Test max number of DRM private keys

[ Merge of http://go/wvgerrit/143909 ]

The max. number of DRM keys that can be loaded depends on the resource
rating.

Add a test to verify:
1. We can load up to MAX. drm keys
2. Loading the MAX+1 key can fail
3. The loaded keys should work even if loading other keys failed

Bug: 209084113
Test: opk_ta, run_x86_64_tests, run_level3_static_tests,
run_fake_l1_tests
Test: GtsMediaTestCases on sunfish

Change-Id: Ib9821e8a1994d41d3e9c2063440c109a2332ba89

libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp

@@ -172,6 +172,7 @@ const size_t kMaxConcurrentSession[] = {  10,      20,      30,     40};
 const size_t kMaxKeysPerSession[] = {      4,      20,      20,     30};
 const size_t kMaxTotalKeys[] = {          16,      40,      80,     90};
 const size_t kLargeMessageSize[] = {   8*KiB,   8*KiB,  16*KiB, 32*KiB};
+const size_t kMaxTotalDRMPrivateKeys[] = { 2,       4,       6,      8};
 // Note: Frame rate and simultaneous playback are specified by resource rating,
 // but are tested at the system level, so there are no unit tests for frame
 // rate. Similarly, number of subsamples for AV1
@@ -5902,6 +5903,55 @@ TEST_F(OEMCryptoLoadsCertificate, TestMultipleRSAKeys) {
   ASSERT_NO_FATAL_FAILURE(s1.TestDecryptCTR());
 }
 
+// This tests the maximum number of DRM private keys that OEMCrypto can load
+TEST_F(OEMCryptoLoadsCertificate, TestMaxDRMKeys) {
+  const size_t max_total_keys = GetResourceValue(kMaxTotalDRMPrivateKeys);
+  std::vector<std::unique_ptr<Session>> sessions;
+  std::vector<std::unique_ptr<LicenseRoundTrip>> licenses;
+
+  // It should be able to load up to kMaxTotalDRMPrivateKeys keys
+  for (size_t i = 0; i < max_total_keys; i++) {
+    sessions.push_back(std::unique_ptr<Session>(new Session()));
+    licenses.push_back(std::unique_ptr<LicenseRoundTrip>(
+        new LicenseRoundTrip(sessions[i].get())));
+    const size_t key_index = i % kTestRSAPKCS8PrivateKeys_2048.size();
+    encoded_rsa_key_.assign(kTestRSAPKCS8PrivateKeys_2048[key_index].begin(),
+                            kTestRSAPKCS8PrivateKeys_2048[key_index].end());
+    ASSERT_NO_FATAL_FAILURE(CreateWrappedRSAKey());
+    ASSERT_NO_FATAL_FAILURE(sessions[i]->open());
+    ASSERT_NO_FATAL_FAILURE(sessions[i]->PreparePublicKey(
+        encoded_rsa_key_.data(), encoded_rsa_key_.size()));
+    ASSERT_NO_FATAL_FAILURE(
+        sessions[i]->InstallRSASessionTestKey(wrapped_rsa_key_));
+  }
+
+  // Attempts to load one more key than the kMaxTotalDRMPrivateKeys
+  Session s;
+  encoded_rsa_key_.assign(kTestRSAPKCS8PrivateKeyInfo3_3072,
+                          kTestRSAPKCS8PrivateKeyInfo3_3072 +
+                              sizeof(kTestRSAPKCS8PrivateKeyInfo3_3072));
+  Session ps;
+  ProvisioningRoundTrip provisioning_messages(&ps, encoded_rsa_key_);
+  provisioning_messages.PrepareSession(keybox_);
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  OEMCryptoResult result = provisioning_messages.LoadResponse();
+  // Key loading is allowed to fail due to resource restriction
+  if (result != OEMCrypto_SUCCESS) {
+    ASSERT_TRUE(result == OEMCrypto_ERROR_INSUFFICIENT_RESOURCES ||
+                result == OEMCrypto_ERROR_TOO_MANY_KEYS);
+  }
+  // Verifies that the DRM keys which are already loaded should still function
+  for (size_t i = 0; i < licenses.size(); i++) {
+    ASSERT_NO_FATAL_FAILURE(licenses[i]->SignAndVerifyRequest());
+    ASSERT_NO_FATAL_FAILURE(licenses[i]->CreateDefaultResponse());
+    ASSERT_NO_FATAL_FAILURE(licenses[i]->EncryptAndSignResponse());
+    ASSERT_EQ(OEMCrypto_SUCCESS, licenses[i]->LoadResponse());
+    ASSERT_NO_FATAL_FAILURE(sessions[i]->TestDecryptCTR());
+  }
+}
+
 // Devices that load certificates, should at least support RSA 2048 keys.
 TEST_F(OEMCryptoLoadsCertificate, SupportsCertificatesAPI13) {
   ASSERT_NE(0u,