From 135d6c608dac7fb0aa6c0db201c96d9ac0c5aadf Mon Sep 17 00:00:00 2001
From: Fred Gylys-Colwell <fredgc@google.com>
Date: Wed, 15 May 2024 17:27:13 -0700
Subject: [PATCH 1/2] Update test data for entitled license test

A new set of license data was created on UAT so that we
could have keys that match those in the license returned by
a License SDK and by those generated by UAT.

It should be more clear now which data is just made up, and
which data has to match some golden values based on the made
up data.

Bug: 338323091
Test: WVTS
Change-Id: Ic112b4594afb99c6f43e011f59ee7592d4809189
---
 .../cdm/core/src/initialization_data.cpp      |  5 +++-
 libwvdrmengine/cdm/core/test/test_base.cpp    | 30 +++++++++++++++++++
 libwvdrmengine/cdm/core/test/test_base.h      |  4 +++
 3 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/libwvdrmengine/cdm/core/src/initialization_data.cpp b/libwvdrmengine/cdm/core/src/initialization_data.cpp
index 373e5a96..cf87d24a 100644
--- a/libwvdrmengine/cdm/core/src/initialization_data.cpp
+++ b/libwvdrmengine/cdm/core/src/initialization_data.cpp
@@ -680,7 +680,7 @@ void InitializationData::DumpToLogs() const {
   if (!is_supported()) {
     LOGD("InitData: Not supported");
   }
-  if (!IsEmpty()) {
+  if (IsEmpty()) {
     LOGD("InitData: Empty");
   }
   std::string type_info = type();
@@ -736,6 +736,9 @@ void InitializationData::DumpToLogs() const {
     LOGD("InitData: entitlement_key_id %d: %s -> %s", i,
          wvutil::b2a_hex(key.entitlement_key_id()).c_str(),
          wvutil::b2a_hex(key.key_id()).c_str());
+    LOGD("InitData:    entitled_key %d: %s", i,
+         wvutil::b2a_hex(key.key()).c_str());
+    LOGD("InitData:    iv %d: %s", i, wvutil::b2a_hex(key.iv()).c_str());
   }
 }
 
diff --git a/libwvdrmengine/cdm/core/test/test_base.cpp b/libwvdrmengine/cdm/core/test/test_base.cpp
index a72c92d8..e3e4e28c 100644
--- a/libwvdrmengine/cdm/core/test/test_base.cpp
+++ b/libwvdrmengine/cdm/core/test/test_base.cpp
@@ -189,6 +189,16 @@ enum OptionalBool {
 bool UnwrapOptionalBool(OptionalBool value, bool default_value) {
   return (value == kBoolUnset) ? default_value : (value == kBoolTrue);
 }
+
+// Increment counter for AES-CTR.  The CENC spec specifies we increment only
+// the low 64 bits of the IV counter, and leave the high 64 bits alone.  This
+// is different from the BoringSSL implementation, so we implement the CTR loop
+// ourselves.
+void ctr128_inc64(int64_t increaseBy, std::vector<uint8_t>& iv) {
+  uint64_t* counterBuffer = reinterpret_cast<uint64_t*>(&(iv[8]));
+  (*counterBuffer) =
+      wvutil::htonll64(wvutil::ntohll64(*counterBuffer) + increaseBy);
+}
 }  // namespace
 
 // Static WvCdmTestBase variables.
@@ -208,6 +218,26 @@ void WvCdmTestBase::StripeBuffer(std::vector<uint8_t>* buffer, size_t size,
   }
 }
 
+// Encrypt a block of data using CTR mode.
+std::vector<uint8_t> WvCdmTestBase::Aes128CtrEncrypt(
+    const std::vector<uint8_t>& key, const std::vector<uint8_t>& starting_iv,
+    const std::vector<uint8_t>& in_buffer) {
+  AES_KEY aes_key;
+  AES_set_encrypt_key(key.data(), AES_BLOCK_SIZE * 8, &aes_key);
+  std::vector<uint8_t> out_buffer(in_buffer.size());
+  std::vector<uint8_t> iv = starting_iv;
+  size_t l = 0;  // byte index into encrypted subsample.
+  while (l < in_buffer.size()) {
+    uint8_t aes_output[AES_BLOCK_SIZE];
+    AES_encrypt(iv.data(), aes_output, &aes_key);
+    for (size_t n = 0; n < AES_BLOCK_SIZE && l < in_buffer.size(); n++, l++) {
+      out_buffer[l] = aes_output[n] ^ in_buffer[l];
+    }
+    ctr128_inc64(1, iv);
+  }
+  return out_buffer;
+}
+
 std::string WvCdmTestBase::Aes128CbcEncrypt(std::vector<uint8_t> key,
                                             const std::vector<uint8_t>& clear,
                                             std::vector<uint8_t> iv) {
diff --git a/libwvdrmengine/cdm/core/test/test_base.h b/libwvdrmengine/cdm/core/test/test_base.h
index d95cef40..646b9409 100644
--- a/libwvdrmengine/cdm/core/test/test_base.h
+++ b/libwvdrmengine/cdm/core/test/test_base.h
@@ -76,6 +76,10 @@ class WvCdmTestBase : public ::testing::Test {
                                       const std::vector<uint8_t>& clear,
                                       std::vector<uint8_t> iv);
   // Helper method for doing cryptography.
+  static std::vector<uint8_t> Aes128CtrEncrypt(
+      const std::vector<uint8_t>& key, const std::vector<uint8_t>& starting_iv,
+      const std::vector<uint8_t>& in_buffer);
+  // Helper method for doing cryptography.
   static std::string SignHMAC(const std::string& message,
                               const std::vector<uint8_t>& key);
 

From b0bf7187f09c688e0b8ec775453bfb73ad8b520b Mon Sep 17 00:00:00 2001
From: Fred Gylys-Colwell <fredgc@google.com>
Date: Mon, 15 Jul 2024 16:38:19 -0700
Subject: [PATCH 2/2] Clang format long line

Error not found in go/wvgerrit/199931

Change-Id: I58806276ab0a710444f6632d4c824607b8ebd17c
---
 libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp b/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp
index ed4041c5..32d705e7 100644
--- a/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp
+++ b/libwvdrmengine/mediadrm/src/WVDrmPlugin.cpp
@@ -1510,7 +1510,8 @@ static WvStatus getDeviceSignedCsrPayload(
     } else {
       return toNdkScopedAStatus(Status::BAD_VALUE);
     }
-  } else if (name == "certificateSigningRequestChallenge" && isCsrAccessAllowed()) {
+  } else if (name == "certificateSigningRequestChallenge" &&
+             isCsrAccessAllowed()) {
     mCertificateSigningRequestChallenge =
         std::string(_value.begin(), _value.end());
   } else if (name == "deviceInfo" && isCsrAccessAllowed()) {