Reject Embedded Keys Under 16 Bytes

(This is a merge of http://go/wvgerrit/60620)

The license code handles keys larger than 16 bytes correctly, but it
does not properly reject keys smaller than 16 bytes.

This patch adds unit tests not only for the new error case but also
the existing success cases which were not previously being tested. As
part of this, license_unittest was changed to use a Test Peer instead
of making the test fixture a friend class.

Bug: 111069024
Test: CE CDM unit tests
Test: Android unit tests
Change-Id: Idb2deb6fbe0aeb19b530f9818bebff480541f5c8

libwvdrmengine/cdm/core/src/crypto_session.cpp

@@ -117,7 +117,7 @@ void GenerateEncryptContext(const std::string& input_context,
   }
 
   const std::string kEncryptionKeyLabel = "ENCRYPTION";
-  const size_t kEncryptionKeySizeBits = wvcdm::KEY_SIZE * 8;
+  const size_t kEncryptionKeySizeBits = wvcdm::CONTENT_KEY_SIZE * 8;
 
   deriv_context->assign(kEncryptionKeyLabel);
   deriv_context->append(1, '\0');

libwvdrmengine/cdm/core/src/license.cpp

@@ -633,7 +633,7 @@ CdmResponseType CdmLicense::HandleKeyResponse(
           "CdmLicense::HandleKeyResponse: mac key/iv size error"
           "(key/iv size expected: %d/%d, actual: %d/%d",
           MAC_KEY_SIZE, KEY_IV_SIZE, mac_key.size(), mac_key_iv.size());
-      return KEY_SIZE_ERROR;
+      return KEY_SIZE_ERROR_1;
     }
   }
 
@@ -1126,11 +1126,11 @@ CdmResponseType CdmLicense::HandleEntitlementKeyResponse(
 CdmResponseType CdmLicense::HandleNewEntitledKeys(
     const std::vector<WidevinePsshData_EntitledKey>& wrapped_keys) {
   std::vector<CryptoKey> entitled_key_array;
-  entitled_key_array.reserve(entitlement_keys_.size());
+  entitled_key_array.reserve(wrapped_keys.size());
 
   for (RepeatedPtrField<License_KeyContainer>::const_iterator kc =
            entitlement_keys_.begin();
-       kc != entitlement_keys_.end(); kc++) {
+       kc != entitlement_keys_.end(); ++kc) {
     if (kc->type() != video_widevine::License::KeyContainer::ENTITLEMENT) {
       continue;
     }
@@ -1143,8 +1143,11 @@ CdmResponseType CdmLicense::HandleNewEntitledKeys(
 
         // Strip PKCS#5 padding from entitled content keys.
         std::string content_key = wk->key();
-        if (content_key.size() > KEY_SIZE) {
-          content_key.resize(KEY_SIZE);
+        if (content_key.size() < CONTENT_KEY_SIZE) {
+          LOGE("Entitled Key too small, %lu bytes", content_key.size());
+          return KEY_SIZE_ERROR_2;
+        } else if (content_key.size() > CONTENT_KEY_SIZE) {
+          content_key.resize(CONTENT_KEY_SIZE);
         }
 
         CryptoKey& this_entry = entitled_key_array.back();
@@ -1193,8 +1196,8 @@ CdmResponseType CdmLicense::HandleSubLicense(
 
     // Strip PKCS#5 padding from sublicense content keys.
     // TODO(jfore): Refactor this to use ExtractContentKeys.
-    if (keyc.key().size() > KEY_SIZE) {
-      length = keyc.key().size() - KEY_SIZE;
+    if (keyc.key().size() > CONTENT_KEY_SIZE) {
+      length = keyc.key().size() - CONTENT_KEY_SIZE;
     } else {
       length = 0;
     }

libwvdrmengine/cdm/core/src/service_certificate.cpp

@@ -226,7 +226,7 @@ CdmResponseType ServiceCertificate::EncryptClientId(
   encrypted_client_id->set_service_certificate_serial_number(serial_number_);
 
   std::string iv(KEY_IV_SIZE, 0);
-  std::string key(KEY_SIZE, 0);
+  std::string key(SERVICE_KEY_SIZE, 0);
 
   if (!crypto_session->GetRandom(key.size(),
                                 reinterpret_cast<uint8_t*>(&key[0])))