102 lines
4.1 KiB
C++
102 lines
4.1 KiB
C++
#ifndef CDM_OEC_DEVICE_FEATURES_H_
|
|
#define CDM_OEC_DEVICE_FEATURES_H_
|
|
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include "OEMCryptoCENC.h"
|
|
#include "oemcrypto_types.h"
|
|
|
|
namespace wvoec {
|
|
|
|
// These tests are designed to work for this version:
|
|
constexpr unsigned int kCurrentAPI = 19;
|
|
// The API version when Core Messages were introduced.
|
|
constexpr unsigned int kCoreMessagesAPI = 16;
|
|
// The API version when we stopped encrypting key control blocks.
|
|
constexpr unsigned int kClearControlBlockAPIMajor = 16;
|
|
constexpr unsigned int kClearControlBlockAPIMinor = 5;
|
|
|
|
// An output type for testing. The type field is secure, clear, or direct. If
|
|
// the type is clear, then decrypt_inplace could be true. Otherwise,
|
|
// decrypt_inplace is false.
|
|
struct OutputType {
|
|
bool decrypt_inplace;
|
|
OEMCryptoBufferType type;
|
|
};
|
|
|
|
// Keeps track of which features are supported by the version of OEMCrypto being
|
|
// tested. See the integration guide for a list of optional features.
|
|
class DeviceFeatures {
|
|
public:
|
|
// There are several possible methods used to derive a set of known session
|
|
// keys. For example, the test can install a known test keybox, or it can
|
|
// parse the OEM certificate.
|
|
enum DeriveMethod { // Method to use derive session keys.
|
|
NO_METHOD, // Cannot derive known session keys.
|
|
LOAD_TEST_KEYBOX, // Call LoadTestKeybox before deriving keys.
|
|
LOAD_TEST_RSA_KEY, // Call LoadTestRSAKey before deriving keys.
|
|
TEST_PROVISION_30, // Device has OEM Certificate installed.
|
|
TEST_PROVISION_40, // Device has Boot Certificate Chain installed.
|
|
PRELOADED_RSA_KEY, // Device has test RSA key baked in.
|
|
};
|
|
|
|
enum DeriveMethod derive_key_method;
|
|
bool uses_keybox; // Device uses a keybox to derive session keys.
|
|
bool loads_certificate; // Device can load a certificate from the server.
|
|
bool generic_crypto; // Device supports generic crypto.
|
|
bool cast_receiver; // Device supports alternate rsa signature padding.
|
|
bool usage_table; // Device saves usage information.
|
|
bool supports_rsa_3072; // Device supports 3072 bit RSA keys.
|
|
bool supports_secp256r1; // Device supports secp256r1 ECC keys.
|
|
bool supports_level_1; // Device supports Level 1 security.
|
|
uint32_t resource_rating; // Device's resource rating tier.
|
|
bool supports_crc; // Supported decrypt hash type CRC.
|
|
bool test_secure_buffers; // If we can create a secure buffer for testing.
|
|
bool supports_cas; // Device supports CAS (Condition Access System).
|
|
uint32_t api_version;
|
|
OEMCrypto_ProvisioningMethod provisioning_method;
|
|
|
|
// This should be called from the test program's main procedure.
|
|
void Initialize();
|
|
void set_cast_receiver(bool is_cast_receiver) {
|
|
cast_receiver = is_cast_receiver;
|
|
}
|
|
|
|
// Get a list of output types that should be tested.
|
|
const std::vector<OutputType>& GetOutputTypes();
|
|
|
|
// If the device has a baked in cert, then this is the public key that should
|
|
// be used for testing.
|
|
const std::vector<uint8_t>& rsa_test_key() const { return rsa_test_key_; };
|
|
void set_rsa_test_key(const std::vector<uint8_t>& rsa_test_key) {
|
|
rsa_test_key_ = rsa_test_key;
|
|
}
|
|
void set_rsa_test_key(std::vector<uint8_t>&& rsa_test_key) {
|
|
rsa_test_key_ = std::move(rsa_test_key);
|
|
}
|
|
|
|
private:
|
|
// Decide which method should be used to derive session keys, based on
|
|
// supported featuers.
|
|
void PickDerivedKey();
|
|
// Decide if secure buffers can be created, and initialize output_types_.
|
|
void CheckSecureBuffers();
|
|
// Add a GTest filter restriction to the current filter.
|
|
void FilterOut(std::string* current_filter, const std::string& new_filter);
|
|
|
|
// A list of possible output types.
|
|
std::vector<OutputType> output_types_;
|
|
bool initialized_ = false;
|
|
std::vector<uint8_t> rsa_test_key_;
|
|
};
|
|
|
|
// There is one global set of features for the version of OEMCrypto being
|
|
// tested. This should be initialized in the test program's main procedure.
|
|
extern DeviceFeatures global_features;
|
|
const char* ProvisioningMethodName(OEMCrypto_ProvisioningMethod method);
|
|
|
|
} // namespace wvoec
|
|
|
|
#endif // CDM_OEC_DEVICE_FEATURES_H_
|