Add cdm::ContentDecryptionModule_8

content_decryption_module.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CDM_CONTENT_DECRYPTION_MODULE_H_
 #define CDM_CONTENT_DECRYPTION_MODULE_H_
 
 #if defined(_MSC_VER)
 typedef unsigned char uint8_t;
 typedef unsigned int uint32_t;
@@ skipping 63 matching lines @@
 }
 
 namespace cdm {
 
 class AudioFrames;
 class DecryptedBlock;
 class VideoFrame;
 
 class Host_6;
 class Host_7;
+class Host_8;
 
 enum Status {
   kSuccess = 0,
   kNeedMoreData,  // Decoder needs more data to produce a decoded frame/sample.
   kNoKey,  // The required decryption key is not available.
   kSessionError,  // Session management error.
   kDecryptError,  // Decryption failed.
   kDecodeError,  // Error decoding audio or video.
   kDeferredInitialization  // Decoder is not ready for initialization.
 };
@@ skipping 204 matching lines @@
   const uint8_t* data;
   uint32_t length;
 };
 
 // The current status of the associated key. The valid types are defined in the
 // spec: https://w3c.github.io/encrypted-media/#idl-def-MediaKeyStatus
 enum KeyStatus {
   kUsable = 0,
   kInternalError = 1,
   kExpired = 2,
-  kOutputNotAllowed = 3
+  kOutputNotAllowed = 3,
+  kOutputDownscaled = 4,
+  kStatusPending = 5

[xhwang, 2015/03/19 17:16:22]

nit: The order of these values are different from the spec. Is this for
historical reasons? Not a big deal though.

[jrummell, 2015/03/19 19:08:50]

I don't want to change the existing 0..3 due to existing CDMs using them.

 };
 
 // Used when passing arrays of key information. Does not own the referenced
 // data. |system_code| is an additional error code for unusable keys and
 // should be 0 when |status| == kUsable.
 struct KeyInformation {
   KeyInformation()
       : key_id(NULL), key_id_size(0), status(kInternalError), system_code(0) {}
   const uint8_t* key_id;
   uint32_t key_id_size;
@@ skipping 19 matching lines @@
   kLinkTypeDisplayPort = 1 << 5,
   kLinkTypeNetwork = 1 << 6
 };
 
 // Result of the QueryOutputProtectionStatus() call.
 enum QueryResult {
   kQuerySucceeded = 0,
   kQueryFailed
 };
 
+// The Initialization Data Type. The valid types are defined in the spec:
+// http://w3c.github.io/encrypted-media/initdata-format-registry.html#registry
+enum InitDataType {
+  kCenc = 0,
+  kKeyIds = 1,
+  kWebm = 2

[xhwang, 2015/03/19 17:16:22]

s/Webm/WebM/

[jrummell, 2015/03/19 19:08:50]

Done.

+};
+
 // The type of session to create. The valid types are defined in the spec:
 // https://w3c.github.io/encrypted-media/#idl-def-SessionType
 enum SessionType {
   kTemporary = 0,
   kPersistentLicense = 1,
   kPersistentKeyRelease = 2
 };
 
 // The type of the message event.  The valid types are defined in the spec:
 // https://w3c.github.io/encrypted-media/#idl-def-MediaKeyMessageType
@@ skipping 438 matching lines @@
       uint32_t output_protection_mask) = 0;
 
   // Destroys the object in the same context as it was created.
   virtual void Destroy() = 0;
 
  protected:
   ContentDecryptionModule_7() {}
   virtual ~ContentDecryptionModule_7() {}
 };
 
-typedef ContentDecryptionModule_7 ContentDecryptionModule;
+// ContentDecryptionModule interface that all CDMs need to implement.
+// The interface is versioned for backward compatibility.
+// Note: ContentDecryptionModule implementations must use the allocator
+// provided in CreateCdmInstance() to allocate any Buffer that needs to
+// be passed back to the caller. Implementations must call Buffer::Destroy()
+// when a Buffer is created that will never be returned to the caller.
+class ContentDecryptionModule_8 {
+ public:
+  static const int kVersion = 8;
+  typedef Host_8 Host;
+
+  // Lets the CDM know whether distinctive identifiers are allowed or should

[ddorwin, 2015/03/19 02:42:00]

If that's what it did, we would call it Set...(). We could do that, but perhaps
there are other reasons a CDM might want to be initialized beyond the instance
creation. (Note that this cannot fail as defined.)

If we keep this, it should be something like:
// Initializes the CDM instance, providing information about permitted
functionalities.

[jrummell, 2015/03/19 19:08:50]

Comment updated.

+  // not be created.
+  virtual void Initialize(bool allow_distinctive_identifier) = 0;

[ddorwin, 2015/03/19 02:42:00]

Should we have allow_persistent_state rather than relying on CdmFileIo failing?

[jrummell, 2015/03/19 19:08:50]

Done. The CDM may want to know this rather than waiting for the FileIO to fail.

+
+  // SetServerCertificate(), CreateSessionAndGenerateRequest(), LoadSession(),
+  // UpdateSession(), CloseSession(), and RemoveSession() all accept a
+  // |promise_id|, which must be passed to the completion Host method
+  // (e.g. Host::OnResolveNewSessionPromise()).
+
+  // Provides a server certificate to be used to encrypt messages to the
+  // license server. The CDM must respond by calling either
+  // Host::OnResolvePromise() or Host::OnRejectPromise().
+  virtual void SetServerCertificate(uint32_t promise_id,
+                                    const uint8_t* server_certificate_data,
+                                    uint32_t server_certificate_data_size) = 0;
+
+  // Creates a session given |session_type|, |init_data_type|, and |init_data|.
+  // The CDM must respond by calling either Host::OnResolveNewSessionPromise()
+  // or Host::OnRejectPromise().
+  virtual void CreateSessionAndGenerateRequest(uint32_t promise_id,
+                                               SessionType session_type,
+                                               InitDataType init_data_type,
+                                               const uint8_t* init_data,
+                                               uint32_t init_data_size) = 0;
+
+  // Loads the session of type |session_type| specified by |session_id|.
+  // The CDM must respond by calling either Host::OnResolveNewSessionPromise()
+  // or Host::OnRejectPromise(). If the session is not found, call
+  // Host::OnResolveNewSessionPromise() with session_id = NULL.
+  virtual void LoadSession(uint32_t promise_id,
+                           SessionType session_type,
+                           const char* session_id,
+                           uint32_t session_id_size) = 0;
+
+  // Updates the session with |response|. The CDM must respond by calling
+  // either Host::OnResolvePromise() or Host::OnRejectPromise().
+  virtual void UpdateSession(uint32_t promise_id,
+                             const char* session_id,
+                             uint32_t session_id_size,
+                             const uint8_t* response,
+                             uint32_t response_size) = 0;
+
+  // Requests that the CDM close the session. The CDM must respond by calling
+  // either Host::OnResolvePromise() or Host::OnRejectPromise() when the request
+  // has been processed. This may be before the session is closed. Once the
+  // session is closed, Host::OnSessionClosed() must also be called.
+  virtual void CloseSession(uint32_t promise_id,
+                            const char* session_id,
+                            uint32_t session_id_size) = 0;
+
+  // Removes any stored session data associated with this session. Will only be
+  // called for persistent sessions. The CDM must respond by calling either
+  // Host::OnResolvePromise() or Host::OnRejectPromise() when the request has
+  // been processed.
+  virtual void RemoveSession(uint32_t promise_id,
+                             const char* session_id,
+                             uint32_t session_id_size) = 0;
+
+  // Performs scheduled operation with |context| when the timer fires.
+  virtual void TimerExpired(void* context) = 0;
+
+  // Decrypts the |encrypted_buffer|.
+  //
+  // Returns kSuccess if decryption succeeded, in which case the callee
+  // should have filled the |decrypted_buffer| and passed the ownership of
+  // |data| in |decrypted_buffer| to the caller.
+  // Returns kNoKey if the CDM did not have the necessary decryption key
+  // to decrypt.
+  // Returns kDecryptError if any other error happened.
+  // If the return value is not kSuccess, |decrypted_buffer| should be ignored
+  // by the caller.
+  virtual Status Decrypt(const InputBuffer& encrypted_buffer,
+                         DecryptedBlock* decrypted_buffer) = 0;
+
+  // Initializes the CDM audio decoder with |audio_decoder_config|. This
+  // function must be called before DecryptAndDecodeSamples() is called.
+  //
+  // Returns kSuccess if the |audio_decoder_config| is supported and the CDM
+  // audio decoder is successfully initialized.
+  // Returns kSessionError if |audio_decoder_config| is not supported. The CDM
+  // may still be able to do Decrypt().
+  // Returns kDeferredInitialization if the CDM is not ready to initialize the
+  // decoder at this time. Must call Host::OnDeferredInitializationDone() once
+  // initialization is complete.
+  virtual Status InitializeAudioDecoder(
+      const AudioDecoderConfig& audio_decoder_config) = 0;
+
+  // Initializes the CDM video decoder with |video_decoder_config|. This
+  // function must be called before DecryptAndDecodeFrame() is called.
+  //
+  // Returns kSuccess if the |video_decoder_config| is supported and the CDM
+  // video decoder is successfully initialized.
+  // Returns kSessionError if |video_decoder_config| is not supported. The CDM
+  // may still be able to do Decrypt().
+  // Returns kDeferredInitialization if the CDM is not ready to initialize the
+  // decoder at this time. Must call Host::OnDeferredInitializationDone() once
+  // initialization is complete.
+  virtual Status InitializeVideoDecoder(
+      const VideoDecoderConfig& video_decoder_config) = 0;
+
+  // De-initializes the CDM decoder and sets it to an uninitialized state. The
+  // caller can initialize the decoder again after this call to re-initialize
+  // it. This can be used to reconfigure the decoder if the configuration
+  // changes.
+  virtual void DeinitializeDecoder(StreamType decoder_type) = 0;
+
+  // Resets the CDM decoder to an initialized clean state. All internal buffers
+  // MUST be flushed.
+  virtual void ResetDecoder(StreamType decoder_type) = 0;
+
+  // Decrypts the |encrypted_buffer| and decodes the decrypted buffer into a
+  // |video_frame|. Upon end-of-stream, the caller should call this function
+  // repeatedly with empty |encrypted_buffer| (|data| == NULL) until only empty
+  // |video_frame| (|format| == kEmptyVideoFrame) is produced.
+  //
+  // Returns kSuccess if decryption and decoding both succeeded, in which case
+  // the callee will have filled the |video_frame| and passed the ownership of
+  // |frame_buffer| in |video_frame| to the caller.
+  // Returns kNoKey if the CDM did not have the necessary decryption key
+  // to decrypt.
+  // Returns kNeedMoreData if more data was needed by the decoder to generate
+  // a decoded frame (e.g. during initialization and end-of-stream).
+  // Returns kDecryptError if any decryption error happened.
+  // Returns kDecodeError if any decoding error happened.
+  // If the return value is not kSuccess, |video_frame| should be ignored by
+  // the caller.
+  virtual Status DecryptAndDecodeFrame(const InputBuffer& encrypted_buffer,
+                                       VideoFrame* video_frame) = 0;
+
+  // Decrypts the |encrypted_buffer| and decodes the decrypted buffer into
+  // |audio_frames|. Upon end-of-stream, the caller should call this function
+  // repeatedly with empty |encrypted_buffer| (|data| == NULL) until only empty
+  // |audio_frames| is produced.
+  //
+  // Returns kSuccess if decryption and decoding both succeeded, in which case
+  // the callee will have filled |audio_frames| and passed the ownership of
+  // |data| in |audio_frames| to the caller.
+  // Returns kNoKey if the CDM did not have the necessary decryption key
+  // to decrypt.
+  // Returns kNeedMoreData if more data was needed by the decoder to generate
+  // audio samples (e.g. during initialization and end-of-stream).
+  // Returns kDecryptError if any decryption error happened.
+  // Returns kDecodeError if any decoding error happened.
+  // If the return value is not kSuccess, |audio_frames| should be ignored by
+  // the caller.
+  virtual Status DecryptAndDecodeSamples(const InputBuffer& encrypted_buffer,
+                                         AudioFrames* audio_frames) = 0;
+
+  // Called by the host after a platform challenge was initiated via
+  // Host::SendPlatformChallenge().
+  virtual void OnPlatformChallengeResponse(
+      const PlatformChallengeResponse& response) = 0;
+
+  // Called by the host after a call to Host::QueryOutputProtectionStatus(). The
+  // |link_mask| is a bit mask of OutputLinkTypes and |output_protection_mask|
+  // is a bit mask of OutputProtectionMethods. If |result| is kQueryFailed,
+  // then |link_mask| and |output_protection_mask| are undefined and should
+  // be ignored.
+  virtual void OnQueryOutputProtectionStatus(
+      QueryResult result,
+      uint32_t link_mask,
+      uint32_t output_protection_mask) = 0;
+
+  // Destroys the object in the same context as it was created.
+  virtual void Destroy() = 0;
+
+ protected:
+  ContentDecryptionModule_8() {}
+  virtual ~ContentDecryptionModule_8() {}
+};
+
+typedef ContentDecryptionModule_8 ContentDecryptionModule;
 
 // Represents a buffer created by Allocator implementations.
 class Buffer {
  public:
   // Destroys the buffer in the same context as it was created.
   virtual void Destroy() = 0;
 
   virtual uint32_t Capacity() const = 0;
   virtual uint8_t* Data() = 0;
   virtual void SetSize(uint32_t size) = 0;
@@ skipping 266 matching lines @@
   // if a FileIO object cannot be obtained. Once a valid FileIO object is
   // returned, |client| must be valid until FileIO::Close() is called. The
   // CDM can call this method multiple times to operate on different files.
   virtual FileIO* CreateFileIO(FileIOClient* client) = 0;
 
  protected:
   Host_7() {}
   virtual ~Host_7() {}
 };
 
+class Host_8 {
+ public:
+  static const int kVersion = 8;
+
+  // Returns a Buffer* containing non-zero members upon success, or NULL on
+  // failure. The caller owns the Buffer* after this call. The buffer is not
+  // guaranteed to be zero initialized. The capacity of the allocated Buffer
+  // is guaranteed to be not less than |capacity|.
+  virtual Buffer* Allocate(uint32_t capacity) = 0;
+
+  // Requests the host to call ContentDecryptionModule::TimerFired() |delay_ms|
+  // from now with |context|.
+  virtual void SetTimer(int64_t delay_ms, void* context) = 0;
+
+  // Returns the current wall time in seconds.
+  virtual Time GetCurrentWallTime() = 0;
+
+  // Called by the CDM when a session is created or loaded and the value for the
+  // MediaKeySession's sessionId attribute is available (|session_id|).
+  // This must be called before OnSessionMessage() or
+  // OnSessionKeysChange() is called for the same session. |session_id_size|
+  // should not include null termination.
+  // When called in response to LoadSession(), the |session_id| must be the
+  // same as the |session_id| passed in LoadSession(), or NULL if the
+  // session could not be loaded.
+  virtual void OnResolveNewSessionPromise(uint32_t promise_id,
+                                          const char* session_id,
+                                          uint32_t session_id_size) = 0;
+
+  // Called by the CDM when a session is updated or released.
+  virtual void OnResolvePromise(uint32_t promise_id) = 0;
+
+  // Called by the CDM when an error occurs as a result of one of the
+  // ContentDecryptionModule calls that accept a |promise_id|.
+  // |error| must be specified, |error_message| and |system_code|
+  // are optional. |error_message_size| should not include null termination.
+  virtual void OnRejectPromise(uint32_t promise_id,
+                               Error error,
+                               uint32_t system_code,
+                               const char* error_message,
+                               uint32_t error_message_size) = 0;
+
+  // Called by the CDM when it has a message for session |session_id|.
+  // Size parameters should not include null termination.
+  // |legacy_destination_url| is only for supporting the prefixed EME API and
+  // is ignored by unprefixed EME. It should only be non-null if |message_type|
+  // is kLicenseRenewal.
+  virtual void OnSessionMessage(const char* session_id,
+                                uint32_t session_id_size,
+                                MessageType message_type,
+                                const char* message,
+                                uint32_t message_size,
+                                const char* legacy_destination_url,
+                                uint32_t legacy_destination_url_length) = 0;
+
+  // Called by the CDM when there has been a change in keys or their status for
+  // session |session_id|. |has_additional_usable_key| should be set if a
+  // key is newly usable (e.g. new key available, previously expired key has
+  // been renewed, etc.) and the browser should attempt to resume playback.
+  // |key_ids| is the list of key ids for this session along with their
+  // current status. |key_ids_count| is the number of entries in |key_ids|.
+  // Size parameter for |session_id| should not include null termination.
+  virtual void OnSessionKeysChange(const char* session_id,
+                                   uint32_t session_id_size,
+                                   bool has_additional_usable_key,
+                                   const KeyInformation* keys_info,
+                                   uint32_t keys_info_count) = 0;
+
+  // Called by the CDM when there has been a change in the expiration time for
+  // session |session_id|. This can happen as the result of an Update() call
+  // or some other event. If this happens as a result of a call to Update(),
+  // it must be called before resolving the Update() promise. |new_expiry_time|
+  // can be 0 to represent "undefined". Size parameter should not include
+  // null termination.
+  virtual void OnExpirationChange(const char* session_id,
+                                  uint32_t session_id_size,
+                                  Time new_expiry_time) = 0;
+
+  // Called by the CDM when session |session_id| is closed. Size
+  // parameter should not include null termination.
+  virtual void OnSessionClosed(const char* session_id,
+                               uint32_t session_id_size) = 0;
+
+  // Called by the CDM when an error occurs in session |session_id|
+  // unrelated to one of the ContentDecryptionModule calls that accept a
+  // |promise_id|. |error| must be specified, |error_message| and
+  // |system_code| are optional. Length parameters should not include null
+  // termination.
+  // Note:
+  // - This method is only for supporting prefixed EME API.
+  // - This method will be ignored by unprefixed EME. All errors reported
+  //   in this method should probably also be reported by one of other methods.
+  virtual void OnLegacySessionError(
+      const char* session_id, uint32_t session_id_length,
+      Error error,
+      uint32_t system_code,
+      const char* error_message, uint32_t error_message_length) = 0;
+
+  // The following are optional methods that may not be implemented on all
+  // platforms.
+
+  // Sends a platform challenge for the given |service_id|. |challenge| is at
+  // most 256 bits of data to be signed. Once the challenge has been completed,
+  // the host will call ContentDecryptionModule::OnPlatformChallengeResponse()
+  // with the signed challenge response and platform certificate. Size
+  // parameters should not include null termination.
+  virtual void SendPlatformChallenge(const char* service_id,
+                                     uint32_t service_id_size,
+                                     const char* challenge,
+                                     uint32_t challenge_size) = 0;
+
+  // Attempts to enable output protection (e.g. HDCP) on the display link. The
+  // |desired_protection_mask| is a bit mask of OutputProtectionMethods. No
+  // status callback is issued, the CDM must call QueryOutputProtectionStatus()
+  // periodically to ensure the desired protections are applied.
+  virtual void EnableOutputProtection(uint32_t desired_protection_mask) = 0;
+
+  // Requests the current output protection status. Once the host has the status
+  // it will call ContentDecryptionModule::OnQueryOutputProtectionStatus().
+  virtual void QueryOutputProtectionStatus() = 0;
+
+  // Must be called by the CDM if it returned kDeferredInitialization during
+  // InitializeAudioDecoder() or InitializeVideoDecoder().
+  virtual void OnDeferredInitializationDone(StreamType stream_type,
+                                            Status decoder_status) = 0;
+
+  // Creates a FileIO object from the host to do file IO operation. Returns NULL
+  // if a FileIO object cannot be obtained. Once a valid FileIO object is
+  // returned, |client| must be valid until FileIO::Close() is called. The
+  // CDM can call this method multiple times to operate on different files.
+  virtual FileIO* CreateFileIO(FileIOClient* client) = 0;
+
+ protected:
+  Host_8() {}
+  virtual ~Host_8() {}
+};
+
 // Represents a decrypted block that has not been decoded.
 class DecryptedBlock {
  public:
   virtual void SetDecryptedBuffer(Buffer* buffer) = 0;
   virtual Buffer* DecryptedBuffer() = 0;
 
   // TODO(tomfinegan): Figure out if timestamp is really needed. If it is not,
   // we can just pass Buffer pointers around.
   virtual void SetTimestamp(int64_t timestamp) = 0;
   virtual int64_t Timestamp() const = 0;
@@ skipping 58 matching lines @@
   virtual AudioFormat Format() const = 0;
 
  protected:
   AudioFrames() {}
   virtual ~AudioFrames() {}
 };
 
 }  // namespace cdm
 
 #endif  // CDM_CONTENT_DECRYPTION_MODULE_H_