From a457c2a14de309d062e2931b27719d60cb94b686 Mon Sep 17 00:00:00 2001
From: Jacob Trimble <modmaker@google.com>
Date: Thu, 30 Nov 2023 23:27:55 +0000
Subject: [PATCH] Make IV const in privacy_crypto

Merged from https://widevine-internal-review.googlesource.com/188677

Change-Id: I17346b54259ca1929ef40a8d61aef38969800159
---
 .../cdm/core/include/privacy_crypto.h         |  2 +-
 .../cdm/core/src/privacy_crypto_boringssl.cpp | 24 ++++++++-----------
 .../cdm/core/src/privacy_crypto_dummy.cpp     |  4 ++--
 .../cdm/core/src/service_certificate.cpp      |  2 +-
 4 files changed, 14 insertions(+), 18 deletions(-)

diff --git a/libwvdrmengine/cdm/core/include/privacy_crypto.h b/libwvdrmengine/cdm/core/include/privacy_crypto.h
index eea1d3bd..9904a518 100644
--- a/libwvdrmengine/cdm/core/include/privacy_crypto.h
+++ b/libwvdrmengine/cdm/core/include/privacy_crypto.h
@@ -37,7 +37,7 @@ class AesCbcKey {
   ~AesCbcKey();
 
   bool Init(const std::string& key);
-  bool Encrypt(const std::string& in, std::string* out, std::string* iv);
+  bool Encrypt(const std::string& in, const std::string& iv, std::string* out);
 
  private:
   std::string key_;
diff --git a/libwvdrmengine/cdm/core/src/privacy_crypto_boringssl.cpp b/libwvdrmengine/cdm/core/src/privacy_crypto_boringssl.cpp
index 86ddea95..6377642b 100644
--- a/libwvdrmengine/cdm/core/src/privacy_crypto_boringssl.cpp
+++ b/libwvdrmengine/cdm/core/src/privacy_crypto_boringssl.cpp
@@ -89,18 +89,14 @@ bool AesCbcKey::Init(const std::string& key) {
   return true;
 }
 
-bool AesCbcKey::Encrypt(const std::string& in, std::string* out,
-                        std::string* iv) {
+bool AesCbcKey::Encrypt(const std::string& in, const std::string& iv,
+                        std::string* out) {
   if (in.empty()) {
     LOGE("No cleartext provided");
     return false;
   }
-  if (iv == nullptr) {
-    LOGE("Initialization vector output parameter |iv| not provided");
-    return false;
-  }
-  if (iv->size() != AES_BLOCK_SIZE) {
-    LOGE("Invalid IV size: %zu", iv->size());
+  if (iv.size() != AES_BLOCK_SIZE) {
+    LOGE("Invalid IV size: %zu", iv.size());
     return false;
   }
   if (out == nullptr) {
@@ -114,8 +110,8 @@ bool AesCbcKey::Encrypt(const std::string& in, std::string* out,
 
   EVP_CIPHER_CTX* evp_cipher_ctx = EVP_CIPHER_CTX_new();
   if (EVP_EncryptInit(evp_cipher_ctx, EVP_aes_128_cbc(),
-                      reinterpret_cast<uint8_t*>(&key_[0]),
-                      reinterpret_cast<uint8_t*>(&(*iv)[0])) == 0) {
+                      reinterpret_cast<const uint8_t*>(&key_[0]),
+                      reinterpret_cast<const uint8_t*>(&iv[0])) == 0) {
     LOGE("AES CBC setup failure: %s",
          ERR_error_string(ERR_get_error(), nullptr));
     EVP_CIPHER_CTX_free(evp_cipher_ctx);
@@ -124,10 +120,10 @@ bool AesCbcKey::Encrypt(const std::string& in, std::string* out,
 
   out->resize(in.size() + AES_BLOCK_SIZE);
   int out_length = static_cast<int>(out->size());
-  if (EVP_EncryptUpdate(
-          evp_cipher_ctx, reinterpret_cast<uint8_t*>(&(*out)[0]), &out_length,
-          reinterpret_cast<uint8_t*>(const_cast<char*>(in.data())),
-          static_cast<int>(in.size())) == 0) {
+  if (EVP_EncryptUpdate(evp_cipher_ctx, reinterpret_cast<uint8_t*>(&(*out)[0]),
+                        &out_length,
+                        reinterpret_cast<const uint8_t*>(in.data()),
+                        static_cast<int>(in.size())) == 0) {
     LOGE("AES CBC encryption failure: %s",
          ERR_error_string(ERR_get_error(), nullptr));
     EVP_CIPHER_CTX_free(evp_cipher_ctx);
diff --git a/libwvdrmengine/cdm/core/src/privacy_crypto_dummy.cpp b/libwvdrmengine/cdm/core/src/privacy_crypto_dummy.cpp
index 8b100c59..c016b478 100644
--- a/libwvdrmengine/cdm/core/src/privacy_crypto_dummy.cpp
+++ b/libwvdrmengine/cdm/core/src/privacy_crypto_dummy.cpp
@@ -29,8 +29,8 @@ AesCbcKey::~AesCbcKey() {}
 
 bool AesCbcKey::Init(const std::string& key) { return false; }
 
-bool AesCbcKey::Encrypt(const std::string& in, std::string* out,
-                        std::string* iv) {
+bool AesCbcKey::Encrypt(const std::string& in, const std::string& iv,
+                        std::string* out) {
   return false;
 }
 
diff --git a/libwvdrmengine/cdm/core/src/service_certificate.cpp b/libwvdrmengine/cdm/core/src/service_certificate.cpp
index c89648a1..4d6c8607 100644
--- a/libwvdrmengine/cdm/core/src/service_certificate.cpp
+++ b/libwvdrmengine/cdm/core/src/service_certificate.cpp
@@ -251,7 +251,7 @@ CdmResponseType ServiceCertificate::EncryptClientId(
 
   AesCbcKey aes;
   if (!aes.Init(key)) return CdmResponseType(CLIENT_ID_AES_INIT_ERROR);
-  if (!aes.Encrypt(id, &enc_id, &iv))
+  if (!aes.Encrypt(id, iv, &enc_id))
     return CdmResponseType(CLIENT_ID_AES_ENCRYPT_ERROR);
 
   CdmResponseType encrypt_result = EncryptRsaOaep(key, &enc_key);