Small changes to refactored unit tests

Merge from Widevine repo of http://go/wvgerrit/169064

This CL should cleanup some minor issues that existed after the initial
CLs refactoring the unit tests went in. The issues fixed should be:
1) duplicate decrypt tests
2) decrypt tests added to be run
3) removed unecessary header files
4) refactored some provisioning tests that I had previously overlooked

Bug: 253779846
Merged from https://widevine-internal-review.googlesource.com/167537

Change-Id: Ic474fbcf69a08c0482b5e74d0c80be2cd16702d8

libwvdrmengine/oemcrypto/test/common.mk

@@ -17,6 +17,7 @@ LOCAL_SRC_FILES:= \
   oemcrypto_corpus_generator_helper.cpp \
   oemcrypto_session_tests_helper.cpp \
   oemcrypto_basic_test.cpp \
+  oemcrypto_decrypt_test.cpp \
   oemcrypto_license_test.cpp \
   oemcrypto_provisioning_test.cpp \
   oemcrypto_usage_table_test.cpp \

libwvdrmengine/oemcrypto/test/oemcrypto_basic_test.h

@@ -12,8 +12,8 @@
 #include <gtest/gtest.h>
 
 #include "OEMCryptoCENC.h"
-#include "oec_session_util.h"
 #include "oemcrypto_session_tests_helper.h"
+
 namespace wvoec {
 
 const char* HDCPCapabilityAsString(OEMCrypto_HDCP_Capability value);

libwvdrmengine/oemcrypto/test/oemcrypto_decrypt_test.cpp

@@ -4,11 +4,7 @@
 //
 
 #include "oemcrypto_decrypt_test.h"
-#include "log.h"
+
-#include "oemcrypto_basic_test.h"
-#include "oemcrypto_resource_test.h"
-#include "oemcrypto_session_tests_helper.h"
-#include "platform.h"
 #include "test_sleep.h"
 
 using ::testing::Combine;

libwvdrmengine/oemcrypto/test/oemcrypto_decrypt_test.h

@@ -12,11 +12,8 @@
 #include "OEMCryptoCENC.h"
 #include "log.h"
 #include "oec_decrypt_fallback_chain.h"
-#include "oec_session_util.h"
 #include "oemcrypto_basic_test.h"
 #include "oemcrypto_license_test.h"
-#include "oemcrypto_resource_test.h"
-#include "oemcrypto_session_tests_helper.h"
 
 namespace wvoec {
 

libwvdrmengine/oemcrypto/test/oemcrypto_license_test.cpp

@@ -4,10 +4,7 @@
 //
 
 #include "oemcrypto_license_test.h"
-#include "log.h"
+
-#include "oemcrypto_basic_test.h"
-#include "oemcrypto_resource_test.h"
-#include "oemcrypto_session_tests_helper.h"
 #include "platform.h"
 
 namespace wvoec {

libwvdrmengine/oemcrypto/test/oemcrypto_license_test.h

@@ -12,11 +12,9 @@
 #include "OEMCryptoCENC.h"
 #include "clock.h"
 #include "log.h"
-#include "oec_session_util.h"
 #include "oemcrypto_basic_test.h"
 #include "oemcrypto_corpus_generator_helper.h"
 #include "oemcrypto_resource_test.h"
-#include "oemcrypto_session_tests_helper.h"
 #include "wvcrc32.h"
 
 using ::testing::WithParamInterface;

libwvdrmengine/oemcrypto/test/oemcrypto_provisioning_test.cpp

@@ -6,9 +6,6 @@
 #include "oemcrypto_provisioning_test.h"
 
 #include "log.h"
-#include "oemcrypto_basic_test.h"
-#include "oemcrypto_resource_test.h"
-#include "oemcrypto_session_tests_helper.h"
 #include "platform.h"
 
 namespace wvoec {
@@ -623,5 +620,250 @@ TEST_F(OEMCryptoProv40Test, ProvisionDrmCert) {
   ASSERT_EQ(s.IsPublicKeySet(), true);
 }
 
+TEST_F(OEMCryptoLoadsCertificate, PrepAndSignLicenseRequestCounterAPI18) {
+  ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
+  Session s;
+  ASSERT_NO_FATAL_FAILURE(s.open());
+  ASSERT_NO_FATAL_FAILURE(s.LoadWrappedRsaDrmKey(wrapped_drm_key_));
+  s.GenerateNonce();
+
+  size_t core_message_length = 100;
+  std::vector<uint8_t> message(128, 0);
+  std::vector<uint8_t> signature(256, 0);
+  size_t signature_length = signature.size();
+
+  OEMCryptoResult result = OEMCrypto_PrepAndSignLicenseRequest(
+      s.session_id(), message.data(), message.size(), &core_message_length,
+      signature.data(), &signature_length);
+
+  ASSERT_EQ(OEMCrypto_SUCCESS, result);
+}
+
+// This test verifies that we can create a wrapped RSA key, and then reload it.
+TEST_F(OEMCryptoLoadsCertificate, LoadRSASessionKey) {
+  ASSERT_NO_FATAL_FAILURE(CreateWrappedDRMKey());
+  Session s;
+  ASSERT_NO_FATAL_FAILURE(s.open());
+  ASSERT_NO_FATAL_FAILURE(s.LoadWrappedRsaDrmKey(wrapped_drm_key_));
+}
+
+TEST_F(OEMCryptoLoadsCertificate, SignProvisioningRequest) {
+  Session s;
+  ASSERT_NO_FATAL_FAILURE(s.open());
+  if (global_features.provisioning_method == OEMCrypto_OEMCertificate) {
+    s.LoadOEMCert(true);
+  } else {
+    EXPECT_EQ(global_features.provisioning_method, OEMCrypto_Keybox);
+    s.GenerateDerivedKeysFromKeybox(keybox_);
+  }
+  ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
+}
+
+// This tests a large message size. The size is larger than we required in v15.
+TEST_F(OEMCryptoLoadsCertificate, SignLargeProvisioningRequestAPI16) {
+  Session s;
+  ASSERT_NO_FATAL_FAILURE(s.open());
+  if (global_features.provisioning_method == OEMCrypto_OEMCertificate) {
+    s.LoadOEMCert(true);
+  } else {
+    EXPECT_EQ(global_features.provisioning_method, OEMCrypto_Keybox);
+    s.GenerateDerivedKeysFromKeybox(keybox_);
+  }
+  ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
+  const size_t max_size = GetResourceValue(kLargeMessageSize);
+  provisioning_messages.set_message_size(max_size);
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
+}
+
+// This creates a wrapped RSA key, and then does the sanity check that the
+// unencrypted key is not found in the wrapped key.  The wrapped key should be
+// encrypted.
+TEST_F(OEMCryptoLoadsCertificate, CertificateProvision) {
+  Session s;
+  ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
+  provisioning_messages.PrepareSession(keybox_);
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  ASSERT_EQ(OEMCrypto_SUCCESS, provisioning_messages.LoadResponse());
+  // We should not be able to find the rsa key in the wrapped key. It should
+  // be encrypted.
+  EXPECT_EQ(nullptr, find(provisioning_messages.wrapped_rsa_key(),
+                          provisioning_messages.encoded_rsa_key()));
+}
+
+// Verify that RewrapDeviceRSAKey checks pointers are within the provisioning
+// message.
+TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange1_API16) {
+  Session s;
+  ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
+  provisioning_messages.PrepareSession(keybox_);
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  // Encrypt and sign once, so that we can use the size of the response.
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  provisioning_messages.core_response().enc_private_key.offset =
+      provisioning_messages.encrypted_response_buffer().size() + 1;
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  ASSERT_NE(OEMCrypto_SUCCESS, provisioning_messages.LoadResponse());
+  provisioning_messages.VerifyLoadFailed();
+}
+
+// Verify that RewrapDeviceRSAKey checks pointers are within the provisioning
+// message.
+TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange2_API16) {
+  Session s;
+  ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
+  provisioning_messages.PrepareSession(keybox_);
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  // Encrypt and sign once, so that we can use the size of the response.
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  provisioning_messages.core_response().enc_private_key_iv.offset =
+      provisioning_messages.encrypted_response_buffer().size() + 1;
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  ASSERT_NE(OEMCrypto_SUCCESS, provisioning_messages.LoadResponse());
+  provisioning_messages.VerifyLoadFailed();
+}
+
+// Verify that RewrapDeviceRSAKey checks pointers are within the provisioning
+// message.
+TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange3_API16) {
+  Session s;
+  ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
+  provisioning_messages.PrepareSession(keybox_);
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  // Encrypt and sign once, so that we can use the size of the response.
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  // If the offset is before the end, but the offset+length is bigger, then
+  // the message should be rejected.
+  provisioning_messages.core_response().enc_private_key.offset =
+      provisioning_messages.encrypted_response_buffer().size() - 5;
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  ASSERT_NE(OEMCrypto_SUCCESS, provisioning_messages.LoadResponse());
+  provisioning_messages.VerifyLoadFailed();
+}
+
+// Verify that RewrapDeviceRSAKey checks pointers are within the provisioning
+// message.
+TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange4_API16) {
+  Session s;
+  ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
+  provisioning_messages.PrepareSession(keybox_);
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  // Encrypt and sign once, so that we can use the size of the response.
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  // If the offset is before the end, but the offset+length is bigger, then
+  // the message should be rejected.
+  provisioning_messages.core_response().enc_private_key_iv.offset =
+      provisioning_messages.encrypted_response_buffer().size() - 5;
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  ASSERT_NE(OEMCrypto_SUCCESS, provisioning_messages.LoadResponse());
+  provisioning_messages.VerifyLoadFailed();
+}
+
+// Verify that RewrapDeviceRSAKey checks pointers are within the provisioning
+// message.
+TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange5Prov30_API16) {
+  Session s;
+  ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
+  provisioning_messages.PrepareSession(keybox_);
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  // Encrypt and sign once, so that we can use the size of the response.
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  // If the offset is before the end, but the offset+length is bigger, then
+  // the message should be rejected.
+  provisioning_messages.core_response().encrypted_message_key.offset =
+      provisioning_messages.encrypted_response_buffer().size() + 1;
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  ASSERT_NE(OEMCrypto_SUCCESS, provisioning_messages.LoadResponse());
+  provisioning_messages.VerifyLoadFailed();
+}
+
+// Test that RewrapDeviceRSAKey verifies the message signature.
+// TODO(b/144186970): This test should also run on Prov 3.0 devices.
+TEST_F(OEMCryptoLoadsCertificate,
+       CertificateProvisionBadSignatureKeyboxTestAPI16) {
+  Session s;
+  ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
+  provisioning_messages.PrepareSession(keybox_);
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  provisioning_messages.response_signature()[4] ^= 42;  // bad signature.
+  ASSERT_EQ(OEMCrypto_ERROR_SIGNATURE_FAILURE,
+            provisioning_messages.LoadResponse());
+  provisioning_messages.VerifyLoadFailed();
+}
+
+// Test that RewrapDeviceRSAKey verifies the nonce is current.
+TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadNonce_API16) {
+  Session s;
+  ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
+  provisioning_messages.PrepareSession(keybox_);
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
+  provisioning_messages.core_request().nonce ^= 42;  // bad nonce.
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  ASSERT_EQ(OEMCrypto_ERROR_INVALID_NONCE,
+            provisioning_messages.LoadResponse());
+  provisioning_messages.VerifyLoadFailed();
+}
+
+// Test that RewrapDeviceRSAKey verifies the RSA key is valid.
+TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRSAKey) {
+  Session s;
+  ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
+  provisioning_messages.PrepareSession(keybox_);
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  provisioning_messages.response_data().rsa_key[4] ^= 42;  // bad key.
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  ASSERT_NE(OEMCrypto_SUCCESS, provisioning_messages.LoadResponse());
+  provisioning_messages.VerifyLoadFailed();
+}
+
+// Test that RewrapDeviceRSAKey verifies the RSA key is valid.
+// TODO(b/144186970): This test should also run on Prov 3.0 devices.
+TEST_F(OEMCryptoLoadsCertificate,
+       CertificateProvisionBadRSAKeyKeyboxTestAPI16) {
+  Session s;
+  ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
+  provisioning_messages.PrepareSession(keybox_);
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  size_t rsa_offset =
+      provisioning_messages.core_response().enc_private_key.offset;
+  // Offsets are relative to the message body, after the core message.
+  rsa_offset += provisioning_messages.serialized_core_message().size();
+  rsa_offset += 4;  // Change the middle of the key.
+  provisioning_messages.encrypted_response_buffer()[rsa_offset] ^= 42;
+  ASSERT_EQ(OEMCrypto_ERROR_SIGNATURE_FAILURE,
+            provisioning_messages.LoadResponse());
+  provisioning_messages.VerifyLoadFailed();
+}
+
+// Test that RewrapDeviceRSAKey accepts the maximum message size.
+TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionLargeBuffer) {
+  Session s;
+  ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
+  const size_t max_size = GetResourceValue(kLargeMessageSize);
+  provisioning_messages.set_message_size(max_size);
+  provisioning_messages.PrepareSession(keybox_);
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  ASSERT_EQ(OEMCrypto_SUCCESS, provisioning_messages.LoadResponse());
+  // We should not be able to find the rsa key in the wrapped key. It should
+  // be encrypted.
+  EXPECT_EQ(nullptr, find(provisioning_messages.wrapped_rsa_key(),
+                          provisioning_messages.encoded_rsa_key()));
+}
+
 /// @}
 }  // namespace wvoec

libwvdrmengine/oemcrypto/test/oemcrypto_provisioning_test.h

@@ -8,11 +8,12 @@
 #define CDM_OEMCRYPTO_PROVISIONING_TEST_
 
 #include <gtest/gtest.h>
-#include "oemcrypto_basic_test.h"
 
 #include "OEMCryptoCENC.h"
-#include "oec_session_util.h"
+#include "oemcrypto_basic_test.h"
-#include "oemcrypto_session_tests_helper.h"
+#include "oemcrypto_license_test.h"
+#include "oemcrypto_resource_test.h"
+
 namespace wvoec {
 
 // Tests using this class are only used for devices with a keybox.  They are not
@@ -39,6 +40,77 @@ class OEMCryptoProv30Test : public OEMCryptoClientTest {};
 // This class is for tests that have boot certificate chain instead of a keybox.
 class OEMCryptoProv40Test : public OEMCryptoClientTest {};
 
+//
+// Certificate Root of Trust Tests
+//
+class OEMCryptoLoadsCertificate : public OEMCryptoSessionTestKeyboxTest {
+ protected:
+  void TestPrepareProvisioningRequestForHugeBufferLengths(
+      const std::function<void(size_t, ProvisioningRoundTrip*)> f,
+      bool check_status) {
+    auto oemcrypto_function = [&](size_t message_length) {
+      Session s;
+      s.open();
+      if (global_features.provisioning_method == OEMCrypto_OEMCertificate) {
+        s.LoadOEMCert(true);
+      } else {
+        s.GenerateDerivedKeysFromKeybox(keybox_);
+      }
+      ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
+      f(message_length, &provisioning_messages);
+      return provisioning_messages
+          .SignAndCreateRequestWithCustomBufferLengths();
+    };
+    TestHugeLengthDoesNotCrashAPI(oemcrypto_function, check_status);
+  }
+
+  void TestLoadProvisioningForHugeBufferLengths(
+      const std::function<void(size_t, ProvisioningRoundTrip*)> f,
+      bool check_status, bool update_core_message_substring_values) {
+    auto oemcrypto_function = [&](size_t message_length) {
+      Session s;
+      ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
+      provisioning_messages.PrepareSession(keybox_);
+      provisioning_messages.SignAndVerifyRequest();
+      provisioning_messages.CreateDefaultResponse();
+      if (update_core_message_substring_values) {
+        // Make provisioning message big enough so that updated core message
+        // substring offset and length values from tests are still able to read
+        // valid data from provisioning_message buffer rather than some garbage
+        // data.
+        provisioning_messages.set_message_size(
+            sizeof(provisioning_messages.response_data()) + message_length);
+      }
+      f(message_length, &provisioning_messages);
+      provisioning_messages
+          .EncryptAndSignResponseWithoutUpdatingEncPrivateKeyLength();
+      OEMCryptoResult result = provisioning_messages.LoadResponse();
+      s.close();
+      return result;
+    };
+    TestHugeLengthDoesNotCrashAPI(oemcrypto_function, check_status);
+  }
+
+  void TestLoadProvisioningForOutOfRangeSubstringOffsetAndLengths(
+      const std::function<void(size_t, ProvisioningRoundTrip*)> f) {
+    Session s;
+    ProvisioningRoundTrip provisioning_messages(&s, encoded_rsa_key_);
+    provisioning_messages.PrepareSession(keybox_);
+    provisioning_messages.SignAndVerifyRequest();
+    provisioning_messages.CreateDefaultResponse();
+    size_t message_length = sizeof(provisioning_messages.response_data());
+    f(message_length, &provisioning_messages);
+    provisioning_messages
+        .EncryptAndSignResponseWithoutUpdatingEncPrivateKeyLength();
+    OEMCryptoResult result = provisioning_messages.LoadResponse();
+    s.close();
+    // Verifying error is not due to signature failure which can be caused due
+    // to test code.
+    ASSERT_NE(OEMCrypto_ERROR_SIGNATURE_FAILURE, result);
+    ASSERT_NE(OEMCrypto_SUCCESS, result);
+  }
+};
+
 }  // namespace wvoec
 
 #endif  // CDM_OEMCRYPTO_PROVISIONING_TEST_