From 4228e2327e7ed55d3d934fd3fab0b814ceeb4e3d Mon Sep 17 00:00:00 2001
From: Rahul Frias <rfrias@google.com>
Date: Thu, 8 Jun 2017 23:46:04 -0700
Subject: [PATCH] Recreate usage tables on error

[ Merge of http://go/wvgerrit/28265 ]

A vendor specific error (10008) in response to OEMCrypto_LoadKeys
indicates that usage table corruption has occurred and that
the only way to recover is to regenerate usage tables.
Recreating usage tables will result in loss of offline licenses
and usage information. To make the app aware that this information
will be lost, a provisioning exception is generated when this error
is detected. The app can then choose to reprovision and in turn
delete and recreate usage tables.

A new OEMCrypto error has been added whose use has been reserved.
Rather than correct OEMCrypto behaviour to use the new error code,
we choose to handle this within the CDM. The fix can then be ported
to prior android releases. Also this error will not be generated
with OEMCrypto V13+.

b/33817629

Test: WV Unit, integration and GTS tests.
Change-Id: I936fc234d101b6a92d86f5735d035d19ddcf19e3
---
 .../cdm/core/src/crypto_session.cpp           |  4 ++++
 .../core/src/oemcrypto_adapter_dynamic.cpp    | 20 ++++++++++++++-----
 .../oemcrypto/include/OEMCryptoCENC.h         |  1 +
 3 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp
index 426c3399..8cd99493 100644
--- a/libwvdrmengine/cdm/core/src/crypto_session.cpp
+++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp
@@ -710,6 +710,10 @@ CdmResponseType CryptoSession::LoadKeys(
   } else if (OEMCrypto_ERROR_TOO_MANY_KEYS == sts) {
     LOGE("CryptoSession::LoadKeys: OEMCrypto_LoadKeys error=%d", sts);
     result = INSUFFICIENT_CRYPTO_RESOURCES;
+  } else if (OEMCrypto_ERROR_USAGE_TABLE_UNRECOVERABLE == sts) {
+    // Handle vendor specific error
+    LOGE("CryptoSession::LoadKeys: OEMCrypto_LoadKeys error=%d", sts);
+    result = NEED_PROVISIONING;
   } else {
     LOGE("CryptoSession::LoadKeys: OEMCrypto_LoadKeys error=%d", sts);
     result = LOAD_KEY_ERROR;
diff --git a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
index 50d12393..5cc3027e 100644
--- a/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
+++ b/libwvdrmengine/cdm/core/src/oemcrypto_adapter_dynamic.cpp
@@ -41,6 +41,8 @@ using wvcdm::kLevel3;
 namespace {
 
 static const size_t kMaxGenericEncryptChunkSize = 100*1024;
+OEMCryptoResult kOemCryptoResultVendorSpecificError1 =
+    static_cast<OEMCryptoResult>(10008);
 
 typedef struct {
     const uint8_t* key_id;
@@ -1156,18 +1158,26 @@ extern "C" OEMCryptoResult OEMCrypto_LoadKeys(
     } else {
       if (pair.fcn->LoadKeys_V9_or_V10 == NULL)
         return OEMCrypto_ERROR_NOT_IMPLEMENTED;
-      return pair.fcn->LoadKeys_V9_or_V10(pair.session, message, message_length,
-                                          signature, signature_length,
-                                          enc_mac_key_iv, enc_mac_key, num_keys,
-                                          &key_array_v10[0], pst, pst_length);
+      OEMCryptoResult result = pair.fcn->LoadKeys_V9_or_V10(
+          pair.session, message, message_length, signature, signature_length,
+          enc_mac_key_iv, enc_mac_key, num_keys, &key_array_v10[0], pst,
+          pst_length);
+      // Convert a vendor specific error, to make it actionable
+      if (result == kOemCryptoResultVendorSpecificError1)
+        result = OEMCrypto_ERROR_USAGE_TABLE_UNRECOVERABLE;
+      return result;
     }
   } else {
     if (pair.fcn->version < 13) {
       if (pair.fcn->LoadKeys_V11_or_V12 == NULL)
         return OEMCrypto_ERROR_NOT_IMPLEMENTED;
-      return pair.fcn->LoadKeys_V11_or_V12(
+      OEMCryptoResult result = pair.fcn->LoadKeys_V11_or_V12(
           pair.session, message, message_length, signature, signature_length,
           enc_mac_key_iv, enc_mac_key, num_keys, key_array, pst, pst_length);
+      // Convert a vendor specific error, to make it actionable
+      if (result == kOemCryptoResultVendorSpecificError1)
+        result = OEMCrypto_ERROR_USAGE_TABLE_UNRECOVERABLE;
+      return result;
     } else {
       if (pair.fcn->LoadKeys == NULL) return OEMCrypto_ERROR_NOT_IMPLEMENTED;
       return pair.fcn->LoadKeys(pair.session, message, message_length,
diff --git a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
index 79fc2e0d..8fca7c9b 100644
--- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
+++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h
@@ -78,6 +78,7 @@ typedef enum OEMCryptoResult {
   OEMCrypto_ERROR_LICENSE_INACTIVE             = 47,
   OEMCrypto_ERROR_ENTRY_NEEDS_UPDATE           = 48,
   OEMCrypto_ERROR_ENTRY_IN_USE                 = 49,
+  OEMCrypto_ERROR_USAGE_TABLE_UNRECOVERABLE    = 50,  // Reserved. Do not use.
 } OEMCryptoResult;
 
 /*