// Copyright 2018 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "media/cdm/aes_cbc_crypto.h" #include "base/logging.h" #include "base/numerics/safe_conversions.h" #include "crypto/openssl_util.h" #include "crypto/symmetric_key.h" #include "third_party/boringssl/src/include/openssl/aes.h" #include "third_party/boringssl/src/include/openssl/err.h" #include "third_party/boringssl/src/include/openssl/evp.h" // Notes on using OpenSSL: // https://www.openssl.org/docs/man1.1.0/crypto/EVP_DecryptUpdate.html // The documentation for EVP_DecryptUpdate() only states // "EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() // are the corresponding decryption operations. EVP_DecryptFinal() will // return an error code if padding is enabled and the final block is not // correctly formatted. The parameters and restrictions are identical // to the encryption operations except that if padding is enabled ..." // As this implementation does not use padding, the last part should not be // an issue. However, there is no mention whether data can be decrypted // block-by-block or if all the data must be unencrypted at once. // // The documentation for EVP_EncryptUpdate() (same page as above) states // "EVP_EncryptUpdate() encrypts inl bytes from the buffer in and writes // the encrypted version to out. This function can be called multiple times // to encrypt successive blocks of data." // Given that the EVP_Decrypt* methods have the same restrictions, the code // below assumes that EVP_DecryptUpdate() can be called on a block-by-block // basis. A test in aes_cbc_crypto_unittest.cc verifies this. namespace media { AesCbcCrypto::AesCbcCrypto() = default; AesCbcCrypto::~AesCbcCrypto() = default; bool AesCbcCrypto::Initialize(const crypto::SymmetricKey& key, base::span<const uint8_t> iv) { … } bool AesCbcCrypto::Decrypt(base::span<const uint8_t> encrypted_data, uint8_t* decrypted_data) { … } } // namespace media
Codebase Browser
chromium