1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 /* 18 * This file defines an NDK API. 19 * Do not remove methods. 20 * Do not change method signatures. 21 * Do not change the value of constants. 22 * Do not change the size of any of the classes defined in here. 23 * Do not reference types that are not part of the NDK. 24 * Do not #include files that aren't part of the NDK. 25 */ 26 27 #ifndef _NDK_MEDIA_DRM_H 28 #define _NDK_MEDIA_DRM_H 29 30 #include <stdbool.h> 31 #include <stdint.h> 32 #include <sys/cdefs.h> 33 34 #include "NdkMediaError.h" 35 36 __BEGIN_DECLS 37 38 struct AMediaDrm; 39 typedef struct AMediaDrm AMediaDrm; 40 41 typedef struct { 42 const uint8_t *ptr; 43 size_t length; 44 } AMediaDrmByteArray; 45 46 typedef AMediaDrmByteArray AMediaDrmSessionId; 47 typedef AMediaDrmByteArray AMediaDrmScope; 48 typedef AMediaDrmByteArray AMediaDrmKeySetId; 49 typedef AMediaDrmByteArray AMediaDrmSecureStop; 50 51 typedef enum AMediaDrmEventType { 52 /** 53 * This event type indicates that the app needs to request a certificate from 54 * the provisioning server. The request message data is obtained using 55 * AMediaDrm_getProvisionRequest. 56 */ 57 EVENT_PROVISION_REQUIRED = 1, 58 59 /** 60 * This event type indicates that the app needs to request keys from a license 61 * server. The request message data is obtained using AMediaDrm_getKeyRequest. 62 */ 63 EVENT_KEY_REQUIRED = 2, 64 65 /** 66 * This event type indicates that the licensed usage duration for keys in a session 67 * has expired. The keys are no longer valid. 68 */ 69 EVENT_KEY_EXPIRED = 3, 70 71 /** 72 * This event may indicate some specific vendor-defined condition, see your 73 * DRM provider documentation for details 74 */ 75 EVENT_VENDOR_DEFINED = 4 76 } AMediaDrmEventType; 77 78 typedef void (*AMediaDrmEventListener)(AMediaDrm *, const AMediaDrmSessionId *sessionId, 79 AMediaDrmEventType eventType, int extra, const uint8_t *data, size_t dataSize); 80 81 #if __ANDROID_API__ >= 21 82 83 /** 84 * Query if the given scheme identified by its UUID is supported on this device, and 85 * whether the drm plugin is able to handle the media container format specified by mimeType. 86 * 87 * uuid identifies the universal unique ID of the crypto scheme. uuid must be 16 bytes. 88 * mimeType is the MIME type of the media container, e.g. "video/mp4". If mimeType 89 * is not known or required, it can be provided as NULL. 90 */ 91 bool AMediaDrm_isCryptoSchemeSupported(const uint8_t *uuid, const char *mimeType); 92 93 /** 94 * Create a MediaDrm instance from a UUID 95 * uuid identifies the universal unique ID of the crypto scheme. uuid must be 16 bytes. 96 */ 97 AMediaDrm* AMediaDrm_createByUUID(const uint8_t *uuid); 98 99 /** 100 * Release a MediaDrm object 101 */ 102 void AMediaDrm_release(AMediaDrm *); 103 104 /** 105 * Register a callback to be invoked when an event occurs 106 * 107 * listener is the callback that will be invoked on event 108 */ 109 media_status_t AMediaDrm_setOnEventListener(AMediaDrm *, AMediaDrmEventListener listener); 110 111 /** 112 * Open a new session with the MediaDrm object. A session ID is returned. 113 * 114 * returns MEDIADRM_NOT_PROVISIONED_ERROR if provisioning is needed 115 * returns MEDIADRM_RESOURCE_BUSY_ERROR if required resources are in use 116 */ 117 media_status_t AMediaDrm_openSession(AMediaDrm *, AMediaDrmSessionId *sessionId); 118 119 /** 120 * Close a session on the MediaDrm object that was previously opened 121 * with AMediaDrm_openSession. 122 */ 123 media_status_t AMediaDrm_closeSession(AMediaDrm *, const AMediaDrmSessionId *sessionId); 124 125 typedef enum AMediaDrmKeyType { 126 /** 127 * This key request type species that the keys will be for online use, they will 128 * not be saved to the device for subsequent use when the device is not connected 129 * to a network. 130 */ 131 KEY_TYPE_STREAMING = 1, 132 133 /** 134 * This key request type specifies that the keys will be for offline use, they 135 * will be saved to the device for use when the device is not connected to a network. 136 */ 137 KEY_TYPE_OFFLINE = 2, 138 139 /** 140 * This key request type specifies that previously saved offline keys should be released. 141 */ 142 KEY_TYPE_RELEASE = 3 143 } AMediaDrmKeyType; 144 145 /** 146 * Data type containing {key, value} pair 147 */ 148 typedef struct AMediaDrmKeyValuePair { 149 const char *mKey; 150 const char *mValue; 151 } AMediaDrmKeyValue; 152 153 /** 154 * A key request/response exchange occurs between the app and a license server 155 * to obtain or release keys used to decrypt encrypted content. 156 * AMediaDrm_getKeyRequest is used to obtain an opaque key request byte array that 157 * is delivered to the license server. The opaque key request byte array is 158 * returned in KeyRequest.data. 159 * 160 * After the app has received the key request response from the server, 161 * it should deliver to the response to the DRM engine plugin using the method 162 * AMediaDrm_provideKeyResponse. 163 * 164 * scope may be a sessionId or a keySetId, depending on the specified keyType. 165 * When the keyType is KEY_TYPE_STREAMING or KEY_TYPE_OFFLINE, scope should be set 166 * to the sessionId the keys will be provided to. When the keyType is 167 * KEY_TYPE_RELEASE, scope should be set to the keySetId of the keys being released. 168 * Releasing keys from a device invalidates them for all sessions. 169 * 170 * init container-specific data, its meaning is interpreted based on the mime type 171 * provided in the mimeType parameter. It could contain, for example, the content 172 * ID, key ID or other data obtained from the content metadata that is required in 173 * generating the key request. init may be null when keyType is KEY_TYPE_RELEASE. 174 * 175 * initSize is the number of bytes of initData 176 * 177 * mimeType identifies the mime type of the content. 178 * 179 * keyType specifes the type of the request. The request may be to acquire keys for 180 * streaming or offline content, or to release previously acquired keys, which are 181 * identified by a keySetId. 182 * 183 * optionalParameters are included in the key request message to allow a client 184 * application to provide additional message parameters to the server. 185 * 186 * numOptionalParameters indicates the number of optional parameters provided 187 * by the caller 188 * 189 * On exit: 190 * 1. The keyRequest pointer will reference the opaque key request data. It 191 * will reside in memory owned by the AMediaDrm object, and will remain 192 * accessible until the next call to AMediaDrm_getKeyRequest or until the 193 * MediaDrm object is released. 194 * 2. keyRequestSize will be set to the size of the request 195 * 196 * returns MEDIADRM_NOT_PROVISIONED_ERROR if reprovisioning is needed, due to a 197 * problem with the device certificate. 198 */ 199 media_status_t AMediaDrm_getKeyRequest(AMediaDrm *, const AMediaDrmScope *scope, 200 const uint8_t *init, size_t initSize, const char *mimeType, AMediaDrmKeyType keyType, 201 const AMediaDrmKeyValue *optionalParameters, size_t numOptionalParameters, 202 const uint8_t **keyRequest, size_t *keyRequestSize); 203 204 /** 205 * A key response is received from the license server by the app, then it is 206 * provided to the DRM engine plugin using provideKeyResponse. When the 207 * response is for an offline key request, a keySetId is returned that can be 208 * used to later restore the keys to a new session with AMediaDrm_restoreKeys. 209 * When the response is for a streaming or release request, a null keySetId is 210 * returned. 211 * 212 * scope may be a sessionId or keySetId depending on the type of the 213 * response. Scope should be set to the sessionId when the response is for either 214 * streaming or offline key requests. Scope should be set to the keySetId when 215 * the response is for a release request. 216 * 217 * response points to the opaque response from the server 218 * responseSize should be set to the size of the response in bytes 219 */ 220 221 media_status_t AMediaDrm_provideKeyResponse(AMediaDrm *, const AMediaDrmScope *scope, 222 const uint8_t *response, size_t responseSize, AMediaDrmKeySetId *keySetId); 223 224 /** 225 * Restore persisted offline keys into a new session. keySetId identifies the 226 * keys to load, obtained from a prior call to AMediaDrm_provideKeyResponse. 227 * 228 * sessionId is the session ID for the DRM session 229 * keySetId identifies the saved key set to restore 230 */ 231 media_status_t AMediaDrm_restoreKeys(AMediaDrm *, const AMediaDrmSessionId *sessionId, 232 const AMediaDrmKeySetId *keySetId); 233 234 /** 235 * Remove the current keys from a session. 236 * 237 * keySetId identifies keys to remove 238 */ 239 media_status_t AMediaDrm_removeKeys(AMediaDrm *, const AMediaDrmSessionId *keySetId); 240 241 /** 242 * Request an informative description of the key status for the session. The status is 243 * in the form of {key, value} pairs. Since DRM license policies vary by vendor, 244 * the specific status field names are determined by each DRM vendor. Refer to your 245 * DRM provider documentation for definitions of the field names for a particular 246 * DRM engine plugin. 247 * 248 * On entry, numPairs should be set by the caller to the maximum number of pairs 249 * that can be returned (the size of the array). On exit, numPairs will be set 250 * to the number of entries written to the array. If the number of {key, value} pairs 251 * to be returned is greater than *numPairs, MEDIADRM_SHORT_BUFFER will be returned 252 * and numPairs will be set to the number of pairs available. 253 */ 254 media_status_t AMediaDrm_queryKeyStatus(AMediaDrm *, const AMediaDrmSessionId *sessionId, 255 AMediaDrmKeyValue *keyValuePairs, size_t *numPairs); 256 257 258 /** 259 * A provision request/response exchange occurs between the app and a provisioning 260 * server to retrieve a device certificate. If provisionining is required, the 261 * EVENT_PROVISION_REQUIRED event will be sent to the event handler. 262 * getProvisionRequest is used to obtain the opaque provision request byte array that 263 * should be delivered to the provisioning server. 264 * On exit: 265 * 1. The provision request data will be referenced by provisionRequest, in 266 * memory owned by the AMediaDrm object. It will remain accessible until the 267 * next call to getProvisionRequest. 268 * 2. provisionRequestSize will be set to the size of the request data. 269 * 3. serverUrl will reference a NULL terminated string containing the URL 270 * the provisioning request should be sent to. It will remain accessible until 271 * the next call to getProvisionRequest. 272 */ 273 media_status_t AMediaDrm_getProvisionRequest(AMediaDrm *, const uint8_t **provisionRequest, 274 size_t *provisionRequestSize, const char **serverUrl); 275 276 277 /** 278 * After a provision response is received by the app, it is provided to the DRM 279 * engine plugin using this method. 280 * 281 * response is the opaque provisioning response byte array to provide to the 282 * DRM engine plugin. 283 * responseSize is the length of the provisioning response in bytes. 284 * 285 * returns MEDIADRM_DEVICE_REVOKED_ERROR if the response indicates that the 286 * server rejected the request 287 */ 288 media_status_t AMediaDrm_provideProvisionResponse(AMediaDrm *, 289 const uint8_t *response, size_t responseSize); 290 291 292 /** 293 * A means of enforcing limits on the number of concurrent streams per subscriber 294 * across devices is provided via SecureStop. This is achieved by securely 295 * monitoring the lifetime of sessions. 296 * 297 * Information from the server related to the current playback session is written 298 * to persistent storage on the device when each MediaCrypto object is created. 299 * 300 * In the normal case, playback will be completed, the session destroyed and the 301 * Secure Stops will be queried. The app queries secure stops and forwards the 302 * secure stop message to the server which verifies the signature and notifies the 303 * server side database that the session destruction has been confirmed. The persisted 304 * record on the client is only removed after positive confirmation that the server 305 * received the message using releaseSecureStops(). 306 * 307 * numSecureStops is set by the caller to the maximum number of secure stops to 308 * return. On exit, *numSecureStops will be set to the number actually returned. 309 * If *numSecureStops is too small for the number of secure stops available, 310 * MEDIADRM_SHORT_BUFFER will be returned and *numSecureStops will be set to the 311 * number required. 312 */ 313 media_status_t AMediaDrm_getSecureStops(AMediaDrm *, 314 AMediaDrmSecureStop *secureStops, size_t *numSecureStops); 315 316 /** 317 * Process the SecureStop server response message ssRelease. After authenticating 318 * the message, remove the SecureStops identified in the response. 319 * 320 * ssRelease is the server response indicating which secure stops to release 321 */ 322 media_status_t AMediaDrm_releaseSecureStops(AMediaDrm *, 323 const AMediaDrmSecureStop *ssRelease); 324 325 /** 326 * String property name: identifies the maker of the DRM engine plugin 327 */ 328 #define PROPERTY_VENDOR "vendor" 329 330 /** 331 * String property name: identifies the version of the DRM engine plugin 332 */ 333 #define PROPERTY_VERSION "version" 334 335 /** 336 * String property name: describes the DRM engine plugin 337 */ 338 #define PROPERTY_DESCRIPTION "description" 339 340 /** 341 * String property name: a comma-separated list of cipher and mac algorithms 342 * supported by CryptoSession. The list may be empty if the DRM engine 343 * plugin does not support CryptoSession operations. 344 */ 345 #define PROPERTY_ALGORITHMS "algorithms" 346 347 /** 348 * Read a DRM engine plugin String property value, given the property name string. 349 * 350 * propertyName identifies the property to query 351 * On return, propertyValue will be set to point to the property value. The 352 * memory that the value resides in is owned by the NDK MediaDrm API and 353 * will remain valid until the next call to AMediaDrm_getPropertyString. 354 */ 355 media_status_t AMediaDrm_getPropertyString(AMediaDrm *, const char *propertyName, 356 const char **propertyValue); 357 358 /** 359 * Byte array property name: the device unique identifier is established during 360 * device provisioning and provides a means of uniquely identifying each device. 361 */ 362 #define PROPERTY_DEVICE_UNIQUE_ID "deviceUniqueId" 363 364 /** 365 * Read a DRM engine plugin byte array property value, given the property name string. 366 * On return, *propertyValue will be set to point to the property value. The 367 * memory that the value resides in is owned by the NDK MediaDrm API and 368 * will remain valid until the next call to AMediaDrm_getPropertyByteArray. 369 */ 370 media_status_t AMediaDrm_getPropertyByteArray(AMediaDrm *, const char *propertyName, 371 AMediaDrmByteArray *propertyValue); 372 373 /** 374 * Set a DRM engine plugin String property value. 375 */ 376 media_status_t AMediaDrm_setPropertyString(AMediaDrm *, const char *propertyName, 377 const char *value); 378 379 /** 380 * Set a DRM engine plugin byte array property value. 381 */ 382 media_status_t AMediaDrm_setPropertyByteArray(AMediaDrm *, const char *propertyName, 383 const uint8_t *value, size_t valueSize); 384 385 /** 386 * In addition to supporting decryption of DASH Common Encrypted Media, the 387 * MediaDrm APIs provide the ability to securely deliver session keys from 388 * an operator's session key server to a client device, based on the factory-installed 389 * root of trust, and then perform encrypt, decrypt, sign and verify operations 390 * with the session key on arbitrary user data. 391 * 392 * Operators create session key servers that receive session key requests and provide 393 * encrypted session keys which can be used for general purpose crypto operations. 394 * 395 * Generic encrypt/decrypt/sign/verify methods are based on the established session 396 * keys. These keys are exchanged using the getKeyRequest/provideKeyResponse methods. 397 * 398 * Applications of this capability include securing various types of purchased or 399 * private content, such as applications, books and other media, photos or media 400 * delivery protocols. 401 */ 402 403 /* 404 * Encrypt the data referenced by input of length dataSize using algorithm specified 405 * by cipherAlgorithm, and write the encrypted result into output. The caller must 406 * ensure that the output buffer is large enough to accept dataSize bytes. The key 407 * to use is identified by the 16 byte keyId. The key must have been loaded into 408 * the session using provideKeyResponse. 409 */ 410 media_status_t AMediaDrm_encrypt(AMediaDrm *, const AMediaDrmSessionId *sessionId, 411 const char *cipherAlgorithm, uint8_t *keyId, uint8_t *iv, 412 const uint8_t *input, uint8_t *output, size_t dataSize); 413 414 /* 415 * Decrypt the data referenced by input of length dataSize using algorithm specified 416 * by cipherAlgorithm, and write the decrypted result into output. The caller must 417 * ensure that the output buffer is large enough to accept dataSize bytes. The key 418 * to use is identified by the 16 byte keyId. The key must have been loaded into 419 * the session using provideKeyResponse. 420 */ 421 media_status_t AMediaDrm_decrypt(AMediaDrm *, const AMediaDrmSessionId *sessionId, 422 const char *cipherAlgorithm, uint8_t *keyId, uint8_t *iv, 423 const uint8_t *input, uint8_t *output, size_t dataSize); 424 425 /* 426 * Generate a signature using the specified macAlgorithm over the message data 427 * referenced by message of size messageSize and store the signature in the 428 * buffer referenced signature of max size *signatureSize. If the buffer is not 429 * large enough to hold the signature, MEDIADRM_SHORT_BUFFER is returned and 430 * *signatureSize is set to the buffer size required. The key to use is identified 431 * by the 16 byte keyId. The key must have been loaded into the session using 432 * provideKeyResponse. 433 */ 434 media_status_t AMediaDrm_sign(AMediaDrm *, const AMediaDrmSessionId *sessionId, 435 const char *macAlgorithm, uint8_t *keyId, uint8_t *message, size_t messageSize, 436 uint8_t *signature, size_t *signatureSize); 437 438 /* 439 * Perform a signature verification using the specified macAlgorithm over the message 440 * data referenced by the message parameter of size messageSize. Returns MEDIADRM_OK 441 * if the signature matches, otherwise MEDAIDRM_VERIFY_FAILED is returned. The key to 442 * use is identified by the 16 byte keyId. The key must have been loaded into the 443 * session using provideKeyResponse. 444 */ 445 media_status_t AMediaDrm_verify(AMediaDrm *, const AMediaDrmSessionId *sessionId, 446 const char *macAlgorithm, uint8_t *keyId, const uint8_t *message, size_t messageSize, 447 const uint8_t *signature, size_t signatureSize); 448 449 #endif /* __ANDROID_API__ >= 21 */ 450 451 __END_DECLS 452 453 #endif //_NDK_MEDIA_DRM_H 454