Add OEMCrypto_WrapClearPrivateKey()

Bug: 306059409
Test: WVTS

Change-Id: Ifce5824b455c276c6fc0753de7932a5b69dffd1f
(cherry picked from commit f4679aac18de5dbe2bc22501294e719a55d51199)

libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h

@@ -714,6 +714,7 @@ typedef enum OEMCrypto_SignatureHashAlgorithm {
 #define OEMCrypto_EnterTestMode               _oecc140
 #define OEMCrypto_GetDeviceSignedCsrPayload   _oecc141
 #define OEMCrypto_FactoryInstallBCCSignature  _oecc142
+#define OEMCrypto_WrapClearPrivateKey         _oecc154
 // clang-format on
 
 /// @addtogroup initcontrol
@@ -3145,6 +3146,51 @@ OEMCryptoResult OEMCrypto_IsKeyboxOrOEMCertValid(void);
 OEMCryptoResult OEMCrypto_GetDeviceID(uint8_t* device_id,
                                       size_t* device_id_length);
 
+/**
+ * Encrypts a clear device RSA/ECC key with an internal key (such as the OEM
+ * key or Widevine Keybox key) and a generated IV using AES-128-CBC with PKCS#5
+ * padding.
+ *
+ * Copies the wrapped key to the buffer specified by |wrapped_private_key| and
+ * sets the size of the wrapped key to |wrapped_private_key_length|.
+ *
+ * The clear private key is encoded in PKCS#8 binary DER format. The OEMCrypto
+ * library shall verify that this RSA key is valid.
+ *
+ * The clear key should be encrypted using the same device specific key used in
+ * OEMCrypto_LoadProvisioning. The wrapped private key will be unwrapped in the
+ * function OEMCrypto_LoadDRMPrivateKey.
+ *
+ * This function should only be implemented for factory builds.
+ *
+ * @param[in] clear_private_key_bytes: pointer to memory containing the
+ *     unencrypted private key data.
+ * @param[in] clear_private_key_length: the length of the private key data.
+ * @param[out] wrapped_private_key: pointer to buffer in which the encrypted
+ *     private key should be stored. May be null on the first call in order to
+ *     find required buffer size.
+ * @param[in,out] wrapped_private_key_length: (in) length of the encrypted
+ *     private key, in bytes. (out) actual length of the encrypted private key,
+ *     or required length if provided length is too small.
+ *
+ * @retval OEMCrypto_SUCCESS on success
+ * @retval OEMCrypto_ERROR_INVALID_CONTEXT clear_private_key_bytes is NULL, or
+ *         clear private key fails to parse as PKCS#8
+ * @retval OEMCrypto_ERROR_SHORT_BUFFER wrapped_private_key_length is too small,
+ *         or wrapped_private_key is NULL
+ *
+ * @threading
+ *   This is an "Initialization and Termination Function" and will not be
+ *   called simultaneously with any other function, as if the CDM holds a write
+ *   lock on the OEMCrypto system.
+ *
+ * @version
+ *   This method is new in API version 18.6.
+ */
+OEMCryptoResult OEMCrypto_WrapClearPrivateKey(
+    const uint8_t* clear_private_key_bytes, size_t clear_private_key_length,
+    uint8_t* wrapped_private_key, size_t* wrapped_private_key_length);
+
 /// @}
 
 /// @addtogroup keybox