#ifndef CDM_OEC_DEVICE_FEATURES_H_ #define CDM_OEC_DEVICE_FEATURES_H_ #include #include #include "OEMCryptoCENC.h" #include "oemcrypto_types.h" namespace wvoec { // These tests are designed to work for this version: constexpr unsigned int kCurrentAPI = 17; // The API version when Core Messages were introduced. constexpr unsigned int kCoreMessagesAPI = 16; // The API version when we stopped encrypting key control blocks. constexpr unsigned int kClearControlBlockAPIMajor = 16; constexpr unsigned int kClearControlBlockAPIMinor = 5; // An output type for testing. The type field is secure, clear, or direct. If // the type is clear, then decrypt_inplace could be true. Otherwise, // decrypt_inplace is false. struct OutputType { bool decrypt_inplace; OEMCryptoBufferType type; }; // Keeps track of which features are supported by the version of OEMCrypto being // tested. See the integration guide for a list of optional features. class DeviceFeatures { public: // There are several possible methods used to derive a set of known session // keys. For example, the test can install a known test keybox, or it can // parse the OEM certificate. enum DeriveMethod { // Method to use derive session keys. NO_METHOD, // Cannot derive known session keys. LOAD_TEST_KEYBOX, // Call LoadTestKeybox before deriving keys. LOAD_TEST_RSA_KEY, // Call LoadTestRSAKey before deriving keys. TEST_PROVISION_30, // Device has OEM Certificate installed. TEST_PROVISION_40, // Device has Boot Certificate Chain installed. }; enum DeriveMethod derive_key_method; bool uses_keybox; // Device uses a keybox to derive session keys. bool loads_certificate; // Device can load a certificate from the server. bool generic_crypto; // Device supports generic crypto. bool cast_receiver; // Device supports alternate rsa signature padding. bool usage_table; // Device saves usage information. bool supports_rsa_3072; // Device supports 3072 bit RSA keys. bool supports_level_1; // Device supports Level 1 security. uint32_t resource_rating; // Device's resource rating tier. bool supports_crc; // Supported decrypt hash type CRC. bool test_secure_buffers; // If we can create a secure buffer for testing. bool supports_cas; // Device supports CAS (Condition Access System). uint32_t api_version; OEMCrypto_ProvisioningMethod provisioning_method; // This should be called from the test program's main procedure. void Initialize(); void set_cast_receiver(bool is_cast_receiver) { cast_receiver = is_cast_receiver; } // Generate a GTest filter of tests that should not be run. This should be // called after Initialize. Tests are filtered out based on which features // are not supported. For example, a device that uses Provisioning 3.0 will // have all keybox tests filtered out. std::string RestrictFilter(const std::string& initial_filter); // Get a list of output types that should be tested. const std::vector& GetOutputTypes(); private: // Decide which method should be used to derive session keys, based on // supported featuers. void PickDerivedKey(); // Decide if secure buffers can be created, and initialize output_types_. void CheckSecureBuffers(); // Add a GTest filter restriction to the current filter. void FilterOut(std::string* current_filter, const std::string& new_filter); // A list of possible output types. std::vector output_types_; bool initialized_ = false; }; // There is one global set of features for the version of OEMCrypto being // tested. This should be initialized in the test program's main procedure. extern DeviceFeatures global_features; const char* ProvisioningMethodName(OEMCrypto_ProvisioningMethod method); } // namespace wvoec #endif // CDM_OEC_DEVICE_FEATURES_H_