Add test base that catches nonce flood

Merge from Widevine repo of http://go/wvgerrit/56520

This CL adds a test base that installs a test keybox and catches nonce
flood errors for all CDM tests.

In order to do this, a new class is added called a
CryptoSessionFactory.  The default factory just creates a new
CryptoSession.  All places in the code that create a new CryptoSession
now call the static method MakeCryptoSession, which uses the current
factory to create a CryptoSession.  If MakeCryptoSession is called and
there is no current factory, a default factory is created.

The CryptoSession constructor is now private, so that we do not
accidentally try to create one without using the factory.

For the new test base, we first create a special test
CryptoSessionFactory that creates a TestCryptoSession.  The test
factory catches the first call to MakeCryptoSession and injects an
installation of the test keybox after OEMCrypto_Initialize is called.

The TestCryptoSession injects a sleep statement and a retry whenever
it detects a nonce flood.

Test: current unit tests still pass.
bug: 72354901 Fix Generic Crypto tests.
bug: 111361440 Remove #ifdef from unit tests
Change-Id: I248e7f3c53721c04d2af412ef835e19bb4d15d9a

libwvdrmengine/cdm/core/src/certificate_provisioning.cpp

@@ -142,7 +142,7 @@ bool CertificateProvisioning::SetSpoidParameter(
   } else if (origin != EMPTY_ORIGIN) {
     // Legacy behavior - Concatenate Unique ID with Origin
     std::string device_unique_id;
-    if (!crypto_session_.GetInternalDeviceUniqueId(&device_unique_id)) {
+    if (!crypto_session_->GetInternalDeviceUniqueId(&device_unique_id)) {
       LOGE("CertificateProvisioning::SetSpoidParameter: Failure getting "
            "device unique ID");
       return false;
@@ -158,7 +158,7 @@ bool CertificateProvisioning::SetSpoidParameter(
  */
 SignedProvisioningMessage::ProtocolVersion
     CertificateProvisioning::GetProtocolVersion() {
-  if (crypto_session_.GetPreProvisionTokenType() == kClientTokenOemCert)
+  if (crypto_session_->GetPreProvisionTokenType() == kClientTokenOemCert)
     return SignedProvisioningMessage::VERSION_3;
   else
     return SignedProvisioningMessage::VERSION_2;
@@ -183,7 +183,7 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
 
   default_url->assign(kProvisioningServerUrl);
 
-  CdmResponseType status = crypto_session_.Open(requested_security_level);
+  CdmResponseType status = crypto_session_->Open(requested_security_level);
   if (NO_ERROR != status) {
     LOGE("GetProvisioningRequest: fails to create a crypto session");
     return status;
@@ -193,7 +193,7 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
   ProvisioningRequest provisioning_request;
 
   wvcdm::ClientIdentification id;
-  status = id.Init(&crypto_session_);
+  status = id.Init(crypto_session_.get());
   if (status != NO_ERROR) return status;
 
   video_widevine::ClientIdentification* client_id =
@@ -212,12 +212,12 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
   // Encrypt client identification
   EncryptedClientIdentification* encrypted_client_id =
       provisioning_request.mutable_encrypted_client_id();
-  status = service_certificate_->EncryptClientId(&crypto_session_, client_id,
-                                                 encrypted_client_id);
+  status = service_certificate_->EncryptClientId(
+      crypto_session_.get(), client_id, encrypted_client_id);
   provisioning_request.clear_client_id();
 
   uint32_t nonce;
-  if (!crypto_session_.GenerateNonce(&nonce)) {
+  if (!crypto_session_->GenerateNonce(&nonce)) {
     LOGE("GetProvisioningRequest: fails to generate a nonce");
     return CERT_PROVISIONING_NONCE_GENERATION_ERROR;
   }
@@ -254,7 +254,7 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
 
   // Derives signing and encryption keys and constructs signature.
   std::string request_signature;
-  if (!crypto_session_.PrepareRequest(serialized_message, true,
+  if (!crypto_session_->PrepareRequest(serialized_message, true,
                                       &request_signature)) {
     LOGE("GetProvisioningRequest: fails to prepare request");
     return CERT_PROVISIONING_REQUEST_ERROR_3;
@@ -351,7 +351,7 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
 
   // If Provisioning 3.0 (OEM Cert provisioned), verify that the
   // message is properly signed.
-  if (crypto_session_.GetPreProvisionTokenType() == kClientTokenOemCert) {
+  if (crypto_session_->GetPreProvisionTokenType() == kClientTokenOemCert) {
     if (service_certificate_->VerifySignedMessage(signed_message, signature)
         != NO_ERROR) {
       // TODO(b/69562876): if the cert is bad, request a new one.
@@ -369,14 +369,14 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
 
   std::string wrapped_private_key;
 
-  if (!crypto_session_.RewrapCertificate(signed_message, signature, nonce,
+  if (!crypto_session_->RewrapCertificate(signed_message, signature, nonce,
                                          new_private_key, iv, wrapping_key,
                                          &wrapped_private_key)) {
     LOGE("HandleProvisioningResponse: RewrapCertificate fails");
     return CERT_PROVISIONING_RESPONSE_ERROR_6;
   }
 
-  crypto_session_.Close();
+  crypto_session_->Close();
 
   if (cert_type_ == kCertificateX509) {
     *cert = provisioning_response.device_certificate();
@@ -391,7 +391,7 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
       provisioning_response.device_certificate();
 
   DeviceFiles handle(file_system);
-  if (!handle.Init(crypto_session_.GetSecurityLevel())) {
+  if (!handle.Init(crypto_session_->GetSecurityLevel())) {
     LOGE("HandleProvisioningResponse: failed to init DeviceFiles");
     return CERT_PROVISIONING_RESPONSE_ERROR_7;
   }