6 files changed, 85 insertions, 141 deletions
diff --git a/media/base/decrypt_config.cc b/media/base/decrypt_config.cc
index 3142751..c499c92 100644
--- a/media/base/decrypt_config.cc
+++ b/media/base/decrypt_config.cc
@@ -19,8 +19,7 @@ DecryptConfig::DecryptConfig(const std::string& key_id,
       data_offset_(data_offset),
       subsamples_(subsamples) {
   CHECK_GT(key_id.size(), 0u);
-  CHECK(iv.size() == static_cast<size_t>(DecryptConfig::kDecryptionKeySize) ||
-        iv.empty());
+  CHECK_EQ(iv.size(), static_cast<size_t>(DecryptConfig::kDecryptionKeySize));
   CHECK_GE(data_offset, 0);
 }
 
diff --git a/media/base/decrypt_config.h b/media/base/decrypt_config.h
index 669aa36..d8ad224 100644
--- a/media/base/decrypt_config.h
+++ b/media/base/decrypt_config.h
@@ -36,9 +36,7 @@ class MEDIA_EXPORT DecryptConfig {
 
   // |key_id| is the ID that references the decryption key for this sample.
   // |iv| is the initialization vector defined by the encrypted format.
-  //   Currently |iv| must be 16 bytes as defined by WebM and ISO. Or must be
-  //   empty which signals to perform the integrity check on an unencrypted
-  //   frame as defined WebM.
+  //   Currently |iv_size| must be 16 bytes as defined by WebM and ISO.
   // |checksum| is the hash value of the encrypted buffer. |checksum| is
   //   defined by the encrypted format and may be NULL.
   // |data_offset| is the amount of data that should be discarded from the
diff --git a/media/crypto/aes_decryptor.cc b/media/crypto/aes_decryptor.cc
index 27272c6..e585800 100644
--- a/media/crypto/aes_decryptor.cc
+++ b/media/crypto/aes_decryptor.cc
@@ -285,24 +285,17 @@ void AesDecryptor::Decrypt(const scoped_refptr<DecoderBuffer>& encrypted,
     return;
   }
 
-  scoped_refptr<DecoderBuffer> decrypted;
-  // An empty iv string signals that the frame is unencrypted.
-  if (encrypted->GetDecryptConfig()->iv().empty()) {
-    int data_offset = encrypted->GetDecryptConfig()->data_offset();
-    decrypted = DecoderBuffer::CopyFrom(encrypted->GetData() + data_offset,
-                                        encrypted->GetDataSize() - data_offset);
-  } else {
-    // TODO(strobe): Currently, presence of checksum is used to indicate the use
-    // of normal or WebM decryption keys. Consider a more explicit signaling
-    // mechanism and the removal of the webm_decryption_key member.
-    crypto::SymmetricKey* decryption_key = (checksum_size > 0) ?
-        key->webm_decryption_key() : key->decryption_key();
-    decrypted = DecryptData(*encrypted, decryption_key);
-    if (!decrypted) {
-      DVLOG(1) << "Decryption failed.";
-      decrypt_cb.Run(kError, NULL);
-      return;
-    }
+  // TODO(strobe): Currently, presence of checksum is used to indicate the use
+  // of normal or WebM decryption keys. Consider a more explicit signaling
+  // mechanism and the removal of the webm_decryption_key member.
+  crypto::SymmetricKey* decryption_key = (checksum_size > 0) ?
+      key->webm_decryption_key() : key->decryption_key();
+  scoped_refptr<DecoderBuffer> decrypted =
+      DecryptData(*encrypted, decryption_key);
+  if (!decrypted) {
+    DVLOG(1) << "Decryption failed.";
+    decrypt_cb.Run(kError, NULL);
+    return;
   }
 
   decrypted->SetTimestamp(encrypted->GetTimestamp());
diff --git a/media/crypto/aes_decryptor_unittest.cc b/media/crypto/aes_decryptor_unittest.cc
index fd1704a..12df91a 100644
--- a/media/crypto/aes_decryptor_unittest.cc
+++ b/media/crypto/aes_decryptor_unittest.cc
@@ -41,8 +41,7 @@ struct WebmEncryptedData {
 static const char kClearKeySystem[] = "org.w3.clearkey";
 
 // Frames 0 & 1 are encrypted with the same key. Frame 2 is encrypted with a
-// different key. Frame 3 has the same HMAC key as frame 2, but frame 3 is
-// unencrypted.
+// different key.
 const WebmEncryptedData kWebmEncryptedFrames[] = {
   {
     // plaintext
@@ -51,18 +50,18 @@ const WebmEncryptedData kWebmEncryptedFrames[] = {
     { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
       0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
       0x10, 0x11, 0x12, 0x13
-      }, 20,
+    }, 20,
     // key
     { 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
       0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23
-      }, 16,
+    }, 16,
     // encrypted_data
-    { 0x3c, 0x4e, 0xb8, 0xd9, 0x5c, 0x20, 0x48, 0x18,
-      0x4f, 0x03, 0x74, 0xa1, 0x01, 0xff, 0xff, 0xff,
-      0xff, 0xff, 0xff, 0xff, 0xff, 0x99, 0xaa, 0xff,
-      0xb7, 0x74, 0x02, 0x4e, 0x1c, 0x75, 0x3d, 0xee,
-      0xcb, 0x64, 0xf7
-      }, 35
+    { 0xfb, 0xe7, 0x1d, 0xbb, 0x4c, 0x23, 0xce, 0xba,
+      0xcc, 0xf8, 0xda, 0xc0, 0xff, 0xff, 0xff, 0xff,
+      0xff, 0xff, 0xff, 0xff, 0x99, 0xaa, 0xff, 0xb7,
+      0x74, 0x02, 0x4e, 0x1c, 0x75, 0x3d, 0xee, 0xcb,
+      0x64, 0xf7
+    }, 34
   },
   {
     // plaintext
@@ -71,19 +70,19 @@ const WebmEncryptedData kWebmEncryptedFrames[] = {
     { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
       0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
       0x10, 0x11, 0x12, 0x13
-      }, 20,
+    }, 20,
     // key
     { 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
       0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23
-      }, 16,
+    }, 16,
     // encrypted_data
-    { 0xe8, 0x4c, 0x51, 0x33, 0x14, 0x0d, 0xc7, 0x17,
-      0x32, 0x60, 0xc9, 0xd0, 0x01, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0xec, 0x8e, 0x87,
-      0x21, 0xd3, 0xb9, 0x1c, 0x61, 0xf6, 0x5a, 0x60,
-      0xaa, 0x07, 0x0e, 0x96, 0xd0, 0x54, 0x5d, 0x35,
-      0x9a, 0x4a, 0xd3
-      }, 43
+    { 0x43, 0xe4, 0x78, 0x7a, 0x43, 0xe1, 0x49, 0xbb,
+      0x44, 0x38, 0xdf, 0xfc, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0xec, 0x8e, 0x87, 0x21,
+      0xd3, 0xb9, 0x1c, 0x61, 0xf6, 0x5a, 0x60, 0xaa,
+      0x07, 0x0e, 0x96, 0xd0, 0x54, 0x5d, 0x35, 0x9a,
+      0x4a, 0xd3
+    }, 42
   },
   {
     // plaintext
@@ -91,37 +90,18 @@ const WebmEncryptedData kWebmEncryptedFrames[] = {
     // key_id
     { 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
       0x2c, 0x2d, 0x2e, 0x2f, 0x30
-      }, 13,
+    }, 13,
     // key
     { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
       0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40
-      }, 16,
+    }, 16,
     // encrypted_data
-    { 0x46, 0x93, 0x8c, 0x93, 0x48, 0xf9, 0xeb, 0x30,
-      0x74, 0x55, 0x6b, 0xf2, 0x01, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x01, 0x48, 0x5e, 0x4a,
-      0x41, 0x2a, 0x8b, 0xf4, 0xc6, 0x47, 0x54, 0x90,
-      0x34, 0xf4, 0x8b
-      }, 35
-  },
-  {
-    // plaintext
-    "Changed Original data.", 22,
-    // key_id
-    { 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
-      0x2c, 0x2d, 0x2e, 0x2f, 0x30
-      }, 13,
-    // key
-    { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
-      0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40
-      }, 16,
-    // encrypted_data
-    { 0xee, 0xd6, 0xf5, 0x64, 0x5f, 0xe0, 0x6a, 0xa2,
-      0x9e, 0xd6, 0xce, 0x34, 0x00, 0x43, 0x68, 0x61,
-      0x6e, 0x67, 0x65, 0x64, 0x20, 0x4f, 0x72, 0x69,
-      0x67, 0x69, 0x6e, 0x61, 0x6c, 0x20, 0x64, 0x61,
-      0x74, 0x61, 0x2e
-      }, 35
+    { 0xd9, 0x43, 0x30, 0xfd, 0x82, 0x77, 0x62, 0x04,
+      0x08, 0xc2, 0x48, 0x89, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x01, 0x48, 0x5e, 0x4a, 0x41,
+      0x2a, 0x8b, 0xf4, 0xc6, 0x47, 0x54, 0x90, 0x34,
+      0xf4, 0x8b
+    }, 34
   }
 };
 
@@ -212,18 +192,22 @@ static std::string GenerateCounterBlock(const uint8* iv, int iv_size) {
   const int kDecryptionKeySize = 16;
   CHECK_GT(iv_size, 0);
   CHECK_LE(iv_size, kDecryptionKeySize);
+  char counter_block_data[kDecryptionKeySize];
 
-  std::string counter_block(reinterpret_cast<const char*>(iv), iv_size);
-  counter_block.append(kDecryptionKeySize - iv_size, 0);
-  return counter_block;
+  // Set the IV.
+  memcpy(counter_block_data, iv, iv_size);
+
+  // Set block counter to all 0's.
+  memset(counter_block_data + iv_size, 0, kDecryptionKeySize - iv_size);
+
+  return std::string(counter_block_data, kDecryptionKeySize);
 }
 
 // Creates a WebM encrypted buffer that the demuxer would pass to the
 // decryptor. |data| is the payload of a WebM encrypted Block. |key_id| is
 // initialization data from the WebM file. Every encrypted Block has
-// an HMAC and a signal byte prepended to a frame. If the frame is encrypted
-// then an IV is prepended to the Block. Current encrypted WebM request for
-// comments specification is here
+// an HMAC and IV prepended to an encrypted frame. Current encrypted WebM
+// request for comments specification is here
 // http://wiki.webmproject.org/encryption/webm-encryption-rfc
 static scoped_refptr<DecoderBuffer> CreateWebMEncryptedBuffer(
     const uint8* data, int data_size,
@@ -232,29 +216,17 @@ static scoped_refptr<DecoderBuffer> CreateWebMEncryptedBuffer(
       data + kWebMHmacSize, data_size - kWebMHmacSize);
   CHECK(encrypted_buffer);
 
-  uint8 signal_byte = data[kWebMHmacSize];
-  int data_offset = sizeof(signal_byte);
-
-  // Setting the DecryptConfig object of the buffer while leaving the
-  // initialization vector empty will tell the decryptor that the frame is
-  // unencrypted but integrity should still be checked.
-  std::string counter_block_str;
-
-  if (signal_byte & kWebMFlagEncryptedFrame) {
-    uint64 network_iv;
-    memcpy(&network_iv, data + kWebMHmacSize + data_offset, sizeof(network_iv));
-    const uint64 iv = base::NetToHost64(network_iv);
-    counter_block_str =
-        GenerateCounterBlock(reinterpret_cast<const uint8*>(&iv), sizeof(iv));
-    data_offset += sizeof(iv);
-  }
-
+  uint64 network_iv;
+  memcpy(&network_iv, data + kWebMHmacSize, sizeof(network_iv));
+  const uint64 iv = base::NetToHost64(network_iv);
+  std::string webm_iv =
+      GenerateCounterBlock(reinterpret_cast<const uint8*>(&iv), sizeof(iv));
   encrypted_buffer->SetDecryptConfig(
       scoped_ptr<DecryptConfig>(new DecryptConfig(
           std::string(reinterpret_cast<const char*>(key_id), key_id_size),
-          counter_block_str,
+          webm_iv,
           std::string(reinterpret_cast<const char*>(data), kWebMHmacSize),
-          data_offset,
+          sizeof(iv),
           std::vector<SubsampleEntry>())));
   return encrypted_buffer;
 }
@@ -352,20 +324,6 @@ TEST_F(AesDecryptorTest, NormalWebMDecryption) {
                                                     frame.plain_text_size));
 }
 
-TEST_F(AesDecryptorTest, UnencryptedFrameWebMDecryption) {
-  const WebmEncryptedData& frame = kWebmEncryptedFrames[3];
-  GenerateKeyRequest(frame.key_id, frame.key_id_size);
-  AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size,
-                           frame.key, frame.key_size);
-  scoped_refptr<DecoderBuffer> encrypted_data =
-      CreateWebMEncryptedBuffer(frame.encrypted_data,
-                                frame.encrypted_data_size,
-                                frame.key_id, frame.key_id_size);
-  ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToSucceed(encrypted_data,
-                                                    frame.plain_text,
-                                                    frame.plain_text_size));
-}
-
 TEST_F(AesDecryptorTest, WrongKey) {
   const WebmEncryptedData& frame = kWebmEncryptedFrames[0];
   GenerateKeyRequest(frame.key_id, frame.key_id_size);
diff --git a/media/webm/webm_cluster_parser.cc b/media/webm/webm_cluster_parser.cc
index 7878fa8..e9ef93e 100644
--- a/media/webm/webm_cluster_parser.cc
+++ b/media/webm/webm_cluster_parser.cc
@@ -14,11 +14,20 @@ namespace media {
 
 // Generates a 16 byte CTR counter block. The CTR counter block format is a
 // CTR IV appended with a CTR block counter. |iv| is an 8 byte CTR IV.
-// Returns a string of kDecryptionKeySize bytes.
-static std::string GenerateCounterBlock(uint64 iv) {
-  std::string counter_block(reinterpret_cast<char*>(&iv), sizeof(iv));
-  counter_block.append(DecryptConfig::kDecryptionKeySize - sizeof(iv), 0);
-  return counter_block;
+// Always returns a valid pointer to a buffer of kDecryptionKeySize bytes.
+static scoped_array<uint8> GenerateCounterBlock(uint64 iv) {
+  scoped_array<uint8> counter_block_data(
+      new uint8[DecryptConfig::kDecryptionKeySize]);
+
+  // Set the IV.
+  memcpy(counter_block_data.get(), &iv, sizeof(iv));
+
+  // Set block counter to all 0's.
+  memset(counter_block_data.get() + sizeof(iv),
+         0,
+         DecryptConfig::kDecryptionKeySize - sizeof(iv));
+
+  return counter_block_data.Pass();
 }
 
 WebMClusterParser::WebMClusterParser(int64 timecode_scale,
@@ -211,14 +220,12 @@ bool WebMClusterParser::OnBlock(int track_num, int timecode,
   // Every encrypted Block has an HMAC and IV prepended to it. Current encrypted
   // WebM request for comments specification is here
   // http://wiki.webmproject.org/encryption/webm-encryption-rfc
-  bool is_track_encrypted = track_num == video_.track_num() &&
-                            video_encryption_key_id_.get();
-
-  // If stream is encrypted skip past the HMAC. Encrypted buffers must include
-  // the signal byte, the IV (if frame is encrypted) and
-  // the frame because the decryptor will verify this data before decryption.
-  // The HMAC and IV will be copied into DecryptConfig.
-  int offset = (is_track_encrypted) ? kWebMHmacSize : 0;
+  bool encrypted = track_num == video_.track_num() &&
+                   video_encryption_key_id_.get();
+  // If encrypted skip past the HMAC. Encrypted buffers must include the IV and
+  // the encrypted frame because the decryptor will verify this data before
+  // decryption. The HMAC and IV will be copied into DecryptConfig.
+  int offset = (encrypted) ? kWebMHmacSize : 0;
 
   // The first bit of the flags is set when the block contains only keyframes.
   // http://www.matroska.org/technical/specs/index.html
@@ -226,31 +233,21 @@ bool WebMClusterParser::OnBlock(int track_num, int timecode,
   scoped_refptr<StreamParserBuffer> buffer =
       StreamParserBuffer::CopyFrom(data + offset, size - offset, is_keyframe);
 
-  if (is_track_encrypted) {
-    uint8 signal_byte = data[kWebMHmacSize];
-    int data_offset = sizeof(signal_byte);
-
-    // Setting the DecryptConfig object of the buffer while leaving the
-    // initialization vector empty will tell the decryptor that the frame is
-    // unencrypted but integrity should still be checked.
-    std::string counter_block;
-
-    if (signal_byte & kWebMFlagEncryptedFrame) {
-      uint64 network_iv;
-      memcpy(&network_iv, data + kWebMHmacSize + data_offset,
-             sizeof(network_iv));
-      const uint64 iv = base::NetToHost64(network_iv);
-      counter_block = GenerateCounterBlock(iv);
-      data_offset += sizeof(iv);
-    }
+  if (encrypted) {
+    uint64 network_iv;
+    memcpy(&network_iv, data + kWebMHmacSize, sizeof(network_iv));
+    const uint64 iv = base::NetToHost64(network_iv);
 
+    scoped_array<uint8> counter_block(GenerateCounterBlock(iv));
     buffer->SetDecryptConfig(scoped_ptr<DecryptConfig>(new DecryptConfig(
         std::string(
             reinterpret_cast<const char*>(video_encryption_key_id_.get()),
             video_encryption_key_id_size_),
-        counter_block,
+        std::string(
+            reinterpret_cast<const char*>(counter_block.get()),
+            DecryptConfig::kDecryptionKeySize),
         std::string(reinterpret_cast<const char*>(data), kWebMHmacSize),
-        data_offset,
+        sizeof(iv),
         std::vector<SubsampleEntry>())));
   }
 
diff --git a/media/webm/webm_constants.h b/media/webm/webm_constants.h
index 7d6f3ed..93041b2 100644
--- a/media/webm/webm_constants.h
+++ b/media/webm/webm_constants.h
@@ -202,7 +202,6 @@ const uint8 kWebMFlagKeyframe = 0x80;
 // The size is from the WebM encrypted specification. Current encrypted WebM
 // request for comments specification is here
 // http://wiki.webmproject.org/encryption/webm-encryption-rfc
-const uint8 kWebMFlagEncryptedFrame = 0x1;
 const int kWebMHmacSize = 12;
 
 }  // namespace media