Use InstallRootKeyCertificate for keybox and cert

Merge from Widevine repo of http://go/wvgerrit/55461

This CL allows provisioning 3.0 devices to install their OEM certs
from an initialization partition.  This method is already used for
keyboxes on Android -- we are just adding the ability to use it for
OEM certs, also.

Also, for v15, we require OEMCrypto to report a valid certificate in
the unit tests.

bug: 111725154
test: unit tests
Change-Id: I142c84a1a67bdb4cee943cfd12a632421901eb24

libwvdrmengine/oemcrypto/ref/src/oemcrypto_ref.cpp

@@ -548,12 +548,10 @@ extern "C" OEMCryptoResult OEMCrypto_CopyBuffer(
   return crypto_engine->PushDestination(out_buffer, subsample_flags);
 }
 
-extern "C" OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox,
-                                                size_t keyBoxLength,
-                                                uint8_t* wrappedKeybox,
-                                                size_t* wrappedKeyBoxLength,
-                                                const uint8_t* transportKey,
-                                                size_t transportKeyLength) {
+extern "C" OEMCryptoResult OEMCrypto_WrapKeyboxOrOEMCert(
+    const uint8_t* keybox, size_t keyBoxLength, uint8_t* wrappedKeybox,
+    size_t* wrappedKeyBoxLength, const uint8_t* transportKey,
+    size_t transportKeyLength) {
   if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
     return OEMCrypto_ERROR_NOT_IMPLEMENTED;
   }
@@ -567,10 +565,10 @@ extern "C" OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t* keybox,
   return OEMCrypto_SUCCESS;
 }
 
-extern "C" OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox,
-                                                   size_t keyBoxLength) {
+extern "C" OEMCryptoResult OEMCrypto_InstallKeyboxOrOEMCert(
+    const uint8_t* keybox, size_t keyBoxLength) {
   if (!crypto_engine) {
-    LOGE("OEMCrypto_InstallKeybox: OEMCrypto Not Initialized.");
+    LOGE("OEMCrypto_InstallKeyboxOrOEMCert: OEMCrypto Not Initialized.");
     return OEMCrypto_ERROR_UNKNOWN_FAILURE;
   }
   if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
@@ -595,23 +593,34 @@ extern "C" OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t* buffer,
   return OEMCrypto_SUCCESS;
 }
 
-extern "C" OEMCryptoResult OEMCrypto_IsKeyboxValid(void) {
+extern "C" OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(void) {
   if (!crypto_engine) {
-    LOGE("OEMCrypto_IsKeyboxValid: OEMCrypto Not Initialized.");
+    LOGE("OEMCrypto_IsKeyboxOrOEMCertValid: OEMCrypto Not Initialized.");
     return OEMCrypto_ERROR_UNKNOWN_FAILURE;
   }
-  if (crypto_engine->config_provisioning_method() != OEMCrypto_Keybox) {
-    return OEMCrypto_ERROR_NOT_IMPLEMENTED;
-  }
-  switch (crypto_engine->ValidateKeybox()) {
-    case NO_ERROR:
+  switch (crypto_engine->config_provisioning_method()) {
+    case OEMCrypto_DrmCertificate:
       return OEMCrypto_SUCCESS;
-    case BAD_CRC:
-      return OEMCrypto_ERROR_BAD_CRC;
-    case BAD_MAGIC:
-      return OEMCrypto_ERROR_BAD_MAGIC;
+    case OEMCrypto_Keybox:
+      switch (crypto_engine->ValidateKeybox()) {
+        case NO_ERROR:
+          return OEMCrypto_SUCCESS;
+        case BAD_CRC:
+          return OEMCrypto_ERROR_BAD_CRC;
+        case BAD_MAGIC:
+          return OEMCrypto_ERROR_BAD_MAGIC;
+        default:
+        case OTHER_ERROR:
+          return OEMCrypto_ERROR_UNKNOWN_FAILURE;
+      }
+      break;
+    case OEMCrypto_OEMCertificate:
+      // TODO(fredgc): verify that the certificate exists and is valid.
+      return OEMCrypto_SUCCESS;
+      break;
     default:
-    case OTHER_ERROR:
+      LOGE("Invalid provisioning method: %d.",
+           crypto_engine->config_provisioning_method());
       return OEMCrypto_ERROR_UNKNOWN_FAILURE;
   }
 }