From c014da7da38eef3a7bdffdee6014537eb11582de Mon Sep 17 00:00:00 2001
From: Rahul Frias <rfrias@google.com>
Date: Wed, 23 Mar 2022 16:28:47 -0700
Subject: [PATCH] Correct when OEMCrypto_GetOEMPublicCertificate is called

[ Merge of http://go/wvgerrit/148469 ]

OEMCrypto_GetOEMPublicCertificate needed to be called
before the OEM private key was loaded due to a bug in OEMCrypto.
The bug has been addressed and the call can now be removed.

OEMCrypto_GetOEMPublicCertificate is only applicable to
devices with OEM certs as their root of trust. Devices with
keyboxes (or BCC) as their RoT would return a spurious
error OEMCrypto_ERROR_NOT_IMPLEMENTED. Removing the call
addresses this as well.

Bug: 190231658
Test: WV unit/integration test
Change-Id: I8216ca5a78b8c2acb5681c7f599cdc41efdf9fc7
---
 libwvdrmengine/cdm/core/src/crypto_session.cpp | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp
index f8e11ad2..61321942 100644
--- a/libwvdrmengine/cdm/core/src/crypto_session.cpp
+++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp
@@ -1303,7 +1303,7 @@ CdmResponseType CryptoSession::PrepareAndSignProvisioningRequest(
     const OEMCryptoResult status = OEMCrypto_LoadOEMPrivateKey(oec_session_id_);
     if (status != OEMCrypto_SUCCESS) {
       return MapOEMCryptoResult(status, GET_TOKEN_FROM_OEM_CERT_ERROR,
-                                "GetTokenFromOemCert");
+                                "PrepareAndSignProvisioningRequest");
     }
   } else {
     LOGE("Unknown method %d", pre_provision_token_type_);
@@ -1385,20 +1385,6 @@ CdmResponseType CryptoSession::LoadEntitledContentKeys(
 
 CdmResponseType CryptoSession::LoadCertificatePrivateKey(
     const CryptoWrappedKey& private_key) {
-  // TODO(b/141655126): Getting the OEM Cert no longer loads the private key.
-  // Call OEMCrypto_GetOEMPublicCertificate before OEMCrypto_LoadDRMPrivateKey
-  // so it caches the OEMCrypto Public Key and then throw away result
-  std::string temp_buffer(CERTIFICATE_DATA_SIZE, '\0');
-  size_t buf_size = temp_buffer.size();
-  uint8_t* buf = reinterpret_cast<uint8_t*>(&temp_buffer[0]);
-  OEMCryptoResult sts = WithOecSessionLock(
-      "LoadCertificatePrivateKey() calling OEMCrypto_GetOEMPublicCertificate",
-      [&] {
-        return OEMCrypto_GetOEMPublicCertificate(buf, &buf_size,
-                                                 requested_security_level_);
-      });
-  metrics_->oemcrypto_get_oem_public_certificate_.Increment(sts);
-
   const OEMCrypto_PrivateKeyType key_type =
       (private_key.type() == CryptoWrappedKey::kEcc)
           ? OEMCrypto_ECC_Private_Key
@@ -1407,6 +1393,7 @@ CdmResponseType CryptoSession::LoadCertificatePrivateKey(
 
   LOGV("Loading device DRM key: id = %u", oec_session_id_);
   // TODO(b/140813486): determine if cert is RSA or ECC.
+  OEMCryptoResult sts;
   WithOecSessionLock(
       "LoadCertificatePrivateKey() calling OEMCrypto_LoadDRMPrivateKey()", [&] {
         M_TIME(sts = OEMCrypto_LoadDRMPrivateKey(