Add tests to validate key length for clearkey plugin. am: cc77a50e96
am: 01802815eb
Change-Id: I298891316951cc6ba5f000b796fb60c0b4f76290
diff --git a/drm/1.0/vts/functional/drm_hal_clearkey_test.cpp b/drm/1.0/vts/functional/drm_hal_clearkey_test.cpp
index 4652c76..a110eb1 100644
--- a/drm/1.0/vts/functional/drm_hal_clearkey_test.cpp
+++ b/drm/1.0/vts/functional/drm_hal_clearkey_test.cpp
@@ -89,6 +89,10 @@
0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80,
0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80};
+static const uint32_t k256SubSampleByteCount = 256;
+static const uint32_t k512SubSampleClearBytes = 512;
+static const uint32_t k512SubSampleEncryptedBytes = 512;
+
class DrmHalClearkeyFactoryTest : public ::testing::VtsHalHidlTargetTestBase {
public:
virtual void SetUp() override {
@@ -965,6 +969,8 @@
const hidl_vec<SubSample>& subSamples, const vector<uint8_t>& key);
void aes_cbc_decrypt(uint8_t* dest, uint8_t* src, uint8_t* iv,
const hidl_vec<SubSample>& subSamples, const vector<uint8_t>& key);
+ void decryptWithInvalidKeys(hidl_vec<uint8_t>& invalidResponse,
+ vector<uint8_t>& iv, const Pattern& noPattern, const vector<SubSample>& subSamples);
};
void DrmHalClearkeyDecryptTest::fillRandom(const sp<IMemory>& memory) {
@@ -1119,16 +1125,14 @@
closeSession(sessionId);
}
-
/**
* Positive decrypt test. "Decrypt" a single clear segment
*/
TEST_F(DrmHalClearkeyDecryptTest, ClearSegmentTest) {
vector<uint8_t> iv(AES_BLOCK_SIZE, 0);
const Pattern noPattern = {0, 0};
- const uint32_t kByteCount = 256;
const vector<SubSample> subSamples = {
- {.numBytesOfClearData = kByteCount,
+ {.numBytesOfClearData = k256SubSampleByteCount,
.numBytesOfEncryptedData = 0}};
auto sessionId = openSession();
loadKeys(sessionId);
@@ -1138,7 +1142,7 @@
uint32_t byteCount = decrypt(Mode::UNENCRYPTED, &iv[0], subSamples,
noPattern, Status::OK);
- EXPECT_EQ(kByteCount, byteCount);
+ EXPECT_EQ(k256SubSampleByteCount, byteCount);
closeSession(sessionId);
}
@@ -1150,12 +1154,9 @@
TEST_F(DrmHalClearkeyDecryptTest, EncryptedAesCtrSegmentTest) {
vector<uint8_t> iv(AES_BLOCK_SIZE, 0);
const Pattern noPattern = {0, 0};
- const uint32_t kClearBytes = 512;
- const uint32_t kEncryptedBytes = 512;
const vector<SubSample> subSamples = {
- {.numBytesOfClearData = kClearBytes,
- .numBytesOfEncryptedData = kEncryptedBytes
- }};
+ {.numBytesOfClearData = k512SubSampleClearBytes,
+ .numBytesOfEncryptedData = k512SubSampleEncryptedBytes}};
auto sessionId = openSession();
loadKeys(sessionId);
@@ -1164,10 +1165,11 @@
uint32_t byteCount = decrypt(Mode::AES_CTR, &iv[0], subSamples,
noPattern, Status::OK);
- EXPECT_EQ(kClearBytes + kEncryptedBytes, byteCount);
+ EXPECT_EQ(k512SubSampleClearBytes + k512SubSampleEncryptedBytes, byteCount);
closeSession(sessionId);
}
+
/**
* Negative decrypt test. Decrypt without loading keys.
*/
@@ -1175,8 +1177,8 @@
vector<uint8_t> iv(AES_BLOCK_SIZE, 0);
const Pattern noPattern = {0, 0};
const vector<SubSample> subSamples = {
- {.numBytesOfClearData = 256,
- .numBytesOfEncryptedData = 256}};
+ {.numBytesOfClearData = k256SubSampleByteCount,
+ .numBytesOfEncryptedData = k256SubSampleByteCount}};
auto sessionId = openSession();
Status status = cryptoPlugin->setMediaDrmSession(sessionId);
@@ -1188,3 +1190,94 @@
closeSession(sessionId);
}
+
+/**
+ * Helper method to test decryption with invalid keys is returned
+ */
+void DrmHalClearkeyDecryptTest::decryptWithInvalidKeys(
+ hidl_vec<uint8_t>& invalidResponse,
+ vector<uint8_t>& iv,
+ const Pattern& noPattern,
+ const vector<SubSample>& subSamples) {
+ auto sessionId = openSession();
+
+ auto res = drmPlugin->provideKeyResponse(
+ sessionId, invalidResponse,
+ [&](Status status, const hidl_vec<uint8_t>& myKeySetId) {
+ EXPECT_EQ(Status::OK, status);
+ EXPECT_EQ(0u, myKeySetId.size());
+ });
+ ASSERT_OK(res);
+
+ ASSERT_TRUE(cryptoPlugin->setMediaDrmSession(sessionId).isOk());
+
+ uint32_t byteCount = decrypt(Mode::AES_CTR, &iv[0], subSamples,
+ noPattern, Status::ERROR_DRM_NO_LICENSE);
+ EXPECT_EQ(0u, byteCount);
+
+ closeSession(sessionId);
+}
+
+/**
+ * Negative decrypt test. Decrypt with invalid key.
+ */
+TEST_F(DrmHalClearkeyDecryptTest, DecryptWithEmptyKey) {
+ vector<uint8_t> iv(AES_BLOCK_SIZE, 0);
+ const Pattern noPattern = {0, 0};
+ const vector<SubSample> subSamples = {
+ {.numBytesOfClearData = k512SubSampleClearBytes,
+ .numBytesOfEncryptedData = k512SubSampleEncryptedBytes}};
+
+ // base 64 encoded JSON response string, must not contain padding character '='
+ const hidl_string emptyKeyResponse =
+ "{\"keys\":[" \
+ "{" \
+ "\"kty\":\"oct\"" \
+ "\"alg\":\"A128KW2\"" \
+ "\"k\":\"SGVsbG8gRnJpZW5kIQ\"" \
+ "\"kid\":\"Y2xlYXJrZXlrZXlpZDAyAy\"" \
+ "}" \
+ "{" \
+ "\"kty\":\"oct\"," \
+ "\"alg\":\"A128KW2\"" \
+ "\"kid\":\"Y2xlYXJrZXlrZXlpZDAzAy\"," \
+ // empty key follows
+ "\"k\":\"R\"" \
+ "}]" \
+ "}";
+ const size_t kEmptyKeyResponseSize = emptyKeyResponse.size();
+
+ hidl_vec<uint8_t> invalidResponse;
+ invalidResponse.resize(kEmptyKeyResponseSize);
+ memcpy(invalidResponse.data(), emptyKeyResponse.c_str(), kEmptyKeyResponseSize);
+ decryptWithInvalidKeys(invalidResponse, iv, noPattern, subSamples);
+}
+
+/**
+ * Negative decrypt test. Decrypt with a key exceeds AES_BLOCK_SIZE.
+ */
+TEST_F(DrmHalClearkeyDecryptTest, DecryptWithKeyTooLong) {
+ vector<uint8_t> iv(AES_BLOCK_SIZE, 0);
+ const Pattern noPattern = {0, 0};
+ const vector<SubSample> subSamples = {
+ {.numBytesOfClearData = k512SubSampleClearBytes,
+ .numBytesOfEncryptedData = k512SubSampleEncryptedBytes}};
+
+ // base 64 encoded JSON response string, must not contain padding character '='
+ const hidl_string keyTooLongResponse =
+ "{\"keys\":[" \
+ "{" \
+ "\"kty\":\"oct\"," \
+ "\"alg\":\"A128KW2\"" \
+ "\"kid\":\"Y2xlYXJrZXlrZXlpZDAzAy\"," \
+ // key too long
+ "\"k\":\"V2lubmllIHRoZSBwb29oIVdpbm5pZSB0aGUgcG9vaCE=\"" \
+ "}]" \
+ "}";
+ const size_t kKeyTooLongResponseSize = keyTooLongResponse.size();
+
+ hidl_vec<uint8_t> invalidResponse;
+ invalidResponse.resize(kKeyTooLongResponseSize);
+ memcpy(invalidResponse.data(), keyTooLongResponse.c_str(), kKeyTooLongResponseSize);
+ decryptWithInvalidKeys(invalidResponse, iv, noPattern, subSamples);
+}