Add custom key fetcher callback to Simulcrypt ECMG

common/certificate_type.h

@@ -1,9 +1,15 @@
-// Copyright 2017 Google LLC. All rights reserved.
+////////////////////////////////////////////////////////////////////////////////
+// Copyright 2017 Google LLC.
+//
+// This software is licensed under the terms defined in the Widevine Master
+// License Agreement. For a copy of this agreement, please contact
+// widevine-licensing@google.com.
+////////////////////////////////////////////////////////////////////////////////
 
-#ifndef VIDEO_WIDEVINE_EXPORT_COMMON_CERTIFICATE_TYPE_H_
-#define VIDEO_WIDEVINE_EXPORT_COMMON_CERTIFICATE_TYPE_H_
+#ifndef COMMON_CERTIFICATE_TYPE_H_
+#define COMMON_CERTIFICATE_TYPE_H_
 
-namespace video_widevine {
+namespace widevine {
 
 enum CertificateType {
   kCertificateTypeTesting,
@@ -11,6 +17,6 @@ enum CertificateType {
   kCertificateTypeProduction,
 };
 
-}  // namespace video_widevine
+}  // namespace widevine
 
-#endif  // VIDEO_WIDEVINE_EXPORT_COMMON_CERTIFICATE_TYPE_H_
+#endif  // COMMON_CERTIFICATE_TYPE_H_

common/default_device_security_profile_list.h

@@ -1,14 +1,20 @@
-// Copyright 2020 Google LLC. All rights reserved.
+////////////////////////////////////////////////////////////////////////////////
+// Copyright 2020 Google LLC.
+//
+// This software is licensed under the terms defined in the Widevine Master
+// License Agreement. For a copy of this agreement, please contact
+// widevine-licensing@google.com.
+////////////////////////////////////////////////////////////////////////////////
 //
 // Description:
 //   Container of Widevine default security profiless.
 
-#ifndef VIDEO_WIDEVINE_EXPORT_COMMON_DEFAULT_DEVICE_SECURITY_PROFILE_LIST_H_
-#define VIDEO_WIDEVINE_EXPORT_COMMON_DEFAULT_DEVICE_SECURITY_PROFILE_LIST_H_
+#ifndef COMMON_DEFAULT_DEVICE_SECURITY_PROFILE_LIST_H_
+#define COMMON_DEFAULT_DEVICE_SECURITY_PROFILE_LIST_H_
 
-#include "video/widevine/export/common/security_profile_list.h"
+#include "common/security_profile_list.h"
 
-namespace video_widevine {
+namespace widevine {
 
 class DefaultDeviceSecurityProfileList : public SecurityProfileList {
  public:
@@ -28,6 +34,6 @@ class DefaultDeviceSecurityProfileList : public SecurityProfileList {
       std::vector<std::string>* default_profile_strings) const;
 };
 
-}  // namespace video_widevine
+}  // namespace widevine
 
-#endif  // VIDEO_WIDEVINE_EXPORT_COMMON_DEFAULT_DEVICE_SECURITY_PROFILE_LIST_H_
+#endif  // COMMON_DEFAULT_DEVICE_SECURITY_PROFILE_LIST_H_

common/security_profile_list.h

@@ -1,20 +1,26 @@
-// Copyright 2020 Google LLC. All rights reserved.
+////////////////////////////////////////////////////////////////////////////////
+// Copyright 2020 Google LLC.
+//
+// This software is licensed under the terms defined in the Widevine Master
+// License Agreement. For a copy of this agreement, please contact
+// widevine-licensing@google.com.
+////////////////////////////////////////////////////////////////////////////////
 //
 // Description:
 //   Container of device security profiles.  Security profiles indicate rules
 //   to allow using the profile. The rules are based on DRM capabilities of a
 //   device.
 
-#ifndef VIDEO_WIDEVINE_EXPORT_COMMON_SECURITY_PROFILE_LIST_H_
-#define VIDEO_WIDEVINE_EXPORT_COMMON_SECURITY_PROFILE_LIST_H_
+#ifndef COMMON_SECURITY_PROFILE_LIST_H_
+#define COMMON_SECURITY_PROFILE_LIST_H_
 
-#include "third_party/absl/synchronization/mutex.h"
-#include "video/widevine/protos/public/client_identification.proto.h"
-#include "video/widevine/protos/public/device_security_profile_data.proto.h"
-#include "video/widevine/protos/public/provisioned_device_info.proto.h"
-#include "video/widevine/protos/public/security_profile.proto.h"
+#include "absl/synchronization/mutex.h"
+#include "protos/public/client_identification.pb.h"
+#include "protos/public/device_security_profile_data.pb.h"
+#include "protos/public/provisioned_device_info.pb.h"
+#include "protos/public/security_profile.pb.h"
 
-namespace video_widevine {
+namespace widevine {
 using ClientCapabilities = ClientIdentification::ClientCapabilities;
 
 // The SecurityProfileList will hold all security profiles.  During license
@@ -76,10 +82,10 @@ class SecurityProfileList {
                           const ClientIdentification& client_id,
                           const ProvisionedDeviceInfo& device_info) const;
 
-  int64 GetCurrentTimeSeconds() const;
+  int64_t GetCurrentTimeSeconds() const;
 
   bool IsProfileActive(const SecurityProfile& profile,
-                       int64 current_time_seconds) const;
+                       int64_t current_time_seconds) const;
 
   mutable absl::Mutex mutex_;
   // Security profiles
@@ -87,5 +93,5 @@ class SecurityProfileList {
   std::vector<SecurityProfile> security_profiles_ ABSL_GUARDED_BY(mutex_);
 };
 
-}  // namespace video_widevine
-#endif  // VIDEO_WIDEVINE_EXPORT_COMMON_SECURITY_PROFILE_LIST_H_
+}  // namespace widevine
+#endif  // COMMON_SECURITY_PROFILE_LIST_H_

media_cas_packager_sdk/public/wv_cas_ecmg_client_handler.h

@@ -0,0 +1,67 @@
+////////////////////////////////////////////////////////////////////////////////
+// Copyright 2020 Google LLC.
+//
+// This software is licensed under the terms defined in the Widevine Master
+// License Agreement. For a copy of this agreement, please contact
+// widevine-licensing@google.com.
+////////////////////////////////////////////////////////////////////////////////
+
+#ifndef MEDIA_CAS_PACKAGER_SDK_PUBLIC_WV_CAS_ECMG_CLIENT_HANDLER_H_
+#define MEDIA_CAS_PACKAGER_SDK_PUBLIC_WV_CAS_ECMG_CLIENT_HANDLER_H_
+
+#include <memory>
+
+#include "common/status.h"
+#include "media_cas_packager_sdk/public/wv_cas_types.h"
+
+namespace widevine {
+namespace cas {
+
+// Forward declaration to avoid including internal headers.
+class EcmgClientHandler;
+
+// Handles requests from one and only one SCS client.
+// WvCasEcmgClientHandler is NOT thread-safe.
+class WvCasEcmgClientHandler {
+ public:
+  explicit WvCasEcmgClientHandler(const EcmgConfig& ecmg_config);
+  WvCasEcmgClientHandler(const WvCasEcmgClientHandler&) = delete;
+  WvCasEcmgClientHandler& operator=(const WvCasEcmgClientHandler&) = delete;
+  virtual ~WvCasEcmgClientHandler();
+
+  // Sets the custom entitlement key fetching function used by ECMG to fetch
+  // entitlement keys. If entitlement key information is not received in
+  // Simulcrypt ECMG from SCS, ECMG will try to fetch entitlement keys using
+  // this function.
+  // Calling this function is optional.
+  void SetCustomEntitlementKeyFetcherFunc(EntitlementKeyFetcherFunc fetcher);
+
+  // Handles a |request| from the SCS client. If any response is generated, it
+  // will return the response via |response_buffer| and |response_length|.
+  // Args:
+  // - |request_buffer_size| is the size of |request_buffer|.
+  // - |request_buffer| is the buffer that holds the request message.
+  // - |response_buffer_size| is the size of |response_buffer|. Must be at large
+  //   enough to hold the max possible response message (at least 2048 bytes).
+  // - |response_buffer| is the buffer that holds the response message.
+  // - |response_length| is the actual length of the response message.
+  Status HandleRequest(size_t request_buffer_size,
+                       const char* const request_buffer,
+                       size_t response_buffer_size, char* response_buffer,
+                       size_t* response_length);
+
+ protected:
+  // For unit test only.
+  explicit WvCasEcmgClientHandler(
+      std::unique_ptr<EcmgClientHandler> inner_handler);
+
+ private:
+  // Serves as storage for the |inner_handler_| below.
+  EcmgConfig ecmg_config_;
+  std::unique_ptr<EcmgClientHandler> inner_handler_;
+};
+
+}  // namespace cas
+}  // namespace widevine
+
+#endif  // MEDIA_CAS_PACKAGER_SDK_PUBLIC_WV_CAS_ECMG_CLIENT_HANDLER_H_

media_cas_packager_sdk/public/wv_cas_types.h

@@ -65,6 +65,68 @@ struct EntitlementKeyInfo {
   std::string key_value;  // must be 32 bytes.
 };
 
+// A struct that captures the Simulcrypt ECMG configurations. Most fields are
+// Simulcrypt standard fields (See ETSI TS 103 197 V1.5.1 (2008-10)
+// Section 5.3).
+struct EcmgConfig {
+  // |delay_start| is a signed integer represents the amount of time between the
+  // start of a Crypto Period, and the start of the broadcasting of the ECM
+  // attached to this period. If it is positive, it means that the ECM shall
+  // be delayed with respect to the start of the Crypto Period. If negative,
+  // it means that the ECM shall be broadcast ahead of this time. This
+  // parameter is communicated by the ECMG to the SCS during the channel
+  // setup.
+  int16_t delay_start;
+  // |delay_stop| is a signed integer represents the amount of time between the
+  // end of a Crypto Period, and the end of the broadcasting of the ECM
+  // attached to this period. If it is positive, it means that the end of the
+  // ECM broadcast shall be delayed with respect to the end of the Crypto
+  // Period. If negative, it means that the ECM broadcast shall be ended ahead
+  // of time. This parameter is communicated by the ECMG to the SCS during the
+  // channel setup.
+  int16_t delay_stop;
+  // |ecm_rep_period| is an integer represents the period in milliseconds for
+  // the repetition of data (e.g. ECMs).
+  uint16_t ecm_rep_period;
+  // |max_comp_time| this parameter is communicated by the ECMG to the SCS
+  // during channel setup. It is the worst case time needed by an ECMG to
+  // compute an ECM when all the streams in a channel are being used. This
+  // time is typically used by the SCS to decide when to time-out on the
+  // ECM_response message. This value shall be lower than the min_CP_duration
+  // parameter of the same channel_status message.
+  uint16_t max_comp_time;
+  // |access_criteria_transfer_mode| this 1-byte parameter is a flag. If it
+  // equals 0, it indicates that the access_criteria parameter is required in
+  // the CW_provision message only when the contents of this parameter change.
+  // If it equals 1, it indicates that the ECMG requires the access_criteria
+  // parameter be present in each CW_provision message.
+  uint8_t access_criteria_transfer_mode;
+  // |number_of_content_keys| is the number of content keys in an ECM. If
+  // content key rotation is enabled, number_of_content_keys should be set to 2;
+  // otherwise it should be set to 1.
+  uint8_t number_of_content_keys;
+  // |crypto_mode| indicates the crypto mode used to encrypt the content. It
+  // will be included in the ECM. If new crypto_mode is received from SCS, ECM
+  // will use the new one.
+  CryptoMode crypto_mode;
+};
+
+// A custom entitlement key fetching function used by ECMG to fetch entitlement
+// keys. If entitlement key information is not received in Simulcrypt ECMG from
+// SCS, ECMG will try to fetch entitlement keys using this function.
+// Args:
+//   |channel_id| is the channel id received at ECMG from SCS when setting up
+//     the channel.
+//   |stream_id| is the stream id received at ECMG from SCS when setting up
+//     the stream.
+//   |ecm_id| is the ecm id received at ECMG from SCS when setting up the
+//     stream.
+// Returns a vector of EntitlementKeyInfo. The size of the returned vector
+// must not exceed 2. When the vector size is 2, one of them must be specified
+// as even key and the other must be odd key (sequence does not matter).
+using EntitlementKeyFetcherFunc = std::vector<EntitlementKeyInfo> (*)(
+    uint16_t channel_id, uint16_t stream_id, uint16_t ecm_id);
+
 struct WvCasEncryptionRequest {
   std::string content_id;
   std::string provider;