widevine-partner/ce_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Source release v3.1.0

Browse Source
This commit is contained in:
Gene Morgan
2016-07-19 18:43:15 -07:00
parent 7a7f78d654
commit 643b91b616
108 changed files with 16537 additions and 7174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

207
cdm/include/cdm.h
View File

@@ -1,6 +1,6 @@
// Copyright 2015 Google Inc. All Rights Reserved.
// Based on the EME draft spec from 2015 November 20.
// https://rawgit.com/w3c/encrypted-media/1dab9e5/index.html
// Based on the EME draft spec from 2016 June 10.
// http://www.w3.org/TR/2016/WD-encrypted-media-20160610/"
#ifndef WVCDM_CDM_CDM_H_
#define WVCDM_CDM_CDM_H_
@@ -58,7 +58,8 @@ class CDM_EXPORT Cdm : public ITimerClient {
kLicenseRequest = 0,
kLicenseRenewal = 1,
kLicenseRelease = 2,
kIndividualizationRequest = 3,
kIndividualizationRequest = 3, // Not used. Direct Individualization
// is used instead of App-Assisted
} MessageType;
typedef enum {
@@ -77,6 +78,10 @@ class CDM_EXPORT Cdm : public ITimerClient {
kQuotaExceeded = 8,
kRangeError = 9,
// The action could not be completed yet but has been scheduled to be done
// later. A call to |event_listener.onDeferredComplete| will be made once
// the action is complete.
kDeferred = 99998,
// This covers errors that we do not expect (see logs for details):
kUnexpectedError = 99999,
} Status;
@@ -86,8 +91,18 @@ class CDM_EXPORT Cdm : public ITimerClient {
kCenc = 0,
kKeyIds = 1, // NOTE: not supported by Widevine at this time
kWebM = 2,
// This type is not defined by EME but is supported by Widevine
kHls = 10000,
} InitDataType;
// These are the crypto schemes supported by CENC 3.0.
typedef enum {
kClear = 0,
kAesCtr = 1, // AES-CTR, for use with cenc and cens modes
kAesCbc = 2, // AES-CBC, for use with cbc1 and cbcs modes
} EncryptionScheme;
// These are key statuses defined by EME.
typedef enum {
kUsable = 0,
@@ -99,6 +114,19 @@ class CDM_EXPORT Cdm : public ITimerClient {
kReleased = 5,
} KeyStatus;
// Permissible usages for a key. Returned as a set of flags; multiple
// flags may be set. The specific settings are defined in the license
// and the OEMCrypto Key Control Block. The CDM uses settings in the
// license to derive these flags.
typedef uint32_t KeyAllowedUsageFlags;
static const KeyAllowedUsageFlags kAllowNone = 0;
static const KeyAllowedUsageFlags kAllowDecryptToClearBuffer = 1;
static const KeyAllowedUsageFlags kAllowDecryptToSecureBuffer = 2;
static const KeyAllowedUsageFlags kAllowGenericEncrypt = 4;
static const KeyAllowedUsageFlags kAllowGenericDecrypt = 8;
static const KeyAllowedUsageFlags kAllowGenericSign = 16;
static const KeyAllowedUsageFlags kAllowGenericSignatureVerify = 32;
// These are defined by Widevine. The CDM can be configured to decrypt in
// three modes (dependent on OEMCrypto support).
typedef enum {
@@ -137,20 +165,6 @@ class CDM_EXPORT Cdm : public ITimerClient {
// See Cdm::createSession().
class IEventListener {
public:
// A URL to be added to a renewal request message.
// This call will immediately precede the onMessage() call.
// Do not override this call if the URL is not needed.
//
// WARNING: this call exists temporarily to allow interoperation with
// older versions of Chromium and the prefixed EME API. This call will
// be removed in a future release. Therefore: (1) Do not use this call
// unless you are certain that it is needed on your platform for your
// application, and (2) If it is needed, figure how move to a new version
// of Chromium and the unprefixed EME API as soon as possible.
// TODO: Remove this call (see b/24776024).
virtual void onMessageUrl(const std::string& session_id,
const std::string& server_url) {}
// A message (license request, renewal, etc.) to be dispatched to the
// application's license server.
// The response, if successful, should be provided back to the CDM via a
@@ -165,14 +179,30 @@ class CDM_EXPORT Cdm : public ITimerClient {
// A remove() operation has been completed.
virtual void onRemoveComplete(const std::string& session_id) = 0;
// Called when a deferred action has completed.
virtual void onDeferredComplete(const std::string& session_id,
Status result) = 0;
// Called when the CDM requires a new device certificate
virtual void onDirectIndividualizationRequest(
const std::string& session_id, const std::string& request) = 0;
protected:
IEventListener() {}
virtual ~IEventListener() {}
};
// A storage interface provided by the application, independent of CDM
// instances.
// See Cdm::initialize().
// A storage interface provided by the application. This defines the "origin"
// that the CDM will operate in by the files it can access. Passing different
// IStorage instances to Cdm::create will cause those CDM instances to be in
// different "origins" as defined by the IStorage instance. For example,
// different IStorage instances could be tied to different folders for
// different origins.
//
// It is important for multi-origin hosts to verify the application's origin.
// This ensures that the application does not access files from another
// origin.
//
// NOTE: It is important for users of your application to be able to clear
// stored data. Also, browsers or other multi-application systems should
// store data separately per-app or per-origin.
@@ -258,35 +288,8 @@ class CDM_EXPORT Cdm : public ITimerClient {
std::string build_info;
};
// Device certificate request information.
// The structure is passed by the application to the library in as an output
// parameter to Cdm::initialize().
// All fields are filled in by the library to instruct the application to
// handle device certificate requests, if needed.
struct DeviceCertificateRequest {
// If false, the library is ready to create and/or load sessions.
// If true, a device certificate is needed first.
// Sessions cannot be created or loaded until the device certificate has
// been provisioned.
bool needed;
// If |needed| is true, this string contains the URL that must be used to
// provision a device certificate. The request must be a POST.
std::string url;
// If |needed| is true, the response from the above-described HTTP POST
// must be provided as an argument to this method.
// Returns kSuccess if the provisioning was successful.
// Any other return value means the provisioning failed and the CDM cannot
// be used yet.
Status acceptReply(const std::string& reply);
};
// Initialize the CDM library and provide access to platform services.
// All platform interfaces are required.
// The |device_certificate_request| parameter will be filled in by
// initialize().
// See documentation for DeviceCertificateRequest for more information.
// Logging is controlled by |verbosity|.
// Must be called and must return kSuccess before create() is called.
static Status initialize(
@@ -295,7 +298,6 @@ class CDM_EXPORT Cdm : public ITimerClient {
IStorage* storage,
IClock* clock,
ITimer* timer,
DeviceCertificateRequest* device_certificate_request,
LogLevel verbosity);
// Query the CDM library version.
@@ -306,6 +308,9 @@ class CDM_EXPORT Cdm : public ITimerClient {
// instance may be constructed.
// The CDM may notify of events at any time via the provided |listener|,
// which may not be NULL.
// |storage| defines the storage to use for this instance. This can be used
// to provide per-origin storage. Passing NULL will use the storage passed
// to initialize().
// If |privacy_mode| is true, server certificates are required and will be
// used to encrypt messages to the license server.
// By using server certificates to encrypt communication with the license
@@ -315,6 +320,7 @@ class CDM_EXPORT Cdm : public ITimerClient {
// This is particularly useful for browser environments, but is recommended
// for use whenever possible.
static Cdm* create(IEventListener* listener,
IStorage* storage,
bool privacy_mode);
virtual ~Cdm() {}
@@ -360,6 +366,18 @@ class CDM_EXPORT Cdm : public ITimerClient {
virtual Status getKeyStatuses(const std::string& session_id,
KeyStatusMap* key_statuses) = 0;
// Gets the permitted usage for a specific key by ID.
virtual Status getKeyAllowedUsages(const std::string& session_id,
const std::string& key_id,
KeyAllowedUsageFlags* usage_flags) = 0;
// Gets the permitted usage for a specific key by ID.
// Search for key across all known sessions. If there are keys in separate
// sessions that match the given key_id, return kTypeError unless all such
// keys have identical Allowed Usage settings.
virtual Status getKeyAllowedUsages(const std::string& key_id,
KeyAllowedUsageFlags* usage_flags) = 0;
// Indicates that the application no longer needs the session and the CDM
// should release any resources associated with it and close it.
// Does not generate release messages for persistent sessions.
@@ -373,6 +391,28 @@ class CDM_EXPORT Cdm : public ITimerClient {
// session is fully removed.
virtual Status remove(const std::string& session_id) = 0;
// Describes a repeating pattern as defined by the CENC 3.0 standard. A
// CENC 3.0 pattern consists of a number of encrypted blocks followed by a
// number of clear blocks, after which it repeats.
struct Pattern {
public:
Pattern()
: encrypted_blocks(0),
clear_blocks(0) {}
Pattern(uint32_t encrypt, uint32_t clear)
: encrypted_blocks(encrypt),
clear_blocks(clear) {}
// The number of crypto blocks that are encrypted and therefore need to be
// decrypted.
uint32_t encrypted_blocks;
// The number of crypto blocks that are not encrypted and therefore should
// be skipped when doing decryption.
uint32_t clear_blocks;
};
struct InputBuffer {
public:
InputBuffer()
@@ -380,10 +420,11 @@ class CDM_EXPORT Cdm : public ITimerClient {
key_id_length(0),
iv(NULL),
iv_length(0),
pattern(),
data(NULL),
data_length(0),
block_offset(0),
is_encrypted(true),
encryption_scheme(kAesCtr),
is_video(true),
first_subsample(true),
last_subsample(true) {}
@@ -395,18 +436,34 @@ class CDM_EXPORT Cdm : public ITimerClient {
const uint8_t* iv;
uint32_t iv_length;
// Describes the repeating pattern with which the content was encrypted. If
// left at its default value of (0,0), patterns will be disabled. Should
// only be changed for content that uses patterns, such as for CENC 3.0
// "cens" and "cbcs" content or for HLS content.
Pattern pattern;
// This pointer and length describe the data to be decrypted. This data
// should be ready to be decrypted with no further processing. If the data
// is coming from a format that requires processing before decryption, that
// processing needs to happen before the data is passed in here. For
// example, content coming from HLS will need to have its extra start code
// emulation prevention removed before it is passed to Widevine.
const uint8_t* data;
uint32_t data_length;
// |data|'s offset within its 16-byte AES block, used for CENC subsamples.
// Should start at 0 for each sample, then go up by |data_length| (mod 16)
// after the |is_encrypted| part of each subsample.
// |data|'s offset within its 16-byte AES block. Only used for encrypted
// subsamples from content using CENC standards before 3.0 or the
// equivalent mode in CENC 3.0, "cenc" mode. Should always be 0 in CENC 3.0
// modes "cens," "cbc1," and "cbcs," as well as for HLS content. When used,
// it should start at 0 for each sample, then go up by |data_length| (mod
// 16) after the |is_encrypted| part of each subsample.
uint32_t block_offset;
// If false, copies the input data directly to the output buffer. Used for
// secure output types, where the output buffer cannot be directly accessed
// above the CDM.
bool is_encrypted;
// Specifies the encryption scheme, if any, to be used to decrypt the data.
// When set to kClear, decryption will copy the input data directly to the
// output buffer. This is necessary for secure output types, where the
// output buffer cannot be directly accessed above the CDM.
EncryptionScheme encryption_scheme;
// Used by secure output type kDirectRender, where the secure hardware must
// decode and render the decrypted content:
@@ -473,6 +530,44 @@ class CDM_EXPORT Cdm : public ITimerClient {
// Clears all the values in the custom app settings. See setAppParameter().
virtual Status clearAppParameters() = 0;
// Generic crypto - functions for applying crypto operations to
// app-level data (outside the content stream).
typedef enum {
kEncryptionAlgorithmUnknown,
kEncryptionAlgorithmAesCbc128,
} GenericEncryptionAlgorithmType;
typedef enum {
kSigningAlgorithmUnknown,
kSigningAlgorithmHmacSha256
} GenericSigningAlgorithmType;
// Encrypts a buffer of app-level data.
virtual Status genericEncrypt(
const std::string& session_id, const std::string& in_buffer,
const std::string& key_id, const std::string& iv,
GenericEncryptionAlgorithmType algorithm, std::string* out_buffer) = 0;
// Decrypts a buffer of app-level data.
virtual Status genericDecrypt(
const std::string& session_id, const std::string& in_buffer,
const std::string& key_id, const std::string& iv,
GenericEncryptionAlgorithmType algorithm, std::string* out_buffer) = 0;
// Signs a buffer of app-level data.
virtual Status genericSign(
const std::string& session_id, const std::string& message,
const std::string& key_id, GenericSigningAlgorithmType algorithm,
std::string* signature) = 0;
// Verifies the signature on a buffer of app-level data.
// Returns kSuccess if signature is verified, otherwise returns kDecryptError.
virtual Status genericVerify(
const std::string& session_id, const std::string& message,
const std::string& key_id, GenericSigningAlgorithmType algorithm,
const std::string& signature) = 0;
protected:
Cdm() {}
};

2
cdm/include/cdm_version.h
View File

@@ -1,2 +1,2 @@
// Widevine CE CDM Version
#define CDM_VERSION "v3.0.5-0-g897db53-ce"
#define CDM_VERSION "v3.1.0-0-g63dfeca-ce"