CDMProxyClearKey.cpp [plain text]
#include "config.h"
#include "CDMProxyClearKey.h"
#if ENABLE(ENCRYPTED_MEDIA)
#include "Logging.h"
#include <wtf/ByteOrder.h>
namespace WebCore {
namespace {
static bool readUInt32(const uint8_t* buffer, size_t bufferSize, size_t& offset, uint32_t& value)
{
ASSERT_ARG(offset, offset <= bufferSize);
if (bufferSize - offset < sizeof(value))
return false;
value = ntohl(*reinterpret_cast_ptr<const uint32_t*>(buffer + offset));
offset += sizeof(value);
return true;
}
static bool readUInt16(const uint8_t* buffer, size_t bufferSize, size_t& offset, uint16_t& value)
{
ASSERT_ARG(offset, offset <= bufferSize);
if (bufferSize - offset < sizeof(value))
return false;
value = ntohs(*reinterpret_cast_ptr<const uint16_t*>(buffer + offset));
offset += sizeof(value);
return true;
}
}
CDMProxyFactoryClearKey& CDMProxyFactoryClearKey::singleton()
{
static NeverDestroyed<CDMProxyFactoryClearKey> s_factory;
return s_factory;
}
RefPtr<CDMProxy> CDMProxyFactoryClearKey::createCDMProxy(const String& keySystem)
{
ASSERT_UNUSED(keySystem, supportsKeySystem(keySystem));
return adoptRef(new CDMProxyClearKey());
}
bool CDMProxyFactoryClearKey::supportsKeySystem(const String& keySystem)
{
return equalLettersIgnoringASCIICase(keySystem, "org.w3.clearkey");
}
CDMProxyClearKey::~CDMProxyClearKey()
{
closeGCryptHandle();
}
bool CDMProxyClearKey::cencSetCounterVector(const cencDecryptContext& input)
{
uint8_t ctr[ClearKey::AES128CTRBlockSizeInBytes];
if (input.ivSizeInBytes == 8) {
memset(ctr + 8, 0, 8);
memcpy(ctr, input.iv, 8);
} else
memcpy(ctr, input.iv, ClearKey::IVSizeInBytes);
if (gcry_error_t cipherError = gcry_cipher_setctr(gCryptHandle(), ctr, ClearKey::IVSizeInBytes)) {
#if !LOG_DISABLED
LOG(EME, "EME - CDMProxyClearKey - ERROR(gcry_cipher_setctr): %s", gpg_strerror(cipherError));
#else
UNUSED_VARIABLE(cipherError);
#endif
return false;
}
return true;
}
bool CDMProxyClearKey::cencSetDecryptionKey(const cencDecryptContext& in)
{
Vector<uint8_t> keyIDVec;
keyIDVec.append(in.keyID, in.keyIDSizeInBytes);
auto keyData = getOrWaitForKeyValue(keyIDVec);
if (!keyData)
return false;
ASSERT(WTF::holds_alternative<Vector<uint8_t>>(keyData.value()));
auto& keyDataValue = WTF::get<Vector<uint8_t>>(keyData.value());
if (gcry_error_t cipherError = gcry_cipher_setkey(gCryptHandle(), keyDataValue.data(), keyDataValue.size())) {
#if !LOG_DISABLED
LOG(EME, "EME - CDMProxyClearKey - ERROR(gcry_cipher_setkey): %s", gpg_strerror(cipherError));
#else
UNUSED_VARIABLE(cipherError);
#endif
return false;
}
return true;
}
bool CDMProxyClearKey::cencDecryptFullSample(cencDecryptContext& in)
{
if (!in.encryptedBufferSizeInBytes)
return true;
LOG(EME, "EME - CDMProxyClearKey - full-sample decryption: %zu encrypted bytes", in.encryptedBufferSizeInBytes);
if (gcry_error_t cipherError = gcry_cipher_decrypt(gCryptHandle(), in.encryptedBuffer, in.encryptedBufferSizeInBytes, 0, 0)) {
#if !LOG_DISABLED
LOG(EME, "EME - CDMProxyClearKey - ERROR(gcry_cipher_decrypt): %s", gpg_strerror(cipherError));
#else
UNUSED_VARIABLE(cipherError);
#endif
return false;
}
return true;
}
bool CDMProxyClearKey::cencDecryptSubsampled(cencDecryptContext& input)
{
unsigned encryptedBufferByteOffset = 0;
size_t subSampleBufferByteOffset = 0;
unsigned subsampleIndex = 0;
while (encryptedBufferByteOffset < input.encryptedBufferSizeInBytes) {
uint16_t subsampleNumClearBytes = 0;
uint32_t subsampleNumEncryptedBytes = 0;
if (subsampleIndex < input.numSubsamples) {
if (!readUInt16(input.subsamplesBuffer, input.subsamplesBufferSizeInBytes, subSampleBufferByteOffset, subsampleNumClearBytes)) {
LOG(EME, "EME - CDMProxyClearKey - could not read number of clear bytes in subsample at index %u", subsampleIndex);
return false;
}
if (!readUInt32(input.subsamplesBuffer, input.subsamplesBufferSizeInBytes, subSampleBufferByteOffset, subsampleNumEncryptedBytes)) {
LOG(EME, "EME - CDMProxyClearKey - could not read number of encrypted bytes in subsample at index %u", subsampleIndex);
return false;
}
subsampleIndex++;
} else {
subsampleNumClearBytes = 0;
subsampleNumEncryptedBytes = input.encryptedBufferSizeInBytes - encryptedBufferByteOffset;
}
LOG(EME, "EME - subsample index %u - %u bytes clear (%zu bytes left to decrypt)", subsampleIndex, subsampleNumClearBytes, input.encryptedBufferSizeInBytes - encryptedBufferByteOffset);
encryptedBufferByteOffset += subsampleNumClearBytes;
if (subsampleNumEncryptedBytes) {
LOG(EME, "EME - subsample index %u - %u bytes encrypted (%zu bytes left to decrypt)", subsampleIndex, subsampleNumEncryptedBytes, input.encryptedBufferSizeInBytes - encryptedBufferByteOffset);
if (gcry_error_t cipherError = gcry_cipher_decrypt(gCryptHandle(), input.encryptedBuffer + encryptedBufferByteOffset, subsampleNumEncryptedBytes, 0, 0)) {
#if !LOG_DISABLED
LOG(EME, "EME - CDMProxyClearKey - ERROR(gcry_cipher_decrypt): %s", gpg_strerror(cipherError));
#else
UNUSED_VARIABLE(cipherError);
#endif
return false;
}
encryptedBufferByteOffset += subsampleNumEncryptedBytes;
}
}
return true;
}
bool CDMProxyClearKey::cencDecrypt(CDMProxyClearKey::cencDecryptContext& input)
{
if (!cencSetCounterVector(input) || !cencSetDecryptionKey(input))
return false;
return input.isSubsampled() ? cencDecryptSubsampled(input) : cencDecryptFullSample(input);
}
void CDMProxyClearKey::releaseDecryptionResources()
{
closeGCryptHandle();
CDMProxy::releaseDecryptionResources();
}
void CDMProxyClearKey::closeGCryptHandle()
{
if (m_gCryptHandle) {
gcry_cipher_close(*m_gCryptHandle);
m_gCryptHandle.reset();
}
}
gcry_cipher_hd_t& CDMProxyClearKey::gCryptHandle()
{
if (!m_gCryptHandle) {
m_gCryptHandle.emplace();
if (gcry_error_t error = gcry_cipher_open(&m_gCryptHandle.value(), GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, GCRY_CIPHER_SECURE)) {
#if !LOG_DISABLED
LOG(EME, "EME - CDMProxyClearKey - ERROR(gcry_cipher_open): %s", gpg_strerror(error));
#else
UNUSED_VARIABLE(error);
#endif
RELEASE_ASSERT(false && "Should not get this far with a functional GCrypt!");
}
}
return *m_gCryptHandle;
}
}
#endif // ENABLE(ENCRYPTED_MEDIA)