widevine-partner/ce_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Source release 16.2.0

Browse Source
This commit is contained in:
John W. Bruce
2020-04-10 16:13:07 -07:00
parent 1ff9f8588a
commit b830b1d1fb
883 changed files with 509706 additions and 143739 deletions
Download Patch File Download Diff File Expand all files Collapse all files

285
cdm/include/cdm.h
View File

@@ -14,17 +14,17 @@
// Define CDM_EXPORT to export functionality across shared library boundaries.
#if defined(_WIN32)
# if defined(CDM_IMPLEMENTATION)
# define CDM_EXPORT __declspec(dllexport)
# else
# define CDM_EXPORT __declspec(dllimport)
# endif // defined(CDM_IMPLEMENTATION)
#else // defined(_WIN32)
# if defined(CDM_IMPLEMENTATION)
# define CDM_EXPORT __attribute__((visibility("default")))
# else
# define CDM_EXPORT
# endif
# if defined(CDM_IMPLEMENTATION)
# define CDM_EXPORT __declspec(dllexport)
# else
# define CDM_EXPORT __declspec(dllimport)
# endif // defined(CDM_IMPLEMENTATION)
#else // defined(_WIN32)
# if defined(CDM_IMPLEMENTATION)
# define CDM_EXPORT __attribute__((visibility("default")))
# else
# define CDM_EXPORT
# endif
#endif // defined(_WIN32)
namespace widevine {
@@ -80,17 +80,17 @@ class CDM_EXPORT Cdm : public ITimerClient {
// "recoverable" in that there are specific known remedies that the client
// may take in response to them. See the Integration Guide for further
// information.
kNeedsDeviceCertificate = 101,
kNeedsDeviceCertificate = 101, // Recoverable
kSessionNotFound = 102,
kDecryptError = 103,
kNoKey = 104,
kKeyUsageBlockedByPolicy = 105,
kRangeError = 106,
kResourceContention = 107, // Recoverable
kSessionStateLost = 108, // Recoverable
kSystemStateLost = 109, // Recoverable
kOutputTooLarge = 110, // Recoverable
kNeedsServiceCertificate = 111,
kResourceContention = 107, // Recoverable
kSessionStateLost = 108, // Recoverable
kSystemStateLost = 109, // Recoverable
kOutputTooLarge = 110, // Recoverable
kNeedsServiceCertificate = 111, // Recoverable
// This covers errors that we do not expect (see logs for details):
kUnexpectedError = 99999,
@@ -109,8 +109,8 @@ class CDM_EXPORT Cdm : public ITimerClient {
// These are the crypto schemes supported by CENC 3.0.
typedef enum {
kClear = 0,
kAesCtr = 1, // AES-CTR, for use with cenc and cens modes
kAesCbc = 2, // AES-CBC, for use with cbc1 and cbcs modes
kAesCtr = 1, // AES-CTR, for use with the "cenc" schema
kAesCbc = 2, // AES-CBC, for use with the "cbcs" schema
} EncryptionScheme;
// These are key statuses defined by EME.
@@ -218,10 +218,6 @@ class CDM_EXPORT Cdm : public ITimerClient {
// A remove() operation has been completed.
virtual void onRemoveComplete(const std::string& session_id) = 0;
// Called when a deferred action has completed.
virtual void onDeferredComplete(const std::string& session_id,
Status result) = 0;
protected:
IEventListener() {}
virtual ~IEventListener() {}
@@ -410,6 +406,8 @@ class CDM_EXPORT Cdm : public ITimerClient {
// of the service it wishes to communicate with, either because it is baked
// into the software or because it was previously cached after a call to
// Cdm::parseAndLoadServiceCertificateResponse().
// If this method returns |Status::kSuccess|, the service certificate was
// installed successfully.
// The certificate is installed only for the service given by |role|. If the
// role |ServiceRole::kAllServices| is given, it is installed for all
// services.
@@ -422,17 +420,21 @@ class CDM_EXPORT Cdm : public ITimerClient {
// a service certificate for the license server already.
virtual Status getServiceCertificateRequest(std::string* message) = 0;
// Parse a Service Certificate Response message, installing and extracting the
// certificate.
// Parse a Service Certificate Response message, extracting the certificate
// from the message and installing it into the CDM.
// This is used when fetching a service certificate from the license server.
// A request should be generated by getServiceCertificateRequest() and sent
// to the license server. The server's response should be passed into this
// method,
// The service certificate is installed if no error is returned. The returned
// certificate string may be used in future sessions as the input to
// setServiceCertificate(), to avoid needing to make a call to the license
// server to get the certificate. The |certificate| argument may be NULL.
// The certificate is installed only for the service given by |role|. If the
// to the license server. The server's response should be passed into this
// method.
// If this method returns |Status::kSuccess|, the service certificate was
// installed successfully.
// If a pointer to a string is passed in the |certificate| parameter, this
// method will fill it with the extracted certificate. This certificate
// string may be used with future CDM instances as the input to
// setServiceCertificate(). This avoids needing to make a call to the license
// server to get the certificate. The |certificate| argument may be NULL if
// you do not want to take advantage of this.
// The certificate is installed only for the service given by |role|. If the
// role |ServiceRole::kAllServices| is given, it is installed for all
// services.
virtual Status parseAndLoadServiceCertificateResponse(
@@ -579,14 +581,6 @@ class CDM_EXPORT Cdm : public ITimerClient {
// should require a release request, as is done by the remove() method.
virtual Status forceRemove(const std::string& session_id) = 0;
// Wipe the device's usage table.
// This calls on OEMCrypto to delete its usage records.
// This method deletes *all* of the usage records on the device. Generally,
// you do not want to call this method. You probably want to call
// deleteUsageRecord() or deleteAllUsageRecords(), which only operate on the
// current origin.
virtual Status removeUsageTable() = 0;
// Describes a repeating pattern as defined by the CENC 3.0 standard. A
// CENC 3.0 pattern consists of a number of encrypted blocks followed by a
// number of clear blocks, after which it repeats.
@@ -606,108 +600,169 @@ class CDM_EXPORT Cdm : public ITimerClient {
uint32_t clear_blocks;
};
struct Subsample {
public:
Subsample() : clear_bytes(0), protected_bytes(0) {}
// The number of bytes of data that are not protected and therefore should
// be copied unchanged when doing decryption. The clear bytes come before
// the protected bytes in the subsample.
uint32_t clear_bytes;
// The number of bytes of data that are protected and therefore should be
// considered for decryption. Depending on the pattern, these bytes may all
// be decrypted or only some of them may be. The protected bytes come after
// the clear bytes in the subsample.
uint32_t protected_bytes;
};
struct InputBuffer {
public:
InputBuffer()
: key_id(nullptr),
key_id_length(0),
iv(nullptr),
: iv(nullptr),
iv_length(0),
pattern(),
data(nullptr),
data_length(0),
block_offset(0),
encryption_scheme(kAesCtr),
is_video(true),
first_subsample(true),
last_subsample(true) {}
subsamples(nullptr),
subsamples_length(0) {}
const uint8_t* key_id;
uint32_t key_id_length;
// The IV is expected to be 16 bytes.
// These fields are treated as an array of bytes, with the |iv| pointer
// pointing to the first byte and containing |iv_length| number of bytes.
// These should be the bytes of the initial IV that should be used to
// decrypt this sample.
//
// |iv_length| must be 16 if the sample contains any protected data. If the
// content contains an 8-byte IV, it is the responsibility of the caller to
// expand it to 16 bytes following the method in the ISO-CENC standard.
const uint8_t* iv;
uint32_t iv_length;
// Describes the repeating pattern with which the content was encrypted. If
// left at its default value of (0,0), patterns will be disabled. Should
// only be changed for content that uses patterns, such as for CENC 3.0
// "cens" and "cbcs" content or for HLS content.
Pattern pattern;
// This pointer and length describe the data to be decrypted. This data
// should be ready to be decrypted with no further processing. If the data
// is coming from a format that requires processing before decryption, that
// processing needs to happen before the data is passed in here. For
// example, content coming from HLS will need to have its extra start code
// emulation prevention removed before it is passed to Widevine.
// These fields are treated as an array of bytes, with the |data| pointer
// pointing to the first byte and containing |data_length| number of bytes.
// This data should be ready to be decrypted with no further processing. If
// the data is coming from a format that requires processing before
// decryption, that processing needs to happen before the data is passed in
// here. For example, content coming from HLS will need to have its extra
// start code emulation prevention removed before it is passed to the
// Widevine CE CDM.
const uint8_t* data;
uint32_t data_length;
// |data|'s offset within its 16-byte AES block. Only used for encrypted
// subsamples from content using CENC standards before 3.0 or the
// equivalent mode in CENC 3.0, "cenc" mode. Should always be 0 in CENC 3.0
// modes "cens," "cbc1," and "cbcs," as well as for HLS content. When used,
// it should start at 0 for each sample, then go up by |data_length| (mod
// 16) after the |is_encrypted| part of each subsample.
uint32_t block_offset;
// Specifies the encryption scheme, if any, to be used to decrypt the data.
// When set to kClear, decryption will copy the input data directly to the
// output buffer. This is necessary for secure output types, where the
// output buffer cannot be directly accessed above the CDM.
EncryptionScheme encryption_scheme;
// Used by secure output type kDirectRender, where the secure hardware must
// decode and render the decrypted content:
bool is_video;
bool first_subsample;
bool last_subsample;
// These fields are treated as an array of Subsample structs, with the
// |subsamples| pointer pointing to the first Subsample and containing
// |samples_length| number of entries. These structs describe all the
// ISO-CENC subsamples that make up the sample.
//
// The sum of all the |clear_bytes| and |protected_bytes| in all the
// subsamples must equal the |data_length| field.
const Subsample* subsamples;
uint32_t subsamples_length;
};
struct OutputBuffer {
OutputBuffer()
: data(nullptr), data_length(0), data_offset(0), is_secure(false) {}
OutputBuffer() : data(nullptr), data_offset(0), data_length(0) {}
// The type of value stored in this pointer depends on the secure output
// type passed to Cdm::initialize() and the |is_secure| field of the
// DecryptionBatch.
//
// If |is_secure| is false or the secure output type is kNoSecureOutput,
// this is a memory address in main memory.
// If |is_secure| is true and the secure output type is kOpaqueHandle,
// this is an opaque handle.
// If |is_secure| is true and the secure output type is kDirectRender,
// this is ignored.
// See also SecureOutputType argument to initialize().
uint8_t* data;
//
// See also the SecureOutputType argument to initialize().
void* data;
// The maximum amount of data that can be decrypted to the buffer in this
// call, starting from |data|.
// Must be at least as large as the input buffer's |data_length|.
// This size accounts for the bytes that will be skipped by |data_offset|.
uint32_t data_length;
// An offset applied to the output address.
// Useful when |data| is an opaque handle rather than an address.
// An offset applied to the output address inside OEMCrypto.
// Useful when |data| is an opaque handle rather than a memory address.
uint32_t data_offset;
// False for clear buffers, true otherwise.
// Must be false if the secure output type is kNoSecureOutput.
// See also SecureOutputType argument to initialize().
bool is_secure;
// The maximum amount of data that can be decrypted to the |data| buffer.
// Must be at least as large as the input buffer's |data_length| plus the
// bytes that will be skipped by |data_offset|.
uint32_t data_length;
};
// Decrypt the input as described by |input| and pass the output as described
// in |output|. The |key_id| field of |input| must refer to a key that is
// already loaded in some session.
virtual Status decrypt(const InputBuffer& input,
const OutputBuffer& output) = 0;
struct Sample {
public:
Sample() : input(), output() {}
// Decrypt the input as described by |input| and pass the output as described
// in |output|. Decryption will be attempted in the session identified by
// |session_id|, regardless of whether the |key_id| field of |input| refers to
// a key loaded in that session. This overload may be useful on platforms that
// need to play clear content through the secure path before a key is loaded.
// These structs describe the protected input data of the sample and the
// output buffer that decrypted data should be written to.
InputBuffer input;
OutputBuffer output;
};
struct DecryptionBatch {
public:
DecryptionBatch()
: samples(nullptr),
samples_length(0),
key_id(nullptr),
key_id_length(0),
pattern(),
is_secure(false),
encryption_scheme(kClear),
is_video(true) {}
// These fields are treated as an array of Sample structs, with the
// |samples| pointer pointing to the first Sample and containing
// |samples_length| number of entries. These structs describe all the data
// that is going to be decrypted. You can pass as many samples to the CDM as
// you want, but be aware that passing more samples than your OEMCrypto
// implementation can handle in one decrypt call is inefficient, as the CDM
// will have to do work to break the data up into smaller pieces.
const Sample* samples;
uint32_t samples_length;
// These fields are treated as an array of bytes, with the |key_id| pointer
// pointing to the first byte and containing |key_id_length| number of
// bytes. These should be the bytes of the Key ID of the key that should be
// used to decrypt the |samples|.
const uint8_t* key_id;
uint32_t key_id_length;
// Describes the repeating pattern with which the content was encrypted. If
// left at its default value of (0,0), patterns will be disabled. Should
// only be changed for content that uses patterns, such as for CENC 3.0
// "cbcs" content or for HLS content.
Pattern pattern;
// Indicates whether the OutputBuffers in the Samples are secure outputs or
// not. False for clear buffers, true otherwise.
// Must be false if the secure output type is kNoSecureOutput.
// See also the SecureOutputType argument to initialize().
bool is_secure;
// Specifies the encryption scheme, if any, to be used to decrypt the data.
// When set to kClear, decryption will copy the input data directly to the
// output buffer. This is necessary for secure output types, where the
// output buffer cannot be directly accessed above the CDM.
EncryptionScheme encryption_scheme;
// Used by secure output type kDirectRender, where the secure hardware must
// decode and render the decrypted content:
bool is_video;
};
// Decrypt the samples contained in the DecryptionBatch |batch| from their
// InputBuffer to their OutputBuffer. The |key_id| field of |batch|
// must refer to a key that is already loaded in some session.
virtual Status decrypt(const DecryptionBatch& batch) = 0;
// Decrypt the samples contained in the DecryptionBatch |batch| from their
// InputBuffer to their OutputBuffer. Decryption will be attempted in the
// session identified by |session_id|, regardless of whether the |key_id|
// field of |batch| refers to a key loaded in that session. If |key_id| refers
// to a key that is not loaded in the given session, decryption will fail.
//
// This overload is used when platforms need to play clear content through the
// secure path before a key is loaded.
virtual Status decrypt(const std::string& session_id,
const InputBuffer& input,
const OutputBuffer& output) = 0;
const DecryptionBatch& batch) = 0;
// Sets a value in the custom app settings. These are settings
// that are sent with any message to the license server. These methods
@@ -785,6 +840,12 @@ class CDM_EXPORT Cdm : public ITimerClient {
virtual Status setVideoResolution(const std::string& session_id,
uint32_t width, uint32_t height) = 0;
// Retrieve the metrics gathered by this CDM instance.
// The Widevine CE CDM gathers metrics about the time taken to perform various
// computations, as well as their error codes. This method allows platforms
// and apps to gather these metrics to send them back to Google for analysis.
virtual Status getMetrics(std::string* serialized_metrics) = 0;
protected:
Cdm() {}
};