diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp index 2125d2ff..abe82cd3 100644 --- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp +++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp @@ -38,6 +38,14 @@ using ::testing::WithParamInterface; using ::testing::Range; using ::testing::Values; +// GTest requires PrintTo to be in the same namespace as the thing it prints, +// which is std::vector in this case. +namespace std { +void PrintTo(const vector& value, std::ostream* os) { + *os << wvcdm::b2a_hex(value); +} +} // namespace std + namespace { const size_t kNumKeys = 4; #if defined(TEST_SPEED_MULTIPLIER) // Can slow test time limits when @@ -50,7 +58,7 @@ const int kShortSleep = 1 * kSpeedMultiplier; const int kLongSleep = 2 * kSpeedMultiplier; const uint32_t kDuration = 2 * kSpeedMultiplier; const uint32_t kLongDuration = 5 * kSpeedMultiplier; -} +} // namespace namespace wvoec { @@ -94,6 +102,9 @@ struct PaddedPSTReport { // These are test keyboxes. They will not be accepted by production systems. // By using known keyboxes for these tests, the results for a given set of // inputs to a test are predictable and can be compared to the actual results. +// The first keybox, kTestKeybox, with deviceID "TestKey01" is used for most of +// the tests. It should be loaded by OEMCrypto when OEMCrypto_LoadTestKeybox +// is called. const wvoec_mock::WidevineKeybox kTestKeybox = { // Sample keybox used for test vectors { @@ -1091,12 +1102,11 @@ class Session { "de2ac53ee0fa7ea15fc692cc892acc0090865dc57becacddf362a092dfd3040b"); // Describe the output - uint8_t outputBuffer[256]; - memset(outputBuffer, 0, sizeof(outputBuffer)); + vector outputBuffer(256); OEMCrypto_DestBufferDesc destBuffer; destBuffer.type = OEMCrypto_BufferType_Clear; - destBuffer.buffer.clear.address = outputBuffer; - destBuffer.buffer.clear.max_length = sizeof(outputBuffer); + destBuffer.buffer.clear.address = outputBuffer.data(); + destBuffer.buffer.clear.max_length = outputBuffer.size(); // Decrypt the data sts = OEMCrypto_DecryptCTR( session_id(), &encryptedData[0], encryptedData.size(), true, @@ -1105,23 +1115,19 @@ class Session { // We only have a few errors that we test are reported. if (expected_result == OEMCrypto_SUCCESS) { // No error. ASSERT_EQ(OEMCrypto_SUCCESS, sts); - ASSERT_EQ( - 0, memcmp(&unencryptedData[0], outputBuffer, unencryptedData.size())); + ASSERT_EQ(unencryptedData, outputBuffer); } else if (expected_result == OEMCrypto_ERROR_KEY_EXPIRED) { // Report stale keys. ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED, sts); - ASSERT_NE( - 0, memcmp(&unencryptedData[0], outputBuffer, unencryptedData.size())); + ASSERT_NE(unencryptedData, outputBuffer); } else if (expected_result == OEMCrypto_ERROR_INSUFFICIENT_HDCP) { // Report HDCP errors. ASSERT_EQ(OEMCrypto_ERROR_INSUFFICIENT_HDCP, sts); - ASSERT_NE( - 0, memcmp(&unencryptedData[0], outputBuffer, unencryptedData.size())); + ASSERT_NE(unencryptedData, outputBuffer); } else { // OEM's can fine tune other error codes for debugging. ASSERT_NE(OEMCrypto_SUCCESS, sts); - ASSERT_NE( - 0, memcmp(&unencryptedData[0], outputBuffer, unencryptedData.size())); + ASSERT_NE(unencryptedData, outputBuffer); } } @@ -1151,15 +1157,13 @@ class Session { NULL, &gen_signature_length); ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, sts); ASSERT_EQ(static_cast(32), gen_signature_length); - static const uint32_t SignatureBufferMaxLength = 256; - uint8_t gen_signature[SignatureBufferMaxLength]; + vector gen_signature(gen_signature_length); sts = OEMCrypto_GenerateSignature(session_id(), &context[0], context.size(), - gen_signature, &gen_signature_length); + &gen_signature[0], &gen_signature_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); std::vector expected_signature; ClientSignMessage(context, &expected_signature); - ASSERT_EQ(0, memcmp(&expected_signature[0], gen_signature, - expected_signature.size())); + ASSERT_EQ(expected_signature, gen_signature); // Rewrap Canned Response @@ -1301,7 +1305,7 @@ class Session { return false; } - void VerifyRSASignature(const uint8_t* message, size_t message_length, + void VerifyRSASignature(const vector& message, const uint8_t* signature, size_t signature_length, RSA_Padding_Scheme padding_scheme) { EXPECT_TRUE(NULL != public_rsa_) @@ -1314,18 +1318,20 @@ class Session { EVP_PKEY *pkey = EVP_PKEY_new(); ASSERT_TRUE(EVP_PKEY_set1_RSA(pkey, public_rsa_) == 1); - const bool ok = VerifyPSSSignature(pkey, message, message_length, + const bool ok = VerifyPSSSignature(pkey, &message[0], message.size(), signature, signature_length); EVP_PKEY_free(pkey); - EXPECT_TRUE(ok) << "PSS signature check failed"; + EXPECT_TRUE(ok) << "PSS signature check failed."; } else if (padding_scheme == kSign_PKCS1_Block1) { - uint8_t padded_digest[signature_length]; - int status; + vector padded_digest(signature_length); + int size; // RSA_public_decrypt decrypts the signature, and then verifies that // it was padded with RSA PKCS1 padding. - status = RSA_public_decrypt(signature_length, signature, padded_digest, + size = RSA_public_decrypt(signature_length, signature, &padded_digest[0], public_rsa_, RSA_PKCS1_PADDING); - EXPECT_EQ(0, memcmp(message, padded_digest, message_length)); + EXPECT_GT(size, 0); + padded_digest.resize(size); + EXPECT_EQ(message, padded_digest); } else { EXPECT_TRUE(false) << "Padding scheme not supported."; } @@ -1396,12 +1402,12 @@ class Session { return; } ASSERT_EQ(OEMCrypto_SUCCESS, sts); - uint8_t computed_signature[SHA_DIGEST_LENGTH]; + vector computed_signature(SHA_DIGEST_LENGTH); unsigned int sig_len = SHA_DIGEST_LENGTH; HMAC(EVP_sha1(), &mac_key_client_[0], mac_key_client_.size(), reinterpret_cast(&pst_report_.report) + SHA_DIGEST_LENGTH, - length - SHA_DIGEST_LENGTH, computed_signature, &sig_len); - EXPECT_EQ(0, memcmp(computed_signature, pst_report_.report.signature, + length - SHA_DIGEST_LENGTH, &computed_signature[0], &sig_len); + EXPECT_EQ(0, memcmp(&computed_signature[0], pst_report_.report.signature, SHA_DIGEST_LENGTH)); EXPECT_GE(kInactive, pst_report_.report.status); EXPECT_GE(kHardwareSecureClock, pst_report_.report.clock_security_level); @@ -1619,7 +1625,7 @@ TEST_F(OEMCryptoClientTest, TwoSessionsOpenClose) { // This test should still pass for API v9. A better test is below, but it only // works for API v10. TEST_F(OEMCryptoClientTest, EightSessionsOpenClose) { - Session s[8]; + vector s(8); for (int i = 0; i < 8; i++) { s[i].open(); ASSERT_EQ(OEMCrypto_SUCCESS, s[i].getStatus()); @@ -1787,35 +1793,35 @@ TEST_F(OEMCryptoClientTest, PreventNonceFlood3) { TEST_F(OEMCryptoClientTest, ClearCopyTestAPI10) { const int kDataSize = 256; - uint8_t input_buffer[kDataSize]; - OEMCrypto_GetRandom(input_buffer, sizeof(input_buffer)); - uint8_t output_buffer[kDataSize]; + vector input_buffer(kDataSize); + OEMCrypto_GetRandom(&input_buffer[0], input_buffer.size()); + vector output_buffer(kDataSize); OEMCrypto_DestBufferDesc dest_buffer; dest_buffer.type = OEMCrypto_BufferType_Clear; - dest_buffer.buffer.clear.address = output_buffer; - dest_buffer.buffer.clear.max_length = sizeof(output_buffer); + dest_buffer.buffer.clear.address = &output_buffer[0]; + dest_buffer.buffer.clear.max_length = output_buffer.size(); ASSERT_EQ(OEMCrypto_SUCCESS, - OEMCrypto_CopyBuffer(input_buffer, sizeof(input_buffer), + OEMCrypto_CopyBuffer(&input_buffer[0], input_buffer.size(), &dest_buffer, OEMCrypto_FirstSubsample | OEMCrypto_LastSubsample)); - ASSERT_EQ(0, memcmp(input_buffer, output_buffer, sizeof(input_buffer))); + ASSERT_EQ(input_buffer, output_buffer); ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT, - OEMCrypto_CopyBuffer(NULL, sizeof(input_buffer), + OEMCrypto_CopyBuffer(NULL, input_buffer.size(), &dest_buffer, OEMCrypto_FirstSubsample | OEMCrypto_LastSubsample)); ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT, - OEMCrypto_CopyBuffer(input_buffer, sizeof(input_buffer), + OEMCrypto_CopyBuffer(&input_buffer[0], input_buffer.size(), NULL, OEMCrypto_FirstSubsample | OEMCrypto_LastSubsample)); dest_buffer.buffer.clear.address = NULL; ASSERT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT, - OEMCrypto_CopyBuffer(input_buffer, sizeof(input_buffer), + OEMCrypto_CopyBuffer(&input_buffer[0], input_buffer.size(), &dest_buffer, OEMCrypto_FirstSubsample | OEMCrypto_LastSubsample)); - dest_buffer.buffer.clear.address = output_buffer; - dest_buffer.buffer.clear.max_length = sizeof(output_buffer) - 1; + dest_buffer.buffer.clear.address = &output_buffer[0]; + dest_buffer.buffer.clear.max_length = output_buffer.size() - 1; ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, - OEMCrypto_CopyBuffer(input_buffer, sizeof(input_buffer), + OEMCrypto_CopyBuffer(&input_buffer[0], input_buffer.size(), &dest_buffer, OEMCrypto_FirstSubsample | OEMCrypto_LastSubsample)); } @@ -1979,22 +1985,21 @@ TEST_F(OEMCryptoSessionTestKeyboxTest, GenerateSignature) { "38373430350000"); static const uint32_t SignatureBufferMaxLength = 256; - uint8_t signature[SignatureBufferMaxLength]; - size_t signature_length = SignatureBufferMaxLength; + vector signature(SignatureBufferMaxLength); + size_t signature_length = signature.size(); OEMCryptoResult sts; sts = OEMCrypto_GenerateSignature(s.session_id(), &context[0], context.size(), - signature, &signature_length); - + &signature[0], &signature_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); static const uint32_t SignatureExpectedLength = 32; ASSERT_EQ(signature_length, SignatureExpectedLength); + signature.resize(signature_length); std::vector expected_signature; s.ClientSignMessage(context, &expected_signature); - ASSERT_EQ(0, memcmp(&expected_signature[0], signature, - expected_signature.size())); + ASSERT_EQ(expected_signature, signature); } TEST_F(OEMCryptoSessionTests, LoadKeyNoNonce) { @@ -2031,22 +2036,22 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithNoMAC) { "38373430350000"); static const uint32_t SignatureBufferMaxLength = 256; - uint8_t signature[SignatureBufferMaxLength]; - size_t signature_length = SignatureBufferMaxLength; + vector signature(SignatureBufferMaxLength); + size_t signature_length = signature.size(); OEMCryptoResult sts; sts = OEMCrypto_GenerateSignature(s.session_id(), &context[0], context.size(), - signature, &signature_length); + &signature[0], &signature_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); static const uint32_t SignatureExpectedLength = 32; ASSERT_EQ(signature_length, SignatureExpectedLength); + signature.resize(signature_length); std::vector expected_signature; s.ClientSignMessage(context, &expected_signature); - ASSERT_EQ( - 0, memcmp(&expected_signature[0], signature, expected_signature.size())); + ASSERT_EQ(expected_signature, signature); } /* The Bad Range tests verify that OEMCrypto_LoadKeys checks the range @@ -2452,7 +2457,7 @@ class OEMCryptoSessionTestsDecryptEdgeCases : public OEMCryptoSessionTests { // ourselves. void ctr128_inc64(int64_t increaseBy, uint8_t* iv) { uint64_t* counterBuffer = reinterpret_cast(&iv[8]); - (*counterBuffer) = wvcdm::ntohll64(wvcdm::ntohll64(*counterBuffer) + + (*counterBuffer) = wvcdm::htonll64(wvcdm::ntohll64(*counterBuffer) + increaseBy); } @@ -2504,10 +2509,8 @@ class OEMCryptoSessionTestsDecryptEdgeCases : public OEMCryptoSessionTests { sts = OEMCrypto_SelectKey(s.session_id(), &keyId[0], keyId.size()); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - // We decrypt three subsamples, each with a block offset. + // We decrypt three subsamples. each with a block offset. vector outputBuffer(total_size, 0xaa); - // buffer_offset is the offset of the current subsample from the beginning - // of the whole sample's buffer. size_t buffer_offset = 0; for(size_t i=0; i < subsample_size.size(); i++) { const size_t block_offset = buffer_offset % AES_BLOCK_SIZE; @@ -2519,13 +2522,10 @@ class OEMCryptoSessionTestsDecryptEdgeCases : public OEMCryptoSessionTests { OEMCrypto_DestBufferDesc destBuffer; destBuffer.type = OEMCrypto_BufferType_Clear; destBuffer.buffer.clear.address = &outputBuffer[buffer_offset]; - destBuffer.buffer.clear.max_length = subsample_size[i]; + destBuffer.buffer.clear.max_length = total_size-buffer_offset; uint8_t aes_iv[AES_BLOCK_SIZE]; - // encryptionIv is the IV for the beginning of the whole sample. memcpy(aes_iv, &encryptionIv[0], AES_BLOCK_SIZE); - // iv_increment is the number of blocks from the beginning of the sample. size_t iv_increment = buffer_offset / AES_BLOCK_SIZE; - // Their sum is the IV for the block at the beginning of this subsample. ctr128_inc64(iv_increment, aes_iv); sts = OEMCrypto_DecryptCTR( s.session_id(), &encryptedData[buffer_offset], subsample_size[i], @@ -2533,12 +2533,11 @@ class OEMCryptoSessionTestsDecryptEdgeCases : public OEMCryptoSessionTests { ASSERT_EQ(OEMCrypto_SUCCESS, sts); buffer_offset += subsample_size[i]; } - EXPECT_EQ(0, memcmp(&unencryptedData[0], &outputBuffer[0], total_size)); + EXPECT_EQ(unencryptedData, outputBuffer); // If there was a problem, compare the outputBuffer at the offset with the // correct data at 0. A common error is to ignore the offset when // decrypting. - if (0 != memcmp(&unencryptedData[0], &outputBuffer[0], total_size) - && 2*subsample_size[0] < total_size + if (unencryptedData != outputBuffer && 2*subsample_size[0] < total_size && 0 == memcmp(&unencryptedData[0], &outputBuffer[subsample_size[0]], subsample_size[0])){ printf("The first %zd bytes are repeating. This is an indication \n", @@ -2554,9 +2553,9 @@ TEST_F(OEMCryptoSessionTestsDecryptEdgeCases, EvenOffset) { subsample_size.push_back(32); subsample_size.push_back(50); const size_t total_size = FindTotalSize(subsample_size); - vector unencryptedData(total_size, 0); - vector encryptedData(total_size, 0); - vector encryptionIv(AES_BLOCK_SIZE, 0); + vector unencryptedData(total_size); + vector encryptedData(total_size); + vector encryptionIv(AES_BLOCK_SIZE); vector key = wvcdm::a2b_hex("39AD33E5719656069F9EDE9EBBA7A77D"); // Note: DecryptCTR is self-inverse -- ie it's the same as EncryptCTR. // So we can pick the encrypted data and compute the unencrypted data if we @@ -2574,9 +2573,9 @@ TEST_F(OEMCryptoSessionTestsDecryptEdgeCases, NoOffset) { subsample_size.push_back(64); subsample_size.push_back(64); const size_t total_size = FindTotalSize(subsample_size); - vector unencryptedData(total_size, 0); - vector encryptedData(total_size, 0); - vector encryptionIv(AES_BLOCK_SIZE, 0); + vector unencryptedData(total_size); + vector encryptedData(total_size); + vector encryptionIv(AES_BLOCK_SIZE); encryptionIv = wvcdm::a2b_hex("c09454479a280829c946df3c22f25539"); for(size_t i=0; i < total_size; i++) unencryptedData[i] = i % 256; vector key = wvcdm::a2b_hex("39AD33E5719656069F9EDE9EBBA7A77D"); @@ -2594,9 +2593,9 @@ TEST_F(OEMCryptoSessionTestsDecryptEdgeCases, OddOffset) { subsample_size.push_back(75); subsample_size.push_back(25); const size_t total_size = FindTotalSize(subsample_size); - vector unencryptedData(total_size, 0); - vector encryptedData(total_size, 0); - vector encryptionIv(AES_BLOCK_SIZE, 0); + vector unencryptedData(total_size); + vector encryptedData(total_size); + vector encryptionIv(AES_BLOCK_SIZE); encryptionIv = wvcdm::a2b_hex("c09454479a280829c946df3c22f25539"); for(size_t i=0; i < total_size; i++) unencryptedData[i] = i % 256; vector key = wvcdm::a2b_hex("39AD33E5719656069F9EDE9EBBA7A77D"); @@ -2609,9 +2608,9 @@ TEST_F(OEMCryptoSessionTestsDecryptEdgeCases, DecryptWithNearWrap) { vector subsample_size; subsample_size.push_back(150); const size_t total_size = FindTotalSize(subsample_size); - vector unencryptedData(total_size, 0); - vector encryptedData(total_size, 0); - vector encryptionIv(AES_BLOCK_SIZE, 0); + vector unencryptedData(total_size); + vector encryptedData(total_size); + vector encryptionIv(AES_BLOCK_SIZE); encryptionIv = wvcdm::a2b_hex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"); for(size_t i=0; i < total_size; i++) unencryptedData[i] = i % 256; vector key = wvcdm::a2b_hex("39AD33E5719656069F9EDE9EBBA7A77D"); @@ -2650,11 +2649,11 @@ TEST_F(OEMCryptoSessionTests, DecryptUnencrypted) { "49fc3efaaf614ed81d595847b928edd0"); // Describe the output - uint8_t outputBuffer[256]; + vector outputBuffer(256); OEMCrypto_DestBufferDesc destBuffer; destBuffer.type = OEMCrypto_BufferType_Clear; - destBuffer.buffer.clear.address = outputBuffer; - destBuffer.buffer.clear.max_length = sizeof(outputBuffer); + destBuffer.buffer.clear.address = &outputBuffer[0]; + destBuffer.buffer.clear.max_length = outputBuffer.size(); // Decrypt the data sts = OEMCrypto_DecryptCTR( @@ -2662,8 +2661,7 @@ TEST_F(OEMCryptoSessionTests, DecryptUnencrypted) { &encryptionIv[0], 0, &destBuffer, OEMCrypto_FirstSubsample | OEMCrypto_LastSubsample); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - ASSERT_EQ(0, memcmp(&unencryptedData[0], outputBuffer, - unencryptedData.size())); + ASSERT_EQ(unencryptedData, outputBuffer); } TEST_F(OEMCryptoSessionTests, DecryptUnencryptedNoKey) { @@ -2686,11 +2684,11 @@ TEST_F(OEMCryptoSessionTests, DecryptUnencryptedNoKey) { "49fc3efaaf614ed81d595847b928edd0"); // Describe the output - uint8_t outputBuffer[256]; + vector outputBuffer(256); OEMCrypto_DestBufferDesc destBuffer; destBuffer.type = OEMCrypto_BufferType_Clear; - destBuffer.buffer.clear.address = outputBuffer; - destBuffer.buffer.clear.max_length = sizeof(outputBuffer); + destBuffer.buffer.clear.address = &outputBuffer[0]; + destBuffer.buffer.clear.max_length = outputBuffer.size(); // Decrypt the data sts = OEMCrypto_DecryptCTR( @@ -2698,8 +2696,7 @@ TEST_F(OEMCryptoSessionTests, DecryptUnencryptedNoKey) { &encryptionIv[0], 0, &destBuffer, OEMCrypto_FirstSubsample | OEMCrypto_LastSubsample); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - ASSERT_EQ(0, memcmp(&unencryptedData[0], outputBuffer, - unencryptedData.size())); + ASSERT_EQ(unencryptedData, outputBuffer); } TEST_F(OEMCryptoSessionTests, DecryptSecureToClear) { @@ -3019,8 +3016,8 @@ TEST_F(OEMCryptoUsesCertificate, RSASignature) { // In the real world, the signature above would just have been used to contact // the license server to get this response. session_.PreparePublicKey(); - session_.VerifyRSASignature(&licenseRequest[0], licenseRequest.size(), signature, - signature_length, kSign_RSASSA_PSS); + session_.VerifyRSASignature(licenseRequest, signature, signature_length, + kSign_RSASSA_PSS); } // This test attempts to use alternate algorithms for loaded device certs. @@ -3038,28 +3035,24 @@ class OEMCryptoLoadsCertificateAlternates : public OEMCryptoLoadsCertificate { vector licenseRequest(size); OEMCrypto_GetRandom(&licenseRequest[0], licenseRequest.size()); size_t signature_length = 256; - uint8_t* signature = new uint8_t[signature_length]; - memset(signature, 0, signature_length); + vector signature(signature_length); sts = OEMCrypto_GenerateRSASignature(s.session_id(), &licenseRequest[0], - licenseRequest.size(), signature, + licenseRequest.size(), &signature[0], &signature_length, scheme); // Allow OEMCrypto to request a full buffer. if (sts == OEMCrypto_ERROR_SHORT_BUFFER) { ASSERT_NE(static_cast(0), signature_length); - delete[] signature; - signature = new uint8_t[signature_length]; - memset(signature, 0, signature_length); + signature.assign(signature_length, 0); sts = OEMCrypto_GenerateRSASignature(s.session_id(), &licenseRequest[0], - licenseRequest.size(), signature, + licenseRequest.size(), &signature[0], &signature_length, scheme); } ASSERT_NE(OEMCrypto_SUCCESS, sts) << "Signed with forbidden padding scheme=" << (int)scheme << ", size=" << (int)size; - ASSERT_EQ(signature[0], 0); // signature should not be computed. - ASSERT_EQ(memcmp(signature, signature + 1, signature_length - 1), 0); - delete[] signature; + vector zero(signature_length, 0); + ASSERT_EQ(zero, signature); // signature should not be computed. } void TestSignature(RSA_Padding_Scheme scheme, size_t size) { @@ -3088,8 +3081,7 @@ class OEMCryptoLoadsCertificateAlternates : public OEMCryptoLoadsCertificate { << "Failed to sign with padding scheme=" << (int)scheme << ", size=" << (int)size; s.PreparePublicKey(); - s.VerifyRSASignature(&licenseRequest[0], licenseRequest.size(), signature, - signature_length, scheme); + s.VerifyRSASignature(licenseRequest, signature, signature_length, scheme); delete[] signature; } @@ -3316,28 +3308,24 @@ class OEMCryptoCastReceiverTest : public OEMCryptoLoadsCertificate { vector licenseRequest(size); OEMCrypto_GetRandom(&licenseRequest[0], licenseRequest.size()); size_t signature_length = 256; - uint8_t* signature = new uint8_t[signature_length]; - memset(signature, 0, signature_length); + vector signature(signature_length); sts = OEMCrypto_GenerateRSASignature(s.session_id(), &licenseRequest[0], - licenseRequest.size(), signature, + licenseRequest.size(), &signature[0], &signature_length, scheme); // Allow OEMCrypto to request a full buffer. if (sts == OEMCrypto_ERROR_SHORT_BUFFER) { ASSERT_NE(static_cast(0), signature_length); - delete[] signature; - signature = new uint8_t[signature_length]; - memset(signature, 0, signature_length); + signature.assign(signature_length, 0); sts = OEMCrypto_GenerateRSASignature(s.session_id(), &licenseRequest[0], - licenseRequest.size(), signature, + licenseRequest.size(), &signature[0], &signature_length, scheme); } ASSERT_NE(OEMCrypto_SUCCESS, sts) << "Signed with forbidden padding scheme=" << (int)scheme << ", size=" << (int)size; - ASSERT_EQ(signature[0], 0); // signature should not be computed. - ASSERT_EQ(memcmp(signature, signature + 1, signature_length - 1), 0); - delete[] signature; + vector zero(signature_length, 0); + ASSERT_EQ(zero, signature); // signature should not be computed. } // This is used to test a signature from the file pkcs1v15sign-vectors.txt. @@ -3371,9 +3359,9 @@ class OEMCryptoCastReceiverTest : public OEMCryptoLoadsCertificate { ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, sts); ASSERT_NE(static_cast(0), signature_length); - uint8_t* signature = new uint8_t[signature_length]; + vector signature(signature_length); sts = OEMCrypto_GenerateRSASignature(s.session_id(), &digest[0], - digest.size(), signature, + digest.size(), &signature[0], &signature_length, scheme); ASSERT_EQ(OEMCrypto_SUCCESS, sts) @@ -3383,15 +3371,14 @@ class OEMCryptoCastReceiverTest : public OEMCryptoLoadsCertificate { // Verify that the signature matches the official test vector. ASSERT_EQ(correct_signature.size(), signature_length); - ASSERT_EQ(0, memcmp(&correct_signature[0], signature, signature_length)); + signature.resize(signature_length); + ASSERT_EQ(correct_signature, signature); // Also verify that our verification algorithm agrees. This is not needed // to test OEMCrypto, but it does verify that this test is valid. - s.VerifyRSASignature(&digest[0], digest.size(), signature, signature_length, - scheme); - s.VerifyRSASignature(&digest[0], digest.size(), &correct_signature[0], + s.VerifyRSASignature(digest, &signature[0], signature_length, scheme); + s.VerifyRSASignature(digest, &correct_signature[0], correct_signature.size(), scheme); - delete[] signature; } void LoadWithAllowedSchemes(uint32_t schemes, bool force) { @@ -4123,8 +4110,8 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_20) { class GenericCryptoTest : public OEMCryptoSessionTests { protected: static const size_t kBufferSize = 160; // multiple of encryption block size. - uint8_t clear_buffer_[kBufferSize]; - uint8_t encrypted_buffer_[kBufferSize]; + vector clear_buffer_; + vector encrypted_buffer_; uint8_t iv_[wvcdm::KEY_IV_SIZE]; void MakeFourKeys(Session* s, uint32_t duration = kDuration, @@ -4143,7 +4130,8 @@ class GenericCryptoTest : public OEMCryptoSessionTests { s->license().keys[2].key_data_length = wvcdm::MAC_KEY_SIZE; s->license().keys[3].key_data_length = wvcdm::MAC_KEY_SIZE; - for (size_t i = 0; i < kBufferSize; i++) { + clear_buffer_.assign(kBufferSize, 0); + for (size_t i = 0; i < clear_buffer_.size(); i++) { clear_buffer_[i] = 1 + i % 250; } for (size_t i = 0; i < wvcdm::KEY_IV_SIZE; i++) { @@ -4152,22 +4140,29 @@ class GenericCryptoTest : public OEMCryptoSessionTests { } void EncryptBuffer(Session* s, unsigned int key_index, - const uint8_t* in_buffer, uint8_t* out_buffer) { + const vector& in_buffer, + vector* out_buffer) { AES_KEY aes_key; ASSERT_EQ(0, AES_set_encrypt_key(s->license().keys[key_index].key_data, AES_BLOCK_SIZE * 8, &aes_key)); uint8_t iv_buffer[wvcdm::KEY_IV_SIZE]; memcpy(iv_buffer, iv_, wvcdm::KEY_IV_SIZE); - AES_cbc_encrypt(in_buffer, out_buffer, kBufferSize, &aes_key, iv_buffer, - AES_ENCRYPT); + out_buffer->resize(in_buffer.size()); + ASSERT_GT(in_buffer.size(), 0); + ASSERT_EQ(0, in_buffer.size() % AES_BLOCK_SIZE); + AES_cbc_encrypt(&in_buffer[0], out_buffer->data(), in_buffer.size(), + &aes_key, iv_buffer, AES_ENCRYPT); } // Sign the buffer with the specified key. - void SignBuffer(Session* s, unsigned int key_index, const uint8_t* in_buffer, - uint8_t signature[SHA256_DIGEST_LENGTH]) { + void SignBuffer(Session* s, unsigned int key_index, + const vector& in_buffer, + vector* signature) { unsigned int md_len = SHA256_DIGEST_LENGTH; + signature->resize(SHA256_DIGEST_LENGTH); HMAC(EVP_sha256(), s->license().keys[key_index].key_data, - wvcdm::MAC_KEY_SIZE, in_buffer, kBufferSize, signature, &md_len); + wvcdm::MAC_KEY_SIZE, &in_buffer[0], in_buffer.size(), + signature->data(), &md_len); } void BadEncrypt(unsigned int key_index, OEMCrypto_Algorithm algorithm, @@ -4179,16 +4174,17 @@ class GenericCryptoTest : public OEMCryptoSessionTests { MakeFourKeys(&s); s.EncryptAndSign(); s.LoadTestKeys(); - uint8_t expected_encrypted[kBufferSize]; - EncryptBuffer(&s, key_index, clear_buffer_, expected_encrypted); + vector expected_encrypted; + EncryptBuffer(&s, key_index, clear_buffer_, &expected_encrypted); sts = OEMCrypto_SelectKey( s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - uint8_t encrypted[kBufferSize]; - sts = OEMCrypto_Generic_Encrypt(s.session_id(), clear_buffer_, - buffer_length, iv_, algorithm, encrypted); + vector encrypted(buffer_length); + sts = OEMCrypto_Generic_Encrypt(s.session_id(), &clear_buffer_[0], + buffer_length, iv_, algorithm, &encrypted[0]); ASSERT_NE(OEMCrypto_SUCCESS, sts); - ASSERT_NE(0, memcmp(encrypted, expected_encrypted, buffer_length)); + expected_encrypted.resize(buffer_length); + ASSERT_NE(encrypted, expected_encrypted); } void BadDecrypt(unsigned int key_index, OEMCrypto_Algorithm algorithm, @@ -4200,16 +4196,16 @@ class GenericCryptoTest : public OEMCryptoSessionTests { MakeFourKeys(&s); s.EncryptAndSign(); s.LoadTestKeys(); - uint8_t encrypted[kBufferSize]; - EncryptBuffer(&s, key_index, clear_buffer_, encrypted); + vector encrypted; + EncryptBuffer(&s, key_index, clear_buffer_, &encrypted); sts = OEMCrypto_SelectKey( s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - uint8_t resultant[kBufferSize]; - sts = OEMCrypto_Generic_Decrypt(s.session_id(), encrypted, buffer_length, - iv_, algorithm, resultant); + vector resultant(encrypted.size()); + sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], buffer_length, + iv_, algorithm, &resultant[0]); ASSERT_NE(OEMCrypto_SUCCESS, sts); - ASSERT_NE(0, memcmp(clear_buffer_, resultant, buffer_length)); + ASSERT_NE(clear_buffer_, resultant); } void BadSign(unsigned int key_index, OEMCrypto_Algorithm algorithm) { @@ -4220,18 +4216,19 @@ class GenericCryptoTest : public OEMCryptoSessionTests { MakeFourKeys(&s); s.EncryptAndSign(); s.LoadTestKeys(); - uint8_t expected_signature[SHA256_DIGEST_LENGTH]; - SignBuffer(&s, key_index, clear_buffer_, expected_signature); + vector expected_signature; + SignBuffer(&s, key_index, clear_buffer_, &expected_signature); sts = OEMCrypto_SelectKey( s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); ASSERT_EQ(OEMCrypto_SUCCESS, sts); size_t signature_length = (size_t)SHA256_DIGEST_LENGTH; - uint8_t signature[SHA256_DIGEST_LENGTH]; - sts = OEMCrypto_Generic_Sign(s.session_id(), clear_buffer_, kBufferSize, - algorithm, signature, &signature_length); + vector signature(SHA256_DIGEST_LENGTH); + sts = OEMCrypto_Generic_Sign(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), algorithm, + &signature[0], &signature_length); ASSERT_NE(OEMCrypto_SUCCESS, sts); - ASSERT_NE(0, memcmp(signature, expected_signature, SHA256_DIGEST_LENGTH)); + ASSERT_NE(signature, expected_signature); } void BadVerify(unsigned int key_index, OEMCrypto_Algorithm algorithm, @@ -4243,8 +4240,8 @@ class GenericCryptoTest : public OEMCryptoSessionTests { MakeFourKeys(&s); s.EncryptAndSign(); s.LoadTestKeys(); - uint8_t signature[SHA256_DIGEST_LENGTH]; - SignBuffer(&s, key_index, clear_buffer_, signature); + vector signature; + SignBuffer(&s, key_index, clear_buffer_, &signature); if (alter_data) { signature[0] ^= 42; } @@ -4252,8 +4249,9 @@ class GenericCryptoTest : public OEMCryptoSessionTests { sts = OEMCrypto_SelectKey( s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - sts = OEMCrypto_Generic_Verify(s.session_id(), clear_buffer_, kBufferSize, - algorithm, signature, signature_size); + sts = OEMCrypto_Generic_Verify(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), algorithm, + &signature[0], signature_size); ASSERT_NE(OEMCrypto_SUCCESS, sts); } }; @@ -4276,17 +4274,17 @@ TEST_F(GenericCryptoTest, GenericKeyEncrypt) { s.EncryptAndSign(); s.LoadTestKeys(); unsigned int key_index = 0; - uint8_t expected_encrypted[kBufferSize]; - EncryptBuffer(&s, key_index, clear_buffer_, expected_encrypted); + vector expected_encrypted; + EncryptBuffer(&s, key_index, clear_buffer_, &expected_encrypted); sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - uint8_t encrypted[kBufferSize]; - sts = - OEMCrypto_Generic_Encrypt(s.session_id(), clear_buffer_, kBufferSize, iv_, - OEMCrypto_AES_CBC_128_NO_PADDING, encrypted); + vector encrypted(clear_buffer_.size()); + sts = OEMCrypto_Generic_Encrypt(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), iv_, + OEMCrypto_AES_CBC_128_NO_PADDING, &encrypted[0]); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - ASSERT_EQ(0, memcmp(encrypted, expected_encrypted, kBufferSize)); + ASSERT_EQ(encrypted, expected_encrypted); } TEST_F(GenericCryptoTest, GenericKeyBadEncrypt) { @@ -4306,16 +4304,17 @@ TEST_F(GenericCryptoTest, GenericKeyDecrypt) { s.EncryptAndSign(); s.LoadTestKeys(); unsigned int key_index = 1; - uint8_t encrypted[kBufferSize]; - EncryptBuffer(&s, key_index, clear_buffer_, encrypted); + vector encrypted; + EncryptBuffer(&s, key_index, clear_buffer_, &encrypted); sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - uint8_t resultant[kBufferSize]; - sts = OEMCrypto_Generic_Decrypt(s.session_id(), encrypted, kBufferSize, iv_, - OEMCrypto_AES_CBC_128_NO_PADDING, resultant); + vector resultant(encrypted.size()); + sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], encrypted.size(), + iv_, OEMCrypto_AES_CBC_128_NO_PADDING, + &resultant[0]); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - ASSERT_EQ(0, memcmp(clear_buffer_, resultant, kBufferSize)); + ASSERT_EQ(clear_buffer_, resultant); } TEST_F(GenericCryptoTest, GenericSecureToClear) { @@ -4329,16 +4328,17 @@ TEST_F(GenericCryptoTest, GenericSecureToClear) { s.EncryptAndSign(); s.LoadTestKeys(); unsigned int key_index = 1; - uint8_t encrypted[kBufferSize]; - EncryptBuffer(&s, key_index, clear_buffer_, encrypted); + vector encrypted; + EncryptBuffer(&s, key_index, clear_buffer_, &encrypted); sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - uint8_t resultant[kBufferSize]; - sts = OEMCrypto_Generic_Decrypt(s.session_id(), encrypted, kBufferSize, iv_, - OEMCrypto_AES_CBC_128_NO_PADDING, resultant); + vector resultant(encrypted.size()); + sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], encrypted.size(), + iv_, OEMCrypto_AES_CBC_128_NO_PADDING, + &resultant[0]); ASSERT_NE(OEMCrypto_SUCCESS, sts); - ASSERT_NE(0, memcmp(clear_buffer_, resultant, kBufferSize)); + ASSERT_NE(clear_buffer_, resultant); } TEST_F(GenericCryptoTest, GenericKeyBadDecrypt) { @@ -4358,24 +4358,24 @@ TEST_F(GenericCryptoTest, GenericKeySign) { s.EncryptAndSign(); s.LoadTestKeys(); unsigned int key_index = 2; - uint8_t expected_signature[SHA256_DIGEST_LENGTH]; - SignBuffer(&s, key_index, clear_buffer_, expected_signature); + vector expected_signature; + SignBuffer(&s, key_index, clear_buffer_, &expected_signature); sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); ASSERT_EQ(OEMCrypto_SUCCESS, sts); size_t gen_signature_length = 0; - sts = OEMCrypto_Generic_Sign(s.session_id(), clear_buffer_, kBufferSize, - OEMCrypto_HMAC_SHA256, NULL, - &gen_signature_length); + sts = OEMCrypto_Generic_Sign(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + NULL, &gen_signature_length); ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, sts); ASSERT_EQ(static_cast(SHA256_DIGEST_LENGTH), gen_signature_length); - uint8_t signature[SHA256_DIGEST_LENGTH]; - sts = OEMCrypto_Generic_Sign(s.session_id(), clear_buffer_, kBufferSize, - OEMCrypto_HMAC_SHA256, signature, - &gen_signature_length); + vector signature(SHA256_DIGEST_LENGTH); + sts = OEMCrypto_Generic_Sign(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + &signature[0], &gen_signature_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - ASSERT_EQ(0, memcmp(signature, expected_signature, SHA256_DIGEST_LENGTH)); + ASSERT_EQ(signature, expected_signature); } TEST_F(GenericCryptoTest, GenericKeyBadSign) { @@ -4394,15 +4394,15 @@ TEST_F(GenericCryptoTest, GenericKeyVerify) { s.EncryptAndSign(); s.LoadTestKeys(); unsigned int key_index = 3; - uint8_t signature[SHA256_DIGEST_LENGTH]; - SignBuffer(&s, key_index, clear_buffer_, signature); + vector signature; + SignBuffer(&s, key_index, clear_buffer_, &signature); sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - sts = OEMCrypto_Generic_Verify(s.session_id(), clear_buffer_, kBufferSize, - OEMCrypto_HMAC_SHA256, signature, - SHA256_DIGEST_LENGTH); + sts = OEMCrypto_Generic_Verify(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + &signature[0], signature.size()); ASSERT_EQ(OEMCrypto_SUCCESS, sts); } @@ -4425,31 +4425,32 @@ TEST_F(GenericCryptoTest, KeyDurationEncrypt) { s.EncryptAndSign(); s.LoadTestKeys(); - uint8_t expected_encrypted[kBufferSize]; - EncryptBuffer(&s, 0, clear_buffer_, expected_encrypted); + vector expected_encrypted; + EncryptBuffer(&s, 0, clear_buffer_, &expected_encrypted); unsigned int key_index = 0; - uint8_t encrypted[kBufferSize]; + vector encrypted(clear_buffer_.size()); sleep(kShortSleep); // Should still be valid key. - memset(encrypted, 0, kBufferSize); sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); ASSERT_EQ(OEMCrypto_SUCCESS, sts); sts = - OEMCrypto_Generic_Encrypt(s.session_id(), clear_buffer_, kBufferSize, iv_, - OEMCrypto_AES_CBC_128_NO_PADDING, encrypted); + OEMCrypto_Generic_Encrypt(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), iv_, + OEMCrypto_AES_CBC_128_NO_PADDING, &encrypted[0]); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - ASSERT_EQ(0, memcmp(encrypted, expected_encrypted, kBufferSize)); + ASSERT_EQ(encrypted, expected_encrypted); sleep(kLongSleep); // Should be expired key. - memset(encrypted, 0, kBufferSize); + encrypted.assign(clear_buffer_.size(), 0); sts = - OEMCrypto_Generic_Encrypt(s.session_id(), clear_buffer_, kBufferSize, iv_, - OEMCrypto_AES_CBC_128_NO_PADDING, encrypted); + OEMCrypto_Generic_Encrypt(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), iv_, + OEMCrypto_AES_CBC_128_NO_PADDING, &encrypted[0]); ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED, sts); - ASSERT_NE(0, memcmp(encrypted, expected_encrypted, kBufferSize)); + ASSERT_NE(encrypted, expected_encrypted); } TEST_F(GenericCryptoTest, KeyDurationDecrypt) { @@ -4462,28 +4463,31 @@ TEST_F(GenericCryptoTest, KeyDurationDecrypt) { s.LoadTestKeys(); unsigned int key_index = 1; - uint8_t encrypted[kBufferSize]; - EncryptBuffer(&s, key_index, clear_buffer_, encrypted); + vector encrypted; + EncryptBuffer(&s, key_index, clear_buffer_, &encrypted); sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - uint8_t resultant[kBufferSize]; sleep(kShortSleep); // Should still be valid key. - memset(resultant, 0, kBufferSize); - sts = OEMCrypto_Generic_Decrypt(s.session_id(), encrypted, kBufferSize, iv_, - OEMCrypto_AES_CBC_128_NO_PADDING, resultant); + vector resultant(encrypted.size()); + sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], + encrypted.size(), iv_, + OEMCrypto_AES_CBC_128_NO_PADDING, + &resultant[0]); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - ASSERT_EQ(0, memcmp(clear_buffer_, resultant, kBufferSize)); + ASSERT_EQ(clear_buffer_, resultant); sleep(kLongSleep); // Should be expired key. - memset(resultant, 0, kBufferSize); - sts = OEMCrypto_Generic_Decrypt(s.session_id(), encrypted, kBufferSize, iv_, - OEMCrypto_AES_CBC_128_NO_PADDING, resultant); + resultant.assign(encrypted.size(), 0); + sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], + encrypted.size(), iv_, + OEMCrypto_AES_CBC_128_NO_PADDING, + &resultant[0]); ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED, sts); - ASSERT_NE(0, memcmp(clear_buffer_, resultant, kBufferSize)); + ASSERT_NE(clear_buffer_, resultant); } TEST_F(GenericCryptoTest, KeyDurationSign) { @@ -4496,10 +4500,10 @@ TEST_F(GenericCryptoTest, KeyDurationSign) { s.LoadTestKeys(); unsigned int key_index = 2; - uint8_t expected_signature[SHA256_DIGEST_LENGTH]; - uint8_t signature[SHA256_DIGEST_LENGTH]; - size_t signature_length = SHA256_DIGEST_LENGTH; - SignBuffer(&s, key_index, clear_buffer_, expected_signature); + vector expected_signature; + vector signature(SHA256_DIGEST_LENGTH); + size_t signature_length = signature.size(); + SignBuffer(&s, key_index, clear_buffer_, &expected_signature); sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); @@ -4507,21 +4511,20 @@ TEST_F(GenericCryptoTest, KeyDurationSign) { sleep(kShortSleep); // Should still be valid key. - memset(signature, 0, SHA256_DIGEST_LENGTH); - sts = OEMCrypto_Generic_Sign(s.session_id(), clear_buffer_, kBufferSize, - OEMCrypto_HMAC_SHA256, signature, - &signature_length); + sts = OEMCrypto_Generic_Sign(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + &signature[0], &signature_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - ASSERT_EQ(0, memcmp(signature, expected_signature, SHA256_DIGEST_LENGTH)); + ASSERT_EQ(signature, expected_signature); sleep(kLongSleep); // Should be expired key. - memset(signature, 0, SHA256_DIGEST_LENGTH); - sts = OEMCrypto_Generic_Sign(s.session_id(), clear_buffer_, kBufferSize, - OEMCrypto_HMAC_SHA256, signature, - &signature_length); + signature.assign(SHA256_DIGEST_LENGTH, 0); + sts = OEMCrypto_Generic_Sign(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + &signature[0], &signature_length); ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED, sts); - ASSERT_NE(0, memcmp(signature, expected_signature, SHA256_DIGEST_LENGTH)); + ASSERT_NE(signature, expected_signature); } TEST_F(GenericCryptoTest, KeyDurationVerify) { @@ -4534,8 +4537,8 @@ TEST_F(GenericCryptoTest, KeyDurationVerify) { s.LoadTestKeys(); unsigned int key_index = 3; - uint8_t signature[SHA256_DIGEST_LENGTH]; - SignBuffer(&s, key_index, clear_buffer_, signature); + vector signature; + SignBuffer(&s, key_index, clear_buffer_, &signature); sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); @@ -4543,16 +4546,16 @@ TEST_F(GenericCryptoTest, KeyDurationVerify) { sleep(kShortSleep); // Should still be valid key. - sts = OEMCrypto_Generic_Verify(s.session_id(), clear_buffer_, kBufferSize, - OEMCrypto_HMAC_SHA256, signature, - SHA256_DIGEST_LENGTH); + sts = OEMCrypto_Generic_Verify(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + &signature[0], signature.size()); ASSERT_EQ(OEMCrypto_SUCCESS, sts); sleep(kLongSleep); // Should be expired key. - sts = OEMCrypto_Generic_Verify(s.session_id(), clear_buffer_, kBufferSize, - OEMCrypto_HMAC_SHA256, signature, - SHA256_DIGEST_LENGTH); + sts = OEMCrypto_Generic_Verify(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + &signature[0], signature.size()); ASSERT_EQ(OEMCrypto_ERROR_KEY_EXPIRED, sts); } @@ -4760,7 +4763,7 @@ TEST_F(UsageTableTest, FiftyEntries) { sleep(kShortSleep); const size_t ENTRY_COUNT = 49;// API says should hold at least 50 entries. - Session sessions[ENTRY_COUNT]; + vector sessions(ENTRY_COUNT); for (size_t i=0; i < ENTRY_COUNT; i++) { sessions[i].open(); sessions[i].GenerateTestSessionKeys(); @@ -4953,7 +4956,7 @@ TEST_P(UsageTableTestWithMAC, DeleteEntryBadSignature) { s2.GenerateReport(pst, true, &s); uint8_t* pst_ptr = s2.encrypted_license().pst; memcpy(pst_ptr, pst.c_str(), min(sizeof(s2.license().pst), pst.length())); - std::vector signature(SHA256_DIGEST_LENGTH); + vector signature(SHA256_DIGEST_LENGTH); // Cannot delete without correct signature. // ServerSignMessage(s2.encrypted_license(), &signature); ASSERT_NE(OEMCrypto_SUCCESS, @@ -5070,17 +5073,17 @@ TEST_P(UsageTableTestWithMAC, GenericCryptoEncrypt) { s.LoadTestKeys(pst, new_mac_keys_); OEMCryptoResult sts; unsigned int key_index = 0; - uint8_t expected_encrypted[kBufferSize]; - EncryptBuffer(&s, key_index, clear_buffer_, expected_encrypted); - sts = OEMCrypto_SelectKey( - s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); + vector expected_encrypted; + EncryptBuffer(&s, key_index, clear_buffer_, &expected_encrypted); + sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, + kTestKeyIdLength); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - uint8_t encrypted[kBufferSize]; - sts = OEMCrypto_Generic_Encrypt(s.session_id(), clear_buffer_, kBufferSize, - iv_, OEMCrypto_AES_CBC_128_NO_PADDING, - encrypted); + vector encrypted(clear_buffer_.size()); + sts = OEMCrypto_Generic_Encrypt(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), iv_, + OEMCrypto_AES_CBC_128_NO_PADDING, &encrypted[0]); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - EXPECT_EQ(0, memcmp(encrypted, expected_encrypted, kBufferSize)); + EXPECT_EQ(encrypted, expected_encrypted); s.GenerateReport(pst); EXPECT_EQ(kActive, s.pst_report()->status); EXPECT_ALMOST( @@ -5094,12 +5097,12 @@ TEST_P(UsageTableTestWithMAC, GenericCryptoEncrypt) { EXPECT_EQ(kInactive, s.pst_report()->status); EXPECT_ALMOST( 0, wvcdm::htonll64(s.pst_report()->seconds_since_license_received)); - memset(encrypted, 0, kBufferSize); - sts = OEMCrypto_Generic_Encrypt(s.session_id(), clear_buffer_, kBufferSize, - iv_, OEMCrypto_AES_CBC_128_NO_PADDING, - encrypted); + encrypted.assign(clear_buffer_.size(), 0); + sts = OEMCrypto_Generic_Encrypt(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), iv_, + OEMCrypto_AES_CBC_128_NO_PADDING, &encrypted[0]); ASSERT_NE(OEMCrypto_SUCCESS, sts); - EXPECT_NE(0, memcmp(encrypted, expected_encrypted, kBufferSize)); + EXPECT_NE(encrypted, expected_encrypted); } TEST_P(UsageTableTestWithMAC, GenericCryptoDecrypt) { @@ -5116,17 +5119,17 @@ TEST_P(UsageTableTestWithMAC, GenericCryptoDecrypt) { s.LoadTestKeys(pst, new_mac_keys_); OEMCryptoResult sts; unsigned int key_index = 1; - uint8_t encrypted[kBufferSize]; - EncryptBuffer(&s, key_index, clear_buffer_, encrypted); - sts = OEMCrypto_SelectKey( - s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); + vector encrypted; + EncryptBuffer(&s, key_index, clear_buffer_, &encrypted); + sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, + kTestKeyIdLength); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - uint8_t resultant[kBufferSize]; - sts = - OEMCrypto_Generic_Decrypt(s.session_id(), encrypted, kBufferSize, iv_, - OEMCrypto_AES_CBC_128_NO_PADDING, resultant); + vector resultant(encrypted.size()); + sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], + encrypted.size(), iv_, + OEMCrypto_AES_CBC_128_NO_PADDING, &resultant[0]); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - EXPECT_EQ(0, memcmp(clear_buffer_, resultant, kBufferSize)); + EXPECT_EQ(clear_buffer_, resultant); s.GenerateReport(pst); EXPECT_EQ(kActive, s.pst_report()->status); EXPECT_ALMOST( @@ -5140,12 +5143,12 @@ TEST_P(UsageTableTestWithMAC, GenericCryptoDecrypt) { EXPECT_EQ(kInactive, s.pst_report()->status); EXPECT_ALMOST( 0, wvcdm::htonll64(s.pst_report()->seconds_since_license_received)); - memset(resultant, 0, kBufferSize); - sts = - OEMCrypto_Generic_Decrypt(s.session_id(), encrypted, kBufferSize, iv_, - OEMCrypto_AES_CBC_128_NO_PADDING, resultant); + resultant.assign(encrypted.size(), 0); + sts = OEMCrypto_Generic_Decrypt(s.session_id(), &encrypted[0], + encrypted.size(), iv_, + OEMCrypto_AES_CBC_128_NO_PADDING, &resultant[0]); ASSERT_NE(OEMCrypto_SUCCESS, sts); - EXPECT_NE(0, memcmp(clear_buffer_, resultant, kBufferSize)); + EXPECT_NE(clear_buffer_, resultant); } TEST_P(UsageTableTestWithMAC, GenericCryptoSign) { @@ -5163,24 +5166,24 @@ TEST_P(UsageTableTestWithMAC, GenericCryptoSign) { OEMCryptoResult sts; unsigned int key_index = 2; - uint8_t expected_signature[SHA256_DIGEST_LENGTH]; - SignBuffer(&s, key_index, clear_buffer_, expected_signature); + vector expected_signature; + SignBuffer(&s, key_index, clear_buffer_, &expected_signature); - sts = OEMCrypto_SelectKey( - s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); + sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, + kTestKeyIdLength); ASSERT_EQ(OEMCrypto_SUCCESS, sts); size_t gen_signature_length = 0; - sts = OEMCrypto_Generic_Sign(s.session_id(), clear_buffer_, kBufferSize, - OEMCrypto_HMAC_SHA256, NULL, - &gen_signature_length); + sts = OEMCrypto_Generic_Sign(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + NULL, &gen_signature_length); ASSERT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, sts); ASSERT_EQ(static_cast(SHA256_DIGEST_LENGTH), gen_signature_length); - uint8_t signature[SHA256_DIGEST_LENGTH]; - sts = OEMCrypto_Generic_Sign(s.session_id(), clear_buffer_, kBufferSize, - OEMCrypto_HMAC_SHA256, signature, - &gen_signature_length); + vector signature(SHA256_DIGEST_LENGTH); + sts = OEMCrypto_Generic_Sign(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + &signature[0], &gen_signature_length); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - ASSERT_EQ(0, memcmp(signature, expected_signature, SHA256_DIGEST_LENGTH)); + ASSERT_EQ(signature, expected_signature); s.GenerateReport(pst); EXPECT_EQ(kActive, s.pst_report()->status); @@ -5196,13 +5199,13 @@ TEST_P(UsageTableTestWithMAC, GenericCryptoSign) { EXPECT_ALMOST( 0, wvcdm::htonll64(s.pst_report()->seconds_since_license_received)); - memset(signature, 0, SHA256_DIGEST_LENGTH); + signature.assign(SHA256_DIGEST_LENGTH, 0); gen_signature_length = SHA256_DIGEST_LENGTH; - sts = OEMCrypto_Generic_Sign(s.session_id(), clear_buffer_, kBufferSize, - OEMCrypto_HMAC_SHA256, signature, - &gen_signature_length); + sts = OEMCrypto_Generic_Sign(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + &signature[0], &gen_signature_length); ASSERT_NE(OEMCrypto_SUCCESS, sts); - ASSERT_NE(0, memcmp(signature, expected_signature, SHA256_DIGEST_LENGTH)); + ASSERT_NE(signature, expected_signature); } TEST_P(UsageTableTestWithMAC, GenericCryptoVerify) { @@ -5220,15 +5223,15 @@ TEST_P(UsageTableTestWithMAC, GenericCryptoVerify) { OEMCryptoResult sts; unsigned int key_index = 3; - uint8_t signature[SHA256_DIGEST_LENGTH]; - SignBuffer(&s, key_index, clear_buffer_, signature); + vector signature; + SignBuffer(&s, key_index, clear_buffer_, &signature); - sts = OEMCrypto_SelectKey( - s.session_id(), s.license().keys[key_index].key_id, kTestKeyIdLength); + sts = OEMCrypto_SelectKey(s.session_id(), s.license().keys[key_index].key_id, + kTestKeyIdLength); ASSERT_EQ(OEMCrypto_SUCCESS, sts); - sts = OEMCrypto_Generic_Verify(s.session_id(), clear_buffer_, kBufferSize, - OEMCrypto_HMAC_SHA256, signature, - SHA256_DIGEST_LENGTH); + sts = OEMCrypto_Generic_Verify(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + &signature[0], signature.size()); ASSERT_EQ(OEMCrypto_SUCCESS, sts); s.GenerateReport(pst); @@ -5245,9 +5248,9 @@ TEST_P(UsageTableTestWithMAC, GenericCryptoVerify) { EXPECT_ALMOST( 0, wvcdm::htonll64(s.pst_report()->seconds_since_license_received)); - sts = OEMCrypto_Generic_Verify(s.session_id(), clear_buffer_, kBufferSize, - OEMCrypto_HMAC_SHA256, signature, - SHA256_DIGEST_LENGTH); + sts = OEMCrypto_Generic_Verify(s.session_id(), &clear_buffer_[0], + clear_buffer_.size(), OEMCrypto_HMAC_SHA256, + &signature[0], signature.size()); ASSERT_NE(OEMCrypto_SUCCESS, sts); }