Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add fragment.encrypted unit tests for manifest signalled DRM (PlayReady and Widevine) #2735

Merged
merged 3 commits into from
May 17, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion src/controller/audio-stream-controller.ts
Original file line number Diff line number Diff line change
Expand Up @@ -279,7 +279,7 @@ class AudioStreamController extends BaseStreamController implements ComponentAPI
return;
}

if (frag.encrypted) {
if (frag.decryptdata?.keyFormat === 'identity' && !frag.decryptdata?.key) {
this.log(`Loading key for ${frag.sn} of [${trackDetails.startSN} ,${trackDetails.endSN}],track ${trackId}`);
this.state = State.KEY_LOADING;
hls.trigger(Events.KEY_LOADING, { frag: frag });
Expand Down
22 changes: 13 additions & 9 deletions src/controller/stream-controller.ts
Original file line number Diff line number Diff line change
Expand Up @@ -251,16 +251,20 @@ export default class StreamController extends BaseStreamController implements Ne
}

const frag = this.getNextFragment(bufferInfo.end, levelDetails);
if (frag) {
if (frag.encrypted) {
this.log(`Loading key for ${frag.sn} of [${levelDetails.startSN} ,${levelDetails.endSN}],level ${level}`);
this._loadKey(frag);
} else {
if (this.fragCurrent !== frag) {
this.log(`Loading fragment ${frag.sn} of [${levelDetails.startSN} ,${levelDetails.endSN}],level ${level}, currentTime:${pos.toFixed(3)},bufferEnd:${bufferInfo.end.toFixed(3)}`);
}
this._loadFragment(frag);
if (!frag) {
return;
}

// We want to load the key if we're dealing with an identity key, because we will decrypt
// this content using the key we fetch. Other keys will be handled by the DRM CDM via EME.
if (frag.decryptdata?.keyFormat === 'identity' && !frag.decryptdata?.key) {
this.log(`Loading key for ${frag.sn} of [${levelDetails.startSN} ,${levelDetails.endSN}],level ${level}`);
this._loadKey(frag);
} else {
if (this.fragCurrent !== frag) {
this.log(`Loading fragment ${frag.sn} of [${levelDetails.startSN} ,${levelDetails.endSN}],level ${level}, currentTime:${pos.toFixed(3)},bufferEnd:${bufferInfo.end.toFixed(3)}`);
}
this._loadFragment(frag);
}
}

Expand Down
14 changes: 11 additions & 3 deletions src/loader/fragment.ts
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,14 @@ export default class Fragment {
}

get encrypted () {
return !!((this.decryptdata && this.decryptdata.uri !== null) && (this.decryptdata.key === null));
// At the m3u8-parser level we need to add support for manifest signalled keyformats
// when we want the fragment to start reporting that it is encrypted.
// Currently, keyFormat will only be set for identity keys
if (this.decryptdata?.keyFormat && this.decryptdata.uri) {
return true;
}

return false;
}

/**
Expand All @@ -206,10 +213,11 @@ export default class Fragment {
setDecryptDataFromLevelKey (levelkey: LevelKey, segmentNumber: number): LevelKey {
let decryptdata = levelkey;

if (levelkey?.method && levelkey.uri && !levelkey.iv) {
decryptdata = new LevelKey(levelkey.baseuri, levelkey.reluri);
if (levelkey?.method === 'AES-128' && levelkey.uri && !levelkey.iv) {
decryptdata = LevelKey.fromURI(levelkey.uri);
decryptdata.method = levelkey.method;
decryptdata.iv = this.createInitializationVector(segmentNumber);
decryptdata.keyFormat = 'identity';
}

return decryptdata;
Expand Down
25 changes: 16 additions & 9 deletions src/loader/level-key.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,30 @@ import { buildAbsoluteURL } from 'url-toolkit';

export default class LevelKey {
private _uri: string | null = null;

public baseuri: string;
public reluri: string;
public method: string | null = null;
public keyFormat: string | null = null;
public keyFormatVersions: string | null = null;
public keyID: string | null = null;
public key: Uint8Array | null = null;
public iv: Uint8Array | null = null;

constructor (baseURI: string, relativeURI: string) {
this.baseuri = baseURI;
this.reluri = relativeURI;
static fromURL (baseUrl: string, relativeUrl: string): LevelKey {
return new LevelKey(baseUrl, relativeUrl);
}

get uri () {
if (!this._uri && this.reluri) {
this._uri = buildAbsoluteURL(this.baseuri, this.reluri, { alwaysNormalize: true });
static fromURI (uri: string): LevelKey {
return new LevelKey(uri);
}

private constructor (absoluteOrBaseURI: string, relativeURL?: string) {
if (relativeURL) {
this._uri = buildAbsoluteURL(absoluteOrBaseURI, relativeURL, { alwaysNormalize: true });
} else {
this._uri = absoluteOrBaseURI;
}
}

get uri () {
return this._uri;
}
}
37 changes: 32 additions & 5 deletions src/loader/m3u8-parser.ts
Original file line number Diff line number Diff line change
Expand Up @@ -300,19 +300,46 @@ export default class M3U8Parser {
const decryptmethod = keyAttrs.enumeratedString('METHOD');
const decrypturi = keyAttrs.URI;
const decryptiv = keyAttrs.hexadecimalInteger('IV');
const decryptkeyformatversions = keyAttrs.enumeratedString('KEYFORMATVERSIONS');
const decryptkeyid = keyAttrs.enumeratedString('KEYID');
// From RFC: This attribute is OPTIONAL; its absence indicates an implicit value of "identity".
const decryptkeyformat = keyAttrs.KEYFORMAT || 'identity';
const decryptkeyformat = keyAttrs.enumeratedString('KEYFORMAT') ?? 'identity';
itsjamie marked this conversation as resolved.
Show resolved Hide resolved

if (decryptkeyformat === 'com.apple.streamingkeydelivery') {
logger.warn('Keyformat com.apple.streamingkeydelivery is not supported');
const unsupportedKnownKeyformatsInManifest = [
'com.apple.streamingkeydelivery',
'com.microsoft.playready',
'urn:uuid:edef8ba9-79d6-4ace-a3c8-27dcd51d21ed', // widevine (v2)
'com.widevine' // earlier widevine (v1)
];

if (unsupportedKnownKeyformatsInManifest.includes(decryptkeyformat)) {
logger.warn(`Keyformat ${decryptkeyformat} is not supported from the manifest`);
continue;
} else if (decryptkeyformat !== 'identity') {
// We are supposed to skip keys we don't understand.
// As we currently only officially support identity keys
// from the manifest we shouldn't save any other key.
continue;
}

// TODO: multiple keys can be defined on a fragment, and we need to support this
// for clients that support both playready and widevine
if (decryptmethod) {
levelkey = new LevelKey(baseurl, decrypturi);
// TODO: need to determine if the level key is actually a relative URL
// if it isn't, then we should instead construct the LevelKey using fromURI.
levelkey = LevelKey.fromURL(baseurl, decrypturi);
if ((decrypturi) && (['AES-128', 'SAMPLE-AES', 'SAMPLE-AES-CENC'].indexOf(decryptmethod) >= 0)) {
levelkey.method = decryptmethod;
levelkey.key = null;
levelkey.keyFormat = decryptkeyformat;

if (decryptkeyid) {
levelkey.keyID = decryptkeyid;
}

if (decryptkeyformatversions) {
levelkey.keyFormatVersions = decryptkeyformatversions;
}

// Initialization Vector (IV)
levelkey.iv = decryptiv;
}
Expand Down
2 changes: 1 addition & 1 deletion src/utils/attr-list.ts
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ class AttrList {
return parseFloat(this[attrName]);
}

enumeratedString (attrName: string): string {
enumeratedString (attrName: string): string | undefined {
return this[attrName];
}

Expand Down
54 changes: 54 additions & 0 deletions tests/unit/loader/fragment.js
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import Fragment from '../../../src/loader/fragment';
import LevelKey from '../../../src/loader/level-key';

describe('Fragment class tests', function () {
/**
Expand All @@ -9,6 +10,59 @@ describe('Fragment class tests', function () {
frag = new Fragment();
});

describe('encrypted', function () {
it('returns true if an EXT-X-KEY is associated with the fragment', function () {
// From https://docs.microsoft.com/en-us/azure/media-services/previous/media-services-protect-with-aes128

const key = LevelKey.fromURL('https://wamsbayclus001kd-hs.cloudapp.net', './HlsHandler.ashx?kid=da3813af-55e6-48e7-aa9f-a4d6031f7b4d');
key.method = 'AES-128';
key.iv = '0XD7D7D7D7D7D7D7D7D7D7D7D7D7D7D7D7';
key.keyFormat = 'identity';
frag.levelkey = key;
expect(frag.decryptdata.uri).to.equal('https://wamsbayclus001kd-hs.cloudapp.net/HlsHandler.ashx?kid=da3813af-55e6-48e7-aa9f-a4d6031f7b4d');
expect(frag.encrypted).to.equal(true);
});

it('returns true for widevine v2 manifest signalled encryption', function () {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

while these tests return true, currently, via integration they won't ever be set on the fragment as these keys are currently set as "unknown" keyformats, since we don't handle them as a client yet.

// #EXT-X-KEY:METHOD=SAMPLE-AES,URI=”data:text/plain;base64,AAAAPXBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAAB0aDXdpZGV2aW5lX3Rlc3QiDHRlc3QgY29udGVudA==”,KEYID=0x112233445566778899001122334455,KEYFORMAT=”urn:uuid:edef8ba9-79d6-4ace-a3c8-27dcd51d21ed”,KEYFORMATVERSION=”1”
// From https://www.academia.edu/36030972/Widevine_DRM_for_HLS

const key = LevelKey.fromURI('data:text/plain;base64,AAAAPXBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAAB0aDXdpZGV2aW5lX3Rlc3QiDHRlc3QgY29udGVudA==');
key.method = 'SAMPLE-AES';
key.keyFormat = 'urn:uuid:edef8ba9-79d6-4ace-a3c8-27dcd51d21ed';
key.keyFormatVersions = '1';
frag.levelkey = key;
expect(frag.decryptdata.uri).to.equal('data:text/plain;base64,AAAAPXBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAAB0aDXdpZGV2aW5lX3Rlc3QiDHRlc3QgY29udGVudA==');
expect(frag.encrypted).to.equal(true);
});

it('returns true for widevine v1 manifest signalled encryption', function () {
// #EXT-X-KEY:METHOD=SAMPLE-AES,URI=”data:text/plain;base64,eyAKICAgInByb3ZpZGVyIjoibWxiYW1oYm8iLAogICAiY29udGVudF9pZCI6Ik1qQXhOVjlVWldGeWN3PT0iLAogICAia2V5X2lkcyI6CiAgIFsKICAgICAgIjM3MWUxMzVlMWE5ODVkNzVkMTk4YTdmNDEwMjBkYzIzIgogICBdCn0=",IV=0x6df49213a781e338628d0e9c812d328e,KEYFORMAT=”com.widevine”,KEYFORMATVERSIONS=”1”
// From https://www.academia.edu/36030972/Widevine_DRM_for_HLS

const key = LevelKey.fromURI('data:text/plain;base64,eyAKICAgInByb3ZpZGVyIjoibWxiYW1oYm8iLAogICAiY29udGVudF9pZCI6Ik1qQXhOVjlVWldGeWN3PT0iLAogICAia2V5X2lkcyI6CiAgIFsKICAgICAgIjM3MWUxMzVlMWE5ODVkNzVkMTk4YTdmNDEwMjBkYzIzIgogICBdCn0=');
key.method = 'SAMPLE-AES';
key.keyFormat = 'com.widevine';
key.keyFormatVersions = '1';
frag.levelkey = key;
expect(frag.decryptdata.uri).to.equal('data:text/plain;base64,eyAKICAgInByb3ZpZGVyIjoibWxiYW1oYm8iLAogICAiY29udGVudF9pZCI6Ik1qQXhOVjlVWldGeWN3PT0iLAogICAia2V5X2lkcyI6CiAgIFsKICAgICAgIjM3MWUxMzVlMWE5ODVkNzVkMTk4YTdmNDEwMjBkYzIzIgogICBdCn0=');
expect(frag.encrypted).to.equal(true);
});

it('returns true for a playready manifest signalled encryption', function () {
// #EXT-X-KEY:METHOD=SAMPLE-AES,KEYFORMAT="com.microsoft.playready",KEYFORMATVERSIONS="1",URI="data:text/plain;charset=UTF-16;base64,xAEAAAEAAQC6ATwAVwBSAE0ASABFAEEARABFAFIAIAB4AG0AbABuAHMAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBEAFIATQAvADIAMAAwADcALwAwADMALwBQAGwAYQB5AFIAZQBhAGQAeQBIAGUAYQBkAGUAcgAiACAAdgBlAHIAcwBpAG8AbgA9ACIANAAuADAALgAwAC4AMAAiAD4APABEAEEAVABBAD4APABQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsARQBZAEwARQBOAD4AMQA2ADwALwBLAEUAWQBMAEUATgA+ADwAQQBMAEcASQBEAD4AQQBFAFMAQwBUAFIAPAAvAEEATABHAEkARAA+ADwALwBQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsASQBEAD4AdgBHAFYAagBOAEsAZwBZAE0ARQBxAHAATwBMAGgAMQBWAGQAUgBUADAAQQA9AD0APAAvAEsASQBEAD4APAAvAEQAQQBUAEEAPgA8AC8AVwBSAE0ASABFAEEARABFAFIAPgA="
// From https://docs.microsoft.com/en-us/playready/packaging/mp4-based-formats-supported-by-playready-clients?tabs=case4

const key = LevelKey.fromURI('data:text/plain;charset=UTF-16;base64,xAEAAAEAAQC6ATwAVwBSAE0ASABFAEEARABFAFIAIAB4AG0AbABuAHMAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBEAFIATQAvADIAMAAwADcALwAwADMALwBQAGwAYQB5AFIAZQBhAGQAeQBIAGUAYQBkAGUAcgAiACAAdgBlAHIAcwBpAG8AbgA9ACIANAAuADAALgAwAC4AMAAiAD4APABEAEEAVABBAD4APABQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsARQBZAEwARQBOAD4AMQA2ADwALwBLAEUAWQBMAEUATgA+ADwAQQBMAEcASQBEAD4AQQBFAFMAQwBUAFIAPAAvAEEATABHAEkARAA+ADwALwBQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsASQBEAD4AdgBHAFYAagBOAEsAZwBZAE0ARQBxAHAATwBMAGgAMQBWAGQAUgBUADAAQQA9AD0APAAvAEsASQBEAD4APAAvAEQAQQBUAEEAPgA8AC8AVwBSAE0ASABFAEEARABFAFIAPgA=');
key.method = 'SAMPLE-AES';
key.keyFormat = 'com.microsoft.playready';
key.keyFormatVersions = '1';
frag.levelkey = key;
expect(frag.decryptdata.uri).to.equal('data:text/plain;charset=UTF-16;base64,xAEAAAEAAQC6ATwAVwBSAE0ASABFAEEARABFAFIAIAB4AG0AbABuAHMAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBEAFIATQAvADIAMAAwADcALwAwADMALwBQAGwAYQB5AFIAZQBhAGQAeQBIAGUAYQBkAGUAcgAiACAAdgBlAHIAcwBpAG8AbgA9ACIANAAuADAALgAwAC4AMAAiAD4APABEAEEAVABBAD4APABQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsARQBZAEwARQBOAD4AMQA2ADwALwBLAEUAWQBMAEUATgA+ADwAQQBMAEcASQBEAD4AQQBFAFMAQwBUAFIAPAAvAEEATABHAEkARAA+ADwALwBQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsASQBEAD4AdgBHAFYAagBOAEsAZwBZAE0ARQBxAHAATwBMAGgAMQBWAGQAUgBUADAAQQA9AD0APAAvAEsASQBEAD4APAAvAEQAQQBUAEEAPgA8AC8AVwBSAE0ASABFAEEARABFAFIAPgA=');
expect(frag.encrypted).to.equal(true);
});
});

describe('setByteRange', function () {
it('set byte range with length@offset', function () {
frag.setByteRange('1000@10000');
Expand Down