| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <string> | 5 #include <string> |
| 6 #include <vector> | 6 #include <vector> |
| 7 | 7 |
| 8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/sys_byteorder.h" | 10 #include "base/sys_byteorder.h" |
| (...skipping 23 matching lines...) Expand all Loading... |
| 34 int key_id_size; | 34 int key_id_size; |
| 35 uint8 key[32]; | 35 uint8 key[32]; |
| 36 int key_size; | 36 int key_size; |
| 37 uint8 encrypted_data[64]; | 37 uint8 encrypted_data[64]; |
| 38 int encrypted_data_size; | 38 int encrypted_data_size; |
| 39 }; | 39 }; |
| 40 | 40 |
| 41 static const char kClearKeySystem[] = "org.w3.clearkey"; | 41 static const char kClearKeySystem[] = "org.w3.clearkey"; |
| 42 | 42 |
| 43 // Frames 0 & 1 are encrypted with the same key. Frame 2 is encrypted with a | 43 // Frames 0 & 1 are encrypted with the same key. Frame 2 is encrypted with a |
| 44 // different key. | 44 // different key. Frame 3 has the same HMAC key as frame 2, but frame 3 is |
| 45 // unencrypted. |
| 45 const WebmEncryptedData kWebmEncryptedFrames[] = { | 46 const WebmEncryptedData kWebmEncryptedFrames[] = { |
| 46 { | 47 { |
| 47 // plaintext | 48 // plaintext |
| 48 "Original data.", 14, | 49 "Original data.", 14, |
| 49 // key_id | 50 // key_id |
| 50 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | 51 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, |
| 51 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | 52 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, |
| 52 0x10, 0x11, 0x12, 0x13 | 53 0x10, 0x11, 0x12, 0x13 |
| 53 }, 20, | 54 }, 20, |
| 54 // key | 55 // key |
| 55 { 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, | 56 { 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, |
| 56 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23 | 57 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23 |
| 57 }, 16, | 58 }, 16, |
| 58 // encrypted_data | 59 // encrypted_data |
| 59 { 0xfb, 0xe7, 0x1d, 0xbb, 0x4c, 0x23, 0xce, 0xba, | 60 { 0x3c, 0x4e, 0xb8, 0xd9, 0x5c, 0x20, 0x48, 0x18, |
| 60 0xcc, 0xf8, 0xda, 0xc0, 0xff, 0xff, 0xff, 0xff, | 61 0x4f, 0x03, 0x74, 0xa1, 0x01, 0xff, 0xff, 0xff, |
| 61 0xff, 0xff, 0xff, 0xff, 0x99, 0xaa, 0xff, 0xb7, | 62 0xff, 0xff, 0xff, 0xff, 0xff, 0x99, 0xaa, 0xff, |
| 62 0x74, 0x02, 0x4e, 0x1c, 0x75, 0x3d, 0xee, 0xcb, | 63 0xb7, 0x74, 0x02, 0x4e, 0x1c, 0x75, 0x3d, 0xee, |
| 63 0x64, 0xf7 | 64 0xcb, 0x64, 0xf7 |
| 64 }, 34 | 65 }, 35 |
| 65 }, | 66 }, |
| 66 { | 67 { |
| 67 // plaintext | 68 // plaintext |
| 68 "Changed Original data.", 22, | 69 "Changed Original data.", 22, |
| 69 // key_id | 70 // key_id |
| 70 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | 71 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, |
| 71 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | 72 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, |
| 72 0x10, 0x11, 0x12, 0x13 | 73 0x10, 0x11, 0x12, 0x13 |
| 73 }, 20, | 74 }, 20, |
| 74 // key | 75 // key |
| 75 { 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, | 76 { 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, |
| 76 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23 | 77 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23 |
| 77 }, 16, | 78 }, 16, |
| 78 // encrypted_data | 79 // encrypted_data |
| 79 { 0x43, 0xe4, 0x78, 0x7a, 0x43, 0xe1, 0x49, 0xbb, | 80 { 0xe8, 0x4c, 0x51, 0x33, 0x14, 0x0d, 0xc7, 0x17, |
| 80 0x44, 0x38, 0xdf, 0xfc, 0x00, 0x00, 0x00, 0x00, | 81 0x32, 0x60, 0xc9, 0xd0, 0x01, 0x00, 0x00, 0x00, |
| 81 0x00, 0x00, 0x00, 0x00, 0xec, 0x8e, 0x87, 0x21, | 82 0x00, 0x00, 0x00, 0x00, 0x00, 0xec, 0x8e, 0x87, |
| 82 0xd3, 0xb9, 0x1c, 0x61, 0xf6, 0x5a, 0x60, 0xaa, | 83 0x21, 0xd3, 0xb9, 0x1c, 0x61, 0xf6, 0x5a, 0x60, |
| 83 0x07, 0x0e, 0x96, 0xd0, 0x54, 0x5d, 0x35, 0x9a, | 84 0xaa, 0x07, 0x0e, 0x96, 0xd0, 0x54, 0x5d, 0x35, |
| 84 0x4a, 0xd3 | 85 0x9a, 0x4a, 0xd3 |
| 85 }, 42 | 86 }, 43 |
| 86 }, | 87 }, |
| 87 { | 88 { |
| 88 // plaintext | 89 // plaintext |
| 89 "Original data.", 14, | 90 "Original data.", 14, |
| 90 // key_id | 91 // key_id |
| 91 { 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, | 92 { 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, |
| 92 0x2c, 0x2d, 0x2e, 0x2f, 0x30 | 93 0x2c, 0x2d, 0x2e, 0x2f, 0x30 |
| 93 }, 13, | 94 }, 13, |
| 94 // key | 95 // key |
| 95 { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, | 96 { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, |
| 96 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40 | 97 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40 |
| 97 }, 16, | 98 }, 16, |
| 98 // encrypted_data | 99 // encrypted_data |
| 99 { 0xd9, 0x43, 0x30, 0xfd, 0x82, 0x77, 0x62, 0x04, | 100 { 0x46, 0x93, 0x8c, 0x93, 0x48, 0xf9, 0xeb, 0x30, |
| 100 0x08, 0xc2, 0x48, 0x89, 0x00, 0x00, 0x00, 0x00, | 101 0x74, 0x55, 0x6b, 0xf2, 0x01, 0x00, 0x00, 0x00, |
| 101 0x00, 0x00, 0x00, 0x01, 0x48, 0x5e, 0x4a, 0x41, | 102 0x00, 0x00, 0x00, 0x00, 0x01, 0x48, 0x5e, 0x4a, |
| 102 0x2a, 0x8b, 0xf4, 0xc6, 0x47, 0x54, 0x90, 0x34, | 103 0x41, 0x2a, 0x8b, 0xf4, 0xc6, 0x47, 0x54, 0x90, |
| 103 0xf4, 0x8b | 104 0x34, 0xf4, 0x8b |
| 104 }, 34 | 105 }, 35 |
| 106 }, |
| 107 { |
| 108 // plaintext |
| 109 "Changed Original data.", 22, |
| 110 // key_id |
| 111 { 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, |
| 112 0x2c, 0x2d, 0x2e, 0x2f, 0x30 |
| 113 }, 13, |
| 114 // key |
| 115 { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, |
| 116 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40 |
| 117 }, 16, |
| 118 // encrypted_data |
| 119 { 0xee, 0xd6, 0xf5, 0x64, 0x5f, 0xe0, 0x6a, 0xa2, |
| 120 0x9e, 0xd6, 0xce, 0x34, 0x00, 0x43, 0x68, 0x61, |
| 121 0x6e, 0x67, 0x65, 0x64, 0x20, 0x4f, 0x72, 0x69, |
| 122 0x67, 0x69, 0x6e, 0x61, 0x6c, 0x20, 0x64, 0x61, |
| 123 0x74, 0x61, 0x2e |
| 124 }, 35 |
| 105 } | 125 } |
| 106 }; | 126 }; |
| 107 | 127 |
| 108 static const uint8 kWebmWrongKey[] = { | |
| 109 0x49, 0x27, 0x6d, 0x20, 0x61, 0x20, 0x77, 0x72, | |
| 110 0x6f, 0x6e, 0x67, 0x20, 0x6b, 0x65, 0x79, 0x2e | |
| 111 }; | |
| 112 static const uint8 kWebmWrongSizedKey[] = { 0x20, 0x20 }; | 128 static const uint8 kWebmWrongSizedKey[] = { 0x20, 0x20 }; |
| 113 | 129 |
| 114 // This is the encrypted data from frame 0 of |kWebmEncryptedFrames| except | |
| 115 // byte 0 is changed from 0xfb to 0xfc. Bytes 0-11 of WebM encrypted data | |
| 116 // contains the HMAC. | |
| 117 static const uint8 kWebmFrame0HmacDataChanged[] = { | |
| 118 0xfc, 0xe7, 0x1d, 0xbb, 0x4c, 0x23, 0xce, 0xba, | |
| 119 0xcc, 0xf8, 0xda, 0xc0, 0xff, 0xff, 0xff, 0xff, | |
| 120 0xff, 0xff, 0xff, 0xff, 0x99, 0xaa, 0xff, 0xb7, | |
| 121 0x74, 0x02, 0x4e, 0x1c, 0x75, 0x3d, 0xee, 0xcb, | |
| 122 0x64, 0xf7 | |
| 123 }; | |
| 124 | |
| 125 // This is the encrypted data from frame 0 of |kWebmEncryptedFrames| except | |
| 126 // byte 12 is changed from 0xff to 0x0f. Bytes 12-19 of WebM encrypted data | |
| 127 // contains the IV. | |
| 128 static const uint8 kWebmFrame0IvDataChanged[] = { | |
| 129 0xfb, 0xe7, 0x1d, 0xbb, 0x4c, 0x23, 0xce, 0xba, | |
| 130 0xcc, 0xf8, 0xda, 0xc0, 0x0f, 0xff, 0xff, 0xff, | |
| 131 0xff, 0xff, 0xff, 0xff, 0x99, 0xaa, 0xff, 0xb7, | |
| 132 0x74, 0x02, 0x4e, 0x1c, 0x75, 0x3d, 0xee, 0xcb, | |
| 133 0x64, 0xf7 | |
| 134 }; | |
| 135 | |
| 136 // This is the encrypted data from frame 0 of |kWebmEncryptedFrames| except | |
| 137 // byte 33 is changed from 0xf7 to 0xf8. Bytes 20+ of WebM encrypted data | |
| 138 // contains the encrypted frame. | |
| 139 static const uint8 kWebmFrame0FrameDataChanged[] = { | |
| 140 0xfb, 0xe7, 0x1d, 0xbb, 0x4c, 0x23, 0xce, 0xba, | |
| 141 0xcc, 0xf8, 0xda, 0xc0, 0xff, 0xff, 0xff, 0xff, | |
| 142 0xff, 0xff, 0xff, 0xff, 0x99, 0xaa, 0xff, 0xb7, | |
| 143 0x74, 0x02, 0x4e, 0x1c, 0x75, 0x3d, 0xee, 0xcb, | |
| 144 0x64, 0xf8 | |
| 145 }; | |
| 146 | |
| 147 static const uint8 kSubsampleOriginalData[] = "Original subsample data."; | 130 static const uint8 kSubsampleOriginalData[] = "Original subsample data."; |
| 148 static const int kSubsampleOriginalDataSize = 24; | 131 static const int kSubsampleOriginalDataSize = 24; |
| 149 | 132 |
| 150 static const uint8 kSubsampleKeyId[] = { 0x00, 0x01, 0x02, 0x03 }; | 133 static const uint8 kSubsampleKeyId[] = { 0x00, 0x01, 0x02, 0x03 }; |
| 151 | 134 |
| 152 static const uint8 kSubsampleKey[] = { | 135 static const uint8 kSubsampleKey[] = { |
| 153 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, | 136 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, |
| 154 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 | 137 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 |
| 155 }; | 138 }; |
| 156 | 139 |
| (...skipping 28 matching lines...) Expand all Loading... |
| 185 { 1, 0 } | 168 { 1, 0 } |
| 186 }; | 169 }; |
| 187 | 170 |
| 188 // Returns a 16 byte CTR counter block. The CTR counter block format is a | 171 // Returns a 16 byte CTR counter block. The CTR counter block format is a |
| 189 // CTR IV appended with a CTR block counter. |iv| is a CTR IV. |iv_size| is | 172 // CTR IV appended with a CTR block counter. |iv| is a CTR IV. |iv_size| is |
| 190 // the size of |iv| in bytes. | 173 // the size of |iv| in bytes. |
| 191 static std::string GenerateCounterBlock(const uint8* iv, int iv_size) { | 174 static std::string GenerateCounterBlock(const uint8* iv, int iv_size) { |
| 192 const int kDecryptionKeySize = 16; | 175 const int kDecryptionKeySize = 16; |
| 193 CHECK_GT(iv_size, 0); | 176 CHECK_GT(iv_size, 0); |
| 194 CHECK_LE(iv_size, kDecryptionKeySize); | 177 CHECK_LE(iv_size, kDecryptionKeySize); |
| 195 char counter_block_data[kDecryptionKeySize]; | |
| 196 | 178 |
| 197 // Set the IV. | 179 std::string counter_block(reinterpret_cast<const char*>(iv), iv_size); |
| 198 memcpy(counter_block_data, iv, iv_size); | 180 counter_block.append(kDecryptionKeySize - iv_size, 0); |
| 199 | 181 return counter_block; |
| 200 // Set block counter to all 0's. | |
| 201 memset(counter_block_data + iv_size, 0, kDecryptionKeySize - iv_size); | |
| 202 | |
| 203 return std::string(counter_block_data, kDecryptionKeySize); | |
| 204 } | 182 } |
| 205 | 183 |
| 206 // Creates a WebM encrypted buffer that the demuxer would pass to the | 184 // Creates a WebM encrypted buffer that the demuxer would pass to the |
| 207 // decryptor. |data| is the payload of a WebM encrypted Block. |key_id| is | 185 // decryptor. |data| is the payload of a WebM encrypted Block. |key_id| is |
| 208 // initialization data from the WebM file. Every encrypted Block has | 186 // initialization data from the WebM file. Every encrypted Block has |
| 209 // an HMAC and IV prepended to an encrypted frame. Current encrypted WebM | 187 // an HMAC and a signal byte prepended to a frame. If the frame is encrypted |
| 210 // request for comments specification is here | 188 // then an IV is prepended to the Block. Current encrypted WebM request for |
| 189 // comments specification is here |
| 211 // http://wiki.webmproject.org/encryption/webm-encryption-rfc | 190 // http://wiki.webmproject.org/encryption/webm-encryption-rfc |
| 212 static scoped_refptr<DecoderBuffer> CreateWebMEncryptedBuffer( | 191 static scoped_refptr<DecoderBuffer> CreateWebMEncryptedBuffer( |
| 213 const uint8* data, int data_size, | 192 const uint8* data, int data_size, |
| 214 const uint8* key_id, int key_id_size) { | 193 const uint8* key_id, int key_id_size) { |
| 215 scoped_refptr<DecoderBuffer> encrypted_buffer = DecoderBuffer::CopyFrom( | 194 scoped_refptr<DecoderBuffer> encrypted_buffer = DecoderBuffer::CopyFrom( |
| 216 data + kWebMHmacSize, data_size - kWebMHmacSize); | 195 data + kWebMHmacSize, data_size - kWebMHmacSize); |
| 217 CHECK(encrypted_buffer); | 196 CHECK(encrypted_buffer); |
| 218 | 197 |
| 219 uint64 network_iv; | 198 uint8 signal_byte = data[kWebMHmacSize]; |
| 220 memcpy(&network_iv, data + kWebMHmacSize, sizeof(network_iv)); | 199 int data_offset = sizeof(signal_byte); |
| 221 const uint64 iv = base::NetToHost64(network_iv); | 200 |
| 222 std::string webm_iv = | 201 // Setting the DecryptConfig object of the buffer while leaving the |
| 223 GenerateCounterBlock(reinterpret_cast<const uint8*>(&iv), sizeof(iv)); | 202 // initialization vector empty will tell the decryptor that the frame is |
| 203 // unencrypted but integrity should still be checked. |
| 204 std::string counter_block_str; |
| 205 |
| 206 if (signal_byte & kWebMFlagEncryptedFrame) { |
| 207 uint64 network_iv; |
| 208 memcpy(&network_iv, data + kWebMHmacSize + data_offset, sizeof(network_iv)); |
| 209 const uint64 iv = base::NetToHost64(network_iv); |
| 210 counter_block_str = |
| 211 GenerateCounterBlock(reinterpret_cast<const uint8*>(&iv), sizeof(iv)); |
| 212 data_offset += sizeof(iv); |
| 213 } |
| 214 |
| 224 encrypted_buffer->SetDecryptConfig( | 215 encrypted_buffer->SetDecryptConfig( |
| 225 scoped_ptr<DecryptConfig>(new DecryptConfig( | 216 scoped_ptr<DecryptConfig>(new DecryptConfig( |
| 226 std::string(reinterpret_cast<const char*>(key_id), key_id_size), | 217 std::string(reinterpret_cast<const char*>(key_id), key_id_size), |
| 227 webm_iv, | 218 counter_block_str, |
| 228 std::string(reinterpret_cast<const char*>(data), kWebMHmacSize), | 219 std::string(reinterpret_cast<const char*>(data), kWebMHmacSize), |
| 229 sizeof(iv), | 220 data_offset, |
| 230 std::vector<SubsampleEntry>()))); | 221 std::vector<SubsampleEntry>()))); |
| 231 return encrypted_buffer; | 222 return encrypted_buffer; |
| 232 } | 223 } |
| 233 | 224 |
| 234 static scoped_refptr<DecoderBuffer> CreateSubsampleEncryptedBuffer( | 225 static scoped_refptr<DecoderBuffer> CreateSubsampleEncryptedBuffer( |
| 235 const uint8* data, int data_size, | 226 const uint8* data, int data_size, |
| 236 const uint8* key_id, int key_id_size, | 227 const uint8* key_id, int key_id_size, |
| 237 const uint8* iv, int iv_size, | 228 const uint8* iv, int iv_size, |
| 238 int data_offset, | 229 int data_offset, |
| 239 const std::vector<SubsampleEntry>& subsample_entries) { | 230 const std::vector<SubsampleEntry>& subsample_entries) { |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 317 frame.key, frame.key_size); | 308 frame.key, frame.key_size); |
| 318 scoped_refptr<DecoderBuffer> encrypted_data = | 309 scoped_refptr<DecoderBuffer> encrypted_data = |
| 319 CreateWebMEncryptedBuffer(frame.encrypted_data, | 310 CreateWebMEncryptedBuffer(frame.encrypted_data, |
| 320 frame.encrypted_data_size, | 311 frame.encrypted_data_size, |
| 321 frame.key_id, frame.key_id_size); | 312 frame.key_id, frame.key_id_size); |
| 322 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToSucceed(encrypted_data, | 313 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToSucceed(encrypted_data, |
| 323 frame.plain_text, | 314 frame.plain_text, |
| 324 frame.plain_text_size)); | 315 frame.plain_text_size)); |
| 325 } | 316 } |
| 326 | 317 |
| 318 TEST_F(AesDecryptorTest, UnencryptedFrameWebMDecryption) { |
| 319 const WebmEncryptedData& frame = kWebmEncryptedFrames[3]; |
| 320 GenerateKeyRequest(frame.key_id, frame.key_id_size); |
| 321 AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size, |
| 322 frame.key, frame.key_size); |
| 323 scoped_refptr<DecoderBuffer> encrypted_data = |
| 324 CreateWebMEncryptedBuffer(frame.encrypted_data, |
| 325 frame.encrypted_data_size, |
| 326 frame.key_id, frame.key_id_size); |
| 327 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToSucceed(encrypted_data, |
| 328 frame.plain_text, |
| 329 frame.plain_text_size)); |
| 330 } |
| 331 |
| 327 TEST_F(AesDecryptorTest, WrongKey) { | 332 TEST_F(AesDecryptorTest, WrongKey) { |
| 328 const WebmEncryptedData& frame = kWebmEncryptedFrames[0]; | 333 const WebmEncryptedData& frame = kWebmEncryptedFrames[0]; |
| 329 GenerateKeyRequest(frame.key_id, frame.key_id_size); | 334 GenerateKeyRequest(frame.key_id, frame.key_id_size); |
| 335 |
| 336 // Change the first byte of the key. |
| 337 std::vector<uint8> wrong_key(frame.key, frame.key + frame.key_size); |
| 338 wrong_key[0]++; |
| 339 |
| 330 AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size, | 340 AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size, |
| 331 kWebmWrongKey, arraysize(kWebmWrongKey)); | 341 &wrong_key[0], frame.key_size); |
| 332 scoped_refptr<DecoderBuffer> encrypted_data = | 342 scoped_refptr<DecoderBuffer> encrypted_data = |
| 333 CreateWebMEncryptedBuffer(frame.encrypted_data, | 343 CreateWebMEncryptedBuffer(frame.encrypted_data, |
| 334 frame.encrypted_data_size, | 344 frame.encrypted_data_size, |
| 335 frame.key_id, frame.key_id_size); | 345 frame.key_id, frame.key_id_size); |
| 336 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data)); | 346 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data)); |
| 337 } | 347 } |
| 338 | 348 |
| 339 TEST_F(AesDecryptorTest, KeyReplacement) { | 349 TEST_F(AesDecryptorTest, KeyReplacement) { |
| 340 const WebmEncryptedData& frame = kWebmEncryptedFrames[0]; | 350 const WebmEncryptedData& frame = kWebmEncryptedFrames[0]; |
| 341 GenerateKeyRequest(frame.key_id, frame.key_id_size); | 351 GenerateKeyRequest(frame.key_id, frame.key_id_size); |
| 352 |
| 353 // Change the first byte of the key. |
| 354 std::vector<uint8> wrong_key(frame.key, frame.key + frame.key_size); |
| 355 wrong_key[0]++; |
| 356 |
| 342 AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size, | 357 AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size, |
| 343 kWebmWrongKey, arraysize(kWebmWrongKey)); | 358 &wrong_key[0], frame.key_size); |
| 344 scoped_refptr<DecoderBuffer> encrypted_data = | 359 scoped_refptr<DecoderBuffer> encrypted_data = |
| 345 CreateWebMEncryptedBuffer(frame.encrypted_data, | 360 CreateWebMEncryptedBuffer(frame.encrypted_data, |
| 346 frame.encrypted_data_size, | 361 frame.encrypted_data_size, |
| 347 frame.key_id, frame.key_id_size); | 362 frame.key_id, frame.key_id_size); |
| 348 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data)); | 363 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data)); |
| 349 AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size, | 364 AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size, |
| 350 frame.key, frame.key_size); | 365 frame.key, frame.key_size); |
| 351 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToSucceed(encrypted_data, | 366 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToSucceed(encrypted_data, |
| 352 frame.plain_text, | 367 frame.plain_text, |
| 353 frame.plain_text_size)); | 368 frame.plain_text_size)); |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 394 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToSucceed(encrypted_data2, | 409 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToSucceed(encrypted_data2, |
| 395 frame2.plain_text, | 410 frame2.plain_text, |
| 396 frame2.plain_text_size)); | 411 frame2.plain_text_size)); |
| 397 } | 412 } |
| 398 | 413 |
| 399 TEST_F(AesDecryptorTest, HmacCheckFailure) { | 414 TEST_F(AesDecryptorTest, HmacCheckFailure) { |
| 400 const WebmEncryptedData& frame = kWebmEncryptedFrames[0]; | 415 const WebmEncryptedData& frame = kWebmEncryptedFrames[0]; |
| 401 GenerateKeyRequest(frame.key_id, frame.key_id_size); | 416 GenerateKeyRequest(frame.key_id, frame.key_id_size); |
| 402 AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size, | 417 AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size, |
| 403 frame.key, frame.key_size); | 418 frame.key, frame.key_size); |
| 419 |
| 420 // Change byte 0 to modify the HMAC. Bytes 0-11 of WebM encrypted data |
| 421 // contains the HMAC. |
| 422 std::vector<uint8> frame_with_bad_hmac( |
| 423 frame.encrypted_data, frame.encrypted_data + frame.encrypted_data_size); |
| 424 frame_with_bad_hmac[0]++; |
| 425 |
| 404 scoped_refptr<DecoderBuffer> encrypted_data = | 426 scoped_refptr<DecoderBuffer> encrypted_data = |
| 405 CreateWebMEncryptedBuffer(kWebmFrame0HmacDataChanged, | 427 CreateWebMEncryptedBuffer(&frame_with_bad_hmac[0], |
| 406 frame.encrypted_data_size, | 428 frame.encrypted_data_size, |
| 407 frame.key_id, frame.key_id_size); | 429 frame.key_id, frame.key_id_size); |
| 408 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data)); | 430 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data)); |
| 409 } | 431 } |
| 410 | 432 |
| 411 TEST_F(AesDecryptorTest, IvCheckFailure) { | 433 TEST_F(AesDecryptorTest, IvCheckFailure) { |
| 412 const WebmEncryptedData& frame = kWebmEncryptedFrames[0]; | 434 const WebmEncryptedData& frame = kWebmEncryptedFrames[0]; |
| 413 GenerateKeyRequest(frame.key_id, frame.key_id_size); | 435 GenerateKeyRequest(frame.key_id, frame.key_id_size); |
| 414 AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size, | 436 AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size, |
| 415 frame.key, frame.key_size); | 437 frame.key, frame.key_size); |
| 438 |
| 439 // Change byte 13 to modify the IV. Bytes 13-20 of WebM encrypted data |
| 440 // contains the IV. |
| 441 std::vector<uint8> frame_with_bad_iv( |
| 442 frame.encrypted_data, frame.encrypted_data + frame.encrypted_data_size); |
| 443 frame_with_bad_iv[kWebMHmacSize + 1]++; |
| 444 |
| 416 scoped_refptr<DecoderBuffer> encrypted_data = | 445 scoped_refptr<DecoderBuffer> encrypted_data = |
| 417 CreateWebMEncryptedBuffer(kWebmFrame0IvDataChanged, | 446 CreateWebMEncryptedBuffer(&frame_with_bad_iv[0], |
| 418 frame.encrypted_data_size, | 447 frame.encrypted_data_size, |
| 419 frame.key_id, frame.key_id_size); | 448 frame.key_id, frame.key_id_size); |
| 420 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data)); | 449 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data)); |
| 421 } | 450 } |
| 422 | 451 |
| 423 TEST_F(AesDecryptorTest, DataCheckFailure) { | 452 TEST_F(AesDecryptorTest, DataCheckFailure) { |
| 424 const WebmEncryptedData& frame = kWebmEncryptedFrames[0]; | 453 const WebmEncryptedData& frame = kWebmEncryptedFrames[0]; |
| 425 GenerateKeyRequest(frame.key_id, frame.key_id_size); | 454 GenerateKeyRequest(frame.key_id, frame.key_id_size); |
| 426 AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size, | 455 AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size, |
| 427 frame.key, frame.key_size); | 456 frame.key, frame.key_size); |
| 457 |
| 458 // Change last byte to modify the data. Bytes 21+ of WebM encrypted data |
| 459 // contains the encrypted frame. |
| 460 std::vector<uint8> frame_with_bad_vp8_data( |
| 461 frame.encrypted_data, frame.encrypted_data + frame.encrypted_data_size); |
| 462 frame_with_bad_vp8_data[frame.encrypted_data_size - 1]++; |
| 463 |
| 428 scoped_refptr<DecoderBuffer> encrypted_data = | 464 scoped_refptr<DecoderBuffer> encrypted_data = |
| 429 CreateWebMEncryptedBuffer(kWebmFrame0FrameDataChanged, | 465 CreateWebMEncryptedBuffer(&frame_with_bad_vp8_data[0], |
| 430 frame.encrypted_data_size, | 466 frame.encrypted_data_size, |
| 431 frame.key_id, frame.key_id_size); | 467 frame.key_id, frame.key_id_size); |
| 432 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data)); | 468 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data)); |
| 469 } |
| 470 |
| 471 TEST_F(AesDecryptorTest, EncryptedAsUnencryptedFailure) { |
| 472 const WebmEncryptedData& frame = kWebmEncryptedFrames[0]; |
| 473 GenerateKeyRequest(frame.key_id, frame.key_id_size); |
| 474 AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size, |
| 475 frame.key, frame.key_size); |
| 476 |
| 477 // Change signal byte from an encrypted frame to an unencrypted frame. Byte |
| 478 // 12 of WebM encrypted data contains the signal byte. |
| 479 std::vector<uint8> frame_with_wrong_signal_byte( |
| 480 frame.encrypted_data, frame.encrypted_data + frame.encrypted_data_size); |
| 481 frame_with_wrong_signal_byte[kWebMHmacSize] = 0; |
| 482 |
| 483 scoped_refptr<DecoderBuffer> encrypted_data = |
| 484 CreateWebMEncryptedBuffer(&frame_with_wrong_signal_byte[0], |
| 485 frame.encrypted_data_size, |
| 486 frame.key_id, frame.key_id_size); |
| 487 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data)); |
| 488 } |
| 489 |
| 490 TEST_F(AesDecryptorTest, UnencryptedAsEncryptedFailure) { |
| 491 const WebmEncryptedData& frame = kWebmEncryptedFrames[3]; |
| 492 GenerateKeyRequest(frame.key_id, frame.key_id_size); |
| 493 AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size, |
| 494 frame.key, frame.key_size); |
| 495 |
| 496 // Change signal byte from an unencrypted frame to an encrypted frame. Byte |
| 497 // 12 of WebM encrypted data contains the signal byte. |
| 498 std::vector<uint8> frame_with_wrong_signal_byte( |
| 499 frame.encrypted_data, frame.encrypted_data + frame.encrypted_data_size); |
| 500 frame_with_wrong_signal_byte[kWebMHmacSize] = kWebMFlagEncryptedFrame; |
| 501 |
| 502 scoped_refptr<DecoderBuffer> encrypted_data = |
| 503 CreateWebMEncryptedBuffer(&frame_with_wrong_signal_byte[0], |
| 504 frame.encrypted_data_size, |
| 505 frame.key_id, frame.key_id_size); |
| 506 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data)); |
| 433 } | 507 } |
| 434 | 508 |
| 435 TEST_F(AesDecryptorTest, SubsampleDecryption) { | 509 TEST_F(AesDecryptorTest, SubsampleDecryption) { |
| 436 GenerateKeyRequest(kSubsampleKeyId, arraysize(kSubsampleKeyId)); | 510 GenerateKeyRequest(kSubsampleKeyId, arraysize(kSubsampleKeyId)); |
| 437 AddKeyAndExpectToSucceed(kSubsampleKeyId, arraysize(kSubsampleKeyId), | 511 AddKeyAndExpectToSucceed(kSubsampleKeyId, arraysize(kSubsampleKeyId), |
| 438 kSubsampleKey, arraysize(kSubsampleKey)); | 512 kSubsampleKey, arraysize(kSubsampleKey)); |
| 439 scoped_refptr<DecoderBuffer> encrypted_data = CreateSubsampleEncryptedBuffer( | 513 scoped_refptr<DecoderBuffer> encrypted_data = CreateSubsampleEncryptedBuffer( |
| 440 kSubsampleData, arraysize(kSubsampleData), | 514 kSubsampleData, arraysize(kSubsampleData), |
| 441 kSubsampleKeyId, arraysize(kSubsampleKeyId), | 515 kSubsampleKeyId, arraysize(kSubsampleKeyId), |
| 442 kSubsampleIv, arraysize(kSubsampleIv), | 516 kSubsampleIv, arraysize(kSubsampleIv), |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 488 scoped_refptr<DecoderBuffer> encrypted_data = CreateSubsampleEncryptedBuffer( | 562 scoped_refptr<DecoderBuffer> encrypted_data = CreateSubsampleEncryptedBuffer( |
| 489 kSubsampleData, arraysize(kSubsampleData), | 563 kSubsampleData, arraysize(kSubsampleData), |
| 490 kSubsampleKeyId, arraysize(kSubsampleKeyId), | 564 kSubsampleKeyId, arraysize(kSubsampleKeyId), |
| 491 kSubsampleIv, arraysize(kSubsampleIv), | 565 kSubsampleIv, arraysize(kSubsampleIv), |
| 492 0, | 566 0, |
| 493 entries); | 567 entries); |
| 494 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data)); | 568 ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data)); |
| 495 } | 569 } |
| 496 | 570 |
| 497 } // namespace media | 571 } // namespace media |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10824136:
Add support for v0.3 of the encrypted WebM specification. (Revert Fix) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src