Source release 17.1.0

oemcrypto/test/oec_key_deriver.cpp

@@ -1,11 +1,11 @@
 // Copyright 2019 Google LLC. All Rights Reserved. This file and proprietary
-// source code may only be used and distributed under the Widevine Master
+// source code may only be used and distributed under the Widevine
 // License Agreement.
 //
 // OEMCrypto unit tests
 //
 
-#include "oec_session_util.h"
+#include "oec_key_deriver.h"
 
 #include <openssl/aes.h>
 #include <openssl/bio.h>
@@ -58,7 +58,7 @@ void Encryptor::CBCEncrypt(const uint8_t* data, uint8_t* encrypted_data,
 
 void Encryptor::PadAndEncryptProvisioningMessage(
     RSAPrivateKeyMessage* data, RSAPrivateKeyMessage* encrypted) const {
-  EXPECT_EQ(1, GetRandBytes(data->rsa_key_iv, KEY_IV_SIZE));
+  EXPECT_EQ(1, RAND_bytes(data->rsa_key_iv, KEY_IV_SIZE));
   ASSERT_EQ(enc_key_.size(), KEY_SIZE);
   *encrypted = *data;
   if (data->rsa_key_length > sizeof(data->rsa_key)) {
@@ -83,19 +83,23 @@ void Encryptor::PadAndEncryptProvisioningMessage(
 // This generates the data for deriving one key. If there are failures in
 // this function, then there is something wrong with the test program and its
 // dependency on BoringSSL.
-void KeyDeriver::DeriveKey(const uint8_t* key, const vector<uint8_t>& context,
-                           int counter, vector<uint8_t>* out) {
+void KeyDeriver::DeriveKey(const uint8_t* key, size_t master_key_size,
+                           const vector<uint8_t>& context, int counter,
+                           vector<uint8_t>* out) {
   ASSERT_NE(key, nullptr);
   ASSERT_FALSE(context.empty());
   ASSERT_GE(4, counter);
   ASSERT_LE(1, counter);
   ASSERT_NE(out, nullptr);
+  // For RSA, the master key is expected to be 16 bytes; for EC key, 32 bytes.
+  ASSERT_TRUE(master_key_size == KEY_SIZE || master_key_size == 2 * KEY_SIZE);
 
-  const EVP_CIPHER* cipher = EVP_aes_128_cbc();
+  const EVP_CIPHER* cipher =
+      master_key_size == KEY_SIZE ? EVP_aes_128_cbc() : EVP_aes_256_cbc();
   CMAC_CTX* cmac_ctx = CMAC_CTX_new();
   ASSERT_NE(nullptr, cmac_ctx);
 
-  ASSERT_TRUE(CMAC_Init(cmac_ctx, key, KEY_SIZE, cipher, 0));
+  ASSERT_TRUE(CMAC_Init(cmac_ctx, key, master_key_size, cipher, nullptr));
 
   std::vector<uint8_t> message;
   message.push_back(static_cast<uint8_t>(counter));
@@ -114,24 +118,24 @@ void KeyDeriver::DeriveKey(const uint8_t* key, const vector<uint8_t>& context,
 // This generates the data for deriving a set of keys. If there are failures in
 // this function, then there is something wrong with the test program and its
 // dependency on BoringSSL.
-void KeyDeriver::DeriveKeys(const uint8_t* master_key,
+void KeyDeriver::DeriveKeys(const uint8_t* master_key, size_t master_key_size,
                             const vector<uint8_t>& mac_key_context,
                             const vector<uint8_t>& enc_key_context) {
   // Generate derived key for mac key
   std::vector<uint8_t> mac_key_part2;
-  DeriveKey(master_key, mac_key_context, 1, &mac_key_server_);
-  DeriveKey(master_key, mac_key_context, 2, &mac_key_part2);
+  DeriveKey(master_key, master_key_size, mac_key_context, 1, &mac_key_server_);
+  DeriveKey(master_key, master_key_size, mac_key_context, 2, &mac_key_part2);
   mac_key_server_.insert(mac_key_server_.end(), mac_key_part2.begin(),
                          mac_key_part2.end());
 
-  DeriveKey(master_key, mac_key_context, 3, &mac_key_client_);
-  DeriveKey(master_key, mac_key_context, 4, &mac_key_part2);
+  DeriveKey(master_key, master_key_size, mac_key_context, 3, &mac_key_client_);
+  DeriveKey(master_key, master_key_size, mac_key_context, 4, &mac_key_part2);
   mac_key_client_.insert(mac_key_client_.end(), mac_key_part2.begin(),
                          mac_key_part2.end());
 
   // Generate derived key for encryption key
   std::vector<uint8_t> enc_key;
-  DeriveKey(master_key, enc_key_context, 1, &enc_key);
+  DeriveKey(master_key, master_key_size, enc_key_context, 1, &enc_key);
   set_enc_key(enc_key);
 }
 
@@ -147,8 +151,9 @@ void KeyDeriver::ServerSignBuffer(const uint8_t* data, size_t data_length,
   ASSERT_EQ(mac_key_server_.size(), MAC_KEY_SIZE);
   signature->assign(SHA256_DIGEST_LENGTH, 0);
   unsigned int sig_len = SHA256_DIGEST_LENGTH;
-  ASSERT_TRUE(HMAC(EVP_sha256(), mac_key_server_.data(), mac_key_server_.size(),
-                   data, data_length, signature->data(), &sig_len));
+  ASSERT_TRUE(HMAC(EVP_sha256(), mac_key_server_.data(),
+                   static_cast<int>(mac_key_server_.size()), data, data_length,
+                   signature->data(), &sig_len));
 }
 
 void KeyDeriver::ClientSignBuffer(const vector<uint8_t>& buffer,
@@ -156,8 +161,9 @@ void KeyDeriver::ClientSignBuffer(const vector<uint8_t>& buffer,
   ASSERT_EQ(mac_key_client_.size(), MAC_KEY_SIZE);
   signature->assign(SHA256_DIGEST_LENGTH, 0);
   unsigned int sig_len = SHA256_DIGEST_LENGTH;
-  ASSERT_TRUE(HMAC(EVP_sha256(), mac_key_client_.data(), mac_key_client_.size(),
-                   buffer.data(), buffer.size(), signature->data(), &sig_len));
+  ASSERT_TRUE(HMAC(EVP_sha256(), mac_key_client_.data(),
+                   static_cast<int>(mac_key_client_.size()), buffer.data(),
+                   buffer.size(), signature->data(), &sig_len));
 }
 
 void KeyDeriver::ClientSignPstReport(const vector<uint8_t>& pst_report_buffer,
@@ -165,7 +171,8 @@ void KeyDeriver::ClientSignPstReport(const vector<uint8_t>& pst_report_buffer,
   ASSERT_EQ(mac_key_client_.size(), MAC_KEY_SIZE);
   signature->assign(SHA_DIGEST_LENGTH, 0);
   unsigned int sig_len = SHA_DIGEST_LENGTH;
-  ASSERT_TRUE(HMAC(EVP_sha1(), mac_key_client_.data(), mac_key_client_.size(),
+  ASSERT_TRUE(HMAC(EVP_sha1(), mac_key_client_.data(),
+                   static_cast<int>(mac_key_client_.size()),
                    &pst_report_buffer[SHA_DIGEST_LENGTH],
                    pst_report_buffer.size() - SHA_DIGEST_LENGTH,
                    signature->data(), &sig_len));