Move keybox and root certificate handling into new class.

Merge from Widevine repo of http://go/wvgerrit/22804

Create a class, AuthenticationRoot, to encapsulate the objects and
logic for managing either keyboxes or certificates as the device's
root of trust.

Currently the class provides the existing keybox-related functions
needed by oemcrypto's CryptoEngine. It will be extended to provide
both keybox and certificate related functions, and the logic to
determine whether keybox or certificate based authentication should
be performed.

Change-Id: I792d1bfc8e9a81bbfd2baec20e3b3d182f0392f7

libwvdrmengine/oemcrypto/mock/src/oemcrypto_usage_table_mock.cpp

@@ -179,8 +179,13 @@ UsageTable::UsageTable(CryptoEngine *ce) {
   file->Read(reinterpret_cast<char *>(&encrypted_buffer[0]), file_size);
   file->Close();
 
-  // First, verify the signature of the usage table file.
-  std::vector<uint8_t> &key = ce_->real_keybox().device_key();
+  // Verify the signature of the usage table file.
+
+  // This should be encrypted and signed with a device specific key.
+  // For the reference implementation, I'm just going to use the keybox key.
+  const bool override_to_real = true;
+  const std::vector<uint8_t> &key = ce_->DeviceRootKey(override_to_real);
+
   uint8_t computed_signature[SHA256_DIGEST_LENGTH];
   unsigned int sig_length = sizeof(computed_signature);
   if (!HMAC(EVP_sha256(), &key[0], key.size(),
@@ -276,7 +281,8 @@ bool UsageTable::SaveToFile() {
 
   // This should be encrypted and signed with a device specific key.
   // For the reference implementation, I'm just going to use the keybox key.
-  std::vector<uint8_t> &key = ce_->real_keybox().device_key();
+  const bool override_to_real = true;
+  const std::vector<uint8_t> &key = ce_->DeviceRootKey(override_to_real);
 
   // Encrypt the table.
   RAND_bytes(encrypted_table->iv, wvcdm::KEY_IV_SIZE);