Restructed reference root of trust (2/3 DRM Cert)

[ Merge of http://go/wvgerrit/115551 ]

This change is the second part of a three part change for restructing
the root of trust used by the reference implementation.

The use of RSA_shared_ptr has been replaced with the standard library
std::shared_ptr using the RsaPrivateKey wrapper class.  The
AuthenticationRoot class now uses this for the built-in DRM cert key.

RSA decryption and signature operations within the session context are
now performed the RsaPrivateKey class.  This has reduced the code size
and complexity within the reference and testbed, focusing their
implementation on key policy and less on mechanics.

Bug: 168544740
Bug: 135283522
Test: oemcrypto_unittests ce_cdm_tests
Change-Id: Ic743a529a9858f3182290d8bcf5e1633737b005b

libwvdrmengine/oemcrypto/ref/src/oemcrypto_auth_ref.h

@@ -8,17 +8,14 @@
 #define OEMCRYPTO_AUTH_REF_H_
 
 #include <stdint.h>
+
 #include <memory>
 #include <vector>
 
-#include <openssl/rsa.h>
-
 #include "OEMCryptoCENC.h"  // Needed for enums only.
 #include "disallow_copy_and_assign.h"
-#include "oemcrypto_key_ref.h"
 #include "oemcrypto_keybox_ref.h"
-#include "oemcrypto_rsa_key_shared.h"
-#include "oemcrypto_types.h"
+#include "oemcrypto_rsa_key.h"
 
 namespace wvoec_ref {
 // The AuthenticationRoot class contains the OEMCrypto information
@@ -69,13 +66,13 @@ class AuthenticationRoot {
 
   // Returns the shared RSA private key from the built-in DRM
   // Certificate.
-  RSA_shared_ptr& SharedRsaKey() {
-    return test_rsa_key_.get() != nullptr ? test_rsa_key_ : rsa_key_;
+  std::shared_ptr<RsaPrivateKey> ShareDrmCertKey() {
+    return test_rsa_key_ ? test_rsa_key_ : rsa_key_;
   }
-  RSA* rsa_key() {
-    return test_rsa_key_.get() != nullptr ? test_rsa_key_.get()
-                                          : rsa_key_.get();
+  RsaPrivateKey* DrmCertKey() const {
+    return test_rsa_key_ ? test_rsa_key_.get() : rsa_key_.get();
   }
+  bool HasDrmCertKey() const { return test_rsa_key_ || rsa_key_; }
 
   // Loads the system's built-in RSA key.  Only implemented for
   // devices that are that pre-provisioned with a built-in DRM
@@ -144,11 +141,10 @@ class AuthenticationRoot {
   OEMCrypto_ProvisioningMethod prov_method_ = OEMCrypto_ProvisioningError;
 
   // DRM certificate.
-  // TODO(b/168544740): Remove |rsa_key_set_| when RSA_shared_ptr has
-  // been replaced with scoped RsaPrivateKey.
-  bool rsa_key_set_ = false;
-  RSA_shared_ptr rsa_key_;  // If no keybox, this is baked in certificate.
-  RSA_shared_ptr test_rsa_key_;
+  // If no keybox, this is the private key of the baked-in DRM
+  // Certificate.
+  std::shared_ptr<RsaPrivateKey> rsa_key_;
+  std::shared_ptr<RsaPrivateKey> test_rsa_key_;
 
   // Keybox data.
   std::unique_ptr<WvKeybox> keybox_;