Wasabi ExpressPlay SDK for Embedded Systems  1.23.0
Ts2Protection.h
Go to the documentation of this file.
1 /*****************************************************************
2 |
3 | MPEG2 Transport Stream - Protection
4 |
5 | $Id: Ts2Protection.h 354 2018-06-28 00:42:39Z pgirish $
6 | Original author: Julien Boeuf
7 |
8 | This software is provided to you pursuant to your agreement
9 | with Intertrust Technologies Corporation ("Intertrust").
10 | This software may be used only in accordance with the terms
11 | of the agreement.
12 |
13 | Copyright (c) 2010-2014 by Intertrust. All rights reserved.
14 |
15 ****************************************************************/
16 
17 #ifndef _TS2_PROTECTION_H_
18 #define _TS2_PROTECTION_H_
19 
20 /*----------------------------------------------------------------------
21 | includes
22 +---------------------------------------------------------------------*/
23 #include "Atomix.h"
24 #include "Ts2Packet.h"
25 #include "Ts2Iec62455.h"
26 #include "Ts2Crypto.h"
27 
28 /*----------------------------------------------------------------------
29 | constants
30 +---------------------------------------------------------------------*/
31 #define TS2_PROTECTION_KEY_LENGTH 16
32 
33 /*----------------------------------------------------------------------
34 | types
35 +---------------------------------------------------------------------*/
36 typedef struct TS2_PacketEncrypter TS2_PacketEncrypter;
37 typedef struct TS2_PacketDecrypter TS2_PacketDecrypter;
38 typedef struct TS2_ProtectionKeyMap TS2_ProtectionKeyMap;
39 
44 typedef struct TS2_Secret TS2_Secret;
45 
46 typedef struct {
47  void* instance;
48 
76  ATX_Result (*GetDrmKey)(void* instance,
77  const char* content_id,
78  ATX_Byte* drm_key,
79  ATX_Size* drm_key_len);
80 } TS2_DrmKeyResolver;
81 
85 typedef enum {
86  TS2_KEYFORMAT_CLEAR, /* <- clear traffic key (can be disabled at build time) */
87  TS2_KEYFORMAT_SKB /* <- SecureKeyBox exported traffic key */
88 } TS2_TrafficKeyFormat;
89 
94 typedef struct {
95  void* instance;
96  ATX_Result (*Decrypt)(void* instance,
97  const ATX_Byte* enc_data,
98  ATX_Size data_size,
99  ATX_Byte* dec_data);
100  void (*Destroy)(void* instance);
101 } TS2_SecretAesCbcDecrypter;
102 
106 #define TS2_SecretAesCbcDecrypter_Decrypt(self,a,b,c) \
107  self->Decrypt(self->instance,a,b,c)
108 
109 #define TS2_SecretAesCbcDecrypter_Destroy(self) \
110  self->Destroy(self)
111 
112 
118 typedef struct {
119  void* instance;
120 
137  ATX_Result (*GetDrmKey)(void* instance,
138  const char* content_id,
139  /* returns */
140  const TS2_Secret** drm_key);
141 
155  ATX_Result (*TruncatedSha1)(void* instance,
156  const TS2_Secret* in_key,
157  /* returns */
158  const TS2_Secret** out_key);
159 
191  ATX_Result (*ExportSecret)(void* instance,
192  const TS2_Secret* key,
193  /* returns */
194  ATX_Byte* key_data,
195  ATX_Size* key_data_size);
196 
197 
209  ATX_Result (*GetKeyFormat)(void* instance,
210  TS2_TrafficKeyFormat* key_format,
211  const void** parameters);
212 
213 
223  ATX_Result (*EqualSecret)(void* instance,
224  const TS2_Secret* key_a,
225  const TS2_Secret* key_b,
226  /*returns*/
227  ATX_Boolean* equal);
228 
237  void (*ReleaseSecret)(void* instance,
238  const TS2_Secret* secret);
239 
255  ATX_Result (*UnwrapSecret)(void* instance,
256  const TS2_Secret* key,
257  const ATX_Byte* wrapped_key,
258  ATX_Size wrapped_key_size,
259  /* returns */
260  const TS2_Secret** unwrapped_key);
261 
274  ATX_Result (*GetMacKey)(void* instance,
275  const TS2_Secret* mac_key,
276  const ATX_Byte* data,
277  ATX_Size data_size,
278  /* returns */
279  ATX_Byte mac_key_output[TS2_SHA1_DIGEST_SIZE]);
280 
281 
296  ATX_Result (*CreateSecretAesCbcDecrypter)(void* instance,
297  const ATX_Byte* key,
298  ATX_Size key_size,
299  const ATX_Byte* iv,
300  TS2_SecretAesCbcDecrypter** decrypter);
301 } TS2_CryptoInterface;
302 
303 
307 #define TS2_Crypto_GetDrmKey(self,a,b) \
308  self.GetDrmKey(self.instance,a,b)
309 
310 #define TS2_Crypto_TruncatedSha1(self,in_key,out_key) \
311  self.TruncatedSha1(self.instance,in_key,out_key)
312 
313 #define TS2_Crypto_ExportSecret(self,a,b,c) \
314  self.ExportSecret(self.instance,a,b,c)
315 
316 #define TS2_Crypto_GetKeyFormat(self,a,b) \
317  self.GetKeyFormat(self.instance,a,b)
318 
319 #define TS2_Crypto_EqualSecret(self,a,b,c) \
320  self.EqualSecret(self.instance,a,b,c)
321 
322 #define TS2_Crypto_ReleaseSecret(self,a) \
323  self.ReleaseSecret(self.instance,a)
324 
325 #define TS2_Crypto_UnwrapSecret(self,a,b,c,d) \
326  self.UnwrapSecret(self.instance,a,b,c,d)
327 
328 #define TS2_Crypto_GetMacKey(self,a,b,c,d) \
329  self.GetMacKey(self.instance,a,b,c,d)
330 
331 #define TS2_Crypto_CreateSecretAesCbcDecrypter(self,a,b,c,d) \
332  self.CreateSecretAesCbcDecrypter(self.instance,a,b,c,d)
333 
334 typedef enum {
335  TS2_NO_TRAFFIC_PROTECTION,
336  TS2_UNSUPPORTED_TRAFFIC_PROTECTION,
337  TS2_MPEG2TS_CRYPT_AES_CBC_PROTECTION,
338  TS2_MPEG2TS_CRYPT_AES_CBC_BBTS20_PROTECTION,
339  TS2_MPEG2TS_CRYPT_DVB_CSA_PROTECTION
340 } TS2_TrafficProtectionSystem;
341 
342 #ifdef __cplusplus
343 extern "C" {
344 #elif 0
345 }
346 #endif /* __cplusplus */
347 
348 /*----------------------------------------------------------------------
349 | TS2_PacketEncrypter functions
350 +---------------------------------------------------------------------*/
351 ATX_Result
352 TS2_PacketEncrypter_Create(TS2_TrafficProtectionSystem protection,
353  const ATX_Byte* drm_key,
354  const ATX_Byte* cid_extension,
355  ATX_Boolean is_service,
356  ATX_UInt32 crypto_period,
357  const ATX_Byte* traffic_seed,
358  ATX_Size seed_size,
359  ATX_UInt32 segment_start_index,
360  const ATX_Byte* common_iv,
361  ATX_Boolean single_key_layer,
362  TS2_KSMT* ksmt, /* doesn't take ownership */
363  const ATX_Byte* access_criteria,
364  ATX_Size access_criteria_size,
365  TS2_PacketEncrypter** encrypter);
366 
367 ATX_Result
368 TS2_PacketEncrypter_ResetDrm(TS2_PacketEncrypter* self,
369  const ATX_Byte* drm_key,
370  const ATX_Byte* cid_extension,
371  ATX_Boolean is_service,
372  const ATX_Byte* access_criteria,
373  ATX_Size access_criteria_size);
374 
375 ATX_Result
376 TS2_PacketEncrypter_UpdateKSMT(TS2_PacketEncrypter* self);
377 
378 void
379 TS2_PacketEncrypter_IncrementSegmentIndex(TS2_PacketEncrypter* self);
380 
381 ATX_Result
382 TS2_PacketEncrypter_Encrypt(TS2_PacketEncrypter* self,
383  TS2_Packet* packet);
384 
385 void
386 TS2_PacketEncrypter_Destroy(TS2_PacketEncrypter* self);
387 
388 /*----------------------------------------------------------------------
389 | TS2_KsmDecrypter functions
390 +---------------------------------------------------------------------*/
391 typedef enum {
392  TS2_KEYPARITY_EVEN,
393  TS2_KEYPARITY_ODD
394 } TS2_TrafficKeyParity;
395 
396 typedef struct {
397  ATX_Byte tag;
398  ATX_Byte length;
399  ATX_Byte* value;
400 } TS2_TagLengthValue;
401 
402 typedef enum {
403  TS2_KIF_CURRENT_KEY = (1<<0),
404  TS2_KIF_CURRENT_IV = (1<<1),
405  TS2_KIF_NEXT_KEY = (1<<2),
406  TS2_KIF_NEXT_IV = (1<<3),
407  TS2_KIF_ACCESS_CRIT = (1<<4),
408  TS2_KIF_TIMESTAMP = (1<<5),
409  TS2_KIF_KEY_LIFETIME = (1<<6),
410  TS2_KIF_PERMCATEGORY = (1<<7)
411 } TS2_KsmInfoFlag;
412 
416 typedef struct {
417  ATX_UInt32 present_mask; /* from TS2_KsmInfoFlag */
418 
419  TS2_TrafficKeyFormat format;
420  const void* format_params;
421  TS2_TrafficKeyParity current_key_parity;
422  const ATX_Byte* current_key;
423  ATX_Size current_key_size;
424  const ATX_Byte* current_iv;
425  ATX_Size current_iv_size;
426  const ATX_Byte* next_key;
427  ATX_Size next_key_size;
428  const ATX_Byte* next_iv;
429  ATX_Size next_iv_size;
430  ATX_Byte* access_criteria;
431  ATX_Size access_criteria_count;
432  ATX_UInt64 timestamp;
433  ATX_UInt8 key_lifetime;
434  ATX_UInt8 permissions_category;
435  TS2_TrafficProtectionSystem protection;
436 } TS2_KsmInfo;
437 
438 typedef struct {
439  void *instance;
440  void (*OnKsmInfoChange)(void *instance,
441  const TS2_KsmInfo* ksm_info,
442  ATX_UInt32 change_mask /* from TS2_KsmInfoFlag */);
443 } TS2_KsmDecrypterListener;
444 
445 typedef struct TS2_KsmDecrypter TS2_KsmDecrypter;
446 
447 ATX_Result
448 TS2_KsmDecrypter_Create(const char* cid_base,
449  TS2_CryptoInterface crypto,
450  TS2_KsmDecrypterListener listener,
451  TS2_TrafficProtectionSystem protection,
452  ATX_UInt32 kdf_type,
453  TS2_KsmDecrypter** decrypter);
454 
455 ATX_Result
456 TS2_KsmDecrypter_UpdateKSM(TS2_KsmDecrypter* self,
457  const TS2_KSM* ksm);
458 
459 void
460 TS2_KsmDecrypter_Destroy(TS2_KsmDecrypter* self);
461 
462 
463 /*----------------------------------------------------------------------
464 | TS2_PacketDecrypter functions
465 +---------------------------------------------------------------------*/
466 ATX_Result
467 TS2_PacketDecrypter_Create(TS2_TrafficProtectionSystem protection,
468  ATX_UInt32 kdf_type,
469  const char* cid_base,
470  TS2_DrmKeyResolver key_resolver,
471  TS2_CryptoInterface* crypto,
472  TS2_PacketDecrypter** decrypter);
473 
474 ATX_Result
475 TS2_PacketDecrypter_UpdateKSM(TS2_PacketDecrypter* self,
476  const TS2_KSM* ksm);
477 
478 ATX_Result
479 TS2_PacketDecrypter_Decrypt(TS2_PacketDecrypter* self,
480  TS2_Packet* packet);
481 
482 void
483 TS2_PacketDecrypter_Destroy(TS2_PacketDecrypter* self);
484 
485 /*----------------------------------------------------------------------
486 | TS2_ProtectionKeyMap functions
487 +---------------------------------------------------------------------*/
488 ATX_Result
489 TS2_ProtectionKeyMap_Create(TS2_ProtectionKeyMap** key_map);
490 
492 ATX_Result
493 TS2_ProtectionKeyMap_SetKey(TS2_ProtectionKeyMap* self,
494  const char* content_id,
495  const ATX_Byte* key);
496 
497 const ATX_Byte*
498 TS2_ProtectionKeyMap_GetKey(const TS2_ProtectionKeyMap* self,
499  const char* content_id);
500 
501 TS2_DrmKeyResolver
502 TS2_ProtectionKeyMap_GetResolver(TS2_ProtectionKeyMap* self);
503 
504 void
505 TS2_ProtectionKeyMap_Destroy(TS2_ProtectionKeyMap* self);
506 
507 /*----------------------------------------------------------------------
508 | Key Material Generation functions
509 +---------------------------------------------------------------------*/
510 ATX_Result
511 TS2_GenerateTrafficKey(const ATX_Byte* seed,
512  ATX_Size seed_size,
513  ATX_UInt32 index,
514  ATX_Byte* traffic_key);
515 
516 ATX_Result
517 TS2_GenerateInitializationVector(const ATX_Byte* seed,
518  ATX_Size seed_size,
519  ATX_UInt32 index,
520  ATX_Byte* iv);
521 
522 #ifdef __cplusplus
523 }
524 #endif /* __cplusplus */
525 
526 
527 #endif /* _TS2_PROTECTION_H_ */
TS2_KsmInfo::next_key
const ATX_Byte * next_key
Definition: Ts2Protection.h:426
TS2_KsmDecrypterListener::instance
void * instance
Definition: Ts2Protection.h:439
TS2_PacketDecrypter_Create
ATX_Result TS2_PacketDecrypter_Create(TS2_TrafficProtectionSystem protection, ATX_UInt32 kdf_type, const char *cid_base, TS2_DrmKeyResolver key_resolver, TS2_CryptoInterface *crypto, TS2_PacketDecrypter **decrypter)
TS2_PacketDecrypter_Destroy
void TS2_PacketDecrypter_Destroy(TS2_PacketDecrypter *self)
TS2_KEYPARITY_EVEN
Definition: Ts2Protection.h:392
TS2_PacketDecrypter
struct TS2_PacketDecrypter TS2_PacketDecrypter
Definition: Ts2Protection.h:37
TS2_KsmInfo::current_key_size
ATX_Size current_key_size
Definition: Ts2Protection.h:423
TS2_MPEG2TS_CRYPT_DVB_CSA_PROTECTION
Definition: Ts2Protection.h:339
TS2_KsmInfo::permissions_category
ATX_UInt8 permissions_category
Definition: Ts2Protection.h:434
TS2_PacketEncrypter_IncrementSegmentIndex
void TS2_PacketEncrypter_IncrementSegmentIndex(TS2_PacketEncrypter *self)
TS2_PacketEncrypter_ResetDrm
ATX_Result TS2_PacketEncrypter_ResetDrm(TS2_PacketEncrypter *self, const ATX_Byte *drm_key, const ATX_Byte *cid_extension, ATX_Boolean is_service, const ATX_Byte *access_criteria, ATX_Size access_criteria_size)
TS2_ProtectionKeyMap_Destroy
void TS2_ProtectionKeyMap_Destroy(TS2_ProtectionKeyMap *self)
TS2_ProtectionKeyMap_GetKey
const ATX_Byte * TS2_ProtectionKeyMap_GetKey(const TS2_ProtectionKeyMap *self, const char *content_id)
TS2_TrafficKeyParity
TS2_TrafficKeyParity
Definition: Ts2Protection.h:391
TS2_KIF_PERMCATEGORY
Definition: Ts2Protection.h:410
TS2_SecretAesCbcDecrypter::instance
void * instance
Definition: Ts2Protection.h:95
TS2_KsmInfo::protection
TS2_TrafficProtectionSystem protection
Definition: Ts2Protection.h:435
TS2_KsmInfo::format_params
const void * format_params
Definition: Ts2Protection.h:420
TS2_KsmDecrypterListener
Definition: Ts2Protection.h:438
TS2_KsmInfo::key_lifetime
ATX_UInt8 key_lifetime
Definition: Ts2Protection.h:433
TS2_KsmInfo::next_iv_size
ATX_Size next_iv_size
Definition: Ts2Protection.h:429
TS2_KsmInfo::next_iv
const ATX_Byte * next_iv
Definition: Ts2Protection.h:428
TS2_GenerateInitializationVector
ATX_Result TS2_GenerateInitializationVector(const ATX_Byte *seed, ATX_Size seed_size, ATX_UInt32 index, ATX_Byte *iv)
TS2_KsmInfo::access_criteria_count
ATX_Size access_criteria_count
Definition: Ts2Protection.h:431
TS2_UNSUPPORTED_TRAFFIC_PROTECTION
Definition: Ts2Protection.h:336
TS2_KsmInfo::current_key
const ATX_Byte * current_key
Definition: Ts2Protection.h:422
TS2_KsmInfo
For DVB-CSA protection, key consumer needs to depad the traffic keys from 128-bits to 64-bits...
Definition: Ts2Protection.h:416
TS2_KsmDecrypter
struct TS2_KsmDecrypter TS2_KsmDecrypter
Definition: Ts2Protection.h:445
TS2_ProtectionKeyMap_GetResolver
TS2_DrmKeyResolver TS2_ProtectionKeyMap_GetResolver(TS2_ProtectionKeyMap *self)
TS2_KsmDecrypter_UpdateKSM
ATX_Result TS2_KsmDecrypter_UpdateKSM(TS2_KsmDecrypter *self, const TS2_KSM *ksm)
TS2_TagLengthValue::value
ATX_Byte * value
Definition: Ts2Protection.h:399
TS2_KSMT
Definition: Ts2Iec62455.h:111
TS2_KIF_NEXT_IV
Definition: Ts2Protection.h:406
TS2_KsmInfo::access_criteria
ATX_Byte * access_criteria
Definition: Ts2Protection.h:430
TS2_CryptoInterface::instance
void * instance
Definition: Ts2Protection.h:119
TS2_KsmInfo::next_key_size
ATX_Size next_key_size
Definition: Ts2Protection.h:427
TS2_KIF_TIMESTAMP
Definition: Ts2Protection.h:408
TS2_KIF_KEY_LIFETIME
Definition: Ts2Protection.h:409
TS2_KsmDecrypter_Destroy
void TS2_KsmDecrypter_Destroy(TS2_KsmDecrypter *self)
TS2_TagLengthValue::length
ATX_Byte length
Definition: Ts2Protection.h:398
TS2_PacketEncrypter_Create
ATX_Result TS2_PacketEncrypter_Create(TS2_TrafficProtectionSystem protection, const ATX_Byte *drm_key, const ATX_Byte *cid_extension, ATX_Boolean is_service, ATX_UInt32 crypto_period, const ATX_Byte *traffic_seed, ATX_Size seed_size, ATX_UInt32 segment_start_index, const ATX_Byte *common_iv, ATX_Boolean single_key_layer, TS2_KSMT *ksmt, const ATX_Byte *access_criteria, ATX_Size access_criteria_size, TS2_PacketEncrypter **encrypter)
TS2_GenerateTrafficKey
ATX_Result TS2_GenerateTrafficKey(const ATX_Byte *seed, ATX_Size seed_size, ATX_UInt32 index, ATX_Byte *traffic_key)
TS2_DrmKeyResolver
Definition: Ts2Protection.h:46
TS2_KsmDecrypter_Create
ATX_Result TS2_KsmDecrypter_Create(const char *cid_base, TS2_CryptoInterface crypto, TS2_KsmDecrypterListener listener, TS2_TrafficProtectionSystem protection, ATX_UInt32 kdf_type, TS2_KsmDecrypter **decrypter)
TS2_CryptoInterface
Clients of the MPEG-2 TS SDK API must implement the following interface (TS2_CryptoInterface) to prov...
Definition: Ts2Protection.h:118
TS2_NO_TRAFFIC_PROTECTION
Definition: Ts2Protection.h:335
TS2_Packet
Definition: Ts2Packet.h:91
TS2_KsmInfoFlag
TS2_KsmInfoFlag
Definition: Ts2Protection.h:402
TS2_PacketDecrypter_UpdateKSM
ATX_Result TS2_PacketDecrypter_UpdateKSM(TS2_PacketDecrypter *self, const TS2_KSM *ksm)
TS2_KIF_CURRENT_IV
Definition: Ts2Protection.h:404
TS2_Secret
struct TS2_Secret TS2_Secret
An opaque data structure defined by an implementation of the TS2_CryptoInterface. ...
Definition: Ts2Protection.h:44
TS2_KEYPARITY_ODD
Definition: Ts2Protection.h:393
TS2_KIF_ACCESS_CRIT
Definition: Ts2Protection.h:407
TS2_KsmInfo::format
TS2_TrafficKeyFormat format
Definition: Ts2Protection.h:419
TS2_KsmInfo::timestamp
ATX_UInt64 timestamp
Definition: Ts2Protection.h:432
TS2_KEYFORMAT_SKB
Definition: Ts2Protection.h:87
TS2_KsmInfo::current_iv
const ATX_Byte * current_iv
Definition: Ts2Protection.h:424
TS2_TagLengthValue::tag
ATX_Byte tag
Definition: Ts2Protection.h:397
TS2_KsmInfo::present_mask
ATX_UInt32 present_mask
Definition: Ts2Protection.h:417
TS2_PacketEncrypter_UpdateKSMT
ATX_Result TS2_PacketEncrypter_UpdateKSMT(TS2_PacketEncrypter *self)
TS2_TagLengthValue
Definition: Ts2Protection.h:396
TS2_TrafficProtectionSystem
TS2_TrafficProtectionSystem
Definition: Ts2Protection.h:334
TS2_MPEG2TS_CRYPT_AES_CBC_PROTECTION
Definition: Ts2Protection.h:337
TS2_KsmInfo::current_key_parity
TS2_TrafficKeyParity current_key_parity
Definition: Ts2Protection.h:421
TS2_SHA1_DIGEST_SIZE
#define TS2_SHA1_DIGEST_SIZE
Definition: Ts2Crypto.h:31
TS2_SecretAesCbcDecrypter
Decrypter structure for the decrypter created by the TS2_CryptoInterface CreateSecretAesCbcDecrypter ...
Definition: Ts2Protection.h:94
TS2_TrafficKeyFormat
TS2_TrafficKeyFormat
Traffic key format identifiers.
Definition: Ts2Protection.h:85
TS2_PacketDecrypter_Decrypt
ATX_Result TS2_PacketDecrypter_Decrypt(TS2_PacketDecrypter *self, TS2_Packet *packet)
TS2_KSM
Definition: Ts2Iec62455.h:85
TS2_PacketEncrypter_Encrypt
ATX_Result TS2_PacketEncrypter_Encrypt(TS2_PacketEncrypter *self, TS2_Packet *packet)
TS2_PacketEncrypter
struct TS2_PacketEncrypter TS2_PacketEncrypter
Definition: Ts2Protection.h:36
TS2_PacketEncrypter_Destroy
void TS2_PacketEncrypter_Destroy(TS2_PacketEncrypter *self)
TS2_MPEG2TS_CRYPT_AES_CBC_BBTS20_PROTECTION
Definition: Ts2Protection.h:338
TS2_ProtectionKeyMap_SetKey
ATX_Result TS2_ProtectionKeyMap_SetKey(TS2_ProtectionKeyMap *self, const char *content_id, const ATX_Byte *key)
key length is TS2_PROTECTION_KEY_LENGTH
TS2_ProtectionKeyMap_Create
ATX_Result TS2_ProtectionKeyMap_Create(TS2_ProtectionKeyMap **key_map)
TS2_KsmInfo::current_iv_size
ATX_Size current_iv_size
Definition: Ts2Protection.h:425
TS2_DrmKeyResolver::instance
void * instance
Definition: Ts2Protection.h:47
TS2_ProtectionKeyMap
struct TS2_ProtectionKeyMap TS2_ProtectionKeyMap
Definition: Ts2Protection.h:38
TS2_KIF_CURRENT_KEY
Definition: Ts2Protection.h:403
TS2_KEYFORMAT_CLEAR
Definition: Ts2Protection.h:86
TS2_KIF_NEXT_KEY
Definition: Ts2Protection.h:405