Source release 18.5.0
This commit is contained in:
Matt Feddersen
@@ -82,30 +82,6 @@ class FuzzedData {
|
||||
size_t source_size_;
|
||||
};
|
||||
|
||||
// Encrypt a block of data using CTR mode.
|
||||
void EncryptCTR(const vector<uint8_t>& in_buffer, const uint8_t* key,
|
||||
const uint8_t* starting_iv, vector<uint8_t>* out_buffer) {
|
||||
ASSERT_NE(nullptr, key);
|
||||
ASSERT_NE(nullptr, starting_iv);
|
||||
ASSERT_NE(nullptr, out_buffer);
|
||||
AES_KEY aes_key;
|
||||
AES_set_encrypt_key(key, AES_BLOCK_SIZE * 8, &aes_key);
|
||||
out_buffer->resize(in_buffer.size());
|
||||
|
||||
uint8_t iv[AES_BLOCK_SIZE]; // Current iv.
|
||||
|
||||
memcpy(iv, &starting_iv[0], AES_BLOCK_SIZE);
|
||||
size_t l = 0; // byte index into encrypted subsample.
|
||||
while (l < in_buffer.size()) {
|
||||
uint8_t aes_output[AES_BLOCK_SIZE];
|
||||
AES_encrypt(iv, aes_output, &aes_key);
|
||||
for (size_t n = 0; n < AES_BLOCK_SIZE && l < in_buffer.size(); n++, l++) {
|
||||
(*out_buffer)[l] = aes_output[n] ^ in_buffer[l];
|
||||
}
|
||||
ctr128_inc64(1, iv);
|
||||
}
|
||||
}
|
||||
|
||||
// Uses OEMCrypto to decrypt some random data in 'cenc' mode. This function
|
||||
// assumes that the correct key is already selected in the session. It requires
|
||||
// the plaintext of that key so that it can encrypt the test data. It resizes
|
||||
@@ -138,6 +114,30 @@ OEMCryptoResult DecryptCTR(const vector<uint8_t>& key_handle,
|
||||
|
||||
} // namespace
|
||||
|
||||
// Encrypt a block of data using CTR mode.
|
||||
void EncryptCTR(const vector<uint8_t>& in_buffer, const uint8_t* key,
|
||||
const uint8_t* starting_iv, vector<uint8_t>* out_buffer) {
|
||||
ASSERT_NE(nullptr, key);
|
||||
ASSERT_NE(nullptr, starting_iv);
|
||||
ASSERT_NE(nullptr, out_buffer);
|
||||
AES_KEY aes_key;
|
||||
AES_set_encrypt_key(key, AES_BLOCK_SIZE * 8, &aes_key);
|
||||
out_buffer->resize(in_buffer.size());
|
||||
|
||||
uint8_t iv[AES_BLOCK_SIZE]; // Current iv.
|
||||
|
||||
memcpy(iv, &starting_iv[0], AES_BLOCK_SIZE);
|
||||
size_t l = 0; // byte index into encrypted subsample.
|
||||
while (l < in_buffer.size()) {
|
||||
uint8_t aes_output[AES_BLOCK_SIZE];
|
||||
AES_encrypt(iv, aes_output, &aes_key);
|
||||
for (size_t n = 0; n < AES_BLOCK_SIZE && l < in_buffer.size(); n++, l++) {
|
||||
(*out_buffer)[l] = aes_output[n] ^ in_buffer[l];
|
||||
}
|
||||
ctr128_inc64(1, iv);
|
||||
}
|
||||
}
|
||||
|
||||
int GetRandBytes(unsigned char* buf, size_t num) {
|
||||
// returns 1 on success, -1 if not supported, or 0 if other failure.
|
||||
return RAND_bytes(buf, static_cast<int>(num));
|
||||
@@ -792,9 +792,6 @@ void LicenseRoundTrip::FillAndVerifyCoreRequest(
|
||||
// for L3 release only.
|
||||
EXPECT_LE(3, core_request_.api_minor_version);
|
||||
EXPECT_GE(5, core_request_.api_minor_version);
|
||||
} else if (global_features.api_version == ODK_MAJOR_VERSION) {
|
||||
// We do not expect older tests to work with a newer OEMCrypto.
|
||||
EXPECT_GE(ODK_MINOR_VERSION, core_request_.api_minor_version);
|
||||
}
|
||||
if (expect_request_has_correct_nonce_) {
|
||||
EXPECT_EQ(session()->nonce(), core_request_.nonce);
|
||||
@@ -1139,8 +1136,8 @@ OEMCryptoResult LicenseRoundTrip::LoadResponse(Session* session,
|
||||
response_signature_.size());
|
||||
if (verify_keys && result == OEMCrypto_SUCCESS) {
|
||||
// Give the session object a copy of the license truth data so that it can
|
||||
// call SelectKey, use key control information, and so that it has key data
|
||||
// to verify decrypt operations.
|
||||
// call GetKeyHandle, use key control information, and so that it has key
|
||||
// data to verify decrypt operations.
|
||||
session->set_license(response_data_);
|
||||
// Also, if the license has new mac keys, then install them now.
|
||||
if (core_response_.enc_mac_keys.length > 0) {
|
||||
@@ -1234,6 +1231,12 @@ void EntitledMessage::MakeOneKey(size_t entitlement_key_index) {
|
||||
sizeof(key_data->content_key_data_iv)));
|
||||
offsets->content_key_data_iv = FindSubstring(
|
||||
key_data->content_key_data_iv, sizeof(key_data->content_key_data_iv));
|
||||
|
||||
EXPECT_EQ(1,
|
||||
GetRandBytes(key_data->content_iv, sizeof(key_data->content_iv)));
|
||||
key_data->content_iv_length = sizeof(key_data->content_iv);
|
||||
offsets->content_iv =
|
||||
FindSubstring(key_data->content_iv, key_data->content_iv_length);
|
||||
}
|
||||
|
||||
OEMCrypto_EntitledContentKeyObject* EntitledMessage::entitled_key_array() {
|
||||
@@ -1367,8 +1370,8 @@ void EntitledMessage::LoadCasKeys(bool load_even, bool load_odd,
|
||||
|
||||
// Convert the OEMCrypto_EntitledContentKeyObject to
|
||||
// OEMCrypto_EntitledCasKeyObject. Only the first two key object is used.
|
||||
OEMCrypto_EntitledContentKeyObject even_key;
|
||||
OEMCrypto_EntitledContentKeyObject odd_key;
|
||||
OEMCrypto_EntitledContentKeyObject even_key = {};
|
||||
OEMCrypto_EntitledContentKeyObject odd_key = {};
|
||||
bool has_even = load_even && num_keys_ >= 1;
|
||||
bool has_odd = load_odd && num_keys_ >= 2;
|
||||
if (has_even) {
|
||||
@@ -1376,14 +1379,16 @@ void EntitledMessage::LoadCasKeys(bool load_even, bool load_odd,
|
||||
even_key.content_key_id = entitled_key_array_[0].content_key_id;
|
||||
even_key.content_key_data_iv = entitled_key_array_[0].content_key_data_iv;
|
||||
even_key.content_key_data = entitled_key_array_[0].content_key_data;
|
||||
even_key.content_iv.length = 0;
|
||||
even_key.content_iv = entitled_key_array_[0].content_iv;
|
||||
even_key.cipher_mode = OEMCrypto_CipherMode_CBC;
|
||||
}
|
||||
if (has_odd) {
|
||||
odd_key.entitlement_key_id = entitled_key_array_[1].entitlement_key_id;
|
||||
odd_key.content_key_id = entitled_key_array_[1].content_key_id;
|
||||
odd_key.content_key_data_iv = entitled_key_array_[1].content_key_data_iv;
|
||||
odd_key.content_key_data = entitled_key_array_[1].content_key_data;
|
||||
odd_key.content_iv.length = 0;
|
||||
odd_key.content_iv = entitled_key_array_[1].content_iv;
|
||||
odd_key.cipher_mode = OEMCrypto_CipherMode_CBC;
|
||||
}
|
||||
|
||||
OEMCryptoResult sts = OEMCrypto_LoadCasECMKeys(
|
||||
@@ -1464,6 +1469,7 @@ void EntitledMessage::VerifyDecrypt() {
|
||||
void RenewalRoundTrip::VerifyRequestSignature(
|
||||
const vector<uint8_t>& data, const vector<uint8_t>& generated_signature,
|
||||
size_t core_message_length) {
|
||||
(void)core_message_length;
|
||||
ASSERT_EQ(HMAC_SHA256_SIGNATURE_SIZE, generated_signature.size());
|
||||
std::vector<uint8_t> expected_signature;
|
||||
session()->key_deriver().ClientSignBuffer(data, &expected_signature);
|
||||
@@ -1770,7 +1776,7 @@ void Session::TestDecryptEntitled(OEMCryptoResult expected_result,
|
||||
// We only have a few errors that we test are reported.
|
||||
ASSERT_NO_FATAL_FAILURE(
|
||||
TestDecryptResult(expected_result, getkeyhandle_result, decrypt_result))
|
||||
<< "Either SelectKey or DecryptCENC should return " << expected_result
|
||||
<< "Either GetKeyHandle or DecryptCENC should return" << expected_result
|
||||
<< ", but they returned " << getkeyhandle_result << " and "
|
||||
<< decrypt_result << ", respectively.";
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user