summaryrefslogtreecommitdiffstats
path: root/dom/media/gmp/widevine-adapter
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:47:29 +0000
commit0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d (patch)
treea31f07c9bcca9d56ce61e9a1ffd30ef350d513aa /dom/media/gmp/widevine-adapter
parentInitial commit. (diff)
downloadfirefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.tar.xz
firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.zip
Adding upstream version 115.8.0esr.upstream/115.8.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/media/gmp/widevine-adapter')
-rw-r--r--dom/media/gmp/widevine-adapter/WidevineFileIO.cpp100
-rw-r--r--dom/media/gmp/widevine-adapter/WidevineFileIO.h41
-rw-r--r--dom/media/gmp/widevine-adapter/WidevineUtils.cpp61
-rw-r--r--dom/media/gmp/widevine-adapter/WidevineUtils.h84
-rw-r--r--dom/media/gmp/widevine-adapter/WidevineVideoFrame.cpp142
-rw-r--r--dom/media/gmp/widevine-adapter/WidevineVideoFrame.h54
-rw-r--r--dom/media/gmp/widevine-adapter/content_decryption_module.h1359
-rw-r--r--dom/media/gmp/widevine-adapter/content_decryption_module_export.h38
-rw-r--r--dom/media/gmp/widevine-adapter/content_decryption_module_ext.h64
-rw-r--r--dom/media/gmp/widevine-adapter/content_decryption_module_proxy.h121
-rw-r--r--dom/media/gmp/widevine-adapter/moz.build21
11 files changed, 2085 insertions, 0 deletions
diff --git a/dom/media/gmp/widevine-adapter/WidevineFileIO.cpp b/dom/media/gmp/widevine-adapter/WidevineFileIO.cpp
new file mode 100644
index 0000000000..913f6ba288
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/WidevineFileIO.cpp
@@ -0,0 +1,100 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "WidevineFileIO.h"
+#include "GMPLog.h"
+#include "WidevineUtils.h"
+
+#include "gmp-api/gmp-platform.h"
+
+// Declared in ChromiumCDMAdapter.cpp.
+extern const GMPPlatformAPI* sPlatform;
+
+namespace mozilla {
+
+void WidevineFileIO::Open(const char* aFilename, uint32_t aFilenameLength) {
+ mName = std::string(aFilename, aFilename + aFilenameLength);
+ GMPRecord* record = nullptr;
+ GMPErr err = sPlatform->createrecord(aFilename, aFilenameLength, &record,
+ static_cast<GMPRecordClient*>(this));
+ if (GMP_FAILED(err)) {
+ GMP_LOG_DEBUG("WidevineFileIO::Open() '%s' GMPCreateRecord failed",
+ mName.c_str());
+ mClient->OnOpenComplete(cdm::FileIOClient::Status::kError);
+ return;
+ }
+ if (GMP_FAILED(record->Open())) {
+ GMP_LOG_DEBUG("WidevineFileIO::Open() '%s' record open failed",
+ mName.c_str());
+ mClient->OnOpenComplete(cdm::FileIOClient::Status::kError);
+ return;
+ }
+
+ GMP_LOG_DEBUG("WidevineFileIO::Open() '%s'", mName.c_str());
+ mRecord = record;
+}
+
+void WidevineFileIO::Read() {
+ if (!mRecord) {
+ GMP_LOG_DEBUG("WidevineFileIO::Read() '%s' used uninitialized!",
+ mName.c_str());
+ mClient->OnReadComplete(cdm::FileIOClient::Status::kError, nullptr, 0);
+ return;
+ }
+ GMP_LOG_DEBUG("WidevineFileIO::Read() '%s'", mName.c_str());
+ mRecord->Read();
+}
+
+void WidevineFileIO::Write(const uint8_t* aData, uint32_t aDataSize) {
+ if (!mRecord) {
+ GMP_LOG_DEBUG("WidevineFileIO::Write() '%s' used uninitialized!",
+ mName.c_str());
+ mClient->OnWriteComplete(cdm::FileIOClient::Status::kError);
+ return;
+ }
+ mRecord->Write(aData, aDataSize);
+}
+
+void WidevineFileIO::Close() {
+ GMP_LOG_DEBUG("WidevineFileIO::Close() '%s'", mName.c_str());
+ if (mRecord) {
+ mRecord->Close();
+ mRecord = nullptr;
+ }
+ delete this;
+}
+
+static cdm::FileIOClient::Status GMPToWidevineFileStatus(GMPErr aStatus) {
+ switch (aStatus) {
+ case GMPRecordInUse:
+ return cdm::FileIOClient::Status::kInUse;
+ case GMPNoErr:
+ return cdm::FileIOClient::Status::kSuccess;
+ default:
+ return cdm::FileIOClient::Status::kError;
+ }
+}
+
+void WidevineFileIO::OpenComplete(GMPErr aStatus) {
+ GMP_LOG_DEBUG("WidevineFileIO::OpenComplete() '%s' status=%d", mName.c_str(),
+ aStatus);
+ mClient->OnOpenComplete(GMPToWidevineFileStatus(aStatus));
+}
+
+void WidevineFileIO::ReadComplete(GMPErr aStatus, const uint8_t* aData,
+ uint32_t aDataSize) {
+ GMP_LOG_DEBUG("WidevineFileIO::OnReadComplete() '%s' status=%d",
+ mName.c_str(), aStatus);
+ mClient->OnReadComplete(GMPToWidevineFileStatus(aStatus), aData, aDataSize);
+}
+
+void WidevineFileIO::WriteComplete(GMPErr aStatus) {
+ GMP_LOG_DEBUG("WidevineFileIO::WriteComplete() '%s' status=%d", mName.c_str(),
+ aStatus);
+ mClient->OnWriteComplete(GMPToWidevineFileStatus(aStatus));
+}
+
+} // namespace mozilla
diff --git a/dom/media/gmp/widevine-adapter/WidevineFileIO.h b/dom/media/gmp/widevine-adapter/WidevineFileIO.h
new file mode 100644
index 0000000000..8c36f032be
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/WidevineFileIO.h
@@ -0,0 +1,41 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef WidevineFileIO_h_
+#define WidevineFileIO_h_
+
+#include <stddef.h>
+#include "content_decryption_module.h"
+#include "gmp-api/gmp-storage.h"
+#include <string>
+
+namespace mozilla {
+
+class WidevineFileIO : public cdm::FileIO, public GMPRecordClient {
+ public:
+ explicit WidevineFileIO(cdm::FileIOClient* aClient)
+ : mClient(aClient), mRecord(nullptr) {}
+
+ // cdm::FileIO
+ void Open(const char* aFilename, uint32_t aFilenameLength) override;
+ void Read() override;
+ void Write(const uint8_t* aData, uint32_t aDataSize) override;
+ void Close() override;
+
+ // GMPRecordClient
+ void OpenComplete(GMPErr aStatus) override;
+ void ReadComplete(GMPErr aStatus, const uint8_t* aData,
+ uint32_t aDataSize) override;
+ void WriteComplete(GMPErr aStatus) override;
+
+ private:
+ cdm::FileIOClient* mClient;
+ GMPRecord* mRecord;
+ std::string mName;
+};
+
+} // namespace mozilla
+
+#endif // WidevineFileIO_h_
diff --git a/dom/media/gmp/widevine-adapter/WidevineUtils.cpp b/dom/media/gmp/widevine-adapter/WidevineUtils.cpp
new file mode 100644
index 0000000000..d0551406b2
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/WidevineUtils.cpp
@@ -0,0 +1,61 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "WidevineUtils.h"
+#include "GMPLog.h"
+#include "gmp-api/gmp-errors.h"
+#include <stdarg.h>
+#include <stdio.h>
+#include <inttypes.h>
+
+namespace mozilla {
+
+WidevineBuffer::WidevineBuffer(size_t aSize) {
+ GMP_LOG_DEBUG("WidevineBuffer(size=%zu) created", aSize);
+ mBuffer.SetLength(aSize);
+}
+
+WidevineBuffer::~WidevineBuffer() {
+ GMP_LOG_DEBUG("WidevineBuffer(size=%" PRIu32 ") destroyed", Size());
+}
+
+void WidevineBuffer::Destroy() { delete this; }
+
+uint32_t WidevineBuffer::Capacity() const { return mBuffer.Length(); }
+
+uint8_t* WidevineBuffer::Data() { return mBuffer.Elements(); }
+
+void WidevineBuffer::SetSize(uint32_t aSize) { mBuffer.SetLength(aSize); }
+
+uint32_t WidevineBuffer::Size() const { return mBuffer.Length(); }
+
+nsTArray<uint8_t> WidevineBuffer::ExtractBuffer() {
+ nsTArray<uint8_t> out = std::move(mBuffer);
+ return out;
+}
+
+WidevineDecryptedBlock::WidevineDecryptedBlock()
+ : mBuffer(nullptr), mTimestamp(0) {}
+
+WidevineDecryptedBlock::~WidevineDecryptedBlock() {
+ if (mBuffer) {
+ mBuffer->Destroy();
+ mBuffer = nullptr;
+ }
+}
+
+void WidevineDecryptedBlock::SetDecryptedBuffer(cdm::Buffer* aBuffer) {
+ mBuffer = aBuffer;
+}
+
+cdm::Buffer* WidevineDecryptedBlock::DecryptedBuffer() { return mBuffer; }
+
+void WidevineDecryptedBlock::SetTimestamp(int64_t aTimestamp) {
+ mTimestamp = aTimestamp;
+}
+
+int64_t WidevineDecryptedBlock::Timestamp() const { return mTimestamp; }
+
+} // namespace mozilla
diff --git a/dom/media/gmp/widevine-adapter/WidevineUtils.h b/dom/media/gmp/widevine-adapter/WidevineUtils.h
new file mode 100644
index 0000000000..1502621451
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/WidevineUtils.h
@@ -0,0 +1,84 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef WidevineUtils_h_
+#define WidevineUtils_h_
+
+#include "stddef.h"
+#include "content_decryption_module.h"
+#include "nsISupportsImpl.h"
+#include "nsTArray.h"
+#include "mozilla/Logging.h"
+
+namespace mozilla {
+
+#define ENSURE_TRUE(condition, rv) \
+ { \
+ if (!(condition)) { \
+ GMP_LOG_DEBUG("ENSURE_TRUE FAILED %s:%d", __FILE__, __LINE__); \
+ return rv; \
+ } \
+ }
+
+#define ENSURE_GMP_SUCCESS(err, rv) \
+ { \
+ if (GMP_FAILED(err)) { \
+ GMP_LOG_DEBUG("ENSURE_GMP_SUCCESS FAILED %s:%d", __FILE__, __LINE__); \
+ return rv; \
+ } \
+ }
+
+namespace gmp {
+class CDMShmemBuffer;
+}
+class WidevineBuffer;
+
+// Base class for our cdm::Buffer implementations, so we can tell at runtime
+// whether the buffer is a Shmem or non-Shmem buffer.
+class CDMBuffer : public cdm::Buffer {
+ public:
+ virtual WidevineBuffer* AsArrayBuffer() { return nullptr; }
+ virtual gmp::CDMShmemBuffer* AsShmemBuffer() { return nullptr; }
+};
+
+class WidevineBuffer : public CDMBuffer {
+ public:
+ explicit WidevineBuffer(size_t aSize);
+ ~WidevineBuffer() override;
+ void Destroy() override;
+ uint32_t Capacity() const override;
+ uint8_t* Data() override;
+ void SetSize(uint32_t aSize) override;
+ uint32_t Size() const override;
+
+ // Moves contents of buffer out into temporary.
+ // Note: This empties the buffer.
+ nsTArray<uint8_t> ExtractBuffer();
+
+ WidevineBuffer* AsArrayBuffer() override { return this; }
+
+ private:
+ nsTArray<uint8_t> mBuffer;
+ WidevineBuffer(const WidevineBuffer&);
+ void operator=(const WidevineBuffer&);
+};
+
+class WidevineDecryptedBlock : public cdm::DecryptedBlock {
+ public:
+ WidevineDecryptedBlock();
+ ~WidevineDecryptedBlock() override;
+ void SetDecryptedBuffer(cdm::Buffer* aBuffer) override;
+ cdm::Buffer* DecryptedBuffer() override;
+ void SetTimestamp(int64_t aTimestamp) override;
+ int64_t Timestamp() const override;
+
+ private:
+ cdm::Buffer* mBuffer;
+ int64_t mTimestamp;
+};
+
+} // namespace mozilla
+
+#endif // WidevineUtils_h_
diff --git a/dom/media/gmp/widevine-adapter/WidevineVideoFrame.cpp b/dom/media/gmp/widevine-adapter/WidevineVideoFrame.cpp
new file mode 100644
index 0000000000..3f136c4ac8
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/WidevineVideoFrame.cpp
@@ -0,0 +1,142 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "WidevineVideoFrame.h"
+#include "GMPLog.h"
+#include "WidevineUtils.h"
+#include "mozilla/CheckedInt.h"
+#include "mozilla/IntegerPrintfMacros.h"
+
+namespace mozilla {
+
+WidevineVideoFrame::WidevineVideoFrame()
+ : mFormat(cdm::VideoFormat::kUnknownVideoFormat),
+ mSize{0, 0},
+ mBuffer(nullptr),
+ mTimestamp(0) {
+ MOZ_ASSERT(mSize.height == 0 && mSize.width == 0, "Size should be zeroed");
+ GMP_LOG_DEBUG("WidevineVideoFrame::WidevineVideoFrame() this=%p", this);
+ memset(mPlaneOffsets, 0, sizeof(mPlaneOffsets));
+ memset(mPlaneStrides, 0, sizeof(mPlaneStrides));
+}
+
+WidevineVideoFrame::WidevineVideoFrame(WidevineVideoFrame&& aOther)
+ : mFormat(aOther.mFormat),
+ mSize(aOther.mSize),
+ mBuffer(aOther.mBuffer),
+ mTimestamp(aOther.mTimestamp) {
+ GMP_LOG_DEBUG(
+ "WidevineVideoFrame::WidevineVideoFrame(WidevineVideoFrame&&) "
+ "this=%p, other=%p",
+ this, &aOther);
+ memcpy(mPlaneOffsets, aOther.mPlaneOffsets, sizeof(mPlaneOffsets));
+ memcpy(mPlaneStrides, aOther.mPlaneStrides, sizeof(mPlaneStrides));
+ aOther.mBuffer = nullptr;
+}
+
+WidevineVideoFrame::~WidevineVideoFrame() {
+ if (mBuffer) {
+ mBuffer->Destroy();
+ mBuffer = nullptr;
+ }
+}
+
+void WidevineVideoFrame::SetFormat(cdm::VideoFormat aFormat) {
+ GMP_LOG_DEBUG("WidevineVideoFrame::SetFormat(%d) this=%p", aFormat, this);
+ mFormat = aFormat;
+}
+
+cdm::VideoFormat WidevineVideoFrame::Format() const { return mFormat; }
+
+void WidevineVideoFrame::SetSize(cdm::Size aSize) {
+ GMP_LOG_DEBUG("WidevineVideoFrame::SetSize(%d,%d) this=%p", aSize.width,
+ aSize.height, this);
+ mSize.width = aSize.width;
+ mSize.height = aSize.height;
+}
+
+cdm::Size WidevineVideoFrame::Size() const { return mSize; }
+
+void WidevineVideoFrame::SetFrameBuffer(cdm::Buffer* aFrameBuffer) {
+ GMP_LOG_DEBUG("WidevineVideoFrame::SetFrameBuffer(%p) this=%p", aFrameBuffer,
+ this);
+ MOZ_ASSERT(!mBuffer);
+ mBuffer = aFrameBuffer;
+}
+
+cdm::Buffer* WidevineVideoFrame::FrameBuffer() { return mBuffer; }
+
+void WidevineVideoFrame::SetPlaneOffset(cdm::VideoPlane aPlane,
+ uint32_t aOffset) {
+ GMP_LOG_DEBUG("WidevineVideoFrame::SetPlaneOffset(%d, %" PRIu32 ") this=%p",
+ aPlane, aOffset, this);
+ mPlaneOffsets[aPlane] = aOffset;
+}
+
+uint32_t WidevineVideoFrame::PlaneOffset(cdm::VideoPlane aPlane) {
+ return mPlaneOffsets[aPlane];
+}
+
+void WidevineVideoFrame::SetStride(cdm::VideoPlane aPlane, uint32_t aStride) {
+ GMP_LOG_DEBUG("WidevineVideoFrame::SetStride(%d, %" PRIu32 ") this=%p",
+ aPlane, aStride, this);
+ mPlaneStrides[aPlane] = aStride;
+}
+
+uint32_t WidevineVideoFrame::Stride(cdm::VideoPlane aPlane) {
+ return mPlaneStrides[aPlane];
+}
+
+void WidevineVideoFrame::SetTimestamp(int64_t timestamp) {
+ GMP_LOG_DEBUG("WidevineVideoFrame::SetTimestamp(%" PRId64 ") this=%p",
+ timestamp, this);
+ mTimestamp = timestamp;
+}
+
+int64_t WidevineVideoFrame::Timestamp() const { return mTimestamp; }
+
+bool WidevineVideoFrame::InitToBlack(int32_t aWidth, int32_t aHeight,
+ int64_t aTimeStamp) {
+ if (NS_WARN_IF(aWidth < 0 || aHeight < 0)) {
+ MOZ_ASSERT_UNREACHABLE("Frame dimensions should be positive");
+ return false;
+ }
+
+ const uint32_t halfWidth = (uint32_t(aWidth) + 1) / 2;
+ CheckedInt<size_t> ySizeChk = aWidth;
+ ySizeChk *= aHeight;
+ CheckedInt<size_t> uSizeChk = halfWidth;
+ uSizeChk *= (uint32_t(aHeight) + 1) / 2;
+ CheckedInt<size_t> yuSizeChk = ySizeChk + uSizeChk;
+ if (NS_WARN_IF(!yuSizeChk.isValid())) {
+ return false;
+ }
+
+ WidevineBuffer* buffer = new WidevineBuffer(yuSizeChk.value());
+ const size_t ySize = ySizeChk.value();
+ const size_t uSize = uSizeChk.value();
+ // Black in YCbCr is (0,128,128).
+ memset(buffer->Data(), 0, ySize);
+ memset(buffer->Data() + ySize, 128, uSize);
+ if (mBuffer) {
+ mBuffer->Destroy();
+ mBuffer = nullptr;
+ }
+ SetFormat(cdm::VideoFormat::kI420);
+ SetSize(cdm::Size{aWidth, aHeight});
+ SetFrameBuffer(buffer);
+ SetPlaneOffset(cdm::VideoPlane::kYPlane, 0);
+ SetStride(cdm::VideoPlane::kYPlane, aWidth);
+ // Note: U and V planes are stored at the same place in order to
+ // save memory since their contents are the same.
+ SetPlaneOffset(cdm::VideoPlane::kUPlane, ySize);
+ SetStride(cdm::VideoPlane::kUPlane, halfWidth);
+ SetPlaneOffset(cdm::VideoPlane::kVPlane, ySize);
+ SetStride(cdm::VideoPlane::kVPlane, halfWidth);
+ SetTimestamp(aTimeStamp);
+ return true;
+}
+
+} // namespace mozilla
diff --git a/dom/media/gmp/widevine-adapter/WidevineVideoFrame.h b/dom/media/gmp/widevine-adapter/WidevineVideoFrame.h
new file mode 100644
index 0000000000..0ae65ac1e5
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/WidevineVideoFrame.h
@@ -0,0 +1,54 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef WidevineVideoFrame_h_
+#define WidevineVideoFrame_h_
+
+#include "stddef.h"
+#include "content_decryption_module.h"
+#include "mozilla/Attributes.h"
+#include <vector>
+
+namespace mozilla {
+
+class WidevineVideoFrame : public cdm::VideoFrame {
+ public:
+ WidevineVideoFrame();
+ WidevineVideoFrame(WidevineVideoFrame&& other);
+ ~WidevineVideoFrame();
+
+ void SetFormat(cdm::VideoFormat aFormat) override;
+ cdm::VideoFormat Format() const override;
+
+ void SetSize(cdm::Size aSize) override;
+ cdm::Size Size() const override;
+
+ void SetFrameBuffer(cdm::Buffer* aFrameBuffer) override;
+ cdm::Buffer* FrameBuffer() override;
+
+ void SetPlaneOffset(cdm::VideoPlane aPlane, uint32_t aOffset) override;
+ uint32_t PlaneOffset(cdm::VideoPlane aPlane) override;
+
+ void SetStride(cdm::VideoPlane aPlane, uint32_t aStride) override;
+ uint32_t Stride(cdm::VideoPlane aPlane) override;
+
+ void SetTimestamp(int64_t aTimestamp) override;
+ int64_t Timestamp() const override;
+
+ [[nodiscard]] bool InitToBlack(int32_t aWidth, int32_t aHeight,
+ int64_t aTimeStamp);
+
+ protected:
+ cdm::VideoFormat mFormat;
+ cdm::Size mSize;
+ cdm::Buffer* mBuffer;
+ uint32_t mPlaneOffsets[cdm::VideoPlane::kMaxPlanes];
+ uint32_t mPlaneStrides[cdm::VideoPlane::kMaxPlanes];
+ int64_t mTimestamp;
+};
+
+} // namespace mozilla
+
+#endif
diff --git a/dom/media/gmp/widevine-adapter/content_decryption_module.h b/dom/media/gmp/widevine-adapter/content_decryption_module.h
new file mode 100644
index 0000000000..68fee35195
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/content_decryption_module.h
@@ -0,0 +1,1359 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CDM_CONTENT_DECRYPTION_MODULE_H_
+#define CDM_CONTENT_DECRYPTION_MODULE_H_
+
+#include <type_traits>
+
+#include "content_decryption_module_export.h"
+#include "content_decryption_module_proxy.h"
+
+#if defined(_MSC_VER)
+typedef unsigned char uint8_t;
+typedef unsigned int uint32_t;
+typedef int int32_t;
+typedef __int64 int64_t;
+#else
+# include <stdint.h>
+#endif
+
+// The version number must be rolled when the exported functions are updated!
+// If the CDM and the adapter use different versions of these functions, the
+// adapter will fail to load or crash!
+#define CDM_MODULE_VERSION 4
+
+// Build the versioned entrypoint name.
+// The extra macros are necessary to expand version to an actual value.
+#define INITIALIZE_CDM_MODULE \
+ BUILD_ENTRYPOINT(InitializeCdmModule, CDM_MODULE_VERSION)
+#define BUILD_ENTRYPOINT(name, version) \
+ BUILD_ENTRYPOINT_NO_EXPANSION(name, version)
+#define BUILD_ENTRYPOINT_NO_EXPANSION(name, version) name##_##version
+
+// Macro to check that |type| does the following:
+// 1. is a standard layout.
+// 2. is trivial.
+// 3. sizeof(type) matches the expected size in bytes. As some types contain
+// pointers, the size is specified for both 32 and 64 bit.
+#define CHECK_TYPE(type, size_32, size_64) \
+ static_assert(std::is_standard_layout<type>(), \
+ #type " not standard_layout"); \
+ static_assert(std::is_trivial<type>(), #type " not trivial"); \
+ static_assert((sizeof(void*) == 4 && sizeof(type) == size_32) || \
+ (sizeof(void*) == 8 && sizeof(type) == size_64), \
+ #type " size mismatch")
+
+extern "C" {
+
+CDM_API void INITIALIZE_CDM_MODULE();
+
+CDM_API void DeinitializeCdmModule();
+
+// Returns a pointer to the requested CDM Host interface upon success.
+// Returns NULL if the requested CDM Host interface is not supported.
+// The caller should cast the returned pointer to the type matching
+// |host_interface_version|.
+typedef void* (*GetCdmHostFunc)(int host_interface_version, void* user_data);
+
+// Returns a pointer to the requested CDM upon success.
+// Returns NULL if an error occurs or the requested |cdm_interface_version| or
+// |key_system| is not supported or another error occurs.
+// The caller should cast the returned pointer to the type matching
+// |cdm_interface_version|.
+// Caller retains ownership of arguments and must call Destroy() on the returned
+// object.
+CDM_API void* CreateCdmInstance(int cdm_interface_version,
+ const char* key_system,
+ uint32_t key_system_size,
+ GetCdmHostFunc get_cdm_host_func,
+ void* user_data);
+
+CDM_API const char* GetCdmVersion();
+
+} // extern "C"
+
+namespace cdm {
+
+enum Status : uint32_t {
+ kSuccess = 0,
+ kNeedMoreData, // Decoder needs more data to produce a decoded frame/sample.
+ kNoKey, // The required decryption key is not available.
+ kInitializationError, // Initialization error.
+ kDecryptError, // Decryption failed.
+ kDecodeError, // Error decoding audio or video.
+ kDeferredInitialization // Decoder is not ready for initialization.
+};
+CHECK_TYPE(Status, 4, 4);
+
+// Exceptions used by the CDM to reject promises.
+// https://w3c.github.io/encrypted-media/#exceptions
+enum Exception : uint32_t {
+ kExceptionTypeError,
+ kExceptionNotSupportedError,
+ kExceptionInvalidStateError,
+ kExceptionQuotaExceededError
+};
+CHECK_TYPE(Exception, 4, 4);
+
+// The encryption scheme. The definitions are from ISO/IEC 23001-7:2016.
+enum class EncryptionScheme : uint32_t {
+ kUnencrypted = 0,
+ kCenc, // 'cenc' subsample encryption using AES-CTR mode.
+ kCbcs // 'cbcs' pattern encryption using AES-CBC mode.
+};
+CHECK_TYPE(EncryptionScheme, 4, 4);
+
+// The pattern used for pattern encryption. Note that ISO/IEC 23001-7:2016
+// defines each block to be 16-bytes.
+struct Pattern {
+ uint32_t crypt_byte_block; // Count of the encrypted blocks.
+ uint32_t skip_byte_block; // Count of the unencrypted blocks.
+};
+CHECK_TYPE(Pattern, 8, 8);
+
+enum class ColorRange : uint8_t {
+ kInvalid,
+ kLimited, // 709 color range with RGB values ranging from 16 to 235.
+ kFull, // Full RGB color range with RGB values from 0 to 255.
+ kDerived // Range is defined by |transfer_id| and |matrix_id|.
+};
+CHECK_TYPE(ColorRange, 1, 1);
+
+// Described in ISO 23001-8:2016, section 7. All the IDs are in the range
+// [0, 255] so 8-bit integer is sufficient. An unspecified ColorSpace should be
+// {2, 2, 2, ColorRange::kInvalid}, where value 2 means "Unspecified" for all
+// the IDs, as defined by the spec.
+struct ColorSpace {
+ uint8_t primary_id; // 7.1 colour primaries, table 2
+ uint8_t transfer_id; // 7.2 transfer characteristics, table 3
+ uint8_t matrix_id; // 7.3 matrix coefficients, table 4
+ ColorRange range;
+};
+CHECK_TYPE(ColorSpace, 4, 4);
+
+// Time is defined as the number of seconds since the Epoch
+// (00:00:00 UTC, January 1, 1970), not including any added leap second.
+// Also see Time definition in spec: https://w3c.github.io/encrypted-media/#time
+// Note that Time is defined in millisecond accuracy in the spec but in second
+// accuracy here.
+typedef double Time;
+
+// An input buffer can be split into several continuous subsamples.
+// A SubsampleEntry specifies the number of clear and cipher bytes in each
+// subsample. For example, the following buffer has three subsamples:
+//
+// |<----- subsample1 ----->|<----- subsample2 ----->|<----- subsample3 ----->|
+// | clear1 | cipher1 | clear2 | cipher2 | clear3 | cipher3 |
+//
+// For decryption, all of the cipher bytes in a buffer should be concatenated
+// (in the subsample order) into a single logical stream. The clear bytes should
+// not be considered as part of decryption.
+//
+// Stream to decrypt: | cipher1 | cipher2 | cipher3 |
+// Decrypted stream: | decrypted1| decrypted2 | decrypted3 |
+//
+// After decryption, the decrypted bytes should be copied over the position
+// of the corresponding cipher bytes in the original buffer to form the output
+// buffer. Following the above example, the decrypted buffer should be:
+//
+// |<----- subsample1 ----->|<----- subsample2 ----->|<----- subsample3 ----->|
+// | clear1 | decrypted1| clear2 | decrypted2 | clear3 | decrypted3 |
+//
+struct SubsampleEntry {
+ uint32_t clear_bytes;
+ uint32_t cipher_bytes;
+};
+CHECK_TYPE(SubsampleEntry, 8, 8);
+
+// Represents an input buffer to be decrypted (and possibly decoded). It does
+// not own any pointers in this struct. If |encryption_scheme| = kUnencrypted,
+// the data is unencrypted.
+// Note that this struct is organized so that sizeof(InputBuffer_2)
+// equals the sum of sizeof() all members in both 32-bit and 64-bit compiles.
+// Padding has been added to keep the fields aligned.
+struct InputBuffer_2 {
+ const uint8_t* data; // Pointer to the beginning of the input data.
+ uint32_t data_size; // Size (in bytes) of |data|.
+
+ EncryptionScheme encryption_scheme;
+
+ const uint8_t* key_id; // Key ID to identify the decryption key.
+ uint32_t key_id_size; // Size (in bytes) of |key_id|.
+ uint32_t : 32; // Padding.
+
+ const uint8_t* iv; // Initialization vector.
+ uint32_t iv_size; // Size (in bytes) of |iv|.
+ uint32_t : 32; // Padding.
+
+ const struct SubsampleEntry* subsamples;
+ uint32_t num_subsamples; // Number of subsamples in |subsamples|.
+ uint32_t : 32; // Padding.
+
+ // |pattern| is required if |encryption_scheme| specifies pattern encryption.
+ Pattern pattern;
+
+ int64_t timestamp; // Presentation timestamp in microseconds.
+};
+CHECK_TYPE(InputBuffer_2, 64, 80);
+
+enum AudioCodec : uint32_t { kUnknownAudioCodec = 0, kCodecVorbis, kCodecAac };
+CHECK_TYPE(AudioCodec, 4, 4);
+
+struct AudioDecoderConfig_2 {
+ AudioCodec codec;
+ int32_t channel_count;
+ int32_t bits_per_channel;
+ int32_t samples_per_second;
+
+ // Optional byte data required to initialize audio decoders, such as the
+ // vorbis setup header.
+ uint8_t* extra_data;
+ uint32_t extra_data_size;
+
+ // Encryption scheme.
+ EncryptionScheme encryption_scheme;
+};
+CHECK_TYPE(AudioDecoderConfig_2, 28, 32);
+
+// Supported sample formats for AudioFrames.
+enum AudioFormat : uint32_t {
+ kUnknownAudioFormat = 0, // Unknown format value. Used for error reporting.
+ kAudioFormatU8, // Interleaved unsigned 8-bit w/ bias of 128.
+ kAudioFormatS16, // Interleaved signed 16-bit.
+ kAudioFormatS32, // Interleaved signed 32-bit.
+ kAudioFormatF32, // Interleaved float 32-bit.
+ kAudioFormatPlanarS16, // Signed 16-bit planar.
+ kAudioFormatPlanarF32, // Float 32-bit planar.
+};
+CHECK_TYPE(AudioFormat, 4, 4);
+
+// Surface formats based on FOURCC labels, see: http://www.fourcc.org/yuv.php
+// Values are chosen to be consistent with Chromium's VideoPixelFormat values.
+enum VideoFormat : uint32_t {
+ kUnknownVideoFormat = 0, // Unknown format value. Used for error reporting.
+ kYv12 = 1, // 12bpp YVU planar 1x1 Y, 2x2 VU samples.
+ kI420 = 2, // 12bpp YUV planar 1x1 Y, 2x2 UV samples.
+
+ // In the following formats, each sample uses 16-bit in storage, while the
+ // sample value is stored in the least significant N bits where N is
+ // specified by the number after "P". For example, for YUV420P9, each Y, U,
+ // and V sample is stored in the least significant 9 bits in a 2-byte block.
+ kYUV420P9 = 16,
+ kYUV420P10 = 17,
+ kYUV422P9 = 18,
+ kYUV422P10 = 19,
+ kYUV444P9 = 20,
+ kYUV444P10 = 21,
+ kYUV420P12 = 22,
+ kYUV422P12 = 23,
+ kYUV444P12 = 24,
+};
+CHECK_TYPE(VideoFormat, 4, 4);
+
+struct Size {
+ int32_t width;
+ int32_t height;
+};
+CHECK_TYPE(Size, 8, 8);
+
+enum VideoCodec : uint32_t {
+ kUnknownVideoCodec = 0,
+ kCodecVp8,
+ kCodecH264,
+ kCodecVp9,
+ kCodecAv1
+};
+CHECK_TYPE(VideoCodec, 4, 4);
+
+enum VideoCodecProfile : uint32_t {
+ kUnknownVideoCodecProfile = 0,
+ kProfileNotNeeded,
+ kH264ProfileBaseline,
+ kH264ProfileMain,
+ kH264ProfileExtended,
+ kH264ProfileHigh,
+ kH264ProfileHigh10,
+ kH264ProfileHigh422,
+ kH264ProfileHigh444Predictive,
+ kVP9Profile0,
+ kVP9Profile1,
+ kVP9Profile2,
+ kVP9Profile3,
+ kAv1ProfileMain,
+ kAv1ProfileHigh,
+ kAv1ProfilePro
+};
+CHECK_TYPE(VideoCodecProfile, 4, 4);
+
+// Deprecated: New CDM implementations should use VideoDecoderConfig_3.
+// Note that this struct is organized so that sizeof(VideoDecoderConfig_2)
+// equals the sum of sizeof() all members in both 32-bit and 64-bit compiles.
+// Padding has been added to keep the fields aligned.
+struct VideoDecoderConfig_2 {
+ VideoCodec codec;
+ VideoCodecProfile profile;
+ VideoFormat format;
+ uint32_t : 32; // Padding.
+
+ // Width and height of video frame immediately post-decode. Not all pixels
+ // in this region are valid.
+ Size coded_size;
+
+ // Optional byte data required to initialize video decoders, such as H.264
+ // AAVC data.
+ uint8_t* extra_data;
+ uint32_t extra_data_size;
+
+ // Encryption scheme.
+ EncryptionScheme encryption_scheme;
+};
+CHECK_TYPE(VideoDecoderConfig_2, 36, 40);
+
+struct VideoDecoderConfig_3 {
+ VideoCodec codec;
+ VideoCodecProfile profile;
+ VideoFormat format;
+ ColorSpace color_space;
+
+ // Width and height of video frame immediately post-decode. Not all pixels
+ // in this region are valid.
+ Size coded_size;
+
+ // Optional byte data required to initialize video decoders, such as H.264
+ // AAVC data.
+ uint8_t* extra_data;
+ uint32_t extra_data_size;
+
+ EncryptionScheme encryption_scheme;
+};
+CHECK_TYPE(VideoDecoderConfig_3, 36, 40);
+
+enum StreamType : uint32_t { kStreamTypeAudio = 0, kStreamTypeVideo = 1 };
+CHECK_TYPE(StreamType, 4, 4);
+
+// Structure provided to ContentDecryptionModule::OnPlatformChallengeResponse()
+// after a platform challenge was initiated via Host::SendPlatformChallenge().
+// All values will be NULL / zero in the event of a challenge failure.
+struct PlatformChallengeResponse {
+ // |challenge| provided during Host::SendPlatformChallenge() combined with
+ // nonce data and signed with the platform's private key.
+ const uint8_t* signed_data;
+ uint32_t signed_data_length;
+
+ // RSASSA-PKCS1-v1_5-SHA256 signature of the |signed_data| block.
+ const uint8_t* signed_data_signature;
+ uint32_t signed_data_signature_length;
+
+ // X.509 device specific certificate for the |service_id| requested.
+ const uint8_t* platform_key_certificate;
+ uint32_t platform_key_certificate_length;
+};
+CHECK_TYPE(PlatformChallengeResponse, 24, 48);
+
+// The current status of the associated key. The valid types are defined in the
+// spec: https://w3c.github.io/encrypted-media/#dom-mediakeystatus
+enum KeyStatus : uint32_t {
+ kUsable = 0,
+ kInternalError = 1,
+ kExpired = 2,
+ kOutputRestricted = 3,
+ kOutputDownscaled = 4,
+ kStatusPending = 5,
+ kReleased = 6
+};
+CHECK_TYPE(KeyStatus, 4, 4);
+
+// Used when passing arrays of key information. Does not own the referenced
+// data. |system_code| is an additional error code for unusable keys and
+// should be 0 when |status| == kUsable.
+struct KeyInformation {
+ const uint8_t* key_id;
+ uint32_t key_id_size;
+ KeyStatus status;
+ uint32_t system_code;
+};
+CHECK_TYPE(KeyInformation, 16, 24);
+
+// Supported output protection methods for use with EnableOutputProtection() and
+// returned by OnQueryOutputProtectionStatus().
+enum OutputProtectionMethods : uint32_t {
+ kProtectionNone = 0,
+ kProtectionHDCP = 1 << 0
+};
+CHECK_TYPE(OutputProtectionMethods, 4, 4);
+
+// Connected output link types returned by OnQueryOutputProtectionStatus().
+enum OutputLinkTypes : uint32_t {
+ kLinkTypeNone = 0,
+ kLinkTypeUnknown = 1 << 0,
+ kLinkTypeInternal = 1 << 1,
+ kLinkTypeVGA = 1 << 2,
+ kLinkTypeHDMI = 1 << 3,
+ kLinkTypeDVI = 1 << 4,
+ kLinkTypeDisplayPort = 1 << 5,
+ kLinkTypeNetwork = 1 << 6
+};
+CHECK_TYPE(OutputLinkTypes, 4, 4);
+
+// Result of the QueryOutputProtectionStatus() call.
+enum QueryResult : uint32_t { kQuerySucceeded = 0, kQueryFailed };
+CHECK_TYPE(QueryResult, 4, 4);
+
+// The Initialization Data Type. The valid types are defined in the spec:
+// https://w3c.github.io/encrypted-media/format-registry/initdata/index.html#registry
+enum InitDataType : uint32_t { kCenc = 0, kKeyIds = 1, kWebM = 2 };
+CHECK_TYPE(InitDataType, 4, 4);
+
+// The type of session to create. The valid types are defined in the spec:
+// https://w3c.github.io/encrypted-media/#dom-mediakeysessiontype
+enum SessionType : uint32_t {
+ kTemporary = 0,
+ kPersistentLicense = 1,
+ kPersistentUsageRecord = 2
+};
+CHECK_TYPE(SessionType, 4, 4);
+
+// The type of the message event. The valid types are defined in the spec:
+// https://w3c.github.io/encrypted-media/#dom-mediakeymessagetype
+enum MessageType : uint32_t {
+ kLicenseRequest = 0,
+ kLicenseRenewal = 1,
+ kLicenseRelease = 2,
+ kIndividualizationRequest = 3
+};
+CHECK_TYPE(MessageType, 4, 4);
+
+enum HdcpVersion : uint32_t {
+ kHdcpVersionNone,
+ kHdcpVersion1_0,
+ kHdcpVersion1_1,
+ kHdcpVersion1_2,
+ kHdcpVersion1_3,
+ kHdcpVersion1_4,
+ kHdcpVersion2_0,
+ kHdcpVersion2_1,
+ kHdcpVersion2_2,
+ kHdcpVersion2_3
+};
+CHECK_TYPE(HdcpVersion, 4, 4);
+
+struct Policy {
+ HdcpVersion min_hdcp_version;
+};
+CHECK_TYPE(Policy, 4, 4);
+
+// Represents a buffer created by Allocator implementations.
+class CDM_CLASS_API Buffer {
+ public:
+ // Destroys the buffer in the same context as it was created.
+ virtual void Destroy() = 0;
+
+ virtual uint32_t Capacity() const = 0;
+ virtual uint8_t* Data() = 0;
+ virtual void SetSize(uint32_t size) = 0;
+ virtual uint32_t Size() const = 0;
+
+ protected:
+ Buffer() {}
+ virtual ~Buffer() {}
+
+ private:
+ Buffer(const Buffer&);
+ void operator=(const Buffer&);
+};
+
+// Represents a decrypted block that has not been decoded.
+class CDM_CLASS_API DecryptedBlock {
+ public:
+ virtual void SetDecryptedBuffer(Buffer* buffer) = 0;
+ virtual Buffer* DecryptedBuffer() = 0;
+
+ // TODO(tomfinegan): Figure out if timestamp is really needed. If it is not,
+ // we can just pass Buffer pointers around.
+ virtual void SetTimestamp(int64_t timestamp) = 0;
+ virtual int64_t Timestamp() const = 0;
+
+ protected:
+ DecryptedBlock() {}
+ virtual ~DecryptedBlock() {}
+};
+
+enum VideoPlane : uint32_t {
+ kYPlane = 0,
+ kUPlane = 1,
+ kVPlane = 2,
+ kMaxPlanes = 3,
+};
+CHECK_TYPE(VideoPlane, 4, 4);
+
+class CDM_CLASS_API VideoFrame {
+ public:
+ virtual void SetFormat(VideoFormat format) = 0;
+ virtual VideoFormat Format() const = 0;
+
+ virtual void SetSize(cdm::Size size) = 0;
+ virtual cdm::Size Size() const = 0;
+
+ virtual void SetFrameBuffer(Buffer* frame_buffer) = 0;
+ virtual Buffer* FrameBuffer() = 0;
+
+ virtual void SetPlaneOffset(VideoPlane plane, uint32_t offset) = 0;
+ virtual uint32_t PlaneOffset(VideoPlane plane) = 0;
+
+ virtual void SetStride(VideoPlane plane, uint32_t stride) = 0;
+ virtual uint32_t Stride(VideoPlane plane) = 0;
+
+ // Sets and gets the presentation timestamp which is in microseconds.
+ virtual void SetTimestamp(int64_t timestamp) = 0;
+ virtual int64_t Timestamp() const = 0;
+
+ protected:
+ VideoFrame() {}
+ virtual ~VideoFrame() {}
+};
+
+// Represents a decoded video frame. The CDM should call the interface methods
+// to set the frame attributes. See DecryptAndDecodeFrame().
+class CDM_CLASS_API VideoFrame_2 {
+ public:
+ virtual void SetFormat(VideoFormat format) = 0;
+ virtual void SetSize(cdm::Size size) = 0;
+ virtual void SetFrameBuffer(Buffer* frame_buffer) = 0;
+ virtual void SetPlaneOffset(VideoPlane plane, uint32_t offset) = 0;
+ virtual void SetStride(VideoPlane plane, uint32_t stride) = 0;
+ // Sets the presentation timestamp which is in microseconds.
+ virtual void SetTimestamp(int64_t timestamp) = 0;
+ virtual void SetColorSpace(ColorSpace color_space) = 0;
+
+ protected:
+ VideoFrame_2() {}
+ virtual ~VideoFrame_2() {}
+};
+
+// Represents decrypted and decoded audio frames. AudioFrames can contain
+// multiple audio output buffers, which are serialized into this format:
+//
+// |<------------------- serialized audio buffer ------------------->|
+// | int64_t timestamp | int64_t length | length bytes of audio data |
+//
+// For example, with three audio output buffers, the AudioFrames will look
+// like this:
+//
+// |<----------------- AudioFrames ------------------>|
+// | audio buffer 0 | audio buffer 1 | audio buffer 2 |
+class CDM_CLASS_API AudioFrames {
+ public:
+ virtual void SetFrameBuffer(Buffer* buffer) = 0;
+ virtual Buffer* FrameBuffer() = 0;
+
+ // The CDM must call this method, providing a valid format, when providing
+ // frame buffers. Planar data should be stored end to end; e.g.,
+ // |ch1 sample1||ch1 sample2|....|ch1 sample_last||ch2 sample1|...
+ virtual void SetFormat(AudioFormat format) = 0;
+ virtual AudioFormat Format() const = 0;
+
+ protected:
+ AudioFrames() {}
+ virtual ~AudioFrames() {}
+};
+
+// FileIO interface provides a way for the CDM to store data in a file in
+// persistent storage. This interface aims only at providing basic read/write
+// capabilities and should not be used as a full fledged file IO API.
+// Each CDM and origin (e.g. HTTPS, "foo.example.com", 443) combination has
+// its own persistent storage. All instances of a given CDM associated with a
+// given origin share the same persistent storage.
+// Note to implementors of this interface:
+// Per-origin storage and the ability for users to clear it are important.
+// See http://www.w3.org/TR/encrypted-media/#privacy-storedinfo.
+class CDM_CLASS_API FileIO {
+ public:
+ // Opens the file with |file_name| for read and write.
+ // FileIOClient::OnOpenComplete() will be called after the opening
+ // operation finishes.
+ // - When the file is opened by a CDM instance, it will be classified as "in
+ // use". In this case other CDM instances in the same domain may receive
+ // kInUse status when trying to open it.
+ // - |file_name| must only contain letters (A-Za-z), digits(0-9), or "._-".
+ // It must not start with an underscore ('_'), and must be at least 1
+ // character and no more than 256 characters long.
+ virtual void Open(const char* file_name, uint32_t file_name_size) = 0;
+
+ // Reads the contents of the file. FileIOClient::OnReadComplete() will be
+ // called with the read status. Read() should not be called if a previous
+ // Read() or Write() call is still pending; otherwise OnReadComplete() will
+ // be called with kInUse.
+ virtual void Read() = 0;
+
+ // Writes |data_size| bytes of |data| into the file.
+ // FileIOClient::OnWriteComplete() will be called with the write status.
+ // All existing contents in the file will be overwritten. Calling Write() with
+ // NULL |data| will clear all contents in the file. Write() should not be
+ // called if a previous Write() or Read() call is still pending; otherwise
+ // OnWriteComplete() will be called with kInUse.
+ virtual void Write(const uint8_t* data, uint32_t data_size) = 0;
+
+ // Closes the file if opened, destroys this FileIO object and releases any
+ // resources allocated. The CDM must call this method when it finished using
+ // this object. A FileIO object must not be used after Close() is called.
+ virtual void Close() = 0;
+
+ protected:
+ FileIO() {}
+ virtual ~FileIO() {}
+};
+
+// Responses to FileIO calls. All responses will be called asynchronously.
+// When kError is returned, the FileIO object could be in an error state. All
+// following calls (other than Close()) could return kError. The CDM should
+// still call Close() to destroy the FileIO object.
+class CDM_CLASS_API FileIOClient {
+ public:
+ enum class Status : uint32_t { kSuccess = 0, kInUse, kError };
+
+ // Response to a FileIO::Open() call with the open |status|.
+ virtual void OnOpenComplete(Status status) = 0;
+
+ // Response to a FileIO::Read() call to provide |data_size| bytes of |data|
+ // read from the file.
+ // - kSuccess indicates that all contents of the file has been successfully
+ // read. In this case, 0 |data_size| means that the file is empty.
+ // - kInUse indicates that there are other read/write operations pending.
+ // - kError indicates read failure, e.g. the storage is not open or cannot be
+ // fully read.
+ virtual void OnReadComplete(Status status, const uint8_t* data,
+ uint32_t data_size) = 0;
+
+ // Response to a FileIO::Write() call.
+ // - kSuccess indicates that all the data has been written into the file
+ // successfully.
+ // - kInUse indicates that there are other read/write operations pending.
+ // - kError indicates write failure, e.g. the storage is not open or cannot be
+ // fully written. Upon write failure, the contents of the file should be
+ // regarded as corrupt and should not used.
+ virtual void OnWriteComplete(Status status) = 0;
+
+ protected:
+ FileIOClient() {}
+ virtual ~FileIOClient() {}
+};
+
+class CDM_CLASS_API Host_10;
+class CDM_CLASS_API Host_11;
+
+// ContentDecryptionModule interface that all CDMs need to implement.
+// The interface is versioned for backward compatibility.
+// Note: ContentDecryptionModule implementations must use the allocator
+// provided in CreateCdmInstance() to allocate any Buffer that needs to
+// be passed back to the caller. Implementations must call Buffer::Destroy()
+// when a Buffer is created that will never be returned to the caller.
+class CDM_CLASS_API ContentDecryptionModule_10 {
+ public:
+ static const int kVersion = 10;
+ static const bool kIsStable = true;
+ typedef Host_10 Host;
+
+ // Initializes the CDM instance, providing information about permitted
+ // functionalities. The CDM must respond by calling Host::OnInitialized()
+ // with whether the initialization succeeded. No other calls will be made by
+ // the host before Host::OnInitialized() returns.
+ // If |allow_distinctive_identifier| is false, messages from the CDM,
+ // such as message events, must not contain a Distinctive Identifier,
+ // even in an encrypted form.
+ // If |allow_persistent_state| is false, the CDM must not attempt to
+ // persist state. Calls to CreateFileIO() will fail.
+ // If |use_hw_secure_codecs| is true, the CDM must ensure the decryption key
+ // and video buffers (compressed and uncompressed) are securely protected by
+ // hardware.
+ virtual void Initialize(bool allow_distinctive_identifier,
+ bool allow_persistent_state,
+ bool use_hw_secure_codecs) = 0;
+
+ // Gets the key status if the CDM has a hypothetical key with the |policy|.
+ // The CDM must respond by calling either Host::OnResolveKeyStatusPromise()
+ // with the result key status or Host::OnRejectPromise() if an unexpected
+ // error happened or this method is not supported.
+ virtual void GetStatusForPolicy(uint32_t promise_id,
+ const Policy& policy) = 0;
+
+ // SetServerCertificate(), CreateSessionAndGenerateRequest(), LoadSession(),
+ // UpdateSession(), CloseSession(), and RemoveSession() all accept a
+ // |promise_id|, which must be passed to the completion Host method
+ // (e.g. Host::OnResolveNewSessionPromise()).
+
+ // Provides a server certificate to be used to encrypt messages to the
+ // license server. The CDM must respond by calling either
+ // Host::OnResolvePromise() or Host::OnRejectPromise().
+ // If the CDM does not support server certificates, the promise should be
+ // rejected with kExceptionNotSupportedError. If |server_certificate_data|
+ // is empty, reject with kExceptionTypeError. Any other error should be
+ // rejected with kExceptionInvalidStateError or kExceptionQuotaExceededError.
+ // TODO(crbug.com/796417): Add support for the promise to return true or
+ // false, rather than using kExceptionNotSupportedError to mean false.
+ virtual void SetServerCertificate(uint32_t promise_id,
+ const uint8_t* server_certificate_data,
+ uint32_t server_certificate_data_size) = 0;
+
+ // Creates a session given |session_type|, |init_data_type|, and |init_data|.
+ // The CDM must respond by calling either Host::OnResolveNewSessionPromise()
+ // or Host::OnRejectPromise().
+ virtual void CreateSessionAndGenerateRequest(uint32_t promise_id,
+ SessionType session_type,
+ InitDataType init_data_type,
+ const uint8_t* init_data,
+ uint32_t init_data_size) = 0;
+
+ // Loads the session of type |session_type| specified by |session_id|.
+ // The CDM must respond by calling either Host::OnResolveNewSessionPromise()
+ // or Host::OnRejectPromise(). If the session is not found, call
+ // Host::OnResolveNewSessionPromise() with session_id = NULL.
+ virtual void LoadSession(uint32_t promise_id, SessionType session_type,
+ const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // Updates the session with |response|. The CDM must respond by calling
+ // either Host::OnResolvePromise() or Host::OnRejectPromise().
+ virtual void UpdateSession(uint32_t promise_id, const char* session_id,
+ uint32_t session_id_size, const uint8_t* response,
+ uint32_t response_size) = 0;
+
+ // Requests that the CDM close the session. The CDM must respond by calling
+ // either Host::OnResolvePromise() or Host::OnRejectPromise() when the request
+ // has been processed. This may be before the session is closed. Once the
+ // session is closed, Host::OnSessionClosed() must also be called.
+ virtual void CloseSession(uint32_t promise_id, const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // Removes any stored session data associated with this session. Will only be
+ // called for persistent sessions. The CDM must respond by calling either
+ // Host::OnResolvePromise() or Host::OnRejectPromise() when the request has
+ // been processed.
+ virtual void RemoveSession(uint32_t promise_id, const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // Performs scheduled operation with |context| when the timer fires.
+ virtual void TimerExpired(void* context) = 0;
+
+ // Decrypts the |encrypted_buffer|.
+ //
+ // Returns kSuccess if decryption succeeded, in which case the callee
+ // should have filled the |decrypted_buffer| and passed the ownership of
+ // |data| in |decrypted_buffer| to the caller.
+ // Returns kNoKey if the CDM did not have the necessary decryption key
+ // to decrypt.
+ // Returns kDecryptError if any other error happened.
+ // If the return value is not kSuccess, |decrypted_buffer| should be ignored
+ // by the caller.
+ virtual Status Decrypt(const InputBuffer_2& encrypted_buffer,
+ DecryptedBlock* decrypted_buffer) = 0;
+
+ // Initializes the CDM audio decoder with |audio_decoder_config|. This
+ // function must be called before DecryptAndDecodeSamples() is called.
+ //
+ // Returns kSuccess if the |audio_decoder_config| is supported and the CDM
+ // audio decoder is successfully initialized.
+ // Returns kInitializationError if |audio_decoder_config| is not supported.
+ // The CDM may still be able to do Decrypt().
+ // Returns kDeferredInitialization if the CDM is not ready to initialize the
+ // decoder at this time. Must call Host::OnDeferredInitializationDone() once
+ // initialization is complete.
+ virtual Status InitializeAudioDecoder(
+ const AudioDecoderConfig_2& audio_decoder_config) = 0;
+
+ // Initializes the CDM video decoder with |video_decoder_config|. This
+ // function must be called before DecryptAndDecodeFrame() is called.
+ //
+ // Returns kSuccess if the |video_decoder_config| is supported and the CDM
+ // video decoder is successfully initialized.
+ // Returns kInitializationError if |video_decoder_config| is not supported.
+ // The CDM may still be able to do Decrypt().
+ // Returns kDeferredInitialization if the CDM is not ready to initialize the
+ // decoder at this time. Must call Host::OnDeferredInitializationDone() once
+ // initialization is complete.
+ virtual Status InitializeVideoDecoder(
+ const VideoDecoderConfig_2& video_decoder_config) = 0;
+
+ // De-initializes the CDM decoder and sets it to an uninitialized state. The
+ // caller can initialize the decoder again after this call to re-initialize
+ // it. This can be used to reconfigure the decoder if the configuration
+ // changes.
+ virtual void DeinitializeDecoder(StreamType decoder_type) = 0;
+
+ // Resets the CDM decoder to an initialized clean state. All internal buffers
+ // MUST be flushed.
+ virtual void ResetDecoder(StreamType decoder_type) = 0;
+
+ // Decrypts the |encrypted_buffer| and decodes the decrypted buffer into a
+ // |video_frame|. Upon end-of-stream, the caller should call this function
+ // repeatedly with empty |encrypted_buffer| (|data| == NULL) until
+ // kNeedMoreData is returned.
+ //
+ // Returns kSuccess if decryption and decoding both succeeded, in which case
+ // the callee will have filled the |video_frame| and passed the ownership of
+ // |frame_buffer| in |video_frame| to the caller.
+ // Returns kNoKey if the CDM did not have the necessary decryption key
+ // to decrypt.
+ // Returns kNeedMoreData if more data was needed by the decoder to generate
+ // a decoded frame (e.g. during initialization and end-of-stream).
+ // Returns kDecryptError if any decryption error happened.
+ // Returns kDecodeError if any decoding error happened.
+ // If the return value is not kSuccess, |video_frame| should be ignored by
+ // the caller.
+ virtual Status DecryptAndDecodeFrame(const InputBuffer_2& encrypted_buffer,
+ VideoFrame* video_frame) = 0;
+
+ // Decrypts the |encrypted_buffer| and decodes the decrypted buffer into
+ // |audio_frames|. Upon end-of-stream, the caller should call this function
+ // repeatedly with empty |encrypted_buffer| (|data| == NULL) until only empty
+ // |audio_frames| is produced.
+ //
+ // Returns kSuccess if decryption and decoding both succeeded, in which case
+ // the callee will have filled |audio_frames| and passed the ownership of
+ // |data| in |audio_frames| to the caller.
+ // Returns kNoKey if the CDM did not have the necessary decryption key
+ // to decrypt.
+ // Returns kNeedMoreData if more data was needed by the decoder to generate
+ // audio samples (e.g. during initialization and end-of-stream).
+ // Returns kDecryptError if any decryption error happened.
+ // Returns kDecodeError if any decoding error happened.
+ // If the return value is not kSuccess, |audio_frames| should be ignored by
+ // the caller.
+ virtual Status DecryptAndDecodeSamples(const InputBuffer_2& encrypted_buffer,
+ AudioFrames* audio_frames) = 0;
+
+ // Called by the host after a platform challenge was initiated via
+ // Host::SendPlatformChallenge().
+ virtual void OnPlatformChallengeResponse(
+ const PlatformChallengeResponse& response) = 0;
+
+ // Called by the host after a call to Host::QueryOutputProtectionStatus(). The
+ // |link_mask| is a bit mask of OutputLinkTypes and |output_protection_mask|
+ // is a bit mask of OutputProtectionMethods. If |result| is kQueryFailed,
+ // then |link_mask| and |output_protection_mask| are undefined and should
+ // be ignored.
+ virtual void OnQueryOutputProtectionStatus(
+ QueryResult result, uint32_t link_mask,
+ uint32_t output_protection_mask) = 0;
+
+ // Called by the host after a call to Host::RequestStorageId(). If the
+ // version of the storage ID requested is available, |storage_id| and
+ // |storage_id_size| are set appropriately. |version| will be the same as
+ // what was requested, unless 0 (latest) was requested, in which case
+ // |version| will be the actual version number for the |storage_id| returned.
+ // If the requested version is not available, null/zero will be provided as
+ // |storage_id| and |storage_id_size|, respectively, and |version| should be
+ // ignored.
+ virtual void OnStorageId(uint32_t version, const uint8_t* storage_id,
+ uint32_t storage_id_size) = 0;
+
+ // Destroys the object in the same context as it was created.
+ virtual void Destroy() = 0;
+
+ protected:
+ ContentDecryptionModule_10() {}
+ virtual ~ContentDecryptionModule_10() {}
+};
+
+// ----- Note: CDM interface(s) below still in development and not stable! -----
+
+// ContentDecryptionModule interface that all CDMs need to implement.
+// The interface is versioned for backward compatibility.
+// Note: ContentDecryptionModule implementations must use the allocator
+// provided in CreateCdmInstance() to allocate any Buffer that needs to
+// be passed back to the caller. Implementations must call Buffer::Destroy()
+// when a Buffer is created that will never be returned to the caller.
+class CDM_CLASS_API ContentDecryptionModule_11 {
+ public:
+ static const int kVersion = 11;
+ static const bool kIsStable = false;
+ typedef Host_11 Host;
+
+ // Initializes the CDM instance, providing information about permitted
+ // functionalities. The CDM must respond by calling Host::OnInitialized()
+ // with whether the initialization succeeded. No other calls will be made by
+ // the host before Host::OnInitialized() returns.
+ // If |allow_distinctive_identifier| is false, messages from the CDM,
+ // such as message events, must not contain a Distinctive Identifier,
+ // even in an encrypted form.
+ // If |allow_persistent_state| is false, the CDM must not attempt to
+ // persist state. Calls to CreateFileIO() will fail.
+ // If |use_hw_secure_codecs| is true, the CDM must ensure the decryption key
+ // and video buffers (compressed and uncompressed) are securely protected by
+ // hardware.
+ virtual void Initialize(bool allow_distinctive_identifier,
+ bool allow_persistent_state,
+ bool use_hw_secure_codecs) = 0;
+
+ // Gets the key status if the CDM has a hypothetical key with the |policy|.
+ // The CDM must respond by calling either Host::OnResolveKeyStatusPromise()
+ // with the result key status or Host::OnRejectPromise() if an unexpected
+ // error happened or this method is not supported.
+ virtual void GetStatusForPolicy(uint32_t promise_id,
+ const Policy& policy) = 0;
+
+ // SetServerCertificate(), CreateSessionAndGenerateRequest(), LoadSession(),
+ // UpdateSession(), CloseSession(), and RemoveSession() all accept a
+ // |promise_id|, which must be passed to the completion Host method
+ // (e.g. Host::OnResolveNewSessionPromise()).
+
+ // Provides a server certificate to be used to encrypt messages to the
+ // license server. The CDM must respond by calling either
+ // Host::OnResolvePromise() or Host::OnRejectPromise().
+ // If the CDM does not support server certificates, the promise should be
+ // rejected with kExceptionNotSupportedError. If |server_certificate_data|
+ // is empty, reject with kExceptionTypeError. Any other error should be
+ // rejected with kExceptionInvalidStateError or kExceptionQuotaExceededError.
+ // TODO(crbug.com/796417): Add support for the promise to return true or
+ // false, rather than using kExceptionNotSupportedError to mean false.
+ virtual void SetServerCertificate(uint32_t promise_id,
+ const uint8_t* server_certificate_data,
+ uint32_t server_certificate_data_size) = 0;
+
+ // Creates a session given |session_type|, |init_data_type|, and |init_data|.
+ // The CDM must respond by calling either Host::OnResolveNewSessionPromise()
+ // or Host::OnRejectPromise().
+ virtual void CreateSessionAndGenerateRequest(uint32_t promise_id,
+ SessionType session_type,
+ InitDataType init_data_type,
+ const uint8_t* init_data,
+ uint32_t init_data_size) = 0;
+
+ // Loads the session of type |session_type| specified by |session_id|.
+ // The CDM must respond by calling either Host::OnResolveNewSessionPromise()
+ // or Host::OnRejectPromise(). If the session is not found, call
+ // Host::OnResolveNewSessionPromise() with session_id = NULL.
+ virtual void LoadSession(uint32_t promise_id, SessionType session_type,
+ const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // Updates the session with |response|. The CDM must respond by calling
+ // either Host::OnResolvePromise() or Host::OnRejectPromise().
+ virtual void UpdateSession(uint32_t promise_id, const char* session_id,
+ uint32_t session_id_size, const uint8_t* response,
+ uint32_t response_size) = 0;
+
+ // Requests that the CDM close the session. The CDM must respond by calling
+ // either Host::OnResolvePromise() or Host::OnRejectPromise() when the request
+ // has been processed. This may be before the session is closed. Once the
+ // session is closed, Host::OnSessionClosed() must also be called.
+ virtual void CloseSession(uint32_t promise_id, const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // Removes any stored session data associated with this session. Removes all
+ // license(s) and key(s) associated with the session, whether they are in
+ // memory, persistent store, or both. For persistent session types, other
+ // session data (e.g. record of license destruction) will be cleared as
+ // defined for each session type once a release message acknowledgment is
+ // processed by UpdateSession(). The CDM must respond by calling either
+ // Host::OnResolvePromise() or Host::OnRejectPromise() when the request has
+ // been processed.
+ virtual void RemoveSession(uint32_t promise_id, const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // Performs scheduled operation with |context| when the timer fires.
+ virtual void TimerExpired(void* context) = 0;
+
+ // Decrypts the |encrypted_buffer|.
+ //
+ // Returns kSuccess if decryption succeeded, in which case the callee
+ // should have filled the |decrypted_buffer| and passed the ownership of
+ // |data| in |decrypted_buffer| to the caller.
+ // Returns kNoKey if the CDM did not have the necessary decryption key
+ // to decrypt.
+ // Returns kDecryptError if any other error happened.
+ // If the return value is not kSuccess, |decrypted_buffer| should be ignored
+ // by the caller.
+ virtual Status Decrypt(const InputBuffer_2& encrypted_buffer,
+ DecryptedBlock* decrypted_buffer) = 0;
+
+ // Initializes the CDM audio decoder with |audio_decoder_config|. This
+ // function must be called before DecryptAndDecodeSamples() is called.
+ //
+ // Returns kSuccess if the |audio_decoder_config| is supported and the CDM
+ // audio decoder is successfully initialized.
+ // Returns kInitializationError if |audio_decoder_config| is not supported.
+ // The CDM may still be able to do Decrypt().
+ // Returns kDeferredInitialization if the CDM is not ready to initialize the
+ // decoder at this time. Must call Host::OnDeferredInitializationDone() once
+ // initialization is complete.
+ virtual Status InitializeAudioDecoder(
+ const AudioDecoderConfig_2& audio_decoder_config) = 0;
+
+ // Initializes the CDM video decoder with |video_decoder_config|. This
+ // function must be called before DecryptAndDecodeFrame() is called.
+ //
+ // Returns kSuccess if the |video_decoder_config| is supported and the CDM
+ // video decoder is successfully initialized.
+ // Returns kInitializationError if |video_decoder_config| is not supported.
+ // The CDM may still be able to do Decrypt().
+ // Returns kDeferredInitialization if the CDM is not ready to initialize the
+ // decoder at this time. Must call Host::OnDeferredInitializationDone() once
+ // initialization is complete.
+ virtual Status InitializeVideoDecoder(
+ const VideoDecoderConfig_3& video_decoder_config) = 0;
+
+ // De-initializes the CDM decoder and sets it to an uninitialized state. The
+ // caller can initialize the decoder again after this call to re-initialize
+ // it. This can be used to reconfigure the decoder if the configuration
+ // changes.
+ virtual void DeinitializeDecoder(StreamType decoder_type) = 0;
+
+ // Resets the CDM decoder to an initialized clean state. All internal buffers
+ // MUST be flushed.
+ virtual void ResetDecoder(StreamType decoder_type) = 0;
+
+ // Decrypts the |encrypted_buffer| and decodes the decrypted buffer into a
+ // |video_frame|. Upon end-of-stream, the caller should call this function
+ // repeatedly with empty |encrypted_buffer| (|data| == NULL) until
+ // kNeedMoreData is returned.
+ //
+ // Returns kSuccess if decryption and decoding both succeeded, in which case
+ // the callee will have filled the |video_frame| and passed the ownership of
+ // |frame_buffer| in |video_frame| to the caller.
+ // Returns kNoKey if the CDM did not have the necessary decryption key
+ // to decrypt.
+ // Returns kNeedMoreData if more data was needed by the decoder to generate
+ // a decoded frame (e.g. during initialization and end-of-stream).
+ // Returns kDecryptError if any decryption error happened.
+ // Returns kDecodeError if any decoding error happened.
+ // If the return value is not kSuccess, |video_frame| should be ignored by
+ // the caller.
+ virtual Status DecryptAndDecodeFrame(const InputBuffer_2& encrypted_buffer,
+ VideoFrame_2* video_frame) = 0;
+
+ // Decrypts the |encrypted_buffer| and decodes the decrypted buffer into
+ // |audio_frames|. Upon end-of-stream, the caller should call this function
+ // repeatedly with empty |encrypted_buffer| (|data| == NULL) until only empty
+ // |audio_frames| is produced.
+ //
+ // Returns kSuccess if decryption and decoding both succeeded, in which case
+ // the callee will have filled |audio_frames| and passed the ownership of
+ // |data| in |audio_frames| to the caller.
+ // Returns kNoKey if the CDM did not have the necessary decryption key
+ // to decrypt.
+ // Returns kNeedMoreData if more data was needed by the decoder to generate
+ // audio samples (e.g. during initialization and end-of-stream).
+ // Returns kDecryptError if any decryption error happened.
+ // Returns kDecodeError if any decoding error happened.
+ // If the return value is not kSuccess, |audio_frames| should be ignored by
+ // the caller.
+ virtual Status DecryptAndDecodeSamples(const InputBuffer_2& encrypted_buffer,
+ AudioFrames* audio_frames) = 0;
+
+ // Called by the host after a platform challenge was initiated via
+ // Host::SendPlatformChallenge().
+ virtual void OnPlatformChallengeResponse(
+ const PlatformChallengeResponse& response) = 0;
+
+ // Called by the host after a call to Host::QueryOutputProtectionStatus(). The
+ // |link_mask| is a bit mask of OutputLinkTypes and |output_protection_mask|
+ // is a bit mask of OutputProtectionMethods. If |result| is kQueryFailed,
+ // then |link_mask| and |output_protection_mask| are undefined and should
+ // be ignored.
+ virtual void OnQueryOutputProtectionStatus(
+ QueryResult result, uint32_t link_mask,
+ uint32_t output_protection_mask) = 0;
+
+ // Called by the host after a call to Host::RequestStorageId(). If the
+ // version of the storage ID requested is available, |storage_id| and
+ // |storage_id_size| are set appropriately. |version| will be the same as
+ // what was requested, unless 0 (latest) was requested, in which case
+ // |version| will be the actual version number for the |storage_id| returned.
+ // If the requested version is not available, null/zero will be provided as
+ // |storage_id| and |storage_id_size|, respectively, and |version| should be
+ // ignored.
+ virtual void OnStorageId(uint32_t version, const uint8_t* storage_id,
+ uint32_t storage_id_size) = 0;
+
+ // Destroys the object in the same context as it was created.
+ virtual void Destroy() = 0;
+
+ protected:
+ ContentDecryptionModule_11() {}
+ virtual ~ContentDecryptionModule_11() {}
+};
+
+class CDM_CLASS_API Host_10 {
+ public:
+ static const int kVersion = 10;
+
+ // Returns a Buffer* containing non-zero members upon success, or NULL on
+ // failure. The caller owns the Buffer* after this call. The buffer is not
+ // guaranteed to be zero initialized. The capacity of the allocated Buffer
+ // is guaranteed to be not less than |capacity|.
+ virtual Buffer* Allocate(uint32_t capacity) = 0;
+
+ // Requests the host to call ContentDecryptionModule::TimerFired() |delay_ms|
+ // from now with |context|.
+ virtual void SetTimer(int64_t delay_ms, void* context) = 0;
+
+ // Returns the current wall time.
+ virtual Time GetCurrentWallTime() = 0;
+
+ // Called by the CDM with the result after the CDM instance was initialized.
+ virtual void OnInitialized(bool success) = 0;
+
+ // Called by the CDM when a key status is available in response to
+ // GetStatusForPolicy().
+ virtual void OnResolveKeyStatusPromise(uint32_t promise_id,
+ KeyStatus key_status) = 0;
+
+ // Called by the CDM when a session is created or loaded and the value for the
+ // MediaKeySession's sessionId attribute is available (|session_id|).
+ // This must be called before OnSessionMessage() or
+ // OnSessionKeysChange() is called for the same session. |session_id_size|
+ // should not include null termination.
+ // When called in response to LoadSession(), the |session_id| must be the
+ // same as the |session_id| passed in LoadSession(), or NULL if the
+ // session could not be loaded.
+ virtual void OnResolveNewSessionPromise(uint32_t promise_id,
+ const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // Called by the CDM when a session is updated or released.
+ virtual void OnResolvePromise(uint32_t promise_id) = 0;
+
+ // Called by the CDM when an error occurs as a result of one of the
+ // ContentDecryptionModule calls that accept a |promise_id|.
+ // |exception| must be specified. |error_message| and |system_code|
+ // are optional. |error_message_size| should not include null termination.
+ virtual void OnRejectPromise(uint32_t promise_id, Exception exception,
+ uint32_t system_code, const char* error_message,
+ uint32_t error_message_size) = 0;
+
+ // Called by the CDM when it has a message for session |session_id|.
+ // Size parameters should not include null termination.
+ virtual void OnSessionMessage(const char* session_id,
+ uint32_t session_id_size,
+ MessageType message_type, const char* message,
+ uint32_t message_size) = 0;
+
+ // Called by the CDM when there has been a change in keys or their status for
+ // session |session_id|. |has_additional_usable_key| should be set if a
+ // key is newly usable (e.g. new key available, previously expired key has
+ // been renewed, etc.) and the browser should attempt to resume playback.
+ // |keys_info| is the list of key IDs for this session along with their
+ // current status. |keys_info_count| is the number of entries in |keys_info|.
+ // Size parameter for |session_id| should not include null termination.
+ virtual void OnSessionKeysChange(const char* session_id,
+ uint32_t session_id_size,
+ bool has_additional_usable_key,
+ const KeyInformation* keys_info,
+ uint32_t keys_info_count) = 0;
+
+ // Called by the CDM when there has been a change in the expiration time for
+ // session |session_id|. This can happen as the result of an Update() call
+ // or some other event. If this happens as a result of a call to Update(),
+ // it must be called before resolving the Update() promise. |new_expiry_time|
+ // represents the time after which the key(s) in the session will no longer
+ // be usable for decryption. It can be 0 if no such time exists or if the
+ // license explicitly never expires. Size parameter should not include null
+ // termination.
+ virtual void OnExpirationChange(const char* session_id,
+ uint32_t session_id_size,
+ Time new_expiry_time) = 0;
+
+ // Called by the CDM when session |session_id| is closed. Size
+ // parameter should not include null termination.
+ virtual void OnSessionClosed(const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // The following are optional methods that may not be implemented on all
+ // platforms.
+
+ // Sends a platform challenge for the given |service_id|. |challenge| is at
+ // most 256 bits of data to be signed. Once the challenge has been completed,
+ // the host will call ContentDecryptionModule::OnPlatformChallengeResponse()
+ // with the signed challenge response and platform certificate. Size
+ // parameters should not include null termination.
+ virtual void SendPlatformChallenge(const char* service_id,
+ uint32_t service_id_size,
+ const char* challenge,
+ uint32_t challenge_size) = 0;
+
+ // Attempts to enable output protection (e.g. HDCP) on the display link. The
+ // |desired_protection_mask| is a bit mask of OutputProtectionMethods. No
+ // status callback is issued, the CDM must call QueryOutputProtectionStatus()
+ // periodically to ensure the desired protections are applied.
+ virtual void EnableOutputProtection(uint32_t desired_protection_mask) = 0;
+
+ // Requests the current output protection status. Once the host has the status
+ // it will call ContentDecryptionModule::OnQueryOutputProtectionStatus().
+ virtual void QueryOutputProtectionStatus() = 0;
+
+ // Must be called by the CDM if it returned kDeferredInitialization during
+ // InitializeAudioDecoder() or InitializeVideoDecoder().
+ virtual void OnDeferredInitializationDone(StreamType stream_type,
+ Status decoder_status) = 0;
+
+ // Creates a FileIO object from the host to do file IO operation. Returns NULL
+ // if a FileIO object cannot be obtained. Once a valid FileIO object is
+ // returned, |client| must be valid until FileIO::Close() is called. The
+ // CDM can call this method multiple times to operate on different files.
+ virtual FileIO* CreateFileIO(FileIOClient* client) = 0;
+
+ // Requests a specific version of the storage ID. A storage ID is a stable,
+ // device specific ID used by the CDM to securely store persistent data. The
+ // ID will be returned by the host via ContentDecryptionModule::OnStorageId().
+ // If |version| is 0, the latest version will be returned. All |version|s
+ // that are greater than or equal to 0x80000000 are reserved for the CDM and
+ // should not be supported or returned by the host. The CDM must not expose
+ // the ID outside the client device, even in encrypted form.
+ virtual void RequestStorageId(uint32_t version) = 0;
+
+ protected:
+ Host_10() {}
+ virtual ~Host_10() {}
+};
+
+class CDM_CLASS_API Host_11 {
+ public:
+ static const int kVersion = 11;
+
+ // Returns a Buffer* containing non-zero members upon success, or NULL on
+ // failure. The caller owns the Buffer* after this call. The buffer is not
+ // guaranteed to be zero initialized. The capacity of the allocated Buffer
+ // is guaranteed to be not less than |capacity|.
+ virtual Buffer* Allocate(uint32_t capacity) = 0;
+
+ // Requests the host to call ContentDecryptionModule::TimerFired() |delay_ms|
+ // from now with |context|.
+ virtual void SetTimer(int64_t delay_ms, void* context) = 0;
+
+ // Returns the current wall time.
+ virtual Time GetCurrentWallTime() = 0;
+
+ // Called by the CDM with the result after the CDM instance was initialized.
+ virtual void OnInitialized(bool success) = 0;
+
+ // Called by the CDM when a key status is available in response to
+ // GetStatusForPolicy().
+ virtual void OnResolveKeyStatusPromise(uint32_t promise_id,
+ KeyStatus key_status) = 0;
+
+ // Called by the CDM when a session is created or loaded and the value for the
+ // MediaKeySession's sessionId attribute is available (|session_id|).
+ // This must be called before OnSessionMessage() or
+ // OnSessionKeysChange() is called for the same session. |session_id_size|
+ // should not include null termination.
+ // When called in response to LoadSession(), the |session_id| must be the
+ // same as the |session_id| passed in LoadSession(), or NULL if the
+ // session could not be loaded.
+ virtual void OnResolveNewSessionPromise(uint32_t promise_id,
+ const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // Called by the CDM when a session is updated or released.
+ virtual void OnResolvePromise(uint32_t promise_id) = 0;
+
+ // Called by the CDM when an error occurs as a result of one of the
+ // ContentDecryptionModule calls that accept a |promise_id|.
+ // |exception| must be specified. |error_message| and |system_code|
+ // are optional. |error_message_size| should not include null termination.
+ virtual void OnRejectPromise(uint32_t promise_id, Exception exception,
+ uint32_t system_code, const char* error_message,
+ uint32_t error_message_size) = 0;
+
+ // Called by the CDM when it has a message for session |session_id|.
+ // Size parameters should not include null termination.
+ virtual void OnSessionMessage(const char* session_id,
+ uint32_t session_id_size,
+ MessageType message_type, const char* message,
+ uint32_t message_size) = 0;
+
+ // Called by the CDM when there has been a change in keys or their status for
+ // session |session_id|. |has_additional_usable_key| should be set if a
+ // key is newly usable (e.g. new key available, previously expired key has
+ // been renewed, etc.) and the browser should attempt to resume playback.
+ // |keys_info| is the list of key IDs for this session along with their
+ // current status. |keys_info_count| is the number of entries in |keys_info|.
+ // Size parameter for |session_id| should not include null termination.
+ virtual void OnSessionKeysChange(const char* session_id,
+ uint32_t session_id_size,
+ bool has_additional_usable_key,
+ const KeyInformation* keys_info,
+ uint32_t keys_info_count) = 0;
+
+ // Called by the CDM when there has been a change in the expiration time for
+ // session |session_id|. This can happen as the result of an Update() call
+ // or some other event. If this happens as a result of a call to Update(),
+ // it must be called before resolving the Update() promise. |new_expiry_time|
+ // represents the time after which the key(s) in the session will no longer
+ // be usable for decryption. It can be 0 if no such time exists or if the
+ // license explicitly never expires. Size parameter should not include null
+ // termination.
+ virtual void OnExpirationChange(const char* session_id,
+ uint32_t session_id_size,
+ Time new_expiry_time) = 0;
+
+ // Called by the CDM when session |session_id| is closed. Size
+ // parameter should not include null termination.
+ virtual void OnSessionClosed(const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // The following are optional methods that may not be implemented on all
+ // platforms.
+
+ // Sends a platform challenge for the given |service_id|. |challenge| is at
+ // most 256 bits of data to be signed. Once the challenge has been completed,
+ // the host will call ContentDecryptionModule::OnPlatformChallengeResponse()
+ // with the signed challenge response and platform certificate. Size
+ // parameters should not include null termination.
+ virtual void SendPlatformChallenge(const char* service_id,
+ uint32_t service_id_size,
+ const char* challenge,
+ uint32_t challenge_size) = 0;
+
+ // Attempts to enable output protection (e.g. HDCP) on the display link. The
+ // |desired_protection_mask| is a bit mask of OutputProtectionMethods. No
+ // status callback is issued, the CDM must call QueryOutputProtectionStatus()
+ // periodically to ensure the desired protections are applied.
+ virtual void EnableOutputProtection(uint32_t desired_protection_mask) = 0;
+
+ // Requests the current output protection status. Once the host has the status
+ // it will call ContentDecryptionModule::OnQueryOutputProtectionStatus().
+ virtual void QueryOutputProtectionStatus() = 0;
+
+ // Must be called by the CDM if it returned kDeferredInitialization during
+ // InitializeAudioDecoder() or InitializeVideoDecoder().
+ virtual void OnDeferredInitializationDone(StreamType stream_type,
+ Status decoder_status) = 0;
+
+ // Creates a FileIO object from the host to do file IO operation. Returns NULL
+ // if a FileIO object cannot be obtained. Once a valid FileIO object is
+ // returned, |client| must be valid until FileIO::Close() is called. The
+ // CDM can call this method multiple times to operate on different files.
+ virtual FileIO* CreateFileIO(FileIOClient* client) = 0;
+
+ // Requests a CdmProxy that proxies part of CDM functionalities to a different
+ // entity, e.g. a hardware CDM module. A CDM instance can have at most one
+ // CdmProxy throughout its lifetime, which must be requested and initialized
+ // during CDM instance initialization time, i.e. in or after CDM::Initialize()
+ // and before OnInitialized() is called, to ensure proper connection of the
+ // CdmProxy and the media player (e.g. hardware decoder). The CdmProxy is
+ // owned by the host and is guaranteed to be valid throughout the CDM
+ // instance's lifetime. The CDM must ensure that the |client| remain valid
+ // before the CDM instance is destroyed. Returns null if CdmProxy is not
+ // supported, called before CDM::Initialize(), RequestCdmProxy() is called
+ // more than once, or called after the CDM instance has been initialized.
+ virtual CdmProxy* RequestCdmProxy(CdmProxyClient* client) = 0;
+
+ // Requests a specific version of the storage ID. A storage ID is a stable,
+ // device specific ID used by the CDM to securely store persistent data. The
+ // ID will be returned by the host via ContentDecryptionModule::OnStorageId().
+ // If |version| is 0, the latest version will be returned. All |version|s
+ // that are greater than or equal to 0x80000000 are reserved for the CDM and
+ // should not be supported or returned by the host. The CDM must not expose
+ // the ID outside the client device, even in encrypted form.
+ virtual void RequestStorageId(uint32_t version) = 0;
+
+ protected:
+ Host_11() {}
+ virtual ~Host_11() {}
+};
+
+} // namespace cdm
+
+#endif // CDM_CONTENT_DECRYPTION_MODULE_H_
diff --git a/dom/media/gmp/widevine-adapter/content_decryption_module_export.h b/dom/media/gmp/widevine-adapter/content_decryption_module_export.h
new file mode 100644
index 0000000000..932708deba
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/content_decryption_module_export.h
@@ -0,0 +1,38 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CDM_CONTENT_DECRYPTION_MODULE_EXPORT_H_
+#define CDM_CONTENT_DECRYPTION_MODULE_EXPORT_H_
+
+// Define CDM_API so that functionality implemented by the CDM module
+// can be exported to consumers.
+#if defined(_WIN32)
+
+#if defined(CDM_IMPLEMENTATION)
+#define CDM_API __declspec(dllexport)
+#else
+#define CDM_API __declspec(dllimport)
+#endif // defined(CDM_IMPLEMENTATION)
+
+#else // defined(_WIN32)
+#define CDM_API __attribute__((visibility("default")))
+#endif // defined(_WIN32)
+
+// Define CDM_CLASS_API to export class types. We have to add visibility
+// attributes to make sure virtual tables in CDM consumer and CDM implementation
+// are the same. Generally, it was always a good idea, as there're no guarantees
+// about that for the internal symbols, but it has only become a practical issue
+// after introduction of LTO devirtualization. See more details on
+// https://crbug.com/609564#c35
+#if defined(_WIN32)
+#if defined(__clang__)
+#define CDM_CLASS_API [[clang::lto_visibility_public]]
+#else
+#define CDM_CLASS_API
+#endif
+#else // defined(_WIN32)
+#define CDM_CLASS_API __attribute__((visibility("default")))
+#endif // defined(_WIN32)
+
+#endif // CDM_CONTENT_DECRYPTION_MODULE_EXPORT_H_
diff --git a/dom/media/gmp/widevine-adapter/content_decryption_module_ext.h b/dom/media/gmp/widevine-adapter/content_decryption_module_ext.h
new file mode 100644
index 0000000000..5df8344e60
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/content_decryption_module_ext.h
@@ -0,0 +1,64 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CDM_CONTENT_DECRYPTION_MODULE_EXT_H_
+#define CDM_CONTENT_DECRYPTION_MODULE_EXT_H_
+
+#if defined(_WIN32)
+#include <windows.h>
+#endif
+
+#include "content_decryption_module_export.h"
+
+#if defined(_MSC_VER)
+typedef unsigned int uint32_t;
+#else
+#include <stdint.h>
+#endif
+
+namespace cdm {
+
+#if defined(_WIN32)
+typedef wchar_t FilePathCharType;
+typedef HANDLE PlatformFile;
+const PlatformFile kInvalidPlatformFile = INVALID_HANDLE_VALUE;
+#else
+typedef char FilePathCharType;
+typedef int PlatformFile;
+const PlatformFile kInvalidPlatformFile = -1;
+#endif // defined(_WIN32)
+
+struct HostFile {
+ HostFile(const FilePathCharType* file_path,
+ PlatformFile file,
+ PlatformFile sig_file)
+ : file_path(file_path), file(file), sig_file(sig_file) {}
+
+ // File that is part of the host of the CDM.
+ const FilePathCharType* file_path = nullptr;
+ PlatformFile file = kInvalidPlatformFile;
+
+ // Signature file for |file|.
+ PlatformFile sig_file = kInvalidPlatformFile;
+};
+
+} // namespace cdm
+
+extern "C" {
+
+// Functions in this file are dynamically retrieved by their versioned function
+// names. Increment the version number for any backward incompatible API
+// changes.
+
+// Verifies CDM host. All files in |host_files| are opened in read-only mode.
+//
+// Returns false and closes all files if there is an immediate failure.
+// Otherwise returns true as soon as possible and processes the files
+// asynchronously. All files MUST be closed by the CDM after this one-time
+// processing is finished.
+CDM_API bool VerifyCdmHost_0(const cdm::HostFile* host_files,
+ uint32_t num_files);
+}
+
+#endif // CDM_CONTENT_DECRYPTION_MODULE_EXT_H_
diff --git a/dom/media/gmp/widevine-adapter/content_decryption_module_proxy.h b/dom/media/gmp/widevine-adapter/content_decryption_module_proxy.h
new file mode 100644
index 0000000000..d3edff8b37
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/content_decryption_module_proxy.h
@@ -0,0 +1,121 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CDM_CONTENT_DECRYPTION_MODULE_PROXY_H_
+#define CDM_CONTENT_DECRYPTION_MODULE_PROXY_H_
+
+#include "content_decryption_module_export.h"
+
+#if defined(_MSC_VER)
+typedef unsigned char uint8_t;
+typedef unsigned int uint32_t;
+typedef unsigned __int64 uint64_t;
+#else
+# include <stdint.h>
+#endif
+
+namespace cdm {
+
+class CDM_CLASS_API CdmProxyClient;
+
+// A proxy class for the CDM.
+// In general, the interpretation of the CdmProxy and CdmProxyClient method
+// parameters are protocol dependent. For enum parameters, values outside the
+// enum range may not work.
+class CDM_CLASS_API CdmProxy {
+ public:
+ enum Function : uint32_t {
+ // For Intel Negotiate Crypto SessionKey Exchange (CSME) path to call
+ // ID3D11VideoContext::NegotiateCryptoSessionKeyExchange.
+ kIntelNegotiateCryptoSessionKeyExchange = 1,
+ // There will be more values in the future e.g. for D3D11 RSA method.
+ };
+
+ enum KeyType : uint32_t {
+ kDecryptOnly = 0,
+ kDecryptAndDecode = 1,
+ };
+
+ // Initializes the proxy. The results will be returned in
+ // CdmProxyClient::OnInitialized().
+ virtual void Initialize() = 0;
+
+ // Processes and updates the state of the proxy.
+ // |output_data_size| is required by some protocol to set up the output data.
+ // The operation may fail if the |output_data_size| is wrong. The results will
+ // be returned in CdmProxyClient::OnProcessed().
+ virtual void Process(Function function, uint32_t crypto_session_id,
+ const uint8_t* input_data, uint32_t input_data_size,
+ uint32_t output_data_size) = 0;
+
+ // Creates a crypto session for handling media.
+ // If extra data has to be passed to further setup the media crypto session,
+ // pass the data as |input_data|. The results will be returned in
+ // CdmProxyClient::OnMediaCryptoSessionCreated().
+ virtual void CreateMediaCryptoSession(const uint8_t* input_data,
+ uint32_t input_data_size) = 0;
+
+ // Sets a key for the session identified by |crypto_session_id|.
+ virtual void SetKey(uint32_t crypto_session_id, const uint8_t* key_id,
+ uint32_t key_id_size, KeyType key_type,
+ const uint8_t* key_blob, uint32_t key_blob_size) = 0;
+
+ // Removes a key for the session identified by |crypto_session_id|.
+ virtual void RemoveKey(uint32_t crypto_session_id, const uint8_t* key_id,
+ uint32_t key_id_size) = 0;
+
+ protected:
+ CdmProxy() {}
+ virtual ~CdmProxy() {}
+};
+
+// Responses to CdmProxy calls. All responses will be called asynchronously.
+class CDM_CLASS_API CdmProxyClient {
+ public:
+ enum Status : uint32_t {
+ kOk,
+ kFail,
+ };
+
+ enum Protocol : uint32_t {
+ kNone = 0, // No protocol supported. Can be used in failure cases.
+ kIntel, // Method using Intel CSME.
+ // There will be more values in the future e.g. kD3D11RsaHardware,
+ // kD3D11RsaSoftware to use the D3D11 RSA method.
+ };
+
+ // Callback for Initialize(). If the proxy created a crypto session, then the
+ // ID for the crypto session is |crypto_session_id|.
+ virtual void OnInitialized(Status status, Protocol protocol,
+ uint32_t crypto_session_id) = 0;
+
+ // Callback for Process(). |output_data| is the output of processing.
+ virtual void OnProcessed(Status status, const uint8_t* output_data,
+ uint32_t output_data_size) = 0;
+
+ // Callback for CreateMediaCryptoSession(). On success:
+ // - |crypto_session_id| is the ID for the created crypto session.
+ // - |output_data| is extra value, if any.
+ // Otherwise, |crypto_session_id| and |output_data| should be ignored.
+ virtual void OnMediaCryptoSessionCreated(Status status,
+ uint32_t crypto_session_id,
+ uint64_t output_data) = 0;
+
+ // Callback for SetKey().
+ virtual void OnKeySet(Status status) = 0;
+
+ // Callback for RemoveKey().
+ virtual void OnKeyRemoved(Status status) = 0;
+
+ // Called when there is a hardware reset and all the hardware context is lost.
+ virtual void NotifyHardwareReset() = 0;
+
+ protected:
+ CdmProxyClient() {}
+ virtual ~CdmProxyClient() {}
+};
+
+} // namespace cdm
+
+#endif // CDM_CONTENT_DECRYPTION_MODULE_PROXY_H_
diff --git a/dom/media/gmp/widevine-adapter/moz.build b/dom/media/gmp/widevine-adapter/moz.build
new file mode 100644
index 0000000000..b1b7582407
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/moz.build
@@ -0,0 +1,21 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+SOURCES += [
+ "WidevineFileIO.cpp",
+ "WidevineUtils.cpp",
+ "WidevineVideoFrame.cpp",
+]
+
+EXPORTS += ["WidevineFileIO.h", "WidevineUtils.h", "WidevineVideoFrame.h"]
+
+FINAL_LIBRARY = "xul"
+
+LOCAL_INCLUDES += [
+ "/dom/media/gmp",
+]
+
+include("/ipc/chromium/chromium-config.mozbuild")