widevine-partner/ce_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Source release 18.1.0

Browse Source
This commit is contained in:
John "Juce" Bruce
2023-06-23 15:45:08 -07:00
parent 2baa7c6e2b
commit b2c35151ad
2074 changed files with 196004 additions and 427059 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
oemcrypto/test/oec_device_features.cpp
View File

@@ -24,13 +24,27 @@ void DeviceFeatures::Initialize() {
generic_crypto = false;
usage_table = false;
supports_rsa_3072 = false;
supports_secp256r1 = false;
api_version = 0;
derive_key_method = NO_METHOD;
OEMCrypto_SetSandbox(kTestSandbox, sizeof(kTestSandbox));
if (OEMCrypto_SUCCESS != OEMCrypto_Initialize()) {
printf("OEMCrypto_Initialize failed. All tests will fail.\n");
const OEMCryptoResult init_status = OEMCrypto_Initialize();
if (OEMCrypto_SUCCESS != init_status) {
printf("OEMCrypto_Initialize failed %d. All tests will fail.\n",
init_status);
return;
}
const OEMCryptoResult api_status = OEMCrypto_SetMaxAPIVersion(kCurrentAPI);
if (api_status != OEMCrypto_SUCCESS &&
api_status != OEMCrypto_ERROR_NOT_IMPLEMENTED) {
// Log error, but continue assuming no error.
printf("OEMCrypto_SetMaxAPIVersion returned %d\n", api_status);
}
const OEMCryptoResult test_mode_status = OEMCrypto_EnterTestMode();
if (OEMCrypto_SUCCESS != test_mode_status) {
printf("OEMCrypto_EnterTestMode returned %d. Tests might fail.\n",
test_mode_status);
};
uint8_t buffer[1];
uint8_t iv[16] = {};
size_t size = 0;
@@ -46,21 +60,16 @@ void DeviceFeatures::Initialize() {
printf("--- ERROR: Could not open session: %d ----\n", result);
}
// If the device uses a keybox, check to see if loading a certificate is
// installed.
if (provisioning_method == OEMCrypto_Keybox ||
provisioning_method == OEMCrypto_OEMCertificate ||
provisioning_method == OEMCrypto_BootCertificateChain) {
// Devices with a keybox or OEM Certificate are required to support loading
// a DRM certificate.
loads_certificate = true;
} else {
// Other devices are either broken, or they have a baked in certificate.
loads_certificate = false;
}
// installed. Devices with a keybox or OEM Certificate are required to support
// loading a DRM certificate. Other devices are either broken, or they have a
// baked in certificate.
loads_certificate = provisioning_method == OEMCrypto_Keybox ||
provisioning_method == OEMCrypto_OEMCertificate ||
provisioning_method == OEMCrypto_BootCertificateChain;
printf("loads_certificate = %s.\n", loads_certificate ? "true" : "false");
generic_crypto =
(OEMCrypto_ERROR_NOT_IMPLEMENTED !=
OEMCrypto_Generic_Encrypt(session, buffer, 0, iv,
OEMCrypto_Generic_Encrypt(buffer, 0, buffer, 0, iv,
OEMCrypto_AES_CBC_128_NO_PADDING, buffer));
printf("generic_crypto = %s.\n", generic_crypto ? "true" : "false");
supports_cas =
@@ -70,21 +79,28 @@ void DeviceFeatures::Initialize() {
OEMCrypto_CloseSession(session);
api_version = OEMCrypto_APIVersion();
printf("api_version = %u.\n", api_version);
if (api_version < kCoreMessagesAPI) {
printf("--------- WARNING: minimum API is %d ----------\n", api_version);
printf("--------- Expect most tests will fail. --------\n");
}
// These unit tests only work with new usage tables. We do not test v12
// usage tables.
if (api_version > 12) usage_table = OEMCrypto_SupportsUsageTable();
usage_table = OEMCrypto_SupportsUsageTable();
printf("usage_table = %s.\n", usage_table ? "true" : "false");
PickDerivedKey();
if (api_version >= 13) {
uint32_t supported_cert = OEMCrypto_SupportedCertificates();
if (supported_cert & OEMCrypto_Supports_RSA_CAST) {
cast_receiver = true;
}
if (supported_cert & OEMCrypto_Supports_RSA_3072bit) {
supports_rsa_3072 = true;
}
const uint32_t supported_cert = OEMCrypto_SupportedCertificates();
if (supported_cert & OEMCrypto_Supports_RSA_CAST) {
cast_receiver = true;
}
if (supported_cert & OEMCrypto_Supports_RSA_3072bit) {
supports_rsa_3072 = true;
}
if (supported_cert & OEMCrypto_Supports_ECC_secp256r1) {
supports_secp256r1 = true;
}
printf("cast_receiver = %s.\n", cast_receiver ? "true" : "false");
printf("supports_rsa_3072 = %s.\n", supports_rsa_3072 ? "true" : "false");
printf("supports_secp256r1 = %s.\n", supports_secp256r1 ? "true" : "false");
resource_rating = OEMCrypto_ResourceRatingTier();
printf("resource_rating = %u, security level %u.\n", resource_rating,
static_cast<unsigned int>(OEMCrypto_SecurityLevel()));
@@ -101,7 +117,6 @@ void DeviceFeatures::Initialize() {
switch (derive_key_method) {
case NO_METHOD:
printf("NO_METHOD: Cannot derive known session keys.\n");
// Note: cast_receiver left unchanged because set by user on command line.
uses_keybox = false;
loads_certificate = false;
generic_crypto = false;
@@ -140,23 +155,9 @@ std::string DeviceFeatures::RestrictFilter(const std::string& initial_filter) {
provisioning_method == OEMCrypto_BootCertificateChain)
FilterOut(&filter, "OEMCryptoLoadsCert*");
if (!generic_crypto) FilterOut(&filter, "*GenericCrypto*");
if (!cast_receiver) FilterOut(&filter, "*CastReceiver*");
if (!supports_cas) FilterOut(&filter, "*CasOnly*");
if (derive_key_method == NO_METHOD) FilterOut(&filter, "*SessionTest*");
if (provisioning_method
!= OEMCrypto_OEMCertificate) FilterOut(&filter, "*Prov30*");
if (provisioning_method != OEMCrypto_BootCertificateChain)
FilterOut(&filter, "*Prov40*");
if (!supports_rsa_3072) FilterOut(&filter, "*RSAKey3072*");
if (api_version < 9) FilterOut(&filter, "*API09*");
if (api_version < 10) FilterOut(&filter, "*API10*");
if (api_version < 11) FilterOut(&filter, "*API11*");
if (api_version < 12) FilterOut(&filter, "*API12*");
if (api_version < 13) FilterOut(&filter, "*API13*");
if (api_version < 14) FilterOut(&filter, "*API14*");
if (api_version < 15) FilterOut(&filter, "*API15*");
if (api_version < 16) FilterOut(&filter, "*API16*");
if (api_version < 17) FilterOut(&filter, "*API17*");
if (api_version < 18) FilterOut(&filter, "*API18*");
// clang-format on
// Some tests may require root access. If user is not root, filter these tests
// out.
@@ -175,38 +176,32 @@ std::string DeviceFeatures::RestrictFilter(const std::string& initial_filter) {
}
void DeviceFeatures::PickDerivedKey() {
if (api_version >= 12) {
switch (provisioning_method) {
case OEMCrypto_OEMCertificate:
derive_key_method = TEST_PROVISION_30;
return;
case OEMCrypto_DrmCertificate:
if (OEMCrypto_ERROR_NOT_IMPLEMENTED != OEMCrypto_LoadTestRSAKey()) {
derive_key_method = LOAD_TEST_RSA_KEY;
}
return;
case OEMCrypto_Keybox:
// Fall through to api_version < 12 case.
break;
case OEMCrypto_BootCertificateChain:
derive_key_method = TEST_PROVISION_40;
return;
case OEMCrypto_ProvisioningError:
printf(
"ERROR: OEMCrypto_GetProvisioningMethod() returns "
"OEMCrypto_ProvisioningError\n");
// Then fall through to api_version < 12 case.
break;
}
}
if (uses_keybox) {
// If device uses a keybox, try to load the test keybox.
if (OEMCrypto_ERROR_NOT_IMPLEMENTED !=
OEMCrypto_LoadTestKeybox(nullptr, 0)) {
derive_key_method = LOAD_TEST_KEYBOX;
}
} else if (OEMCrypto_ERROR_NOT_IMPLEMENTED != OEMCrypto_LoadTestRSAKey()) {
derive_key_method = LOAD_TEST_RSA_KEY;
switch (provisioning_method) {
case OEMCrypto_OEMCertificate:
derive_key_method = TEST_PROVISION_30;
return;
case OEMCrypto_DrmCertificate:
if (OEMCrypto_ERROR_NOT_IMPLEMENTED != OEMCrypto_LoadTestRSAKey()) {
derive_key_method = LOAD_TEST_RSA_KEY;
}
return;
case OEMCrypto_Keybox:
if (OEMCrypto_ERROR_NOT_IMPLEMENTED !=
OEMCrypto_LoadTestKeybox(nullptr, 0)) {
derive_key_method = LOAD_TEST_KEYBOX;
}
return;
case OEMCrypto_BootCertificateChain:
derive_key_method = TEST_PROVISION_40;
return;
case OEMCrypto_ProvisioningError:
printf(
"ERROR: OEMCrypto_GetProvisioningMethod() returns "
"OEMCrypto_ProvisioningError\n");
if (OEMCrypto_ERROR_NOT_IMPLEMENTED != OEMCrypto_LoadTestRSAKey()) {
derive_key_method = LOAD_TEST_RSA_KEY;
}
return;
}
}