1 /* 2 * Copyright (C) 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef DRM_API_H_ 18 #define DRM_API_H_ 19 20 #include <utils/List.h> 21 #include <utils/String8.h> 22 #include <utils/Vector.h> 23 #include <utils/KeyedVector.h> 24 #include <utils/RefBase.h> 25 #include <utils/Mutex.h> 26 #include <media/stagefright/foundation/ABase.h> 27 28 // Loadable DrmEngine shared libraries should define the entry points 29 // createDrmFactory and createCryptoFactory as shown below: 30 // 31 // extern "C" { 32 // extern android::DrmFactory *createDrmFactory(); 33 // extern android::CryptoFactory *createCryptoFactory(); 34 // } 35 36 namespace android { 37 38 class DrmPlugin; 39 class DrmPluginListener; 40 41 // DRMs are implemented in DrmEngine plugins, which are dynamically 42 // loadable shared libraries that implement the entry points 43 // createDrmFactory and createCryptoFactory. createDrmFactory 44 // constructs and returns an instance of a DrmFactory object. Similarly, 45 // createCryptoFactory creates an instance of a CryptoFactory object. 46 // When a MediaCrypto or MediaDrm object needs to be constructed, all 47 // available DrmEngines present in the plugins directory on the device 48 // are scanned for a matching DrmEngine that can support the crypto 49 // scheme. When a match is found, the DrmEngine's createCryptoPlugin and 50 // createDrmPlugin methods are used to create CryptoPlugin or 51 // DrmPlugin instances to support that DRM scheme. 52 53 class DrmFactory { 54 public: 55 DrmFactory() {} 56 virtual ~DrmFactory() {} 57 58 // DrmFactory::isCryptoSchemeSupported can be called to determine 59 // if the plugin factory is able to construct plugins that support a 60 // given crypto scheme, which is specified by a UUID. 61 virtual bool isCryptoSchemeSupported(const uint8_t uuid[16]) = 0; 62 63 // DrmFactory::isContentTypeSupported can be called to determine 64 // if the plugin factory is able to construct plugins that support a 65 // given media container format specified by mimeType 66 virtual bool isContentTypeSupported(const String8 &mimeType) = 0; 67 68 // Construct a DrmPlugin for the crypto scheme specified by UUID. 69 virtual status_t createDrmPlugin( 70 const uint8_t uuid[16], DrmPlugin **plugin) = 0; 71 72 private: 73 DrmFactory(const DrmFactory &); 74 DrmFactory &operator=(const DrmFactory &); 75 }; 76 77 class DrmPlugin { 78 public: 79 enum EventType { 80 kDrmPluginEventProvisionRequired = 1, 81 kDrmPluginEventKeyNeeded, 82 kDrmPluginEventKeyExpired, 83 kDrmPluginEventVendorDefined, 84 kDrmPluginEventSessionReclaimed, 85 kDrmPluginEventExpirationUpdate, 86 kDrmPluginEventKeysChange, 87 kDrmPluginEventSessionLostState, 88 }; 89 90 // Drm keys can be for offline content or for online streaming. 91 // Offline keys are persisted on the device and may be used when the device 92 // is disconnected from the network. The Release type is used to request 93 // that offline keys be no longer restricted to offline use. 94 enum KeyType { 95 kKeyType_Offline, 96 kKeyType_Streaming, 97 kKeyType_Release 98 }; 99 100 // Enumerate KeyRequestTypes to allow an app to determine the 101 // type of a key request returned from getKeyRequest. 102 enum KeyRequestType { 103 kKeyRequestType_Unknown, 104 kKeyRequestType_Initial, 105 kKeyRequestType_Renewal, 106 kKeyRequestType_Release, 107 kKeyRequestType_None, 108 kKeyRequestType_Update, 109 }; 110 111 // Enumerate KeyStatusTypes which indicate the state of a key 112 enum KeyStatusType 113 { 114 kKeyStatusType_Usable, 115 kKeyStatusType_Expired, 116 kKeyStatusType_OutputNotAllowed, 117 kKeyStatusType_StatusPending, 118 kKeyStatusType_InternalError, 119 kKeyStatusType_UsableInFuture 120 }; 121 122 // Used by sendKeysChange to report the usability status of each 123 // key to the app. 124 struct KeyStatus 125 { 126 Vector<uint8_t> mKeyId; 127 KeyStatusType mType; 128 }; 129 130 // Enumerate HDCP output protection levels 131 enum HdcpLevel { 132 // Failure to access HDCP level, an error occurred 133 kHdcpLevelUnknown, 134 // HDCP is not supported on this device, content is unprotected 135 kHdcpNone, 136 // HDCP version 1.0 137 kHdcpV1, 138 // HDCP version 2.0 Type 1. 139 kHdcpV2, 140 // HDCP version 2.1 Type 1. 141 kHdcpV2_1, 142 // HDCP version 2.2 Type 1. 143 kHdcpV2_2, 144 // HDCP version 2.3 Type 1. 145 kHdcpV2_3, 146 // No digital output, implicitly secure 147 kHdcpNoOutput = 0x7fff 148 }; 149 150 // SecurityLevel indicates the level of robustness of the DRM 151 // implementation on the device 152 enum SecurityLevel { 153 // Failure to access security level, an error occurred 154 kSecurityLevelUnknown, 155 // The maximum security level of the device. This is the default when 156 // a session is opened if no security level is specified 157 kSecurityLevelMax, 158 // Software-based whitebox crypto 159 kSecurityLevelSwSecureCrypto, 160 // Software-based whitebox crypto and an obfuscated decoder 161 kSecurityLevelSwSecureDecode, 162 // DRM key management and crypto operations are performed within a 163 // hardware backed trusted execution environment 164 kSecurityLevelHwSecureCrypto, 165 // DRM key management, crypto operations and decoding of content 166 // are performed within a hardware backed trusted execution environment 167 kSecurityLevelHwSecureDecode, 168 // DRM key management, crypto operations, decoding of content and all 169 // handling of the media (compressed and uncompressed) is handled within 170 // a hardware backed trusted execution environment. 171 kSecurityLevelHwSecureAll 172 }; 173 174 // An offline license may be usable or inactive. The keys in a 175 // usable offline license are available for decryption. When 176 // the offline license state is inactive, the keys have been 177 // marked for release using getKeyRequest with 178 // kKeyType_Release but the key response has not been 179 // received. The keys in an inactive offline license are not 180 // usable for decryption. 181 182 enum OfflineLicenseState { 183 // The offline license state is unknown due to an error 184 kOfflineLicenseStateUnknown, 185 // Offline license state is usable, the keys may be used for decryption. 186 kOfflineLicenseStateUsable, 187 // Offline license state is released, the keys have been marked for 188 // release using getKeyRequest() with kKeyType_Release but the 189 // key response has not been received. 190 kOfflineLicenseStateReleased 191 }; 192 193 DrmPlugin() {} 194 virtual ~DrmPlugin() {} 195 196 // Open a new session with the DrmPlugin object. A session ID is returned 197 // in the sessionId parameter. 198 virtual status_t openSession(Vector<uint8_t> &sessionId) = 0; 199 200 // Close a session on the DrmPlugin object. 201 virtual status_t closeSession(Vector<uint8_t> const &sessionId) = 0; 202 203 // A key request/response exchange occurs between the app and a License 204 // Server to obtain the keys required to decrypt the content. getKeyRequest() 205 // is used to obtain an opaque key request blob that is delivered to the 206 // license server. 207 // 208 // The scope parameter may be a sessionId or a keySetId, depending on the 209 // specified keyType. When the keyType is kKeyType_Offline or 210 // kKeyType_Streaming, scope should be set to the sessionId the keys will be 211 // provided to. When the keyType is kKeyType_Release, scope should be set to 212 // the keySetId of the keys being released. Releasing keys from a device 213 // invalidates them for all sessions. 214 // 215 // The init data passed to getKeyRequest is container-specific and its 216 // meaning is interpreted based on the mime type provided in the mimeType 217 // parameter to getKeyRequest. It could contain, for example, the content 218 // ID, key ID or other data obtained from the content metadata that is required 219 // in generating the key request. Init may be null when keyType is 220 // kKeyType_Release. 221 // 222 // mimeType identifies the mime type of the content 223 // 224 // keyType specifies if the keys are to be used for streaming or offline content 225 // 226 // optionalParameters are included in the key request message to allow a 227 // client application to provide additional message parameters to the server. 228 // 229 // If successful, the opaque key request blob is returned to the caller. 230 virtual status_t 231 getKeyRequest(Vector<uint8_t> const &scope, 232 Vector<uint8_t> const &initData, 233 String8 const &mimeType, KeyType keyType, 234 KeyedVector<String8, String8> const &optionalParameters, 235 Vector<uint8_t> &request, String8 &defaultUrl, 236 KeyRequestType *keyRequestType) = 0; 237 238 // 239 // After a key response is received by the app, it is provided to the 240 // Drm plugin using provideKeyResponse. 241 // 242 // scope may be a sessionId or a keySetId depending on the type of the 243 // response. Scope should be set to the sessionId when the response is 244 // for either streaming or offline key requests. Scope should be set to the 245 // keySetId when the response is for a release request. 246 // 247 // When the response is for an offline key request, a keySetId is returned 248 // in the keySetId vector parameter that can be used to later restore the 249 // keys to a new session with the method restoreKeys. When the response is 250 // for a streaming or release request, no keySetId is returned. 251 // 252 virtual status_t provideKeyResponse(Vector<uint8_t> const &scope, 253 Vector<uint8_t> const &response, 254 Vector<uint8_t> &keySetId) = 0; 255 256 // Remove the current keys from a session 257 virtual status_t removeKeys(Vector<uint8_t> const &sessionId) = 0; 258 259 // Restore persisted offline keys into a new session. keySetId identifies 260 // the keys to load, obtained from a prior call to provideKeyResponse(). 261 virtual status_t restoreKeys(Vector<uint8_t> const &sessionId, 262 Vector<uint8_t> const &keySetId) = 0; 263 264 // Request an informative description of the license for the session. The status 265 // is in the form of {name, value} pairs. Since DRM license policies vary by 266 // vendor, the specific status field names are determined by each DRM vendor. 267 // Refer to your DRM provider documentation for definitions of the field names 268 // for a particular DrmEngine. 269 virtual status_t 270 queryKeyStatus(Vector<uint8_t> const &sessionId, 271 KeyedVector<String8, String8> &infoMap) const = 0; 272 273 // A provision request/response exchange occurs between the app and a 274 // provisioning server to retrieve a device certificate. getProvisionRequest 275 // is used to obtain an opaque key request blob that is delivered to the 276 // provisioning server. 277 // 278 // If successful, the opaque provision request blob is returned to the caller. 279 virtual status_t getProvisionRequest(String8 const &cert_type, 280 String8 const &cert_authority, 281 Vector<uint8_t> &request, 282 String8 &defaultUrl) = 0; 283 284 // After a provision response is received by the app, it is provided to the 285 // Drm plugin using provideProvisionResponse. 286 virtual status_t provideProvisionResponse(Vector<uint8_t> const &response, 287 Vector<uint8_t> &certificate, 288 Vector<uint8_t> &wrapped_key) = 0; 289 290 // A means of enforcing the contractual requirement for a concurrent stream 291 // limit per subscriber across devices is provided via SecureStop. SecureStop 292 // is a means of securely monitoring the lifetime of sessions. Since playback 293 // on a device can be interrupted due to reboot, power failure, etc. a means 294 // of persisting the lifetime information on the device is needed. 295 // 296 // A signed version of the sessionID is written to persistent storage on the 297 // device when each MediaCrypto object is created. The sessionID is signed by 298 // the device private key to prevent tampering. 299 // 300 // In the normal case, playback will be completed, the session destroyed and 301 // the Secure Stops will be queried. The App queries secure stops and forwards 302 // the secure stop message to the server which verifies the signature and 303 // notifies the server side database that the session destruction has been 304 // confirmed. The persisted record on the client is only removed after positive 305 // confirmation that the server received the message using releaseSecureStops(). 306 virtual status_t getSecureStops(List<Vector<uint8_t> > &secureStops) = 0; 307 virtual status_t getSecureStop(Vector<uint8_t> const &ssid, Vector<uint8_t> &secureStop) = 0; 308 virtual status_t releaseSecureStops(Vector<uint8_t> const &ssRelease) = 0; 309 virtual status_t releaseAllSecureStops() = 0; 310 311 // Read a property value given the device property string. There are a few forms 312 // of property access methods, depending on the data type returned. 313 // Since DRM plugin properties may vary, additional field names may be defined 314 // by each DRM vendor. Refer to your DRM provider documentation for definitions 315 // of its additional field names. 316 // 317 // Standard values are: 318 // "vendor" [string] identifies the maker of the plugin 319 // "version" [string] identifies the version of the plugin 320 // "description" [string] describes the plugin 321 // 'deviceUniqueId' [byte array] The device unique identifier is established 322 // during device provisioning and provides a means of uniquely identifying 323 // each device. 324 virtual status_t getPropertyString(String8 const &name, String8 &value ) const = 0; 325 virtual status_t getPropertyByteArray(String8 const &name, 326 Vector<uint8_t> &value ) const = 0; 327 328 // Write a property value given the device property string. There are a few forms 329 // of property setting methods, depending on the data type. 330 // Since DRM plugin properties may vary, additional field names may be defined 331 // by each DRM vendor. Refer to your DRM provider documentation for definitions 332 // of its field names. 333 virtual status_t setPropertyString(String8 const &name, 334 String8 const &value ) = 0; 335 virtual status_t setPropertyByteArray(String8 const &name, 336 Vector<uint8_t> const &value ) = 0; 337 338 // The following methods implement operations on a CryptoSession to support 339 // encrypt, decrypt, sign verify operations on operator-provided 340 // session keys. 341 342 // 343 // The algorithm string conforms to JCA Standard Names for Cipher 344 // Transforms and is case insensitive. For example "AES/CBC/PKCS5Padding". 345 // 346 // Return OK if the algorithm is supported, otherwise return BAD_VALUE 347 // 348 virtual status_t setCipherAlgorithm(Vector<uint8_t> const &sessionId, 349 String8 const &algorithm) = 0; 350 351 // 352 // The algorithm string conforms to JCA Standard Names for Mac 353 // Algorithms and is case insensitive. For example "HmacSHA256". 354 // 355 // Return OK if the algorithm is supported, otherwise return BAD_VALUE 356 // 357 virtual status_t setMacAlgorithm(Vector<uint8_t> const &sessionId, 358 String8 const &algorithm) = 0; 359 360 // Encrypt the provided input buffer with the cipher algorithm 361 // specified by setCipherAlgorithm and the key selected by keyId, 362 // and return the encrypted data. 363 virtual status_t encrypt(Vector<uint8_t> const &sessionId, 364 Vector<uint8_t> const &keyId, 365 Vector<uint8_t> const &input, 366 Vector<uint8_t> const &iv, 367 Vector<uint8_t> &output) = 0; 368 369 // Decrypt the provided input buffer with the cipher algorithm 370 // specified by setCipherAlgorithm and the key selected by keyId, 371 // and return the decrypted data. 372 virtual status_t decrypt(Vector<uint8_t> const &sessionId, 373 Vector<uint8_t> const &keyId, 374 Vector<uint8_t> const &input, 375 Vector<uint8_t> const &iv, 376 Vector<uint8_t> &output) = 0; 377 378 // Compute a signature on the provided message using the mac algorithm 379 // specified by setMacAlgorithm and the key selected by keyId, 380 // and return the signature. 381 virtual status_t sign(Vector<uint8_t> const &sessionId, 382 Vector<uint8_t> const &keyId, 383 Vector<uint8_t> const &message, 384 Vector<uint8_t> &signature) = 0; 385 386 // Compute a signature on the provided message using the mac algorithm 387 // specified by setMacAlgorithm and the key selected by keyId, 388 // and compare with the expected result. Set result to true or 389 // false depending on the outcome. 390 virtual status_t verify(Vector<uint8_t> const &sessionId, 391 Vector<uint8_t> const &keyId, 392 Vector<uint8_t> const &message, 393 Vector<uint8_t> const &signature, 394 bool &match) = 0; 395 396 397 // Compute an RSA signature on the provided message using the algorithm 398 // specified by algorithm. 399 virtual status_t signRSA(Vector<uint8_t> const &sessionId, 400 String8 const &algorithm, 401 Vector<uint8_t> const &message, 402 Vector<uint8_t> const &wrapped_key, 403 Vector<uint8_t> &signature) = 0; 404 405 406 status_t setListener(const sp<DrmPluginListener>& listener) { 407 Mutex::Autolock lock(mEventLock); 408 mListener = listener; 409 return OK; 410 } 411 412 protected: 413 // Plugins call these methods to deliver events to the java app 414 void sendEvent(EventType eventType, int extra, 415 Vector<uint8_t> const *sessionId, 416 Vector<uint8_t> const *data); 417 418 void sendExpirationUpdate(Vector<uint8_t> const *sessionId, 419 int64_t expiryTimeInMS); 420 421 void sendKeysChange(Vector<uint8_t> const *sessionId, 422 Vector<DrmPlugin::KeyStatus> const *keyStatusList, 423 bool hasNewUsableKey); 424 425 private: 426 Mutex mEventLock; 427 sp<DrmPluginListener> mListener; 428 429 DISALLOW_EVIL_CONSTRUCTORS(DrmPlugin); 430 }; 431 432 class DrmPluginListener: virtual public RefBase 433 { 434 public: 435 virtual void sendEvent(DrmPlugin::EventType eventType, int extra, 436 Vector<uint8_t> const *sessionId, 437 Vector<uint8_t> const *data) = 0; 438 439 virtual void sendExpirationUpdate(Vector<uint8_t> const *sessionId, 440 int64_t expiryTimeInMS) = 0; 441 442 virtual void sendKeysChange(Vector<uint8_t> const *sessionId, 443 Vector<DrmPlugin::KeyStatus> const *keyStatusList, 444 bool hasNewUsableKey) = 0; 445 }; 446 447 inline void DrmPlugin::sendEvent(EventType eventType, int extra, 448 Vector<uint8_t> const *sessionId, 449 Vector<uint8_t> const *data) { 450 mEventLock.lock(); 451 sp<DrmPluginListener> listener = mListener; 452 mEventLock.unlock(); 453 454 if (listener != NULL) { 455 listener->sendEvent(eventType, extra, sessionId, data); 456 } 457 } 458 459 inline void DrmPlugin::sendExpirationUpdate(Vector<uint8_t> const *sessionId, 460 int64_t expiryTimeInMS) { 461 mEventLock.lock(); 462 sp<DrmPluginListener> listener = mListener; 463 mEventLock.unlock(); 464 465 if (listener != NULL) { 466 listener->sendExpirationUpdate(sessionId, expiryTimeInMS); 467 } 468 } 469 470 inline void DrmPlugin::sendKeysChange(Vector<uint8_t> const *sessionId, 471 Vector<DrmPlugin::KeyStatus> const *keyStatusList, 472 bool hasNewUsableKey) { 473 mEventLock.lock(); 474 sp<DrmPluginListener> listener = mListener; 475 mEventLock.unlock(); 476 477 if (listener != NULL) { 478 listener->sendKeysChange(sessionId, keyStatusList, hasNewUsableKey); 479 } 480 } 481 } // namespace android 482 483 #endif // DRM_API_H_ 484
