Replace OEMCrypto_LoadDeviceRSAKey with OEMCrypto_LoadDRMPrivateKey

Merge from Widevine repo of http://go/wvgerrit/96783

This CL updates the reference code, unit tests, and adapter to use the
new v16 function OEMCrypto_LoadDRMPrivateKey. This is just an API
change to allow ECC support in the future. The reference code does not
yet support ECC certificates, and the CDM code assumes that all
certificates have an RSA key.

Bug: 152558018
Test: unit tests on taimen and w/v16 mod mock.
Change-Id: I0793b416513b81b3d74849f0b58dbdc91f075ac6

libwvdrmengine/cdm/core/src/crypto_session.cpp

@@ -1201,7 +1201,7 @@ CdmResponseType CryptoSession::LoadEntitledContentKeys(
 CdmResponseType CryptoSession::LoadCertificatePrivateKey(
     const std::string& wrapped_key) {
   // TODO(b/141655126): Getting the OEM Cert no longer loads the private key.
-  // Call OEMCrypto_GetOEMPublicCertificate before OEMCrypto_LoadDeviceRSAKey
+  // Call OEMCrypto_GetOEMPublicCertificate before OEMCrypto_LoadDRMPrivateKey
   // so it caches the OEMCrypto Public Key and then throw away result
   std::string temp_buffer(CERTIFICATE_DATA_SIZE, '\0');
   size_t buf_size = temp_buffer.size();
@@ -1216,10 +1216,11 @@ CdmResponseType CryptoSession::LoadCertificatePrivateKey(
   metrics_->oemcrypto_get_oem_public_certificate_.Increment(sts);
 
   LOGV("Loading device RSA key: id = %u", oec_session_id_);
+  // TODO(b/140813486): determine if cert is RSA or ECC.
   WithOecSessionLock(
-      "LoadCertificatePrivateKey() calling OEMCrypto_LoadDeviceRSAKey()", [&] {
-        M_TIME(sts = OEMCrypto_LoadDeviceRSAKey(
-                   oec_session_id_,
+      "LoadCertificatePrivateKey() calling OEMCrypto_LoadDRMPrivateKey()", [&] {
+        M_TIME(sts = OEMCrypto_LoadDRMPrivateKey(
+                   oec_session_id_, OEMCrypto_RSA_Private_Key,
                    reinterpret_cast<const uint8_t*>(wrapped_key.data()),
                    wrapped_key.size()),
                metrics_, oemcrypto_load_device_rsa_key_, sts);

libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp

@@ -200,6 +200,9 @@ typedef OEMCryptoResult (*L1_RewrapDeviceRSAKey_t)(
 typedef OEMCryptoResult (*L1_LoadDeviceRSAKey_t)(OEMCrypto_SESSION session,
                                                  const uint8_t* wrapped_rsa_key,
                                                  size_t wrapped_rsa_key_length);
+typedef OEMCryptoResult (*L1_LoadDRMPrivateKey_t)(
+    OEMCrypto_SESSION session, OEMCrypto_PrivateKeyType key_type,
+    const uint8_t* wrapped_rsa_key, size_t wrapped_rsa_key_length);
 typedef OEMCryptoResult (*L1_LoadTestRSAKey_t)();
 typedef OEMCryptoResult (*L1_GenerateRSASignature_t)(
     OEMCrypto_SESSION session, const uint8_t* message, size_t message_length,
@@ -351,6 +354,7 @@ struct FunctionPointers {
   L1_GetRandom_t GetRandom;
   L1_RewrapDeviceRSAKey_t RewrapDeviceRSAKey;
   L1_LoadDeviceRSAKey_t LoadDeviceRSAKey;
+  L1_LoadDRMPrivateKey_t LoadDRMPrivateKey;
   L1_LoadTestRSAKey_t LoadTestRSAKey;
   L1_GenerateRSASignature_t GenerateRSASignature;
   L1_DeriveKeysFromSessionKey_t DeriveKeysFromSessionKey;
@@ -827,7 +831,8 @@ class Adapter {
     LOOKUP_ALL(10, IsAntiRollbackHwPresent,    OEMCrypto_IsAntiRollbackHwPresent);
     LOOKUP_ALL( 8, IsKeyboxOrOEMCertValid,     OEMCrypto_IsKeyboxOrOEMCertValid);
     LOOKUP_ALL(13, IsSRMUpdateSupported,       OEMCrypto_IsSRMUpdateSupported);
-    LOOKUP_ALL( 8, LoadDeviceRSAKey,           OEMCrypto_LoadDeviceRSAKey);
+    LOOKUP( 8, 15, LoadDeviceRSAKey,           OEMCrypto_LoadDeviceRSAKey);
+    LOOKUP_ALL(16, LoadDRMPrivateKey,          OEMCrypto_LoadDRMPrivateKey);
     LOOKUP( 8,  8, LoadKeys_V8,                OEMCrypto_LoadKeys_V8);
     LOOKUP( 9, 10, LoadKeys_V9_or_V10,         OEMCrypto_LoadKeys_V9_or_V10);
     LOOKUP(11, 12, LoadKeys_V11_or_V12,        OEMCrypto_LoadKeys_V11_or_V12);
@@ -980,6 +985,8 @@ class Adapter {
     level3_.GetRandom                  = Level3_GetRandom;
     level3_.RewrapDeviceRSAKey         = Level3_RewrapDeviceRSAKey;
     level3_.LoadDeviceRSAKey           = Level3_LoadDeviceRSAKey;
+    // TODO(b/139814713): implement V16 DecryptCENC for Haystack L3
+    // level3_.LoadDRMPrivateKey           = Level3_LoadDRMPrivateKey;
     level3_.LoadTestRSAKey             = Level3_LoadTestRSAKey;
     level3_.GenerateRSASignature       = Level3_GenerateRSASignature;
     level3_.DeriveKeysFromSessionKey   = Level3_DeriveKeysFromSessionKey;
@@ -2263,12 +2270,22 @@ extern "C" OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey(
       wrapped_rsa_key_length);
 }
 
-extern "C" OEMCryptoResult OEMCrypto_LoadDeviceRSAKey(
-    OEMCrypto_SESSION session, const uint8_t* wrapped_rsa_key,
-    size_t wrapped_rsa_key_length) {
+extern "C" OEMCryptoResult OEMCrypto_LoadDRMPrivateKey(
+    OEMCrypto_SESSION session, OEMCrypto_PrivateKeyType key_type,
+    const uint8_t* wrapped_rsa_key, size_t wrapped_rsa_key_length) {
   if (!gAdapter) return OEMCrypto_ERROR_UNKNOWN_FAILURE;
   LevelSession pair = gAdapter->GetSession(session);
   if (!pair.fcn) return OEMCrypto_ERROR_INVALID_SESSION;
+  // TODO(152701491): re-introduce version checking. LoadDRMPrivateKey should
+  // always be present for v16 device.
+  if (pair.fcn->LoadDRMPrivateKey != nullptr) {
+    return pair.fcn->LoadDRMPrivateKey(pair.session, key_type, wrapped_rsa_key,
+                                       wrapped_rsa_key_length);
+  }
+  if (key_type != OEMCrypto_RSA_Private_Key) {
+    LOGE("ECC not supported");
+    return OEMCrypto_ERROR_NOT_IMPLEMENTED;
+  }
   if (pair.fcn->LoadDeviceRSAKey == nullptr)
     return OEMCrypto_ERROR_NOT_IMPLEMENTED;
   return pair.fcn->LoadDeviceRSAKey(pair.session, wrapped_rsa_key,