Merge changes from topics "presubmit-am-0d92e9728c2d40da892bd450843310cb", "presubmit-am-11f8881adcb544ca8682231293b0f1c7", "presubmit-am-30bc14671b7b4b309e57b8600f46b32b", "presubmit-am-35012549d66140dd9d446b5eedf6e274", "presubmit-am-374672395de04b7b8f697a54e16be928", "presubmit-am-48d77602d3694ced89dd6e82a89fa646", "presubmit-am-4f8d5681247e4064a298d1e5263c41be", "presubmit-am-89930436636343d5a779bc06ccc307dc", "presubmit-am-904492a27e4449e78cf21dd9f4ab8ff0", "presubmit-am-90646715a3284730bf356bb6f4634729", "presubmit-am-a1ae313a0fde4696b7fb8c4390d3a94c", "presubmit-am-ae051fae1d06485ca7f12bcf265e8328", "presubmit-am-b4e6ace5be72409aab8e328c6f2a0288", "presubmit-am-dd16b680e0454031b2213179b22df7d7", "presubmit-am-e249264532da4839841f4cab3675fa61", "presubmit-am-e3a2f43ba2f84f429536270e16d0d251", "presubmit-am-e5f2e7a319d04b89950c63471d7f2458", "presubmit-am-ea47ff378925466c8c92e2ed9b58c461", "presubmit-am-f582c497c3274c7e84606cf3da4b09df" into tm-dev

* changes: Change the signature format requirement of OEMCrypto_GenerateCertificateKeyPair Fix EnsureProvisioned for double provisioning Update fuzz tests to match output desriptor struct Use default url to inform app of prov40 stages Fix key_control_iv in OEMCrypto tests Fix jenkins/opk_optee after v17 merge Remove old test license holder Generic crypto tests: use license holder Reboot tests: verify offline license is valid after reboot Policy integration tests: use license holder Integration tests: add license holder Reboot test: Initialize fake clock Reboot test: save large files Test max number of DRM private keys Merge oemcrypto-v17 to master Update cipher mode elsewhere Fix 1 ClangTidyBuild finding: Add out of bounds testing for LoadKeys() Separate invalid session test for ReuseUsageEntry
2022-03-17 16:39:36 +00:00
parent 9361eb803b 85310dfbf6
commit cff6103321
30 changed files with 2418 additions and 1351 deletions
--- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_copy_buffer_fuzz.cc
+++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_copy_buffer_fuzz.cc
@@ -14,7 +14,7 @@ void FreeOutputBuffers(OEMCrypto_SESSION session_id,
                       int* secure_fd) {
  switch (output_descriptor.type) {
    case OEMCrypto_BufferType_Clear: {
-      delete[] output_descriptor.buffer.clear.address;
+      delete[] output_descriptor.buffer.clear.clear_buffer;
      break;
    }
    case OEMCrypto_BufferType_Secure: {
@@ -32,7 +32,7 @@ bool InitializeOutputBuffers(OEMCrypto_SESSION session_id,
                             int* secure_fd, size_t input_buffer_size) {
  switch (output_descriptor.type) {
    case OEMCrypto_BufferType_Clear: {
-      output_descriptor.buffer.clear.address =
+      output_descriptor.buffer.clear.clear_buffer =
          new OEMCrypto_SharedMemory[input_buffer_size];
      return true;
    }
--- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_verify_fuzz.cc
+++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_verify_fuzz.cc
@@ -42,7 +42,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  license_api_fuzz.LoadLicense();
  OEMCrypto_SelectKey(session->session_id(), session->license().keys[0].key_id,
                      session->license().keys[0].key_id_length,
-                      OEMCrypto_CipherMode_CTR);
+                      OEMCrypto_CipherMode_CENC);
  // Calculate signature for in buffer.
  size_t signature_length = 0;
  OEMCrypto_Generic_Sign(session->session_id(), in_buffer.data(),
--- a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp
+++ b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp
@@ -749,9 +749,15 @@ void LicenseRoundTrip::FillCoreResponseSubstrings() {
    core_response_.key_array[i].key_data =
        FindSubstring(response_data_.keys[i].key_data,
                      response_data_.keys[i].key_data_length);
-    core_response_.key_array[i].key_control_iv =
-        FindSubstring(response_data_.keys[i].control_iv,
-                      sizeof(response_data_.keys[i].control_iv));
+    if (core_request().api_major_version < kClearControlBlockAPIMajor ||
+        (core_request().api_major_version == kClearControlBlockAPIMajor &&
+         core_request().api_minor_version < kClearControlBlockAPIMinor)) {
+      core_response_.key_array[i].key_control_iv =
+          FindSubstring(response_data_.keys[i].control_iv,
+                        sizeof(response_data_.keys[i].control_iv));
+    } else {
+      core_response_.key_array[i].key_control_iv = FindSubstring(nullptr, 0);
+    }
    core_response_.key_array[i].key_control =
        FindSubstring(&response_data_.keys[i].control,
                      sizeof(response_data_.keys[i].control));
--- a/libwvdrmengine/oemcrypto/test/oec_test_data.h
+++ b/libwvdrmengine/oemcrypto/test/oec_test_data.h
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
@@ -172,6 +172,7 @@ const size_t kMaxConcurrentSession[] = {  10,      20,      30,     40};
 const size_t kMaxKeysPerSession[] = {      4,      20,      20,     30};
 const size_t kMaxTotalKeys[] = {          16,      40,      80,     90};
 const size_t kLargeMessageSize[] = {   8*KiB,   8*KiB,  16*KiB, 32*KiB};
+const size_t kMaxTotalDRMPrivateKeys[] = { 2,       4,       6,      8};
 // Note: Frame rate and simultaneous playback are specified by resource rating,
 // but are tested at the system level, so there are no unit tests for frame
 // rate. Similarly, number of subsamples for AV1
@@ -265,7 +266,7 @@ TEST_F(OEMCryptoClientTest, FreeUnallocatedSecureBufferNoFailure) {
 */
 TEST_F(OEMCryptoClientTest, VersionNumber) {
  const std::string log_message =
-      "OEMCrypto unit tests for API 17.0. Tests last updated 2021-12-03";
+      "OEMCrypto unit tests for API 17.0. Tests last updated 2022-02-18";
  cout << "             " << log_message << "\n";
  cout << "             "
       << "These tests are part of Android T."
@@ -1569,59 +1570,6 @@ class OEMCryptoSessionTests : public OEMCryptoClientTest {
    license_messages.EncryptAndSignResponse();
    return license_messages.LoadResponse();
  }
-
-  void TestLoadLicenseForHugeBufferLengths(
-      const std::function<void(size_t, LicenseRoundTrip*)> f, bool check_status,
-      bool update_core_message_substring_values) {
-    auto oemcrypto_function = [&](size_t message_length) {
-      Session s;
-      LicenseRoundTrip license_messages(&s);
-      s.open();
-      InstallTestRSAKey(&s);
-      bool verify_keys_loaded = true;
-      license_messages.SignAndVerifyRequest();
-      license_messages.CreateDefaultResponse();
-      if (update_core_message_substring_values) {
-        // Make the license message big enough so that updated core message
-        // substring offset and length values from tests are still able to read
-        // data from license_message buffer rather than reading some garbage
-        // data.
-        license_messages.set_message_size(
-            sizeof(license_messages.response_data()) + message_length);
-      }
-      f(message_length, &license_messages);
-      if (update_core_message_substring_values) {
-        // We will be updating offset for these tests, which will cause verify
-        // keys to fail with an assertion. Hence skipping verification.
-        verify_keys_loaded = false;
-      }
-      license_messages.EncryptAndSignResponse();
-      OEMCryptoResult result =
-          license_messages.LoadResponse(&s, verify_keys_loaded);
-      s.close();
-      return result;
-    };
-    TestHugeLengthDoesNotCrashAPI(oemcrypto_function, check_status);
-  }
-
-  void TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
-      const std::function<void(size_t, LicenseRoundTrip*)> f) {
-    Session s;
-    LicenseRoundTrip license_messages(&s);
-    s.open();
-    InstallTestRSAKey(&s);
-    license_messages.SignAndVerifyRequest();
-    license_messages.CreateDefaultResponse();
-    size_t message_length = sizeof(license_messages.response_data());
-    f(message_length, &license_messages);
-    license_messages.EncryptAndSignResponse();
-    OEMCryptoResult result = license_messages.LoadResponse();
-    s.close();
-    // Verifying error is not due to signature failure which can be caused due
-    // to test code.
-    ASSERT_NE(OEMCrypto_ERROR_SIGNATURE_FAILURE, result);
-    ASSERT_NE(OEMCrypto_SUCCESS, result);
-  }
 };

 TEST_F(OEMCryptoSessionTests,
@@ -1695,6 +1643,77 @@ TEST_F(OEMCryptoSessionTests,
      !kCheckStatus);
 }

+class OEMCryptoLicenseOverflowTest : public OEMCryptoSessionTests,
+                                     public WithParamInterface<uint32_t> {
+ public:
+  OEMCryptoLicenseOverflowTest() : license_api_version_(kCurrentAPI) {}
+
+  void SetUp() override {
+    OEMCryptoSessionTests::SetUp();
+    license_api_version_ = GetParam();
+  }
+
+  void TearDown() override { OEMCryptoSessionTests::TearDown(); }
+
+  void TestLoadLicenseForHugeBufferLengths(
+      const std::function<void(size_t, LicenseRoundTrip*)> f, bool check_status,
+      bool update_core_message_substring_values) {
+    auto oemcrypto_function = [&](size_t message_length) {
+      Session s;
+      LicenseRoundTrip license_messages(&s);
+      license_messages.set_api_version(license_api_version_);
+      s.open();
+      InstallTestRSAKey(&s);
+      bool verify_keys_loaded = true;
+      license_messages.SignAndVerifyRequest();
+      license_messages.CreateDefaultResponse();
+      if (update_core_message_substring_values) {
+        // Make the license message big enough so that updated core message
+        // substring offset and length values from tests are still able to read
+        // data from license_message buffer rather than reading some garbage
+        // data.
+        license_messages.set_message_size(
+            sizeof(license_messages.response_data()) + message_length);
+      }
+      f(message_length, &license_messages);
+      if (update_core_message_substring_values) {
+        // We will be updating offset for these tests, which will cause verify
+        // keys to fail with an assertion. Hence skipping verification.
+        verify_keys_loaded = false;
+      }
+      license_messages.EncryptAndSignResponse();
+      OEMCryptoResult result =
+          license_messages.LoadResponse(&s, verify_keys_loaded);
+      s.close();
+      return result;
+    };
+    TestHugeLengthDoesNotCrashAPI(oemcrypto_function, check_status);
+  }
+
+  void TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
+      const std::function<void(size_t, LicenseRoundTrip*)> f) {
+    Session s;
+    LicenseRoundTrip license_messages(&s);
+    license_messages.set_api_version(license_api_version_);
+    s.open();
+    InstallTestRSAKey(&s);
+    license_messages.SignAndVerifyRequest();
+    license_messages.CreateDefaultResponse();
+    size_t message_length = sizeof(license_messages.response_data());
+    OEMCryptoResult result = license_messages.LoadResponse();
+    f(message_length, &license_messages);
+    license_messages.EncryptAndSignResponse();
+    s.close();
+    // Verifying error is not due to signature failure which can be caused due
+    // to test code.
+    ASSERT_NE(OEMCrypto_ERROR_SIGNATURE_FAILURE, result);
+    ASSERT_NE(OEMCrypto_SUCCESS, result);
+  }
+
+ protected:
+  uint32_t license_api_version_;
+};
+
 // This class is for testing a single license with the default API version
 // of 16. Used for buffer overflow tests.
 class OEMCryptoMemoryLicenseTest : public OEMCryptoLicenseTestAPI16 {
@@ -3424,7 +3443,7 @@ TEST_F(OEMCryptoSessionTests,
  TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus);
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyIdLength) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t length, LicenseRoundTrip* license_messages) {
@@ -3434,7 +3453,7 @@ TEST_F(OEMCryptoSessionTests,
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyIdOffset) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t offset, LicenseRoundTrip* license_messages) {
@@ -3443,7 +3462,7 @@ TEST_F(OEMCryptoSessionTests,
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyIdLength) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3452,7 +3471,7 @@ TEST_F(OEMCryptoSessionTests,
      });
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyIdOffset) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3461,7 +3480,7 @@ TEST_F(OEMCryptoSessionTests,
      });
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyDataIvLength) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t length, LicenseRoundTrip* license_messages) {
@@ -3471,7 +3490,7 @@ TEST_F(OEMCryptoSessionTests,
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyDataIvOffset) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t offset, LicenseRoundTrip* license_messages) {
@@ -3481,8 +3500,8 @@ TEST_F(OEMCryptoSessionTests,
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyDataIvLength) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3492,8 +3511,8 @@ TEST_F(
      });
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyDataIvOffset) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3503,7 +3522,7 @@ TEST_F(
      });
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyDataLength) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t length, LicenseRoundTrip* license_messages) {
@@ -3513,7 +3532,7 @@ TEST_F(OEMCryptoSessionTests,
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyDataOffset) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t offset, LicenseRoundTrip* license_messages) {
@@ -3522,8 +3541,8 @@ TEST_F(OEMCryptoSessionTests,
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyDataLength) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3533,8 +3552,8 @@ TEST_F(
      });
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyDataOffset) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3544,8 +3563,8 @@ TEST_F(
      });
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyControlIvLength) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t length, LicenseRoundTrip* license_messages) {
@@ -3555,8 +3574,8 @@ TEST_F(
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyControlIvOffset) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t offset, LicenseRoundTrip* license_messages) {
@@ -3566,8 +3585,8 @@ TEST_F(
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyControlIvLength) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3578,8 +3597,8 @@ TEST_F(
      });
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyControlIvOffset) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3590,7 +3609,7 @@ TEST_F(
      });
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyControlLength) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t length, LicenseRoundTrip* license_messages) {
@@ -3600,7 +3619,7 @@ TEST_F(OEMCryptoSessionTests,
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringKeyControlOffset) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t offset, LicenseRoundTrip* license_messages) {
@@ -3610,8 +3629,8 @@ TEST_F(OEMCryptoSessionTests,
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyControlLength) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3621,8 +3640,8 @@ TEST_F(
      });
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringKeyControlOffset) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3632,7 +3651,7 @@ TEST_F(
      });
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringEncMacKeyIvLength) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t length, LicenseRoundTrip* license_messages) {
@@ -3641,7 +3660,7 @@ TEST_F(OEMCryptoSessionTests,
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringEncMacKeyIvOffset) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t offset, LicenseRoundTrip* license_messages) {
@@ -3650,8 +3669,8 @@ TEST_F(OEMCryptoSessionTests,
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringEncMacKeyIvLength) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3662,8 +3681,8 @@ TEST_F(
      });
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringEncMacKeyIvOffset) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3674,7 +3693,7 @@ TEST_F(
      });
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringEncMacKeyLength) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t length, LicenseRoundTrip* license_messages) {
@@ -3683,7 +3702,7 @@ TEST_F(OEMCryptoSessionTests,
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringEncMacKeyOffset) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t offset, LicenseRoundTrip* license_messages) {
@@ -3692,8 +3711,8 @@ TEST_F(OEMCryptoSessionTests,
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringEncMacKeyLength) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3702,8 +3721,8 @@ TEST_F(
      });
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringEncMacKeyOffset) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3712,7 +3731,7 @@ TEST_F(
      });
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringPstLength) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t length, LicenseRoundTrip* license_messages) {
@@ -3721,7 +3740,7 @@ TEST_F(OEMCryptoSessionTests,
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringPstOffset) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t offset, LicenseRoundTrip* license_messages) {
@@ -3730,7 +3749,7 @@ TEST_F(OEMCryptoSessionTests,
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringPstLength) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3739,7 +3758,7 @@ TEST_F(OEMCryptoSessionTests,
      });
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringPstOffset) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3748,8 +3767,8 @@ TEST_F(OEMCryptoSessionTests,
      });
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringSrmRestrictionDataLength) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t length, LicenseRoundTrip* license_messages) {
@@ -3758,8 +3777,8 @@ TEST_F(
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForHugeCoreMessageSubstringSrmRestrictionDataOffset) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t offset, LicenseRoundTrip* license_messages) {
@@ -3768,8 +3787,8 @@ TEST_F(
      !kCheckStatus, kUpdateCoreMessageSubstringValues);
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringSrmRestrictionDataLength) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3780,8 +3799,8 @@ TEST_F(
      });
 }

-TEST_F(
-    OEMCryptoSessionTests,
+TEST_P(
+    OEMCryptoLicenseOverflowTest,
    OEMCryptoMemoryLoadLicenseForOutOfRangeCoreMessageSubstringSrmRestrictionDataOffset) {
  TestLoadLicenseForOutOfRangeSubStringOffSetAndLengths(
      [](size_t response_message_length, LicenseRoundTrip* license_messages) {
@@ -3792,7 +3811,8 @@ TEST_F(
      });
 }

-TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryLoadLicenseForHugeResponseLength) {
+TEST_P(OEMCryptoLicenseOverflowTest,
+       OEMCryptoMemoryLoadLicenseForHugeResponseLength) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t message_size, LicenseRoundTrip* license_messages) {
        license_messages->set_message_size(message_size);
@@ -3800,7 +3820,7 @@ TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryLoadLicenseForHugeResponseLength) {
      !kCheckStatus, !kUpdateCoreMessageSubstringValues);
 }

-TEST_F(OEMCryptoSessionTests,
+TEST_P(OEMCryptoLicenseOverflowTest,
       OEMCryptoMemoryLoadLicenseForHugeCoreMessageLength) {
  TestLoadLicenseForHugeBufferLengths(
      [](size_t message_size, LicenseRoundTrip* license_messages) {
@@ -3809,6 +3829,9 @@ TEST_F(OEMCryptoSessionTests,
      !kCheckStatus, !kUpdateCoreMessageSubstringValues);
 }

+INSTANTIATE_TEST_SUITE_P(TestAll, OEMCryptoLicenseOverflowTest,
+                         Range<uint32_t>(kCurrentAPI - 1, kCurrentAPI + 1));
+
 TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryLoadRenewalForHugeResponseLength) {
  auto oemcrypto_function = [&](size_t message_size) {
    Session s;
@@ -5880,6 +5903,55 @@ TEST_F(OEMCryptoLoadsCertificate, TestMultipleRSAKeys) {
  ASSERT_NO_FATAL_FAILURE(s1.TestDecryptCTR());
 }

+// This tests the maximum number of DRM private keys that OEMCrypto can load
+TEST_F(OEMCryptoLoadsCertificate, TestMaxDRMKeys) {
+  const size_t max_total_keys = GetResourceValue(kMaxTotalDRMPrivateKeys);
+  std::vector<std::unique_ptr<Session>> sessions;
+  std::vector<std::unique_ptr<LicenseRoundTrip>> licenses;
+
+  // It should be able to load up to kMaxTotalDRMPrivateKeys keys
+  for (size_t i = 0; i < max_total_keys; i++) {
+    sessions.push_back(std::unique_ptr<Session>(new Session()));
+    licenses.push_back(std::unique_ptr<LicenseRoundTrip>(
+        new LicenseRoundTrip(sessions[i].get())));
+    const size_t key_index = i % kTestRSAPKCS8PrivateKeys_2048.size();
+    encoded_rsa_key_.assign(kTestRSAPKCS8PrivateKeys_2048[key_index].begin(),
+                            kTestRSAPKCS8PrivateKeys_2048[key_index].end());
+    ASSERT_NO_FATAL_FAILURE(CreateWrappedRSAKey());
+    ASSERT_NO_FATAL_FAILURE(sessions[i]->open());
+    ASSERT_NO_FATAL_FAILURE(sessions[i]->PreparePublicKey(
+        encoded_rsa_key_.data(), encoded_rsa_key_.size()));
+    ASSERT_NO_FATAL_FAILURE(
+        sessions[i]->InstallRSASessionTestKey(wrapped_rsa_key_));
+  }
+
+  // Attempts to load one more key than the kMaxTotalDRMPrivateKeys
+  Session s;
+  encoded_rsa_key_.assign(kTestRSAPKCS8PrivateKeyInfo3_3072,
+                          kTestRSAPKCS8PrivateKeyInfo3_3072 +
+                              sizeof(kTestRSAPKCS8PrivateKeyInfo3_3072));
+  Session ps;
+  ProvisioningRoundTrip provisioning_messages(&ps, encoded_rsa_key_);
+  provisioning_messages.PrepareSession(keybox_);
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
+  OEMCryptoResult result = provisioning_messages.LoadResponse();
+  // Key loading is allowed to fail due to resource restriction
+  if (result != OEMCrypto_SUCCESS) {
+    ASSERT_TRUE(result == OEMCrypto_ERROR_INSUFFICIENT_RESOURCES ||
+                result == OEMCrypto_ERROR_TOO_MANY_KEYS);
+  }
+  // Verifies that the DRM keys which are already loaded should still function
+  for (size_t i = 0; i < licenses.size(); i++) {
+    ASSERT_NO_FATAL_FAILURE(licenses[i]->SignAndVerifyRequest());
+    ASSERT_NO_FATAL_FAILURE(licenses[i]->CreateDefaultResponse());
+    ASSERT_NO_FATAL_FAILURE(licenses[i]->EncryptAndSignResponse());
+    ASSERT_EQ(OEMCrypto_SUCCESS, licenses[i]->LoadResponse());
+    ASSERT_NO_FATAL_FAILURE(sessions[i]->TestDecryptCTR());
+  }
+}
+
 // Devices that load certificates, should at least support RSA 2048 keys.
 TEST_F(OEMCryptoLoadsCertificate, SupportsCertificatesAPI13) {
  ASSERT_NE(0u,
@@ -10030,7 +10102,7 @@ TEST_P(OEMCryptoUsageTableTest, PSTLargeBuffer) {
 }

 // Verify that a usage entry with an invalid session cannot be used.
-TEST_P(OEMCryptoUsageTableTest, UsageEntryWithInvalidSessionAPI17) {
+TEST_P(OEMCryptoUsageTableTest, UsageEntryWithInvalidSession) {
  std::string pst("pst");
  LicenseWithUsageEntry entry;
  entry.license_messages().set_pst(pst);
@@ -10048,6 +10120,13 @@ TEST_P(OEMCryptoUsageTableTest, UsageEntryWithInvalidSessionAPI17) {
  entry.session().close();
  ASSERT_EQ(OEMCrypto_ERROR_INVALID_SESSION,
            OEMCrypto_MoveEntry(entry.session().session_id(), 0));
+}
+
+// Verify that a usage entry with an invalid session cannot be used.
+TEST_P(OEMCryptoUsageTableTest, ReuseUsageEntryWithInvalidSessionAPI17) {
+  std::string pst("pst");
+  LicenseWithUsageEntry entry;
+  entry.license_messages().set_pst(pst);

  entry.session().open();
  ASSERT_NO_FATAL_FAILURE(entry.session().CreateNewUsageEntry());