Report Insufficient Resources for Crypto

This merges the following changes from the Widevine CDM repository:

bef58bc  Add new error codes
  Adds new error codes to OEMCryptoCENC.h and rearranges it to more
  closely match the documentation.

5fcfbca  Handle OEMCrypto_ERROR_INSUFFICIENT_RESOURCES on Decrypt
  Changes the CDM to support the new errors from the previous change.

d59c09d  Report Insufficient Crypto Resources
  Changes the DrmEngine to support the new errors from the previous
  change.

1085a21  Respond to Too Many Keys or Sessions Errors
  Allows errors around having too many keys or sessions to result in
  a unique error in the CDM.

Bug: 9695816
Change-Id: I826bc655109fa57e4f75de7158d7f392053666b1

libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h

@@ -59,6 +59,8 @@ typedef enum OEMCryptoResult {
     OEMCrypto_ERROR_TOO_MANY_KEYS                = 33,
     OEMCrypto_ERROR_DEVICE_NOT_RSA_PROVISIONED   = 34,
     OEMCrypto_ERROR_INVALID_RSA_KEY              = 35,
+    OEMCrypto_ERROR_KEY_EXPIRED                  = 36,
+    OEMCrypto_ERROR_INSUFFICIENT_RESOURCES       = 37,
 } OEMCryptoResult;
 
 /*
@@ -353,8 +355,9 @@ OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session);
  *   OEMCrypto_SUCCESS success
  *   OEMCrypto_ERROR_NO_DEVICE_KEY
  *   OEMCrypto_ERROR_INVALID_SESSION
- *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *   OEMCrypto_ERROR_INVALID_CONTEXT
+ *   OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
+ *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *
  * Version:
  *   This method changed in API version 8.
@@ -390,10 +393,9 @@ OEMCryptoResult OEMCrypto_GenerateDerivedKeys(
  *
  * Returns:
  *   OEMCrypto_SUCCESS success
- *   OEMCrypto_ERROR_NO_DEVICE_KEY
  *   OEMCrypto_ERROR_INVALID_SESSION
+ *   OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
  *   OEMCrypto_ERROR_UNKNOWN_FAILURE
- *   OEMCrypto_ERROR_INVALID_CONTEXT
  *
  * Version:
  *   This method changed in API version 5.
@@ -431,9 +433,10 @@ OEMCryptoResult OEMCrypto_GenerateNonce(
  *   OEMCrypto_SUCCESS success
  *   OEMCrypto_ERROR_NO_DEVICE_KEY
  *   OEMCrypto_ERROR_INVALID_SESSION
- *   OEMCrypto_ERROR_SHORT_BUFFER
- *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *   OEMCrypto_ERROR_INVALID_CONTEXT
+ *   OEMCrypto_ERROR_SHORT_BUFFER
+ *   OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
+ *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *
  * Version:
  *   This method changed in API version 5.
@@ -506,11 +509,11 @@ OEMCryptoResult OEMCrypto_GenerateSignature(
  *   OEMCrypto_SUCCESS success
  *   OEMCrypto_ERROR_NO_DEVICE_KEY
  *   OEMCrypto_ERROR_INVALID_SESSION
- *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *   OEMCrypto_ERROR_INVALID_CONTEXT
  *   OEMCrypto_ERROR_SIGNATURE_FAILURE
  *   OEMCrypto_ERROR_INVALID_NONCE
  *   OEMCrypto_ERROR_TOO_MANY_KEYS
+ *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *
  * Version:
  *   This method changed in API version 8.
@@ -562,10 +565,11 @@ OEMCryptoResult OEMCrypto_LoadKeys(OEMCrypto_SESSION session,
  *   OEMCrypto_SUCCESS success
  *   OEMCrypto_ERROR_NO_DEVICE_KEY
  *   OEMCrypto_ERROR_INVALID_SESSION
- *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *   OEMCrypto_ERROR_INVALID_CONTEXT
  *   OEMCrypto_ERROR_INVALID_NONCE
  *   OEMCrypto_ERROR_SIGNATURE_FAILURE
+ *   OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
+ *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *
  * Version:
  *   This method changed in API version 8.
@@ -617,12 +621,15 @@ OEMCrypto_RefreshKeys(OEMCrypto_SESSION session,
  *   but not with other functions on this session.
  *
  * Returns:
- *    OEMCrypto_SUCCESS success
- *    OEMCrypto_ERROR_INVALID_SESSION crypto session ID invalid or not open
- *    OEMCrypto_ERROR_NO_DEVICE_KEY failed to decrypt device key
- *    OEMCrypto_ERROR_NO_CONTENT_KEY failed to decrypt content key
- *    OEMCrypto_ERROR_CONTROL_INVALID invalid or unsupported control input
- *    OEMCrypto_ERROR_KEYBOX_INVALID cannot decrypt and read from Keybox
+ *   OEMCrypto_SUCCESS success
+ *   OEMCrypto_ERROR_INVALID_SESSION crypto session ID invalid or not open
+ *   OEMCrypto_ERROR_NO_DEVICE_KEY failed to decrypt device key
+ *   OEMCrypto_ERROR_NO_CONTENT_KEY failed to decrypt content key
+ *   OEMCrypto_ERROR_CONTROL_INVALID invalid or unsupported control input
+ *   OEMCrypto_ERROR_KEYBOX_INVALID cannot decrypt and read from Keybox
+ *   OEMCrypto_ERROR_KEY_EXPIRED
+ *   OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
+ *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *
  * Version:
  *   This method changed in API version 8.
@@ -710,9 +717,11 @@ OEMCryptoResult OEMCrypto_SelectKey(const OEMCrypto_SESSION session,
  *   OEMCrypto_SUCCESS
  *   OEMCrypto_ERROR_NO_DEVICE_KEY
  *   OEMCrypto_ERROR_INVALID_SESSION
- *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *   OEMCrypto_ERROR_INVALID_CONTEXT
  *   OEMCrypto_ERROR_DECRYPT_FAILED
+ *   OEMCrypto_ERROR_KEY_EXPIRED
+ *   OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
+ *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *
  * Version:
  *   This method changed in API version 5.
@@ -726,6 +735,44 @@ OEMCryptoResult OEMCrypto_DecryptCTR(OEMCrypto_SESSION session,
                                      const OEMCrypto_DestBufferDesc* out_buffer,
                                      uint8_t subsample_flags);
 
+/*
+ * OEMCrypto_WrapKeybox
+ *
+ * Description:
+ *   Wrap the Keybox with a key derived from the device key.  If transportKey
+ *   is not NULL, the input keybox is encrypted with transportKey.  If so,
+ *   decrypt the input keybox before wrapping it, using transportKey in AES-CBC
+ *   mode with an IV of all zeroes.  This function is only needed if the
+ *   provisioning method involves saving the keybox to the file system.
+ *
+ * Parameters:
+ *   keybox (in) - Pointer to keybox data.
+ *   keyboxLength - Length of the Keybox data in bytes
+ *   wrappedKeybox (out) - Pointer to wrapped keybox
+ *   wrappedKeyboxLength (out) - Pointer to the length of the wrapped keybox in
+ *                               bytes
+ *   transportKey (in) - An optional AES transport key. If provided, the input
+ *                       keybox is encrypted with this transport key with AES-CBC
+ *                       and a null IV.
+ *   transportKeyLength - number of bytes in the transportKey
+ *
+ * Returns:
+ *   OEMCrypto_SUCCESS success
+ *   OEMCrypto_ERROR_WRAP_KEYBOX failed to wrap Keybox
+ *   OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
+ *   OEMCrypto_ERROR_NOT_IMPLEMENTED
+ *
+ * Version:
+ *   This method is supported by all API versions.
+ */
+OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t *keybox,
+                                     size_t keyBoxLength,
+                                     uint8_t *wrappedKeybox,
+                                     size_t *wrappedKeyBoxLength,
+                                     const uint8_t *transportKey,
+                                     size_t transportKeyLength);
+
+
 /*
  * OEMCrypto_InstallKeybox
  *
@@ -746,6 +793,7 @@ OEMCryptoResult OEMCrypto_DecryptCTR(OEMCrypto_SESSION session,
  *
  * Returns:
  *   OEMCrypto_SUCCESS success
+ *   OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
  *   OEMCrypto_ERROR_WRITE_KEYBOX failed to handle and store Keybox
  *
  * Version:
@@ -865,43 +913,6 @@ OEMCryptoResult OEMCrypto_GetKeyData(uint8_t* keyData,
 OEMCryptoResult OEMCrypto_GetRandom(uint8_t* randomData,
                                     size_t dataLength);
 
-/*
- * OEMCrypto_WrapKeybox
- *
- * Description:
- *   Wrap the Keybox with a key derived for the device key.  If transportKey
- *   is not NULL, the input keybox is encrypted with transportKey.  If so,
- *   decrypt the input keybox before wrapping it, using transportKey in AES-CBC
- *   mode with an IV of all zeroes.  This function is only needed if the
- *   provisioning method involves saving the keybox to the file system.
- *
- * Parameters:
- *   keybox (in) - Pointer to keybox data.
- *   keyboxLength - Length of the Keybox data in bytes
- *   wrappedKeybox (out) - Pointer to wrapped keybox
- *   wrappedKeyboxLength (out) - Pointer to the length of the wrapped keybox in
- *                               bytes
- *   transportKey (in) - An optional AES transport key. If provided, the input
- *                       keybox is encrypted with this transport key with AES-CBC
- *                       and a null IV.
- *   transportKeyLength - number of bytes in the transportKey
- *
- * Returns:
- *   OEMCrypto_SUCCESS success
- *   OEMCrypto_ERROR_WRAP_KEYBOX failed to wrap Keybox
- *   OEMCrypto_ERROR_NOT_IMPLEMENTED
- *
- * Version:
- *   This method is supported by all API versions.
- */
-OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t *keybox,
-                                     size_t keyBoxLength,
-                                     uint8_t *wrappedKeybox,
-                                     size_t *wrappedKeyBoxLength,
-                                     const uint8_t *transportKey,
-                                     size_t transportKeyLength);
-
-
 /*
  * OEMCrypto_RewrapDeviceRSAKey
  *
@@ -940,11 +951,12 @@ OEMCryptoResult OEMCrypto_WrapKeybox(const uint8_t *keybox,
  *   OEMCrypto_SUCCESS success
  *   OEMCrypto_ERROR_NO_DEVICE_KEY
  *   OEMCrypto_ERROR_INVALID_SESSION
- *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *   OEMCrypto_ERROR_INVALID_RSA_KEY
  *   OEMCrypto_ERROR_SIGNATURE_FAILURE
  *   OEMCrypto_ERROR_INVALID_NONCE
  *   OEMCrypto_ERROR_SHORT_BUFFER
+ *   OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
+ *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *
  * Version:
  *   This method changed in API versions 8.
@@ -987,8 +999,9 @@ OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey(OEMCrypto_SESSION session,
  *   OEMCrypto_SUCCESS success
  *   OEMCrypto_ERROR_NO_DEVICE_KEY
  *   OEMCrypto_ERROR_INVALID_SESSION
- *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *   OEMCrypto_ERROR_INVALID_RSA_KEY
+ *   OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
+ *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *
  * Version:
  *   This method changed in API version 6.
@@ -1024,6 +1037,9 @@ OEMCryptoResult OEMCrypto_LoadDeviceRSAKey(OEMCrypto_SESSION session,
  *   OEMCrypto_SUCCESS success
  *   OEMCrypto_ERROR_INVALID_SESSION
  *   OEMCrypto_ERROR_SHORT_BUFFER if the signature buffer is too small.
+ *   OEMCrypto_ERROR_INVALID_RSA_KEY
+ *   OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
+ *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *
  * Version:
  *   This method changed in API version 6.
@@ -1068,8 +1084,9 @@ OEMCryptoResult OEMCrypto_GenerateRSASignature(OEMCrypto_SESSION session,
  *   OEMCrypto_SUCCESS success
  *   OEMCrypto_ERROR_DEVICE_NOT_RSA_PROVISIONED
  *   OEMCrypto_ERROR_INVALID_SESSION
- *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *   OEMCrypto_ERROR_INVALID_CONTEXT
+ *   OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
+ *   OEMCrypto_ERROR_UNKNOWN_FAILURE
  *
  * Version:
  *   This method changed in API version 8.
@@ -1145,8 +1162,10 @@ const char* OEMCrypto_SecurityLevel();
  *
  * Returns:
  * OEMCrypto_SUCCESS success
+ * OEMCrypto_ERROR_KEY_EXPIRED
  * OEMCrypto_ERROR_NO_DEVICE_KEY
  * OEMCrypto_ERROR_INVALID_SESSION
+ * OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
  * OEMCrypto_ERROR_UNKNOWN_FAILURE
  *
  * Threading:
@@ -1190,8 +1209,10 @@ OEMCryptoResult OEMCrypto_Generic_Encrypt(OEMCrypto_SESSION session,
  *
  * Returns:
  * OEMCrypto_SUCCESS success
+ * OEMCrypto_ERROR_KEY_EXPIRED
  * OEMCrypto_ERROR_NO_DEVICE_KEY
  * OEMCrypto_ERROR_INVALID_SESSION
+ * OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
  * OEMCrypto_ERROR_UNKNOWN_FAILURE
  *
  * Threading:
@@ -1232,10 +1253,14 @@ OEMCryptoResult OEMCrypto_Generic_Decrypt(OEMCrypto_SESSION session,
  * Returns
  * OEMCrypto_SUCCESS success
  * OEMCrypto_ERROR_SHORT_BUFFER if signature buffer is not large enough to hold
- * buffer.
+ *                              signature.
+ * OEMCrypto_ERROR_KEY_EXPIRED
+ * OEMCrypto_ERROR_DECRYPT_FAILED
  * OEMCrypto_ERROR_NO_DEVICE_KEY
  * OEMCrypto_ERROR_INVALID_SESSION
+ * OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
  * OEMCrypto_ERROR_UNKNOWN_FAILURE
+ *
  * Threading
  * This function may be called simultaneously with functions on other sessions,
  * but not with other functions on this session.
@@ -1275,9 +1300,11 @@ OEMCryptoResult OEMCrypto_Generic_Sign(OEMCrypto_SESSION session,
  *
  * Returns:
  * OEMCrypto_SUCCESS success
+ * OEMCrypto_ERROR_KEY_EXPIRED
  * OEMCrypto_ERROR_SIGNATURE_FAILURE
  * OEMCrypto_ERROR_NO_DEVICE_KEY
  * OEMCrypto_ERROR_INVALID_SESSION
+ * OEMCrypto_ERROR_INSUFFICIENT_RESOURCES
  * OEMCrypto_ERROR_UNKNOWN_FAILURE
  *
  * Threading: