Merge "Separate and Clarify Cast Reciever Tests" into mnc-dev

2015-06-15 20:24:01 +00:00
parent 1b88e370cf bf484e95de
commit 1d934be5d1
1 changed files with 686 additions and 728 deletions
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
@@ -1146,13 +1146,7 @@ class Session {
  void MakeRSACertificate(struct RSAPrivateKeyMessage* encrypted,
                          std::vector<uint8_t>* signature,
                          uint32_t allowed_schemes,
-                          const uint8_t* rsa_key = NULL,
+                          const vector<uint8_t>& rsa_key) {
                          size_t rsa_key_length = 0) {
    if (rsa_key == NULL) {
      rsa_key = kTestRSAPKCS8PrivateKeyInfo2_2048;
      rsa_key_length = sizeof(kTestRSAPKCS8PrivateKeyInfo2_2048);
    }
    // Dummy context for testing signature generation.
    vector<uint8_t> context = wvcdm::a2b_hex(
        "0a4c08001248000000020000101907d9ffde13aa95c122678053362136bdf840"
@@ -1187,11 +1181,11 @@ class Session {
      uint32_t algorithm_n = htonl(allowed_schemes);
      memcpy(message.rsa_key, "SIGN", 4);
      memcpy(message.rsa_key + 4, &algorithm_n, 4);
-      memcpy(message.rsa_key + 8, rsa_key, rsa_key_length);
+      memcpy(message.rsa_key + 8, rsa_key.data(), rsa_key.size());
-      message.rsa_key_length = 8 + rsa_key_length;
+      message.rsa_key_length = 8 + rsa_key.size();
    } else {
-      memcpy(message.rsa_key, rsa_key, rsa_key_length);
+      memcpy(message.rsa_key, rsa_key.data(), rsa_key.size());
-      message.rsa_key_length = rsa_key_length;
+      message.rsa_key_length = rsa_key.size();
    }
    OEMCrypto_GetRandom(message.rsa_key_iv, wvcdm::KEY_IV_SIZE);
    message.nonce = nonce_;
@@ -2744,19 +2738,24 @@ TEST_F(OEMCryptoSessionTests, KeyDuration) {
 //
 class OEMCryptoLoadsCertificate : public OEMCryptoSessionTestKeyboxTest {
 protected:
  OEMCryptoLoadsCertificate() :
      encoded_rsa_key_(kTestRSAPKCS8PrivateKeyInfo2_2048,
                   kTestRSAPKCS8PrivateKeyInfo2_2048 +
                   sizeof(kTestRSAPKCS8PrivateKeyInfo2_2048)) {}
  void CreateWrappedRSAKey(vector<uint8_t>* wrapped_key,
-                           uint32_t allowed_schemes, bool force,
+                           uint32_t allowed_schemes, bool force) {
                           const uint8_t* rsa_key = NULL,
                           size_t rsa_key_length = 0) {
    Session s;
    s.open();
    s.GenerateDerivedKeysFromKeybox();
    struct RSAPrivateKeyMessage encrypted;
    std::vector<uint8_t> signature;
-    s.MakeRSACertificate(&encrypted, &signature, allowed_schemes, rsa_key,
+    s.MakeRSACertificate(&encrypted, &signature, allowed_schemes,
-                         rsa_key_length);
+                         encoded_rsa_key_);
    s.RewrapRSAKey(encrypted, signature, wrapped_key, force);
  }
  std::vector<uint8_t> encoded_rsa_key_;
 };
 TEST_F(OEMCryptoLoadsCertificate, LoadRSASessionKey) {
@@ -2768,19 +2767,11 @@ TEST_F(OEMCryptoLoadsCertificate, LoadRSASessionKey) {
 }
 TEST_F(OEMCryptoLoadsCertificate, CertificateProvision) {
-  Session s;
+  std::vector<uint8_t> wrapped_rsa_key;
-  s.open();
+  CreateWrappedRSAKey(&wrapped_rsa_key, kSign_RSASSA_PSS, true);
-  s.GenerateDerivedKeysFromKeybox();
+  // We should not be able to find the rsa key in the wrapped key. It should
-  struct RSAPrivateKeyMessage encrypted;
+  // be encrypted.
-  std::vector<uint8_t> signature;
+  ASSERT_EQ(NULL, find(wrapped_rsa_key, encoded_rsa_key_));
  s.MakeRSACertificate(&encrypted, &signature, kSign_RSASSA_PSS);
  vector<uint8_t> wrapped_key;
  s.RewrapRSAKey(encrypted, signature, &wrapped_key, true);
  vector<uint8_t> clear_key(kTestRSAPKCS8PrivateKeyInfo2_2048,
                            kTestRSAPKCS8PrivateKeyInfo2_2048 +
                            sizeof(kTestRSAPKCS8PrivateKeyInfo2_2048));
  ASSERT_EQ(NULL, find(wrapped_key, clear_key));
 }
 TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange1) {
@@ -2789,7 +2780,8 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange1) {
  s.GenerateDerivedKeysFromKeybox();
  struct RSAPrivateKeyMessage encrypted;
  std::vector<uint8_t> signature;
-  s.MakeRSACertificate(&encrypted, &signature, kSign_RSASSA_PSS);
+  s.MakeRSACertificate(&encrypted, &signature, kSign_RSASSA_PSS,
                       encoded_rsa_key_);
  vector<uint8_t> wrapped_key;
  const uint8_t* message_ptr = reinterpret_cast<const uint8_t*>(&encrypted);
  size_t wrapped_key_length = 0;
@@ -2816,7 +2808,8 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange2) {
  s.GenerateDerivedKeysFromKeybox();
  struct RSAPrivateKeyMessage encrypted;
  std::vector<uint8_t> signature;
-  s.MakeRSACertificate(&encrypted, &signature, kSign_RSASSA_PSS);
+  s.MakeRSACertificate(&encrypted, &signature, kSign_RSASSA_PSS,
                       encoded_rsa_key_);
  vector<uint8_t> wrapped_key;
  const uint8_t* message_ptr = reinterpret_cast<const uint8_t*>(&encrypted);
  size_t wrapped_key_length = 0;
@@ -2845,7 +2838,8 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange3) {
  s.GenerateDerivedKeysFromKeybox();
  struct RSAPrivateKeyMessage encrypted;
  std::vector<uint8_t> signature;
-  s.MakeRSACertificate(&encrypted, &signature, kSign_RSASSA_PSS);
+  s.MakeRSACertificate(&encrypted, &signature, kSign_RSASSA_PSS,
                       encoded_rsa_key_);
  const uint8_t* message_ptr = reinterpret_cast<const uint8_t*>(&encrypted);
  vector<uint8_t> wrapped_key;
@@ -2875,7 +2869,8 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadSignature) {
  s.GenerateDerivedKeysFromKeybox();
  struct RSAPrivateKeyMessage encrypted;
  std::vector<uint8_t> signature;
-  s.MakeRSACertificate(&encrypted, &signature, kSign_RSASSA_PSS);
+  s.MakeRSACertificate(&encrypted, &signature, kSign_RSASSA_PSS,
                       encoded_rsa_key_);
  vector<uint8_t> wrapped_key;
  const uint8_t* message_ptr = reinterpret_cast<const uint8_t*>(&encrypted);
@@ -2903,7 +2898,8 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadNonce) {
  s.GenerateDerivedKeysFromKeybox();
  struct RSAPrivateKeyMessage encrypted;
  std::vector<uint8_t> signature;
-  s.MakeRSACertificate(&encrypted, &signature, kSign_RSASSA_PSS);
+  s.MakeRSACertificate(&encrypted, &signature, kSign_RSASSA_PSS,
                       encoded_rsa_key_);
  vector<uint8_t> wrapped_key;
  const uint8_t* message_ptr = reinterpret_cast<const uint8_t*>(&encrypted);
@@ -2931,7 +2927,8 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRSAKey) {
  s.GenerateDerivedKeysFromKeybox();
  struct RSAPrivateKeyMessage encrypted;
  std::vector<uint8_t> signature;
-  s.MakeRSACertificate(&encrypted, &signature, kSign_RSASSA_PSS);
+  s.MakeRSACertificate(&encrypted, &signature, kSign_RSASSA_PSS,
                       encoded_rsa_key_);
  vector<uint8_t> wrapped_key;
  const uint8_t* message_ptr = reinterpret_cast<const uint8_t*>(&encrypted);
@@ -3110,45 +3107,69 @@ class OEMCryptoLoadsCertificateAlternates : public OEMCryptoLoadsCertificate {
  void LoadWithAllowedSchemes(uint32_t schemes, bool force) {
    CreateWrappedRSAKey(&wrapped_rsa_key_, schemes, force);
    key_loaded_ = (wrapped_rsa_key_.size() > 0);
    if (force) ASSERT_TRUE(key_loaded_);
  }
  std::vector<uint8_t> wrapped_rsa_key_;
  bool key_loaded_;
 };
 // The alternate padding is only required for cast receivers, but all devices
 // should forbid the alternate padding for regular certificates.
 TEST_F(OEMCryptoLoadsCertificateAlternates, DisallowForbiddenPadding) {
  LoadWithAllowedSchemes(kSign_RSASSA_PSS, true);  // Use default padding scheme
  DisallowForbiddenPadding(kSign_PKCS1_Block1, 50);
 }
-// TODO(fredgc): Clean this up a bit.  Still need to test signature algorithms
+// The alternate padding is only required for cast receivers, but if a device
-// if uses_certificate but not loads_certificate.
+// does load an alternate certificate, it should NOT use it for generating
 // a license request signature.
 TEST_F(OEMCryptoLoadsCertificateAlternates, TestSignaturePKCS1) {
  // Try to load an RSA key with alternative padding schemes.  This signing
  // scheme is used by cast receivers.
  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
  // If the device is a cast receiver, then this scheme is required.
  if (global_features.cast_receiver) ASSERT_TRUE(key_loaded_);
  // If the key loaded with no error, then we will verify that it is not used
  // for forbidden padding schemes.
  if (key_loaded_) {
    // The other padding scheme should fail.
    DisallowForbiddenPadding(kSign_RSASSA_PSS, 83);
    DisallowDeriveKeys();
    if (global_features.cast_receiver) {
      // A signature with a valid size should succeed.
      TestSignature(kSign_PKCS1_Block1, 83);
      TestSignature(kSign_PKCS1_Block1, 50);
    }
    // A signature with padding that is too big should fail.
    DisallowForbiddenPadding(kSign_PKCS1_Block1, 84);  // too big.
  }
 }
 TEST_F(OEMCryptoLoadsCertificateAlternates, TestSignatureBoth) {
  // Try to load an RSA key with alternative padding schemes.  This key
  // is allowed to sign with either padding scheme.  Devices are not required
  // to support both padding schemes.
  LoadWithAllowedSchemes(kSign_RSASSA_PSS | kSign_PKCS1_Block1, false);
-  if (global_features.cast_receiver) ASSERT_TRUE(key_loaded_);
+  // If the device loads this key, it should process it correctly.
  if (key_loaded_) {
    DisallowDeriveKeys();
    // A signature with padding that is too big should fail.
    DisallowForbiddenPadding(kSign_PKCS1_Block1, 84);
    if (global_features.cast_receiver) {
      TestSignature(kSign_RSASSA_PSS, 200);
      // A signature with a valid size should succeed.
      TestSignature(kSign_PKCS1_Block1, 83);
      TestSignature(kSign_PKCS1_Block1, 50);
-    DisallowForbiddenPadding(kSign_PKCS1_Block1, 84);
+    }
  }
 }
-// This tests attempts to use alternate algorithms for main device certs.
+// This test verifies RSA signing with the alternate padding scheme used by
-class OEMCryptoCastReceiverTest : public OEMCryptoLoadsCertificate {
+// Android cast receivers, PKCS1 Block 1.  These tests are not required for
 // other devices, and should be filtered out by DeviceFeatures::Initialize for
 // those devices.
 class OEMCryptoCastReceiverTest : public OEMCryptoLoadsCertificateAlternates {
 protected:
  vector<uint8_t> encode(uint8_t type, const vector<uint8_t>& substring) {
    vector<uint8_t> result;
@@ -3175,6 +3196,7 @@ class OEMCryptoCastReceiverTest : public OEMCryptoLoadsCertificate {
    return result;
  }
  // This encodes the RSA key used in the PKCS#1 signing tests below.
  void BuildRSAKey() {
    vector<uint8_t> field_n =
        encode(0x02, wvcdm::a2b_hex(
@@ -3272,7 +3294,7 @@ class OEMCryptoCastReceiverTest : public OEMCryptoLoadsCertificate {
                         "36995aac7e527490ac952a02268a4f18"));
    // Header of rsa key is constant.
-    encoded_key_ = wvcdm::a2b_hex(
+    encoded_rsa_key_ = wvcdm::a2b_hex(
        //  0x02 0x01 0x00 == integer, size 1 byte, value = 0 (field=version)
        "020100"
        //  0x30, sequence, size = d = 13 (field=pkeyalg)  AlgorithmIdentifier
@@ -3304,40 +3326,8 @@ class OEMCryptoCastReceiverTest : public OEMCryptoLoadsCertificate {
    pkey = encode(0x30, pkey);
    pkey = encode(0x04, pkey);
-    encoded_key_ = concat(encoded_key_, pkey);
+    encoded_rsa_key_ = concat(encoded_rsa_key_, pkey);
-    encoded_key_ = encode(0x30, encoded_key_);  // 0x30=sequence
+    encoded_rsa_key_ = encode(0x30, encoded_rsa_key_);  // 0x30=sequence
  }
  void DisallowForbiddenPadding(RSA_Padding_Scheme scheme, size_t size) {
    OEMCryptoResult sts;
    Session s;
    s.open();
    sts = OEMCrypto_LoadDeviceRSAKey(s.session_id(), &wrapped_rsa_key_[0],
                                     wrapped_rsa_key_.size());
    ASSERT_EQ(OEMCrypto_SUCCESS, sts);
    // Sign a Message
    vector<uint8_t> licenseRequest(size);
    OEMCrypto_GetRandom(&licenseRequest[0], licenseRequest.size());
    size_t signature_length = 256;
    vector<uint8_t> signature(signature_length);
    sts = OEMCrypto_GenerateRSASignature(s.session_id(), &licenseRequest[0],
                                         licenseRequest.size(), &signature[0],
                                         &signature_length, scheme);
    // Allow OEMCrypto to request a full buffer.
    if (sts == OEMCrypto_ERROR_SHORT_BUFFER) {
      ASSERT_NE(static_cast<size_t>(0), signature_length);
      signature.assign(signature_length, 0);
      sts = OEMCrypto_GenerateRSASignature(s.session_id(), &licenseRequest[0],
                                           licenseRequest.size(), &signature[0],
                                           &signature_length, scheme);
    }
    ASSERT_NE(OEMCrypto_SUCCESS, sts)
        << "Signed with forbidden padding scheme=" << (int)scheme
        << ", size=" << (int)size;
    vector<uint8_t> zero(signature_length, 0);
    ASSERT_EQ(zero, signature);  // signature should not be computed.
  }
  // This is used to test a signature from the file pkcs1v15sign-vectors.txt.
@@ -3379,7 +3369,7 @@ class OEMCryptoCastReceiverTest : public OEMCryptoLoadsCertificate {
    ASSERT_EQ(OEMCrypto_SUCCESS, sts)
        << "Failed to sign with padding scheme=" << (int)scheme
        << ", size=" << (int)message.size();
-    s.PreparePublicKey(&encoded_key_[0], encoded_key_.size());
+    s.PreparePublicKey(&encoded_rsa_key_[0], encoded_rsa_key_.size());
    // Verify that the signature matches the official test vector.
    ASSERT_EQ(correct_signature.size(), signature_length);
@@ -3392,24 +3382,12 @@ class OEMCryptoCastReceiverTest : public OEMCryptoLoadsCertificate {
    s.VerifyRSASignature(digest, &correct_signature[0],
                         correct_signature.size(), scheme);
  }
  void LoadWithAllowedSchemes(uint32_t schemes, bool force) {
    BuildRSAKey();
    CreateWrappedRSAKey(&wrapped_rsa_key_, schemes, force, &encoded_key_[0],
                        encoded_key_.size());
    key_loaded_ = (wrapped_rsa_key_.size() > 0);
    ASSERT_TRUE(key_loaded_);
  }
  std::vector<uint8_t> encoded_key_;
  std::vector<uint8_t> wrapped_rsa_key_;
  bool key_loaded_;
 };
 // # PKCS#1 v1.5 Signature Example 15.1
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_1) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "f45d55f35551e975d6a8dc7ea9f48859"
      "3940cc75694a278f27e578a163d839b3"
@@ -3444,12 +3422,11 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_1) {
      "dac7bd4586bc9382191f6d2880f6227e"
      "5df3eed21e7792d249480487f3655261");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.2
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_2) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "c14b4c6075b2f9aad661def4ecfd3cb9"
      "33c623f4e63bf53410d2f016d1ab98e2"
@@ -3479,13 +3456,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_2) {
      "8c4aa3121588fb6cf68396d8ac054659"
      "9500c9708500a5972bd54f72cf8db0c8");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.3
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_3) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "d02371ad7ee48bbfdb2763de7a843b94"
      "08ce5eb5abf847ca3d735986df84e906"
@@ -3521,13 +3497,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_3) {
      "b6c0b4140ef11970c4630d44344e76ea"
      "ed74dcbee811dbf6575941f08a6523b8");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 };
 // # PKCS#1 v1.5 Signature Example 15.4
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_4) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "29035584ab7e0226a9ec4b02e8dcf127"
      "2dc9a41d73e2820007b0f6e21feccd5b"
@@ -3551,13 +3526,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_4) {
      "5dcbc2613bc120421f9e3653c5a87672"
      "97643c7e0740de016355453d6c95ae72");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.5
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_5) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex("bda3a1c79059eae598308d3df609");
  vector<uint8_t> signature = wvcdm::a2b_hex(
      "a156176cb96777c7fb96105dbd913bc4"
@@ -3577,13 +3551,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_5) {
      "c5182d8f151bf41dfeccaed7cde690b2"
      "1647106b490c729d54a8fe2802a6d126");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.6
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_6) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "c187915e4e87da81c08ed4356a0cceac"
      "1c4fb5c046b45281b387ec28f1abfd56"
@@ -3610,13 +3583,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_6) {
      "89dd195a38b42de4edc49d346478b9f1"
      "1f0557205f5b0bd7ffe9c850f396d7c4");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.7
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_7) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "abfa2ecb7d29bd5bcb9931ce2bad2f74"
      "383e95683cee11022f08e8e7d0b8fa05"
@@ -3644,13 +3616,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_7) {
      "52c8d12ea33bf053a300f4afc4f098df"
      "4e6d886779d64594d369158fdbc1f694");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.8
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_8) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "df4044a89a83e9fcbf1262540ae3038b"
      "bc90f2b2628bf2a4467ac67722d8546b"
@@ -3684,13 +3655,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_8) {
      "dd64ad16bd0125d0348e383085f08894"
      "861ca18987227d37b42b584a8357cb04");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.9
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_9) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "ea941ff06f86c226927fcf0e3b11b087"
      "2676170c1bfc33bda8e265c77771f9d0"
@@ -3722,13 +3692,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_9) {
      "0af0e7157dc298c6cd2dee2262f8cddc"
      "10f11e01741471bbfd6518a175734575");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.10
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_10) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "d8b81645c13cd7ecf5d00ed2c91b9acd"
      "46c15568e5303c4a9775ede76b48403d"
@@ -3753,13 +3722,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_10) {
      "0aab07153d01f48d086df0bfbec05e7b"
      "443b97e71718970e2f4bf62023e95b67");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.11
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_11) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "e5739b6c14c92d510d95b826933337ff"
      "0d24ef721ac4ef64c2bad264be8b44ef"
@@ -3788,13 +3756,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_11) {
      "f3125edd48521ae3b9b03217f4496d0d"
      "8ede57acbc5bd4deae74a56f86671de2");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.12
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_12) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "7af42835917a88d6b3c6716ba2f5b0d5"
      "b20bd4e2e6e574e06af1eef7c81131be"
@@ -3830,13 +3797,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_12) {
      "07cf0359683d2298e35948ed806c063c"
      "606ea178150b1efc15856934c7255cfe");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.13
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_13) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "ebaef3f9f23bdfe5fa6b8af4c208c189"
      "f2251bf32f5f137b9de4406378686b3f"
@@ -3860,13 +3826,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_13) {
      "459f57d5013638483de2d91cb3c490da"
      "81c46de6cd76ea8a0c8f6fe331712d24");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.14
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_14) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "c5a2711278761dfcdd4f0c99e6f5619d"
      "6c48b5d4c1a80982faa6b4cf1cf7a60f"
@@ -3897,13 +3862,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_14) {
      "99fe98ae4eb49f3ff41c5040a50cefc9"
      "bdf2394b749cf164480df1ab6880273b");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.15
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_15) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "9bf8aa253b872ea77a7e23476be26b23"
      "29578cf6ac9ea2805b357f6fc3ad130d"
@@ -3937,13 +3901,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_15) {
      "ec49a378ac8a3c74439f7cc555ba13f8"
      "59070890ee18ff658fa4d741969d70a5");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.16
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_16) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "32474830e2203754c8bf0681dc4f842a"
      "fe360930378616c108e833656e5640c8"
@@ -3979,13 +3942,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_16) {
      "440b86e10c199715fa0b6f4250b53373"
      "2d0befe1545150fc47b876de09b00a94");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.17
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_17) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "008e59505eafb550aae5e845584cebb0"
      "0b6de1733e9f95d42c882a5bbeb5ce1c"
@@ -4009,13 +3971,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_17) {
      "5f8d4d496acf03d3033b7ccd196bc22f"
      "68fb7bef4f697c5ea2b35062f48a36dd");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.18
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_18) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "6abc54cf8d1dff1f53b17d8160368878"
      "a8788cc6d22fa5c2258c88e660b09a89"
@@ -4040,13 +4001,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_18) {
      "1930f99763272f9797bcb76f1d248157"
      "5558fcf260b1f0e554ebb3df3cfcb958");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.19
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_19) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "af2d78152cf10efe01d274f217b177f6"
      "b01b5e749f1567715da324859cd3dd88"
@@ -4078,13 +4038,12 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_19) {
      "229d9ef2b1b3807e321018920ad3e53d"
      "ae47e6d9395c184b93a374c671faa2ce");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 // # PKCS#1 v1.5 Signature Example 15.20
 TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_20) {
-  LoadWithAllowedSchemes(kSign_PKCS1_Block1, false);
+  BuildRSAKey();
-  if (key_loaded_) {
+  LoadWithAllowedSchemes(kSign_PKCS1_Block1, true);
  vector<uint8_t> message = wvcdm::a2b_hex(
      "40ee992458d6f61486d25676a96dd2cb"
      "93a37f04b178482f2b186cf88215270d"
@@ -4116,7 +4075,6 @@ TEST_F(OEMCryptoCastReceiverTest, TestSignaturePKCS1_15_20) {
      "a52cfce899cd79b15b4fc3723641ef6b"
      "d00acc10407e5df58dd1c3c5c559a506");
  TestSignature(kSign_PKCS1_Block1, message, signature);
  }
 }
 class GenericCryptoTest : public OEMCryptoSessionTests {
@@ -4160,7 +4118,7 @@ class GenericCryptoTest : public OEMCryptoSessionTests {
    uint8_t iv_buffer[wvcdm::KEY_IV_SIZE];
    memcpy(iv_buffer, iv_, wvcdm::KEY_IV_SIZE);
    out_buffer->resize(in_buffer.size());
-    ASSERT_GT(in_buffer.size(), 0);
+    ASSERT_GT(in_buffer.size(), 0u);
    ASSERT_EQ(0, in_buffer.size() % AES_BLOCK_SIZE);
    AES_cbc_encrypt(&in_buffer[0], out_buffer->data(), in_buffer.size(),
                    &aes_key, iv_buffer, AES_ENCRYPT);