blob: 9abcd5f162ab744654840f4d6fcff9e2521ce022 [file] [log] [blame]
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "media/cdm/aes_decryptor.h"
#include <stdint.h>
#include <memory>
#include <set>
#include <string>
#include <vector>
#include "base/bind.h"
#include "base/cxx17_backports.h"
#include "base/debug/leak_annotations.h"
#include "base/json/json_reader.h"
#include "base/run_loop.h"
#include "base/test/scoped_feature_list.h"
#include "base/test/task_environment.h"
#include "base/values.h"
#include "media/base/cdm_callback_promise.h"
#include "media/base/cdm_config.h"
#include "media/base/cdm_key_information.h"
#include "media/base/decoder_buffer.h"
#include "media/base/decrypt_config.h"
#include "media/base/decryptor.h"
#include "media/base/media_switches.h"
#include "media/base/mock_filters.h"
#include "media/cdm/cdm_module.h"
#include "media/media_buildflags.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest-param-test.h"
#include "testing/gtest/include/gtest/gtest.h"
#if BUILDFLAG(ENABLE_LIBRARY_CDMS)
// GN check does not understand conditionals. Android & Fuchsia need nogncheck.
#include "media/cdm/api/content_decryption_module.h" // nogncheck
#include "media/cdm/cdm_adapter.h"
#include "media/cdm/cdm_auxiliary_helper.h"
#include "media/cdm/external_clear_key_test_helper.h"
#include "media/cdm/mock_helpers.h"
#include "media/cdm/simple_cdm_allocator.h"
#endif
using ::testing::_;
using ::testing::AtMost;
using ::testing::Gt;
using ::testing::IsNull;
using ::testing::NotNull;
using ::testing::SaveArg;
using ::testing::StrictMock;
using ::testing::StrNe;
using ::testing::Unused;
MATCHER(IsEmpty, "") {
return arg.empty();
}
MATCHER(NotEmpty, "") {
return !arg.empty();
}
MATCHER(IsJSONDictionary, "") {
std::string result(arg.begin(), arg.end());
absl::optional<base::Value> root = base::JSONReader::Read(result);
return (root && root->type() == base::Value::Type::DICTIONARY);
}
MATCHER(IsNullTime, "") {
return arg.is_null();
}
namespace media {
namespace {
const uint8_t kOriginalData[] = "Original subsample data.";
const int kOriginalDataSize = 24;
// In the examples below, 'k'(key) has to be 16 bytes, and will always require
// 2 bytes of padding. 'kid'(keyid) is variable length, and may require 0, 1,
// or 2 bytes of padding.
const uint8_t kKeyId[] = {
// base64 equivalent is AAECAw
0x00, 0x01, 0x02, 0x03};
// Key is 0x0405060708090a0b0c0d0e0f10111213,
// base64 equivalent is BAUGBwgJCgsMDQ4PEBESEw.
const char kKeyAsJWK[] =
"{"
" \"keys\": ["
" {"
" \"kty\": \"oct\","
" \"alg\": \"A128KW\","
" \"kid\": \"AAECAw\","
" \"k\": \"BAUGBwgJCgsMDQ4PEBESEw\""
" }"
" ],"
" \"type\": \"temporary\""
"}";
// Same kid as kKeyAsJWK, key to decrypt kEncryptedData2
const char kKeyAlternateAsJWK[] =
"{"
" \"keys\": ["
" {"
" \"kty\": \"oct\","
" \"alg\": \"A128KW\","
" \"kid\": \"AAECAw\","
" \"k\": \"FBUWFxgZGhscHR4fICEiIw\""
" }"
" ]"
"}";
const char kWrongKeyAsJWK[] =
"{"
" \"keys\": ["
" {"
" \"kty\": \"oct\","
" \"alg\": \"A128KW\","
" \"kid\": \"AAECAw\","
" \"k\": \"7u7u7u7u7u7u7u7u7u7u7g\""
" }"
" ]"
"}";
const char kWrongSizedKeyAsJWK[] =
"{"
" \"keys\": ["
" {"
" \"kty\": \"oct\","
" \"alg\": \"A128KW\","
" \"kid\": \"AAECAw\","
" \"k\": \"AAECAw\""
" }"
" ]"
"}";
const uint8_t kIv[] = {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
// kOriginalData encrypted with kKey and kIv but without any subsamples (or
// equivalently using kSubsampleEntriesCypherOnly).
const uint8_t kEncryptedData[] = {
0x2f, 0x03, 0x09, 0xef, 0x71, 0xaf, 0x31, 0x16, 0xfa, 0x9d, 0x18, 0x43,
0x1e, 0x96, 0x71, 0xb5, 0xbf, 0xf5, 0x30, 0x53, 0x9a, 0x20, 0xdf, 0x95};
// kOriginalData encrypted with kSubsampleKey and kSubsampleIv using
// kSubsampleEntriesNormal.
const uint8_t kSubsampleEncryptedData[] = {
0x4f, 0x72, 0x09, 0x16, 0x09, 0xe6, 0x79, 0xad, 0x70, 0x73, 0x75, 0x62,
0x09, 0xbb, 0x83, 0x1d, 0x4d, 0x08, 0xd7, 0x78, 0xa4, 0xa7, 0xf1, 0x2e};
const uint8_t kOriginalData2[] = "Changed Original data.";
const uint8_t kIv2[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
const uint8_t kKeyId2[] = {
// base64 equivalent is AAECAwQFBgcICQoLDA0ODxAREhM=
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13};
const char kKey2AsJWK[] =
"{"
" \"keys\": ["
" {"
" \"kty\": \"oct\","
" \"alg\": \"A128KW\","
" \"kid\": \"AAECAwQFBgcICQoLDA0ODxAREhM\","
" \"k\": \"FBUWFxgZGhscHR4fICEiIw\""
" }"
" ]"
"}";
// 'k' in bytes is x14x15x16x17x18x19x1ax1bx1cx1dx1ex1fx20x21x22x23
const uint8_t kEncryptedData2[] = {
0x57, 0x66, 0xf4, 0x12, 0x1a, 0xed, 0xb5, 0x79, 0x1c, 0x8e, 0x25,
0xd7, 0x17, 0xe7, 0x5e, 0x16, 0xe3, 0x40, 0x08, 0x27, 0x11, 0xe9};
// Subsample entries for testing. The sum of |cypher_bytes| and |clear_bytes| of
// all entries must be equal to kOriginalDataSize to make the subsample entries
// valid.
const SubsampleEntry kSubsampleEntriesNormal[] = {{2, 7}, {3, 11}, {1, 0}};
const SubsampleEntry kSubsampleEntriesWrongSize[] = {
{3, 6}, // This entry doesn't match the correct entry.
{3, 11},
{1, 0}};
const SubsampleEntry kSubsampleEntriesInvalidTotalSize[] = {
{1, 1000}, // This entry is too large.
{3, 11},
{1, 0}};
const SubsampleEntry kSubsampleEntriesClearOnly[] = {{7, 0}, {8, 0}, {9, 0}};
const SubsampleEntry kSubsampleEntriesCypherOnly[] = {{0, 6}, {0, 8}, {0, 10}};
scoped_refptr<DecoderBuffer> CreateEncryptedBuffer(
const std::vector<uint8_t>& data,
const std::vector<uint8_t>& key_id,
const std::vector<uint8_t>& iv,
const std::vector<SubsampleEntry>& subsample_entries) {
DCHECK(!data.empty());
DCHECK(!iv.empty());
scoped_refptr<DecoderBuffer> encrypted_buffer(new DecoderBuffer(data.size()));
memcpy(encrypted_buffer->writable_data(), data.data(), data.size());
std::string key_id_string(key_id.begin(), key_id.end());
std::string iv_string(iv.begin(), iv.end());
encrypted_buffer->set_decrypt_config(DecryptConfig::CreateCencConfig(
key_id_string, iv_string, subsample_entries));
return encrypted_buffer;
}
scoped_refptr<DecoderBuffer> CreateClearBuffer(
const std::vector<uint8_t>& data) {
DCHECK(!data.empty());
scoped_refptr<DecoderBuffer> encrypted_buffer(new DecoderBuffer(data.size()));
memcpy(encrypted_buffer->writable_data(), data.data(), data.size());
return encrypted_buffer;
}
enum ExpectedResult { RESOLVED, REJECTED };
enum class TestType {
kAesDecryptor, // Use AesDecryptor directly.
kCdmAdapter, // Load ExternalClearKey using CdmAdapter.
};
} // namespace
// These tests only test decryption logic (no decoding).
class AesDecryptorTest : public testing::TestWithParam<TestType> {
public:
AesDecryptorTest()
: original_data_(kOriginalData, kOriginalData + kOriginalDataSize),
encrypted_data_(kEncryptedData,
kEncryptedData + base::size(kEncryptedData)),
subsample_encrypted_data_(
kSubsampleEncryptedData,
kSubsampleEncryptedData + base::size(kSubsampleEncryptedData)),
key_id_(kKeyId, kKeyId + base::size(kKeyId)),
iv_(kIv, kIv + base::size(kIv)),
normal_subsample_entries_(
kSubsampleEntriesNormal,
kSubsampleEntriesNormal + base::size(kSubsampleEntriesNormal)) {}
MOCK_METHOD2(BufferDecrypted,
void(Decryptor::Status, scoped_refptr<DecoderBuffer>));
protected:
void SetUp() override {
if (GetParam() == TestType::kAesDecryptor) {
OnCdmCreated(
new AesDecryptor(
base::BindRepeating(&MockCdmClient::OnSessionMessage,
base::Unretained(&cdm_client_)),
base::BindRepeating(&MockCdmClient::OnSessionClosed,
base::Unretained(&cdm_client_)),
base::BindRepeating(&MockCdmClient::OnSessionKeysChange,
base::Unretained(&cdm_client_)),
base::BindRepeating(&MockCdmClient::OnSessionExpirationUpdate,
base::Unretained(&cdm_client_))),
std::string());
} else if (GetParam() == TestType::kCdmAdapter) {
#if BUILDFLAG(ENABLE_LIBRARY_CDMS)
CdmConfig cdm_config; // default settings of false are sufficient.
// Enable use of External Clear Key CDM.
scoped_feature_list_.InitWithFeatures(
{media::kExternalClearKeyForTesting}, {});
helper_ = std::make_unique<ExternalClearKeyTestHelper>();
#if BUILDFLAG(ENABLE_CDM_HOST_VERIFICATION)
CdmModule::GetInstance()->Initialize(helper_->LibraryPath(), {});
#else
CdmModule::GetInstance()->Initialize(helper_->LibraryPath());
#endif // BUILDFLAG(ENABLE_CDM_HOST_VERIFICATION)
CdmAdapter::CreateCdmFunc create_cdm_func =
CdmModule::GetInstance()->GetCreateCdmFunc();
std::unique_ptr<CdmAllocator> allocator(new SimpleCdmAllocator());
std::unique_ptr<CdmAuxiliaryHelper> cdm_helper(
new MockCdmAuxiliaryHelper(std::move(allocator)));
CdmAdapter::Create(
helper_->KeySystemName(), cdm_config, create_cdm_func,
std::move(cdm_helper),
base::BindRepeating(&MockCdmClient::OnSessionMessage,
base::Unretained(&cdm_client_)),
base::BindRepeating(&MockCdmClient::OnSessionClosed,
base::Unretained(&cdm_client_)),
base::BindRepeating(&MockCdmClient::OnSessionKeysChange,
base::Unretained(&cdm_client_)),
base::BindRepeating(&MockCdmClient::OnSessionExpirationUpdate,
base::Unretained(&cdm_client_)),
base::BindOnce(&AesDecryptorTest::OnCdmCreated,
base::Unretained(this)));
base::RunLoop().RunUntilIdle();
#else
NOTREACHED()
<< "CdmAdapter tests only supported when library CDMs are supported.";
#endif
} else {
NOTREACHED() << "Unsupported test parameter.";
}
}
void TearDown() override {
#if BUILDFLAG(ENABLE_LIBRARY_CDMS)
if (GetParam() == TestType::kCdmAdapter) {
// CDM must be destroyed before the module is reset.
cdm_ = nullptr;
CdmModule::ResetInstanceForTesting();
}
#endif
}
void OnCdmCreated(const scoped_refptr<ContentDecryptionModule>& cdm,
const std::string& error_message) {
EXPECT_EQ(error_message, "");
cdm_ = cdm;
decryptor_ = cdm_->GetCdmContext()->GetDecryptor();
}
void OnResolveWithSession(ExpectedResult expected_result,
const std::string& session_id) {
EXPECT_EQ(expected_result, RESOLVED) << "Unexpectedly resolved.";
EXPECT_GT(session_id.length(), 0ul);
session_id_ = session_id;
}
void OnResolve(ExpectedResult expected_result) {
EXPECT_EQ(expected_result, RESOLVED) << "Unexpectedly resolved.";
}
void OnReject(ExpectedResult expected_result,
CdmPromise::Exception exception_code,
uint32_t system_code,
const std::string& error_message) {
EXPECT_EQ(expected_result, REJECTED)
<< "Unexpectedly rejected with message: " << error_message;
}
std::unique_ptr<SimpleCdmPromise> CreatePromise(
ExpectedResult expected_result) {
std::unique_ptr<SimpleCdmPromise> promise(new CdmCallbackPromise<>(
base::BindOnce(&AesDecryptorTest::OnResolve, base::Unretained(this),
expected_result),
base::BindOnce(&AesDecryptorTest::OnReject, base::Unretained(this),
expected_result)));
return promise;
}
std::unique_ptr<NewSessionCdmPromise> CreateSessionPromise(
ExpectedResult expected_result) {
std::unique_ptr<NewSessionCdmPromise> promise(
new CdmCallbackPromise<std::string>(
base::BindOnce(&AesDecryptorTest::OnResolveWithSession,
base::Unretained(this), expected_result),
base::BindOnce(&AesDecryptorTest::OnReject, base::Unretained(this),
expected_result)));
return promise;
}
// Creates a new session using |key_id|. Returns the session ID.
std::string CreateSession(const std::vector<uint8_t>& key_id) {
DCHECK(!key_id.empty());
EXPECT_CALL(cdm_client_,
OnSessionMessage(NotEmpty(), _, IsJSONDictionary()));
cdm_->CreateSessionAndGenerateRequest(CdmSessionType::kTemporary,
EmeInitDataType::WEBM, key_id,
CreateSessionPromise(RESOLVED));
// This expects the promise to be called synchronously, which is the case
// for AesDecryptor.
return session_id_;
}
// Closes the session specified by |session_id|.
void CloseSession(const std::string& session_id) {
EXPECT_CALL(cdm_client_,
OnSessionClosed(session_id, CdmSessionClosedReason::kClose));
cdm_->CloseSession(session_id, CreatePromise(RESOLVED));
}
// Removes the session specified by |session_id|.
void RemoveSession(const std::string& session_id) {
EXPECT_CALL(cdm_client_, OnSessionKeysChangeCalled(session_id, false));
cdm_->RemoveSession(session_id, CreatePromise(RESOLVED));
}
// Updates the session specified by |session_id| with |key|. |result|
// tests that the update succeeds or generates an error.
void UpdateSessionAndExpect(std::string session_id,
const std::string& key,
ExpectedResult expected_result,
bool new_key_expected) {
DCHECK(!key.empty());
if (expected_result == RESOLVED) {
EXPECT_CALL(cdm_client_,
OnSessionKeysChangeCalled(session_id, new_key_expected));
} else {
EXPECT_CALL(cdm_client_, OnSessionKeysChangeCalled(_, _)).Times(0);
}
// AesDecryptor never calls OnSessionExpirationUpdate() since Clear Key key
// system doesn't need it. But ClearKeyCdm does call it for testing purpose.
EXPECT_CALL(cdm_client_,
OnSessionExpirationUpdate(session_id, IsNullTime()))
.Times(AtMost(1));
cdm_->UpdateSession(session_id,
std::vector<uint8_t>(key.begin(), key.end()),
CreatePromise(expected_result));
}
bool KeysInfoContains(const std::vector<uint8_t>& expected_key_id,
CdmKeyInformation::KeyStatus expected_status =
CdmKeyInformation::USABLE) {
for (auto& key_id : cdm_client_.keys_info()) {
if (key_id->key_id == expected_key_id &&
key_id->status == expected_status) {
return true;
}
}
return false;
}
enum DecryptExpectation {
SUCCESS,
DATA_MISMATCH,
DATA_AND_SIZE_MISMATCH,
DECRYPT_ERROR,
NO_KEY
};
void DecryptAndExpect(scoped_refptr<DecoderBuffer> encrypted,
const std::vector<uint8_t>& plain_text,
DecryptExpectation result) {
scoped_refptr<DecoderBuffer> decrypted;
switch (result) {
case SUCCESS:
case DATA_MISMATCH:
case DATA_AND_SIZE_MISMATCH:
EXPECT_CALL(*this, BufferDecrypted(Decryptor::kSuccess, NotNull()))
.WillOnce(SaveArg<1>(&decrypted));
break;
case DECRYPT_ERROR:
EXPECT_CALL(*this, BufferDecrypted(Decryptor::kError, IsNull()))
.WillOnce(SaveArg<1>(&decrypted));
break;
case NO_KEY:
EXPECT_CALL(*this, BufferDecrypted(Decryptor::kNoKey, IsNull()))
.WillOnce(SaveArg<1>(&decrypted));
break;
}
if (GetParam() == TestType::kCdmAdapter) {
ANNOTATE_SCOPED_MEMORY_LEAK; // http://crbug.com/569736
decryptor_->Decrypt(Decryptor::kVideo, encrypted,
base::BindOnce(&AesDecryptorTest::BufferDecrypted,
base::Unretained(this)));
} else {
decryptor_->Decrypt(Decryptor::kVideo, encrypted,
base::BindOnce(&AesDecryptorTest::BufferDecrypted,
base::Unretained(this)));
}
std::vector<uint8_t> decrypted_text;
if (decrypted.get() && decrypted->data_size()) {
decrypted_text.assign(decrypted->data(),
decrypted->data() + decrypted->data_size());
}
switch (result) {
case SUCCESS:
EXPECT_EQ(plain_text, decrypted_text);
break;
case DATA_MISMATCH:
EXPECT_EQ(plain_text.size(), decrypted_text.size());
EXPECT_NE(plain_text, decrypted_text);
break;
case DATA_AND_SIZE_MISMATCH:
EXPECT_NE(plain_text.size(), decrypted_text.size());
break;
case DECRYPT_ERROR:
case NO_KEY:
EXPECT_TRUE(decrypted_text.empty());
break;
}
}
// Must be the first member to be initialized first and destroyed last.
base::test::SingleThreadTaskEnvironment task_environment_;
StrictMock<MockCdmClient> cdm_client_;
scoped_refptr<ContentDecryptionModule> cdm_;
Decryptor* decryptor_;
std::string session_id_;
#if BUILDFLAG(ENABLE_LIBRARY_CDMS)
base::test::ScopedFeatureList scoped_feature_list_;
// Helper class to load/unload External Clear Key Library, if necessary.
std::unique_ptr<ExternalClearKeyTestHelper> helper_;
#endif
// Constants for testing.
const std::vector<uint8_t> original_data_;
const std::vector<uint8_t> encrypted_data_;
const std::vector<uint8_t> subsample_encrypted_data_;
const std::vector<uint8_t> key_id_;
const std::vector<uint8_t> iv_;
const std::vector<SubsampleEntry> normal_subsample_entries_;
const std::vector<SubsampleEntry> no_subsample_entries_;
};
TEST_P(AesDecryptorTest, CreateSessionWithEmptyInitData) {
cdm_->CreateSessionAndGenerateRequest(
CdmSessionType::kTemporary, EmeInitDataType::WEBM, std::vector<uint8_t>(),
CreateSessionPromise(REJECTED));
cdm_->CreateSessionAndGenerateRequest(
CdmSessionType::kTemporary, EmeInitDataType::CENC, std::vector<uint8_t>(),
CreateSessionPromise(REJECTED));
cdm_->CreateSessionAndGenerateRequest(
CdmSessionType::kTemporary, EmeInitDataType::KEYIDS,
std::vector<uint8_t>(), CreateSessionPromise(REJECTED));
}
TEST_P(AesDecryptorTest, CreateSessionWithVariousLengthInitData_WebM) {
std::vector<uint8_t> init_data;
init_data.resize(1);
EXPECT_CALL(cdm_client_, OnSessionMessage(NotEmpty(), _, IsJSONDictionary()));
cdm_->CreateSessionAndGenerateRequest(
CdmSessionType::kTemporary, EmeInitDataType::WEBM,
std::vector<uint8_t>(init_data), CreateSessionPromise(RESOLVED));
init_data.resize(16); // The expected size.
EXPECT_CALL(cdm_client_, OnSessionMessage(NotEmpty(), _, IsJSONDictionary()));
cdm_->CreateSessionAndGenerateRequest(
CdmSessionType::kTemporary, EmeInitDataType::WEBM,
std::vector<uint8_t>(init_data), CreateSessionPromise(RESOLVED));
init_data.resize(512);
EXPECT_CALL(cdm_client_, OnSessionMessage(NotEmpty(), _, IsJSONDictionary()));
cdm_->CreateSessionAndGenerateRequest(
CdmSessionType::kTemporary, EmeInitDataType::WEBM,
std::vector<uint8_t>(init_data), CreateSessionPromise(RESOLVED));
init_data.resize(513);
cdm_->CreateSessionAndGenerateRequest(
CdmSessionType::kTemporary, EmeInitDataType::WEBM,
std::vector<uint8_t>(init_data), CreateSessionPromise(REJECTED));
}
TEST_P(AesDecryptorTest, MultipleCreateSession) {
EXPECT_CALL(cdm_client_, OnSessionMessage(NotEmpty(), _, IsJSONDictionary()));
cdm_->CreateSessionAndGenerateRequest(
CdmSessionType::kTemporary, EmeInitDataType::WEBM,
std::vector<uint8_t>(1), CreateSessionPromise(RESOLVED));
EXPECT_CALL(cdm_client_, OnSessionMessage(NotEmpty(), _, IsJSONDictionary()));
cdm_->CreateSessionAndGenerateRequest(
CdmSessionType::kTemporary, EmeInitDataType::WEBM,
std::vector<uint8_t>(1), CreateSessionPromise(RESOLVED));
EXPECT_CALL(cdm_client_, OnSessionMessage(NotEmpty(), _, IsJSONDictionary()));
cdm_->CreateSessionAndGenerateRequest(
CdmSessionType::kTemporary, EmeInitDataType::WEBM,
std::vector<uint8_t>(1), CreateSessionPromise(RESOLVED));
}
TEST_P(AesDecryptorTest, CreateSessionWithCencInitData) {
const uint8_t init_data[] = {
0x00, 0x00, 0x00, 0x44, // size = 68
0x70, 0x73, 0x73, 0x68, // 'pssh'
0x01, // version
0x00, 0x00, 0x00, // flags
0x10, 0x77, 0xEF, 0xEC, 0xC0, 0xB2, 0x4D, 0x02, // SystemID
0xAC, 0xE3, 0x3C, 0x1E, 0x52, 0xE2, 0xFB, 0x4B,
0x00, 0x00, 0x00, 0x02, // key count
0x7E, 0x57, 0x1D, 0x03, 0x7E, 0x57, 0x1D, 0x03, // key1
0x7E, 0x57, 0x1D, 0x03, 0x7E, 0x57, 0x1D, 0x03,
0x7E, 0x57, 0x1D, 0x04, 0x7E, 0x57, 0x1D, 0x04, // key2
0x7E, 0x57, 0x1D, 0x04, 0x7E, 0x57, 0x1D, 0x04,
0x00, 0x00, 0x00, 0x00 // datasize
};
EXPECT_CALL(cdm_client_, OnSessionMessage(NotEmpty(), _, IsJSONDictionary()));
cdm_->CreateSessionAndGenerateRequest(
CdmSessionType::kTemporary, EmeInitDataType::CENC,
std::vector<uint8_t>(init_data, init_data + base::size(init_data)),
CreateSessionPromise(RESOLVED));
}
TEST_P(AesDecryptorTest, CreateSessionWithKeyIdsInitData) {
const char init_data[] =
"{\"kids\":[\"AQI\",\"AQIDBA\",\"AQIDBAUGBwgJCgsMDQ4PEA\"]}";
EXPECT_CALL(cdm_client_, OnSessionMessage(NotEmpty(), _, IsJSONDictionary()));
cdm_->CreateSessionAndGenerateRequest(
CdmSessionType::kTemporary, EmeInitDataType::KEYIDS,
std::vector<uint8_t>(init_data, init_data + base::size(init_data) - 1),
CreateSessionPromise(RESOLVED));
}
TEST_P(AesDecryptorTest, NormalDecryption) {
std::string session_id = CreateSession(key_id_);
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
encrypted_data_, key_id_, iv_, no_subsample_entries_);
DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS);
}
TEST_P(AesDecryptorTest, UnencryptedFrame) {
// An empty iv string signals that the frame is unencrypted.
scoped_refptr<DecoderBuffer> unencrypted_buffer =
CreateClearBuffer(original_data_);
DecryptAndExpect(unencrypted_buffer, original_data_, SUCCESS);
}
TEST_P(AesDecryptorTest, WrongKey) {
std::string session_id = CreateSession(key_id_);
UpdateSessionAndExpect(session_id, kWrongKeyAsJWK, RESOLVED, true);
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
encrypted_data_, key_id_, iv_, no_subsample_entries_);
DecryptAndExpect(encrypted_buffer, original_data_, DATA_MISMATCH);
}
TEST_P(AesDecryptorTest, NoKey) {
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
encrypted_data_, key_id_, iv_, no_subsample_entries_);
EXPECT_CALL(*this, BufferDecrypted(AesDecryptor::kNoKey, IsNull()));
decryptor_->Decrypt(Decryptor::kVideo, encrypted_buffer,
base::BindOnce(&AesDecryptorTest::BufferDecrypted,
base::Unretained(this)));
}
TEST_P(AesDecryptorTest, KeyReplacement) {
std::string session_id = CreateSession(key_id_);
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
encrypted_data_, key_id_, iv_, no_subsample_entries_);
UpdateSessionAndExpect(session_id, kWrongKeyAsJWK, RESOLVED, true);
ASSERT_NO_FATAL_FAILURE(
DecryptAndExpect(encrypted_buffer, original_data_, DATA_MISMATCH));
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, false);
ASSERT_NO_FATAL_FAILURE(
DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
}
TEST_P(AesDecryptorTest, WrongSizedKey) {
std::string session_id = CreateSession(key_id_);
UpdateSessionAndExpect(session_id, kWrongSizedKeyAsJWK, REJECTED, true);
}
TEST_P(AesDecryptorTest, MultipleKeysAndFrames) {
std::string session_id = CreateSession(key_id_);
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
encrypted_data_, key_id_, iv_, no_subsample_entries_);
ASSERT_NO_FATAL_FAILURE(
DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
UpdateSessionAndExpect(session_id, kKey2AsJWK, RESOLVED, true);
// The first key is still available after we added a second key.
ASSERT_NO_FATAL_FAILURE(
DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
// The second key is also available.
encrypted_buffer = CreateEncryptedBuffer(
std::vector<uint8_t>(kEncryptedData2,
kEncryptedData2 + base::size(kEncryptedData2)),
std::vector<uint8_t>(kKeyId2, kKeyId2 + base::size(kKeyId2)),
std::vector<uint8_t>(kIv2, kIv2 + base::size(kIv2)),
no_subsample_entries_);
ASSERT_NO_FATAL_FAILURE(DecryptAndExpect(
encrypted_buffer,
std::vector<uint8_t>(kOriginalData2,
kOriginalData2 + base::size(kOriginalData2) - 1),
SUCCESS));
}
TEST_P(AesDecryptorTest, CorruptedIv) {
std::string session_id = CreateSession(key_id_);
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
std::vector<uint8_t> bad_iv = iv_;
bad_iv[1]++;
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
encrypted_data_, key_id_, bad_iv, no_subsample_entries_);
DecryptAndExpect(encrypted_buffer, original_data_, DATA_MISMATCH);
}
TEST_P(AesDecryptorTest, CorruptedData) {
std::string session_id = CreateSession(key_id_);
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
std::vector<uint8_t> bad_data = encrypted_data_;
bad_data[1]++;
scoped_refptr<DecoderBuffer> encrypted_buffer =
CreateEncryptedBuffer(bad_data, key_id_, iv_, no_subsample_entries_);
DecryptAndExpect(encrypted_buffer, original_data_, DATA_MISMATCH);
}
TEST_P(AesDecryptorTest, EncryptedAsUnencryptedFailure) {
std::string session_id = CreateSession(key_id_);
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
scoped_refptr<DecoderBuffer> unencrypted_buffer =
CreateClearBuffer(encrypted_data_);
DecryptAndExpect(unencrypted_buffer, original_data_, DATA_MISMATCH);
}
TEST_P(AesDecryptorTest, SubsampleDecryption) {
std::string session_id = CreateSession(key_id_);
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
subsample_encrypted_data_, key_id_, iv_, normal_subsample_entries_);
DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS);
}
// Ensures noninterference of data offset and subsample mechanisms. We never
// expect to encounter this in the wild, but since the DecryptConfig doesn't
// disallow such a configuration, it should be covered.
TEST_P(AesDecryptorTest, SubsampleDecryptionWithOffset) {
std::string session_id = CreateSession(key_id_);
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
subsample_encrypted_data_, key_id_, iv_, normal_subsample_entries_);
DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS);
}
TEST_P(AesDecryptorTest, SubsampleWrongSize) {
std::string session_id = CreateSession(key_id_);
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
std::vector<SubsampleEntry> subsample_entries_wrong_size(
kSubsampleEntriesWrongSize,
kSubsampleEntriesWrongSize + base::size(kSubsampleEntriesWrongSize));
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
subsample_encrypted_data_, key_id_, iv_, subsample_entries_wrong_size);
DecryptAndExpect(encrypted_buffer, original_data_, DATA_MISMATCH);
}
TEST_P(AesDecryptorTest, SubsampleInvalidTotalSize) {
std::string session_id = CreateSession(key_id_);
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
std::vector<SubsampleEntry> subsample_entries_invalid_total_size(
kSubsampleEntriesInvalidTotalSize,
kSubsampleEntriesInvalidTotalSize +
base::size(kSubsampleEntriesInvalidTotalSize));
scoped_refptr<DecoderBuffer> encrypted_buffer =
CreateEncryptedBuffer(subsample_encrypted_data_, key_id_, iv_,
subsample_entries_invalid_total_size);
DecryptAndExpect(encrypted_buffer, original_data_, DECRYPT_ERROR);
}
// No cypher bytes in any of the subsamples.
TEST_P(AesDecryptorTest, SubsampleClearBytesOnly) {
std::string session_id = CreateSession(key_id_);
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
std::vector<SubsampleEntry> clear_only_subsample_entries(
kSubsampleEntriesClearOnly,
kSubsampleEntriesClearOnly + base::size(kSubsampleEntriesClearOnly));
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
original_data_, key_id_, iv_, clear_only_subsample_entries);
DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS);
}
// No clear bytes in any of the subsamples.
TEST_P(AesDecryptorTest, SubsampleCypherBytesOnly) {
std::string session_id = CreateSession(key_id_);
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
std::vector<SubsampleEntry> cypher_only_subsample_entries(
kSubsampleEntriesCypherOnly,
kSubsampleEntriesCypherOnly + base::size(kSubsampleEntriesCypherOnly));
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
encrypted_data_, key_id_, iv_, cypher_only_subsample_entries);
DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS);
}
TEST_P(AesDecryptorTest, CloseSession) {
std::string session_id = CreateSession(key_id_);
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
encrypted_data_, key_id_, iv_, no_subsample_entries_);
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
ASSERT_NO_FATAL_FAILURE(
DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
CloseSession(session_id);
}
TEST_P(AesDecryptorTest, RemoveSession) {
std::string session_id = CreateSession(key_id_);
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
encrypted_data_, key_id_, iv_, no_subsample_entries_);
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
ASSERT_NO_FATAL_FAILURE(
DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
RemoveSession(session_id);
ASSERT_NO_FATAL_FAILURE(
DecryptAndExpect(encrypted_buffer, original_data_, NO_KEY));
}
TEST_P(AesDecryptorTest, RemoveThenCloseSession) {
std::string session_id = CreateSession(key_id_);
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
encrypted_data_, key_id_, iv_, no_subsample_entries_);
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
EXPECT_TRUE(KeysInfoContains(key_id_, CdmKeyInformation::USABLE));
ASSERT_NO_FATAL_FAILURE(
DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
RemoveSession(session_id);
EXPECT_TRUE(KeysInfoContains(key_id_, CdmKeyInformation::RELEASED));
ASSERT_NO_FATAL_FAILURE(
DecryptAndExpect(encrypted_buffer, original_data_, NO_KEY));
CloseSession(session_id);
}
TEST_P(AesDecryptorTest, NoKeyAfterCloseSession) {
std::string session_id = CreateSession(key_id_);
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
encrypted_data_, key_id_, iv_, no_subsample_entries_);
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
ASSERT_NO_FATAL_FAILURE(
DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
CloseSession(session_id);
ASSERT_NO_FATAL_FAILURE(
DecryptAndExpect(encrypted_buffer, original_data_, NO_KEY));
}
TEST_P(AesDecryptorTest, LatestKeyUsed) {
std::string session_id1 = CreateSession(key_id_);
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
encrypted_data_, key_id_, iv_, no_subsample_entries_);
// Add alternate key, buffer should not be decoded properly.
UpdateSessionAndExpect(session_id1, kKeyAlternateAsJWK, RESOLVED, true);
ASSERT_NO_FATAL_FAILURE(
DecryptAndExpect(encrypted_buffer, original_data_, DATA_MISMATCH));
// Create a second session with a correct key value for key_id_.
std::string session_id2 = CreateSession(key_id_);
UpdateSessionAndExpect(session_id2, kKeyAsJWK, RESOLVED, true);
// Should be able to decode with latest key.
ASSERT_NO_FATAL_FAILURE(
DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
}
TEST_P(AesDecryptorTest, LatestKeyUsedAfterCloseSession) {
std::string session_id1 = CreateSession(key_id_);
scoped_refptr<DecoderBuffer> encrypted_buffer = CreateEncryptedBuffer(
encrypted_data_, key_id_, iv_, no_subsample_entries_);
UpdateSessionAndExpect(session_id1, kKeyAsJWK, RESOLVED, true);
ASSERT_NO_FATAL_FAILURE(
DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
// Create a second session with a different key value for key_id_.
std::string session_id2 = CreateSession(key_id_);
UpdateSessionAndExpect(session_id2, kKeyAlternateAsJWK, RESOLVED, true);
// Should not be able to decode with new key.
ASSERT_NO_FATAL_FAILURE(
DecryptAndExpect(encrypted_buffer, original_data_, DATA_MISMATCH));
// Close second session, should revert to original key.
CloseSession(session_id2);
ASSERT_NO_FATAL_FAILURE(
DecryptAndExpect(encrypted_buffer, original_data_, SUCCESS));
}
TEST_P(AesDecryptorTest, JWKKey) {
std::string session_id = CreateSession(key_id_);
// Try a simple JWK key (i.e. not in a set)
const std::string kJwkSimple =
"{"
" \"kty\": \"oct\","
" \"alg\": \"A128KW\","
" \"kid\": \"AAECAwQFBgcICQoLDA0ODxAREhM\","
" \"k\": \"FBUWFxgZGhscHR4fICEiIw\""
"}";
UpdateSessionAndExpect(session_id, kJwkSimple, REJECTED, true);
// Try a key list with multiple entries.
const std::string kJwksMultipleEntries =
"{"
" \"keys\": ["
" {"
" \"kty\": \"oct\","
" \"alg\": \"A128KW\","
" \"kid\": \"AAECAwQFBgcICQoLDA0ODxAREhM\","
" \"k\": \"FBUWFxgZGhscHR4fICEiIw\""
" },"
" {"
" \"kty\": \"oct\","
" \"alg\": \"A128KW\","
" \"kid\": \"JCUmJygpKissLS4vMA\","
" \"k\":\"MTIzNDU2Nzg5Ojs8PT4_QA\""
" }"
" ]"
"}";
UpdateSessionAndExpect(session_id, kJwksMultipleEntries, RESOLVED, true);
// Try a key with no spaces and some \n plus additional fields.
const std::string kJwksNoSpaces =
"\n\n{\"something\":1,\"keys\":[{\n\n\"kty\":\"oct\",\"alg\":\"A128KW\","
"\"kid\":\"AQIDBAUGBwgJCgsMCg4PAA\",\"k\":\"GawgguFyGrWKav7AX4VKUg"
"\",\"foo\":\"bar\"}]}\n\n";
UpdateSessionAndExpect(session_id, kJwksNoSpaces, RESOLVED, true);
// Try some non-ASCII characters.
UpdateSessionAndExpect(session_id,
"This is not ASCII due to \xff\xfe\xfd in it.",
REJECTED, true);
// Try a badly formatted key. Assume that the JSON parser is fully tested,
// so we won't try a lot of combinations. However, need a test to ensure
// that the code doesn't crash if invalid JSON received.
UpdateSessionAndExpect(session_id, "This is not a JSON key.", REJECTED, true);
// Try passing some valid JSON that is not a dictionary at the top level.
UpdateSessionAndExpect(session_id, "40", REJECTED, true);
// Try an empty dictionary.
UpdateSessionAndExpect(session_id, "{ }", REJECTED, true);
// Try an empty 'keys' dictionary.
UpdateSessionAndExpect(session_id, "{ \"keys\": [] }", REJECTED, true);
// Try with 'keys' not a dictionary.
UpdateSessionAndExpect(session_id, "{ \"keys\":\"1\" }", REJECTED, true);
// Try with 'keys' a list of integers.
UpdateSessionAndExpect(session_id, "{ \"keys\": [ 1, 2, 3 ] }", REJECTED,
true);
// Try padding(=) at end of 'k' base64 string.
const std::string kJwksWithPaddedKey =
"{"
" \"keys\": ["
" {"
" \"kty\": \"oct\","
" \"alg\": \"A128KW\","
" \"kid\": \"AAECAw\","
" \"k\": \"BAUGBwgJCgsMDQ4PEBESEw==\""
" }"
" ]"
"}";
UpdateSessionAndExpect(session_id, kJwksWithPaddedKey, REJECTED, true);
// Try padding(=) at end of 'kid' base64 string.
const std::string kJwksWithPaddedKeyId =
"{"
" \"keys\": ["
" {"
" \"kty\": \"oct\","
" \"alg\": \"A128KW\","
" \"kid\": \"AAECAw==\","
" \"k\": \"BAUGBwgJCgsMDQ4PEBESEw\""
" }"
" ]"
"}";
UpdateSessionAndExpect(session_id, kJwksWithPaddedKeyId, REJECTED, true);
// Try a key with invalid base64 encoding.
const std::string kJwksWithInvalidBase64 =
"{"
" \"keys\": ["
" {"
" \"kty\": \"oct\","
" \"alg\": \"A128KW\","
" \"kid\": \"!@#$%^&*()\","
" \"k\": \"BAUGBwgJCgsMDQ4PEBESEw\""
" }"
" ]"
"}";
UpdateSessionAndExpect(session_id, kJwksWithInvalidBase64, REJECTED, true);
// Try a 3-byte 'kid' where no base64 padding is required.
// |kJwksMultipleEntries| above has 2 'kid's that require 1 and 2 padding
// bytes. Note that 'k' has to be 16 bytes, so it will always require padding.
const std::string kJwksWithNoPadding =
"{"
" \"keys\": ["
" {"
" \"kty\": \"oct\","
" \"alg\": \"A128KW\","
" \"kid\": \"Kiss\","
" \"k\": \"BAUGBwgJCgsMDQ4PEBESEw\""
" }"
" ]"
"}";
UpdateSessionAndExpect(session_id, kJwksWithNoPadding, RESOLVED, true);
// Empty key id.
const std::string kJwksWithEmptyKeyId =
"{"
" \"keys\": ["
" {"
" \"kty\": \"oct\","
" \"alg\": \"A128KW\","
" \"kid\": \"\","
" \"k\": \"BAUGBwgJCgsMDQ4PEBESEw\""
" }"
" ]"
"}";
UpdateSessionAndExpect(session_id, kJwksWithEmptyKeyId, REJECTED, true);
CloseSession(session_id);
}
TEST_P(AesDecryptorTest, GetKeyIds) {
std::vector<uint8_t> key_id1(kKeyId, kKeyId + base::size(kKeyId));
std::vector<uint8_t> key_id2(kKeyId2, kKeyId2 + base::size(kKeyId2));
std::string session_id = CreateSession(key_id_);
EXPECT_FALSE(KeysInfoContains(key_id1));
EXPECT_FALSE(KeysInfoContains(key_id2));
// Add 1 key, verify it is returned.
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
EXPECT_TRUE(KeysInfoContains(key_id1));
EXPECT_FALSE(KeysInfoContains(key_id2));
// Add second key, verify both IDs returned.
UpdateSessionAndExpect(session_id, kKey2AsJWK, RESOLVED, true);
EXPECT_TRUE(KeysInfoContains(key_id1));
EXPECT_TRUE(KeysInfoContains(key_id2));
}
TEST_P(AesDecryptorTest, NoKeysChangeForSameKey) {
std::vector<uint8_t> key_id(kKeyId, kKeyId + base::size(kKeyId));
std::string session_id = CreateSession(key_id_);
EXPECT_FALSE(KeysInfoContains(key_id));
// Add key, verify it is returned.
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, true);
EXPECT_TRUE(KeysInfoContains(key_id));
// Add key a second time.
UpdateSessionAndExpect(session_id, kKeyAsJWK, RESOLVED, false);
EXPECT_TRUE(KeysInfoContains(key_id));
// Create a new session. Add key, should indicate key added for this session.
std::string session_id2 = CreateSession(key_id_);
UpdateSessionAndExpect(session_id2, kKeyAsJWK, RESOLVED, true);
}
TEST_P(AesDecryptorTest, RandomSessionIDs) {
std::vector<uint8_t> key_id(kKeyId, kKeyId + base::size(kKeyId));
const size_t kNumIterations = 25;
std::set<std::string> seen_sessions;
for (size_t i = 0; i < kNumIterations; ++i) {
std::string session_id = CreateSession(key_id_);
EXPECT_TRUE(seen_sessions.find(session_id) == seen_sessions.end());
EXPECT_EQ(16u, session_id.length());
seen_sessions.insert(session_id);
}
EXPECT_EQ(kNumIterations, seen_sessions.size());
}
INSTANTIATE_TEST_SUITE_P(AesDecryptor,
AesDecryptorTest,
testing::Values(TestType::kAesDecryptor));
#if BUILDFLAG(ENABLE_LIBRARY_CDMS)
INSTANTIATE_TEST_SUITE_P(CdmAdapter,
AesDecryptorTest,
testing::Values(TestType::kCdmAdapter));
#endif
// TODO(jrummell): Once MojoCdm/MojoCdmService/MojoDecryptor/
// MojoDecryptorService are implemented, add a third version that tests the
// CDM via mojo.
} // namespace media