• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2014 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 /*
18  * This file defines an NDK API.
19  * Do not remove methods.
20  * Do not change method signatures.
21  * Do not change the value of constants.
22  * Do not change the size of any of the classes defined in here.
23  * Do not reference types that are not part of the NDK.
24  * Do not #include files that aren't part of the NDK.
25  */
26 
27 #ifndef _NDK_MEDIA_DRM_H
28 #define _NDK_MEDIA_DRM_H
29 
30 #include "NdkMediaError.h"
31 
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35 
36 #include <stdint.h>
37 #include <stdbool.h>
38 
39 struct AMediaDrm;
40 typedef struct AMediaDrm AMediaDrm;
41 
42 typedef struct {
43     const uint8_t *ptr;
44     size_t length;
45 } AMediaDrmByteArray;
46 
47 typedef AMediaDrmByteArray AMediaDrmSessionId;
48 typedef AMediaDrmByteArray AMediaDrmScope;
49 typedef AMediaDrmByteArray AMediaDrmKeySetId;
50 typedef AMediaDrmByteArray AMediaDrmSecureStop;
51 
52 
53 typedef enum AMediaDrmEventType {
54     /**
55      * This event type indicates that the app needs to request a certificate from
56      * the provisioning server.  The request message data is obtained using
57      * AMediaDrm_getProvisionRequest.
58      */
59     EVENT_PROVISION_REQUIRED = 1,
60 
61     /**
62      * This event type indicates that the app needs to request keys from a license
63      * server.  The request message data is obtained using AMediaDrm_getKeyRequest.
64      */
65     EVENT_KEY_REQUIRED = 2,
66 
67     /**
68      * This event type indicates that the licensed usage duration for keys in a session
69      * has expired.  The keys are no longer valid.
70      */
71     EVENT_KEY_EXPIRED = 3,
72 
73     /**
74      * This event may indicate some specific vendor-defined condition, see your
75      * DRM provider documentation for details
76      */
77     EVENT_VENDOR_DEFINED = 4
78 } AMediaDrmEventType;
79 
80 typedef void (*AMediaDrmEventListener)(AMediaDrm *, const AMediaDrmSessionId *sessionId,
81         AMediaDrmEventType eventType, int extra, const uint8_t *data, size_t dataSize);
82 
83 
84 /**
85  * Query if the given scheme identified by its UUID is supported on this device, and
86  * whether the drm plugin is able to handle the media container format specified by mimeType.
87  *
88  * uuid identifies the universal unique ID of the crypto scheme. uuid must be 16 bytes.
89  * mimeType is the MIME type of the media container, e.g. "video/mp4".  If mimeType
90  * is not known or required, it can be provided as NULL.
91  */
92 bool AMediaDrm_isCryptoSchemeSupported(const uint8_t *uuid, const char *mimeType);
93 
94 /**
95  * Create a MediaDrm instance from a UUID
96  * uuid identifies the universal unique ID of the crypto scheme. uuid must be 16 bytes.
97  */
98 AMediaDrm* AMediaDrm_createByUUID(const uint8_t *uuid);
99 
100 /**
101  * Release a MediaDrm object
102  */
103 void AMediaDrm_release(AMediaDrm *);
104 
105 /**
106  * Register a callback to be invoked when an event occurs
107  *
108  * listener is the callback that will be invoked on event
109  */
110 media_status_t AMediaDrm_setOnEventListener(AMediaDrm *, AMediaDrmEventListener listener);
111 
112 /**
113  * Open a new session with the MediaDrm object.  A session ID is returned.
114  *
115  * returns MEDIADRM_NOT_PROVISIONED_ERROR if provisioning is needed
116  * returns MEDIADRM_RESOURCE_BUSY_ERROR if required resources are in use
117  */
118 media_status_t AMediaDrm_openSession(AMediaDrm *, AMediaDrmSessionId *sessionId);
119 
120 /**
121  * Close a session on the MediaDrm object that was previously opened
122  * with AMediaDrm_openSession.
123  */
124 media_status_t AMediaDrm_closeSession(AMediaDrm *, const AMediaDrmSessionId *sessionId);
125 
126 typedef enum AMediaDrmKeyType {
127     /**
128      * This key request type species that the keys will be for online use, they will
129      * not be saved to the device for subsequent use when the device is not connected
130      * to a network.
131      */
132     KEY_TYPE_STREAMING = 1,
133 
134     /**
135      * This key request type specifies that the keys will be for offline use, they
136      * will be saved to the device for use when the device is not connected to a network.
137      */
138     KEY_TYPE_OFFLINE = 2,
139 
140     /**
141      * This key request type specifies that previously saved offline keys should be released.
142      */
143     KEY_TYPE_RELEASE = 3
144 } AMediaDrmKeyType;
145 
146 /**
147  *  Data type containing {key, value} pair
148  */
149 typedef struct AMediaDrmKeyValuePair {
150     const char *mKey;
151     const char *mValue;
152 } AMediaDrmKeyValue;
153 
154 /**
155  * A key request/response exchange occurs between the app and a license server
156  * to obtain or release keys used to decrypt encrypted content.
157  * AMediaDrm_getKeyRequest is used to obtain an opaque key request byte array that
158  * is delivered to the license server.  The opaque key request byte array is
159  * returned in KeyRequest.data.  The recommended URL to deliver the key request to
160  * is returned in KeyRequest.defaultUrl.
161  *
162  * After the app has received the key request response from the server,
163  * it should deliver to the response to the DRM engine plugin using the method
164  * AMediaDrm_provideKeyResponse.
165  *
166  * scope may be a sessionId or a keySetId, depending on the specified keyType.
167  * When the keyType is KEY_TYPE_STREAMING or KEY_TYPE_OFFLINE, scope should be set
168  * to the sessionId the keys will be provided to.  When the keyType is
169  * KEY_TYPE_RELEASE, scope should be set to the keySetId of the keys being released.
170  * Releasing keys from a device invalidates them for all sessions.
171  *
172  * init container-specific data, its meaning is interpreted based on the mime type
173  * provided in the mimeType parameter.  It could contain, for example, the content
174  * ID, key ID or other data obtained from the content metadata that is required in
175  * generating the key request. init may be null when keyType is KEY_TYPE_RELEASE.
176  *
177  * initSize is the number of bytes of initData
178  *
179  * mimeType identifies the mime type of the content.
180  *
181  * keyType specifes the type of the request. The request may be to acquire keys for
182  *   streaming or offline content, or to release previously acquired keys, which are
183  *   identified by a keySetId.
184  *
185  * optionalParameters are included in the key request message to allow a client
186  *   application to provide additional message parameters to the server.
187  *
188  * numOptionalParameters indicates the number of optional parameters provided
189  *   by the caller
190  *
191  * On exit:
192  *   1. The keyRequest pointer will reference the opaque key request data.  It
193  *       will reside in memory owned by the AMediaDrm object, and will remain
194  *       accessible until the next call to AMediaDrm_getKeyRequest or until the
195  *       MediaDrm object is released.
196  *   2. keyRequestSize will be set to the size of the request
197  *
198  * returns MEDIADRM_NOT_PROVISIONED_ERROR if reprovisioning is needed, due to a
199  * problem with the device certificate.
200 */
201 media_status_t AMediaDrm_getKeyRequest(AMediaDrm *, const AMediaDrmScope *scope,
202         const uint8_t *init, size_t initSize, const char *mimeType, AMediaDrmKeyType keyType,
203         const AMediaDrmKeyValue *optionalParameters, size_t numOptionalParameters,
204         const uint8_t **keyRequest, size_t *keyRequestSize);
205 
206 /**
207  * A key response is received from the license server by the app, then it is
208  * provided to the DRM engine plugin using provideKeyResponse.  When the
209  * response is for an offline key request, a keySetId is returned that can be
210  * used to later restore the keys to a new session with AMediaDrm_restoreKeys.
211  * When the response is for a streaming or release request, a null keySetId is
212  * returned.
213  *
214  * scope may be a sessionId or keySetId depending on the type of the
215  * response.  Scope should be set to the sessionId when the response is for either
216  * streaming or offline key requests.  Scope should be set to the keySetId when
217  * the response is for a release request.
218  *
219  * response points to the opaque response from the server
220  * responseSize should be set to the size of the response in bytes
221  */
222 
223 media_status_t AMediaDrm_provideKeyResponse(AMediaDrm *, const AMediaDrmScope *scope,
224         const uint8_t *response, size_t responseSize, AMediaDrmKeySetId *keySetId);
225 
226 /**
227  * Restore persisted offline keys into a new session.  keySetId identifies the
228  * keys to load, obtained from a prior call to AMediaDrm_provideKeyResponse.
229  *
230  * sessionId is the session ID for the DRM session
231  * keySetId identifies the saved key set to restore
232  */
233 media_status_t AMediaDrm_restoreKeys(AMediaDrm *, const AMediaDrmSessionId *sessionId,
234         const AMediaDrmKeySetId *keySetId);
235 
236 /**
237  * Remove the current keys from a session.
238  *
239  * keySetId identifies keys to remove
240  */
241 media_status_t AMediaDrm_removeKeys(AMediaDrm *, const AMediaDrmSessionId *keySetId);
242 
243 /**
244  * Request an informative description of the key status for the session.  The status is
245  * in the form of {key, value} pairs.  Since DRM license policies vary by vendor,
246  * the specific status field names are determined by each DRM vendor.  Refer to your
247  * DRM provider documentation for definitions of the field names for a particular
248  * DRM engine plugin.
249  *
250  * On entry, numPairs should be set by the caller to the maximum number of pairs
251  * that can be returned (the size of the array).  On exit, numPairs will be set
252  * to the number of entries written to the array.  If the number of {key, value} pairs
253  * to be returned is greater than *numPairs, MEDIADRM_SHORT_BUFFER will be returned
254  * and numPairs will be set to the number of pairs available.
255  */
256 media_status_t AMediaDrm_queryKeyStatus(AMediaDrm *, const AMediaDrmSessionId *sessionId,
257         AMediaDrmKeyValue *keyValuePairs, size_t *numPairs);
258 
259 
260 /**
261  * A provision request/response exchange occurs between the app and a provisioning
262  * server to retrieve a device certificate.  If provisionining is required, the
263  * EVENT_PROVISION_REQUIRED event will be sent to the event handler.
264  * getProvisionRequest is used to obtain the opaque provision request byte array that
265  * should be delivered to the provisioning server.
266  * On exit:
267  *    1. The provision request data will be referenced by provisionRequest, in
268  *        memory owned by the AMediaDrm object.  It will remain accessible until the
269  *        next call to getProvisionRequest.
270  *    2. provisionRequestSize will be set to the size of the request data.
271  *    3. serverUrl will reference a NULL terminated string containing the URL
272  *       the provisioning request should be sent to.  It will remain accessible until
273  *       the next call to getProvisionRequest.
274  */
275 media_status_t AMediaDrm_getProvisionRequest(AMediaDrm *, const uint8_t **provisionRequest,
276         size_t *provisionRequestSize, const char **serverUrl);
277 
278 
279 /**
280  * After a provision response is received by the app, it is provided to the DRM
281  * engine plugin using this method.
282  *
283  * response is the opaque provisioning response byte array to provide to the
284  *   DRM engine plugin.
285  * responseSize is the length of the provisioning response in bytes.
286  *
287  * returns MEDIADRM_DEVICE_REVOKED_ERROR if the response indicates that the
288  * server rejected the request
289  */
290 media_status_t AMediaDrm_provideProvisionResponse(AMediaDrm *,
291         const uint8_t *response, size_t responseSize);
292 
293 
294 /**
295  * A means of enforcing limits on the number of concurrent streams per subscriber
296  * across devices is provided via SecureStop. This is achieved by securely
297  * monitoring the lifetime of sessions.
298  *
299  * Information from the server related to the current playback session is written
300  * to persistent storage on the device when each MediaCrypto object is created.
301  *
302  * In the normal case, playback will be completed, the session destroyed and the
303  * Secure Stops will be queried. The app queries secure stops and forwards the
304  * secure stop message to the server which verifies the signature and notifies the
305  * server side database that the session destruction has been confirmed. The persisted
306  * record on the client is only removed after positive confirmation that the server
307  * received the message using releaseSecureStops().
308  *
309  * numSecureStops is set by the caller to the maximum number of secure stops to
310  * return.  On exit, *numSecureStops will be set to the number actually returned.
311  * If *numSecureStops is too small for the number of secure stops available,
312  * MEDIADRM_SHORT_BUFFER will be returned and *numSecureStops will be set to the
313  * number required.
314  */
315 media_status_t AMediaDrm_getSecureStops(AMediaDrm *,
316         AMediaDrmSecureStop *secureStops, size_t *numSecureStops);
317 
318 /**
319  * Process the SecureStop server response message ssRelease.  After authenticating
320  * the message, remove the SecureStops identified in the response.
321  *
322  * ssRelease is the server response indicating which secure stops to release
323  */
324 media_status_t AMediaDrm_releaseSecureStops(AMediaDrm *,
325         const AMediaDrmSecureStop *ssRelease);
326 
327 /**
328  * String property name: identifies the maker of the DRM engine plugin
329  */
330 const char *PROPERTY_VENDOR = "vendor";
331 
332 /**
333  * String property name: identifies the version of the DRM engine plugin
334  */
335 const char *PROPERTY_VERSION = "version";
336 
337 /**
338  * String property name: describes the DRM engine plugin
339  */
340 const char *PROPERTY_DESCRIPTION = "description";
341 
342 /**
343  * String property name: a comma-separated list of cipher and mac algorithms
344  * supported by CryptoSession.  The list may be empty if the DRM engine
345  * plugin does not support CryptoSession operations.
346  */
347 const char *PROPERTY_ALGORITHMS = "algorithms";
348 
349 /**
350  * Read a DRM engine plugin String property value, given the property name string.
351  *
352  * propertyName identifies the property to query
353  * On return, propertyValue will be set to point to the property value.  The
354  * memory that the value resides in is owned by the NDK MediaDrm API and
355  * will remain valid until the next call to AMediaDrm_getPropertyString.
356  */
357 media_status_t AMediaDrm_getPropertyString(AMediaDrm *, const char *propertyName,
358         const char **propertyValue);
359 
360 /**
361  * Byte array property name: the device unique identifier is established during
362  * device provisioning and provides a means of uniquely identifying each device.
363  */
364 const char *PROPERTY_DEVICE_UNIQUE_ID = "deviceUniqueId";
365 
366 /**
367  * Read a DRM engine plugin byte array property value, given the property name string.
368  * On return, *propertyValue will be set to point to the property value.  The
369  * memory that the value resides in is owned by the NDK MediaDrm API and
370  * will remain valid until the next call to AMediaDrm_getPropertyByteArray.
371  */
372 media_status_t AMediaDrm_getPropertyByteArray(AMediaDrm *, const char *propertyName,
373         AMediaDrmByteArray *propertyValue);
374 
375 /**
376  * Set a DRM engine plugin String property value.
377  */
378 media_status_t AMediaDrm_setPropertyString(AMediaDrm *, const char *propertyName,
379         const char *value);
380 
381 /**
382  * Set a DRM engine plugin byte array property value.
383  */
384 media_status_t AMediaDrm_setPropertyByteArray(AMediaDrm *, const char *propertyName,
385         const uint8_t *value, size_t valueSize);
386 
387 /**
388  * In addition to supporting decryption of DASH Common Encrypted Media, the
389  * MediaDrm APIs provide the ability to securely deliver session keys from
390  * an operator's session key server to a client device, based on the factory-installed
391  * root of trust, and then perform encrypt, decrypt, sign and verify operations
392  * with the session key on arbitrary user data.
393  *
394  * Operators create session key servers that receive session key requests and provide
395  * encrypted session keys which can be used for general purpose crypto operations.
396  *
397  * Generic encrypt/decrypt/sign/verify methods are based on the established session
398  * keys.  These keys are exchanged using the getKeyRequest/provideKeyResponse methods.
399  *
400  * Applications of this capability include securing various types of purchased or
401  * private content, such as applications, books and other media, photos or media
402  * delivery protocols.
403  */
404 
405 /*
406  * Encrypt the data referenced by input of length dataSize using algorithm specified
407  * by cipherAlgorithm, and write the encrypted result into output.  The caller must
408  * ensure that the output buffer is large enough to accept dataSize bytes. The key
409  * to use is identified by the 16 byte keyId.  The key must have been loaded into
410  * the session using provideKeyResponse.
411  */
412 media_status_t AMediaDrm_encrypt(AMediaDrm *, const AMediaDrmSessionId *sessionId,
413         const char *cipherAlgorithm, uint8_t *keyId, uint8_t *iv,
414         const uint8_t *input, uint8_t *output, size_t dataSize);
415 
416 /*
417  * Decrypt the data referenced by input of length dataSize using algorithm specified
418  * by cipherAlgorithm, and write the decrypted result into output.  The caller must
419  * ensure that the output buffer is large enough to accept dataSize bytes.  The key
420  * to use is identified by the 16 byte keyId.  The key must have been loaded into
421  * the session using provideKeyResponse.
422  */
423 media_status_t AMediaDrm_decrypt(AMediaDrm *, const AMediaDrmSessionId *sessionId,
424         const char *cipherAlgorithm, uint8_t *keyId, uint8_t *iv,
425         const uint8_t *input, uint8_t *output, size_t dataSize);
426 
427 /*
428  * Generate a signature using the specified macAlgorithm over the message data
429  * referenced by message of size messageSize and store the signature in the
430  * buffer referenced signature of max size *signatureSize.  If the buffer is not
431  * large enough to hold the signature, MEDIADRM_SHORT_BUFFER is returned and
432  * *signatureSize is set to the buffer size required.  The key to use is identified
433  * by the 16 byte keyId.  The key must have been loaded into the session using
434  * provideKeyResponse.
435  */
436 media_status_t AMediaDrm_sign(AMediaDrm *, const AMediaDrmSessionId *sessionId,
437         const char *macAlgorithm, uint8_t *keyId, uint8_t *message, size_t messageSize,
438         uint8_t *signature, size_t *signatureSize);
439 
440 /*
441  * Perform a signature verification using the specified macAlgorithm over the message
442  * data referenced by the message parameter of size messageSize. Returns MEDIADRM_OK
443  * if the signature matches, otherwise MEDAIDRM_VERIFY_FAILED is returned. The key to
444  * use is identified by the 16 byte keyId.  The key must have been loaded into the
445  * session using provideKeyResponse.
446  */
447 media_status_t AMediaDrm_verify(AMediaDrm *, const AMediaDrmSessionId *sessionId,
448         const char *macAlgorithm, uint8_t *keyId, const uint8_t *message, size_t messageSize,
449         const uint8_t *signature, size_t signatureSize);
450 
451 #ifdef __cplusplus
452 } // extern "C"
453 #endif
454 
455 #endif //_NDK_MEDIA_DRM_H
456