OEMCrypto Unit Tests

This is a merge from the Widevine repository of http://go/wvgerrit/14024 Add Level 3 Oemcrypto Unit Tests To Run All Tests Script This CL adds the ability to restrict the oemcrypto unit tests to only use the fall back level 3. This restriction is per-process, and is only used while running the unit tests. This allows us to automate running the unit tests on an android device as both level 1 and level 3 without modifying files in /system/lib. To turn on the restriction, set the environment variable: FORCE_LEVEL3_OEMCRYPTO=yes. New level 3 library versions are: level3/arm/libwvlevel3.a Level3 Library Apr 8 2015 13:09:05 level3/x86/libwvlevel3.a Level3 Library Apr 8 2015 13:15:42 http://go/wvgerrit/14055 Remove Redundant Tests This CL modifies the UsageTableTests in oemcrypto_test.cpp so that they are not all parameterized by new_mac_keys_. This parameter is used when testing signatures. In particular, we do not need to verify timing twice. Also, I modified the run_all_unit_tests.sh script so that the environment variable GTEST_FILTER is passed down to the android process. This allows us to use the script to run a limited list of tests while debugging. http://go/wvgerrit/14054 Filter Out API Version 10 Tests This CL updates the OEMCrypto tests so that all but one test will pass for a device that implements the version 9 API. Android LMP devices should pass tests with GTEST_FILTER="*-*MNC*:*CanLoadTestKeys*" http://go/wvgerrit/13886 Update Documentation about Optional Features The intergration guide has been updated to include reference to OEMCrypto_LoadTestRSAKey. It also now discusses optional features. The Delta 10 document now mentions OEMCrypto_LoadTestRSAKey. The android supplement warns that most optional features are required. This also adds clarification about which functions should save the usage table, in answer to: b/16799904 OEMCrypto v9 ambiguous about saving usage table information Change-Id: Ifb517d58952c9b332b2958ca99af64bc293b985f
2015-04-08 17:55:54 -07:00
parent 4d6ec2ac4c
commit 2527f77201
10 changed files with 129 additions and 73 deletions
--- a/libwvdrmengine/cdm/core/include/oemcrypto_adapter.h
+++ b/libwvdrmengine/cdm/core/include/oemcrypto_adapter.h
@@ -9,8 +9,8 @@ namespace wvcdm {
 enum SecurityLevel { kLevelDefault, kLevel3 };
-/* This attempts to open a session at the desired security level.
+// This attempts to open a session at the desired security level.
-   If one level is not available, the other will be used instead. */
+// If one level is not available, the other will be used instead.
 OEMCryptoResult OEMCrypto_OpenSession(OEMCrypto_SESSION* session,
                                      SecurityLevel level);
 OEMCryptoResult OEMCrypto_CopyBuffer(
--- a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
+++ b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
@@ -11,6 +11,7 @@
 #include <dlfcn.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <iostream>
@@ -240,14 +241,18 @@ class Adapter {
  OEMCryptoResult Initialize() {
    LoadLevel3();
    OEMCryptoResult result = Level3_Initialize();
    if (force_level3()) {
      LOGW("Test code. User requested falling back to L3");
      return result;
    }
    std::string library_name;
    if (!wvcdm::Properties::GetOEMCryptoPath(&library_name)) {
-      LOGW("L1 library not specified. Falling Back to L3");
+      LOGW("L1 library not specified. Falling back to L3");
      return result;
    }
    level1_library_ = dlopen(library_name.c_str(), RTLD_NOW);
    if (level1_library_ == NULL) {
-      LOGW("Could not load %s. Falling Back to L3.  %s", library_name.c_str(),
+      LOGW("Could not load %s. Falling back to L3.  %s", library_name.c_str(),
           dlerror());
      return result;
    }
@@ -496,6 +501,14 @@ class Adapter {
  // If we add this to the level 3 session id, then the external session
  // id will match the internal session id in the last two digits.
  static const OEMCrypto_SESSION kLevel3Offset = 25600;
  // For running the unit tests using the level 3 oemcrypto.  If the user sets
  // the environment FORCE_LEVEL3_OEMCRYPTO, we ignore the level 1 library.
  bool force_level3() {
    const char* var = getenv("FORCE_LEVEL3_OEMCRYPTO");
    if (!var) return false;
    return !strcmp(var, "yes");
  }
 };
 static Adapter* kAdapter = 0;
--- a/libwvdrmengine/docs/WidevineModularDRMSecurityIntegrationGuideforCENC.pdf
+++ b/libwvdrmengine/docs/WidevineModularDRMSecurityIntegrationGuideforCENC.pdf
--- a/libwvdrmengine/docs/WidevineSecurityIntegrationGuideforCENCAndroidSupplement.pdf
+++ b/libwvdrmengine/docs/WidevineSecurityIntegrationGuideforCENCAndroidSupplement.pdf
--- a/libwvdrmengine/docs/Widevine_Modular_DRM_Version_10_Delta.pdf
+++ b/libwvdrmengine/docs/Widevine_Modular_DRM_Version_10_Delta.pdf
--- a/libwvdrmengine/level3/arm/libwvlevel3.a
+++ b/libwvdrmengine/level3/arm/libwvlevel3.a
--- a/libwvdrmengine/level3/x86/libwvlevel3.a
+++ b/libwvdrmengine/level3/x86/libwvlevel3.a
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
@@ -630,6 +630,12 @@ void DeviceFeatures::Initialize(bool is_cast_receiver, bool force_load_test_keyb
  switch(derive_key_method) {
    case NO_METHOD:
      printf("NO_METHOD: Cannot derive known session keys.\n");
      // Note: cast_receiver left unchanged because set by user on command line.
      uses_keybox = false;
      uses_certificate = false;
      loads_certificate = false;
      generic_crypto = false;
      usage_table = false;
      break;
    case LOAD_TEST_KEYBOX:
      printf("LOAD_TEST_KEYBOX: Call LoadTestKeybox before deriving keys.\n");
@@ -649,14 +655,16 @@ void DeviceFeatures::Initialize(bool is_cast_receiver, bool force_load_test_keyb
 std::string DeviceFeatures::RestrictFilter(const std::string& initial_filter) {
  std::string filter = initial_filter;
-  if (!uses_keybox)         FilterOut(&filter, "*KeyboxTest*");
+  if (!uses_keybox)                    FilterOut(&filter, "*KeyboxTest*");
  if (derive_key_method
-      != FORCE_TEST_KEYBOX) FilterOut(&filter, "*ForceKeybox*");
+      != FORCE_TEST_KEYBOX)            FilterOut(&filter, "*ForceKeybox*");
-  if (!uses_certificate)    FilterOut(&filter, "*Certificate*");
+  if (!uses_certificate)               FilterOut(&filter, "*Certificate*");
-  if (!loads_certificate)   FilterOut(&filter, "*LoadsCertificate*");
+  if (!loads_certificate)              FilterOut(&filter, "*LoadsCert*");
-  if (!generic_crypto)      FilterOut(&filter, "*GenericCrypto*");
+  if (!generic_crypto)                 FilterOut(&filter, "*GenericCrypto*");
-  if (!cast_receiver)       FilterOut(&filter, "*CastReceiver*");
+  if (!cast_receiver)                  FilterOut(&filter, "*CastReceiver*");
-  if (!usage_table)         FilterOut(&filter, "*UsageTable*");
+  if (!usage_table)                    FilterOut(&filter, "*UsageTable*");
  if (derive_key_method == NO_METHOD)  FilterOut(&filter, "*SessionTest*");
  if (api_version < 10)                FilterOut(&filter, "*API10*");
  return filter;
 }
@@ -1518,7 +1526,11 @@ TEST_F(OEMCryptoClientTest, CheckHDCPCapability) {
         HDCPCapabilityAsString(maximum));
 }
-TEST_F(OEMCryptoClientTest, CheckMaxNumberOfOEMCryptoSessions) {
+TEST_F(OEMCryptoClientTest, CheckMaxNumberOfSessionsAPI10) {
  size_t sessions_count;
  ASSERT_EQ(OEMCrypto_SUCCESS,
            OEMCrypto_GetNumberOfOpenSessions(&sessions_count));
  ASSERT_EQ(0u, sessions_count);
  size_t maximum;
  OEMCryptoResult sts = OEMCrypto_GetMaxNumberOfSessions(&maximum);
  ASSERT_EQ(OEMCrypto_SUCCESS, sts);
@@ -1599,7 +1611,23 @@ TEST_F(OEMCryptoClientTest, TwoSessionsOpenClose) {
  ASSERT_FALSE(s2.isOpen());
 }
-TEST_F(OEMCryptoClientTest, MaxSessionsOpenClose) {
+// This test should still pass for API v9.  A better test is below, but it only
 // works for API v10.
 TEST_F(OEMCryptoClientTest, EightSessionsOpenClose) {
  Session s[8];
  for (int i = 0; i < 8; i++) {
    s[i].open();
    ASSERT_EQ(OEMCrypto_SUCCESS, s[i].getStatus());
    ASSERT_TRUE(s[i].isOpen());
  }
  for (int i = 0; i < 8; i++) {
    s[i].close();
    ASSERT_EQ(OEMCrypto_SUCCESS, s[i].getStatus());
    ASSERT_FALSE(s[i].isOpen());
  }
 }
 TEST_F(OEMCryptoClientTest, MaxSessionsOpenCloseAPI10) {
  size_t sessions_count;
  ASSERT_EQ(OEMCrypto_SUCCESS,
            OEMCrypto_GetNumberOfOpenSessions(&sessions_count));
@@ -1753,7 +1781,7 @@ TEST_F(OEMCryptoClientTest, PreventNonceFlood3) {
  EXPECT_EQ(0, error_counter);
 }
-TEST_F(OEMCryptoClientTest, ClearCopyTest) {
+TEST_F(OEMCryptoClientTest, ClearCopyTestAPI10) {
  const int kDataSize = 256;
  uint8_t input_buffer[kDataSize];
  OEMCrypto_GetRandom(input_buffer, sizeof(input_buffer));
@@ -1788,6 +1816,11 @@ TEST_F(OEMCryptoClientTest, ClearCopyTest) {
                                 | OEMCrypto_LastSubsample));
 }
 TEST_F(OEMCryptoClientTest, CanLoadTestKeys) {
  ASSERT_NE(DeviceFeatures::NO_METHOD, global_features.derive_key_method)
      << "Session tests cannot run with out a test keybox or RSA cert.";
 }
 class OEMCryptoKeyboxTest : public OEMCryptoClientTest {};
 TEST_F(OEMCryptoKeyboxTest, NormalGetKeyData) {
@@ -1868,14 +1901,14 @@ class OEMCryptoSessionTests : public OEMCryptoClientTest {
  }
 };
-class OEMCryptoTestKeyboxTest : public  OEMCryptoSessionTests {};
+class OEMCryptoSessionTestKeyboxTest : public  OEMCryptoSessionTests {};
-TEST_F(OEMCryptoTestKeyboxTest, TestKeyboxIsValid) {
+TEST_F(OEMCryptoSessionTestKeyboxTest, TestKeyboxIsValid) {
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_IsKeyboxValid());
 }
-TEST_F(OEMCryptoTestKeyboxTest, GoodForceKeybox) {
+TEST_F(OEMCryptoSessionTestKeyboxTest, GoodForceKeybox) {
  ASSERT_EQ(DeviceFeatures::FORCE_TEST_KEYBOX,
            global_features.derive_key_method)
      << "ForceKeybox tests will modify the installed keybox.";
@@ -1891,7 +1924,7 @@ TEST_F(OEMCryptoTestKeyboxTest, GoodForceKeybox) {
  ASSERT_EQ(OEMCrypto_SUCCESS, sts);
 }
-TEST_F(OEMCryptoTestKeyboxTest, BadCRCForceKeybox) {
+TEST_F(OEMCryptoSessionTestKeyboxTest, BadCRCForceKeybox) {
  ASSERT_EQ(DeviceFeatures::FORCE_TEST_KEYBOX,
            global_features.derive_key_method)
      << "ForceKeybox tests will modify the installed keybox.";
@@ -1903,7 +1936,7 @@ TEST_F(OEMCryptoTestKeyboxTest, BadCRCForceKeybox) {
  ASSERT_EQ(OEMCrypto_ERROR_BAD_CRC, sts);
 }
-TEST_F(OEMCryptoTestKeyboxTest, BadMagicForceKeybox) {
+TEST_F(OEMCryptoSessionTestKeyboxTest, BadMagicForceKeybox) {
  ASSERT_EQ(DeviceFeatures::FORCE_TEST_KEYBOX,
            global_features.derive_key_method)
      << "ForceKeybox tests will modify the installed keybox.";
@@ -1915,7 +1948,7 @@ TEST_F(OEMCryptoTestKeyboxTest, BadMagicForceKeybox) {
  ASSERT_EQ(OEMCrypto_ERROR_BAD_MAGIC, sts);
 }
-TEST_F(OEMCryptoTestKeyboxTest, BadDataForceKeybox) {
+TEST_F(OEMCryptoSessionTestKeyboxTest, BadDataForceKeybox) {
  ASSERT_EQ(DeviceFeatures::FORCE_TEST_KEYBOX,
            global_features.derive_key_method)
      << "ForceKeybox tests will modify the installed keybox.";
@@ -1927,7 +1960,7 @@ TEST_F(OEMCryptoTestKeyboxTest, BadDataForceKeybox) {
  ASSERT_EQ(OEMCrypto_ERROR_BAD_CRC, sts);
 }
-TEST_F(OEMCryptoTestKeyboxTest, GenerateSignature) {
+TEST_F(OEMCryptoSessionTestKeyboxTest, GenerateSignature) {
  Session s;
  s.open();
@@ -2268,7 +2301,7 @@ TEST_F(OEMCryptoSessionTests, AntiRollbackHardwareRequired) {
  }
 }
-class OEMCryptoDecryptWithHDCP : public OEMCryptoSessionTests,
+class SessionTestDecryptWithHDCP : public OEMCryptoSessionTests,
                                 public WithParamInterface<int> {
 public:
  void DecryptWithHDCP(OEMCrypto_HDCP_Capability version) {
@@ -2294,16 +2327,16 @@ class OEMCryptoDecryptWithHDCP : public OEMCryptoSessionTests,
  }
 };
-TEST_P(OEMCryptoDecryptWithHDCP, Decrypt) {
+TEST_P(SessionTestDecryptWithHDCP, Decrypt) {
  // Test parameterized by HDCP version.
  DecryptWithHDCP(static_cast<OEMCrypto_HDCP_Capability>(GetParam()));
 }
-INSTANTIATE_TEST_CASE_P(TestHDCP,  OEMCryptoDecryptWithHDCP, Range(1, 5));
+INSTANTIATE_TEST_CASE_P(TestHDCP,  SessionTestDecryptWithHDCP, Range(1, 5));
 //
 // Load, Refresh Keys Test
 //
-class OEMCryptoRefreshKeyTest
+class SessionTestRefreshKeyTest
    : public OEMCryptoSessionTests,
      public WithParamInterface<std::pair<bool, int> > {
 public:
@@ -2319,7 +2352,7 @@ class OEMCryptoRefreshKeyTest
  size_t num_keys_;
 };
-TEST_P(OEMCryptoRefreshKeyTest, RefreshWithNonce) {
+TEST_P(SessionTestRefreshKeyTest, RefreshWithNonce) {
  Session s;
  s.open();
  s.GenerateTestSessionKeys();
@@ -2332,7 +2365,7 @@ TEST_P(OEMCryptoRefreshKeyTest, RefreshWithNonce) {
  s.RefreshTestKeys(num_keys_, wvoec_mock::kControlNonceEnabled, nonce, true);
 }
-TEST_P(OEMCryptoRefreshKeyTest, RefreshNoNonce) {
+TEST_P(SessionTestRefreshKeyTest, RefreshNoNonce) {
  Session s;
  s.open();
  s.GenerateTestSessionKeys();
@@ -2344,7 +2377,7 @@ TEST_P(OEMCryptoRefreshKeyTest, RefreshNoNonce) {
  s.RefreshTestKeys(num_keys_, 0, 0, true);
 }
-TEST_P(OEMCryptoRefreshKeyTest, RefreshOldNonce) {
+TEST_P(SessionTestRefreshKeyTest, RefreshOldNonce) {
  Session s;
  s.open();
  s.GenerateTestSessionKeys();
@@ -2356,7 +2389,7 @@ TEST_P(OEMCryptoRefreshKeyTest, RefreshOldNonce) {
  s.RefreshTestKeys(num_keys_, wvoec_mock::kControlNonceEnabled, nonce, false);
 }
-TEST_P(OEMCryptoRefreshKeyTest, RefreshBadNonce) {
+TEST_P(SessionTestRefreshKeyTest, RefreshBadNonce) {
  Session s;
  s.open();
  s.GenerateTestSessionKeys();
@@ -2371,12 +2404,12 @@ TEST_P(OEMCryptoRefreshKeyTest, RefreshBadNonce) {
 }
 // Of only one key control block in the refesh, we update all the keys.
-INSTANTIATE_TEST_CASE_P(TestRefreshAllKeys, OEMCryptoRefreshKeyTest,
+INSTANTIATE_TEST_CASE_P(TestRefreshAllKeys, SessionTestRefreshKeyTest,
                        Values(std::make_pair(true, 1),
                               std::make_pair(false, 1)));
 // If multiple key control blocks, we update each key separately.
-INSTANTIATE_TEST_CASE_P(TestRefreshEachKeys, OEMCryptoRefreshKeyTest,
+INSTANTIATE_TEST_CASE_P(TestRefreshEachKeys, SessionTestRefreshKeyTest,
                        Values(std::make_pair(true, kNumKeys),
                               std::make_pair(false, kNumKeys)));
@@ -2666,7 +2699,7 @@ TEST_F(OEMCryptoSessionTests, KeyDuration) {
 //
 // Certificate Root of Trust Tests
 //
-class OEMCryptoLoadsCertificate : public OEMCryptoTestKeyboxTest {
+class OEMCryptoLoadsCertificate : public OEMCryptoSessionTestKeyboxTest {
 protected:
  void CreateWrappedRSAKey(vector<uint8_t>* wrapped_key,
                           uint32_t allowed_schemes, bool force,
@@ -4493,12 +4526,11 @@ TEST_F(OEMCryptoClientTest, UpdateUsageTableTest) {
  EXPECT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
 }
-class UsageTableTest : public GenericCryptoTest,
+class UsageTableTest : public GenericCryptoTest {
                       public WithParamInterface<bool> {
 public:
  virtual void SetUp() {
    GenericCryptoTest::SetUp();
-    new_mac_keys_ = GetParam();
+    new_mac_keys_ = true;
  }
  void DeactivatePST(const std::string& pst) {
@@ -4542,7 +4574,19 @@ class UsageTableTest : public GenericCryptoTest,
  bool new_mac_keys_;
 };
-TEST_P(UsageTableTest, PSTReportSizes) {
+// Some usage tables we want to check a license either with or without a
 // new pair of mac keys in the license response.  This affects signatures after
 // the license is loaded.
 class UsageTableTestWithMAC : public UsageTableTest,
                              public WithParamInterface<bool> {
 public:
  virtual void SetUp() {
    UsageTableTest::SetUp();
    new_mac_keys_ = GetParam();
  }
 };
 TEST_F(UsageTableTest, PSTReportSizes) {
  OEMCrypto_PST_Report report;
  uint8_t* location = reinterpret_cast<uint8_t*>(&report);
  EXPECT_EQ(48u, sizeof(report));
@@ -4563,7 +4607,7 @@ TEST_P(UsageTableTest, PSTReportSizes) {
  EXPECT_EQ(48, field - location);
 }
-TEST_P(UsageTableTest, OnlineLicense) {
+TEST_P(UsageTableTestWithMAC, OnlineLicense) {
  std::string pst = "my_pst";
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
@@ -4600,7 +4644,7 @@ TEST_P(UsageTableTest, OnlineLicense) {
  s.TestDecryptCTR(false, OEMCrypto_ERROR_UNKNOWN_FAILURE);
 }
-TEST_P(UsageTableTest, RepeatOnlineLicense) {
+TEST_F(UsageTableTest, RepeatOnlineLicense) {
  std::string pst = "my_pst";
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
@@ -4630,7 +4674,7 @@ TEST_P(UsageTableTest, RepeatOnlineLicense) {
 }
 // A license with non-zero replay control bits needs a valid pst..
-TEST_P(UsageTableTest, OnlineEmptyPST) {
+TEST_F(UsageTableTest, OnlineEmptyPST) {
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
  s.open();
@@ -4648,7 +4692,7 @@ TEST_P(UsageTableTest, OnlineEmptyPST) {
  s.close();
 }
-TEST_P(UsageTableTest, EmptyTable) {
+TEST_F(UsageTableTest, EmptyTable) {
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
  s.open();
@@ -4668,7 +4712,7 @@ TEST_P(UsageTableTest, EmptyTable) {
  s2.close();
 }
-TEST_P(UsageTableTest, FiftyEntries) {
+TEST_F(UsageTableTest, FiftyEntries) {
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s1;
  s1.open();
@@ -4741,7 +4785,7 @@ TEST_P(UsageTableTest, FiftyEntries) {
  s1.close();
 }
-TEST_P(UsageTableTest, DeleteUnusedEntry) {
+TEST_P(UsageTableTestWithMAC, DeleteUnusedEntry) {
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
  s.open();
@@ -4770,7 +4814,7 @@ TEST_P(UsageTableTest, DeleteUnusedEntry) {
  s3.close();
 }
-TEST_P(UsageTableTest, DeleteActiveEntry) {
+TEST_P(UsageTableTestWithMAC, DeleteActiveEntry) {
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
  s.open();
@@ -4800,7 +4844,7 @@ TEST_P(UsageTableTest, DeleteActiveEntry) {
  s3.close();
 }
-TEST_P(UsageTableTest, ForceDeleteActiveEntry) {
+TEST_P(UsageTableTestWithMAC, ForceDeleteActiveEntry) {
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
  s.open();
@@ -4824,7 +4868,7 @@ TEST_P(UsageTableTest, ForceDeleteActiveEntry) {
  s3.close();
 }
-TEST_P(UsageTableTest, DeleteInactiveEntry) {
+TEST_P(UsageTableTestWithMAC, DeleteInactiveEntry) {
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
  s.open();
@@ -4855,7 +4899,7 @@ TEST_P(UsageTableTest, DeleteInactiveEntry) {
  s3.close();
 }
-TEST_P(UsageTableTest, DeleteEntryBadSignature) {
+TEST_P(UsageTableTestWithMAC, DeleteEntryBadSignature) {
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
  s.open();
@@ -4892,7 +4936,7 @@ TEST_P(UsageTableTest, DeleteEntryBadSignature) {
  s3.close();
 }
-TEST_P(UsageTableTest, DeleteEntryWrongSession) {
+TEST_P(UsageTableTestWithMAC, DeleteEntryWrongSession) {
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
  s.open();
@@ -4929,7 +4973,7 @@ TEST_P(UsageTableTest, DeleteEntryWrongSession) {
  s3.close();
 }
-TEST_P(UsageTableTest, DeleteEntryBadRange) {
+TEST_P(UsageTableTestWithMAC, DeleteEntryBadRange) {
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
  s.open();
@@ -4966,7 +5010,7 @@ TEST_P(UsageTableTest, DeleteEntryBadRange) {
  s3.close();
 }
-TEST_P(UsageTableTest, DeactivateBadPST) {
+TEST_P(UsageTableTestWithMAC, DeactivateBadPST) {
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  std::string pst = "nonexistant pst";
  OEMCryptoResult sts = OEMCrypto_DeactivateUsageEntry(
@@ -4978,7 +5022,7 @@ TEST_P(UsageTableTest, DeactivateBadPST) {
  EXPECT_EQ(OEMCrypto_ERROR_INVALID_CONTEXT, sts);
 }
-TEST_P(UsageTableTest, GenericCryptoEncrypt) {
+TEST_P(UsageTableTestWithMAC, GenericCryptoEncrypt) {
  std::string pst = "A PST";
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
@@ -5024,7 +5068,7 @@ TEST_P(UsageTableTest, GenericCryptoEncrypt) {
  EXPECT_NE(0, memcmp(encrypted, expected_encrypted, kBufferSize));
 }
-TEST_P(UsageTableTest, GenericCryptoDecrypt) {
+TEST_P(UsageTableTestWithMAC, GenericCryptoDecrypt) {
  std::string pst = "my_pst";
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
@@ -5070,7 +5114,7 @@ TEST_P(UsageTableTest, GenericCryptoDecrypt) {
  EXPECT_NE(0, memcmp(clear_buffer_, resultant, kBufferSize));
 }
-TEST_P(UsageTableTest, GenericCryptoSign) {
+TEST_P(UsageTableTestWithMAC, GenericCryptoSign) {
  std::string pst = "my_pst";
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
@@ -5127,7 +5171,7 @@ TEST_P(UsageTableTest, GenericCryptoSign) {
  ASSERT_NE(0, memcmp(signature, expected_signature, SHA256_DIGEST_LENGTH));
 }
-TEST_P(UsageTableTest, GenericCryptoVerify) {
+TEST_P(UsageTableTestWithMAC, GenericCryptoVerify) {
  std::string pst = "my_pst";
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
@@ -5173,14 +5217,14 @@ TEST_P(UsageTableTest, GenericCryptoVerify) {
  ASSERT_NE(OEMCrypto_SUCCESS, sts);
 }
-TEST_P(UsageTableTest, OfflineLicense) {
+TEST_P(UsageTableTestWithMAC, OfflineLicense) {
  std::string pst = "my_pst";
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
  LoadOfflineLicense(s, pst);
 }
-TEST_P(UsageTableTest, ReloadOfflineLicense) {
+TEST_P(UsageTableTestWithMAC, ReloadOfflineLicense) {
  std::string pst = "my_pst";
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
@@ -5208,7 +5252,7 @@ TEST_P(UsageTableTest, ReloadOfflineLicense) {
  s.close();
 }
-TEST_P(UsageTableTest, BadReloadOfflineLicense) {
+TEST_P(UsageTableTestWithMAC, BadReloadOfflineLicense) {
  std::string pst = "my_pst";
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
@@ -5240,7 +5284,7 @@ TEST_P(UsageTableTest, BadReloadOfflineLicense) {
 }
 // An offline license should not load on the first call if the nonce is bad.
-TEST_P(UsageTableTest, OfflineBadNonce) {
+TEST_P(UsageTableTestWithMAC, OfflineBadNonce) {
  std::string pst = "my_pst";
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
@@ -5261,7 +5305,7 @@ TEST_P(UsageTableTest, OfflineBadNonce) {
 }
 // An offline license needs a valid pst.
-TEST_P(UsageTableTest, OfflineEmptyPST) {
+TEST_P(UsageTableTestWithMAC, OfflineEmptyPST) {
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
  s.open();
@@ -5279,7 +5323,7 @@ TEST_P(UsageTableTest, OfflineEmptyPST) {
  s.close();
 }
-TEST_P(UsageTableTest, DeactivateOfflineLicense) {
+TEST_P(UsageTableTestWithMAC, DeactivateOfflineLicense) {
  std::string pst = "my_pst";
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
@@ -5317,7 +5361,7 @@ TEST_P(UsageTableTest, DeactivateOfflineLicense) {
  EXPECT_EQ(kInactive, s3.pst_report()->status);
 }
-TEST_P(UsageTableTest, BadRange) {
+TEST_P(UsageTableTestWithMAC, BadRange) {
  std::string pst = "my_pst";
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
@@ -5336,7 +5380,7 @@ TEST_P(UsageTableTest, BadRange) {
                         s.key_array(), pst_ptr, pst.length()));
 }
-TEST_P(UsageTableTest, TimingTest) {
+TEST_F(UsageTableTest, TimingTest) {
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  std::string pst1 = "my_pst_1";
  std::string pst2 = "my_pst_2";
@@ -5428,7 +5472,7 @@ TEST_P(UsageTableTest, TimingTest) {
  // We don't expect first or last decrypt for unused report.
 }
-TEST_P(UsageTableTest, VerifyUsageTimes) {
+TEST_F(UsageTableTest, VerifyUsageTimes) {
  std::string pst = "my_pst";
  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_UpdateUsageTable());
  Session s;
@@ -5524,7 +5568,7 @@ TEST_P(UsageTableTest, VerifyUsageTimes) {
  s.TestDecryptCTR(false, OEMCrypto_ERROR_UNKNOWN_FAILURE);
 }
-INSTANTIATE_TEST_CASE_P(TestUsageTables, UsageTableTest,
+INSTANTIATE_TEST_CASE_P(TestUsageTables, UsageTableTestWithMAC,
                        Values(true, false));  // With and without new_mac_keys.
 }  // namespace wvoec
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_test_android.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test_android.cpp
@@ -86,10 +86,9 @@ TEST_F(OEMCryptoAndroidMNCTest, MinVersionNumber10) {
  ASSERT_GE(version, 10u);
 }
-// TODO(fredgc): b/18962381
+TEST_F(OEMCryptoAndroidMNCTest, LoadsTestKeyboxImplemented) {
-// TEST_F(OEMCryptoAndroidMNCTest, LoadsTestKeyboxImplemented) {
+  ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_LoadTestKeybox());
-//   ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_LoadTestKeybox());
+}
 // }
 TEST_F(OEMCryptoAndroidMNCTest, NumberOfSessionsImplemented) {
  ASSERT_NE(OEMCrypto_ERROR_NOT_IMPLEMENTED,
@@ -98,10 +97,9 @@ TEST_F(OEMCryptoAndroidMNCTest, NumberOfSessionsImplemented) {
            OEMCrypto_GetMaxNumberOfSessions(NULL));
 }
-// TODO(fredgc): b/18503541
+TEST_F(OEMCryptoAndroidMNCTest, QueryKeyControlImplemented) {
-// TEST_F(OEMCryptoAndroidMNCTest, QueryKeyControlImplemented) {
+  ASSERT_NE(OEMCrypto_ERROR_NOT_IMPLEMENTED,
-//   ASSERT_NE(OEMCrypto_ERROR_NOT_IMPLEMENTED,
+            OEMCrypto_QueryKeyControl(0, NULL, 0, NULL, NULL));
-//             OEMCrypto_QueryKeyControl(0, NULL, 0, NULL, NULL));
+}
 // }
 }  // namespace wvoec
--- a/libwvdrmengine/run_all_unit_tests.sh
+++ b/libwvdrmengine/run_all_unit_tests.sh
@@ -7,7 +7,7 @@ failed_tests=()
 adb_shell_run() {
  local tmp_log="$OUT/mediadrmtest.log"
  local adb_error="[ADB SHELL] $@ failed"
-  adb shell $@ \|\| echo "$adb_error" | tee "$tmp_log"
+  adb shell GTEST_FILTER=$GTEST_FILTER $@ \|\| echo "$adb_error" | tee "$tmp_log"
  ! grep -Fq "$adb_error" "$tmp_log"
  local result=$?
  if [ $result -ne 0 ]; then
@@ -24,6 +24,7 @@ fi
 echo "waiting for device"
 adb root && adb wait-for-device remount
 adb_shell_run FORCE_LEVEL3_OEMCRYPTO=yes /system/bin/oemcrypto_test
 adb_shell_run /system/bin/oemcrypto_test
 adb_shell_run /system/bin/request_license_test
 # cdm_extended_duration_test takes >30 minutes to run.