From ca404aae6fe0d6595ab3a53789aea031b99c6881 Mon Sep 17 00:00:00 2001
From: Fred Gylys-Colwell <fredgc@google.com>
Date: Thu, 26 Mar 2020 13:55:20 -0700
Subject: [PATCH] Add unit test for preloaded license

Merge from Widevine repo of http://go/wvgerrit/96508

This adds a unit test for to verify that a preloaded license may be
loaded into OEMCrypto. A preloaded license is a license that does not
have a nonce, and for which there is no license request. This is used
in CAS and ATSC.

I also updated the test version string to
OEMCrypto unit tests for API 16.2. Tests last updated 2020-03-27

Bug: 144105097
Test: ran oemcrypto unit tests on taimen and with v16 modmock.
Change-Id: I6a4926917f36a084d15defa7b908d067612c4dcf
---
 .../oemcrypto/ref/src/oemcrypto_session.cpp   |  1 +
 .../oemcrypto/test/oec_session_util.cpp       |  3 ---
 .../oemcrypto/test/oec_session_util.h         |  3 ++-
 .../oemcrypto/test/oemcrypto_test.cpp         | 21 ++++++++++++++++++-
 4 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_session.cpp b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_session.cpp
index a3ea95ef..3f9ddf88 100644
--- a/libwvdrmengine/oemcrypto/ref/src/oemcrypto_session.cpp
+++ b/libwvdrmengine/oemcrypto/ref/src/oemcrypto_session.cpp
@@ -190,6 +190,7 @@ SessionContext::SessionContext(CryptoEngine* ce, SessionId sid,
       id_(sid),
       current_content_key_(nullptr),
       session_keys_(nullptr),
+      license_request_hash_(),
       rsa_key_(rsa_key),
       allowed_schemes_(kSign_RSASSA_PSS),
       decrypt_started_(false),
diff --git a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp
index b3844e66..3eab9b53 100644
--- a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp
+++ b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp
@@ -586,9 +586,6 @@ void LicenseRoundTrip::EncryptAndSignResponse() {
   memcpy(encrypted_response_.data() + serialized_core_message_.size(),
          reinterpret_cast<const uint8_t*>(&encrypted_response_data_),
          sizeof(encrypted_response_data_));
-  if (global_features.provisioning_method == OEMCrypto_OEMCertificate) {
-    session()->GenerateDerivedKeysFromSessionKey();
-  }
   session()->key_deriver().ServerSignBuffer(encrypted_response_.data(),
                                             encrypted_response_.size(),
                                             &response_signature_);
diff --git a/libwvdrmengine/oemcrypto/test/oec_session_util.h b/libwvdrmengine/oemcrypto/test/oec_session_util.h
index 77a3f9ba..36848d52 100644
--- a/libwvdrmengine/oemcrypto/test/oec_session_util.h
+++ b/libwvdrmengine/oemcrypto/test/oec_session_util.h
@@ -283,7 +283,8 @@ class LicenseRoundTrip
         update_mac_keys_(true),
         api_version_(kCurrentAPI),
         expect_request_has_correct_nonce_(true),
-        license_type_(OEMCrypto_ContentLicense) {}
+        license_type_(OEMCrypto_ContentLicense),
+        request_hash_() {}
   void CreateDefaultResponse() override;
   // Create a license with four keys. Each key is responsible for one of generic
   // encrypt (key 0), decrypt (key 1), sign (key 2) and verify (key 3). Each key
diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
index 48ecee21..df8106cf 100644
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
@@ -191,7 +191,7 @@ class OEMCryptoClientTest : public ::testing::Test, public SessionUtil {
 // tests are failing when the device has the wrong keybox installed.
 TEST_F(OEMCryptoClientTest, VersionNumber) {
   const std::string log_message =
-      "OEMCrypto unit tests for API 16.2. Tests last updated 2020-03-18";
+      "OEMCrypto unit tests for API 16.2. Tests last updated 2020-03-27";
   cout << "             " << log_message << "\n";
   LOGI("%s", log_message.c_str());
   // If any of the following fail, then it is time to update the log message
@@ -874,6 +874,25 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyNoNonce) {
   ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
 }
 
+// Verify that a preloaded license may be loaded without first signing the
+// request. This test is important for the preloaded licenses used by ATSC and
+// CAS.
+TEST_P(OEMCryptoLicenseTest, LoadKeyWithNoRequest) {
+  if (license_api_version_ > global_features.api_version) {
+    // We should not attempt to preload a license with an API higher than that
+    // of OEMCrypto.
+    license_api_version_ = global_features.api_version;
+    license_messages_.set_api_version(license_api_version_);
+  }
+  license_messages_.set_control(0);
+  // The test code uses the core request to create the core response.
+  license_messages_.core_request().api_major_version = ODK_MAJOR_VERSION;
+  license_messages_.core_request().api_minor_version = ODK_MINOR_VERSION;
+  ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
+  ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
+  ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
+}
+
 // Verify that a license may be loaded with a nonce.
 TEST_P(OEMCryptoLicenseTest, LoadKeyWithNonce) {
   ASSERT_NO_FATAL_FAILURE(session_.GenerateNonce());