OEMCrypto Tests Provisioning Method

Merge from widevine repo of http://go/wvgerrit/21682

This CL updates oemcrypto/test/oec_device_features.cpp to figure out
the provisioning method and filter out tests that are not relevant to
the device's method.

This CL also introduces unit tests for GetOEMPublicCertificate.

Unit tests for RewrapDeviceRSAKey30 will be in a future CL.

Change-Id: Ib7065ce866d1171ca61b9aa08188fa2ac8d90fc2

libwvdrmengine/oemcrypto/test/oec_device_features.cpp

@@ -31,23 +31,43 @@ void DeviceFeatures::Initialize(bool is_cast_receiver,
   uint32_t nonce = 0;
   uint8_t buffer[1];
   size_t size = 0;
+  provisioning_method = OEMCrypto_GetProvisioningMethod();
+  printf("provisioning_method = %s\n",
+         ProvisioningMethodName(provisioning_method));
   uses_keybox =
       (OEMCrypto_ERROR_NOT_IMPLEMENTED != OEMCrypto_GetKeyData(buffer, &size));
   printf("uses_keybox = %s.\n", uses_keybox ? "true" : "false");
-  loads_certificate = uses_keybox && (OEMCrypto_ERROR_NOT_IMPLEMENTED !=
-                                      OEMCrypto_RewrapDeviceRSAKey(
-                                          0, buffer, 0, buffer, 0, &nonce,
-                                          buffer, 0, buffer, buffer, &size));
+  OEMCrypto_SESSION session;
+  OEMCryptoResult result = OEMCrypto_OpenSession(&session);
+  if (result != OEMCrypto_SUCCESS) {
+    printf("--- ERROR: Could not open session: %d ----\n", result);
+  }
+  // If the device uses a keybox, check to see if loading a certificate is
+  // installed.
+  if (provisioning_method == OEMCrypto_Keybox) {
+    loads_certificate =
+        (OEMCrypto_ERROR_NOT_IMPLEMENTED !=
+         OEMCrypto_RewrapDeviceRSAKey(session, buffer, 0, buffer, 0, &nonce,
+                                      buffer, 0, buffer, buffer, &size));
+  } else if (provisioning_method == OEMCrypto_OEMCertificate) {
+    // If the device says it uses Provisioning 3.0, then it should be able to
+    // load a DRM certificate.  These devices must support RewrapDeviceRSAKey30.
+    loads_certificate = true;
+  } else {
+    // Other devices are either broken, or they have a baked in certificate.
+    loads_certificate = false;
+  }
   printf("loads_certificate = %s.\n", loads_certificate ? "true" : "false");
   uses_certificate = (OEMCrypto_ERROR_NOT_IMPLEMENTED !=
-                      OEMCrypto_GenerateRSASignature(0, buffer, 0, buffer,
+                      OEMCrypto_GenerateRSASignature(session, buffer, 0, buffer,
                                                      &size, kSign_RSASSA_PSS));
   printf("uses_certificate = %s.\n", uses_certificate ? "true" : "false");
   generic_crypto =
       (OEMCrypto_ERROR_NOT_IMPLEMENTED !=
-       OEMCrypto_Generic_Encrypt(0, buffer, 0, buffer,
+       OEMCrypto_Generic_Encrypt(session, buffer, 0, buffer,
                                  OEMCrypto_AES_CBC_128_NO_PADDING, buffer));
   printf("generic_crypto = %s.\n", generic_crypto ? "true" : "false");
+  OEMCrypto_CloseSession(session);
   api_version = OEMCrypto_APIVersion();
   printf("api_version = %d.\n", api_version);
   usage_table = OEMCrypto_SupportsUsageTable();
@@ -80,6 +100,9 @@ void DeviceFeatures::Initialize(bool is_cast_receiver,
     case FORCE_TEST_KEYBOX:
       printf("FORCE_TEST_KEYBOX: User requested calling InstallKeybox.\n");
       break;
+    case TEST_PROVISION_30:
+      printf("TEST_PROVISION_30: Device provisioed with OEM Cert.\n");
+      break;
   }
   OEMCrypto_Terminate();
 }
@@ -95,8 +118,11 @@ std::string DeviceFeatures::RestrictFilter(const std::string& initial_filter) {
   if (!cast_receiver)                 FilterOut(&filter, "*CastReceiver*");
   if (!usage_table)                   FilterOut(&filter, "*UsageTable*");
   if (derive_key_method == NO_METHOD) FilterOut(&filter, "*SessionTest*");
+  if (provisioning_method
+      != OEMCrypto_OEMCertificate)    FilterOut(&filter, "*Prov30*");
   if (api_version < 10)               FilterOut(&filter, "*API10*");
   if (api_version < 11)               FilterOut(&filter, "*API11*");
+  if (api_version < 12)               FilterOut(&filter, "*API12*");
   // Performance tests take a long time.  Filter them out if they are not
   // specifically requested.
   if (filter.find("Performance") == std::string::npos) {
@@ -106,6 +132,27 @@ std::string DeviceFeatures::RestrictFilter(const std::string& initial_filter) {
 }
 
 void DeviceFeatures::PickDerivedKey() {
+  if (api_version >= 12) {
+    switch (provisioning_method) {
+      case OEMCrypto_OEMCertificate:
+        derive_key_method = TEST_PROVISION_30;
+        return;
+      case OEMCrypto_DrmCertificate:
+        if (OEMCrypto_ERROR_NOT_IMPLEMENTED != OEMCrypto_LoadTestRSAKey()) {
+          derive_key_method = LOAD_TEST_RSA_KEY;
+        }
+        return;
+      case OEMCrypto_Keybox:
+        // Fall through to api_version < 12 case.
+        break;
+      case OEMCrypto_ProvisioningError:
+        printf(
+            "ERROR: OEMCrypto_GetProvisioningMethod() returns "
+            "OEMCrypto_ProvisioningError\n");
+        // Then fall through to api_version < 12 case.
+        break;
+    }
+  }
   if (uses_keybox) {
     // If device uses a keybox, try to load the test keybox.
     if (OEMCrypto_ERROR_NOT_IMPLEMENTED != OEMCrypto_LoadTestKeybox()) {
@@ -145,4 +192,17 @@ void DeviceFeatures::FilterOut(std::string* current_filter,
   }
 }
 
+const char* ProvisioningMethodName(OEMCrypto_ProvisioningMethod method) {
+  switch (method) {
+    case OEMCrypto_ProvisioningError:
+      return "OEMCrypto_ProvisioningError";
+    case OEMCrypto_DrmCertificate:
+      return "OEMCrypto_DrmCertificate";
+    case OEMCrypto_Keybox:
+      return "OEMCrypto_Keybox";
+    case OEMCrypto_OEMCertificate:
+      return "OEMCrypto_OEMCertificate";
+  }
+}
+
 }  // namespace wvoec