DrmAPI.h revision bc6b9e7f8a6b991263906c1b0bd1db0e45b59282 
1/*
2 * Copyright (C) 2013 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef DRM_API_H_
18#define DRM_API_H_
19
20#include <utils/List.h>
21#include <utils/String8.h>
22#include <utils/Vector.h>
23#include <utils/KeyedVector.h>
24#include <utils/RefBase.h>
25#include <utils/Mutex.h>
26#include <media/stagefright/foundation/ABase.h>
27
28//  Loadable DrmEngine shared libraries should define the entry points
29//  createDrmFactory and createCryptoFactory as shown below:
30//
31//  extern "C" {
32//      extern android::DrmFactory *createDrmFactory();
33//      extern android::CryptoFactory *createCryptoFactory();
34//  }
35
36namespace android {
37
38    class DrmPlugin;
39    class DrmPluginListener;
40
41    // DRMs are implemented in DrmEngine plugins, which are dynamically
42    // loadable shared libraries that implement the entry points
43    // createDrmFactory and createCryptoFactory.  createDrmFactory
44    // constructs and returns an instance of a DrmFactory object.  Similarly,
45    // createCryptoFactory creates an instance of a CryptoFactory object.
46    // When a MediaCrypto or MediaDrm object needs to be constructed, all
47    // available DrmEngines present in the plugins directory on the device
48    // are scanned for a matching DrmEngine that can support the crypto
49    // scheme.  When a match is found, the DrmEngine's createCryptoPlugin and
50    // createDrmPlugin methods are used to create CryptoPlugin or
51    // DrmPlugin instances to support that DRM scheme.
52
53    class DrmFactory {
54    public:
55        DrmFactory() {}
56        virtual ~DrmFactory() {}
57
58        // DrmFactory::isCryptoSchemeSupported can be called to determine
59        // if the plugin factory is able to construct plugins that support a
60        // given crypto scheme, which is specified by a UUID.
61        virtual bool isCryptoSchemeSupported(const uint8_t uuid[16]) = 0;
62
63        // DrmFactory::isContentTypeSupported can be called to determine
64        // if the plugin factory is able to construct plugins that support a
65        // given media container format specified by mimeType
66        virtual bool isContentTypeSupported(const String8 &mimeType) = 0;
67
68        // Construct a DrmPlugin for the crypto scheme specified by UUID.
69        virtual status_t createDrmPlugin(
70                const uint8_t uuid[16], DrmPlugin **plugin) = 0;
71
72    private:
73        DrmFactory(const DrmFactory &);
74        DrmFactory &operator=(const DrmFactory &);
75    };
76
77    class DrmPlugin {
78    public:
79        enum EventType {
80            kDrmPluginEventProvisionRequired = 1,
81            kDrmPluginEventKeyNeeded,
82            kDrmPluginEventKeyExpired,
83            kDrmPluginEventVendorDefined
84        };
85
86        // Drm keys can be for offline content or for online streaming.
87        // Offline keys are persisted on the device and may be used when the device
88        // is disconnected from the network.  The Release type is used to request
89        // that offline keys be no longer restricted to offline use.
90        enum KeyType {
91            kKeyType_Offline,
92            kKeyType_Streaming,
93            kKeyType_Release
94        };
95
96        DrmPlugin() {}
97        virtual ~DrmPlugin() {}
98
99        // Open a new session with the DrmPlugin object.  A session ID is returned
100        // in the sessionId parameter.
101        virtual status_t openSession(Vector<uint8_t> &sessionId) = 0;
102
103        // Close a session on the DrmPlugin object.
104        virtual status_t closeSession(Vector<uint8_t> const &sessionId) = 0;
105
106        // A key request/response exchange occurs between the app and a License
107        // Server to obtain the keys required to decrypt the content.  getKeyRequest()
108        // is used to obtain an opaque key request blob that is delivered to the
109        // license server.
110        //
111        // The scope parameter may be a sessionId or a keySetId, depending on the
112        // specified keyType.  When the keyType is kKeyType_Offline or
113        // kKeyType_Streaming, scope should be set to the sessionId the keys will be
114        // provided to.  When the keyType is kKeyType_Release, scope should be set to
115        // the keySetId of the keys being released.  Releasing keys from a device
116        // invalidates them for all sessions.
117        //
118        // The init data passed to getKeyRequest is container-specific and its
119        // meaning is interpreted based on the mime type provided in the mimeType
120        // parameter to getKeyRequest.  It could contain, for example, the content
121        // ID, key ID or other data obtained from the content metadata that is required
122        // in generating the key request.  Init may be null when keyType is
123        // kKeyType_Release.
124        //
125        // mimeType identifies the mime type of the content
126        //
127        // keyType specifies if the keys are to be used for streaming or offline content
128        //
129        // optionalParameters are included in the key request message to allow a
130        // client application to provide additional message parameters to the server.
131        //
132        // If successful, the opaque key request blob is returned to the caller.
133        virtual status_t
134            getKeyRequest(Vector<uint8_t> const &scope,
135                          Vector<uint8_t> const &initData,
136                          String8 const &mimeType, KeyType keyType,
137                          KeyedVector<String8, String8> const &optionalParameters,
138                          Vector<uint8_t> &request, String8 &defaultUrl) = 0;
139
140        //
141        // After a key response is received by the app, it is provided to the
142        // Drm plugin using provideKeyResponse.
143        //
144        // scope may be a sessionId or a keySetId depending on the type of the
145        // response.  Scope should be set to the sessionId when the response is
146        // for either streaming or offline key requests.  Scope should be set to the
147        // keySetId when the response is for a release request.
148        //
149        // When the response is for an offline key request, a keySetId is returned
150        // in the keySetId vector parameter that can be used to later restore the
151        // keys to a new session with the method restoreKeys. When the response is
152        // for a streaming or release request, no keySetId is returned.
153        //
154        virtual status_t provideKeyResponse(Vector<uint8_t> const &scope,
155                                            Vector<uint8_t> const &response,
156                                            Vector<uint8_t> &keySetId) = 0;
157
158        // Remove the current keys from a session
159        virtual status_t removeKeys(Vector<uint8_t> const &sessionId) = 0;
160
161        // Restore persisted offline keys into a new session.  keySetId identifies
162        // the keys to load, obtained from a prior call to provideKeyResponse().
163        virtual status_t restoreKeys(Vector<uint8_t> const &sessionId,
164                                     Vector<uint8_t> const &keySetId) = 0;
165
166        // Request an informative description of the license for the session.  The status
167        // is in the form of {name, value} pairs.  Since DRM license policies vary by
168        // vendor, the specific status field names are determined by each DRM vendor.
169        // Refer to your DRM provider documentation for definitions of the field names
170        // for a particular DrmEngine.
171        virtual status_t
172            queryKeyStatus(Vector<uint8_t> const &sessionId,
173                           KeyedVector<String8, String8> &infoMap) const = 0;
174
175        // A provision request/response exchange occurs between the app and a
176        // provisioning server to retrieve a device certificate.  getProvisionRequest
177        // is used to obtain an opaque key request blob that is delivered to the
178        // provisioning server.
179        //
180        // If successful, the opaque provision request blob is returned to the caller.
181        virtual status_t getProvisionRequest(String8 const &cert_type,
182                                             String8 const &cert_authority,
183                                             Vector<uint8_t> &request,
184                                             String8 &defaultUrl) = 0;
185
186        // After a provision response is received by the app, it is provided to the
187        // Drm plugin using provideProvisionResponse.
188        virtual status_t provideProvisionResponse(Vector<uint8_t> const &response,
189                                                  Vector<uint8_t> &certificate,
190                                                  Vector<uint8_t> &wrapped_key) = 0;
191
192        // Remove device provisioning.
193        virtual status_t unprovisionDevice() = 0;
194
195        // A means of enforcing the contractual requirement for a concurrent stream
196        // limit per subscriber across devices is provided via SecureStop.  SecureStop
197        // is a means of securely monitoring the lifetime of sessions. Since playback
198        // on a device can be interrupted due to reboot, power failure, etc. a means
199        // of persisting the lifetime information on the device is needed.
200        //
201        // A signed version of the sessionID is written to persistent storage on the
202        // device when each MediaCrypto object is created. The sessionID is signed by
203        // the device private key to prevent tampering.
204        //
205        // In the normal case, playback will be completed, the session destroyed and
206        // the Secure Stops will be queried. The App queries secure stops and forwards
207        // the secure stop message to the server which verifies the signature and
208        // notifies the server side database that the session destruction has been
209        // confirmed. The persisted record on the client is only removed after positive
210        // confirmation that the server received the message using releaseSecureStops().
211        virtual status_t getSecureStops(List<Vector<uint8_t> > &secureStops) = 0;
212        virtual status_t releaseSecureStops(Vector<uint8_t> const &ssRelease) = 0;
213
214        // Read a property value given the device property string.  There are a few forms
215        // of property access methods, depending on the data type returned.
216        // Since DRM plugin properties may vary, additional field names may be defined
217        // by each DRM vendor.  Refer to your DRM provider documentation for definitions
218        // of its additional field names.
219        //
220        // Standard values are:
221        //   "vendor" [string] identifies the maker of the plugin
222        //   "version" [string] identifies the version of the plugin
223        //   "description" [string] describes the plugin
224        //   'deviceUniqueId' [byte array] The device unique identifier is established
225        //   during device provisioning and provides a means of uniquely identifying
226        //   each device.
227        virtual status_t getPropertyString(String8 const &name, String8 &value ) const = 0;
228        virtual status_t getPropertyByteArray(String8 const &name,
229                                              Vector<uint8_t> &value ) const = 0;
230
231        // Write  a property value given the device property string.  There are a few forms
232        // of property setting methods, depending on the data type.
233        // Since DRM plugin properties may vary, additional field names may be defined
234        // by each DRM vendor.  Refer to your DRM provider documentation for definitions
235        // of its field names.
236        virtual status_t setPropertyString(String8 const &name,
237                                           String8 const &value ) = 0;
238        virtual status_t setPropertyByteArray(String8 const &name,
239                                              Vector<uint8_t> const &value ) = 0;
240
241        // The following methods implement operations on a CryptoSession to support
242        // encrypt, decrypt, sign verify operations on operator-provided
243        // session keys.
244
245        //
246        // The algorithm string conforms to JCA Standard Names for Cipher
247        // Transforms and is case insensitive.  For example "AES/CBC/PKCS5Padding".
248        //
249        // Return OK if the algorithm is supported, otherwise return BAD_VALUE
250        //
251        virtual status_t setCipherAlgorithm(Vector<uint8_t> const &sessionId,
252                                            String8 const &algorithm) = 0;
253
254        //
255        // The algorithm string conforms to JCA Standard Names for Mac
256        // Algorithms and is case insensitive.  For example "HmacSHA256".
257        //
258        // Return OK if the algorithm is supported, otherwise return BAD_VALUE
259        //
260        virtual status_t setMacAlgorithm(Vector<uint8_t> const &sessionId,
261                                         String8 const &algorithm) = 0;
262
263        // Encrypt the provided input buffer with the cipher algorithm
264        // specified by setCipherAlgorithm and the key selected by keyId,
265        // and return the encrypted data.
266        virtual status_t encrypt(Vector<uint8_t> const &sessionId,
267                                 Vector<uint8_t> const &keyId,
268                                 Vector<uint8_t> const &input,
269                                 Vector<uint8_t> const &iv,
270                                 Vector<uint8_t> &output) = 0;
271
272        // Decrypt the provided input buffer with the cipher algorithm
273        // specified by setCipherAlgorithm and the key selected by keyId,
274        // and return the decrypted data.
275        virtual status_t decrypt(Vector<uint8_t> const &sessionId,
276                                 Vector<uint8_t> const &keyId,
277                                 Vector<uint8_t> const &input,
278                                 Vector<uint8_t> const &iv,
279                                 Vector<uint8_t> &output) = 0;
280
281        // Compute a signature on the provided message using the mac algorithm
282        // specified by setMacAlgorithm and the key selected by keyId,
283        // and return the signature.
284        virtual status_t sign(Vector<uint8_t> const &sessionId,
285                              Vector<uint8_t> const &keyId,
286                              Vector<uint8_t> const &message,
287                              Vector<uint8_t> &signature) = 0;
288
289        // Compute a signature on the provided message using the mac algorithm
290        // specified by setMacAlgorithm and the key selected by keyId,
291        // and compare with the expected result.  Set result to true or
292        // false depending on the outcome.
293        virtual status_t verify(Vector<uint8_t> const &sessionId,
294                                Vector<uint8_t> const &keyId,
295                                Vector<uint8_t> const &message,
296                                Vector<uint8_t> const &signature,
297                                bool &match) = 0;
298
299
300        // Compute an RSA signature on the provided message using the algorithm
301        // specified by algorithm.
302        virtual status_t signRSA(Vector<uint8_t> const &sessionId,
303                                 String8 const &algorithm,
304                                 Vector<uint8_t> const &message,
305                                 Vector<uint8_t> const &wrapped_key,
306                                 Vector<uint8_t> &signature) = 0;
307
308
309        status_t setListener(const sp<DrmPluginListener>& listener) {
310            Mutex::Autolock lock(mEventLock);
311            mListener = listener;
312            return OK;
313        }
314
315    protected:
316        // Plugins call sendEvent to deliver events to the java app
317        void sendEvent(EventType eventType, int extra,
318                       Vector<uint8_t> const *sessionId,
319                       Vector<uint8_t> const *data);
320
321    private:
322        Mutex mEventLock;
323        sp<DrmPluginListener> mListener;
324
325        DISALLOW_EVIL_CONSTRUCTORS(DrmPlugin);
326    };
327
328    class DrmPluginListener: virtual public RefBase
329    {
330    public:
331        virtual void sendEvent(DrmPlugin::EventType eventType, int extra,
332                               Vector<uint8_t> const *sesionId,
333                               Vector<uint8_t> const *data) = 0;
334    };
335
336    inline void DrmPlugin::sendEvent(EventType eventType, int extra,
337                                     Vector<uint8_t> const *sessionId,
338                                     Vector<uint8_t> const *data) {
339
340        mEventLock.lock();
341        sp<DrmPluginListener> listener = mListener;
342        mEventLock.unlock();
343
344        if (listener != NULL) {
345            listener->sendEvent(eventType, extra, sessionId, data);
346        }
347    }
348
349}  // namespace android
350
351#endif // DRM_API_H_
352