Add support for v0.3 of the encrypted WebM specification. (Revert Fix)

media/crypto/aes_decryptor_unittest.cc

Index: media/crypto/aes_decryptor_unittest.cc
diff --git a/media/crypto/aes_decryptor_unittest.cc b/media/crypto/aes_decryptor_unittest.cc
index 12df91ac5aedf3129c3393ab3102d05e8aa044c7..893fff2161dfc4ec6cd942478cfc78ba094892c7 100644
--- a/media/crypto/aes_decryptor_unittest.cc
+++ b/media/crypto/aes_decryptor_unittest.cc
@@ -41,7 +41,8 @@ struct WebmEncryptedData {
 static const char kClearKeySystem[] = "org.w3.clearkey";
 
 // Frames 0 & 1 are encrypted with the same key. Frame 2 is encrypted with a
-// different key.
+// different key. Frame 3 has the same HMAC key as frame 2, but frame 3 is
+// unencrypted.
 const WebmEncryptedData kWebmEncryptedFrames[] = {
   {
     // plaintext
@@ -50,18 +51,18 @@ const WebmEncryptedData kWebmEncryptedFrames[] = {
     { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
       0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
       0x10, 0x11, 0x12, 0x13
-    }, 20,
+      }, 20,
     // key
     { 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
       0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23
-    }, 16,
+      }, 16,
     // encrypted_data
-    { 0xfb, 0xe7, 0x1d, 0xbb, 0x4c, 0x23, 0xce, 0xba,
-      0xcc, 0xf8, 0xda, 0xc0, 0xff, 0xff, 0xff, 0xff,
-      0xff, 0xff, 0xff, 0xff, 0x99, 0xaa, 0xff, 0xb7,
-      0x74, 0x02, 0x4e, 0x1c, 0x75, 0x3d, 0xee, 0xcb,
-      0x64, 0xf7
-    }, 34
+    { 0x3c, 0x4e, 0xb8, 0xd9, 0x5c, 0x20, 0x48, 0x18,
+      0x4f, 0x03, 0x74, 0xa1, 0x01, 0xff, 0xff, 0xff,
+      0xff, 0xff, 0xff, 0xff, 0xff, 0x99, 0xaa, 0xff,
+      0xb7, 0x74, 0x02, 0x4e, 0x1c, 0x75, 0x3d, 0xee,
+      0xcb, 0x64, 0xf7
+      }, 35
   },
   {
     // plaintext
@@ -70,19 +71,19 @@ const WebmEncryptedData kWebmEncryptedFrames[] = {
     { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
       0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
       0x10, 0x11, 0x12, 0x13
-    }, 20,
+      }, 20,
     // key
     { 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
       0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23
-    }, 16,
+      }, 16,
     // encrypted_data
-    { 0x43, 0xe4, 0x78, 0x7a, 0x43, 0xe1, 0x49, 0xbb,
-      0x44, 0x38, 0xdf, 0xfc, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0xec, 0x8e, 0x87, 0x21,
-      0xd3, 0xb9, 0x1c, 0x61, 0xf6, 0x5a, 0x60, 0xaa,
-      0x07, 0x0e, 0x96, 0xd0, 0x54, 0x5d, 0x35, 0x9a,
-      0x4a, 0xd3
-    }, 42
+    { 0xe8, 0x4c, 0x51, 0x33, 0x14, 0x0d, 0xc7, 0x17,
+      0x32, 0x60, 0xc9, 0xd0, 0x01, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0xec, 0x8e, 0x87,
+      0x21, 0xd3, 0xb9, 0x1c, 0x61, 0xf6, 0x5a, 0x60,
+      0xaa, 0x07, 0x0e, 0x96, 0xd0, 0x54, 0x5d, 0x35,
+      0x9a, 0x4a, 0xd3
+      }, 43
   },
   {
     // plaintext
@@ -90,60 +91,42 @@ const WebmEncryptedData kWebmEncryptedFrames[] = {
     // key_id
     { 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
       0x2c, 0x2d, 0x2e, 0x2f, 0x30
-    }, 13,
+      }, 13,
     // key
     { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
       0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40
-    }, 16,
+      }, 16,
     // encrypted_data
-    { 0xd9, 0x43, 0x30, 0xfd, 0x82, 0x77, 0x62, 0x04,
-      0x08, 0xc2, 0x48, 0x89, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x01, 0x48, 0x5e, 0x4a, 0x41,
-      0x2a, 0x8b, 0xf4, 0xc6, 0x47, 0x54, 0x90, 0x34,
-      0xf4, 0x8b
-    }, 34
+    { 0x46, 0x93, 0x8c, 0x93, 0x48, 0xf9, 0xeb, 0x30,
+      0x74, 0x55, 0x6b, 0xf2, 0x01, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x01, 0x48, 0x5e, 0x4a,
+      0x41, 0x2a, 0x8b, 0xf4, 0xc6, 0x47, 0x54, 0x90,
+      0x34, 0xf4, 0x8b
+      }, 35
+  },
+  {
+    // plaintext
+    "Changed Original data.", 22,
+    // key_id
+    { 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
+      0x2c, 0x2d, 0x2e, 0x2f, 0x30
+      }, 13,
+    // key
+    { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
+      0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40
+      }, 16,
+    // encrypted_data
+    { 0xee, 0xd6, 0xf5, 0x64, 0x5f, 0xe0, 0x6a, 0xa2,
+      0x9e, 0xd6, 0xce, 0x34, 0x00, 0x43, 0x68, 0x61,
+      0x6e, 0x67, 0x65, 0x64, 0x20, 0x4f, 0x72, 0x69,
+      0x67, 0x69, 0x6e, 0x61, 0x6c, 0x20, 0x64, 0x61,
+      0x74, 0x61, 0x2e
+      }, 35
   }
 };
 
-static const uint8 kWebmWrongKey[] = {
-  0x49, 0x27, 0x6d, 0x20, 0x61, 0x20, 0x77, 0x72,
-  0x6f, 0x6e, 0x67, 0x20, 0x6b, 0x65, 0x79, 0x2e
-};
 static const uint8 kWebmWrongSizedKey[] = { 0x20, 0x20 };
 
-// This is the encrypted data from frame 0 of |kWebmEncryptedFrames| except
-// byte 0 is changed from 0xfb to 0xfc. Bytes 0-11 of WebM encrypted data
-// contains the HMAC.
-static const uint8 kWebmFrame0HmacDataChanged[] = {
-  0xfc, 0xe7, 0x1d, 0xbb, 0x4c, 0x23, 0xce, 0xba,
-  0xcc, 0xf8, 0xda, 0xc0, 0xff, 0xff, 0xff, 0xff,
-  0xff, 0xff, 0xff, 0xff, 0x99, 0xaa, 0xff, 0xb7,
-  0x74, 0x02, 0x4e, 0x1c, 0x75, 0x3d, 0xee, 0xcb,
-  0x64, 0xf7
-};
-
-// This is the encrypted data from frame 0 of |kWebmEncryptedFrames| except
-// byte 12 is changed from 0xff to 0x0f. Bytes 12-19 of WebM encrypted data
-// contains the IV.
-static const uint8 kWebmFrame0IvDataChanged[] = {
-  0xfb, 0xe7, 0x1d, 0xbb, 0x4c, 0x23, 0xce, 0xba,
-  0xcc, 0xf8, 0xda, 0xc0, 0x0f, 0xff, 0xff, 0xff,
-  0xff, 0xff, 0xff, 0xff, 0x99, 0xaa, 0xff, 0xb7,
-  0x74, 0x02, 0x4e, 0x1c, 0x75, 0x3d, 0xee, 0xcb,
-  0x64, 0xf7
-};
-
-// This is the encrypted data from frame 0 of |kWebmEncryptedFrames| except
-// byte 33 is changed from 0xf7 to 0xf8. Bytes 20+ of WebM encrypted data
-// contains the encrypted frame.
-static const uint8 kWebmFrame0FrameDataChanged[] = {
-  0xfb, 0xe7, 0x1d, 0xbb, 0x4c, 0x23, 0xce, 0xba,
-  0xcc, 0xf8, 0xda, 0xc0, 0xff, 0xff, 0xff, 0xff,
-  0xff, 0xff, 0xff, 0xff, 0x99, 0xaa, 0xff, 0xb7,
-  0x74, 0x02, 0x4e, 0x1c, 0x75, 0x3d, 0xee, 0xcb,
-  0x64, 0xf8
-};
-
 static const uint8 kSubsampleOriginalData[] = "Original subsample data.";
 static const int kSubsampleOriginalDataSize = 24;
 
@@ -192,22 +175,18 @@ static std::string GenerateCounterBlock(const uint8* iv, int iv_size) {
   const int kDecryptionKeySize = 16;
   CHECK_GT(iv_size, 0);
   CHECK_LE(iv_size, kDecryptionKeySize);
-  char counter_block_data[kDecryptionKeySize];
-
-  // Set the IV.
-  memcpy(counter_block_data, iv, iv_size);
-
-  // Set block counter to all 0's.
-  memset(counter_block_data + iv_size, 0, kDecryptionKeySize - iv_size);
 
-  return std::string(counter_block_data, kDecryptionKeySize);
+  std::string counter_block(reinterpret_cast<const char*>(iv), iv_size);
+  counter_block.append(kDecryptionKeySize - iv_size, 0);
+  return counter_block;
 }
 
 // Creates a WebM encrypted buffer that the demuxer would pass to the
 // decryptor. |data| is the payload of a WebM encrypted Block. |key_id| is
 // initialization data from the WebM file. Every encrypted Block has
-// an HMAC and IV prepended to an encrypted frame. Current encrypted WebM
-// request for comments specification is here
+// an HMAC and a signal byte prepended to a frame. If the frame is encrypted
+// then an IV is prepended to the Block. Current encrypted WebM request for
+// comments specification is here
 // http://wiki.webmproject.org/encryption/webm-encryption-rfc
 static scoped_refptr<DecoderBuffer> CreateWebMEncryptedBuffer(
     const uint8* data, int data_size,
@@ -216,17 +195,29 @@ static scoped_refptr<DecoderBuffer> CreateWebMEncryptedBuffer(
       data + kWebMHmacSize, data_size - kWebMHmacSize);
   CHECK(encrypted_buffer);
 
-  uint64 network_iv;
-  memcpy(&network_iv, data + kWebMHmacSize, sizeof(network_iv));
-  const uint64 iv = base::NetToHost64(network_iv);
-  std::string webm_iv =
-      GenerateCounterBlock(reinterpret_cast<const uint8*>(&iv), sizeof(iv));
+  uint8 signal_byte = data[kWebMHmacSize];
+  int data_offset = sizeof(signal_byte);
+
+  // Setting the DecryptConfig object of the buffer while leaving the
+  // initialization vector empty will tell the decryptor that the frame is
+  // unencrypted but integrity should still be checked.
+  std::string counter_block_str;
+
+  if (signal_byte & kWebMFlagEncryptedFrame) {
+    uint64 network_iv;
+    memcpy(&network_iv, data + kWebMHmacSize + data_offset, sizeof(network_iv));
+    const uint64 iv = base::NetToHost64(network_iv);
+    counter_block_str =
+        GenerateCounterBlock(reinterpret_cast<const uint8*>(&iv), sizeof(iv));
+    data_offset += sizeof(iv);
+  }
+
   encrypted_buffer->SetDecryptConfig(
       scoped_ptr<DecryptConfig>(new DecryptConfig(
           std::string(reinterpret_cast<const char*>(key_id), key_id_size),
-          webm_iv,
+          counter_block_str,
           std::string(reinterpret_cast<const char*>(data), kWebMHmacSize),
-          sizeof(iv),
+          data_offset,
           std::vector<SubsampleEntry>())));
   return encrypted_buffer;
 }
@@ -324,11 +315,31 @@ TEST_F(AesDecryptorTest, NormalWebMDecryption) {
                                                     frame.plain_text_size));
 }
 
+TEST_F(AesDecryptorTest, UnencryptedFrameWebMDecryption) {
+  const WebmEncryptedData& frame = kWebmEncryptedFrames[3];
+  GenerateKeyRequest(frame.key_id, frame.key_id_size);
+  AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size,
+                           frame.key, frame.key_size);
+  scoped_refptr<DecoderBuffer> encrypted_data =
+      CreateWebMEncryptedBuffer(frame.encrypted_data,
+                                frame.encrypted_data_size,
+                                frame.key_id, frame.key_id_size);
+  ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToSucceed(encrypted_data,
+                                                    frame.plain_text,
+                                                    frame.plain_text_size));
+}
+
 TEST_F(AesDecryptorTest, WrongKey) {
   const WebmEncryptedData& frame = kWebmEncryptedFrames[0];
   GenerateKeyRequest(frame.key_id, frame.key_id_size);
+
+  // Change the first byte of the key.
+  scoped_array<uint8> wrong_key(new uint8[frame.key_size]);
+  memcpy(wrong_key.get(), frame.key, frame.key_size);
+  wrong_key[0]++;

[xhwang, 2012/08/01 23:15:39]

nit: I feel we have too many of this scoped_array/memcpy pattern in
AesDecryptorTest. But I don't find a better solution either. If you have a
better idea, improve it, or just leave it as is.

[fgalligan1, 2012/08/01 23:49:58]

Changed to vector<uint8>, which removes the memcpy line.

[xhwang, 2012/08/02 00:00:22]

Why wrong_key is not vector<uint8> ?

[fgalligan1, 2012/08/02 00:13:31]

Missed it before I left. Fixed.

+
   AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size,
-                           kWebmWrongKey, arraysize(kWebmWrongKey));
+                           wrong_key.get(), frame.key_size);
   scoped_refptr<DecoderBuffer> encrypted_data =
       CreateWebMEncryptedBuffer(frame.encrypted_data,
                                 frame.encrypted_data_size,
@@ -339,8 +350,14 @@ TEST_F(AesDecryptorTest, WrongKey) {
 TEST_F(AesDecryptorTest, KeyReplacement) {
   const WebmEncryptedData& frame = kWebmEncryptedFrames[0];
   GenerateKeyRequest(frame.key_id, frame.key_id_size);
+
+  // Change the first byte of the key.
+  scoped_array<uint8> wrong_key(new uint8[frame.key_size]);
+  memcpy(wrong_key.get(), frame.key, frame.key_size);
+  wrong_key[0]++;
+
   AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size,
-                           kWebmWrongKey, arraysize(kWebmWrongKey));
+                           wrong_key.get(), frame.key_size);
   scoped_refptr<DecoderBuffer> encrypted_data =
       CreateWebMEncryptedBuffer(frame.encrypted_data,
                                 frame.encrypted_data_size,
@@ -401,8 +418,16 @@ TEST_F(AesDecryptorTest, HmacCheckFailure) {
   GenerateKeyRequest(frame.key_id, frame.key_id_size);
   AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size,
                            frame.key, frame.key_size);
+
+  // Change byte 0 to modify the HMAC. Bytes 0-11 of WebM encrypted data
+  // contains the HMAC.
+  scoped_array<uint8> frame_with_bad_hmac(new uint8[frame.encrypted_data_size]);
+  memcpy(frame_with_bad_hmac.get(), frame.encrypted_data,
+         frame.encrypted_data_size);
+  frame_with_bad_hmac[0]++;
+
   scoped_refptr<DecoderBuffer> encrypted_data =
-      CreateWebMEncryptedBuffer(kWebmFrame0HmacDataChanged,
+      CreateWebMEncryptedBuffer(frame_with_bad_hmac.get(),
                                 frame.encrypted_data_size,
                                 frame.key_id, frame.key_id_size);
   ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data));
@@ -413,8 +438,16 @@ TEST_F(AesDecryptorTest, IvCheckFailure) {
   GenerateKeyRequest(frame.key_id, frame.key_id_size);
   AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size,
                            frame.key, frame.key_size);
+
+  // Change byte 13 to modify the IV. Bytes 13-20 of WebM encrypted data
+  // contains the IV.
+  scoped_array<uint8> frame_with_bad_iv(new uint8[frame.encrypted_data_size]);
+  memcpy(frame_with_bad_iv.get(), frame.encrypted_data,
+         frame.encrypted_data_size);
+  frame_with_bad_iv[kWebMHmacSize + 1]++;
+
   scoped_refptr<DecoderBuffer> encrypted_data =
-      CreateWebMEncryptedBuffer(kWebmFrame0IvDataChanged,
+      CreateWebMEncryptedBuffer(frame_with_bad_iv.get(),
                                 frame.encrypted_data_size,
                                 frame.key_id, frame.key_id_size);
   ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data));
@@ -425,8 +458,54 @@ TEST_F(AesDecryptorTest, DataCheckFailure) {
   GenerateKeyRequest(frame.key_id, frame.key_id_size);
   AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size,
                            frame.key, frame.key_size);
+
+  // Change last byte to modify the data. Bytes 21+ of WebM encrypted data
+  // contains the encrypted frame.
+  scoped_array<uint8> frame_with_bad_data(new uint8[frame.encrypted_data_size]);
+  memcpy(frame_with_bad_data.get(), frame.encrypted_data,
+         frame.encrypted_data_size);
+  frame_with_bad_data[frame.encrypted_data_size - 1]++;
+
+  scoped_refptr<DecoderBuffer> encrypted_data =
+      CreateWebMEncryptedBuffer(frame_with_bad_data.get(),
+                                frame.encrypted_data_size,
+                                frame.key_id, frame.key_id_size);
+  ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data));
+}
+
+TEST_F(AesDecryptorTest, EncryptedAsUnencryptedFailure) {
+  const WebmEncryptedData& frame = kWebmEncryptedFrames[0];
+  GenerateKeyRequest(frame.key_id, frame.key_id_size);
+  AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size,
+                           frame.key, frame.key_size);
+
+  // Change signal byte from an encrypted frame to an unencrypted frame. Byte
+  // 12 of WebM encrypted data contains the signal byte.
+  scoped_array<uint8> frame_change(new uint8[frame.encrypted_data_size]);

[xhwang, 2012/08/01 23:15:39]

nit: Can this name be more specific? e.g. frame_with_wrong_signal_byte or
signal_byte_altered_frame or something better? 

[fgalligan1, 2012/08/01 23:49:58]

Done.

+  memcpy(frame_change.get(), frame.encrypted_data, frame.encrypted_data_size);
+  frame_change[kWebMHmacSize] = 0;
+
+  scoped_refptr<DecoderBuffer> encrypted_data =
+      CreateWebMEncryptedBuffer(frame_change.get(),
+                                frame.encrypted_data_size,
+                                frame.key_id, frame.key_id_size);
+  ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data));
+}
+
+TEST_F(AesDecryptorTest, UnencryptedAsEncryptedFailure) {
+  const WebmEncryptedData& frame = kWebmEncryptedFrames[3];
+  GenerateKeyRequest(frame.key_id, frame.key_id_size);
+  AddKeyAndExpectToSucceed(frame.key_id, frame.key_id_size,
+                           frame.key, frame.key_size);
+
+  // Change signal byte from an unencrypted frame to an encrypted frame. Byte
+  // 12 of WebM encrypted data contains the signal byte.
+  scoped_array<uint8> frame_change(new uint8[frame.encrypted_data_size]);

[xhwang, 2012/08/01 23:15:39]

ditto

[fgalligan1, 2012/08/01 23:49:58]

Done.

+  memcpy(frame_change.get(), frame.encrypted_data, frame.encrypted_data_size);
+  frame_change[kWebMHmacSize] = kWebMFlagEncryptedFrame;
+
   scoped_refptr<DecoderBuffer> encrypted_data =
-      CreateWebMEncryptedBuffer(kWebmFrame0FrameDataChanged,
+      CreateWebMEncryptedBuffer(frame_change.get(),
                                 frame.encrypted_data_size,
                                 frame.key_id, frame.key_id_size);
   ASSERT_NO_FATAL_FAILURE(DecryptAndExpectToFail(encrypted_data));