Source/WebCore/platform/graphics/gstreamer/eme/CDMProxyClearKey.h - WebKit - Git at Google

 /*
  * Copyright (C) 2020 Metrological Group B.V.
  * Copyright (C) 2020 Igalia S.L.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above
  *    copyright notice, this list of conditions and the following
  *    disclaimer in the documentation and/or other materials provided
  *    with the distribution.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */

 #pragma once

 #if ENABLE(ENCRYPTED_MEDIA)

 #include "CDMClearKey.h"
 #include "CDMInstanceSession.h"
 #include "MediaPlayerPrivate.h"
 #include "SharedBuffer.h"
 #include <gcrypt.h>
 #include <wtf/Condition.h>
 #include <wtf/VectorHash.h>

 namespace WebCore {

 class CDMProxyFactoryClearKey final : public CDMProxyFactory {
     WTF_MAKE_FAST_ALLOCATED;
 public:
     static CDMProxyFactoryClearKey& singleton();

     ~CDMProxyFactoryClearKey() = default;

 private:
     friend class NeverDestroyed<CDMProxyFactoryClearKey>;

     CDMProxyFactoryClearKey() = default;
     RefPtr<CDMProxy> createCDMProxy(const String&) final;
     bool supportsKeySystem(const String&) final;
 };

 // This is the thread-safe API that decode threads should use to make use of a
 // platform CDM module.
 class CDMProxyClearKey final : public CDMProxy, public CanMakeWeakPtr<CDMProxyClearKey, WeakPtrFactoryInitialization::Eager> {
 public:
     CDMProxyClearKey() = default;
     virtual ~CDMProxyClearKey();

     // FIXME: There's a lack of consistency between SharedBuffers,
     // Vector<char>'s and {uint8_t*,size_t} idioms for representing a chunk of
     // bytes. Fix that somehow. Note SharedBuffers are dangerous since
     // they're not thread-safe and this class must maintain
     // thread-safety, but maybe SharedBuffer::DataSegment could be
     // made to work, however that has zero helpers for dropping into
     // iterator-aware / comparator-aware containers...
     struct cencDecryptContext {
         // FIXME: Enacapsulate these fields in non-copied types.
         const uint8_t* keyID;
         size_t keyIDSizeInBytes;

         const uint8_t* iv;
         size_t ivSizeInBytes;

         uint8_t* encryptedBuffer;
         size_t encryptedBufferSizeInBytes;

         // FIXME: GStreamer-specific data layout.
         // If we want to get rid of the specific data layout, we can parse it before
         // assigning it here and maybe have a Vector<size_t> that is a series of
         // clear/decrypted/clear/decrypted... Or maybe even a Vector<std::pair<size_t, size_t>>
         // representing sequences of clear/decrypted sizes. That std::pair could even
         // become a struct ClearDecryptedChunkSizesInBytes for example.
         // https://bugs.webkit.org/show_bug.cgi?id=206730
         const uint8_t* subsamplesBuffer;
         size_t subsamplesBufferSizeInBytes;
         size_t numSubsamples;
         WeakPtr<CDMProxyDecryptionClient> cdmProxyDecryptionClient;

         bool isSubsampled() const { return numSubsamples; }
     };

     // FIXME: Unconditional in-place decryption. What about SVP?
     // FIXME: GStreamer-specific, in that the format of the subsample
     // data is defined by whatever qtdemux decides to do with it.
     bool cencDecrypt(cencDecryptContext&);

 private:
     gcry_cipher_hd_t& gCryptHandle();

     // FIXME: For now we only support AES in CTR mode, in the future
     // we will surely have to support more protection schemes. Can we
     // reuse some Crypto APIs in WebCore?
     bool cencSetCounterVector(const cencDecryptContext&);
     bool cencSetDecryptionKey(cencDecryptContext&);
     bool cencDecryptFullSample(cencDecryptContext&);
     bool cencDecryptSubsampled(cencDecryptContext&);

     void closeGCryptHandle();

     // FIXME: It would be nice to use something in WebCore for crypto...
     std::optional<gcry_cipher_hd_t> m_gCryptHandle { std::nullopt };
 };

 } // namespace WebCore

 #endif // ENABLE(ENCRYPTED_MEDIA)
	/*
	* Copyright (C) 2020 Metrological Group B.V.
	* Copyright (C) 2020 Igalia S.L.
	*
	* Redistribution and use in source and binary forms, with or without
	* modification, are permitted provided that the following conditions
	* are met:
	*
	* 1. Redistributions of source code must retain the above copyright
	* notice, this list of conditions and the following disclaimer.
	* 2. Redistributions in binary form must reproduce the above
	* copyright notice, this list of conditions and the following
	* disclaimer in the documentation and/or other materials provided
	* with the distribution.
	*
	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
	* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
	* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
	* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
	* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	*/

	#pragma once

	#if ENABLE(ENCRYPTED_MEDIA)

	#include "CDMClearKey.h"
	#include "CDMInstanceSession.h"
	#include "MediaPlayerPrivate.h"
	#include "SharedBuffer.h"
	#include <gcrypt.h>
	#include <wtf/Condition.h>
	#include <wtf/VectorHash.h>

	namespace WebCore {

	class CDMProxyFactoryClearKey final : public CDMProxyFactory {
	WTF_MAKE_FAST_ALLOCATED;
	public:
	static CDMProxyFactoryClearKey& singleton();

	~CDMProxyFactoryClearKey() = default;

	private:
	friend class NeverDestroyed<CDMProxyFactoryClearKey>;

	CDMProxyFactoryClearKey() = default;
	RefPtr<CDMProxy> createCDMProxy(const String&) final;
	bool supportsKeySystem(const String&) final;
	};

	// This is the thread-safe API that decode threads should use to make use of a
	// platform CDM module.
	class CDMProxyClearKey final : public CDMProxy, public CanMakeWeakPtr<CDMProxyClearKey, WeakPtrFactoryInitialization::Eager> {
	public:
	CDMProxyClearKey() = default;
	virtual ~CDMProxyClearKey();

	// FIXME: There's a lack of consistency between SharedBuffers,
	// Vector<char>'s and {uint8_t*,size_t} idioms for representing a chunk of
	// bytes. Fix that somehow. Note SharedBuffers are dangerous since
	// they're not thread-safe and this class must maintain
	// thread-safety, but maybe SharedBuffer::DataSegment could be
	// made to work, however that has zero helpers for dropping into
	// iterator-aware / comparator-aware containers...
	struct cencDecryptContext {
	// FIXME: Enacapsulate these fields in non-copied types.
	const uint8_t* keyID;
	size_t keyIDSizeInBytes;

	const uint8_t* iv;
	size_t ivSizeInBytes;

	uint8_t* encryptedBuffer;
	size_t encryptedBufferSizeInBytes;

	// FIXME: GStreamer-specific data layout.
	// If we want to get rid of the specific data layout, we can parse it before
	// assigning it here and maybe have a Vector<size_t> that is a series of
	// clear/decrypted/clear/decrypted... Or maybe even a Vector<std::pair<size_t, size_t>>
	// representing sequences of clear/decrypted sizes. That std::pair could even
	// become a struct ClearDecryptedChunkSizesInBytes for example.
	// https://bugs.webkit.org/show_bug.cgi?id=206730
	const uint8_t* subsamplesBuffer;
	size_t subsamplesBufferSizeInBytes;
	size_t numSubsamples;
	WeakPtr<CDMProxyDecryptionClient> cdmProxyDecryptionClient;

	bool isSubsampled() const { return numSubsamples; }
	};

	// FIXME: Unconditional in-place decryption. What about SVP?
	// FIXME: GStreamer-specific, in that the format of the subsample
	// data is defined by whatever qtdemux decides to do with it.
	bool cencDecrypt(cencDecryptContext&);

	private:
	gcry_cipher_hd_t& gCryptHandle();

	// FIXME: For now we only support AES in CTR mode, in the future
	// we will surely have to support more protection schemes. Can we
	// reuse some Crypto APIs in WebCore?
	bool cencSetCounterVector(const cencDecryptContext&);
	bool cencSetDecryptionKey(cencDecryptContext&);
	bool cencDecryptFullSample(cencDecryptContext&);
	bool cencDecryptSubsampled(cencDecryptContext&);

	void closeGCryptHandle();

	// FIXME: It would be nice to use something in WebCore for crypto...
	std::optional<gcry_cipher_hd_t> m_gCryptHandle { std::nullopt };
	};

	} // namespace WebCore

	#endif // ENABLE(ENCRYPTED_MEDIA)