Source release 16.4.0

oemcrypto/test/oec_session_util.cpp

@@ -31,6 +31,7 @@
 #include "core_message_serialize.h"
 #include "disallow_copy_and_assign.h"
 #include "log.h"
+#include "odk_attributes.h"
 #include "odk_structs.h"
 #include "oec_device_features.h"
 #include "oec_test_data.h"
@@ -337,7 +338,7 @@ void ProvisioningRoundTrip::EncryptAndSignResponse() {
 }
 
 void ProvisioningRoundTrip::InjectFuzzedResponseData(const uint8_t* data,
-                                                     size_t size) {
+                                                     size_t size UNUSED) {
   // Interpreting fuzz data as unencrypted core_response + message_data
   const size_t core_response_size = sizeof(ODK_ParsedProvisioning);
   // Copy core_response from data and serialize.
@@ -544,7 +545,7 @@ void LicenseRoundTrip::InjectFuzzedTimerLimits(
 }
 
 void LicenseRoundTrip::InjectFuzzedResponseData(const uint8_t* data,
-                                                size_t size) {
+                                                size_t size UNUSED) {
   // Interpreting fuzz data as unencrypted core_response + message_data
   const size_t core_response_size = sizeof(ODK_ParsedLicense);
   // Copy core_response from data.
@@ -900,6 +901,17 @@ void EntitledMessage::LoadKeys(OEMCryptoResult expected_sts) {
                     key_data->encrypted_content_key_data, KEY_SIZE, &aes_key,
                     iv, AES_ENCRYPT);
   }
+  if (ShouldGenerateCorpus()) {
+    const std::string file_name =
+        GetFileName("oemcrypto_load_entitled_content_keys_fuzz_seed_corpus");
+    // Corpus for load entitled keys fuzzer should be in the format:
+    // message buffer to be verified | entitled content key object array.
+    AppendToFile(file_name, reinterpret_cast<const char*>(entitled_key_data_),
+                 sizeof(entitled_key_data_));
+    AppendSeparator(file_name);
+    AppendToFile(file_name, reinterpret_cast<const char*>(entitled_key_array_),
+                 num_keys_);
+  }
   ASSERT_EQ(expected_sts,
             OEMCrypto_LoadEntitledContentKeys(
                 license_messages_->session()->session_id(),
@@ -1311,10 +1323,9 @@ void Session::TestDecryptResult(OEMCryptoResult expected_result,
 
 void Session::TestSelectExpired(unsigned int key_index) {
   if (global_features.api_version >= 13) {
-    OEMCryptoResult status =
-        OEMCrypto_SelectKey(session_id(), license().keys[key_index].key_id,
-                            license().keys[key_index].key_id_length,
-                            OEMCrypto_CipherMode_CTR);
+    OEMCryptoResult status = OEMCrypto_SelectKey(
+        session_id(), license().keys[key_index].key_id,
+        license().keys[key_index].key_id_length, OEMCrypto_CipherMode_CTR);
     // It is OK for SelectKey to succeed with an expired key, but if there is
     // an error, it must be OEMCrypto_ERROR_KEY_EXIRED.
     if (status != OEMCrypto_SUCCESS) {
@@ -1382,9 +1393,9 @@ void Session::LoadOEMCert(bool verify_cert) {
       // TODO(fredgc): Verify cert is signed by Google.
 
       int result = X509_verify_cert(store_ctx.get());
-      ASSERT_GE(0, result) << "  OEM Cert not valid. " <<
-          X509_verify_cert_error_string(
-              X509_STORE_CTX_get_error(store_ctx.get()));
+      ASSERT_GE(0, result) << "  OEM Cert not valid. "
+                           << X509_verify_cert_error_string(
+                                  X509_STORE_CTX_get_error(store_ctx.get()));
       if (result == 0) {
         printf("Cert not verified: %s.\n",
                X509_verify_cert_error_string(
@@ -1440,7 +1451,7 @@ bool Session::VerifyPSSSignature(EVP_PKEY* pkey, const uint8_t* message,
   }
 
   if (EVP_PKEY_CTX_set_signature_md(pkey_ctx,
-                                    const_cast<EVP_MD *>(EVP_sha1())) != 1) {
+                                    const_cast<EVP_MD*>(EVP_sha1())) != 1) {
     LOGE("EVP_PKEY_CTX_set_signature_md failed in VerifyPSSSignature");
     goto err;
   }
@@ -1489,18 +1500,17 @@ void Session::VerifyRSASignature(const vector<uint8_t>& message,
     boringssl_ptr<EVP_PKEY, EVP_PKEY_free> pkey(EVP_PKEY_new());
     ASSERT_EQ(1, EVP_PKEY_set1_RSA(pkey.get(), public_rsa_));
 
-    const bool ok = VerifyPSSSignature(
-        pkey.get(), message.data(), message.size(), signature,
-        signature_length);
+    const bool ok =
+        VerifyPSSSignature(pkey.get(), message.data(), message.size(),
+                           signature, signature_length);
     EXPECT_TRUE(ok) << "PSS signature check failed.";
   } else if (padding_scheme == kSign_PKCS1_Block1) {
     vector<uint8_t> padded_digest(signature_length);
     int size;
     // RSA_public_decrypt decrypts the signature, and then verifies that
     // it was padded with RSA PKCS1 padding.
-    size = RSA_public_decrypt(
-        signature_length, signature, padded_digest.data(), public_rsa_,
-        RSA_PKCS1_PADDING);
+    size = RSA_public_decrypt(signature_length, signature, padded_digest.data(),
+                              public_rsa_, RSA_PKCS1_PADDING);
     EXPECT_GT(size, 0);
     padded_digest.resize(size);
     EXPECT_EQ(message, padded_digest);
@@ -1566,16 +1576,14 @@ void Session::UpdateUsageEntry(std::vector<uint8_t>* header_buffer) {
 void Session::LoadUsageEntry(uint32_t index, const vector<uint8_t>& buffer) {
   usage_entry_number_ = index;
   encrypted_usage_entry_ = buffer;
-  ASSERT_EQ(
-      OEMCrypto_SUCCESS,
-      OEMCrypto_LoadUsageEntry(
-          session_id(), index, buffer.data(), buffer.size()));
+  ASSERT_EQ(OEMCrypto_SUCCESS,
+            OEMCrypto_LoadUsageEntry(session_id(), index, buffer.data(),
+                                     buffer.size()));
 }
 
 void Session::MoveUsageEntry(uint32_t new_index,
                              std::vector<uint8_t>* header_buffer,
                              OEMCryptoResult expect_result) {
-
   ASSERT_NO_FATAL_FAILURE(open());
   ASSERT_NO_FATAL_FAILURE(ReloadUsageEntry());
   ASSERT_EQ(expect_result, OEMCrypto_MoveEntry(session_id(), new_index));
@@ -1587,8 +1595,7 @@ void Session::MoveUsageEntry(uint32_t new_index,
 }
 
 void Session::GenerateReport(const std::string& pst,
-                             OEMCryptoResult expected_result,
-                             Session* other) {
+                             OEMCryptoResult expected_result, Session* other) {
   ASSERT_TRUE(open_);
   if (other) {  // If other is specified, copy mac keys.
     key_deriver_ = other->key_deriver_;
@@ -1624,14 +1631,13 @@ void Session::GenerateReport(const std::string& pst,
 void Session::VerifyPST(const Test_PST_Report& expected) {
   wvcdm::Unpacked_PST_Report computed = pst_report();
   EXPECT_EQ(expected.status, computed.status());
-  char* pst_ptr = reinterpret_cast<char *>(computed.pst());
+  char* pst_ptr = reinterpret_cast<char*>(computed.pst());
   std::string computed_pst(pst_ptr, pst_ptr + computed.pst_length());
   ASSERT_EQ(expected.pst, computed_pst);
   int64_t now = wvcdm::Clock().GetCurrentTime();
   int64_t age = now - expected.time_created;  // How old is this report.
   EXPECT_NEAR(expected.seconds_since_license_received + age,
-              computed.seconds_since_license_received(),
-              kTimeTolerance);
+              computed.seconds_since_license_received(), kTimeTolerance);
   // Decrypt times only valid on licenses that have been active.
   if (expected.status == kActive || expected.status == kInactiveUsed) {
     EXPECT_NEAR(expected.seconds_since_first_decrypt + age,
@@ -1643,8 +1649,8 @@ void Session::VerifyPST(const Test_PST_Report& expected) {
   }
   std::vector<uint8_t> signature(SHA_DIGEST_LENGTH);
   key_deriver_.ClientSignPstReport(pst_report_buffer_, &signature);
-  EXPECT_EQ(0, memcmp(computed.signature(), signature.data(),
-                      SHA_DIGEST_LENGTH));
+  EXPECT_EQ(0,
+            memcmp(computed.signature(), signature.data(), SHA_DIGEST_LENGTH));
 }
 
 void Session::VerifyReport(Test_PST_Report expected,