drm/1.0/IDrmPlugin.hal

/**
 * Copyright (C) 2016 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package android.hardware.drm@1.0;

import IDrmPluginListener;

/**
 * Ref: frameworks/native/include/media/drm/DrmAPI.h:DrmPlugin
 *
 * IDrmPlugin is used to interact with a specific drm plugin that was
 * created by IDrm::createPlugin. A drm plugin provides methods for
 * obtaining drm keys that may be used by a codec to decrypt protected
 * video content.
 */
interface IDrmPlugin {

    /**
     * Open a new session with the DrmPlugin object. A session ID is returned
     * in the sessionId parameter.
     * @return status the status of the call. The status must be OK or one of
     * the following errors: ERROR_DRM_NOT_PROVISIONED if the device requires
     * provisioning before it can open a session, ERROR_DRM_RESOURCE_BUSY if
     * there are insufficent resources available to open a session,
     * ERROR_DRM_CANNOT_HANDLE, if openSession is not supported at the time of
     * the call or ERROR_DRM_INVALID_STATE if the HAL is in a state where a
     * session cannot be opened.
     * @return sessionId the session ID for the newly opened session
     */
    openSession() generates (Status status, SessionId sessionId);

    /**
     * Close a session on the DrmPlugin object
     *
     * @param sessionId the session id the call applies to
     * @return status the status of the call.  The status must be OK or one of
     * the following errors: ERROR_DRM_SESSION_NOT_OPENED if the session is not
     * opened, BAD_VALUE if the sessionId is invalid or ERROR_DRM_INVALID_STATE
     * if the HAL is in a state where the session cannot be closed.
     */
    closeSession(SessionId sessionId) generates (Status status);

    /**
     * A key request/response exchange occurs between the app and a License
     * Server to obtain the keys required to decrypt the content.
     * getKeyRequest() is used to obtain an opaque key request blob that is
     * delivered to the license server.
     *
     * @param scope may be a sessionId or a keySetId, depending on the
     * specified keyType. When the keyType is OFFLINE or STREAMING,
     * scope should be set to the sessionId the keys will be provided to.
     * When the keyType is RELEASE, scope should be set to the keySetId
     * of the keys being released.
     * @param initData container-specific data, its meaning is interpreted
     * based on the mime type provided in the mimeType parameter. It could
     * contain, for example, the content ID, key ID or other data obtained
     * from the content metadata that is required to generate the key request.
     * initData may be empty when keyType is RELEASE.
     * @param mimeType identifies the mime type of the content
     * @param keyType specifies if the keys are to be used for streaming,
     * offline or a release
     * @param optionalParameters included in the key request message to
     * allow a client application to provide additional message parameters to
     * the server.
     *
     * @return status the status of the call.  The status must be OK or one of
     * the following errors: ERROR_DRM_SESSION_NOT_OPENED if the session is not
     * opened, ERROR_DRM_NOT_PROVISIONED if the device requires provisioning
     * before it can generate a key request, ERROR_DRM_CANNOT_HANDLE if
     * getKeyRequest is not supported at the time of the call, BAD_VALUE if any
     * parameters are invalid or ERROR_DRM_INVALID_STATE if the HAL is in a state
     * where a key request cannot be generated.
     * @return request if successful, the opaque key request blob is returned
     * @return requestType indicates type information about the returned
     * request. The type may be one of INITIAL, RENEWAL or RELEASE. An
     * INITIAL request is the first key request for a license. RENEWAL is a
     * subsequent key request used to refresh the keys in a license. RELEASE
     * corresponds to a keyType of RELEASE, which indicates keys are being
     * released.
     * @return defaultUrl the URL that the request may be sent to, if
     * provided by the drm HAL. The app may choose to override this
     * URL.
     */
    getKeyRequest(vec<uint8_t> scope, vec<uint8_t> initData,
            string mimeType, KeyType keyType, KeyedVector optionalParameters)
        generates (Status status, vec<uint8_t> request,
                KeyRequestType requestType, string defaultUrl);

    /**
     * After a key response is received by the app, it is provided to the
     * Drm plugin using provideKeyResponse.
     *
     * @param scope may be a sessionId or a keySetId depending on the type
     * of the response. Scope should be set to the sessionId when the response
     * is for either streaming or offline key requests. Scope should be set to
     * the keySetId when the response is for a release request.
     * @param response the response from the key server that is being
     * provided to the drm HAL.
     *
     * @return status the status of the call.  The status must be OK or one of
     * the following errors: ERROR_DRM_SESSION_NOT_OPENED if the session is not
     * opened, ERROR_DRM_NOT_PROVISIONED if the device requires provisioning
     * before it can handle the key response, ERROR_DRM_DEVICE_REVOKED if the
     * device has been disabled by the license policy, ERROR_DRM_CANNOT_HANDLE
     * if provideKeyResponse is not supported at the time of the call, BAD_VALUE
     * if any parameters are invalid or ERROR_DRM_INVALID_STATE if the HAL is
     * in a state where a key response cannot be handled.
     * @return keySetId when the response is for an offline key request, a
     * keySetId is returned in the keySetId vector parameter that can be used
     * to later restore the keys to a new session with the method restoreKeys.
     * When the response is for a streaming or release request, no keySetId is
     * returned.
     */
    provideKeyResponse(vec<uint8_t> scope, vec<uint8_t> response)
        generates (Status status, vec<uint8_t> keySetId);

    /**
     * Remove the current keys from a session
     *
     * @param sessionId the session id the call applies to
     * @return status the status of the call.  The status must be OK or one of
     * the following errors: ERROR_DRM_SESSION_NOT_OPENED if the session is not
     * opened, BAD_VALUE if the sessionId is invalid or ERROR_DRM_INVALID_STATE
     * if the HAL is in a state where the keys cannot be removed.
     */
    removeKeys(SessionId sessionId) generates (Status status);

    /**
     * Restore persisted offline keys into a new session
     *
     * @param sessionId the session id the call applies to
     * @param keySetId identifies the keys to load, obtained from a prior
     * call to provideKeyResponse().
     * @return status the status of the call. The status must be OK or one of
     * the following errors: ERROR_DRM_SESSION_NOT_OPENED if the session is not
     * opened, BAD_VALUE if any parameters are invalid or ERROR_DRM_INVALID_STATE
     * if the HAL is in a state where keys cannot be restored.
     */
    restoreKeys(SessionId sessionId,
            vec<uint8_t> keySetId) generates (Status status);

    /**
     * Request an informative description of the license for the session. The
     * status is in the form of {name, value} pairs. Since DRM license policies
     * vary by vendor, the specific status field names are determined by each
     * DRM vendor. Refer to your DRM provider documentation for definitions of
     * the field names for a particular drm scheme.
     *
     * @param sessionId the session id the call applies to
     * @return status the status of the call. The status must be OK or one of
     * the following errors: ERROR_DRM_SESSION_NOT_OPENED if the session is not
     * opened, BAD_VALUE if the sessionId is invalid or ERROR_DRM_INVALID_STATE
     * if the HAL is in a state where key status cannot be queried.
     * @return infoList a list of name value pairs describing the license
     */
    queryKeyStatus(SessionId sessionId)
        generates (Status status, KeyedVector infoList);

    /**
     * A provision request/response exchange occurs between the app and a
     * provisioning server to retrieve a device certificate. getProvisionRequest
     * is used to obtain an opaque provisioning request blob that is delivered
     * to the provisioning server.
     *
     * @param certificateType the type of certificate requested, e.g. "X.509"
     * @param certificateAuthority identifies the certificate authority. A
     * certificate authority (CA) is an entity which issues digital certificates
     * for use by other parties. It is an example of a trusted third party.
     * @return status the status of the call. The status must be OK or one of
     * the following errors: BAD_VALUE if the sessionId is invalid,
     * ERROR_DRM_CANNOT_HANDLE if the drm scheme does not require provisioning
     * or ERROR_DRM_INVALID_STATE if the HAL is in a state where the provision
     * request cannot be generated.
     * @return request if successful the opaque certificate request blob
     * is returned
     * @return defaultUrl URL that the provisioning request should be
     * sent to, if known by the HAL implementation.  If the HAL implementation
     * does not provide a defaultUrl, the returned string must be empty.
     */
    getProvisionRequest(string certificateType, string certificateAuthority)
        generates (Status status, vec<uint8_t> request, string defaultUrl);

    /**
     * After a provision response is received by the app from a provisioning
     * server, it is provided to the Drm HAL using provideProvisionResponse.
     * The HAL implementation must receive the provision request and
     * store the provisioned credentials.
     *
     * @param response the opaque provisioning response received by the
     * app from a provisioning server.

     * @return status the status of the call. The status must be OK or one of
     * the following errors: ERROR_DRM_DEVICE_REVOKED if the device has been
     * disabled by the license policy, BAD_VALUE if any parameters are invalid
     * or ERROR_DRM_INVALID_STATE if the HAL is in a state where the provision
     * response cannot be handled.
     * @return certificate the public certificate resulting from the provisioning
     * operation, if any. An empty vector indicates that no certificate was
     * returned.
     * @return wrappedKey an opaque object containing encrypted private key
     * material to be used by signRSA when computing an RSA signature on a
     * message, see the signRSA method.
     */
    provideProvisionResponse(vec<uint8_t> response) generates (Status status,
            vec<uint8_t> certificate, vec<uint8_t> wrappedKey);

    /**
     * SecureStop is a way of enforcing the concurrent stream limit per
     * subscriber. It can securely monitor the lifetime of sessions across
     * device reboots by periodically persisting the session lifetime
     * status in secure storage.
     *
     * A signed version of the sessionID is written to persistent storage on the
     * device when each MediaCrypto object is created and periodically during
     * playback. The sessionID is signed by the device private key to prevent
     * tampering.
     *
     * When playback is completed the session is destroyed, and the secure
     * stops are queried by the app. The app then delivers the secure stop
     * message to a server which verifies the signature to confirm that the
     * session and its keys have been removed from the device. The persisted
     * record on the device is removed after receiving and verifying the
     * signed response from the server.
     */

    /**
     * Get all secure stops on the device
     *
     * @return status the status of the call. The status must be OK or
     * ERROR_DRM_INVALID_STATE if the HAL is in a state where the secure stops
     * cannot be returned.
     * @return secureStops a list of the secure stop opaque objects
     */
    getSecureStops() generates
        (Status status, vec<SecureStop> secureStops);

    /**
     * Get all secure stops by secure stop ID
     *
     * @param secureStopId the ID of the secure stop to return. The
     * secure stop ID is delivered by the key server as part of the key
     * response and must also be known by the app.
     *
     * @return status the status of the call. The status must be OK or one of
     * the following errors: BAD_VALUE if the secureStopId is invalid or
     * ERROR_DRM_INVALID_STATE if the HAL is in a state where the secure stop
     * cannot be returned.
     * @return secureStop the secure stop opaque object
     */

    getSecureStop(SecureStopId secureStopId)
        generates (Status status, SecureStop secureStop);

    /**
     * Release all secure stops on the device
     *
     * @return status the status of the call. The status must be OK or
     * ERROR_DRM_INVALID_STATE if the HAL is in a state where the secure
     * stops cannot be released.
     */
    releaseAllSecureStops() generates (Status status);

    /**
     * Release a secure stop by secure stop ID
     *
     * @param secureStopId the ID of the secure stop to release. The
     * secure stop ID is delivered by the key server as part of the key
     * response and must also be known by the app.
     *
     * @return status the status of the call. The status must be OK or one of
     * the following errors: BAD_VALUE if the secureStopId is invalid or
     * ERROR_DRM_INVALID_STATE if the HAL is in a state where the secure stop
     * cannot be released.
     */
    releaseSecureStop(vec<uint8_t> secureStopId) generates (Status status);

    /**
     * A drm scheme can have properties that are settable and readable
     * by an app. There are a few forms of property access methods,
     * depending on the data type of the property.
     *
     * Property values defined by the public API are:
     *   "vendor" [string] identifies the maker of the drm scheme
     *   "version" [string] identifies the version of the drm scheme
     *   "description" [string] describes the drm scheme
     *   'deviceUniqueId' [byte array] The device unique identifier is
     *   established during device provisioning and provides a means of
     *   uniquely identifying each device.
     *
     * Since drm scheme properties may vary, additional field names may be
     * defined by each DRM vendor. Refer to your DRM provider documentation
     * for definitions of its additional field names.
     */

    /**
     * Read a string property value given the property name.
     *
     * @param propertyName the name of the property
     * @return status the status of the call. The status must be OK or one of
     * the following errors: BAD_VALUE if the property name is invalid,
     * ERROR_DRM_CANNOT_HANDLE if the property is not supported, or
     * ERROR_DRM_INVALID_STATE if the HAL is in a state where the property
     * cannot be obtained.
     * @return value the property value string
     */
    getPropertyString(string propertyName)
        generates (Status status, string value);

    /**
     * Read a byte array property value given the property name.
     *
     * @param propertyName the name of the property
     * @return status the status of the call. The status must be OK or one of
     * the following errors: BAD_VALUE if the property name is invalid,
     * ERROR_DRM_CANNOT_HANDLE if the property is not supported, or
     * ERROR_DRM_INVALID_STATE if the HAL is in a state where the property
     * cannot be obtained.
     * @return value the property value byte array
     */
    getPropertyByteArray(string propertyName)
        generates (Status status, vec<uint8_t> value);

    /**
     * Write a property string value given the property name
     *
     * @param propertyName the name of the property
     * @param value the value to write
     * @return status the status of the call. The status must be OK or one of
     * the following errors: BAD_VALUE if the property name is invalid,
     * ERROR_DRM_CANNOT_HANDLE if the property is not supported, or
     * ERROR_DRM_INVALID_STATE if the HAL is in a state where the property
     * cannot be set.
     */
    setPropertyString(string propertyName, string value)
        generates (Status status);

    /**
     * Write a property byte array value given the property name
     *
     * @param propertyName the name of the property
     * @param value the value to write
     * @return status the status of the call. The status must be OK or one of
     * the following errors: BAD_VALUE if the property name is invalid,
     * ERROR_DRM_CANNOT_HANDLE if the property is not supported, or
     * ERROR_DRM_INVALID_STATE if the HAL is in a state where the property
     * cannot be set.
     */
    setPropertyByteArray(string propertyName, vec<uint8_t> value )
        generates (Status status);

    /**
     * The following methods implement operations on a CryptoSession to support
     * encrypt, decrypt, sign verify operations on operator-provided
     * session keys.
     */

    /**
     * Set the cipher algorithm to be used for the specified session.
     *
     * @param sessionId the session id the call applies to
     * @param algorithm the algorithm to use. The string conforms to JCA
     * Standard Names for Cipher Transforms and is case insensitive. An
     * example algorithm is "AES/CBC/PKCS5Padding".
     * @return status the status of the call. The status must be OK or one of
     * the following errors: ERROR_DRM_SESSION_NOT_OPENED if the session is not
     * opened, BAD_VALUE if any parameters are invalid or ERROR_DRM_INVALID_STATE
     * if the HAL is in a state where the algorithm cannot be set.
     */
    setCipherAlgorithm(SessionId sessionId, string algorithm)
        generates (Status status);

    /**
     * Set the MAC algorithm to be used for computing hashes in a session.
     *
     * @param sessionId the session id the call applies to
     * @param algorithm the algorithm to use. The string conforms to JCA
     * Standard Names for Mac Algorithms and is case insensitive. An example MAC
     * algorithm string is "HmacSHA256".
     * @return status the status of the call. The status must be OK or one of the
     * following errors: ERROR_DRM_SESSION_NOT_OPENED if the session is not
     * opened, BAD_VALUE if any parameters are invalid or ERROR_DRM_INVALID_STATE
     * if the HAL is in a state where the algorithm cannot be set.
     */
    setMacAlgorithm(SessionId sessionId, string algorithm)
        generates (Status status);

    /**
     * Encrypt the provided input buffer with the cipher algorithm specified by
     * setCipherAlgorithm and the key selected by keyId, and return the
     * encrypted data.
     *
     * @param sessionId the session id the call applies to
     * @param keyId the ID of the key to use for encryption
     * @param input the input data to encrypt
     * @param iv the initialization vector to use for encryption
     * @return status the status of the call. The status must be OK or one of the
     * following errors: ERROR_DRM_SESSION_NOT_OPENED if the session is not opened,
     * BAD_VALUE if any parameters are invalid or ERROR_DRM_INVALID_STATE
     * if the HAL is in a state where the encrypt operation cannot be performed.
     * @return output the decrypted data
     */
    encrypt(SessionId sessionId, vec<uint8_t> keyId, vec<uint8_t> input,
            vec<uint8_t> iv) generates (Status status, vec<uint8_t> output);

    /**
     * Decrypt the provided input buffer with the cipher algorithm
     * specified by setCipherAlgorithm and the key selected by keyId,
     * and return the decrypted data.
     *
     * @param sessionId the session id the call applies to
     * @param keyId the ID of the key to use for decryption
     * @param input the input data to decrypt
     * @param iv the initialization vector to use for decryption
     * @return status the status of the call. The status must be OK or one of
     * the following errors: ERROR_DRM_SESSION_NOT_OPENED if the session is not
     * opened, BAD_VALUE if any parameters are invalid or ERROR_DRM_INVALID_STATE
     * if the HAL is in a state where the decrypt operation cannot be
     * performed.
     * @return output the decrypted data
     */
    decrypt(SessionId sessionId, vec<uint8_t> keyId, vec<uint8_t> input,
            vec<uint8_t> iv) generates (Status status, vec<uint8_t> output);

    /**
     * Compute a signature over the provided message using the mac algorithm
     * specified by setMacAlgorithm and the key selected by keyId and return
     * the signature.
     *
     * @param sessionId the session id the call applies to
     * @param keyId the ID of the key to use for decryption
     * @param message the message to compute a signature over
     * @return status the status of the call. The status must be OK or one of
     * the following errors: ERROR_DRM_SESSION_NOT_OPENED if the session is not
     * opened, BAD_VALUE if any parameters are invalid or ERROR_DRM_INVALID_STATE
     * if the HAL is in a state where the sign operation cannot be
     * performed.
     * @return signature the computed signature
     */
    sign(SessionId sessionId, vec<uint8_t> keyId, vec<uint8_t> message)
        generates (Status status, vec<uint8_t> signature);

    /**
     * Compute a hash of the provided message using the mac algorithm specified
     * by setMacAlgorithm and the key selected by keyId, and compare with the
     * expected result.
     *
     * @param sessionId the session id the call applies to
     * @param keyId the ID of the key to use for decryption
     * @param message the message to compute a hash of
     * @param signature the signature to verify
     * @return status the status of the call. The status must be OK or one of
     * the following errors: ERROR_DRM_SESSION_NOT_OPENED if the session is not
     * opened, BAD_VALUE if any parameters are invalid or ERROR_DRM_INVALID_STATE
     * if the HAL is in a state where the verify operation cannot be
     * performed.
     * @return match true if the signature is verified positively,
     * false otherwise.
     */
    verify(SessionId sessionId, vec<uint8_t> keyId, vec<uint8_t> message,
            vec<uint8_t> signature) generates (Status status, bool match);

    /**
     * Compute an RSA signature on the provided message using the specified
     * algorithm.
     *
     * @param sessionId the session id the call applies to
     * @param algorithm the signing algorithm, such as "RSASSA-PSS-SHA1"
     * or "PKCS1-BlockType1"
     * @param message the message to compute the signature on
     * @param wrappedKey the private key returned during provisioning as
     * returned by provideProvisionResponse.
     * @return status the status of the call. The status must be OK or one of
     * the following errors: ERROR_DRM_SESSION_NOT_OPENED if the session is
     * not opened, BAD_VALUE if any parameters are invalid or
     * ERROR_DRM_INVALID_STATE if the HAL is in a state where the signRSA
     * operation cannot be performed.
     * @return signature the RSA signature computed over the message
     */
    signRSA(SessionId sessionId, string algorithm, vec<uint8_t> message,
        vec<uint8_t> wrappedkey)
        generates (Status status, vec<uint8_t> signature);

    /**
     * Plugins call the following methods to deliver events to the
     * java app.
     */

    /**
     * Set a listener for a drm session. This allows the drm HAL to
     * make asynchronous calls back to the client of IDrm.
     *
     * @param listener instance of IDrmPluginListener to receive the events
     */
    setListener(IDrmPluginListener listener);

    /**
     * Legacy event sending method, it sends events of various types using a
     * single overloaded set of parameters. This form is deprecated.
     *
     * @param eventType the type of the event
     * @param sessionId identifies the session the event originated from
     * @param data event-specific data blob
     */
    sendEvent(EventType eventType, SessionId sessionId, vec<uint8_t> data);

    /**
     * Send a license expiration update to the listener. The expiration
     * update indicates how long the current license is valid before it
     * needs to be renewed.
     *
     * @param sessionId identifies the session the event originated from
     * @param expiryTimeInMS the time when the keys need to be renewed.
     * The time is in milliseconds, relative to the Unix epoch. A time of 0
     * indicates that the keys never expire.
     */
     sendExpirationUpdate(SessionId sessionId, int64_t expiryTimeInMS);

    /**
     * Send a keys change event to the listener. The keys change event
     * indicates the status of each key in the session. Keys can be
     * indicated as being usable, expired, outputnotallowed or statuspending.
     *
     * @param sessionId identifies the session the event originated from
     * @param keyStatusList indicates the status for each key ID in the
     * session.
     * @param hasNewUsableKey indicates if the event includes at least one
     * key that has become usable.
     */
    sendKeysChange(SessionId sessionId, vec<KeyStatus> keyStatusList,
            bool hasNewUsableKey);
};