Avoid sending clear subsamples to the decoder before keys are loaded

[ Merge of http://go/wvgerrit/54880 ]

Sending clear subsamples but filtering out encrypted ones,
before the keys have been loaded, causes problems during decode.
This is because subsamples that contain the first and last
subsample flags may be filtered out.

Clear subsamples that have first and last subsample flags set
will still be allowed to be passed to the decoder.

Bug: 110251447
Bug: 73447733
Test: WV Unit/integration tests.
Change-Id: I8c91c88f6313ad7b7b21c1c95e4c5787381949c1

libwvdrmengine/cdm/src/wv_content_decryption_module.cpp

@@ -327,10 +327,14 @@ CdmResponseType WvContentDecryptionModule::Decrypt(
         cdm_engine->FindSessionForKey(*parameters.key_id, &local_session_id);
     cdm_engine->GetMetrics()->cdm_engine_find_session_for_key_.Increment(
         status);
-    if (!status && parameters.is_encrypted) {
-      LOGE("WvContentDecryptionModule::Decrypt: unable to find session: %s",
-           session_id.c_str());
-      return KEY_NOT_FOUND_IN_SESSION;
+    if (!status) {
+      // key does not need to be loaded if clear lead/frame has a
+      // single subsample. It does in all other cases.
+      if (parameters.is_encrypted ||
+          !(parameters.subsample_flags & OEMCrypto_FirstSubsample) ||
+          !(parameters.subsample_flags & OEMCrypto_LastSubsample)) {
+        return KEY_NOT_FOUND_IN_SESSION;
+      }
     }
   }
   CdmResponseType sts;

libwvdrmengine/cdm/test/request_license_test.cpp

@@ -100,6 +100,39 @@ SubSampleInfo clear_sub_sample = {
     wvcdm::a2b_hex("f6f4b1e600a5b67813ed2bded913ba9f"), 0,
     OEMCrypto_FirstSubsample | OEMCrypto_LastSubsample};
 
+SubSampleInfo clear_sub_samples[2] = {
+  // block 0, key SD, encrypted, 128b
+  { true, 1, true, false, false,
+    wvcdm::a2bs_hex("371EA35E1A985D75D198A7F41020DC23"),
+    wvcdm::a2b_hex(
+        "217ce9bde99bd91e9733a1a00b9b557ac3a433dc92633546156817fae26b6e1c"
+        "942ac20a89ff79f4c2f25fba99d6a44618a8c0420b27d54e3da17b77c9d43cca"
+        "595d259a1e4a8b6d7744cd98c5d3f921adc252eb7d8af6b916044b676a574747"
+        "8df21fdc42f166880d97a2225cd5c9ea5e7b752f4cf81bbdbe98e542ee10e1c6"),
+    wvcdm::a2b_hex(
+        "217ce9bde99bd91e9733a1a00b9b557ac3a433dc92633546156817fae26b6e1c"
+        "942ac20a89ff79f4c2f25fba99d6a44618a8c0420b27d54e3da17b77c9d43cca"
+        "595d259a1e4a8b6d7744cd98c5d3f921adc252eb7d8af6b916044b676a574747"
+        "8df21fdc42f166880d97a2225cd5c9ea5e7b752f4cf81bbdbe98e542ee10e1c6"),
+    wvcdm::a2b_hex("f6f4b1e600a5b67813ed2bded913ba9f"), 0,
+    OEMCrypto_FirstSubsample},
+  // block 1, key SD, encrypted, 128b
+  { true, 1, true, false, false,
+    wvcdm::a2bs_hex("371EA35E1A985D75D198A7F41020DC23"),
+    wvcdm::a2b_hex(
+        "ad868a6ac55c10d564fc23b8acff407daaf4ed2743520e02cda9680d9ea88e91"
+        "029359c4cf5906b6ab5bf60fbb3f1a1c7c59acfc7e4fb4ad8e623c04d503a3dd"
+        "4884604c8da8a53ce33db9ff8f1c5bb6bb97f37b39906bf41596555c1bcce9ed"
+        "08a899cd760ff0899a1170c2f224b9c52997a0785b7fe170805fd3e8b1127659"),
+    wvcdm::a2b_hex(
+        "ad868a6ac55c10d564fc23b8acff407daaf4ed2743520e02cda9680d9ea88e91"
+        "029359c4cf5906b6ab5bf60fbb3f1a1c7c59acfc7e4fb4ad8e623c04d503a3dd"
+        "4884604c8da8a53ce33db9ff8f1c5bb6bb97f37b39906bf41596555c1bcce9ed"
+        "08a899cd760ff0899a1170c2f224b9c52997a0785b7fe170805fd3e8b1127659"),
+    wvcdm::a2b_hex("f6f4b1e600a5b67813ed2bded913ba9f"), 0,
+    OEMCrypto_LastSubsample}
+};
+
 SubSampleInfo clear_sub_sample_no_key = {
     false, 1, false, false, false,
     wvcdm::a2bs_hex("77777777777777777777777777777777"),
@@ -4695,10 +4728,13 @@ TEST_P(WvCdmSessionSharingNoKeyTest, DecryptionTest) {
   decryption_parameters.is_secure = data->is_secure;
   decryption_parameters.subsample_flags = data->subsample_flags;
 
-    EXPECT_EQ(data->is_encrypted ? KEY_NOT_FOUND_IN_SESSION : NO_ERROR,
-              decryptor_.Decrypt(gp_session_id_2, data->validate_key_id,
-                                 decryption_parameters));
-  if (!data->is_encrypted) {
+  bool can_decrypt = !data->is_encrypted &&
+      data->subsample_flags & OEMCrypto_FirstSubsample &&
+      data->subsample_flags & OEMCrypto_LastSubsample;
+  EXPECT_EQ(can_decrypt ? NO_ERROR : KEY_NOT_FOUND_IN_SESSION,
+            decryptor_.Decrypt(gp_session_id_2, data->validate_key_id,
+                               decryption_parameters));
+  if (can_decrypt) {
     EXPECT_TRUE(std::equal(data->decrypt_data.begin(), data->decrypt_data.end(),
                            decrypt_buffer.begin()));
   }
@@ -4709,6 +4745,8 @@ TEST_P(WvCdmSessionSharingNoKeyTest, DecryptionTest) {
 
 INSTANTIATE_TEST_CASE_P(Cdm, WvCdmSessionSharingNoKeyTest,
                         ::testing::Values(&clear_sub_sample,
+                                          &clear_sub_samples[0],
+                                          &clear_sub_samples[1],
                                           &clear_sub_sample_no_key,
                                           &single_encrypted_sub_sample));