search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[Ozone-Gbm] Explicitly crash if trying software rendering on GBM
[chromium-blink-merge.git] / media / cdm / aes_decryptor_unittest.cc
blobce06fe204c1c09689f5f1070216079f78984cb87
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <string>
6 #include <vector>
7
8 #include "base/basictypes.h"
9 #include "base/bind.h"
10 #include "base/json/json_reader.h"
11 #include "base/values.h"
12 #include "media/base/cdm_callback_promise.h"
13 #include "media/base/cdm_key_information.h"
14 #include "media/base/decoder_buffer.h"
15 #include "media/base/decrypt_config.h"
16 #include "media/base/mock_filters.h"
17 #include "media/cdm/aes_decryptor.h"
18 #include "testing/gmock/include/gmock/gmock.h"
19 #include "testing/gtest/include/gtest/gtest.h"
20
21 using ::testing::_;
22 using ::testing::Gt;
23 using ::testing::IsNull;
24 using ::testing::NotNull;
25 using ::testing::SaveArg;
26 using ::testing::StrNe;
27 using ::testing::Unused;
28
29 MATCHER(IsEmpty, "") { return arg.empty(); }
30 MATCHER(IsNotEmpty, "") { return !arg.empty(); }
31 MATCHER(IsJSONDictionary, "") {
32 std::string result(arg.begin(), arg.end());
33 scoped_ptr<base::Value> root(base::JSONReader().ReadToValue(result));
34 return (root.get() && root->GetType() == base::Value::TYPE_DICTIONARY);
35 }
36
37 class GURL;
38
39 namespace media {
40
41 const uint8 kOriginalData[] = "Original subsample data.";
42 const int kOriginalDataSize = 24;
43
44 // In the examples below, 'k'(key) has to be 16 bytes, and will always require
45 // 2 bytes of padding. 'kid'(keyid) is variable length, and may require 0, 1,
46 // or 2 bytes of padding.
47
48 const uint8 kKeyId[] = {
49 // base64 equivalent is AAECAw
50 0x00, 0x01, 0x02, 0x03
51 };
52
53 // Key is 0x0405060708090a0b0c0d0e0f10111213,
54 // base64 equivalent is BAUGBwgJCgsMDQ4PEBESEw.
55 const char kKeyAsJWK[] =
56 "{"
57 " \"keys\": ["
58 " {"
59 " \"kty\": \"oct\","
60 " \"alg\": \"A128KW\","
61 " \"kid\": \"AAECAw\","
62 " \"k\": \"BAUGBwgJCgsMDQ4PEBESEw\""
63 " }"
64 " ],"
65 " \"type\": \"temporary\""
66 "}";
67
68 // Same kid as kKeyAsJWK, key to decrypt kEncryptedData2
69 const char kKeyAlternateAsJWK[] =
70 "{"
71 " \"keys\": ["
72 " {"
73 " \"kty\": \"oct\","
74 " \"alg\": \"A128KW\","
75 " \"kid\": \"AAECAw\","
76 " \"k\": \"FBUWFxgZGhscHR4fICEiIw\""
77 " }"
78 " ]"
79 "}";
80
81 const char kWrongKeyAsJWK[] =
82 "{"
83 " \"keys\": ["
84 " {"
85 " \"kty\": \"oct\","
86 " \"alg\": \"A128KW\","
87 " \"kid\": \"AAECAw\","
88 " \"k\": \"7u7u7u7u7u7u7u7u7u7u7g\""
89 " }"
90 " ]"
91 "}";
92
93 const char kWrongSizedKeyAsJWK[] =
94 "{"
95 " \"keys\": ["
96 " {"
97 " \"kty\": \"oct\","
98 " \"alg\": \"A128KW\","
99 " \"kid\": \"AAECAw\","
100 " \"k\": \"AAECAw\""
101 " }"
102 " ]"
103 "}";
104
105 const uint8 kIv[] = {
106 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
107 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
108 };
109
110 // kOriginalData encrypted with kKey and kIv but without any subsamples (or
111 // equivalently using kSubsampleEntriesCypherOnly).
112 const uint8 kEncryptedData[] = {
113 0x2f, 0x03, 0x09, 0xef, 0x71, 0xaf, 0x31, 0x16,
114 0xfa, 0x9d, 0x18, 0x43, 0x1e, 0x96, 0x71, 0xb5,
115 0xbf, 0xf5, 0x30, 0x53, 0x9a, 0x20, 0xdf, 0x95
116 };
117
118 // kOriginalData encrypted with kSubsampleKey and kSubsampleIv using
119 // kSubsampleEntriesNormal.
120 const uint8 kSubsampleEncryptedData[] = {
121 0x4f, 0x72, 0x09, 0x16, 0x09, 0xe6, 0x79, 0xad,
122 0x70, 0x73, 0x75, 0x62, 0x09, 0xbb, 0x83, 0x1d,
123 0x4d, 0x08, 0xd7, 0x78, 0xa4, 0xa7, 0xf1, 0x2e
124 };
125
126 const uint8 kOriginalData2[] = "Changed Original data.";
127
128 const uint8 kIv2[] = {
129 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
130 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
131 };
132
133 const uint8 kKeyId2[] = {
134 // base64 equivalent is AAECAwQFBgcICQoLDA0ODxAREhM=
135 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
136 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
137 0x10, 0x11, 0x12, 0x13
138 };
139
140 const char kKey2AsJWK[] =
141 "{"
142 " \"keys\": ["
143 " {"
144 " \"kty\": \"oct\","
145 " \"alg\": \"A128KW\","
146 " \"kid\": \"AAECAwQFBgcICQoLDA0ODxAREhM\","
147 " \"k\": \"FBUWFxgZGhscHR4fICEiIw\""
148 " }"
149 " ]"
150 "}";
151
152 // 'k' in bytes is x14x15x16x17x18x19x1ax1bx1cx1dx1ex1fx20x21x22x23
153
154 const uint8 kEncryptedData2[] = {
155 0x57, 0x66, 0xf4, 0x12, 0x1a, 0xed, 0xb5, 0x79,
156 0x1c, 0x8e, 0x25, 0xd7, 0x17, 0xe7, 0x5e, 0x16,
157 0xe3, 0x40, 0x08, 0x27, 0x11, 0xe9
158 };
159
160 // Subsample entries for testing. The sum of |cypher_bytes| and |clear_bytes| of
161 // all entries must be equal to kOriginalDataSize to make the subsample entries
162 // valid.
163
164 const SubsampleEntry kSubsampleEntriesNormal[] = {
165 { 2, 7 },
166 { 3, 11 },
167 { 1, 0 }
168 };
169
170 const SubsampleEntry kSubsampleEntriesWrongSize[] = {
171 { 3, 6 }, // This entry doesn't match the correct entry.
172 { 3, 11 },
173 { 1, 0 }
174 };
175
176 const SubsampleEntry kSubsampleEntriesInvalidTotalSize[] = {
177 { 1, 1000 }, // This entry is too large.
178 { 3, 11 },
179 { 1, 0 }
180 };
181
182 const SubsampleEntry kSubsampleEntriesClearOnly[] = {
183 { 7, 0 },
184 { 8, 0 },
185 { 9, 0 }
186 };
187
188 const SubsampleEntry kSubsampleEntriesCypherOnly[] = {
189 { 0, 6 },
190 { 0, 8 },
191 { 0, 10 }
192 };
193
194 static scoped_refptr<DecoderBuffer> CreateEncryptedBuffer(
195 const std::vector<uint8>& data,
196 const std::vector<uint8>& key_id,
197 const std::vector<uint8>& iv,
198 const std::vector<SubsampleEntry>& subsample_entries) {
199 DCHECK(!data.empty());
200 scoped_refptr<DecoderBuffer> encrypted_buffer(new DecoderBuffer(data.size()));
201 memcpy(encrypted_buffer->writable_data(), &data[0], data.size());
202 CHECK(encrypted_buffer.get());
203 std::string key_id_string(
204 reinterpret_cast<const char*>(key_id.empty() ? NULL : &key_id[0]),
205 key_id.size());
206 std::string iv_string(
207 reinterpret_cast<const char*>(iv.empty() ? NULL : &iv[0]), iv.size());
208 encrypted_buffer->set_decrypt_config(scoped_ptr<DecryptConfig>(
209 new DecryptConfig(key_id_string, iv_string, subsample_entries)));
210 return encrypted_buffer;
211 }
212
213 enum PromiseResult { RESOLVED, REJECTED };
214
215 class AesDecryptorTest : public testing::Test {
216 public:
217 AesDecryptorTest()
218 : decryptor_(base::Bind(&AesDecryptorTest::OnSessionMessage,
219 base::Unretained(this)),
220 base::Bind(&AesDecryptorTest::OnSessionClosed,
221 base::Unretained(this)),
222 base::Bind(&AesDecryptorTest::OnSessionKeysChange,
223 base::Unretained(this))),
224 decrypt_cb_(base::Bind(&AesDecryptorTest::BufferDecrypted,
225 base::Unretained(this))),
226 original_data_(kOriginalData, kOriginalData + kOriginalDataSize),
227 encrypted_data_(kEncryptedData,
228 kEncryptedData + arraysize(kEncryptedData)),
229 subsample_encrypted_data_(
230 kSubsampleEncryptedData,
231 kSubsampleEncryptedData + arraysize(kSubsampleEncryptedData)),
232 key_id_(kKeyId, kKeyId + arraysize(kKeyId)),
233 iv_(kIv, kIv + arraysize(kIv)),
234 normal_subsample_entries_(
235 kSubsampleEntriesNormal,
236 kSubsampleEntriesNormal + arraysize(kSubsampleEntriesNormal)) {
237 }
238
239 protected:
240 void OnResolveWithSession(PromiseResult expected_result,
241 const std::string& session_id) {
242 EXPECT_EQ(expected_result, RESOLVED) << "Unexpectedly resolved.";
243 EXPECT_GT(session_id.length(), 0ul);
244 session_id_ = session_id;
245 }
246
247 void OnResolve(PromiseResult expected_result) {
248 EXPECT_EQ(expected_result, RESOLVED) << "Unexpectedly resolved.";
249 }
250
251 void OnReject(PromiseResult expected_result,
252 MediaKeys::Exception exception_code,
253 uint32 system_code,
254 const std::string& error_message) {
255 EXPECT_EQ(expected_result, REJECTED) << "Unexpectedly rejected.";
256 }
257
258 scoped_ptr<SimpleCdmPromise> CreatePromise(PromiseResult expected_result) {
259 scoped_ptr<SimpleCdmPromise> promise(
260 new CdmCallbackPromise<>(base::Bind(&AesDecryptorTest::OnResolve,
261 base::Unretained(this),
262 expected_result),
263 base::Bind(&AesDecryptorTest::OnReject,
264 base::Unretained(this),
265 expected_result)));
266 return promise.Pass();
267 }
268
269 scoped_ptr<NewSessionCdmPromise> CreateSessionPromise(
270 PromiseResult expected_result) {
271 scoped_ptr<NewSessionCdmPromise> promise(
272 new CdmCallbackPromise<std::string>(
273 base::Bind(&AesDecryptorTest::OnResolveWithSession,
274 base::Unretained(this),
275 expected_result),
276 base::Bind(&AesDecryptorTest::OnReject,
277 base::Unretained(this),
278 expected_result)));
279 return promise.Pass();
280 }
281
282 // Creates a new session using |key_id|. Returns the session ID.
283 std::string CreateSession(const std::vector<uint8>& key_id) {
284 DCHECK(!key_id.empty());
285 EXPECT_CALL(*this, OnSessionMessage(IsNotEmpty(), _, IsJSONDictionary(),
286 GURL::EmptyGURL()));
287 decryptor_.CreateSessionAndGenerateRequest(
288 MediaKeys::TEMPORARY_SESSION, "webm", &key_id[0], key_id.size(),
289 CreateSessionPromise(RESOLVED));
290 // This expects the promise to be called synchronously, which is the case
291 // for AesDecryptor.
292 return session_id_;
293 }
294
295 // Closes the session specified by |session_id|.
296 void CloseSession(const std::string& session_id) {
297 EXPECT_CALL(*this, OnSessionClosed(session_id));
298 decryptor_.CloseSession(session_id, CreatePromise(RESOLVED));
299 }
300
301 // Removes the session specified by |session_id|. This should simply do a
302 // CloseSession().
303 // TODO(jrummell): Clean this up when the prefixed API is removed.
304 // http://crbug.com/249976.
305 void RemoveSession(const std::string& session_id) {
306 EXPECT_CALL(*this, OnSessionClosed(session_id));
307 decryptor_.RemoveSession(session_id, CreatePromise(RESOLVED));
308 }
309
310 MOCK_METHOD2(OnSessionKeysChangeCalled,
311 void(const std::string& session_id,
312 bool has_additional_usable_key));
313
314 void OnSessionKeysChange(const std::string& session_id,
315 bool has_additional_usable_key,
316 CdmKeysInfo keys_info) {
317 keys_info_.swap(keys_info);
318 OnSessionKeysChangeCalled(session_id, has_additional_usable_key);
319 }
320
321 // Updates the session specified by |session_id| with |key|. |result|
322 // tests that the update succeeds or generates an error.
323 void UpdateSessionAndExpect(std::string session_id,
324 const std::string& key,
325 PromiseResult expected_result) {
326 DCHECK(!key.empty());
327
328 if (expected_result == RESOLVED) {
329 EXPECT_CALL(*this, OnSessionKeysChangeCalled(session_id, true));
330 } else {
331 EXPECT_CALL(*this, OnSessionKeysChangeCalled(_, _)).Times(0);
332 }
333
334 decryptor_.UpdateSession(session_id,
335 reinterpret_cast<const uint8*>(key.c_str()),
336 key.length(),
337 CreatePromise(expected_result));
338 }
339
340 bool KeysInfoContains(std::vector<uint8> expected) {
341 for (const auto& key_id : keys_info_) {
342 if (key_id->key_id == expected)
343 return true;
344 }
345 return false;
346 }
347
348 MOCK_METHOD2(BufferDecrypted, void(Decryptor::Status,
349 const scoped_refptr<DecoderBuffer>&));
350
351 enum DecryptExpectation {
352 SUCCESS,
353 DATA_MISMATCH,
354 DATA_AND_SIZE_MISMATCH,
355 DECRYPT_ERROR,
356 NO_KEY
357 };
358
359 void DecryptAndExpect(const scoped_refptr<DecoderBuffer>& encrypted,
360 const std::vector<uint8>& plain_text,
361 DecryptExpectation result) {
362 scoped_refptr<DecoderBuffer> decrypted;
363
364 switch (result) {
365 case SUCCESS:
366 case DATA_MISMATCH:
367 case DATA_AND_SIZE_MISMATCH:
368 EXPECT_CALL(*this, BufferDecrypted(Decryptor::kSuccess, NotNull()))
369 .WillOnce(SaveArg<1>(&decrypted));
370 break;
371 case DECRYPT_ERROR:
372 EXPECT_CALL(*this, BufferDecrypted(Decryptor::kError, IsNull()))
373 .WillOnce(SaveArg<1>(&decrypted));
374 break;
375 case NO_KEY:
376 EXPECT_CALL(*this, BufferDecrypted(Decryptor::kNoKey, IsNull()))
377 .WillOnce(SaveArg<1>(&decrypted));
378 break;
379 }
380
381 decryptor_.Decrypt(Decryptor::kVideo, encrypted, decrypt_cb_);
382
383 std::vector<uint8> decrypted_text;
384 if (decrypted.get() && decrypted->data_size()) {
385 decrypted_text.assign(
386 decrypted->data(), decrypted->data() + decrypted->data_size());
387 }
388
389 switch (result) {
390 case SUCCESS:
391 EXPECT_EQ(plain_text, decrypted_text);
392 break;
393 case DATA_MISMATCH:
394 EXPECT_EQ(plain_text.size(), decrypted_text.size());
395 EXPECT_NE(plain_text, decrypted_text);
396 break;
397 case DATA_AND_SIZE_MISMATCH:
398 EXPECT_NE(plain_text.size(), decrypted_text.size());
399 break;
400 case DECRYPT_ERROR:
401 case NO_KEY:
402 EXPECT_TRUE(decrypted_text.empty());
403 break;
404 }
405 }
406
407 MOCK_METHOD4(OnSessionMessage,
408 void(const std::string& session_id,
409 MediaKeys::MessageType message_type,
410 const std::vector<uint8>& message,
411 const GURL& legacy_destination_url));
412 MOCK_METHOD1(OnSessionClosed, void(const std::string& session_id));
413
414 AesDecryptor decryptor_;
415 AesDecryptor::DecryptCB decrypt_cb_;
416 std::string session_id_;
417 CdmKeysInfo keys_info_;
418
419 // Constants for testing.
420 const std::vector<uint8> original_data_;
421 const std::vector<uint8> encrypted_data_;
422 const std::vector<uint8> subsample_encrypted_data_;
423 const std::vector<uint8> key_id_;
424 const std::vector<uint8> iv_;
425 const std::vector<SubsampleEntry> normal_subsample_entries_;
426 const std::vector<SubsampleEntry> no_subsample_entries_;
427 };
428
429 TEST_F(AesDecryptorTest, CreateSessionWithNullInitData) {
430 EXPECT_CALL(*this,
431 OnSessionMessage(IsNotEmpty(), _, IsEmpty(), GURL::EmptyGURL()));
432 decryptor_.CreateSessionAndGenerateRequest(MediaKeys::TEMPORARY_SESSION,
433 "webm", NULL, 0,
434 CreateSessionPromise(RESOLVED));
435 }
436
437 TEST_F(AesDecryptorTest, MultipleCreateSession) {
438 EXPECT_CALL(*this,
439 OnSessionMessage(IsNotEmpty(), _, IsEmpty(), GURL::EmptyGURL()));
440 decryptor_.CreateSessionAndGenerateRequest(MediaKeys::TEMPORARY_SESSION,
441 "webm", NULL, 0,
442 CreateSessionPromise(RESOLVED));
443
444 EXPECT_CALL(*this,
445 OnSessionMessage(IsNotEmpty(), _, IsEmpty(), GURL::EmptyGURL()));
446 decryptor_.CreateSessionAndGenerateRequest(MediaKeys::TEMPORARY_SESSION,
447 "webm", NULL, 0,
448 CreateSessionPromise(RESOLVED));
449
450 EXPECT_CALL(*this,
451 OnSessionMessage(IsNotEmpty(), _, IsEmpty(), GURL::EmptyGURL()));
452 decryptor_.CreateSessionAndGenerateRequest(MediaKeys::TEMPORARY_SESSION,
453 "webm", NULL, 0,
454 CreateSessionPromise(RESOLVED));
455 }
456
457 TEST_F(AesDecryptorTest, NormalDecryption) {
458 std::string session_id = CreateSession(key_id_);
459 UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED);
460 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
461 encrypted_data_, key_id_, iv_, no_subsample_entries_);
462 DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS);
463 }
464
465 TEST_F(AesDecryptorTest, UnencryptedFrame) {
466 // An empty iv string signals that the frame is unencrypted.
467 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
468 original_data_, key_id_, std::vector<uint8>(), no_subsample_entries_);
469 DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS);
470 }
471
472 TEST_F(AesDecryptorTest, WrongKey) {
473 std::string session_id = CreateSession(key_id_);
474 UpdateSessionAndExpect(session_id, kWrongKeyAsJWK, RESOLVED);
475 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
476 encrypted_data_, key_id_, iv_, no_subsample_entries_);
477 DecryptAndExpect(encrypted_buffer, original_data_, DATA_MISMATCH);
478 }
479
480 TEST_F(AesDecryptorTest, NoKey) {
481 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
482 encrypted_data_, key_id_, iv_, no_subsample_entries_);
483 EXPECT_CALL(*this, BufferDecrypted(AesDecryptor::kNoKey, IsNull()));
484 decryptor_.Decrypt(Decryptor::kVideo, encrypted_buffer, decrypt_cb_);
485 }
486
487 TEST_F(AesDecryptorTest, KeyReplacement) {
488 std::string session_id = CreateSession(key_id_);
489 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
490 encrypted_data_, key_id_, iv_, no_subsample_entries_);
491
492 UpdateSessionAndExpect(session_id, kWrongKeyAsJWK, RESOLVED);
493 ASSERT_NO_FATAL_FAILURE(DecryptAndExpect(
494 encrypted_buffer, original_data_, DATA_MISMATCH));
495
496 UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED);
497 ASSERT_NO_FATAL_FAILURE(
498 DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
499 }
500
501 TEST_F(AesDecryptorTest, WrongSizedKey) {
502 std::string session_id = CreateSession(key_id_);
503 UpdateSessionAndExpect(session_id, kWrongSizedKeyAsJWK, REJECTED);
504 }
505
506 TEST_F(AesDecryptorTest, MultipleKeysAndFrames) {
507 std::string session_id = CreateSession(key_id_);
508 UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED);
509 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
510 encrypted_data_, key_id_, iv_, no_subsample_entries_);
511 ASSERT_NO_FATAL_FAILURE(
512 DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
513
514 UpdateSessionAndExpect(session_id, kKey2AsJWK, RESOLVED);
515
516 // The first key is still available after we added a second key.
517 ASSERT_NO_FATAL_FAILURE(
518 DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
519
520 // The second key is also available.
521 encrypted_buffer = CreateEncryptedBuffer(
522 std::vector<uint8>(kEncryptedData2,
523 kEncryptedData2 + arraysize(kEncryptedData2)),
524 std::vector<uint8>(kKeyId2, kKeyId2 + arraysize(kKeyId2)),
525 std::vector<uint8>(kIv2, kIv2 + arraysize(kIv2)),
526 no_subsample_entries_);
527 ASSERT_NO_FATAL_FAILURE(DecryptAndExpect(
528 encrypted_buffer,
529 std::vector<uint8>(kOriginalData2,
530 kOriginalData2 + arraysize(kOriginalData2) - 1),
531 SUCCESS));
532 }
533
534 TEST_F(AesDecryptorTest, CorruptedIv) {
535 std::string session_id = CreateSession(key_id_);
536 UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED);
537
538 std::vector<uint8> bad_iv = iv_;
539 bad_iv[1]++;
540
541 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
542 encrypted_data_, key_id_, bad_iv, no_subsample_entries_);
543
544 DecryptAndExpect(encrypted_buffer, original_data_, DATA_MISMATCH);
545 }
546
547 TEST_F(AesDecryptorTest, CorruptedData) {
548 std::string session_id = CreateSession(key_id_);
549 UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED);
550
551 std::vector<uint8> bad_data = encrypted_data_;
552 bad_data[1]++;
553
554 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
555 bad_data, key_id_, iv_, no_subsample_entries_);
556 DecryptAndExpect(encrypted_buffer, original_data_, DATA_MISMATCH);
557 }
558
559 TEST_F(AesDecryptorTest, EncryptedAsUnencryptedFailure) {
560 std::string session_id = CreateSession(key_id_);
561 UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED);
562 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
563 encrypted_data_, key_id_, std::vector<uint8>(), no_subsample_entries_);
564 DecryptAndExpect(encrypted_buffer, original_data_, DATA_MISMATCH);
565 }
566
567 TEST_F(AesDecryptorTest, SubsampleDecryption) {
568 std::string session_id = CreateSession(key_id_);
569 UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED);
570 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
571 subsample_encrypted_data_, key_id_, iv_, normal_subsample_entries_);
572 DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS);
573 }
574
575 // Ensures noninterference of data offset and subsample mechanisms. We never
576 // expect to encounter this in the wild, but since the DecryptConfig doesn't
577 // disallow such a configuration, it should be covered.
578 TEST_F(AesDecryptorTest, SubsampleDecryptionWithOffset) {
579 std::string session_id = CreateSession(key_id_);
580 UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED);
581 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
582 subsample_encrypted_data_, key_id_, iv_, normal_subsample_entries_);
583 DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS);
584 }
585
586 TEST_F(AesDecryptorTest, SubsampleWrongSize) {
587 std::string session_id = CreateSession(key_id_);
588 UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED);
589
590 std::vector<SubsampleEntry> subsample_entries_wrong_size(
591 kSubsampleEntriesWrongSize,
592 kSubsampleEntriesWrongSize + arraysize(kSubsampleEntriesWrongSize));
593
594 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
595 subsample_encrypted_data_, key_id_, iv_, subsample_entries_wrong_size);
596 DecryptAndExpect(encrypted_buffer, original_data_, DATA_MISMATCH);
597 }
598
599 TEST_F(AesDecryptorTest, SubsampleInvalidTotalSize) {
600 std::string session_id = CreateSession(key_id_);
601 UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED);
602
603 std::vector<SubsampleEntry> subsample_entries_invalid_total_size(
604 kSubsampleEntriesInvalidTotalSize,
605 kSubsampleEntriesInvalidTotalSize +
606 arraysize(kSubsampleEntriesInvalidTotalSize));
607
608 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
609 subsample_encrypted_data_, key_id_, iv_,
610 subsample_entries_invalid_total_size);
611 DecryptAndExpect(encrypted_buffer, original_data_, DECRYPT_ERROR);
612 }
613
614 // No cypher bytes in any of the subsamples.
615 TEST_F(AesDecryptorTest, SubsampleClearBytesOnly) {
616 std::string session_id = CreateSession(key_id_);
617 UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED);
618
619 std::vector<SubsampleEntry> clear_only_subsample_entries(
620 kSubsampleEntriesClearOnly,
621 kSubsampleEntriesClearOnly + arraysize(kSubsampleEntriesClearOnly));
622
623 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
624 original_data_, key_id_, iv_, clear_only_subsample_entries);
625 DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS);
626 }
627
628 // No clear bytes in any of the subsamples.
629 TEST_F(AesDecryptorTest, SubsampleCypherBytesOnly) {
630 std::string session_id = CreateSession(key_id_);
631 UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED);
632
633 std::vector<SubsampleEntry> cypher_only_subsample_entries(
634 kSubsampleEntriesCypherOnly,
635 kSubsampleEntriesCypherOnly + arraysize(kSubsampleEntriesCypherOnly));
636
637 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
638 encrypted_data_, key_id_, iv_, cypher_only_subsample_entries);
639 DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS);
640 }
641
642 TEST_F(AesDecryptorTest, CloseSession) {
643 std::string session_id = CreateSession(key_id_);
644 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
645 encrypted_data_, key_id_, iv_, no_subsample_entries_);
646
647 UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED);
648 ASSERT_NO_FATAL_FAILURE(
649 DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
650
651 CloseSession(session_id);
652 }
653
654 TEST_F(AesDecryptorTest, RemoveSession) {
655 // TODO(jrummell): Clean this up when the prefixed API is removed.
656 // http://crbug.com/249976.
657 std::string session_id = CreateSession(key_id_);
658 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
659 encrypted_data_, key_id_, iv_, no_subsample_entries_);
660
661 UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED);
662 ASSERT_NO_FATAL_FAILURE(
663 DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
664
665 RemoveSession(session_id);
666 }
667
668 TEST_F(AesDecryptorTest, NoKeyAfterCloseSession) {
669 std::string session_id = CreateSession(key_id_);
670 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
671 encrypted_data_, key_id_, iv_, no_subsample_entries_);
672
673 UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED);
674 ASSERT_NO_FATAL_FAILURE(
675 DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
676
677 CloseSession(session_id);
678 ASSERT_NO_FATAL_FAILURE(
679 DecryptAndExpect(encrypted_buffer, original_data_, NO_KEY));
680 }
681
682 TEST_F(AesDecryptorTest, LatestKeyUsed) {
683 std::string session_id1 = CreateSession(key_id_);
684 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
685 encrypted_data_, key_id_, iv_, no_subsample_entries_);
686
687 // Add alternate key, buffer should not be decoded properly.
688 UpdateSessionAndExpect(session_id1, kKeyAlternateAsJWK, RESOLVED);
689 ASSERT_NO_FATAL_FAILURE(
690 DecryptAndExpect(encrypted_buffer, original_data_, DATA_MISMATCH));
691
692 // Create a second session with a correct key value for key_id_.
693 std::string session_id2 = CreateSession(key_id_);
694 UpdateSessionAndExpect(session_id2, kKeyAsJWK, RESOLVED);
695
696 // Should be able to decode with latest key.
697 ASSERT_NO_FATAL_FAILURE(
698 DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
699 }
700
701 TEST_F(AesDecryptorTest, LatestKeyUsedAfterCloseSession) {
702 std::string session_id1 = CreateSession(key_id_);
703 scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
704 encrypted_data_, key_id_, iv_, no_subsample_entries_);
705 UpdateSessionAndExpect(session_id1, kKeyAsJWK, RESOLVED);
706 ASSERT_NO_FATAL_FAILURE(
707 DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
708
709 // Create a second session with a different key value for key_id_.
710 std::string session_id2 = CreateSession(key_id_);
711 UpdateSessionAndExpect(session_id2, kKeyAlternateAsJWK, RESOLVED);
712
713 // Should not be able to decode with new key.
714 ASSERT_NO_FATAL_FAILURE(
715 DecryptAndExpect(encrypted_buffer, original_data_, DATA_MISMATCH));
716
717 // Close second session, should revert to original key.
718 CloseSession(session_id2);
719 ASSERT_NO_FATAL_FAILURE(
720 DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
721 }
722
723 TEST_F(AesDecryptorTest, JWKKey) {
724 std::string session_id = CreateSession(key_id_);
725
726 // Try a simple JWK key (i.e. not in a set)
727 const std::string kJwkSimple =
728 "{"
729 " \"kty\": \"oct\","
730 " \"alg\": \"A128KW\","
731 " \"kid\": \"AAECAwQFBgcICQoLDA0ODxAREhM\","
732 " \"k\": \"FBUWFxgZGhscHR4fICEiIw\""
733 "}";
734 UpdateSessionAndExpect(session_id, kJwkSimple, REJECTED);
735
736 // Try a key list with multiple entries.
737 const std::string kJwksMultipleEntries =
738 "{"
739 " \"keys\": ["
740 " {"
741 " \"kty\": \"oct\","
742 " \"alg\": \"A128KW\","
743 " \"kid\": \"AAECAwQFBgcICQoLDA0ODxAREhM\","
744 " \"k\": \"FBUWFxgZGhscHR4fICEiIw\""
745 " },"
746 " {"
747 " \"kty\": \"oct\","
748 " \"alg\": \"A128KW\","
749 " \"kid\": \"JCUmJygpKissLS4vMA\","
750 " \"k\":\"MTIzNDU2Nzg5Ojs8PT4_QA\""
751 " }"
752 " ]"
753 "}";
754 UpdateSessionAndExpect(session_id, kJwksMultipleEntries, RESOLVED);
755
756 // Try a key with no spaces and some \n plus additional fields.
757 const std::string kJwksNoSpaces =
758 "\n\n{\"something\":1,\"keys\":[{\n\n\"kty\":\"oct\",\"alg\":\"A128KW\","
759 "\"kid\":\"AAECAwQFBgcICQoLDA0ODxAREhM\",\"k\":\"GawgguFyGrWKav7AX4VKUg"
760 "\",\"foo\":\"bar\"}]}\n\n";
761 UpdateSessionAndExpect(session_id, kJwksNoSpaces, RESOLVED);
762
763 // Try some non-ASCII characters.
764 UpdateSessionAndExpect(
765 session_id, "This is not ASCII due to \xff\xfe\xfd in it.", REJECTED);
766
767 // Try a badly formatted key. Assume that the JSON parser is fully tested,
768 // so we won't try a lot of combinations. However, need a test to ensure
769 // that the code doesn't crash if invalid JSON received.
770 UpdateSessionAndExpect(session_id, "This is not a JSON key.", REJECTED);
771
772 // Try passing some valid JSON that is not a dictionary at the top level.
773 UpdateSessionAndExpect(session_id, "40", REJECTED);
774
775 // Try an empty dictionary.
776 UpdateSessionAndExpect(session_id, "{ }", REJECTED);
777
778 // Try an empty 'keys' dictionary.
779 UpdateSessionAndExpect(session_id, "{ \"keys\": [] }", REJECTED);
780
781 // Try with 'keys' not a dictionary.
782 UpdateSessionAndExpect(session_id, "{ \"keys\":\"1\" }", REJECTED);
783
784 // Try with 'keys' a list of integers.
785 UpdateSessionAndExpect(session_id, "{ \"keys\": [ 1, 2, 3 ] }", REJECTED);
786
787 // Try padding(=) at end of 'k' base64 string.
788 const std::string kJwksWithPaddedKey =
789 "{"
790 " \"keys\": ["
791 " {"
792 " \"kty\": \"oct\","
793 " \"alg\": \"A128KW\","
794 " \"kid\": \"AAECAw\","
795 " \"k\": \"BAUGBwgJCgsMDQ4PEBESEw==\""
796 " }"
797 " ]"
798 "}";
799 UpdateSessionAndExpect(session_id, kJwksWithPaddedKey, REJECTED);
800
801 // Try padding(=) at end of 'kid' base64 string.
802 const std::string kJwksWithPaddedKeyId =
803 "{"
804 " \"keys\": ["
805 " {"
806 " \"kty\": \"oct\","
807 " \"alg\": \"A128KW\","
808 " \"kid\": \"AAECAw==\","
809 " \"k\": \"BAUGBwgJCgsMDQ4PEBESEw\""
810 " }"
811 " ]"
812 "}";
813 UpdateSessionAndExpect(session_id, kJwksWithPaddedKeyId, REJECTED);
814
815 // Try a key with invalid base64 encoding.
816 const std::string kJwksWithInvalidBase64 =
817 "{"
818 " \"keys\": ["
819 " {"
820 " \"kty\": \"oct\","
821 " \"alg\": \"A128KW\","
822 " \"kid\": \"!@#$%^&*()\","
823 " \"k\": \"BAUGBwgJCgsMDQ4PEBESEw\""
824 " }"
825 " ]"
826 "}";
827 UpdateSessionAndExpect(session_id, kJwksWithInvalidBase64, REJECTED);
828
829 // Try a 3-byte 'kid' where no base64 padding is required.
830 // |kJwksMultipleEntries| above has 2 'kid's that require 1 and 2 padding
831 // bytes. Note that 'k' has to be 16 bytes, so it will always require padding.
832 const std::string kJwksWithNoPadding =
833 "{"
834 " \"keys\": ["
835 " {"
836 " \"kty\": \"oct\","
837 " \"alg\": \"A128KW\","
838 " \"kid\": \"Kiss\","
839 " \"k\": \"BAUGBwgJCgsMDQ4PEBESEw\""
840 " }"
841 " ]"
842 "}";
843 UpdateSessionAndExpect(session_id, kJwksWithNoPadding, RESOLVED);
844
845 // Empty key id.
846 const std::string kJwksWithEmptyKeyId =
847 "{"
848 " \"keys\": ["
849 " {"
850 " \"kty\": \"oct\","
851 " \"alg\": \"A128KW\","
852 " \"kid\": \"\","
853 " \"k\": \"BAUGBwgJCgsMDQ4PEBESEw\""
854 " }"
855 " ]"
856 "}";
857 UpdateSessionAndExpect(session_id, kJwksWithEmptyKeyId, REJECTED);
858 CloseSession(session_id);
859 }
860
861 TEST_F(AesDecryptorTest, GetKeyIds) {
862 std::vector<uint8> key_id1(kKeyId, kKeyId + arraysize(kKeyId));
863 std::vector<uint8> key_id2(kKeyId2, kKeyId2 + arraysize(kKeyId2));
864
865 std::string session_id = CreateSession(key_id_);
866 EXPECT_FALSE(KeysInfoContains(key_id1));
867 EXPECT_FALSE(KeysInfoContains(key_id2));
868
869 // Add 1 key, verify it is returned.
870 UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED);
871 EXPECT_TRUE(KeysInfoContains(key_id1));
872 EXPECT_FALSE(KeysInfoContains(key_id2));
873
874 // Add second key, verify both IDs returned.
875 UpdateSessionAndExpect(session_id, kKey2AsJWK, RESOLVED);
876 EXPECT_TRUE(KeysInfoContains(key_id1));
877 EXPECT_TRUE(KeysInfoContains(key_id2));
878 }
879
880 } // namespace media