Field provisioning for L3 OEMCrypto

bug: 8621460 Merge of https://widevine-internal-review.googlesource.com/#/c/4955/ from Widevine CDM repository. Change-Id: I30cf4314283db51c8e706c026501784259c87c13
2013-04-23 13:21:44 -07:00
parent 958bbe6d05
commit 1aff209f91
22 changed files with 912 additions and 4031 deletions
--- a/libwvdrmengine/Android.mk
+++ b/libwvdrmengine/Android.mk
@@ -59,7 +59,8 @@ LOCAL_C_INCLUDES := \

 LOCAL_STATIC_LIBRARIES := \
  libcdm \
-  libl3crypto \
+  libwvwrapper \
+  libwvlevel3 \
  libprotobuf-cpp-2.3.0-lite \
  libwvdrmcryptoplugin \
  libwvdrmdrmplugin \
@@ -87,6 +88,7 @@ include $(BUILD_SHARED_LIBRARY)

 include vendor/widevine/libwvdrmengine/cdm/Android.mk
 include vendor/widevine/libwvdrmengine/level3/Android.mk
+include vendor/widevine/libwvdrmengine/oemcrypto/Android.mk
 include vendor/widevine/libwvdrmengine/mediacrypto/Android.mk
 include vendor/widevine/libwvdrmengine/mediadrm/Android.mk

--- a/libwvdrmengine/cdm/core/src/client_files.proto
+++ b/libwvdrmengine/cdm/core/src/client_files.proto
@@ -1,27 +0,0 @@
-// ----------------------------------------------------------------------------
-// client_files.proto
-// ----------------------------------------------------------------------------
-// Copyright 2013 Google Inc. All Rights Reserved.
-//
-// Description:
-//   Format of various files stored at the device.
-//
-syntax = "proto2";
-
-package video_widevine_client.sdk;
-
-// need this if we are using libprotobuf-cpp-2.3.0-lite
-option optimize_for = LITE_RUNTIME;
-
-message DeviceCertificateFileFormat {
-  optional int32 version = 1;
-  optional bytes certificate = 2;
-  optional bytes wrapped_private_key = 3;
-}
-
-message LicenseFileFormat {
-  optional int32 version = 1;
-  optional bytes key_set_id = 2;
-  optional bytes license_request = 3;
-  optional bytes license = 4;
-}
--- a/libwvdrmengine/cdm/test/unit-test.mk
+++ b/libwvdrmengine/cdm/test/unit-test.mk
@@ -36,7 +36,8 @@ LOCAL_STATIC_LIBRARIES := \
    libgmock \
    libgtest \
    libgtest_main \
-    libl3crypto \
+    libwvwrapper \
+    libwvlevel3 \
    libprotobuf-cpp-2.3.0-lite

 LOCAL_WHOLE_STATIC_LIBRARIES := libcdm_protos
--- a/libwvdrmengine/level3/Android.mk
+++ b/libwvdrmengine/level3/Android.mk
@@ -1,38 +1,4 @@
-LOCAL_PATH:= $(call my-dir)
+ifneq ($(filter arm x86 mips,$(TARGET_ARCH)),)
+include $(call all-subdir-makefiles)
+endif

-include $(CLEAR_VARS)
-
-# TODO(fredgc): remove mock code as real code starts working.
-LOCAL_SRC_FILES := \
-    $(TARGET_ARCH)/entry_points.cpp \
-    ../oemcrypto/mock/src/oemcrypto_engine_mock.cpp \
-    ../oemcrypto/mock/src/oemcrypto_key_mock.cpp \
-    ../oemcrypto/mock/src/oemcrypto_keybox_mock.cpp \
-    ../oemcrypto/mock/src/lock.cpp \
-    ../oemcrypto/mock/src/log.cpp \
-    ../oemcrypto/mock/src/string_conversions.cpp \
-    ../oemcrypto/mock/src/wvcrc.cpp \
-
-# TODO(fredgc): remove mock include when real code starts working.
-LOCAL_C_INCLUDES += \
-    vendor/widevine/libwvdrmengine/oemcrypto/mock/src \
-    bionic \
-    external/openssh \
-    external/openssl/include \
-    external/stlport/stlport \
-    vendor/widevine/libwvdrmengine/oemcrypto/include \
-    $(LOCAL_PATH)/include \
-    $(LOCAL_PATH)/$(TARGET_ARCH)
-
-LOCAL_MODULE := libl3crypto
-
-LOCAL_SHARED_LIBRARIES := \
-    libcrypto \
-    libcutils \
-    libdl \
-    liblog \
-    libstlport \
-    libutils \
-    libz \
-
-include $(BUILD_STATIC_LIBRARY)
--- a/libwvdrmengine/level3/arm/Android.mk
+++ b/libwvdrmengine/level3/arm/Android.mk
@@ -0,0 +1,12 @@
+ifeq ($(TARGET_ARCH),arm)
+LOCAL_PATH:= $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := libwvlevel3
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_SRC_FILES := $(LOCAL_MODULE)$(LOCAL_MODULE_SUFFIX)
+LOCAL_PROPRIETARY_MODULE := true
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_OWNER := widevine
+include $(BUILD_PREBUILT)
+endif # if arm.
--- a/libwvdrmengine/level3/arm/entry_points.cpp
+++ b/libwvdrmengine/level3/arm/entry_points.cpp
--- a/libwvdrmengine/level3/arm/libwvlevel3.a
+++ b/libwvdrmengine/level3/arm/libwvlevel3.a
--- a/libwvdrmengine/level3/mips/Android.mk
+++ b/libwvdrmengine/level3/mips/Android.mk
@@ -0,0 +1,12 @@
+ifeq ($(TARGET_ARCH),mips)
+LOCAL_PATH:= $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := libwvlevel3
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_SRC_FILES := $(LOCAL_MODULE)$(LOCAL_MODULE_SUFFIX)
+LOCAL_PROPRIETARY_MODULE := true
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_OWNER := widevine
+include $(BUILD_PREBUILT)
+endif # if mips.
--- a/libwvdrmengine/level3/mips/entry_points.cpp
+++ b/libwvdrmengine/level3/mips/entry_points.cpp
--- a/libwvdrmengine/level3/mips/libwvlevel3.a
+++ b/libwvdrmengine/level3/mips/libwvlevel3.a
--- a/libwvdrmengine/level3/x86/Android.mk
+++ b/libwvdrmengine/level3/x86/Android.mk
@@ -0,0 +1,12 @@
+ifeq ($(TARGET_ARCH),x86)
+LOCAL_PATH:= $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := libwvlevel3
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_SRC_FILES := $(LOCAL_MODULE)$(LOCAL_MODULE_SUFFIX)
+LOCAL_PROPRIETARY_MODULE := true
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_OWNER := widevine
+include $(BUILD_PREBUILT)
+endif # if x86.
--- a/libwvdrmengine/level3/x86/entry_points.cpp
+++ b/libwvdrmengine/level3/x86/entry_points.cpp
--- a/libwvdrmengine/level3/x86/libwvlevel3.a
+++ b/libwvdrmengine/level3/x86/libwvlevel3.a
--- a/libwvdrmengine/mediacrypto/test/Android.mk
+++ b/libwvdrmengine/mediacrypto/test/Android.mk
@@ -20,7 +20,8 @@ LOCAL_STATIC_LIBRARIES := \
  libgmock \
  libgmock_main \
  libgtest \
-  libl3crypto \
+  libwvwrapper \
+  libwvlevel3 \
  libprotobuf-cpp-2.3.0-lite \
  libwvdrmcryptoplugin \

--- a/libwvdrmengine/mediadrm/test/Android.mk
+++ b/libwvdrmengine/mediadrm/test/Android.mk
@@ -21,7 +21,8 @@ LOCAL_STATIC_LIBRARIES := \
  libgmock \
  libgmock_main \
  libgtest \
-  libl3crypto \
+  libwvwrapper \
+  libwvlevel3 \
  libprotobuf-cpp-2.3.0-lite \
  libwvdrmdrmplugin \

--- a/libwvdrmengine/oemcrypto/Android.mk
+++ b/libwvdrmengine/oemcrypto/Android.mk
@@ -0,0 +1,34 @@
+LOCAL_PATH:= $(call my-dir)
+
+include $(CLEAR_VARS)
+
+LOCAL_C_INCLUDES := \
+  vendor/widevine/libwvdrmengine/cdm/core/include \
+  bionic \
+  external/openssh \
+  external/openssl/include \
+  external/openssl/include/openssl \
+  external/stlport/stlport \
+  vendor/widevine/libwvdrmengine/oemcrypto/include \
+
+LOCAL_SHARED_LIBRARIES := \
+  libcrypto \
+  libcutils \
+  libdl \
+  liblog \
+  libstlport \
+  libutils \
+  libz \
+
+LOCAL_STATIC_LIBRARIES := \
+    libwvlevel3 \
+
+LOCAL_MODULE := libwvwrapper
+
+# TODO(fredgc): remove mock reference when library is complete.
+REL_MOCK_SOURCE := ../oemcrypto/mock/src
+
+LOCAL_SRC_FILES := \
+  src/wrapper.cpp \
+
+include $(BUILD_STATIC_LIBRARY)
--- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
+++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
@@ -1024,8 +1024,6 @@ OEMCryptoResult OEMCrypto_LoadDeviceRSAKey(OEMCrypto_SESSION session,
 *   OEMCrypto_SUCCESS success
 *   OEMCrypto_ERROR_INVALID_SESSION
 *   OEMCrypto_ERROR_SHORT_BUFFER if the signature buffer is too small.
- *   OEMCrypto_ERROR_CLOSE_SESSION_FAILED illegal/unrecognized handle or the
- *                                  security engine is not properly initialized.
 *
 * Version:
 *   This method changed in API version 6.
--- a/libwvdrmengine/oemcrypto/include/level3.h
+++ b/libwvdrmengine/oemcrypto/include/level3.h
@@ -0,0 +1,160 @@
+/*********************************************************************
+ * OEMCryptoCENC.h
+ *
+ * (c) Copyright 2013 Google, Inc.
+ *
+ * Reference APIs needed to support Widevine's crypto algorithms.
+ *********************************************************************/
+
+#ifndef LEVEL3_OEMCRYPTO_H_
+#define LEVEL3_OEMCRYPTO_H_
+
+#include<stddef.h>
+#include<stdint.h>
+
+#include "OEMCryptoCENC.h"
+
+namespace wvoec_level3 {
+
+#define Level3_Initialize               _lcc01
+#define Level3_Terminate                _lcc02
+#define Level3_InstallKeybox            _lcc03
+#define Level3_GetKeyData               _lcc04
+#define Level3_IsKeyboxValid            _lcc05
+#define Level3_GetRandom                _lcc06
+#define Level3_GetDeviceID              _lcc07
+#define Level3_WrapKeybox               _lcc08
+#define Level3_OpenSession              _lcc09
+#define Level3_CloseSession             _lcc10
+#define Level3_DecryptCTR               _lcc11
+#define Level3_GenerateDerivedKeys      _lcc12
+#define Level3_GenerateSignature        _lcc13
+#define Level3_GenerateNonce            _lcc14
+#define Level3_LoadKeys                 _lcc15
+#define Level3_RefreshKeys              _lcc16
+#define Level3_SelectKey                _lcc17
+#define Level3_RewrapDeviceRSAKey       _lcc18
+#define Level3_LoadDeviceRSAKey         _lcc19
+#define Level3_GenerateRSASignature     _lcc20
+#define Level3_DeriveKeysFromSessionKey _lcc21
+#define Level3_APIVersion               _lcc22
+#define Level3_SecurityLevel            _lcc23
+#define Level3_Generic_Encrypt          _lcc24
+#define Level3_Generic_Decrypt          _lcc25
+#define Level3_Generic_Sign             _lcc26
+#define Level3_Generic_Verify           _lcc27
+
+extern "C" {
+
+OEMCryptoResult Level3_Initialize(void);
+OEMCryptoResult Level3_Terminate(void);
+OEMCryptoResult Level3_OpenSession(OEMCrypto_SESSION *session);
+OEMCryptoResult Level3_CloseSession(OEMCrypto_SESSION session);
+OEMCryptoResult Level3_GenerateDerivedKeys(OEMCrypto_SESSION session,
+                                           const uint8_t *mac_key_context,
+                                           uint32_t mac_key_context_length,
+                                           const uint8_t *enc_key_context,
+                                           uint32_t enc_key_context_length);
+OEMCryptoResult Level3_GenerateNonce(OEMCrypto_SESSION session,
+                                     uint32_t* nonce);
+OEMCryptoResult Level3_GenerateSignature(OEMCrypto_SESSION session,
+                                         const uint8_t* message,
+                                         size_t message_length,
+                                         uint8_t* signature,
+                                         size_t* signature_length);
+OEMCryptoResult Level3_LoadKeys(OEMCrypto_SESSION session,
+                                const uint8_t* message,
+                                size_t message_length,
+                                const uint8_t* signature,
+                                size_t signature_length,
+                                const uint8_t* enc_mac_key_iv,
+                                const uint8_t* enc_mac_key,
+                                size_t num_keys,
+                                const OEMCrypto_KeyObject* key_array);
+OEMCryptoResult Level3_RefreshKeys(OEMCrypto_SESSION session,
+                                   const uint8_t* message,
+                                   size_t message_length,
+                                   const uint8_t* signature,
+                                   size_t signature_length,
+                                   size_t num_keys,
+                                   const OEMCrypto_KeyRefreshObject* key_array);
+OEMCryptoResult Level3_SelectKey(const OEMCrypto_SESSION session,
+                                 const uint8_t* key_id,
+                                 size_t key_id_length);
+OEMCryptoResult Level3_DecryptCTR(OEMCrypto_SESSION session,
+                                     const uint8_t *data_addr,
+                                     size_t data_length,
+                                     bool is_encrypted,
+                                     const uint8_t *iv,
+                                     size_t block_offset,
+                                     const OEMCrypto_DestBufferDesc* out_buffer,
+                                     uint8_t subsample_flags);
+OEMCryptoResult Level3_InstallKeybox(const uint8_t *keybox,
+                                     size_t keyBoxLength);
+OEMCryptoResult Level3_IsKeyboxValid(void);
+OEMCryptoResult Level3_GetDeviceID(uint8_t* deviceID,
+                                   size_t *idLength);
+OEMCryptoResult Level3_GetKeyData(uint8_t* keyData,
+                                  size_t *keyDataLength);
+OEMCryptoResult Level3_GetRandom(uint8_t* randomData,
+                                 size_t dataLength);
+OEMCryptoResult Level3_WrapKeybox(const uint8_t *keybox,
+                                  size_t keyBoxLength,
+                                  uint8_t *wrappedKeybox,
+                                  size_t *wrappedKeyBoxLength,
+                                  const uint8_t *transportKey,
+                                  size_t transportKeyLength);
+OEMCryptoResult Level3_RewrapDeviceRSAKey(OEMCrypto_SESSION session,
+                                          const uint8_t* message,
+                                          size_t message_length,
+                                          const uint8_t* signature,
+                                          size_t signature_length,
+                                          const uint32_t *nonce,
+                                          const uint8_t* enc_rsa_key,
+                                          size_t enc_rsa_key_length,
+                                          const uint8_t* enc_rsa_key_iv,
+                                          uint8_t* wrapped_rsa_key,
+                                          size_t *wrapped_rsa_key_length);
+OEMCryptoResult Level3_LoadDeviceRSAKey(OEMCrypto_SESSION session,
+                                        const uint8_t* wrapped_rsa_key,
+                                        size_t wrapped_rsa_key_length);
+OEMCryptoResult Level3_GenerateRSASignature(OEMCrypto_SESSION session,
+                                            const uint8_t* message,
+                                            size_t message_length,
+                                            uint8_t* signature,
+                                            size_t *signature_length);
+OEMCryptoResult Level3_DeriveKeysFromSessionKey(OEMCrypto_SESSION session,
+                                                const uint8_t* enc_session_key,
+                                                size_t enc_session_key_length,
+                                                const uint8_t *mac_key_context,
+                                                size_t mac_key_context_length,
+                                                const uint8_t *enc_key_context,
+                                                size_t enc_key_context_length);
+OEMCryptoResult Level3_Generic_Encrypt(OEMCrypto_SESSION session,
+                                       const uint8_t* in_buffer,
+                                       size_t buffer_length,
+                                       const uint8_t* iv,
+                                       OEMCrypto_Algorithm algorithm,
+                                       uint8_t* out_buffer);
+OEMCryptoResult Level3_Generic_Decrypt(OEMCrypto_SESSION session,
+                                       const uint8_t* in_buffer,
+                                       size_t buffer_length,
+                                       const uint8_t* iv,
+                                       OEMCrypto_Algorithm algorithm,
+                                       uint8_t* out_buffer);
+OEMCryptoResult Level3_Generic_Sign(OEMCrypto_SESSION session,
+                                    const uint8_t* in_buffer,
+                                    size_t buffer_length,
+                                    OEMCrypto_Algorithm algorithm,
+                                    uint8_t* signature,
+                                    size_t* signature_length);
+OEMCryptoResult Level3_Generic_Verify(OEMCrypto_SESSION session,
+                                      const uint8_t* in_buffer,
+                                      size_t buffer_length,
+                                      OEMCrypto_Algorithm algorithm,
+                                      const uint8_t* signature,
+                                      size_t signature_length);
+};
+
+}
+#endif  // LEVEL3_OEMCRYPTO_H_
--- a/libwvdrmengine/oemcrypto/src/wrapper.cpp
+++ b/libwvdrmengine/oemcrypto/src/wrapper.cpp
@@ -0,0 +1,626 @@
+/*******************************************************************************
+ *
+ * Copyright 2013 Google Inc. All Rights Reserved.
+ *
+ * mock implementation of OEMCrypto APIs
+ *
+ ******************************************************************************/
+
+#include "OEMCryptoCENC.h"
+
+#include <dlfcn.h>
+#include <stdio.h>
+#include <iostream>
+#include <cstring>
+#include <string>
+
+#include "level3.h"
+#include "log.h"
+
+using namespace wvoec_level3;
+
+namespace {
+typedef OEMCryptoResult (*L1_Initialize_t)(void);
+typedef OEMCryptoResult (*L1_Terminate_t)(void);
+typedef OEMCryptoResult (*L1_OpenSession_t)(OEMCrypto_SESSION *session);
+typedef OEMCryptoResult (*L1_CloseSession_t)(OEMCrypto_SESSION session);
+typedef OEMCryptoResult (*L1_GenerateDerivedKeys_t)(OEMCrypto_SESSION session,
+                                                    const uint8_t *mac_key_context,
+                                                    uint32_t mac_key_context_length,
+                                                    const uint8_t *enc_key_context,
+                                                    uint32_t enc_key_context_length);
+typedef OEMCryptoResult (*L1_GenerateNonce_t)(OEMCrypto_SESSION session,
+                                              uint32_t* nonce);
+typedef OEMCryptoResult (*L1_GenerateSignature_t)(OEMCrypto_SESSION session,
+                                                  const uint8_t* message,
+                                                  size_t message_length,
+                                                  uint8_t* signature,
+                                                  size_t* signature_length);
+typedef OEMCryptoResult (*L1_LoadKeys_t)(OEMCrypto_SESSION session,
+                                         const uint8_t* message,
+                                         size_t message_length,
+                                         const uint8_t* signature,
+                                         size_t signature_length,
+                                         const uint8_t* enc_mac_key_iv,
+                                         const uint8_t* enc_mac_key,
+                                         size_t num_keys,
+                                         const OEMCrypto_KeyObject* key_array);
+typedef OEMCryptoResult (*L1_RefreshKeys_t)(OEMCrypto_SESSION session,
+                                            const uint8_t* message,
+                                            size_t message_length,
+                                            const uint8_t* signature,
+                                            size_t signature_length,
+                                            size_t num_keys,
+                                            const OEMCrypto_KeyRefreshObject* key_array);
+typedef OEMCryptoResult (*L1_SelectKey_t)(const OEMCrypto_SESSION session,
+                                          const uint8_t* key_id,
+                                          size_t key_id_length);
+typedef OEMCryptoResult (*L1_DecryptCTR_t)(OEMCrypto_SESSION session,
+                                           const uint8_t *data_addr,
+                                           size_t data_length,
+                                           bool is_encrypted,
+                                           const uint8_t *iv,
+                                           size_t offset,
+                                           const OEMCrypto_DestBufferDesc* out_buffer,
+                                           uint8_t subsample_flags);
+typedef OEMCryptoResult (*L1_InstallKeybox_t)(const uint8_t *keybox,
+                                              size_t keyBoxLength);
+typedef OEMCryptoResult (*L1_IsKeyboxValid_t)(void);
+typedef OEMCryptoResult (*L1_GetDeviceID_t)(uint8_t* deviceID,
+                                            size_t *idLength);
+typedef OEMCryptoResult (*L1_GetKeyData_t)(uint8_t* keyData,
+                                           size_t *keyDataLength);
+typedef OEMCryptoResult (*L1_GetRandom_t)(uint8_t* randomData,
+                                          size_t dataLength);
+typedef OEMCryptoResult (*L1_WrapKeybox_t)(const uint8_t *keybox,
+                                           size_t keyBoxLength,
+                                           uint8_t *wrappedKeybox,
+                                           size_t *wrappedKeyBoxLength,
+                                           const uint8_t *transportKey,
+                                           size_t transportKeyLength);
+typedef OEMCryptoResult (*L1_RewrapDeviceRSAKey_t)(OEMCrypto_SESSION session,
+                                                   const uint8_t* message,
+                                                   size_t message_length,
+                                                   const uint8_t* signature,
+                                                   size_t signature_length,
+                                                   const uint32_t *nonce,
+                                                   const uint8_t* enc_rsa_key,
+                                                   size_t enc_rsa_key_length,
+                                                   const uint8_t* enc_rsa_key_iv,
+                                                   uint8_t* wrapped_rsa_key,
+                                                   size_t *wrapped_rsa_key_length);
+typedef OEMCryptoResult (*L1_LoadDeviceRSAKey_t)(OEMCrypto_SESSION session,
+                                                 const uint8_t* wrapped_rsa_key,
+                                                 size_t wrapped_rsa_key_length);
+typedef OEMCryptoResult (*L1_GenerateRSASignature_t)(OEMCrypto_SESSION session,
+                                                     const uint8_t* message,
+                                                     size_t message_length,
+                                                     uint8_t* signature,
+                                                     size_t *signature_length);
+typedef OEMCryptoResult (*L1_DeriveKeysFromSessionKey_t)(OEMCrypto_SESSION session,
+                                                         const uint8_t* enc_session_key,
+                                                         size_t enc_session_key_length,
+                                                         const uint8_t *mac_key_context,
+                                                         size_t mac_key_context_length,
+                                                         const uint8_t *enc_key_context,
+                                                         size_t enc_key_context_length);
+typedef OEMCryptoResult (*L1_Generic_Encrypt_t)(OEMCrypto_SESSION session,
+                                                const uint8_t* in_buffer,
+                                                size_t buffer_length,
+                                                const uint8_t* iv,
+                                                OEMCrypto_Algorithm algorithm,
+                                                uint8_t* out_buffer);
+typedef OEMCryptoResult (*L1_Generic_Decrypt_t)(OEMCrypto_SESSION session,
+                                                const uint8_t* in_buffer,
+                                                size_t buffer_length,
+                                                const uint8_t* iv,
+                                                OEMCrypto_Algorithm algorithm,
+                                                uint8_t* out_buffer);
+
+typedef OEMCryptoResult (*L1_Generic_Sign_t)(OEMCrypto_SESSION session,
+                                             const uint8_t* in_buffer,
+                                             size_t buffer_length,
+                                             OEMCrypto_Algorithm algorithm,
+                                             uint8_t* signature,
+                                             size_t* signature_length);
+
+typedef OEMCryptoResult (*L1_Generic_Verify_t)(OEMCrypto_SESSION session,
+                                               const uint8_t* in_buffer,
+                                               size_t buffer_length,
+                                               OEMCrypto_Algorithm algorithm,
+                                               const uint8_t* signature,
+                                               size_t signature_length);
+typedef uint8_t (*L1_APIVersion_t)();
+typedef const char* (*L1_SecurityLevel_t)();
+
+struct FunctionPointers {
+  void* library;
+  L1_Initialize_t               OEMCrypto_Initialize;
+  L1_Terminate_t                OEMCrypto_Terminate;
+  L1_OpenSession_t              OEMCrypto_OpenSession;
+  L1_CloseSession_t             OEMCrypto_CloseSession;
+  L1_GenerateDerivedKeys_t      OEMCrypto_GenerateDerivedKeys;
+  L1_GenerateNonce_t            OEMCrypto_GenerateNonce;
+  L1_GenerateSignature_t        OEMCrypto_GenerateSignature;
+  L1_LoadKeys_t                 OEMCrypto_LoadKeys;
+  L1_RefreshKeys_t              OEMCrypto_RefreshKeys;
+  L1_SelectKey_t                OEMCrypto_SelectKey;
+  L1_DecryptCTR_t               OEMCrypto_DecryptCTR;
+  L1_InstallKeybox_t            OEMCrypto_InstallKeybox;
+  L1_IsKeyboxValid_t            OEMCrypto_IsKeyboxValid;
+  L1_GetDeviceID_t              OEMCrypto_GetDeviceID;
+  L1_GetKeyData_t               OEMCrypto_GetKeyData;
+  L1_GetRandom_t                OEMCrypto_GetRandom;
+  L1_WrapKeybox_t               OEMCrypto_WrapKeybox;
+  L1_RewrapDeviceRSAKey_t       OEMCrypto_RewrapDeviceRSAKey;
+  L1_LoadDeviceRSAKey_t         OEMCrypto_LoadDeviceRSAKey;
+  L1_GenerateRSASignature_t     OEMCrypto_GenerateRSASignature;
+  L1_DeriveKeysFromSessionKey_t OEMCrypto_DeriveKeysFromSessionKey;
+  L1_APIVersion_t               OEMCrypto_APIVersion;
+  L1_SecurityLevel_t            OEMCrypto_SecurityLevel;
+  L1_Generic_Encrypt_t          OEMCrypto_Generic_Encrypt;
+  L1_Generic_Decrypt_t          OEMCrypto_Generic_Decrypt;
+  L1_Generic_Sign_t             OEMCrypto_Generic_Sign;
+  L1_Generic_Verify_t           OEMCrypto_Generic_Verify;
+};
+static struct FunctionPointers level1;
+
+#define QUOTE_DEFINE(A) #A
+#define QUOTE(A) QUOTE_DEFINE(A)
+#define LOOKUP(Type, Name)                                      \
+  level1.Name = (Type)dlsym(level1.library, QUOTE(Name));       \
+  if (!level1.Name) {                                           \
+    dll_valid = false;                                          \
+  }
+
+extern "C"
+OEMCryptoResult OEMCrypto_Initialize(void) {
+  // LOGD("First, I will try to load Level 1");
+  level1.library = dlopen("liboemcrypto.so", RTLD_NOW);
+  if (level1.library == NULL) {
+    LOGW("Could not load liboemcrypto.so. Falling Back to L3.  %s", dlerror());
+    return Level3_Initialize();
+  }
+  bool dll_valid = true;
+  LOOKUP(L1_Initialize_t,               OEMCrypto_Initialize);
+  LOOKUP(L1_Terminate_t,                OEMCrypto_Terminate);
+  LOOKUP(L1_OpenSession_t,              OEMCrypto_OpenSession);
+  LOOKUP(L1_CloseSession_t,             OEMCrypto_CloseSession);
+  LOOKUP(L1_GenerateDerivedKeys_t,      OEMCrypto_GenerateDerivedKeys);
+  LOOKUP(L1_GenerateNonce_t,            OEMCrypto_GenerateNonce);
+  LOOKUP(L1_GenerateSignature_t,        OEMCrypto_GenerateSignature);
+  LOOKUP(L1_LoadKeys_t,                 OEMCrypto_LoadKeys);
+  LOOKUP(L1_RefreshKeys_t,              OEMCrypto_RefreshKeys);
+  LOOKUP(L1_SelectKey_t,                OEMCrypto_SelectKey);
+  LOOKUP(L1_DecryptCTR_t,               OEMCrypto_DecryptCTR);
+  LOOKUP(L1_InstallKeybox_t,            OEMCrypto_InstallKeybox);
+  LOOKUP(L1_IsKeyboxValid_t,            OEMCrypto_IsKeyboxValid);
+  LOOKUP(L1_GetDeviceID_t,              OEMCrypto_GetDeviceID);
+  LOOKUP(L1_GetKeyData_t,               OEMCrypto_GetKeyData);
+  LOOKUP(L1_GetRandom_t,                OEMCrypto_GetRandom);
+  LOOKUP(L1_WrapKeybox_t,               OEMCrypto_WrapKeybox);
+
+  // TODO(fredgc): Move the validity check from here to below after we have
+  // an L1 library that matches current version.
+  if (!dll_valid) {
+    dlclose(level1.library);
+    level1.library = NULL;
+    LOGW("Could not load functions from  liboemcrypto.so. Falling Back to L3.");
+    return Level3_Initialize();
+  }
+  LOOKUP(L1_RewrapDeviceRSAKey_t,       OEMCrypto_RewrapDeviceRSAKey);
+  LOOKUP(L1_LoadDeviceRSAKey_t,         OEMCrypto_LoadDeviceRSAKey);
+  LOOKUP(L1_GenerateRSASignature_t,     OEMCrypto_GenerateRSASignature);
+  LOOKUP(L1_DeriveKeysFromSessionKey_t, OEMCrypto_DeriveKeysFromSessionKey);
+  LOOKUP(L1_APIVersion_t,     OEMCrypto_APIVersion);
+  LOOKUP(L1_SecurityLevel_t, OEMCrypto_SecurityLevel);
+  LOOKUP(L1_Generic_Decrypt_t, OEMCrypto_Generic_Decrypt);
+  LOOKUP(L1_Generic_Encrypt_t, OEMCrypto_Generic_Encrypt);
+  LOOKUP(L1_Generic_Sign_t, OEMCrypto_Generic_Sign);
+  LOOKUP(L1_Generic_Verify_t, OEMCrypto_Generic_Verify);
+
+  // TODO(fredgc): Move the validity check from above to here after we have
+  // a current L1 library.
+
+  OEMCryptoResult st = level1.OEMCrypto_Initialize();
+  if (st != OEMCrypto_SUCCESS) {
+    LOGW("Could not initialize liboemcrypto.so. Falling Back to L3.");
+    dlclose(level1.library);
+    level1.library = NULL;
+    return Level3_Initialize();
+  }
+  if (level1.OEMCrypto_APIVersion) {
+    uint32_t level1_version = level1.OEMCrypto_APIVersion();
+    if (level1_version > oec_latest_version) {   // Check for foward jump.
+      LOGW("liboemcrypto.so is version %d, not %d. Falling Back to L3.",
+           level1_version, oec_latest_version);
+      dlclose(level1.library);
+      level1.library = NULL;
+      return Level3_Initialize();
+    }
+  }
+  LOGD("OEMCrypto_Initialize Level 1 success. I will use level 1.");
+  return OEMCrypto_SUCCESS;
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_Terminate(void) {
+  if (level1.library) {
+    OEMCryptoResult st = level1.OEMCrypto_Terminate();
+    dlclose(level1.library);
+    level1.library = NULL;
+    return st;
+  }
+  return Level3_Terminate();
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_OpenSession(OEMCrypto_SESSION* session) {
+  if (level1.library) {
+    return level1.OEMCrypto_OpenSession(session);
+  }
+  return Level3_OpenSession(session);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session) {
+  if (level1.library) {
+    return level1.OEMCrypto_CloseSession(session);
+  }
+  return Level3_CloseSession(session);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_GenerateNonce(OEMCrypto_SESSION session,
+                                        uint32_t* nonce) {
+  if (level1.library) {
+    return level1.OEMCrypto_GenerateNonce(session, nonce);
+  }
+  return Level3_GenerateNonce(session, nonce);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_GenerateDerivedKeys(OEMCrypto_SESSION session,
+                                              const uint8_t* mac_key_context,
+                                              uint32_t mac_key_context_length,
+                                              const uint8_t* enc_key_context,
+                                              uint32_t enc_key_context_length) {
+  if (level1.library) {
+    return level1.OEMCrypto_GenerateDerivedKeys(session, mac_key_context,
+                                                mac_key_context_length,
+                                                enc_key_context,
+                                                enc_key_context_length);
+  }
+  return Level3_GenerateDerivedKeys(session, mac_key_context,
+                                    mac_key_context_length,
+                                    enc_key_context,
+                                    enc_key_context_length);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_GenerateSignature(OEMCrypto_SESSION session,
+                                            const uint8_t* message,
+                                            size_t message_length,
+                                            uint8_t* signature,
+                                            size_t* signature_length) {
+  if (level1.library) {
+    return level1.OEMCrypto_GenerateSignature(session, message, message_length,
+                                              signature, signature_length);
+  }
+  return Level3_GenerateSignature(session, message, message_length,
+                                  signature, signature_length);
+}
+
+
+extern "C"
+OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,
+                                   const uint8_t* message,
+                                   size_t message_length,
+                                   const uint8_t* signature,
+                                   size_t signature_length,
+                                   const uint8_t* enc_mac_key_iv,
+                                   const uint8_t* enc_mac_key,
+                                   size_t num_keys,
+                                   const OEMCrypto_KeyObject* key_array) {
+  if (level1.library) {
+    return level1.OEMCrypto_LoadKeys(session, message, message_length, signature,
+                                     signature_length, enc_mac_key_iv, enc_mac_key,
+                                     num_keys, key_array);
+  }
+  return Level3_LoadKeys(session, message, message_length, signature,
+                         signature_length, enc_mac_key_iv, enc_mac_key,
+                         num_keys, key_array);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_RefreshKeys(OEMCrypto_SESSION session,
+                                      const uint8_t* message,
+                                      size_t message_length,
+                                      const uint8_t* signature,
+                                      size_t signature_length,
+                                      size_t num_keys,
+                                      const OEMCrypto_KeyRefreshObject* key_array) {
+  if (level1.library) {
+    return level1.OEMCrypto_RefreshKeys(session, message, message_length, signature,
+                                        signature_length, num_keys, key_array);
+  }
+  return Level3_RefreshKeys(session, message, message_length, signature,
+                            signature_length, num_keys, key_array);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
+                                    const uint8_t* key_id,
+                                    size_t key_id_length) {
+  if (level1.library) {
+    return level1.OEMCrypto_SelectKey(session, key_id, key_id_length);
+  }
+  return Level3_SelectKey(session, key_id, key_id_length);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_DecryptCTR(OEMCrypto_SESSION session,
+                                     const uint8_t* data_addr,
+                                     size_t data_length,
+                                     bool is_encrypted,
+                                     const uint8_t* iv,
+                                     size_t offset,
+                                     const OEMCrypto_DestBufferDesc* out_buffer,
+                                     uint8_t subsample_flags) {
+  if (level1.library) {
+    return level1.OEMCrypto_DecryptCTR(session, data_addr, data_length,
+                                       is_encrypted, iv, offset, out_buffer,
+                                       subsample_flags);
+  }
+  return Level3_DecryptCTR(session, data_addr, data_length,
+                           is_encrypted, iv, offset, out_buffer, subsample_flags);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
+                                        size_t keyBoxLength) {
+  if (level1.library) {
+    return level1.OEMCrypto_InstallKeybox(keybox, keyBoxLength);
+  }
+  return Level3_InstallKeybox(keybox, keyBoxLength);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_IsKeyboxValid(void) {
+  if (level1.library) {
+    return level1.OEMCrypto_IsKeyboxValid();
+  }
+  return Level3_IsKeyboxValid();
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* deviceID,
+                                      size_t* idLength) {
+  if (level1.library) {
+    return level1.OEMCrypto_GetDeviceID(deviceID, idLength);
+  }
+  return Level3_GetDeviceID(deviceID, idLength);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_GetKeyData(uint8_t* keyData,
+                                     size_t* keyDataLength) {
+  if (level1.library) {
+    return level1.OEMCrypto_GetKeyData(keyData, keyDataLength);
+  }
+  return Level3_GetKeyData(keyData, keyDataLength);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_GetRandom(uint8_t* randomData, size_t dataLength) {
+  if (level1.library) {
+    return level1.OEMCrypto_GetRandom(randomData, dataLength);
+  }
+  return Level3_GetRandom(randomData, dataLength);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox,
+                                     size_t keyBoxLength,
+                                     uint8_t* wrappedKeybox,
+                                     size_t* wrappedKeyBoxLength,
+                                     const uint8_t* transportKey,
+                                     size_t transportKeyLength) {
+  if (level1.library) {
+    return level1.OEMCrypto_WrapKeybox(keybox, keyBoxLength, wrappedKeybox,
+                                       wrappedKeyBoxLength, transportKey,
+                                       transportKeyLength);
+  }
+  return Level3_WrapKeybox(keybox, keyBoxLength, wrappedKeybox,
+                           wrappedKeyBoxLength, transportKey,
+                           transportKeyLength);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey(OEMCrypto_SESSION session,
+                                             const uint8_t* message,
+                                             size_t message_length,
+                                             const uint8_t* signature,
+                                             size_t signature_length,
+                                             const uint32_t* nonce,
+                                             const uint8_t* enc_rsa_key,
+                                             size_t enc_rsa_key_length,
+                                             const uint8_t* enc_rsa_key_iv,
+                                             uint8_t* wrapped_rsa_key,
+                                             size_t*  wrapped_rsa_key_length) {
+  if (level1.library) {
+    if (!level1.OEMCrypto_RewrapDeviceRSAKey) {
+      return OEMCrypto_ERROR_NOT_IMPLEMENTED;
+    }
+    return level1.OEMCrypto_RewrapDeviceRSAKey(session, message, message_length,
+                                               signature, signature_length, nonce,
+                                               enc_rsa_key, enc_rsa_key_length,
+                                               enc_rsa_key_iv, wrapped_rsa_key,
+                                               wrapped_rsa_key_length);
+  }
+  return Level3_RewrapDeviceRSAKey(session, message, message_length,
+                                   signature, signature_length, nonce,
+                                   enc_rsa_key, enc_rsa_key_length,
+                                   enc_rsa_key_iv, wrapped_rsa_key,
+                                   wrapped_rsa_key_length);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_LoadDeviceRSAKey(OEMCrypto_SESSION session,
+                                           const uint8_t* wrapped_rsa_key,
+                                           size_t wrapped_rsa_key_length) {
+  if (level1.library) {
+    if (!level1.OEMCrypto_LoadDeviceRSAKey) {
+      return OEMCrypto_ERROR_NOT_IMPLEMENTED;
+    }
+    return level1.OEMCrypto_LoadDeviceRSAKey(session, wrapped_rsa_key,
+                                             wrapped_rsa_key_length);
+  }
+  return Level3_LoadDeviceRSAKey(session, wrapped_rsa_key,
+                                 wrapped_rsa_key_length);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_GenerateRSASignature(OEMCrypto_SESSION session,
+                                               const uint8_t* message,
+                                               size_t message_length,
+                                               uint8_t* signature,
+                                               size_t* signature_length) {
+  if (level1.library) {
+    if (!level1.OEMCrypto_GenerateRSASignature) {
+      return OEMCrypto_ERROR_NOT_IMPLEMENTED;
+    }
+    return level1.OEMCrypto_GenerateRSASignature(session, message, message_length,
+                                                 signature, signature_length);
+  }
+  return Level3_GenerateRSASignature(session, message, message_length,
+                                     signature, signature_length);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_DeriveKeysFromSessionKey(OEMCrypto_SESSION session,
+                                                   const uint8_t* enc_session_key,
+                                                   size_t enc_session_key_length,
+                                                   const uint8_t* mac_key_context,
+                                                   size_t mac_key_context_length,
+                                                   const uint8_t* enc_key_context,
+                                                   size_t enc_key_context_length) {
+  if (level1.library) {
+    if (!level1.OEMCrypto_DeriveKeysFromSessionKey) {
+      return OEMCrypto_ERROR_NOT_IMPLEMENTED;
+    }
+    return level1.OEMCrypto_DeriveKeysFromSessionKey(session, enc_session_key,
+                                                     enc_session_key_length,
+                                                     mac_key_context,
+                                                     mac_key_context_length,
+                                                     enc_key_context,
+                                                     enc_key_context_length);
+  }
+  return Level3_DeriveKeysFromSessionKey(session, enc_session_key,
+                                         enc_session_key_length,
+                                         mac_key_context,
+                                         mac_key_context_length,
+                                         enc_key_context,
+                                         enc_key_context_length);
+}
+
+extern "C"
+uint32_t OEMCrypto_APIVersion() {
+  if (level1.library) {
+    if (!level1.OEMCrypto_APIVersion) {
+      return 5;
+    }
+    return level1.OEMCrypto_APIVersion();
+  }
+  return oec_latest_version;
+}
+
+extern "C"
+const char* OEMCrypto_SecurityLevel() {
+  if (level1.library) {
+    if (!level1.OEMCrypto_SecurityLevel) {
+      return "Unknown";
+    }
+    return level1.OEMCrypto_SecurityLevel();
+  }
+  return "L3";
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_Generic_Encrypt(OEMCrypto_SESSION session,
+                                          const uint8_t* in_buffer,
+                                          size_t buffer_length,
+                                          const uint8_t* iv,
+                                          OEMCrypto_Algorithm algorithm,
+                                          uint8_t* out_buffer) {
+
+  if (level1.library) {
+    if (!level1.OEMCrypto_Generic_Encrypt) {
+      return OEMCrypto_ERROR_NOT_IMPLEMENTED;
+    }
+    return level1.OEMCrypto_Generic_Encrypt(session, in_buffer, buffer_length,
+                                            iv, algorithm, out_buffer);
+  }
+  return Level3_Generic_Encrypt(session, in_buffer, buffer_length,
+                                iv, algorithm, out_buffer);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_Generic_Decrypt(OEMCrypto_SESSION session,
+                                          const uint8_t* in_buffer,
+                                          size_t buffer_length,
+                                          const uint8_t* iv,
+                                          OEMCrypto_Algorithm algorithm,
+                                          uint8_t* out_buffer) {
+  if (level1.library) {
+    if (!level1.OEMCrypto_Generic_Decrypt) {
+      return OEMCrypto_ERROR_NOT_IMPLEMENTED;
+    }
+    return level1.OEMCrypto_Generic_Decrypt(session, in_buffer, buffer_length,
+                                            iv, algorithm, out_buffer);
+  }
+  return Level3_Generic_Decrypt(session, in_buffer, buffer_length,
+                                iv, algorithm, out_buffer);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_Generic_Sign(OEMCrypto_SESSION session,
+                                       const uint8_t* in_buffer,
+                                       size_t buffer_length,
+                                       OEMCrypto_Algorithm algorithm,
+                                       uint8_t* signature,
+                                       size_t* signature_length) {
+  if (level1.library) {
+    if (!level1.OEMCrypto_Generic_Sign) {
+      return OEMCrypto_ERROR_NOT_IMPLEMENTED;
+    }
+    return level1.OEMCrypto_Generic_Sign(session, in_buffer, buffer_length,
+                                         algorithm, signature,
+                                         signature_length);
+  }
+  return Level3_Generic_Sign(session, in_buffer, buffer_length,
+                             algorithm, signature,
+                             signature_length);
+}
+
+extern "C"
+OEMCryptoResult OEMCrypto_Generic_Verify(OEMCrypto_SESSION session,
+                                         const uint8_t* in_buffer,
+                                         size_t buffer_length,
+                                         OEMCrypto_Algorithm algorithm,
+                                         const uint8_t* signature,
+                                         size_t signature_length) {
+  if (level1.library) {
+    if (!level1.OEMCrypto_Generic_Verify) {
+      return OEMCrypto_ERROR_NOT_IMPLEMENTED;
+    }
+    return level1.OEMCrypto_Generic_Verify(session, in_buffer, buffer_length,
+                                           algorithm, signature,
+                                           signature_length);
+  }
+  return Level3_Generic_Verify(session, in_buffer, buffer_length,
+                               algorithm, signature,
+                               signature_length);
+}
+
+};  // namespace wvoec_mock
--- a/libwvdrmengine/oemcrypto/test/Android.mk
+++ b/libwvdrmengine/oemcrypto/test/Android.mk
@@ -4,8 +4,8 @@ LOCAL_PATH:= $(call my-dir)
 include $(CLEAR_VARS)

 LOCAL_SRC_FILES:= \
-    oemcrypto_test.cpp \
-    oemcrypto_keybox_test.cpp
+  oemcrypto_test.cpp \
+  oemcrypto_keybox_test.cpp

 LOCAL_MODULE_TAGS := tests

@@ -13,26 +13,28 @@ LOCAL_MODULE_TAGS := tests
 LOCAL_CFLAGS += -DCAN_INSTALL_KEYBOX

 LOCAL_C_INCLUDES += \
-    bionic \
-    external/gtest/include \
-    external/openssl/include \
-    external/stlport/stlport \
-    $(LOCAL_PATH)/../include \
-    $(LOCAL_PATH)/../mock/src \
+  bionic \
+  external/gtest/include \
+  external/openssl/include \
+  external/stlport/stlport \
+  $(LOCAL_PATH)/../include \
+  $(LOCAL_PATH)/../mock/src \

+# TODO(fredgc): fix order dependencies on libwvlevel3 and libwvwrapper.
 LOCAL_STATIC_LIBRARIES := \
-    libgtest \
-    libgtest_main \
-    libl3crypto \
+  libgtest \
+  libgtest_main \
+  libwvwrapper \
+  libwvlevel3 \

 LOCAL_SHARED_LIBRARIES := \
-    libcrypto \
-    libcutils \
-    libdl \
-    liblog \
-    libstlport \
-    libutils \
-    libz \
+  libcrypto \
+  libcutils \
+  libdl \
+  liblog \
+  libstlport \
+  libutils \
+  libz \

 LOCAL_MODULE:=oemcrypto_test

--- a/libwvdrmengine/oemcrypto/test/oemcrypto_keybox_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_keybox_test.cpp
@@ -92,11 +92,11 @@ class OEMCryptoKeyboxTest : public ::testing::Test {

 protected:
  virtual void SetUp() {
-    ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_Initialize())
-        << "OEMCrypto_Initialize failed.";
  }

-  void install_keybox(wvoec_mock::WidevineKeybox& keybox) {
+  void install_keybox(wvoec_mock::WidevineKeybox& keybox, bool good) {
+    ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_Initialize())
+        << "OEMCrypto_Initialize failed.";
    OEMCryptoResult sts;
    uint8_t wrapped[sizeof(wvoec_mock::WidevineKeybox)];
    size_t length = sizeof(wvoec_mock::WidevineKeybox);
@@ -107,18 +107,23 @@ class OEMCryptoKeyboxTest : public ::testing::Test {
                               NULL, 0);
    ASSERT_EQ(OEMCrypto_SUCCESS, sts);
    sts = OEMCrypto_InstallKeybox(wrapped, sizeof(keybox));
-    ASSERT_EQ(OEMCrypto_SUCCESS, sts);
+    if( good ) {
+      ASSERT_EQ(OEMCrypto_SUCCESS, sts);
+    } else {
+      // Can return error now, or return error on IsKeyboxValid.
+    }
  }

  virtual void TearDown() {
-    ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_Terminate())
-        << "OEMCrypto_Terminate failed.";
+    OEMCrypto_Terminate();
  }
 public:

 };

 TEST_F(OEMCryptoKeyboxTest, DefaultKeybox) {
+  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_Initialize())
+      << "OEMCrypto_Initialize failed.";
  OEMCryptoResult sts;
  sts = OEMCrypto_IsKeyboxValid();
  ASSERT_EQ(OEMCrypto_SUCCESS, sts);
@@ -127,12 +132,12 @@ TEST_F(OEMCryptoKeyboxTest, DefaultKeybox) {
 TEST_F(OEMCryptoKeyboxTest, GoodKeybox) {
  wvoec_mock::WidevineKeybox keybox = kValidKeybox02;
  OEMCryptoResult sts;
-  install_keybox(keybox);
+  install_keybox(keybox, true);
  sts = OEMCrypto_IsKeyboxValid();
  ASSERT_EQ(OEMCrypto_SUCCESS, sts);

  keybox = kValidKeybox03;
-  install_keybox(keybox);
+  install_keybox(keybox, true);
  sts = OEMCrypto_IsKeyboxValid();
  ASSERT_EQ(OEMCrypto_SUCCESS, sts);
 }
@@ -141,7 +146,7 @@ TEST_F(OEMCryptoKeyboxTest, BadCRCKeybox) {
  wvoec_mock::WidevineKeybox keybox = kValidKeybox02;
  keybox.crc_[1] = 42;
  OEMCryptoResult sts;
-  install_keybox(keybox);
+  install_keybox(keybox, false);
  sts = OEMCrypto_IsKeyboxValid();
  ASSERT_EQ(OEMCrypto_ERROR_BAD_CRC, sts);
 }
@@ -150,7 +155,7 @@ TEST_F(OEMCryptoKeyboxTest, BadMagicKeybox) {
  wvoec_mock::WidevineKeybox keybox = kValidKeybox02;
  keybox.magic_[1] = 42;
  OEMCryptoResult sts;
-  install_keybox(keybox);
+  install_keybox(keybox, false);
  sts = OEMCrypto_IsKeyboxValid();
  ASSERT_EQ(OEMCrypto_ERROR_BAD_MAGIC, sts);
 }
@@ -160,7 +165,7 @@ TEST_F(OEMCryptoKeyboxTest, BadDataKeybox) {
  wvoec_mock::WidevineKeybox keybox = kValidKeybox02;
  keybox.data_[1] = 42;
  OEMCryptoResult sts;
-  install_keybox(keybox);
+  install_keybox(keybox, false);
  sts = OEMCrypto_IsKeyboxValid();
  ASSERT_EQ(OEMCrypto_ERROR_BAD_CRC, sts);
 }
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
@@ -1682,9 +1682,16 @@ TEST_F(OEMCryptoClientTest, GenerateDerivedKeys) {
  testTearDown();
 }

+// Define CAN_INSTALL_KEYBOX if you are compiling with the reference
+// implementation of OEMCrypto, or if your version of OEMCrypto supports
+// OEMCrypto_InstallKeybox and OEwith a clear keybox.
+// The Below tests are based on a specific keybox which is installed for testing.
+#if defined(CAN_INSTALL_KEYBOX)
+
 TEST_F(OEMCryptoClientTest, GenerateSignature) {
-  Session& s = createSession("ONE");
  testSetUp();
+  InstallKeybox(kDefaultKeybox);
+  Session& s = createSession("ONE");
  s.open();

  s.GenerateDerivedKeys();
@@ -1715,19 +1722,12 @@ TEST_F(OEMCryptoClientTest, GenerateSignature) {
  ASSERT_EQ(0, memcmp(&expected_signature[0], signature,
                      expected_signature.size()));

-
  s.close();
  ASSERT_TRUE(s.successStatus());
  ASSERT_FALSE(s.isOpen());
  testTearDown();
 }

-// Define CAN_INSTALL_KEYBOX if you are compiling with the reference
-// implementation of OEMCrypto, or if your version of OEMCrypto supports
-// OEMCrypto_InstallKeybox and OEwith a clear keybox.
-// The Below tests are based on a specific keybox which is installed for testing.
-#if defined(CAN_INSTALL_KEYBOX)
-
 TEST_F(OEMCryptoClientTest, LoadKeyNoNonce) {
  testSetUp();
  InstallKeybox(kDefaultKeybox);