From b8e13cec2dd594f50a539b0f1b990dcf4d467d01 Mon Sep 17 00:00:00 2001
From: "John W. Bruce" <juce@google.com>
Date: Tue, 26 May 2020 18:04:42 -0700
Subject: [PATCH] OEMCrypto Unit Test Fix: Do Not Derive Keys Immediately

(This is a merge of http://go/wvgerrit/100053.)

The OEMCrypto Unit Tests were previously deriving keys from the session
key as part of loading the test RSA key. This creates an invalid
function call order, since the OEMCrypto session will likely next be
used for actions that need to be done *before* deriving these keys. With
ODKiTEE, which is more strict about this order, all OEMCrypto tests were
failing.

Bug: 156655072
Test: OEMCrypto Unit Tests
Change-Id: Ibfede587da30cfff4a44a5e0687e4199b1430372
---
 libwvdrmengine/oemcrypto/test/oec_session_util.cpp       | 9 ++++-----
 .../oemcrypto/test/oemcrypto_session_tests_helper.cpp    | 2 +-
 libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp         | 3 +++
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp
index c64f979b..769aec75 100644
--- a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp
+++ b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp
@@ -1014,7 +1014,7 @@ void Session::GenerateDerivedKeysFromSessionKey() {
   // Uses test certificate.
   vector<uint8_t> session_key;
   vector<uint8_t> enc_session_key;
-  if (public_rsa_ == nullptr) PreparePublicKey();
+  ASSERT_NE(public_rsa_, nullptr) << "No public RSA key loaded in test code.";
   // A failure here probably indicates that there is something wrong with the
   // test program and its dependency on BoringSSL.
   ASSERT_TRUE(GenerateRSASessionKey(&session_key, &enc_session_key));
@@ -1303,12 +1303,11 @@ void Session::VerifyRSASignature(const vector<uint8_t>& message,
                                  const uint8_t* signature,
                                  size_t signature_length,
                                  RSA_Padding_Scheme padding_scheme) {
-  EXPECT_TRUE(nullptr != public_rsa_)
-      << "No public RSA key loaded in test code.\n";
+  ASSERT_NE(public_rsa_, nullptr) << "No public RSA key loaded in test code.";
 
-  EXPECT_EQ(static_cast<size_t>(RSA_size(public_rsa_)), signature_length)
+  ASSERT_EQ(static_cast<size_t>(RSA_size(public_rsa_)), signature_length)
       << "Signature size is wrong. " << signature_length << ", should be "
-      << RSA_size(public_rsa_) << "\n";
+      << RSA_size(public_rsa_);
 
   if (padding_scheme == kSign_RSASSA_PSS) {
     boringssl_ptr<EVP_PKEY, EVP_PKEY_free> pkey(EVP_PKEY_new());
diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_session_tests_helper.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_session_tests_helper.cpp
index 9e2bc7e7..da8d5ec2 100644
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_session_tests_helper.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_session_tests_helper.cpp
@@ -81,6 +81,6 @@ void SessionUtil::InstallTestRSAKey(Session* s) {
     ASSERT_NO_FATAL_FAILURE(s->InstallRSASessionTestKey(wrapped_rsa_key_));
   }
   // Test RSA key should be loaded.
-  ASSERT_NO_FATAL_FAILURE(s->GenerateDerivedKeysFromSessionKey());
+  ASSERT_NO_FATAL_FAILURE(s->PreparePublicKey());
 }
 }  // namespace wvoec
diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
index 3526d57f..e584e20f 100644
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
@@ -688,6 +688,7 @@ TEST_F(OEMCryptoProv30Test, GetCertOnlyAPI16) {
   ASSERT_NO_FATAL_FAILURE(s.open());
   // Install the DRM Cert's RSA key.
   ASSERT_NO_FATAL_FAILURE(s.InstallRSASessionTestKey(wrapped_rsa_key_));
+  ASSERT_NO_FATAL_FAILURE(s.PreparePublicKey());
   // Request the OEM Cert. -- This should NOT load the OEM Private key.
   vector<uint8_t> public_cert;
   size_t public_cert_length = 0;
@@ -4885,6 +4886,7 @@ class LicenseWithUsageEntry {
     ASSERT_NO_FATAL_FAILURE(session_.open());
     ASSERT_NO_FATAL_FAILURE(session_.ReloadUsageEntry());
     ASSERT_NO_FATAL_FAILURE(util->InstallTestRSAKey(&session_));
+    ASSERT_NO_FATAL_FAILURE(session_.GenerateDerivedKeysFromSessionKey());
     ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
   }
 
@@ -6008,6 +6010,7 @@ TEST_P(OEMCryptoUsageTableTest, ReloadUsageTableWithSkew) {
                                      old_usage_entry_1.data(),
                                      old_usage_entry_1.size()));
   ASSERT_NO_FATAL_FAILURE(InstallTestRSAKey(&s));
+  ASSERT_NO_FATAL_FAILURE(s.GenerateDerivedKeysFromSessionKey());
   ASSERT_EQ(OEMCrypto_SUCCESS, entry.license_messages().LoadResponse());
 }