Merge "[DO NOT MERGE] Revert "Restructed reference root of trust (3/3 OEM Cert)"" into sc-dev

libwvdrmengine/oemcrypto/ref/src/oemcrypto_auth_ref.cpp

@@ -177,6 +177,9 @@ static const uint8_t kTestRSAPKCS8PrivateKeyInfo2_2048[] = {
   0x72, 0x2c, 0xf7, 0xc1, 0x22, 0x36, 0xd9, 0x18,
   0x56, 0xfe, 0x39, 0x28, 0x33, 0xe0, 0xdb, 0x03
 };
+
+// Filler for returning vector references.
+const std::vector<uint8_t> kEmptyVector;
 }  // namespace
 
 bool AuthenticationRoot::Initialize(OEMCrypto_ProvisioningMethod method) {
@@ -184,12 +187,10 @@ bool AuthenticationRoot::Initialize(OEMCrypto_ProvisioningMethod method) {
     // If provisioning method is something other than ProvisioningError
     // indicates it has already been initialized before.  Must
     // existing data.
-    drm_cert_key_.reset();
-    test_drm_cert_key_.reset();
+    rsa_key_.reset();
+    test_rsa_key_.reset();
     keybox_.reset();
     test_keybox_.reset();
-    oem_cert_.reset();
-    oem_cert_key_.reset();
   }
   prov_method_ = method;
   switch (method) {
@@ -197,7 +198,7 @@ bool AuthenticationRoot::Initialize(OEMCrypto_ProvisioningMethod method) {
       std::unique_ptr<RsaPrivateKey> key =
           RsaPrivateKey::Load(kPrivateKey, kPrivateKeySize);
       if (key) {
-        drm_cert_key_ = std::move(key);
+        rsa_key_ = std::move(key);
       } else {
         // This error message is OK in unit tests which use test certificate.
         LOGE(
@@ -229,7 +230,8 @@ bool AuthenticationRoot::IsValid() const {
       return HasDeviceKey();
     }
     case OEMCrypto_OEMCertificate: {
-      return HasOemCertKey() && HasDeviceKey();
+      // TODO(sigquit): Add OEM Certificate validation.
+      return true;
     }
     default: {
       LOGE("Root of trust is not properly initialized");
@@ -249,11 +251,8 @@ OEMCryptoResult AuthenticationRoot::IsKeyboxOrOemCertValid() const {
       return kb->IsKeyboxValid();
     }
     case OEMCrypto_OEMCertificate: {
-      if (!oem_cert_) {
-        LOGW("OEM cert is not installed");
-        return OEMCrypto_ERROR_UNKNOWN_FAILURE;
-      }
-      return oem_cert_->IsCertificateValid();
+      LOGW("OEM certificate validation is not implemented");
+      return OEMCrypto_ERROR_NOT_IMPLEMENTED;
     }
     case OEMCrypto_DrmCertificate: {
       return OEMCrypto_ERROR_NOT_IMPLEMENTED;
@@ -301,7 +300,7 @@ std::vector<uint8_t> AuthenticationRoot::DeviceId() const {
   }
   if (prov_method_ == OEMCrypto_Keybox) {
     LOGE("Expected keybox to be set for a device ID");
-    return std::vector<uint8_t>();
+    return kEmptyVector;
   }
   return std::vector<uint8_t>(kFakeDeviceId.begin(), kFakeDeviceId.end());
 }
@@ -312,7 +311,7 @@ std::vector<uint8_t> AuthenticationRoot::DeviceKey() const {
     return kb->DeviceKey();
   }
   LOGE("No device key has been set");
-  return std::vector<uint8_t>();
+  return kEmptyVector;
 }
 
 bool AuthenticationRoot::HasDeviceKey() const { return keybox() != nullptr; }
@@ -327,7 +326,7 @@ OEMCryptoResult AuthenticationRoot::LoadTestRsaKey() {
     LOGE("System does not support DRM certificates");
     return OEMCrypto_ERROR_NOT_IMPLEMENTED;
   }
-  if (test_drm_cert_key_) {
+  if (test_rsa_key_) {
     LOGE("Test RSA key is already loaded");
     return OEMCrypto_ERROR_INSUFFICIENT_RESOURCES;
   }
@@ -338,7 +337,7 @@ OEMCryptoResult AuthenticationRoot::LoadTestRsaKey() {
     LOGE("Failed to load test RSA key");
     return OEMCrypto_ERROR_UNKNOWN_FAILURE;
   }
-  test_drm_cert_key_ = std::move(key);
+  test_rsa_key_ = std::move(key);
   return OEMCrypto_SUCCESS;
 }
 
@@ -400,48 +399,22 @@ OEMCryptoResult AuthenticationRoot::GetKeyData(uint8_t* key_data,
   return kb->GetKeyData(key_data, key_data_length);
 }
 
-OEMCryptoResult AuthenticationRoot::InstallOemCertificate(
-    const uint8_t* private_key, size_t private_key_size,
-    const uint8_t* public_cert, size_t public_cert_size) {
-  if (prov_method_ != OEMCrypto_OEMCertificate) {
-    LOGE("System does not support OEM certificates");
-    return OEMCrypto_ERROR_NOT_IMPLEMENTED;
-  }
-  if (oem_cert_ || oem_cert_key_) {
-    LOGE("OEM certificate is already installed");
-    return OEMCrypto_ERROR_INSUFFICIENT_RESOURCES;
-  }
-  std::unique_ptr<OemCertificate> oem_cert = OemCertificate::Create(
-      private_key, private_key_size, public_cert, public_cert_size);
-  if (!oem_cert) {
-    LOGE("Failed to install OEM certificate as root of trust");
-    return OEMCrypto_ERROR_UNKNOWN_FAILURE;
-  }
-  if (oem_cert->key_type() != OemCertificate::kRsa) {
-    LOGE("Only RSA-based OEM certificates supported");
-    return OEMCrypto_ERROR_UNKNOWN_FAILURE;
-  }
-  std::unique_ptr<RsaPrivateKey> oem_cert_key =
-      RsaPrivateKey::Load(oem_cert->GetPrivateKey());
-  if (!oem_cert_key) {
-    LOGE("Failed to parse OEM certificate private key");
-    return OEMCrypto_ERROR_INVALID_RSA_KEY;
-  }
-  oem_cert_ = std::move(oem_cert);
-  oem_cert_key_ = std::move(oem_cert_key);
-  return OEMCrypto_SUCCESS;
-}
-
 OEMCryptoResult AuthenticationRoot::GetOemPublicCertificate(
     uint8_t* public_cert, size_t* public_cert_length) const {
   if (prov_method_ != OEMCrypto_OEMCertificate) {
     LOGE("System does not support OEM certificates");
     return OEMCrypto_ERROR_NOT_IMPLEMENTED;
   }
-  if (!oem_cert_) {
-    LOGE("OEM certificate is not installed");
-    return OEMCrypto_ERROR_UNKNOWN_FAILURE;
+  LOGE("OEM certificates have not been implemented on auth root");
+  return OEMCrypto_ERROR_NOT_IMPLEMENTED;
+}
+
+const std::vector<uint8_t>& AuthenticationRoot::GetOemPrivateKey() const {
+  if (prov_method_ != OEMCrypto_OEMCertificate) {
+    LOGE("System does not support OEM certificates");
+    return kEmptyVector;
   }
-  return oem_cert_->GetPublicCertificate(public_cert, public_cert_length);
+  LOGE("OEM certificates have not been implemented on auth root");
+  return kEmptyVector;
 }
 }  // namespace wvoec_ref