable base::Lock new_key_cb_lock_; DISALLOW_COPY_AND_ASSIGN(AesDecryptor); }; } // namespace media #endif // MEDIA_CDM_AES_DECRYPTOR_H_