Source release v3.2.0

2017-02-01 16:36:41 -08:00
parent 643b91b616
commit 2fde891c01
370 changed files with 40622 additions and 276133 deletions
--- a/oemcrypto/test/oec_device_features.cpp
+++ b/oemcrypto/test/oec_device_features.cpp
@@ -1,3 +1,7 @@
+// Copyright 2016 Google Inc. All Rights Reserved.
+//
+// OEMCrypto device features for unit tests
+//
 #include "oec_device_features.h"

 #include <stdio.h>
@@ -21,29 +25,49 @@ void DeviceFeatures::Initialize(bool is_cast_receiver,
  api_version = 0;
  derive_key_method = NO_METHOD;
  if (OEMCrypto_SUCCESS != OEMCrypto_Initialize()) {
-    printf("OEMCrypto_Initialze failed. All tests will fail.\n");
+    printf("OEMCrypto_Initialize failed. All tests will fail.\n");
    return;
  }
  uint32_t nonce = 0;
  uint8_t buffer[1];
  size_t size = 0;
+  provisioning_method = OEMCrypto_GetProvisioningMethod();
+  printf("provisioning_method = %s\n",
+         ProvisioningMethodName(provisioning_method));
  uses_keybox =
      (OEMCrypto_ERROR_NOT_IMPLEMENTED != OEMCrypto_GetKeyData(buffer, &size));
  printf("uses_keybox = %s.\n", uses_keybox ? "true" : "false");
-  loads_certificate = uses_keybox && (OEMCrypto_ERROR_NOT_IMPLEMENTED !=
-                                      OEMCrypto_RewrapDeviceRSAKey(
-                                          0, buffer, 0, buffer, 0, &nonce,
-                                          buffer, 0, buffer, buffer, &size));
+  OEMCrypto_SESSION session;
+  OEMCryptoResult result = OEMCrypto_OpenSession(&session);
+  if (result != OEMCrypto_SUCCESS) {
+    printf("--- ERROR: Could not open session: %d ----\n", result);
+  }
+  // If the device uses a keybox, check to see if loading a certificate is
+  // installed.
+  if (provisioning_method == OEMCrypto_Keybox) {
+    loads_certificate =
+        (OEMCrypto_ERROR_NOT_IMPLEMENTED !=
+         OEMCrypto_RewrapDeviceRSAKey(session, buffer, 0, buffer, 0, &nonce,
+                                      buffer, 0, buffer, buffer, &size));
+  } else if (provisioning_method == OEMCrypto_OEMCertificate) {
+    // If the device says it uses Provisioning 3.0, then it should be able to
+    // load a DRM certificate.  These devices must support RewrapDeviceRSAKey30.
+    loads_certificate = true;
+  } else {
+    // Other devices are either broken, or they have a baked in certificate.
+    loads_certificate = false;
+  }
  printf("loads_certificate = %s.\n", loads_certificate ? "true" : "false");
  uses_certificate = (OEMCrypto_ERROR_NOT_IMPLEMENTED !=
-                      OEMCrypto_GenerateRSASignature(0, buffer, 0, buffer,
+                      OEMCrypto_GenerateRSASignature(session, buffer, 0, buffer,
                                                     &size, kSign_RSASSA_PSS));
  printf("uses_certificate = %s.\n", uses_certificate ? "true" : "false");
  generic_crypto =
      (OEMCrypto_ERROR_NOT_IMPLEMENTED !=
-       OEMCrypto_Generic_Encrypt(0, buffer, 0, buffer,
+       OEMCrypto_Generic_Encrypt(session, buffer, 0, buffer,
                                 OEMCrypto_AES_CBC_128_NO_PADDING, buffer));
  printf("generic_crypto = %s.\n", generic_crypto ? "true" : "false");
+  OEMCrypto_CloseSession(session);
  api_version = OEMCrypto_APIVersion();
  printf("api_version = %d.\n", api_version);
  usage_table = OEMCrypto_SupportsUsageTable();
@@ -76,6 +100,9 @@ void DeviceFeatures::Initialize(bool is_cast_receiver,
    case FORCE_TEST_KEYBOX:
      printf("FORCE_TEST_KEYBOX: User requested calling InstallKeybox.\n");
      break;
+    case TEST_PROVISION_30:
+      printf("TEST_PROVISION_30: Device provisioed with OEM Cert.\n");
+      break;
  }
  OEMCrypto_Terminate();
 }
@@ -91,8 +118,11 @@ std::string DeviceFeatures::RestrictFilter(const std::string& initial_filter) {
  if (!cast_receiver)                 FilterOut(&filter, "*CastReceiver*");
  if (!usage_table)                   FilterOut(&filter, "*UsageTable*");
  if (derive_key_method == NO_METHOD) FilterOut(&filter, "*SessionTest*");
+  if (provisioning_method
+      != OEMCrypto_OEMCertificate)    FilterOut(&filter, "*Prov30*");
  if (api_version < 10)               FilterOut(&filter, "*API10*");
  if (api_version < 11)               FilterOut(&filter, "*API11*");
+  if (api_version < 12)               FilterOut(&filter, "*API12*");
  // Performance tests take a long time.  Filter them out if they are not
  // specifically requested.
  if (filter.find("Performance") == std::string::npos) {
@@ -102,6 +132,27 @@ std::string DeviceFeatures::RestrictFilter(const std::string& initial_filter) {
 }

 void DeviceFeatures::PickDerivedKey() {
+  if (api_version >= 12) {
+    switch (provisioning_method) {
+      case OEMCrypto_OEMCertificate:
+        derive_key_method = TEST_PROVISION_30;
+        return;
+      case OEMCrypto_DrmCertificate:
+        if (OEMCrypto_ERROR_NOT_IMPLEMENTED != OEMCrypto_LoadTestRSAKey()) {
+          derive_key_method = LOAD_TEST_RSA_KEY;
+        }
+        return;
+      case OEMCrypto_Keybox:
+        // Fall through to api_version < 12 case.
+        break;
+      case OEMCrypto_ProvisioningError:
+        printf(
+            "ERROR: OEMCrypto_GetProvisioningMethod() returns "
+            "OEMCrypto_ProvisioningError\n");
+        // Then fall through to api_version < 12 case.
+        break;
+    }
+  }
  if (uses_keybox) {
    // If device uses a keybox, try to load the test keybox.
    if (OEMCrypto_ERROR_NOT_IMPLEMENTED != OEMCrypto_LoadTestKeybox()) {
@@ -141,4 +192,17 @@ void DeviceFeatures::FilterOut(std::string* current_filter,
  }
 }

+const char* ProvisioningMethodName(OEMCrypto_ProvisioningMethod method) {
+  switch (method) {
+    case OEMCrypto_ProvisioningError:
+      return "OEMCrypto_ProvisioningError";
+    case OEMCrypto_DrmCertificate:
+      return "OEMCrypto_DrmCertificate";
+    case OEMCrypto_Keybox:
+      return "OEMCrypto_Keybox";
+    case OEMCrypto_OEMCertificate:
+      return "OEMCrypto_OEMCertificate";
+  }
+}
+
 }  // namespace wvoec