OEMCrypto v16.1
Merge of http://go/wvgerrit/93404 This CL updates the Widevine CDM to support OEMCrypto v16.1 Test: Tested in 16.2 CL Bug: 141247171 Change-Id: I69bd993500f6fb63bf6010c8b0250dc7acc3d71b
This commit is contained in:
Fred Gylys-Colwell
@@ -60,9 +60,8 @@ bool CanChangeTime() {
|
||||
#endif
|
||||
}
|
||||
|
||||
void DeviceFeatures::Initialize(bool is_cast_receiver,
|
||||
bool force_load_test_keybox) {
|
||||
cast_receiver = is_cast_receiver;
|
||||
void DeviceFeatures::Initialize() {
|
||||
if (initialized_) return;
|
||||
uses_keybox = false;
|
||||
uses_certificate = false;
|
||||
loads_certificate = false;
|
||||
@@ -76,7 +75,6 @@ void DeviceFeatures::Initialize(bool is_cast_receiver,
|
||||
printf("OEMCrypto_Initialize failed. All tests will fail.\n");
|
||||
return;
|
||||
}
|
||||
uint32_t nonce = 0;
|
||||
uint8_t buffer[1];
|
||||
size_t size = 0;
|
||||
provisioning_method = OEMCrypto_GetProvisioningMethod();
|
||||
@@ -92,14 +90,10 @@ void DeviceFeatures::Initialize(bool is_cast_receiver,
|
||||
}
|
||||
// If the device uses a keybox, check to see if loading a certificate is
|
||||
// installed.
|
||||
if (provisioning_method == OEMCrypto_Keybox) {
|
||||
loads_certificate =
|
||||
(OEMCrypto_ERROR_NOT_IMPLEMENTED !=
|
||||
OEMCrypto_RewrapDeviceRSAKey(session, buffer, 0, buffer, 0, &nonce,
|
||||
buffer, 0, buffer, buffer, &size));
|
||||
} else if (provisioning_method == OEMCrypto_OEMCertificate) {
|
||||
// If the device says it uses Provisioning 3.0, then it should be able to
|
||||
// load a DRM certificate. These devices must support RewrapDeviceRSAKey30.
|
||||
if (provisioning_method == OEMCrypto_Keybox ||
|
||||
provisioning_method == OEMCrypto_OEMCertificate) {
|
||||
// Devices with a keybox or OEM Certificate are required to support loading
|
||||
// a DRM certificate.
|
||||
loads_certificate = true;
|
||||
} else {
|
||||
// Other devices are either broken, or they have a baked in certificate.
|
||||
@@ -122,11 +116,7 @@ void DeviceFeatures::Initialize(bool is_cast_receiver,
|
||||
// usage tables.
|
||||
if (api_version > 12) usage_table = OEMCrypto_SupportsUsageTable();
|
||||
printf("usage_table = %s.\n", usage_table ? "true" : "false");
|
||||
if (force_load_test_keybox) {
|
||||
derive_key_method = FORCE_TEST_KEYBOX;
|
||||
} else {
|
||||
PickDerivedKey();
|
||||
}
|
||||
PickDerivedKey();
|
||||
if (api_version >= 13) {
|
||||
uint32_t supported_cert = OEMCrypto_SupportedCertificates();
|
||||
if (supported_cert & OEMCrypto_Supports_RSA_CAST) {
|
||||
@@ -166,9 +156,6 @@ void DeviceFeatures::Initialize(bool is_cast_receiver,
|
||||
case LOAD_TEST_RSA_KEY:
|
||||
printf("LOAD_TEST_RSA_KEY: Call LoadTestRSAKey before deriving keys.\n");
|
||||
break;
|
||||
case FORCE_TEST_KEYBOX:
|
||||
printf("FORCE_TEST_KEYBOX: User requested calling InstallKeybox.\n");
|
||||
break;
|
||||
case TEST_PROVISION_30:
|
||||
printf("TEST_PROVISION_30: Device provisioed with OEM Cert.\n");
|
||||
break;
|
||||
@@ -178,14 +165,15 @@ void DeviceFeatures::Initialize(bool is_cast_receiver,
|
||||
printf("SecurityLevel is %s (%s)\n",
|
||||
supports_level_1 ? "Level 1" : "Not Level 1",
|
||||
security_level.c_str());
|
||||
CheckSecureBuffers();
|
||||
OEMCrypto_Terminate();
|
||||
initialized_ = true;
|
||||
}
|
||||
|
||||
std::string DeviceFeatures::RestrictFilter(const std::string& initial_filter) {
|
||||
std::string filter = initial_filter;
|
||||
// clang-format off
|
||||
if (!uses_keybox) FilterOut(&filter, "*KeyboxTest*");
|
||||
if (derive_key_method
|
||||
!= FORCE_TEST_KEYBOX) FilterOut(&filter, "*ForceKeybox*");
|
||||
if (!uses_certificate) FilterOut(&filter, "OEMCrypto*Cert*");
|
||||
if (!loads_certificate) FilterOut(&filter, "OEMCryptoLoadsCert*");
|
||||
if (!generic_crypto) FilterOut(&filter, "*GenericCrypto*");
|
||||
@@ -202,10 +190,12 @@ std::string DeviceFeatures::RestrictFilter(const std::string& initial_filter) {
|
||||
if (api_version < 13) FilterOut(&filter, "*API13*");
|
||||
if (api_version < 14) FilterOut(&filter, "*API14*");
|
||||
if (api_version < 15) FilterOut(&filter, "*API15*");
|
||||
if (api_version < 16) FilterOut(&filter, "*API16*");
|
||||
// clang-format on
|
||||
// Some tests may require root access. If user is not root, filter these tests
|
||||
// out.
|
||||
if (!CanChangeTime()) {
|
||||
FilterOut(&filter, "UsageTableTest.TimeRollbackPrevention");
|
||||
FilterOut(&filter, "*TimeRollbackPrevention*");
|
||||
}
|
||||
// Performance tests take a long time. Filter them out if they are not
|
||||
// specifically requested.
|
||||
@@ -239,7 +229,8 @@ void DeviceFeatures::PickDerivedKey() {
|
||||
}
|
||||
if (uses_keybox) {
|
||||
// If device uses a keybox, try to load the test keybox.
|
||||
if (OEMCrypto_ERROR_NOT_IMPLEMENTED != OEMCrypto_LoadTestKeybox(NULL, 0)) {
|
||||
if (OEMCrypto_ERROR_NOT_IMPLEMENTED !=
|
||||
OEMCrypto_LoadTestKeybox(nullptr, 0)) {
|
||||
derive_key_method = LOAD_TEST_KEYBOX;
|
||||
}
|
||||
} else if (OEMCrypto_ERROR_NOT_IMPLEMENTED != OEMCrypto_LoadTestRSAKey()) {
|
||||
@@ -247,6 +238,39 @@ void DeviceFeatures::PickDerivedKey() {
|
||||
}
|
||||
}
|
||||
|
||||
void DeviceFeatures::CheckSecureBuffers() {
|
||||
output_types_.push_back({false, OEMCrypto_BufferType_Clear});
|
||||
output_types_.push_back({true, OEMCrypto_BufferType_Clear});
|
||||
test_secure_buffers = false;
|
||||
OEMCrypto_SESSION session;
|
||||
OEMCryptoResult result = OEMCrypto_OpenSession(&session);
|
||||
if (result != OEMCrypto_SUCCESS) {
|
||||
printf("--- ERROR: Could not open session: %d ----\n", result);
|
||||
return;
|
||||
}
|
||||
OEMCrypto_DestBufferDesc output_descriptor;
|
||||
output_descriptor.type = OEMCrypto_BufferType_Secure;
|
||||
int secure_fd;
|
||||
result = OEMCrypto_AllocateSecureBuffer(session, 42, &output_descriptor,
|
||||
&secure_fd);
|
||||
if (result == OEMCrypto_ERROR_NOT_IMPLEMENTED) {
|
||||
printf("Secure buffers will not be tested\n");
|
||||
return;
|
||||
}
|
||||
if (result != OEMCrypto_SUCCESS) {
|
||||
printf("--- ERROR: Could not create secure buffer: %d ----\n", result);
|
||||
return;
|
||||
}
|
||||
result = OEMCrypto_FreeSecureBuffer(session, &output_descriptor, secure_fd);
|
||||
if (result != OEMCrypto_SUCCESS) {
|
||||
printf("--- ERROR: Could not free secure buffer: %d ----\n", result);
|
||||
return;
|
||||
}
|
||||
printf("Secure buffers will be tested\n");
|
||||
output_types_.push_back({false, OEMCrypto_BufferType_Secure});
|
||||
test_secure_buffers = true;
|
||||
}
|
||||
|
||||
void DeviceFeatures::FilterOut(std::string* current_filter,
|
||||
const std::string& new_filter) {
|
||||
if (current_filter->find('-') == std::string::npos) {
|
||||
@@ -256,6 +280,14 @@ void DeviceFeatures::FilterOut(std::string* current_filter,
|
||||
}
|
||||
}
|
||||
|
||||
// Return the list of output types for the decrypt tests.
|
||||
const std::vector<OutputType>& DeviceFeatures::GetOutputTypes() {
|
||||
if (!initialized_) {
|
||||
Initialize();
|
||||
}
|
||||
return output_types_;
|
||||
}
|
||||
|
||||
const char* ProvisioningMethodName(OEMCrypto_ProvisioningMethod method) {
|
||||
switch (method) {
|
||||
case OEMCrypto_ProvisioningError:
|
||||
|
||||
Reference in New Issue
Block a user