diff options
Diffstat (limited to '')
-rw-r--r-- | dom/media/gmp/widevine-adapter/WidevineFileIO.cpp | 100 | ||||
-rw-r--r-- | dom/media/gmp/widevine-adapter/WidevineFileIO.h | 41 | ||||
-rw-r--r-- | dom/media/gmp/widevine-adapter/WidevineUtils.cpp | 61 | ||||
-rw-r--r-- | dom/media/gmp/widevine-adapter/WidevineUtils.h | 84 | ||||
-rw-r--r-- | dom/media/gmp/widevine-adapter/WidevineVideoFrame.cpp | 136 | ||||
-rw-r--r-- | dom/media/gmp/widevine-adapter/WidevineVideoFrame.h | 54 | ||||
-rw-r--r-- | dom/media/gmp/widevine-adapter/content_decryption_module.h | 1359 | ||||
-rw-r--r-- | dom/media/gmp/widevine-adapter/content_decryption_module_export.h | 38 | ||||
-rw-r--r-- | dom/media/gmp/widevine-adapter/content_decryption_module_ext.h | 64 | ||||
-rw-r--r-- | dom/media/gmp/widevine-adapter/content_decryption_module_proxy.h | 121 | ||||
-rw-r--r-- | dom/media/gmp/widevine-adapter/moz.build | 21 |
11 files changed, 2079 insertions, 0 deletions
diff --git a/dom/media/gmp/widevine-adapter/WidevineFileIO.cpp b/dom/media/gmp/widevine-adapter/WidevineFileIO.cpp new file mode 100644 index 0000000000..913f6ba288 --- /dev/null +++ b/dom/media/gmp/widevine-adapter/WidevineFileIO.cpp @@ -0,0 +1,100 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "WidevineFileIO.h" +#include "GMPLog.h" +#include "WidevineUtils.h" + +#include "gmp-api/gmp-platform.h" + +// Declared in ChromiumCDMAdapter.cpp. +extern const GMPPlatformAPI* sPlatform; + +namespace mozilla { + +void WidevineFileIO::Open(const char* aFilename, uint32_t aFilenameLength) { + mName = std::string(aFilename, aFilename + aFilenameLength); + GMPRecord* record = nullptr; + GMPErr err = sPlatform->createrecord(aFilename, aFilenameLength, &record, + static_cast<GMPRecordClient*>(this)); + if (GMP_FAILED(err)) { + GMP_LOG_DEBUG("WidevineFileIO::Open() '%s' GMPCreateRecord failed", + mName.c_str()); + mClient->OnOpenComplete(cdm::FileIOClient::Status::kError); + return; + } + if (GMP_FAILED(record->Open())) { + GMP_LOG_DEBUG("WidevineFileIO::Open() '%s' record open failed", + mName.c_str()); + mClient->OnOpenComplete(cdm::FileIOClient::Status::kError); + return; + } + + GMP_LOG_DEBUG("WidevineFileIO::Open() '%s'", mName.c_str()); + mRecord = record; +} + +void WidevineFileIO::Read() { + if (!mRecord) { + GMP_LOG_DEBUG("WidevineFileIO::Read() '%s' used uninitialized!", + mName.c_str()); + mClient->OnReadComplete(cdm::FileIOClient::Status::kError, nullptr, 0); + return; + } + GMP_LOG_DEBUG("WidevineFileIO::Read() '%s'", mName.c_str()); + mRecord->Read(); +} + +void WidevineFileIO::Write(const uint8_t* aData, uint32_t aDataSize) { + if (!mRecord) { + GMP_LOG_DEBUG("WidevineFileIO::Write() '%s' used uninitialized!", + mName.c_str()); + mClient->OnWriteComplete(cdm::FileIOClient::Status::kError); + return; + } + mRecord->Write(aData, aDataSize); +} + +void WidevineFileIO::Close() { + GMP_LOG_DEBUG("WidevineFileIO::Close() '%s'", mName.c_str()); + if (mRecord) { + mRecord->Close(); + mRecord = nullptr; + } + delete this; +} + +static cdm::FileIOClient::Status GMPToWidevineFileStatus(GMPErr aStatus) { + switch (aStatus) { + case GMPRecordInUse: + return cdm::FileIOClient::Status::kInUse; + case GMPNoErr: + return cdm::FileIOClient::Status::kSuccess; + default: + return cdm::FileIOClient::Status::kError; + } +} + +void WidevineFileIO::OpenComplete(GMPErr aStatus) { + GMP_LOG_DEBUG("WidevineFileIO::OpenComplete() '%s' status=%d", mName.c_str(), + aStatus); + mClient->OnOpenComplete(GMPToWidevineFileStatus(aStatus)); +} + +void WidevineFileIO::ReadComplete(GMPErr aStatus, const uint8_t* aData, + uint32_t aDataSize) { + GMP_LOG_DEBUG("WidevineFileIO::OnReadComplete() '%s' status=%d", + mName.c_str(), aStatus); + mClient->OnReadComplete(GMPToWidevineFileStatus(aStatus), aData, aDataSize); +} + +void WidevineFileIO::WriteComplete(GMPErr aStatus) { + GMP_LOG_DEBUG("WidevineFileIO::WriteComplete() '%s' status=%d", mName.c_str(), + aStatus); + mClient->OnWriteComplete(GMPToWidevineFileStatus(aStatus)); +} + +} // namespace mozilla diff --git a/dom/media/gmp/widevine-adapter/WidevineFileIO.h b/dom/media/gmp/widevine-adapter/WidevineFileIO.h new file mode 100644 index 0000000000..8c36f032be --- /dev/null +++ b/dom/media/gmp/widevine-adapter/WidevineFileIO.h @@ -0,0 +1,41 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef WidevineFileIO_h_ +#define WidevineFileIO_h_ + +#include <stddef.h> +#include "content_decryption_module.h" +#include "gmp-api/gmp-storage.h" +#include <string> + +namespace mozilla { + +class WidevineFileIO : public cdm::FileIO, public GMPRecordClient { + public: + explicit WidevineFileIO(cdm::FileIOClient* aClient) + : mClient(aClient), mRecord(nullptr) {} + + // cdm::FileIO + void Open(const char* aFilename, uint32_t aFilenameLength) override; + void Read() override; + void Write(const uint8_t* aData, uint32_t aDataSize) override; + void Close() override; + + // GMPRecordClient + void OpenComplete(GMPErr aStatus) override; + void ReadComplete(GMPErr aStatus, const uint8_t* aData, + uint32_t aDataSize) override; + void WriteComplete(GMPErr aStatus) override; + + private: + cdm::FileIOClient* mClient; + GMPRecord* mRecord; + std::string mName; +}; + +} // namespace mozilla + +#endif // WidevineFileIO_h_ diff --git a/dom/media/gmp/widevine-adapter/WidevineUtils.cpp b/dom/media/gmp/widevine-adapter/WidevineUtils.cpp new file mode 100644 index 0000000000..d0551406b2 --- /dev/null +++ b/dom/media/gmp/widevine-adapter/WidevineUtils.cpp @@ -0,0 +1,61 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "WidevineUtils.h" +#include "GMPLog.h" +#include "gmp-api/gmp-errors.h" +#include <stdarg.h> +#include <stdio.h> +#include <inttypes.h> + +namespace mozilla { + +WidevineBuffer::WidevineBuffer(size_t aSize) { + GMP_LOG_DEBUG("WidevineBuffer(size=%zu) created", aSize); + mBuffer.SetLength(aSize); +} + +WidevineBuffer::~WidevineBuffer() { + GMP_LOG_DEBUG("WidevineBuffer(size=%" PRIu32 ") destroyed", Size()); +} + +void WidevineBuffer::Destroy() { delete this; } + +uint32_t WidevineBuffer::Capacity() const { return mBuffer.Length(); } + +uint8_t* WidevineBuffer::Data() { return mBuffer.Elements(); } + +void WidevineBuffer::SetSize(uint32_t aSize) { mBuffer.SetLength(aSize); } + +uint32_t WidevineBuffer::Size() const { return mBuffer.Length(); } + +nsTArray<uint8_t> WidevineBuffer::ExtractBuffer() { + nsTArray<uint8_t> out = std::move(mBuffer); + return out; +} + +WidevineDecryptedBlock::WidevineDecryptedBlock() + : mBuffer(nullptr), mTimestamp(0) {} + +WidevineDecryptedBlock::~WidevineDecryptedBlock() { + if (mBuffer) { + mBuffer->Destroy(); + mBuffer = nullptr; + } +} + +void WidevineDecryptedBlock::SetDecryptedBuffer(cdm::Buffer* aBuffer) { + mBuffer = aBuffer; +} + +cdm::Buffer* WidevineDecryptedBlock::DecryptedBuffer() { return mBuffer; } + +void WidevineDecryptedBlock::SetTimestamp(int64_t aTimestamp) { + mTimestamp = aTimestamp; +} + +int64_t WidevineDecryptedBlock::Timestamp() const { return mTimestamp; } + +} // namespace mozilla diff --git a/dom/media/gmp/widevine-adapter/WidevineUtils.h b/dom/media/gmp/widevine-adapter/WidevineUtils.h new file mode 100644 index 0000000000..1502621451 --- /dev/null +++ b/dom/media/gmp/widevine-adapter/WidevineUtils.h @@ -0,0 +1,84 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef WidevineUtils_h_ +#define WidevineUtils_h_ + +#include "stddef.h" +#include "content_decryption_module.h" +#include "nsISupportsImpl.h" +#include "nsTArray.h" +#include "mozilla/Logging.h" + +namespace mozilla { + +#define ENSURE_TRUE(condition, rv) \ + { \ + if (!(condition)) { \ + GMP_LOG_DEBUG("ENSURE_TRUE FAILED %s:%d", __FILE__, __LINE__); \ + return rv; \ + } \ + } + +#define ENSURE_GMP_SUCCESS(err, rv) \ + { \ + if (GMP_FAILED(err)) { \ + GMP_LOG_DEBUG("ENSURE_GMP_SUCCESS FAILED %s:%d", __FILE__, __LINE__); \ + return rv; \ + } \ + } + +namespace gmp { +class CDMShmemBuffer; +} +class WidevineBuffer; + +// Base class for our cdm::Buffer implementations, so we can tell at runtime +// whether the buffer is a Shmem or non-Shmem buffer. +class CDMBuffer : public cdm::Buffer { + public: + virtual WidevineBuffer* AsArrayBuffer() { return nullptr; } + virtual gmp::CDMShmemBuffer* AsShmemBuffer() { return nullptr; } +}; + +class WidevineBuffer : public CDMBuffer { + public: + explicit WidevineBuffer(size_t aSize); + ~WidevineBuffer() override; + void Destroy() override; + uint32_t Capacity() const override; + uint8_t* Data() override; + void SetSize(uint32_t aSize) override; + uint32_t Size() const override; + + // Moves contents of buffer out into temporary. + // Note: This empties the buffer. + nsTArray<uint8_t> ExtractBuffer(); + + WidevineBuffer* AsArrayBuffer() override { return this; } + + private: + nsTArray<uint8_t> mBuffer; + WidevineBuffer(const WidevineBuffer&); + void operator=(const WidevineBuffer&); +}; + +class WidevineDecryptedBlock : public cdm::DecryptedBlock { + public: + WidevineDecryptedBlock(); + ~WidevineDecryptedBlock() override; + void SetDecryptedBuffer(cdm::Buffer* aBuffer) override; + cdm::Buffer* DecryptedBuffer() override; + void SetTimestamp(int64_t aTimestamp) override; + int64_t Timestamp() const override; + + private: + cdm::Buffer* mBuffer; + int64_t mTimestamp; +}; + +} // namespace mozilla + +#endif // WidevineUtils_h_ diff --git a/dom/media/gmp/widevine-adapter/WidevineVideoFrame.cpp b/dom/media/gmp/widevine-adapter/WidevineVideoFrame.cpp new file mode 100644 index 0000000000..8eec94c21d --- /dev/null +++ b/dom/media/gmp/widevine-adapter/WidevineVideoFrame.cpp @@ -0,0 +1,136 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "WidevineVideoFrame.h" +#include "GMPLog.h" +#include "WidevineUtils.h" +#include "mozilla/CheckedInt.h" +#include "mozilla/IntegerPrintfMacros.h" + +namespace mozilla { + +WidevineVideoFrame::WidevineVideoFrame() + : mFormat(cdm::VideoFormat::kUnknownVideoFormat), + mSize{0, 0}, + mBuffer(nullptr), + mTimestamp(0) { + MOZ_ASSERT(mSize.height == 0 && mSize.width == 0, "Size should be zeroed"); + GMP_LOG_DEBUG("WidevineVideoFrame::WidevineVideoFrame() this=%p", this); + memset(mPlaneOffsets, 0, sizeof(mPlaneOffsets)); + memset(mPlaneStrides, 0, sizeof(mPlaneStrides)); +} + +WidevineVideoFrame::WidevineVideoFrame(WidevineVideoFrame&& aOther) + : mFormat(aOther.mFormat), + mSize(aOther.mSize), + mBuffer(aOther.mBuffer), + mTimestamp(aOther.mTimestamp) { + GMP_LOG_DEBUG( + "WidevineVideoFrame::WidevineVideoFrame(WidevineVideoFrame&&) " + "this=%p, other=%p", + this, &aOther); + memcpy(mPlaneOffsets, aOther.mPlaneOffsets, sizeof(mPlaneOffsets)); + memcpy(mPlaneStrides, aOther.mPlaneStrides, sizeof(mPlaneStrides)); + aOther.mBuffer = nullptr; +} + +WidevineVideoFrame::~WidevineVideoFrame() { + if (mBuffer) { + mBuffer->Destroy(); + mBuffer = nullptr; + } +} + +void WidevineVideoFrame::SetFormat(cdm::VideoFormat aFormat) { + GMP_LOG_DEBUG("WidevineVideoFrame::SetFormat(%d) this=%p", aFormat, this); + mFormat = aFormat; +} + +cdm::VideoFormat WidevineVideoFrame::Format() const { return mFormat; } + +void WidevineVideoFrame::SetSize(cdm::Size aSize) { + GMP_LOG_DEBUG("WidevineVideoFrame::SetSize(%d,%d) this=%p", aSize.width, + aSize.height, this); + mSize.width = aSize.width; + mSize.height = aSize.height; +} + +cdm::Size WidevineVideoFrame::Size() const { return mSize; } + +void WidevineVideoFrame::SetFrameBuffer(cdm::Buffer* aFrameBuffer) { + GMP_LOG_DEBUG("WidevineVideoFrame::SetFrameBuffer(%p) this=%p", aFrameBuffer, + this); + MOZ_ASSERT(!mBuffer); + mBuffer = aFrameBuffer; +} + +cdm::Buffer* WidevineVideoFrame::FrameBuffer() { return mBuffer; } + +void WidevineVideoFrame::SetPlaneOffset(cdm::VideoPlane aPlane, + uint32_t aOffset) { + GMP_LOG_DEBUG("WidevineVideoFrame::SetPlaneOffset(%d, %" PRIu32 ") this=%p", + aPlane, aOffset, this); + mPlaneOffsets[aPlane] = aOffset; +} + +uint32_t WidevineVideoFrame::PlaneOffset(cdm::VideoPlane aPlane) { + return mPlaneOffsets[aPlane]; +} + +void WidevineVideoFrame::SetStride(cdm::VideoPlane aPlane, uint32_t aStride) { + GMP_LOG_DEBUG("WidevineVideoFrame::SetStride(%d, %" PRIu32 ") this=%p", + aPlane, aStride, this); + mPlaneStrides[aPlane] = aStride; +} + +uint32_t WidevineVideoFrame::Stride(cdm::VideoPlane aPlane) { + return mPlaneStrides[aPlane]; +} + +void WidevineVideoFrame::SetTimestamp(int64_t timestamp) { + GMP_LOG_DEBUG("WidevineVideoFrame::SetTimestamp(%" PRId64 ") this=%p", + timestamp, this); + mTimestamp = timestamp; +} + +int64_t WidevineVideoFrame::Timestamp() const { return mTimestamp; } + +bool WidevineVideoFrame::InitToBlack(int32_t aWidth, int32_t aHeight, + int64_t aTimeStamp) { + MOZ_ASSERT(aWidth >= 0 && aHeight >= 0, + "Frame dimensions should be positive"); + CheckedInt<size_t> ySizeChk = aWidth; + ySizeChk *= aHeight; + // If w*h didn't overflow, half of them won't. + const size_t uSize = ((aWidth + 1) / 2) * ((aHeight + 1) / 2); + CheckedInt<size_t> yuSizeChk = ySizeChk + uSize; + if (!yuSizeChk.isValid()) { + return false; + } + WidevineBuffer* buffer = new WidevineBuffer(yuSizeChk.value()); + const size_t& ySize = ySizeChk.value(); + // Black in YCbCr is (0,128,128). + memset(buffer->Data(), 0, ySize); + memset(buffer->Data() + ySize, 128, uSize); + if (mBuffer) { + mBuffer->Destroy(); + mBuffer = nullptr; + } + SetFormat(cdm::VideoFormat::kI420); + SetSize(cdm::Size{aWidth, aHeight}); + SetFrameBuffer(buffer); + SetPlaneOffset(cdm::VideoPlane::kYPlane, 0); + SetStride(cdm::VideoPlane::kYPlane, aWidth); + // Note: U and V planes are stored at the same place in order to + // save memory since their contents are the same. + SetPlaneOffset(cdm::VideoPlane::kUPlane, ySize); + SetStride(cdm::VideoPlane::kUPlane, (aWidth + 1) / 2); + SetPlaneOffset(cdm::VideoPlane::kVPlane, ySize); + SetStride(cdm::VideoPlane::kVPlane, (aWidth + 1) / 2); + SetTimestamp(aTimeStamp); + return true; +} + +} // namespace mozilla diff --git a/dom/media/gmp/widevine-adapter/WidevineVideoFrame.h b/dom/media/gmp/widevine-adapter/WidevineVideoFrame.h new file mode 100644 index 0000000000..0ae65ac1e5 --- /dev/null +++ b/dom/media/gmp/widevine-adapter/WidevineVideoFrame.h @@ -0,0 +1,54 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef WidevineVideoFrame_h_ +#define WidevineVideoFrame_h_ + +#include "stddef.h" +#include "content_decryption_module.h" +#include "mozilla/Attributes.h" +#include <vector> + +namespace mozilla { + +class WidevineVideoFrame : public cdm::VideoFrame { + public: + WidevineVideoFrame(); + WidevineVideoFrame(WidevineVideoFrame&& other); + ~WidevineVideoFrame(); + + void SetFormat(cdm::VideoFormat aFormat) override; + cdm::VideoFormat Format() const override; + + void SetSize(cdm::Size aSize) override; + cdm::Size Size() const override; + + void SetFrameBuffer(cdm::Buffer* aFrameBuffer) override; + cdm::Buffer* FrameBuffer() override; + + void SetPlaneOffset(cdm::VideoPlane aPlane, uint32_t aOffset) override; + uint32_t PlaneOffset(cdm::VideoPlane aPlane) override; + + void SetStride(cdm::VideoPlane aPlane, uint32_t aStride) override; + uint32_t Stride(cdm::VideoPlane aPlane) override; + + void SetTimestamp(int64_t aTimestamp) override; + int64_t Timestamp() const override; + + [[nodiscard]] bool InitToBlack(int32_t aWidth, int32_t aHeight, + int64_t aTimeStamp); + + protected: + cdm::VideoFormat mFormat; + cdm::Size mSize; + cdm::Buffer* mBuffer; + uint32_t mPlaneOffsets[cdm::VideoPlane::kMaxPlanes]; + uint32_t mPlaneStrides[cdm::VideoPlane::kMaxPlanes]; + int64_t mTimestamp; +}; + +} // namespace mozilla + +#endif diff --git a/dom/media/gmp/widevine-adapter/content_decryption_module.h b/dom/media/gmp/widevine-adapter/content_decryption_module.h new file mode 100644 index 0000000000..68fee35195 --- /dev/null +++ b/dom/media/gmp/widevine-adapter/content_decryption_module.h @@ -0,0 +1,1359 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CDM_CONTENT_DECRYPTION_MODULE_H_ +#define CDM_CONTENT_DECRYPTION_MODULE_H_ + +#include <type_traits> + +#include "content_decryption_module_export.h" +#include "content_decryption_module_proxy.h" + +#if defined(_MSC_VER) +typedef unsigned char uint8_t; +typedef unsigned int uint32_t; +typedef int int32_t; +typedef __int64 int64_t; +#else +# include <stdint.h> +#endif + +// The version number must be rolled when the exported functions are updated! +// If the CDM and the adapter use different versions of these functions, the +// adapter will fail to load or crash! +#define CDM_MODULE_VERSION 4 + +// Build the versioned entrypoint name. +// The extra macros are necessary to expand version to an actual value. +#define INITIALIZE_CDM_MODULE \ + BUILD_ENTRYPOINT(InitializeCdmModule, CDM_MODULE_VERSION) +#define BUILD_ENTRYPOINT(name, version) \ + BUILD_ENTRYPOINT_NO_EXPANSION(name, version) +#define BUILD_ENTRYPOINT_NO_EXPANSION(name, version) name##_##version + +// Macro to check that |type| does the following: +// 1. is a standard layout. +// 2. is trivial. +// 3. sizeof(type) matches the expected size in bytes. As some types contain +// pointers, the size is specified for both 32 and 64 bit. +#define CHECK_TYPE(type, size_32, size_64) \ + static_assert(std::is_standard_layout<type>(), \ + #type " not standard_layout"); \ + static_assert(std::is_trivial<type>(), #type " not trivial"); \ + static_assert((sizeof(void*) == 4 && sizeof(type) == size_32) || \ + (sizeof(void*) == 8 && sizeof(type) == size_64), \ + #type " size mismatch") + +extern "C" { + +CDM_API void INITIALIZE_CDM_MODULE(); + +CDM_API void DeinitializeCdmModule(); + +// Returns a pointer to the requested CDM Host interface upon success. +// Returns NULL if the requested CDM Host interface is not supported. +// The caller should cast the returned pointer to the type matching +// |host_interface_version|. +typedef void* (*GetCdmHostFunc)(int host_interface_version, void* user_data); + +// Returns a pointer to the requested CDM upon success. +// Returns NULL if an error occurs or the requested |cdm_interface_version| or +// |key_system| is not supported or another error occurs. +// The caller should cast the returned pointer to the type matching +// |cdm_interface_version|. +// Caller retains ownership of arguments and must call Destroy() on the returned +// object. +CDM_API void* CreateCdmInstance(int cdm_interface_version, + const char* key_system, + uint32_t key_system_size, + GetCdmHostFunc get_cdm_host_func, + void* user_data); + +CDM_API const char* GetCdmVersion(); + +} // extern "C" + +namespace cdm { + +enum Status : uint32_t { + kSuccess = 0, + kNeedMoreData, // Decoder needs more data to produce a decoded frame/sample. + kNoKey, // The required decryption key is not available. + kInitializationError, // Initialization error. + kDecryptError, // Decryption failed. + kDecodeError, // Error decoding audio or video. + kDeferredInitialization // Decoder is not ready for initialization. +}; +CHECK_TYPE(Status, 4, 4); + +// Exceptions used by the CDM to reject promises. +// https://w3c.github.io/encrypted-media/#exceptions +enum Exception : uint32_t { + kExceptionTypeError, + kExceptionNotSupportedError, + kExceptionInvalidStateError, + kExceptionQuotaExceededError +}; +CHECK_TYPE(Exception, 4, 4); + +// The encryption scheme. The definitions are from ISO/IEC 23001-7:2016. +enum class EncryptionScheme : uint32_t { + kUnencrypted = 0, + kCenc, // 'cenc' subsample encryption using AES-CTR mode. + kCbcs // 'cbcs' pattern encryption using AES-CBC mode. +}; +CHECK_TYPE(EncryptionScheme, 4, 4); + +// The pattern used for pattern encryption. Note that ISO/IEC 23001-7:2016 +// defines each block to be 16-bytes. +struct Pattern { + uint32_t crypt_byte_block; // Count of the encrypted blocks. + uint32_t skip_byte_block; // Count of the unencrypted blocks. +}; +CHECK_TYPE(Pattern, 8, 8); + +enum class ColorRange : uint8_t { + kInvalid, + kLimited, // 709 color range with RGB values ranging from 16 to 235. + kFull, // Full RGB color range with RGB values from 0 to 255. + kDerived // Range is defined by |transfer_id| and |matrix_id|. +}; +CHECK_TYPE(ColorRange, 1, 1); + +// Described in ISO 23001-8:2016, section 7. All the IDs are in the range +// [0, 255] so 8-bit integer is sufficient. An unspecified ColorSpace should be +// {2, 2, 2, ColorRange::kInvalid}, where value 2 means "Unspecified" for all +// the IDs, as defined by the spec. +struct ColorSpace { + uint8_t primary_id; // 7.1 colour primaries, table 2 + uint8_t transfer_id; // 7.2 transfer characteristics, table 3 + uint8_t matrix_id; // 7.3 matrix coefficients, table 4 + ColorRange range; +}; +CHECK_TYPE(ColorSpace, 4, 4); + +// Time is defined as the number of seconds since the Epoch +// (00:00:00 UTC, January 1, 1970), not including any added leap second. +// Also see Time definition in spec: https://w3c.github.io/encrypted-media/#time +// Note that Time is defined in millisecond accuracy in the spec but in second +// accuracy here. +typedef double Time; + +// An input buffer can be split into several continuous subsamples. +// A SubsampleEntry specifies the number of clear and cipher bytes in each +// subsample. For example, the following buffer has three subsamples: +// +// |<----- subsample1 ----->|<----- subsample2 ----->|<----- subsample3 ----->| +// | clear1 | cipher1 | clear2 | cipher2 | clear3 | cipher3 | +// +// For decryption, all of the cipher bytes in a buffer should be concatenated +// (in the subsample order) into a single logical stream. The clear bytes should +// not be considered as part of decryption. +// +// Stream to decrypt: | cipher1 | cipher2 | cipher3 | +// Decrypted stream: | decrypted1| decrypted2 | decrypted3 | +// +// After decryption, the decrypted bytes should be copied over the position +// of the corresponding cipher bytes in the original buffer to form the output +// buffer. Following the above example, the decrypted buffer should be: +// +// |<----- subsample1 ----->|<----- subsample2 ----->|<----- subsample3 ----->| +// | clear1 | decrypted1| clear2 | decrypted2 | clear3 | decrypted3 | +// +struct SubsampleEntry { + uint32_t clear_bytes; + uint32_t cipher_bytes; +}; +CHECK_TYPE(SubsampleEntry, 8, 8); + +// Represents an input buffer to be decrypted (and possibly decoded). It does +// not own any pointers in this struct. If |encryption_scheme| = kUnencrypted, +// the data is unencrypted. +// Note that this struct is organized so that sizeof(InputBuffer_2) +// equals the sum of sizeof() all members in both 32-bit and 64-bit compiles. +// Padding has been added to keep the fields aligned. +struct InputBuffer_2 { + const uint8_t* data; // Pointer to the beginning of the input data. + uint32_t data_size; // Size (in bytes) of |data|. + + EncryptionScheme encryption_scheme; + + const uint8_t* key_id; // Key ID to identify the decryption key. + uint32_t key_id_size; // Size (in bytes) of |key_id|. + uint32_t : 32; // Padding. + + const uint8_t* iv; // Initialization vector. + uint32_t iv_size; // Size (in bytes) of |iv|. + uint32_t : 32; // Padding. + + const struct SubsampleEntry* subsamples; + uint32_t num_subsamples; // Number of subsamples in |subsamples|. + uint32_t : 32; // Padding. + + // |pattern| is required if |encryption_scheme| specifies pattern encryption. + Pattern pattern; + + int64_t timestamp; // Presentation timestamp in microseconds. +}; +CHECK_TYPE(InputBuffer_2, 64, 80); + +enum AudioCodec : uint32_t { kUnknownAudioCodec = 0, kCodecVorbis, kCodecAac }; +CHECK_TYPE(AudioCodec, 4, 4); + +struct AudioDecoderConfig_2 { + AudioCodec codec; + int32_t channel_count; + int32_t bits_per_channel; + int32_t samples_per_second; + + // Optional byte data required to initialize audio decoders, such as the + // vorbis setup header. + uint8_t* extra_data; + uint32_t extra_data_size; + + // Encryption scheme. + EncryptionScheme encryption_scheme; +}; +CHECK_TYPE(AudioDecoderConfig_2, 28, 32); + +// Supported sample formats for AudioFrames. +enum AudioFormat : uint32_t { + kUnknownAudioFormat = 0, // Unknown format value. Used for error reporting. + kAudioFormatU8, // Interleaved unsigned 8-bit w/ bias of 128. + kAudioFormatS16, // Interleaved signed 16-bit. + kAudioFormatS32, // Interleaved signed 32-bit. + kAudioFormatF32, // Interleaved float 32-bit. + kAudioFormatPlanarS16, // Signed 16-bit planar. + kAudioFormatPlanarF32, // Float 32-bit planar. +}; +CHECK_TYPE(AudioFormat, 4, 4); + +// Surface formats based on FOURCC labels, see: http://www.fourcc.org/yuv.php +// Values are chosen to be consistent with Chromium's VideoPixelFormat values. +enum VideoFormat : uint32_t { + kUnknownVideoFormat = 0, // Unknown format value. Used for error reporting. + kYv12 = 1, // 12bpp YVU planar 1x1 Y, 2x2 VU samples. + kI420 = 2, // 12bpp YUV planar 1x1 Y, 2x2 UV samples. + + // In the following formats, each sample uses 16-bit in storage, while the + // sample value is stored in the least significant N bits where N is + // specified by the number after "P". For example, for YUV420P9, each Y, U, + // and V sample is stored in the least significant 9 bits in a 2-byte block. + kYUV420P9 = 16, + kYUV420P10 = 17, + kYUV422P9 = 18, + kYUV422P10 = 19, + kYUV444P9 = 20, + kYUV444P10 = 21, + kYUV420P12 = 22, + kYUV422P12 = 23, + kYUV444P12 = 24, +}; +CHECK_TYPE(VideoFormat, 4, 4); + +struct Size { + int32_t width; + int32_t height; +}; +CHECK_TYPE(Size, 8, 8); + +enum VideoCodec : uint32_t { + kUnknownVideoCodec = 0, + kCodecVp8, + kCodecH264, + kCodecVp9, + kCodecAv1 +}; +CHECK_TYPE(VideoCodec, 4, 4); + +enum VideoCodecProfile : uint32_t { + kUnknownVideoCodecProfile = 0, + kProfileNotNeeded, + kH264ProfileBaseline, + kH264ProfileMain, + kH264ProfileExtended, + kH264ProfileHigh, + kH264ProfileHigh10, + kH264ProfileHigh422, + kH264ProfileHigh444Predictive, + kVP9Profile0, + kVP9Profile1, + kVP9Profile2, + kVP9Profile3, + kAv1ProfileMain, + kAv1ProfileHigh, + kAv1ProfilePro +}; +CHECK_TYPE(VideoCodecProfile, 4, 4); + +// Deprecated: New CDM implementations should use VideoDecoderConfig_3. +// Note that this struct is organized so that sizeof(VideoDecoderConfig_2) +// equals the sum of sizeof() all members in both 32-bit and 64-bit compiles. +// Padding has been added to keep the fields aligned. +struct VideoDecoderConfig_2 { + VideoCodec codec; + VideoCodecProfile profile; + VideoFormat format; + uint32_t : 32; // Padding. + + // Width and height of video frame immediately post-decode. Not all pixels + // in this region are valid. + Size coded_size; + + // Optional byte data required to initialize video decoders, such as H.264 + // AAVC data. + uint8_t* extra_data; + uint32_t extra_data_size; + + // Encryption scheme. + EncryptionScheme encryption_scheme; +}; +CHECK_TYPE(VideoDecoderConfig_2, 36, 40); + +struct VideoDecoderConfig_3 { + VideoCodec codec; + VideoCodecProfile profile; + VideoFormat format; + ColorSpace color_space; + + // Width and height of video frame immediately post-decode. Not all pixels + // in this region are valid. + Size coded_size; + + // Optional byte data required to initialize video decoders, such as H.264 + // AAVC data. + uint8_t* extra_data; + uint32_t extra_data_size; + + EncryptionScheme encryption_scheme; +}; +CHECK_TYPE(VideoDecoderConfig_3, 36, 40); + +enum StreamType : uint32_t { kStreamTypeAudio = 0, kStreamTypeVideo = 1 }; +CHECK_TYPE(StreamType, 4, 4); + +// Structure provided to ContentDecryptionModule::OnPlatformChallengeResponse() +// after a platform challenge was initiated via Host::SendPlatformChallenge(). +// All values will be NULL / zero in the event of a challenge failure. +struct PlatformChallengeResponse { + // |challenge| provided during Host::SendPlatformChallenge() combined with + // nonce data and signed with the platform's private key. + const uint8_t* signed_data; + uint32_t signed_data_length; + + // RSASSA-PKCS1-v1_5-SHA256 signature of the |signed_data| block. + const uint8_t* signed_data_signature; + uint32_t signed_data_signature_length; + + // X.509 device specific certificate for the |service_id| requested. + const uint8_t* platform_key_certificate; + uint32_t platform_key_certificate_length; +}; +CHECK_TYPE(PlatformChallengeResponse, 24, 48); + +// The current status of the associated key. The valid types are defined in the +// spec: https://w3c.github.io/encrypted-media/#dom-mediakeystatus +enum KeyStatus : uint32_t { + kUsable = 0, + kInternalError = 1, + kExpired = 2, + kOutputRestricted = 3, + kOutputDownscaled = 4, + kStatusPending = 5, + kReleased = 6 +}; +CHECK_TYPE(KeyStatus, 4, 4); + +// Used when passing arrays of key information. Does not own the referenced +// data. |system_code| is an additional error code for unusable keys and +// should be 0 when |status| == kUsable. +struct KeyInformation { + const uint8_t* key_id; + uint32_t key_id_size; + KeyStatus status; + uint32_t system_code; +}; +CHECK_TYPE(KeyInformation, 16, 24); + +// Supported output protection methods for use with EnableOutputProtection() and +// returned by OnQueryOutputProtectionStatus(). +enum OutputProtectionMethods : uint32_t { + kProtectionNone = 0, + kProtectionHDCP = 1 << 0 +}; +CHECK_TYPE(OutputProtectionMethods, 4, 4); + +// Connected output link types returned by OnQueryOutputProtectionStatus(). +enum OutputLinkTypes : uint32_t { + kLinkTypeNone = 0, + kLinkTypeUnknown = 1 << 0, + kLinkTypeInternal = 1 << 1, + kLinkTypeVGA = 1 << 2, + kLinkTypeHDMI = 1 << 3, + kLinkTypeDVI = 1 << 4, + kLinkTypeDisplayPort = 1 << 5, + kLinkTypeNetwork = 1 << 6 +}; +CHECK_TYPE(OutputLinkTypes, 4, 4); + +// Result of the QueryOutputProtectionStatus() call. +enum QueryResult : uint32_t { kQuerySucceeded = 0, kQueryFailed }; +CHECK_TYPE(QueryResult, 4, 4); + +// The Initialization Data Type. The valid types are defined in the spec: +// https://w3c.github.io/encrypted-media/format-registry/initdata/index.html#registry +enum InitDataType : uint32_t { kCenc = 0, kKeyIds = 1, kWebM = 2 }; +CHECK_TYPE(InitDataType, 4, 4); + +// The type of session to create. The valid types are defined in the spec: +// https://w3c.github.io/encrypted-media/#dom-mediakeysessiontype +enum SessionType : uint32_t { + kTemporary = 0, + kPersistentLicense = 1, + kPersistentUsageRecord = 2 +}; +CHECK_TYPE(SessionType, 4, 4); + +// The type of the message event. The valid types are defined in the spec: +// https://w3c.github.io/encrypted-media/#dom-mediakeymessagetype +enum MessageType : uint32_t { + kLicenseRequest = 0, + kLicenseRenewal = 1, + kLicenseRelease = 2, + kIndividualizationRequest = 3 +}; +CHECK_TYPE(MessageType, 4, 4); + +enum HdcpVersion : uint32_t { + kHdcpVersionNone, + kHdcpVersion1_0, + kHdcpVersion1_1, + kHdcpVersion1_2, + kHdcpVersion1_3, + kHdcpVersion1_4, + kHdcpVersion2_0, + kHdcpVersion2_1, + kHdcpVersion2_2, + kHdcpVersion2_3 +}; +CHECK_TYPE(HdcpVersion, 4, 4); + +struct Policy { + HdcpVersion min_hdcp_version; +}; +CHECK_TYPE(Policy, 4, 4); + +// Represents a buffer created by Allocator implementations. +class CDM_CLASS_API Buffer { + public: + // Destroys the buffer in the same context as it was created. + virtual void Destroy() = 0; + + virtual uint32_t Capacity() const = 0; + virtual uint8_t* Data() = 0; + virtual void SetSize(uint32_t size) = 0; + virtual uint32_t Size() const = 0; + + protected: + Buffer() {} + virtual ~Buffer() {} + + private: + Buffer(const Buffer&); + void operator=(const Buffer&); +}; + +// Represents a decrypted block that has not been decoded. +class CDM_CLASS_API DecryptedBlock { + public: + virtual void SetDecryptedBuffer(Buffer* buffer) = 0; + virtual Buffer* DecryptedBuffer() = 0; + + // TODO(tomfinegan): Figure out if timestamp is really needed. If it is not, + // we can just pass Buffer pointers around. + virtual void SetTimestamp(int64_t timestamp) = 0; + virtual int64_t Timestamp() const = 0; + + protected: + DecryptedBlock() {} + virtual ~DecryptedBlock() {} +}; + +enum VideoPlane : uint32_t { + kYPlane = 0, + kUPlane = 1, + kVPlane = 2, + kMaxPlanes = 3, +}; +CHECK_TYPE(VideoPlane, 4, 4); + +class CDM_CLASS_API VideoFrame { + public: + virtual void SetFormat(VideoFormat format) = 0; + virtual VideoFormat Format() const = 0; + + virtual void SetSize(cdm::Size size) = 0; + virtual cdm::Size Size() const = 0; + + virtual void SetFrameBuffer(Buffer* frame_buffer) = 0; + virtual Buffer* FrameBuffer() = 0; + + virtual void SetPlaneOffset(VideoPlane plane, uint32_t offset) = 0; + virtual uint32_t PlaneOffset(VideoPlane plane) = 0; + + virtual void SetStride(VideoPlane plane, uint32_t stride) = 0; + virtual uint32_t Stride(VideoPlane plane) = 0; + + // Sets and gets the presentation timestamp which is in microseconds. + virtual void SetTimestamp(int64_t timestamp) = 0; + virtual int64_t Timestamp() const = 0; + + protected: + VideoFrame() {} + virtual ~VideoFrame() {} +}; + +// Represents a decoded video frame. The CDM should call the interface methods +// to set the frame attributes. See DecryptAndDecodeFrame(). +class CDM_CLASS_API VideoFrame_2 { + public: + virtual void SetFormat(VideoFormat format) = 0; + virtual void SetSize(cdm::Size size) = 0; + virtual void SetFrameBuffer(Buffer* frame_buffer) = 0; + virtual void SetPlaneOffset(VideoPlane plane, uint32_t offset) = 0; + virtual void SetStride(VideoPlane plane, uint32_t stride) = 0; + // Sets the presentation timestamp which is in microseconds. + virtual void SetTimestamp(int64_t timestamp) = 0; + virtual void SetColorSpace(ColorSpace color_space) = 0; + + protected: + VideoFrame_2() {} + virtual ~VideoFrame_2() {} +}; + +// Represents decrypted and decoded audio frames. AudioFrames can contain +// multiple audio output buffers, which are serialized into this format: +// +// |<------------------- serialized audio buffer ------------------->| +// | int64_t timestamp | int64_t length | length bytes of audio data | +// +// For example, with three audio output buffers, the AudioFrames will look +// like this: +// +// |<----------------- AudioFrames ------------------>| +// | audio buffer 0 | audio buffer 1 | audio buffer 2 | +class CDM_CLASS_API AudioFrames { + public: + virtual void SetFrameBuffer(Buffer* buffer) = 0; + virtual Buffer* FrameBuffer() = 0; + + // The CDM must call this method, providing a valid format, when providing + // frame buffers. Planar data should be stored end to end; e.g., + // |ch1 sample1||ch1 sample2|....|ch1 sample_last||ch2 sample1|... + virtual void SetFormat(AudioFormat format) = 0; + virtual AudioFormat Format() const = 0; + + protected: + AudioFrames() {} + virtual ~AudioFrames() {} +}; + +// FileIO interface provides a way for the CDM to store data in a file in +// persistent storage. This interface aims only at providing basic read/write +// capabilities and should not be used as a full fledged file IO API. +// Each CDM and origin (e.g. HTTPS, "foo.example.com", 443) combination has +// its own persistent storage. All instances of a given CDM associated with a +// given origin share the same persistent storage. +// Note to implementors of this interface: +// Per-origin storage and the ability for users to clear it are important. +// See http://www.w3.org/TR/encrypted-media/#privacy-storedinfo. +class CDM_CLASS_API FileIO { + public: + // Opens the file with |file_name| for read and write. + // FileIOClient::OnOpenComplete() will be called after the opening + // operation finishes. + // - When the file is opened by a CDM instance, it will be classified as "in + // use". In this case other CDM instances in the same domain may receive + // kInUse status when trying to open it. + // - |file_name| must only contain letters (A-Za-z), digits(0-9), or "._-". + // It must not start with an underscore ('_'), and must be at least 1 + // character and no more than 256 characters long. + virtual void Open(const char* file_name, uint32_t file_name_size) = 0; + + // Reads the contents of the file. FileIOClient::OnReadComplete() will be + // called with the read status. Read() should not be called if a previous + // Read() or Write() call is still pending; otherwise OnReadComplete() will + // be called with kInUse. + virtual void Read() = 0; + + // Writes |data_size| bytes of |data| into the file. + // FileIOClient::OnWriteComplete() will be called with the write status. + // All existing contents in the file will be overwritten. Calling Write() with + // NULL |data| will clear all contents in the file. Write() should not be + // called if a previous Write() or Read() call is still pending; otherwise + // OnWriteComplete() will be called with kInUse. + virtual void Write(const uint8_t* data, uint32_t data_size) = 0; + + // Closes the file if opened, destroys this FileIO object and releases any + // resources allocated. The CDM must call this method when it finished using + // this object. A FileIO object must not be used after Close() is called. + virtual void Close() = 0; + + protected: + FileIO() {} + virtual ~FileIO() {} +}; + +// Responses to FileIO calls. All responses will be called asynchronously. +// When kError is returned, the FileIO object could be in an error state. All +// following calls (other than Close()) could return kError. The CDM should +// still call Close() to destroy the FileIO object. +class CDM_CLASS_API FileIOClient { + public: + enum class Status : uint32_t { kSuccess = 0, kInUse, kError }; + + // Response to a FileIO::Open() call with the open |status|. + virtual void OnOpenComplete(Status status) = 0; + + // Response to a FileIO::Read() call to provide |data_size| bytes of |data| + // read from the file. + // - kSuccess indicates that all contents of the file has been successfully + // read. In this case, 0 |data_size| means that the file is empty. + // - kInUse indicates that there are other read/write operations pending. + // - kError indicates read failure, e.g. the storage is not open or cannot be + // fully read. + virtual void OnReadComplete(Status status, const uint8_t* data, + uint32_t data_size) = 0; + + // Response to a FileIO::Write() call. + // - kSuccess indicates that all the data has been written into the file + // successfully. + // - kInUse indicates that there are other read/write operations pending. + // - kError indicates write failure, e.g. the storage is not open or cannot be + // fully written. Upon write failure, the contents of the file should be + // regarded as corrupt and should not used. + virtual void OnWriteComplete(Status status) = 0; + + protected: + FileIOClient() {} + virtual ~FileIOClient() {} +}; + +class CDM_CLASS_API Host_10; +class CDM_CLASS_API Host_11; + +// ContentDecryptionModule interface that all CDMs need to implement. +// The interface is versioned for backward compatibility. +// Note: ContentDecryptionModule implementations must use the allocator +// provided in CreateCdmInstance() to allocate any Buffer that needs to +// be passed back to the caller. Implementations must call Buffer::Destroy() +// when a Buffer is created that will never be returned to the caller. +class CDM_CLASS_API ContentDecryptionModule_10 { + public: + static const int kVersion = 10; + static const bool kIsStable = true; + typedef Host_10 Host; + + // Initializes the CDM instance, providing information about permitted + // functionalities. The CDM must respond by calling Host::OnInitialized() + // with whether the initialization succeeded. No other calls will be made by + // the host before Host::OnInitialized() returns. + // If |allow_distinctive_identifier| is false, messages from the CDM, + // such as message events, must not contain a Distinctive Identifier, + // even in an encrypted form. + // If |allow_persistent_state| is false, the CDM must not attempt to + // persist state. Calls to CreateFileIO() will fail. + // If |use_hw_secure_codecs| is true, the CDM must ensure the decryption key + // and video buffers (compressed and uncompressed) are securely protected by + // hardware. + virtual void Initialize(bool allow_distinctive_identifier, + bool allow_persistent_state, + bool use_hw_secure_codecs) = 0; + + // Gets the key status if the CDM has a hypothetical key with the |policy|. + // The CDM must respond by calling either Host::OnResolveKeyStatusPromise() + // with the result key status or Host::OnRejectPromise() if an unexpected + // error happened or this method is not supported. + virtual void GetStatusForPolicy(uint32_t promise_id, + const Policy& policy) = 0; + + // SetServerCertificate(), CreateSessionAndGenerateRequest(), LoadSession(), + // UpdateSession(), CloseSession(), and RemoveSession() all accept a + // |promise_id|, which must be passed to the completion Host method + // (e.g. Host::OnResolveNewSessionPromise()). + + // Provides a server certificate to be used to encrypt messages to the + // license server. The CDM must respond by calling either + // Host::OnResolvePromise() or Host::OnRejectPromise(). + // If the CDM does not support server certificates, the promise should be + // rejected with kExceptionNotSupportedError. If |server_certificate_data| + // is empty, reject with kExceptionTypeError. Any other error should be + // rejected with kExceptionInvalidStateError or kExceptionQuotaExceededError. + // TODO(crbug.com/796417): Add support for the promise to return true or + // false, rather than using kExceptionNotSupportedError to mean false. + virtual void SetServerCertificate(uint32_t promise_id, + const uint8_t* server_certificate_data, + uint32_t server_certificate_data_size) = 0; + + // Creates a session given |session_type|, |init_data_type|, and |init_data|. + // The CDM must respond by calling either Host::OnResolveNewSessionPromise() + // or Host::OnRejectPromise(). + virtual void CreateSessionAndGenerateRequest(uint32_t promise_id, + SessionType session_type, + InitDataType init_data_type, + const uint8_t* init_data, + uint32_t init_data_size) = 0; + + // Loads the session of type |session_type| specified by |session_id|. + // The CDM must respond by calling either Host::OnResolveNewSessionPromise() + // or Host::OnRejectPromise(). If the session is not found, call + // Host::OnResolveNewSessionPromise() with session_id = NULL. + virtual void LoadSession(uint32_t promise_id, SessionType session_type, + const char* session_id, + uint32_t session_id_size) = 0; + + // Updates the session with |response|. The CDM must respond by calling + // either Host::OnResolvePromise() or Host::OnRejectPromise(). + virtual void UpdateSession(uint32_t promise_id, const char* session_id, + uint32_t session_id_size, const uint8_t* response, + uint32_t response_size) = 0; + + // Requests that the CDM close the session. The CDM must respond by calling + // either Host::OnResolvePromise() or Host::OnRejectPromise() when the request + // has been processed. This may be before the session is closed. Once the + // session is closed, Host::OnSessionClosed() must also be called. + virtual void CloseSession(uint32_t promise_id, const char* session_id, + uint32_t session_id_size) = 0; + + // Removes any stored session data associated with this session. Will only be + // called for persistent sessions. The CDM must respond by calling either + // Host::OnResolvePromise() or Host::OnRejectPromise() when the request has + // been processed. + virtual void RemoveSession(uint32_t promise_id, const char* session_id, + uint32_t session_id_size) = 0; + + // Performs scheduled operation with |context| when the timer fires. + virtual void TimerExpired(void* context) = 0; + + // Decrypts the |encrypted_buffer|. + // + // Returns kSuccess if decryption succeeded, in which case the callee + // should have filled the |decrypted_buffer| and passed the ownership of + // |data| in |decrypted_buffer| to the caller. + // Returns kNoKey if the CDM did not have the necessary decryption key + // to decrypt. + // Returns kDecryptError if any other error happened. + // If the return value is not kSuccess, |decrypted_buffer| should be ignored + // by the caller. + virtual Status Decrypt(const InputBuffer_2& encrypted_buffer, + DecryptedBlock* decrypted_buffer) = 0; + + // Initializes the CDM audio decoder with |audio_decoder_config|. This + // function must be called before DecryptAndDecodeSamples() is called. + // + // Returns kSuccess if the |audio_decoder_config| is supported and the CDM + // audio decoder is successfully initialized. + // Returns kInitializationError if |audio_decoder_config| is not supported. + // The CDM may still be able to do Decrypt(). + // Returns kDeferredInitialization if the CDM is not ready to initialize the + // decoder at this time. Must call Host::OnDeferredInitializationDone() once + // initialization is complete. + virtual Status InitializeAudioDecoder( + const AudioDecoderConfig_2& audio_decoder_config) = 0; + + // Initializes the CDM video decoder with |video_decoder_config|. This + // function must be called before DecryptAndDecodeFrame() is called. + // + // Returns kSuccess if the |video_decoder_config| is supported and the CDM + // video decoder is successfully initialized. + // Returns kInitializationError if |video_decoder_config| is not supported. + // The CDM may still be able to do Decrypt(). + // Returns kDeferredInitialization if the CDM is not ready to initialize the + // decoder at this time. Must call Host::OnDeferredInitializationDone() once + // initialization is complete. + virtual Status InitializeVideoDecoder( + const VideoDecoderConfig_2& video_decoder_config) = 0; + + // De-initializes the CDM decoder and sets it to an uninitialized state. The + // caller can initialize the decoder again after this call to re-initialize + // it. This can be used to reconfigure the decoder if the configuration + // changes. + virtual void DeinitializeDecoder(StreamType decoder_type) = 0; + + // Resets the CDM decoder to an initialized clean state. All internal buffers + // MUST be flushed. + virtual void ResetDecoder(StreamType decoder_type) = 0; + + // Decrypts the |encrypted_buffer| and decodes the decrypted buffer into a + // |video_frame|. Upon end-of-stream, the caller should call this function + // repeatedly with empty |encrypted_buffer| (|data| == NULL) until + // kNeedMoreData is returned. + // + // Returns kSuccess if decryption and decoding both succeeded, in which case + // the callee will have filled the |video_frame| and passed the ownership of + // |frame_buffer| in |video_frame| to the caller. + // Returns kNoKey if the CDM did not have the necessary decryption key + // to decrypt. + // Returns kNeedMoreData if more data was needed by the decoder to generate + // a decoded frame (e.g. during initialization and end-of-stream). + // Returns kDecryptError if any decryption error happened. + // Returns kDecodeError if any decoding error happened. + // If the return value is not kSuccess, |video_frame| should be ignored by + // the caller. + virtual Status DecryptAndDecodeFrame(const InputBuffer_2& encrypted_buffer, + VideoFrame* video_frame) = 0; + + // Decrypts the |encrypted_buffer| and decodes the decrypted buffer into + // |audio_frames|. Upon end-of-stream, the caller should call this function + // repeatedly with empty |encrypted_buffer| (|data| == NULL) until only empty + // |audio_frames| is produced. + // + // Returns kSuccess if decryption and decoding both succeeded, in which case + // the callee will have filled |audio_frames| and passed the ownership of + // |data| in |audio_frames| to the caller. + // Returns kNoKey if the CDM did not have the necessary decryption key + // to decrypt. + // Returns kNeedMoreData if more data was needed by the decoder to generate + // audio samples (e.g. during initialization and end-of-stream). + // Returns kDecryptError if any decryption error happened. + // Returns kDecodeError if any decoding error happened. + // If the return value is not kSuccess, |audio_frames| should be ignored by + // the caller. + virtual Status DecryptAndDecodeSamples(const InputBuffer_2& encrypted_buffer, + AudioFrames* audio_frames) = 0; + + // Called by the host after a platform challenge was initiated via + // Host::SendPlatformChallenge(). + virtual void OnPlatformChallengeResponse( + const PlatformChallengeResponse& response) = 0; + + // Called by the host after a call to Host::QueryOutputProtectionStatus(). The + // |link_mask| is a bit mask of OutputLinkTypes and |output_protection_mask| + // is a bit mask of OutputProtectionMethods. If |result| is kQueryFailed, + // then |link_mask| and |output_protection_mask| are undefined and should + // be ignored. + virtual void OnQueryOutputProtectionStatus( + QueryResult result, uint32_t link_mask, + uint32_t output_protection_mask) = 0; + + // Called by the host after a call to Host::RequestStorageId(). If the + // version of the storage ID requested is available, |storage_id| and + // |storage_id_size| are set appropriately. |version| will be the same as + // what was requested, unless 0 (latest) was requested, in which case + // |version| will be the actual version number for the |storage_id| returned. + // If the requested version is not available, null/zero will be provided as + // |storage_id| and |storage_id_size|, respectively, and |version| should be + // ignored. + virtual void OnStorageId(uint32_t version, const uint8_t* storage_id, + uint32_t storage_id_size) = 0; + + // Destroys the object in the same context as it was created. + virtual void Destroy() = 0; + + protected: + ContentDecryptionModule_10() {} + virtual ~ContentDecryptionModule_10() {} +}; + +// ----- Note: CDM interface(s) below still in development and not stable! ----- + +// ContentDecryptionModule interface that all CDMs need to implement. +// The interface is versioned for backward compatibility. +// Note: ContentDecryptionModule implementations must use the allocator +// provided in CreateCdmInstance() to allocate any Buffer that needs to +// be passed back to the caller. Implementations must call Buffer::Destroy() +// when a Buffer is created that will never be returned to the caller. +class CDM_CLASS_API ContentDecryptionModule_11 { + public: + static const int kVersion = 11; + static const bool kIsStable = false; + typedef Host_11 Host; + + // Initializes the CDM instance, providing information about permitted + // functionalities. The CDM must respond by calling Host::OnInitialized() + // with whether the initialization succeeded. No other calls will be made by + // the host before Host::OnInitialized() returns. + // If |allow_distinctive_identifier| is false, messages from the CDM, + // such as message events, must not contain a Distinctive Identifier, + // even in an encrypted form. + // If |allow_persistent_state| is false, the CDM must not attempt to + // persist state. Calls to CreateFileIO() will fail. + // If |use_hw_secure_codecs| is true, the CDM must ensure the decryption key + // and video buffers (compressed and uncompressed) are securely protected by + // hardware. + virtual void Initialize(bool allow_distinctive_identifier, + bool allow_persistent_state, + bool use_hw_secure_codecs) = 0; + + // Gets the key status if the CDM has a hypothetical key with the |policy|. + // The CDM must respond by calling either Host::OnResolveKeyStatusPromise() + // with the result key status or Host::OnRejectPromise() if an unexpected + // error happened or this method is not supported. + virtual void GetStatusForPolicy(uint32_t promise_id, + const Policy& policy) = 0; + + // SetServerCertificate(), CreateSessionAndGenerateRequest(), LoadSession(), + // UpdateSession(), CloseSession(), and RemoveSession() all accept a + // |promise_id|, which must be passed to the completion Host method + // (e.g. Host::OnResolveNewSessionPromise()). + + // Provides a server certificate to be used to encrypt messages to the + // license server. The CDM must respond by calling either + // Host::OnResolvePromise() or Host::OnRejectPromise(). + // If the CDM does not support server certificates, the promise should be + // rejected with kExceptionNotSupportedError. If |server_certificate_data| + // is empty, reject with kExceptionTypeError. Any other error should be + // rejected with kExceptionInvalidStateError or kExceptionQuotaExceededError. + // TODO(crbug.com/796417): Add support for the promise to return true or + // false, rather than using kExceptionNotSupportedError to mean false. + virtual void SetServerCertificate(uint32_t promise_id, + const uint8_t* server_certificate_data, + uint32_t server_certificate_data_size) = 0; + + // Creates a session given |session_type|, |init_data_type|, and |init_data|. + // The CDM must respond by calling either Host::OnResolveNewSessionPromise() + // or Host::OnRejectPromise(). + virtual void CreateSessionAndGenerateRequest(uint32_t promise_id, + SessionType session_type, + InitDataType init_data_type, + const uint8_t* init_data, + uint32_t init_data_size) = 0; + + // Loads the session of type |session_type| specified by |session_id|. + // The CDM must respond by calling either Host::OnResolveNewSessionPromise() + // or Host::OnRejectPromise(). If the session is not found, call + // Host::OnResolveNewSessionPromise() with session_id = NULL. + virtual void LoadSession(uint32_t promise_id, SessionType session_type, + const char* session_id, + uint32_t session_id_size) = 0; + + // Updates the session with |response|. The CDM must respond by calling + // either Host::OnResolvePromise() or Host::OnRejectPromise(). + virtual void UpdateSession(uint32_t promise_id, const char* session_id, + uint32_t session_id_size, const uint8_t* response, + uint32_t response_size) = 0; + + // Requests that the CDM close the session. The CDM must respond by calling + // either Host::OnResolvePromise() or Host::OnRejectPromise() when the request + // has been processed. This may be before the session is closed. Once the + // session is closed, Host::OnSessionClosed() must also be called. + virtual void CloseSession(uint32_t promise_id, const char* session_id, + uint32_t session_id_size) = 0; + + // Removes any stored session data associated with this session. Removes all + // license(s) and key(s) associated with the session, whether they are in + // memory, persistent store, or both. For persistent session types, other + // session data (e.g. record of license destruction) will be cleared as + // defined for each session type once a release message acknowledgment is + // processed by UpdateSession(). The CDM must respond by calling either + // Host::OnResolvePromise() or Host::OnRejectPromise() when the request has + // been processed. + virtual void RemoveSession(uint32_t promise_id, const char* session_id, + uint32_t session_id_size) = 0; + + // Performs scheduled operation with |context| when the timer fires. + virtual void TimerExpired(void* context) = 0; + + // Decrypts the |encrypted_buffer|. + // + // Returns kSuccess if decryption succeeded, in which case the callee + // should have filled the |decrypted_buffer| and passed the ownership of + // |data| in |decrypted_buffer| to the caller. + // Returns kNoKey if the CDM did not have the necessary decryption key + // to decrypt. + // Returns kDecryptError if any other error happened. + // If the return value is not kSuccess, |decrypted_buffer| should be ignored + // by the caller. + virtual Status Decrypt(const InputBuffer_2& encrypted_buffer, + DecryptedBlock* decrypted_buffer) = 0; + + // Initializes the CDM audio decoder with |audio_decoder_config|. This + // function must be called before DecryptAndDecodeSamples() is called. + // + // Returns kSuccess if the |audio_decoder_config| is supported and the CDM + // audio decoder is successfully initialized. + // Returns kInitializationError if |audio_decoder_config| is not supported. + // The CDM may still be able to do Decrypt(). + // Returns kDeferredInitialization if the CDM is not ready to initialize the + // decoder at this time. Must call Host::OnDeferredInitializationDone() once + // initialization is complete. + virtual Status InitializeAudioDecoder( + const AudioDecoderConfig_2& audio_decoder_config) = 0; + + // Initializes the CDM video decoder with |video_decoder_config|. This + // function must be called before DecryptAndDecodeFrame() is called. + // + // Returns kSuccess if the |video_decoder_config| is supported and the CDM + // video decoder is successfully initialized. + // Returns kInitializationError if |video_decoder_config| is not supported. + // The CDM may still be able to do Decrypt(). + // Returns kDeferredInitialization if the CDM is not ready to initialize the + // decoder at this time. Must call Host::OnDeferredInitializationDone() once + // initialization is complete. + virtual Status InitializeVideoDecoder( + const VideoDecoderConfig_3& video_decoder_config) = 0; + + // De-initializes the CDM decoder and sets it to an uninitialized state. The + // caller can initialize the decoder again after this call to re-initialize + // it. This can be used to reconfigure the decoder if the configuration + // changes. + virtual void DeinitializeDecoder(StreamType decoder_type) = 0; + + // Resets the CDM decoder to an initialized clean state. All internal buffers + // MUST be flushed. + virtual void ResetDecoder(StreamType decoder_type) = 0; + + // Decrypts the |encrypted_buffer| and decodes the decrypted buffer into a + // |video_frame|. Upon end-of-stream, the caller should call this function + // repeatedly with empty |encrypted_buffer| (|data| == NULL) until + // kNeedMoreData is returned. + // + // Returns kSuccess if decryption and decoding both succeeded, in which case + // the callee will have filled the |video_frame| and passed the ownership of + // |frame_buffer| in |video_frame| to the caller. + // Returns kNoKey if the CDM did not have the necessary decryption key + // to decrypt. + // Returns kNeedMoreData if more data was needed by the decoder to generate + // a decoded frame (e.g. during initialization and end-of-stream). + // Returns kDecryptError if any decryption error happened. + // Returns kDecodeError if any decoding error happened. + // If the return value is not kSuccess, |video_frame| should be ignored by + // the caller. + virtual Status DecryptAndDecodeFrame(const InputBuffer_2& encrypted_buffer, + VideoFrame_2* video_frame) = 0; + + // Decrypts the |encrypted_buffer| and decodes the decrypted buffer into + // |audio_frames|. Upon end-of-stream, the caller should call this function + // repeatedly with empty |encrypted_buffer| (|data| == NULL) until only empty + // |audio_frames| is produced. + // + // Returns kSuccess if decryption and decoding both succeeded, in which case + // the callee will have filled |audio_frames| and passed the ownership of + // |data| in |audio_frames| to the caller. + // Returns kNoKey if the CDM did not have the necessary decryption key + // to decrypt. + // Returns kNeedMoreData if more data was needed by the decoder to generate + // audio samples (e.g. during initialization and end-of-stream). + // Returns kDecryptError if any decryption error happened. + // Returns kDecodeError if any decoding error happened. + // If the return value is not kSuccess, |audio_frames| should be ignored by + // the caller. + virtual Status DecryptAndDecodeSamples(const InputBuffer_2& encrypted_buffer, + AudioFrames* audio_frames) = 0; + + // Called by the host after a platform challenge was initiated via + // Host::SendPlatformChallenge(). + virtual void OnPlatformChallengeResponse( + const PlatformChallengeResponse& response) = 0; + + // Called by the host after a call to Host::QueryOutputProtectionStatus(). The + // |link_mask| is a bit mask of OutputLinkTypes and |output_protection_mask| + // is a bit mask of OutputProtectionMethods. If |result| is kQueryFailed, + // then |link_mask| and |output_protection_mask| are undefined and should + // be ignored. + virtual void OnQueryOutputProtectionStatus( + QueryResult result, uint32_t link_mask, + uint32_t output_protection_mask) = 0; + + // Called by the host after a call to Host::RequestStorageId(). If the + // version of the storage ID requested is available, |storage_id| and + // |storage_id_size| are set appropriately. |version| will be the same as + // what was requested, unless 0 (latest) was requested, in which case + // |version| will be the actual version number for the |storage_id| returned. + // If the requested version is not available, null/zero will be provided as + // |storage_id| and |storage_id_size|, respectively, and |version| should be + // ignored. + virtual void OnStorageId(uint32_t version, const uint8_t* storage_id, + uint32_t storage_id_size) = 0; + + // Destroys the object in the same context as it was created. + virtual void Destroy() = 0; + + protected: + ContentDecryptionModule_11() {} + virtual ~ContentDecryptionModule_11() {} +}; + +class CDM_CLASS_API Host_10 { + public: + static const int kVersion = 10; + + // Returns a Buffer* containing non-zero members upon success, or NULL on + // failure. The caller owns the Buffer* after this call. The buffer is not + // guaranteed to be zero initialized. The capacity of the allocated Buffer + // is guaranteed to be not less than |capacity|. + virtual Buffer* Allocate(uint32_t capacity) = 0; + + // Requests the host to call ContentDecryptionModule::TimerFired() |delay_ms| + // from now with |context|. + virtual void SetTimer(int64_t delay_ms, void* context) = 0; + + // Returns the current wall time. + virtual Time GetCurrentWallTime() = 0; + + // Called by the CDM with the result after the CDM instance was initialized. + virtual void OnInitialized(bool success) = 0; + + // Called by the CDM when a key status is available in response to + // GetStatusForPolicy(). + virtual void OnResolveKeyStatusPromise(uint32_t promise_id, + KeyStatus key_status) = 0; + + // Called by the CDM when a session is created or loaded and the value for the + // MediaKeySession's sessionId attribute is available (|session_id|). + // This must be called before OnSessionMessage() or + // OnSessionKeysChange() is called for the same session. |session_id_size| + // should not include null termination. + // When called in response to LoadSession(), the |session_id| must be the + // same as the |session_id| passed in LoadSession(), or NULL if the + // session could not be loaded. + virtual void OnResolveNewSessionPromise(uint32_t promise_id, + const char* session_id, + uint32_t session_id_size) = 0; + + // Called by the CDM when a session is updated or released. + virtual void OnResolvePromise(uint32_t promise_id) = 0; + + // Called by the CDM when an error occurs as a result of one of the + // ContentDecryptionModule calls that accept a |promise_id|. + // |exception| must be specified. |error_message| and |system_code| + // are optional. |error_message_size| should not include null termination. + virtual void OnRejectPromise(uint32_t promise_id, Exception exception, + uint32_t system_code, const char* error_message, + uint32_t error_message_size) = 0; + + // Called by the CDM when it has a message for session |session_id|. + // Size parameters should not include null termination. + virtual void OnSessionMessage(const char* session_id, + uint32_t session_id_size, + MessageType message_type, const char* message, + uint32_t message_size) = 0; + + // Called by the CDM when there has been a change in keys or their status for + // session |session_id|. |has_additional_usable_key| should be set if a + // key is newly usable (e.g. new key available, previously expired key has + // been renewed, etc.) and the browser should attempt to resume playback. + // |keys_info| is the list of key IDs for this session along with their + // current status. |keys_info_count| is the number of entries in |keys_info|. + // Size parameter for |session_id| should not include null termination. + virtual void OnSessionKeysChange(const char* session_id, + uint32_t session_id_size, + bool has_additional_usable_key, + const KeyInformation* keys_info, + uint32_t keys_info_count) = 0; + + // Called by the CDM when there has been a change in the expiration time for + // session |session_id|. This can happen as the result of an Update() call + // or some other event. If this happens as a result of a call to Update(), + // it must be called before resolving the Update() promise. |new_expiry_time| + // represents the time after which the key(s) in the session will no longer + // be usable for decryption. It can be 0 if no such time exists or if the + // license explicitly never expires. Size parameter should not include null + // termination. + virtual void OnExpirationChange(const char* session_id, + uint32_t session_id_size, + Time new_expiry_time) = 0; + + // Called by the CDM when session |session_id| is closed. Size + // parameter should not include null termination. + virtual void OnSessionClosed(const char* session_id, + uint32_t session_id_size) = 0; + + // The following are optional methods that may not be implemented on all + // platforms. + + // Sends a platform challenge for the given |service_id|. |challenge| is at + // most 256 bits of data to be signed. Once the challenge has been completed, + // the host will call ContentDecryptionModule::OnPlatformChallengeResponse() + // with the signed challenge response and platform certificate. Size + // parameters should not include null termination. + virtual void SendPlatformChallenge(const char* service_id, + uint32_t service_id_size, + const char* challenge, + uint32_t challenge_size) = 0; + + // Attempts to enable output protection (e.g. HDCP) on the display link. The + // |desired_protection_mask| is a bit mask of OutputProtectionMethods. No + // status callback is issued, the CDM must call QueryOutputProtectionStatus() + // periodically to ensure the desired protections are applied. + virtual void EnableOutputProtection(uint32_t desired_protection_mask) = 0; + + // Requests the current output protection status. Once the host has the status + // it will call ContentDecryptionModule::OnQueryOutputProtectionStatus(). + virtual void QueryOutputProtectionStatus() = 0; + + // Must be called by the CDM if it returned kDeferredInitialization during + // InitializeAudioDecoder() or InitializeVideoDecoder(). + virtual void OnDeferredInitializationDone(StreamType stream_type, + Status decoder_status) = 0; + + // Creates a FileIO object from the host to do file IO operation. Returns NULL + // if a FileIO object cannot be obtained. Once a valid FileIO object is + // returned, |client| must be valid until FileIO::Close() is called. The + // CDM can call this method multiple times to operate on different files. + virtual FileIO* CreateFileIO(FileIOClient* client) = 0; + + // Requests a specific version of the storage ID. A storage ID is a stable, + // device specific ID used by the CDM to securely store persistent data. The + // ID will be returned by the host via ContentDecryptionModule::OnStorageId(). + // If |version| is 0, the latest version will be returned. All |version|s + // that are greater than or equal to 0x80000000 are reserved for the CDM and + // should not be supported or returned by the host. The CDM must not expose + // the ID outside the client device, even in encrypted form. + virtual void RequestStorageId(uint32_t version) = 0; + + protected: + Host_10() {} + virtual ~Host_10() {} +}; + +class CDM_CLASS_API Host_11 { + public: + static const int kVersion = 11; + + // Returns a Buffer* containing non-zero members upon success, or NULL on + // failure. The caller owns the Buffer* after this call. The buffer is not + // guaranteed to be zero initialized. The capacity of the allocated Buffer + // is guaranteed to be not less than |capacity|. + virtual Buffer* Allocate(uint32_t capacity) = 0; + + // Requests the host to call ContentDecryptionModule::TimerFired() |delay_ms| + // from now with |context|. + virtual void SetTimer(int64_t delay_ms, void* context) = 0; + + // Returns the current wall time. + virtual Time GetCurrentWallTime() = 0; + + // Called by the CDM with the result after the CDM instance was initialized. + virtual void OnInitialized(bool success) = 0; + + // Called by the CDM when a key status is available in response to + // GetStatusForPolicy(). + virtual void OnResolveKeyStatusPromise(uint32_t promise_id, + KeyStatus key_status) = 0; + + // Called by the CDM when a session is created or loaded and the value for the + // MediaKeySession's sessionId attribute is available (|session_id|). + // This must be called before OnSessionMessage() or + // OnSessionKeysChange() is called for the same session. |session_id_size| + // should not include null termination. + // When called in response to LoadSession(), the |session_id| must be the + // same as the |session_id| passed in LoadSession(), or NULL if the + // session could not be loaded. + virtual void OnResolveNewSessionPromise(uint32_t promise_id, + const char* session_id, + uint32_t session_id_size) = 0; + + // Called by the CDM when a session is updated or released. + virtual void OnResolvePromise(uint32_t promise_id) = 0; + + // Called by the CDM when an error occurs as a result of one of the + // ContentDecryptionModule calls that accept a |promise_id|. + // |exception| must be specified. |error_message| and |system_code| + // are optional. |error_message_size| should not include null termination. + virtual void OnRejectPromise(uint32_t promise_id, Exception exception, + uint32_t system_code, const char* error_message, + uint32_t error_message_size) = 0; + + // Called by the CDM when it has a message for session |session_id|. + // Size parameters should not include null termination. + virtual void OnSessionMessage(const char* session_id, + uint32_t session_id_size, + MessageType message_type, const char* message, + uint32_t message_size) = 0; + + // Called by the CDM when there has been a change in keys or their status for + // session |session_id|. |has_additional_usable_key| should be set if a + // key is newly usable (e.g. new key available, previously expired key has + // been renewed, etc.) and the browser should attempt to resume playback. + // |keys_info| is the list of key IDs for this session along with their + // current status. |keys_info_count| is the number of entries in |keys_info|. + // Size parameter for |session_id| should not include null termination. + virtual void OnSessionKeysChange(const char* session_id, + uint32_t session_id_size, + bool has_additional_usable_key, + const KeyInformation* keys_info, + uint32_t keys_info_count) = 0; + + // Called by the CDM when there has been a change in the expiration time for + // session |session_id|. This can happen as the result of an Update() call + // or some other event. If this happens as a result of a call to Update(), + // it must be called before resolving the Update() promise. |new_expiry_time| + // represents the time after which the key(s) in the session will no longer + // be usable for decryption. It can be 0 if no such time exists or if the + // license explicitly never expires. Size parameter should not include null + // termination. + virtual void OnExpirationChange(const char* session_id, + uint32_t session_id_size, + Time new_expiry_time) = 0; + + // Called by the CDM when session |session_id| is closed. Size + // parameter should not include null termination. + virtual void OnSessionClosed(const char* session_id, + uint32_t session_id_size) = 0; + + // The following are optional methods that may not be implemented on all + // platforms. + + // Sends a platform challenge for the given |service_id|. |challenge| is at + // most 256 bits of data to be signed. Once the challenge has been completed, + // the host will call ContentDecryptionModule::OnPlatformChallengeResponse() + // with the signed challenge response and platform certificate. Size + // parameters should not include null termination. + virtual void SendPlatformChallenge(const char* service_id, + uint32_t service_id_size, + const char* challenge, + uint32_t challenge_size) = 0; + + // Attempts to enable output protection (e.g. HDCP) on the display link. The + // |desired_protection_mask| is a bit mask of OutputProtectionMethods. No + // status callback is issued, the CDM must call QueryOutputProtectionStatus() + // periodically to ensure the desired protections are applied. + virtual void EnableOutputProtection(uint32_t desired_protection_mask) = 0; + + // Requests the current output protection status. Once the host has the status + // it will call ContentDecryptionModule::OnQueryOutputProtectionStatus(). + virtual void QueryOutputProtectionStatus() = 0; + + // Must be called by the CDM if it returned kDeferredInitialization during + // InitializeAudioDecoder() or InitializeVideoDecoder(). + virtual void OnDeferredInitializationDone(StreamType stream_type, + Status decoder_status) = 0; + + // Creates a FileIO object from the host to do file IO operation. Returns NULL + // if a FileIO object cannot be obtained. Once a valid FileIO object is + // returned, |client| must be valid until FileIO::Close() is called. The + // CDM can call this method multiple times to operate on different files. + virtual FileIO* CreateFileIO(FileIOClient* client) = 0; + + // Requests a CdmProxy that proxies part of CDM functionalities to a different + // entity, e.g. a hardware CDM module. A CDM instance can have at most one + // CdmProxy throughout its lifetime, which must be requested and initialized + // during CDM instance initialization time, i.e. in or after CDM::Initialize() + // and before OnInitialized() is called, to ensure proper connection of the + // CdmProxy and the media player (e.g. hardware decoder). The CdmProxy is + // owned by the host and is guaranteed to be valid throughout the CDM + // instance's lifetime. The CDM must ensure that the |client| remain valid + // before the CDM instance is destroyed. Returns null if CdmProxy is not + // supported, called before CDM::Initialize(), RequestCdmProxy() is called + // more than once, or called after the CDM instance has been initialized. + virtual CdmProxy* RequestCdmProxy(CdmProxyClient* client) = 0; + + // Requests a specific version of the storage ID. A storage ID is a stable, + // device specific ID used by the CDM to securely store persistent data. The + // ID will be returned by the host via ContentDecryptionModule::OnStorageId(). + // If |version| is 0, the latest version will be returned. All |version|s + // that are greater than or equal to 0x80000000 are reserved for the CDM and + // should not be supported or returned by the host. The CDM must not expose + // the ID outside the client device, even in encrypted form. + virtual void RequestStorageId(uint32_t version) = 0; + + protected: + Host_11() {} + virtual ~Host_11() {} +}; + +} // namespace cdm + +#endif // CDM_CONTENT_DECRYPTION_MODULE_H_ diff --git a/dom/media/gmp/widevine-adapter/content_decryption_module_export.h b/dom/media/gmp/widevine-adapter/content_decryption_module_export.h new file mode 100644 index 0000000000..932708deba --- /dev/null +++ b/dom/media/gmp/widevine-adapter/content_decryption_module_export.h @@ -0,0 +1,38 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CDM_CONTENT_DECRYPTION_MODULE_EXPORT_H_ +#define CDM_CONTENT_DECRYPTION_MODULE_EXPORT_H_ + +// Define CDM_API so that functionality implemented by the CDM module +// can be exported to consumers. +#if defined(_WIN32) + +#if defined(CDM_IMPLEMENTATION) +#define CDM_API __declspec(dllexport) +#else +#define CDM_API __declspec(dllimport) +#endif // defined(CDM_IMPLEMENTATION) + +#else // defined(_WIN32) +#define CDM_API __attribute__((visibility("default"))) +#endif // defined(_WIN32) + +// Define CDM_CLASS_API to export class types. We have to add visibility +// attributes to make sure virtual tables in CDM consumer and CDM implementation +// are the same. Generally, it was always a good idea, as there're no guarantees +// about that for the internal symbols, but it has only become a practical issue +// after introduction of LTO devirtualization. See more details on +// https://crbug.com/609564#c35 +#if defined(_WIN32) +#if defined(__clang__) +#define CDM_CLASS_API [[clang::lto_visibility_public]] +#else +#define CDM_CLASS_API +#endif +#else // defined(_WIN32) +#define CDM_CLASS_API __attribute__((visibility("default"))) +#endif // defined(_WIN32) + +#endif // CDM_CONTENT_DECRYPTION_MODULE_EXPORT_H_ diff --git a/dom/media/gmp/widevine-adapter/content_decryption_module_ext.h b/dom/media/gmp/widevine-adapter/content_decryption_module_ext.h new file mode 100644 index 0000000000..5df8344e60 --- /dev/null +++ b/dom/media/gmp/widevine-adapter/content_decryption_module_ext.h @@ -0,0 +1,64 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CDM_CONTENT_DECRYPTION_MODULE_EXT_H_ +#define CDM_CONTENT_DECRYPTION_MODULE_EXT_H_ + +#if defined(_WIN32) +#include <windows.h> +#endif + +#include "content_decryption_module_export.h" + +#if defined(_MSC_VER) +typedef unsigned int uint32_t; +#else +#include <stdint.h> +#endif + +namespace cdm { + +#if defined(_WIN32) +typedef wchar_t FilePathCharType; +typedef HANDLE PlatformFile; +const PlatformFile kInvalidPlatformFile = INVALID_HANDLE_VALUE; +#else +typedef char FilePathCharType; +typedef int PlatformFile; +const PlatformFile kInvalidPlatformFile = -1; +#endif // defined(_WIN32) + +struct HostFile { + HostFile(const FilePathCharType* file_path, + PlatformFile file, + PlatformFile sig_file) + : file_path(file_path), file(file), sig_file(sig_file) {} + + // File that is part of the host of the CDM. + const FilePathCharType* file_path = nullptr; + PlatformFile file = kInvalidPlatformFile; + + // Signature file for |file|. + PlatformFile sig_file = kInvalidPlatformFile; +}; + +} // namespace cdm + +extern "C" { + +// Functions in this file are dynamically retrieved by their versioned function +// names. Increment the version number for any backward incompatible API +// changes. + +// Verifies CDM host. All files in |host_files| are opened in read-only mode. +// +// Returns false and closes all files if there is an immediate failure. +// Otherwise returns true as soon as possible and processes the files +// asynchronously. All files MUST be closed by the CDM after this one-time +// processing is finished. +CDM_API bool VerifyCdmHost_0(const cdm::HostFile* host_files, + uint32_t num_files); +} + +#endif // CDM_CONTENT_DECRYPTION_MODULE_EXT_H_ diff --git a/dom/media/gmp/widevine-adapter/content_decryption_module_proxy.h b/dom/media/gmp/widevine-adapter/content_decryption_module_proxy.h new file mode 100644 index 0000000000..d3edff8b37 --- /dev/null +++ b/dom/media/gmp/widevine-adapter/content_decryption_module_proxy.h @@ -0,0 +1,121 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CDM_CONTENT_DECRYPTION_MODULE_PROXY_H_ +#define CDM_CONTENT_DECRYPTION_MODULE_PROXY_H_ + +#include "content_decryption_module_export.h" + +#if defined(_MSC_VER) +typedef unsigned char uint8_t; +typedef unsigned int uint32_t; +typedef unsigned __int64 uint64_t; +#else +# include <stdint.h> +#endif + +namespace cdm { + +class CDM_CLASS_API CdmProxyClient; + +// A proxy class for the CDM. +// In general, the interpretation of the CdmProxy and CdmProxyClient method +// parameters are protocol dependent. For enum parameters, values outside the +// enum range may not work. +class CDM_CLASS_API CdmProxy { + public: + enum Function : uint32_t { + // For Intel Negotiate Crypto SessionKey Exchange (CSME) path to call + // ID3D11VideoContext::NegotiateCryptoSessionKeyExchange. + kIntelNegotiateCryptoSessionKeyExchange = 1, + // There will be more values in the future e.g. for D3D11 RSA method. + }; + + enum KeyType : uint32_t { + kDecryptOnly = 0, + kDecryptAndDecode = 1, + }; + + // Initializes the proxy. The results will be returned in + // CdmProxyClient::OnInitialized(). + virtual void Initialize() = 0; + + // Processes and updates the state of the proxy. + // |output_data_size| is required by some protocol to set up the output data. + // The operation may fail if the |output_data_size| is wrong. The results will + // be returned in CdmProxyClient::OnProcessed(). + virtual void Process(Function function, uint32_t crypto_session_id, + const uint8_t* input_data, uint32_t input_data_size, + uint32_t output_data_size) = 0; + + // Creates a crypto session for handling media. + // If extra data has to be passed to further setup the media crypto session, + // pass the data as |input_data|. The results will be returned in + // CdmProxyClient::OnMediaCryptoSessionCreated(). + virtual void CreateMediaCryptoSession(const uint8_t* input_data, + uint32_t input_data_size) = 0; + + // Sets a key for the session identified by |crypto_session_id|. + virtual void SetKey(uint32_t crypto_session_id, const uint8_t* key_id, + uint32_t key_id_size, KeyType key_type, + const uint8_t* key_blob, uint32_t key_blob_size) = 0; + + // Removes a key for the session identified by |crypto_session_id|. + virtual void RemoveKey(uint32_t crypto_session_id, const uint8_t* key_id, + uint32_t key_id_size) = 0; + + protected: + CdmProxy() {} + virtual ~CdmProxy() {} +}; + +// Responses to CdmProxy calls. All responses will be called asynchronously. +class CDM_CLASS_API CdmProxyClient { + public: + enum Status : uint32_t { + kOk, + kFail, + }; + + enum Protocol : uint32_t { + kNone = 0, // No protocol supported. Can be used in failure cases. + kIntel, // Method using Intel CSME. + // There will be more values in the future e.g. kD3D11RsaHardware, + // kD3D11RsaSoftware to use the D3D11 RSA method. + }; + + // Callback for Initialize(). If the proxy created a crypto session, then the + // ID for the crypto session is |crypto_session_id|. + virtual void OnInitialized(Status status, Protocol protocol, + uint32_t crypto_session_id) = 0; + + // Callback for Process(). |output_data| is the output of processing. + virtual void OnProcessed(Status status, const uint8_t* output_data, + uint32_t output_data_size) = 0; + + // Callback for CreateMediaCryptoSession(). On success: + // - |crypto_session_id| is the ID for the created crypto session. + // - |output_data| is extra value, if any. + // Otherwise, |crypto_session_id| and |output_data| should be ignored. + virtual void OnMediaCryptoSessionCreated(Status status, + uint32_t crypto_session_id, + uint64_t output_data) = 0; + + // Callback for SetKey(). + virtual void OnKeySet(Status status) = 0; + + // Callback for RemoveKey(). + virtual void OnKeyRemoved(Status status) = 0; + + // Called when there is a hardware reset and all the hardware context is lost. + virtual void NotifyHardwareReset() = 0; + + protected: + CdmProxyClient() {} + virtual ~CdmProxyClient() {} +}; + +} // namespace cdm + +#endif // CDM_CONTENT_DECRYPTION_MODULE_PROXY_H_ diff --git a/dom/media/gmp/widevine-adapter/moz.build b/dom/media/gmp/widevine-adapter/moz.build new file mode 100644 index 0000000000..b1b7582407 --- /dev/null +++ b/dom/media/gmp/widevine-adapter/moz.build @@ -0,0 +1,21 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SOURCES += [ + "WidevineFileIO.cpp", + "WidevineUtils.cpp", + "WidevineVideoFrame.cpp", +] + +EXPORTS += ["WidevineFileIO.h", "WidevineUtils.h", "WidevineVideoFrame.h"] + +FINAL_LIBRARY = "xul" + +LOCAL_INCLUDES += [ + "/dom/media/gmp", +] + +include("/ipc/chromium/chromium-config.mozbuild") |