From 3f040e0a9da16781c3e5a4c800dd252d0238d6fd Mon Sep 17 00:00:00 2001
From: Fred Gylys-Colwell <fredgc@google.com>
Date: Fri, 2 Sep 2016 15:51:05 -0700
Subject: [PATCH] Don't Increment IV for Partial Blocks in Unit Tests

Merge from widevine repo of http://go/wvgerrit/20660

For CTR encryption mode, when a subsample ends with partial block that
is continued on the next subsample, both blocks should have the same
IV.  This allows an implementation of OEMCrypto to optimize their
decryption algorithm.

b/31114392

Change-Id: I29a998b00f3bfb12c4bbbcb1fa1ebc371473fefd
---
 libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
index be6a7c4f..c82a4c5f 100644
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
@@ -2492,6 +2492,7 @@ class OEMCryptoSessionTestsDecryptTests
                            (size < AES_BLOCK_SIZE))) {
           memcpy(&(*out_buffer)[buffer_index], &in_buffer[buffer_index],
                  size);
+          block_offset = 0;  // Next block should be complete.
         } else {
           if (cipher_mode_ == OEMCrypto_CipherMode_CTR) {
             uint8_t aes_output[AES_BLOCK_SIZE];
@@ -2501,7 +2502,15 @@ class OEMCryptoSessionTestsDecryptTests
                   aes_output[n + block_offset] ^
                   in_buffer[buffer_index + n];
             }
-            ctr128_inc64(1, iv);
+            if (size + block_offset < AES_BLOCK_SIZE) {
+              // Partial block.  Don't increment iv.  Compute next block offset.
+              block_offset = block_offset + size;
+            } else {
+              EXPECT_EQ(AES_BLOCK_SIZE, block_offset + size);
+              // Full block.  Increment iv, and set offset to 0 for next block.
+              ctr128_inc64(1, iv);
+              block_offset = 0;
+            }
           } else {
             uint8_t aes_input[AES_BLOCK_SIZE];
             for (size_t n = 0; n < size; n++) {
@@ -2509,13 +2518,12 @@ class OEMCryptoSessionTestsDecryptTests
             }
             AES_encrypt(aes_input, &(*out_buffer)[buffer_index], &aes_key);
             memcpy(iv, &(*out_buffer)[buffer_index], AES_BLOCK_SIZE);
+            // CBC mode should always start on block boundary.
+            block_offset = 0;
           }
         }
         buffer_index += size;
-        block_offset = 0;
       }
-      block_offset =
-          (block_offset + subsample_size_[i].encrypted_size) % AES_BLOCK_SIZE;
     }
   }