Add support for v0.3 of the encrypted WebM specification.

media/crypto/aes_decryptor_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "base/bind.h"
 #include "base/sys_byteorder.h"
@@ skipping 23 matching lines @@
   int key_id_size;
   uint8 key[32];
   int key_size;
   uint8 encrypted_data[64];
   int encrypted_data_size;
 };
 
 static const char kClearKeySystem[] = "org.w3.clearkey";
 
 // Frames 0 & 1 are encrypted with the same key. Frame 2 is encrypted with a
-// different key.
+// different key. Frame 3 has the same HMAC key as frame 2, but frame 3 is
+// unencrypted.
 const WebmEncryptedData kWebmEncryptedFrames[] = {
   {
     // plaintext
     "Original data.", 14,
     // key_id
     { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
       0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
       0x10, 0x11, 0x12, 0x13
-    }, 20,
+      }, 20,
     // key
     { 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
       0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23
-    }, 16,
+      }, 16,
     // encrypted_data
-    { 0xfb, 0xe7, 0x1d, 0xbb, 0x4c, 0x23, 0xce, 0xba,
-      0xcc, 0xf8, 0xda, 0xc0, 0xff, 0xff, 0xff, 0xff,
-      0xff, 0xff, 0xff, 0xff, 0x99, 0xaa, 0xff, 0xb7,
-      0x74, 0x02, 0x4e, 0x1c, 0x75, 0x3d, 0xee, 0xcb,
-      0x64, 0xf7
-    }, 34
+    { 0x3c, 0x4e, 0xb8, 0xd9, 0x5c, 0x20, 0x48, 0x18,
+      0x4f, 0x03, 0x74, 0xa1, 0x01, 0xff, 0xff, 0xff,
+      0xff, 0xff, 0xff, 0xff, 0xff, 0x99, 0xaa, 0xff,
+      0xb7, 0x74, 0x02, 0x4e, 0x1c, 0x75, 0x3d, 0xee,
+      0xcb, 0x64, 0xf7
+      }, 35
   },
   {
     // plaintext
     "Changed Original data.", 22,
     // key_id
     { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
       0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
       0x10, 0x11, 0x12, 0x13
-    }, 20,
+      }, 20,
     // key
     { 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
       0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23
-    }, 16,
+      }, 16,
     // encrypted_data
-    { 0x43, 0xe4, 0x78, 0x7a, 0x43, 0xe1, 0x49, 0xbb,
-      0x44, 0x38, 0xdf, 0xfc, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0xec, 0x8e, 0x87, 0x21,
-      0xd3, 0xb9, 0x1c, 0x61, 0xf6, 0x5a, 0x60, 0xaa,
-      0x07, 0x0e, 0x96, 0xd0, 0x54, 0x5d, 0x35, 0x9a,
-      0x4a, 0xd3
-    }, 42
+    { 0xe8, 0x4c, 0x51, 0x33, 0x14, 0x0d, 0xc7, 0x17,
+      0x32, 0x60, 0xc9, 0xd0, 0x01, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0xec, 0x8e, 0x87,
+      0x21, 0xd3, 0xb9, 0x1c, 0x61, 0xf6, 0x5a, 0x60,
+      0xaa, 0x07, 0x0e, 0x96, 0xd0, 0x54, 0x5d, 0x35,
+      0x9a, 0x4a, 0xd3
+      }, 43
   },
   {
     // plaintext
     "Original data.", 14,
     // key_id
     { 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
       0x2c, 0x2d, 0x2e, 0x2f, 0x30
-    }, 13,
+      }, 13,
     // key
     { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
       0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40
-    }, 16,
+      }, 16,
     // encrypted_data
-    { 0xd9, 0x43, 0x30, 0xfd, 0x82, 0x77, 0x62, 0x04,
-      0x08, 0xc2, 0x48, 0x89, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x01, 0x48, 0x5e, 0x4a, 0x41,
-      0x2a, 0x8b, 0xf4, 0xc6, 0x47, 0x54, 0x90, 0x34,
-      0xf4, 0x8b
-    }, 34
+    { 0x46, 0x93, 0x8c, 0x93, 0x48, 0xf9, 0xeb, 0x30,
+      0x74, 0x55, 0x6b, 0xf2, 0x01, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x01, 0x48, 0x5e, 0x4a,
+      0x41, 0x2a, 0x8b, 0xf4, 0xc6, 0x47, 0x54, 0x90,
+      0x34, 0xf4, 0x8b
+      }, 35
+  },
+  {
+    // plaintext
+    "Changed Original data.", 22,
+    // key_id
+    { 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
+      0x2c, 0x2d, 0x2e, 0x2f, 0x30
+      }, 13,
+    // key
+    { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
+      0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40
+      }, 16,
+    // encrypted_data
+    { 0xee, 0xd6, 0xf5, 0x64, 0x5f, 0xe0, 0x6a, 0xa2,
+      0x9e, 0xd6, 0xce, 0x34, 0x00, 0x43, 0x68, 0x61,
+      0x6e, 0x67, 0x65, 0x64, 0x20, 0x4f, 0x72, 0x69,
+      0x67, 0x69, 0x6e, 0x61, 0x6c, 0x20, 0x64, 0x61,
+      0x74, 0x61, 0x2e
+      }, 35
   }
 };
 
 static const uint8 kWebmWrongKey[] = {
   0x49, 0x27, 0x6d, 0x20, 0x61, 0x20, 0x77, 0x72,
   0x6f, 0x6e, 0x67, 0x20, 0x6b, 0x65, 0x79, 0x2e
 };
 static const uint8 kWebmWrongSizedKey[] = { 0x20, 0x20 };
 
 // This is the encrypted data from frame 0 of |kWebmEncryptedFrames| except
@@ skipping 70 matching lines @@
   { 1, 0 }
 };
 
 // Returns a 16 byte CTR counter block. The CTR counter block format is a
 // CTR IV appended with a CTR block counter. |iv| is a CTR IV. |iv_size| is
 // the size of |iv| in bytes.
 static std::string GenerateCounterBlock(const uint8* iv, int iv_size) {
   const int kDecryptionKeySize = 16;
   CHECK_GT(iv_size, 0);
   CHECK_LE(iv_size, kDecryptionKeySize);
-  char counter_block_data[kDecryptionKeySize];
 
-  // Set the IV.
-  memcpy(counter_block_data, iv, iv_size);
-
-  // Set block counter to all 0's.
-  memset(counter_block_data + iv_size, 0, kDecryptionKeySize - iv_size);
-
-  return std::string(counter_block_data, kDecryptionKeySize);
+  std::string counter_block(reinterpret_cast<const char*>(iv), iv_size);
+  counter_block.append(kDecryptionKeySize - iv_size, 0);
+  return counter_block;
 }
 
 // Creates a WebM encrypted buffer that the demuxer would pass to the
 // decryptor. |data| is the payload of a WebM encrypted Block. |key_id| is
 // initialization data from the WebM file. Every encrypted Block has
-// an HMAC and IV prepended to an encrypted frame. Current encrypted WebM
-// request for comments specification is here
+// an HMAC and a signal byte prepended to a frame. If the frame is encrypted
+// then an IV is prepended to the Block. Current encrypted WebM request for
+// comments specification is here
 // http://wiki.webmproject.org/encryption/webm-encryption-rfc
 static scoped_refptr<DecoderBuffer> CreateWebMEncryptedBuffer(
     const uint8* data, int data_size,
     const uint8* key_id, int key_id_size) {
   scoped_refptr<DecoderBuffer> encrypted_buffer = DecoderBuffer::CopyFrom(
       data + kWebMHmacSize, data_size - kWebMHmacSize);
   CHECK(encrypted_buffer);
 
-  uint64 network_iv;
-  memcpy(&network_iv, data + kWebMHmacSize, sizeof(network_iv));
-  const uint64 iv = base::NetToHost64(network_iv);
-  std::string webm_iv =
-      GenerateCounterBlock(reinterpret_cast<const uint8*>(&iv), sizeof(iv));
+  uint8 signal_byte = data[kWebMHmacSize];
+  int data_offset = sizeof(signal_byte);
+
+  // Setting the DecryptConfig object of the buffer while leaving the
+  // initialization vector empty will tell the decryptor that the frame is
+  // unencrypted but integrity should still be checked.
+  std::string counter_block_str;
+
+  if (signal_byte & kWebMFlagEncryptedFrame) {
+    uint64 network_iv;
+    memcpy(&network_iv, data + kWebMHmacSize + data_offset, sizeof(network_iv));
+    const uint64 iv = base::NetToHost64(network_iv);
+    counter_block_str =
+        GenerateCounterBlock(reinterpret_cast<const uint8*>(&iv), sizeof(iv));
+    data_offset += sizeof(iv);
+  }
+
   encrypted_buffer->SetDecryptConfig(
       scoped_ptr<DecryptConfig>(new DecryptConfig(
           std::string(reinterpret_cast<const char*>(key_id), key_id_size),
-          webm_iv,
+          counter_block_str,
           std::string(reinterpret_cast<const char*>(data), kWebMHmacSize),
-          sizeof(iv),
+          data_offset,
           std::vector<SubsampleEntry>())));
   return encrypted_buffer;
 }
 
 static scoped_refptr<DecoderBuffer> CreateSubsampleEncryptedBuffer(
     const uint8* data, int data_size,
     const uint8* key_id, int key_id_size,
     const uint8* iv, int iv_size,
     int data_offset,
     const std::vector<SubsampleEntry>& subsample_entries) {
@@ skipping 77 matching lines @@
                            frame.key, frame.key_size);
   scoped_refptr<DecoderBuffer> encrypted_data =
       CreateWebMEncryptedBuffer(frame.encrypted_data,
                                 frame.encrypted_data_size,
                                 frame.key_id, frame.key_id_size);
   ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToSucceed(encrypted_data,
                                                     frame.plain_text,
                                                     frame.plain_text_size));
 }
 
+TEST_F(AesDecryptorTest, UnencryptedFrameWebMDecryption) {
+  const WebmEncryptedData& frame = kWebmEncryptedFrames[3];
+  GenerateKeyRequest(frame.key_id, frame.key_id_size);
+  AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size,
+                           frame.key, frame.key_size);
+  scoped_refptr<DecoderBuffer> encrypted_data =
+      CreateWebMEncryptedBuffer(frame.encrypted_data,
+                                frame.encrypted_data_size,
+                                frame.key_id, frame.key_id_size);
+  ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToSucceed(encrypted_data,
+                                                    frame.plain_text,
+                                                    frame.plain_text_size));
+}
+
 TEST_F(AesDecryptorTest, WrongKey) {
   const WebmEncryptedData& frame = kWebmEncryptedFrames[0];
   GenerateKeyRequest(frame.key_id, frame.key_id_size);
   AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size,
                            kWebmWrongKey, arraysize(kWebmWrongKey));
   scoped_refptr<DecoderBuffer> encrypted_data =
       CreateWebMEncryptedBuffer(frame.encrypted_data,
                                 frame.encrypted_data_size,
                                 frame.key_id, frame.key_id_size);
   ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data));
@@ skipping 151 matching lines @@
   scoped_refptr<DecoderBuffer> encrypted_data = CreateSubsampleEncryptedBuffer(
       kSubsampleData, arraysize(kSubsampleData),
       kSubsampleKeyId, arraysize(kSubsampleKeyId),
       kSubsampleIv, arraysize(kSubsampleIv),
       0,
       entries);
   ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data));
 }
 
 }  // namespace media