Closed tobbee closed 5 months ago
mp4ff library now has support for cenc
and cbcs
encryption/decryption.
A first use case would be to support pre-encrypted segments. For this, two features are needed:
saio
, saiz
, and senc
.The MPD now has support for DASH-IF Clear Key Protection (CCP) signalling as defined in https://github.com/Dash-Industry-Forum/ClearKey-Content-Protection.
The example server is not responding right now, so an alternative would be nice to have.
Livesim2 could fill the gap, by providing all of:
1) An MPD with relevant CCP information
2) A License Acquisition Server JSON response
3) Encrypted segments in either cbcs
or cenc
format
It could work by specifying a new parameter like /ecpp_cenc
or /ecpp_cbcs
in the URL and let the
the LaURL be equal to the MPD URL, except replacing the extension .mpd
with _ecpp.json
or similar.
@dsilhavy what do you think would be good to have?
Discussed in the dash.js call. IOP document with the updated requirements: https://dashif.org/docs/IOP-Guidelines/DASH-IF-IOP-Part6-v5.0.0.pdf: See Section 11 : Enhanced Clear Key Content Protection (ECCP)
HbbTV refapp is using this content with clearkey laurl address. CENC https://refapp.hbbtv.org/videos/00_llama_h264_v9/cenc/manifest_ckcenc_1080p.mpd CBCS https://refapp.hbbtv.org/videos/00_llama_h264_v9/cbcs/manifest_ckcenc_1080p.mpd LAURL https://refapp.hbbtv.org/videos/laurl_ck.php?kid=1236
This is a clearkey live stream with a multiperiod vod2live wrapping at the end of cycle. CENC https://refapp.hbbtv.org/videos/multiperiod_v8.php?drm=ck,cenc&advert=0&emsg=0&video=v1,v2,v3&audiolang=eng,fin,ger,swe&sublang=0&mup=2&spd=8&config=multiperiod_00llama_h264_mainonly CBCS https://refapp.hbbtv.org/videos/multiperiod_v8.php?drm=ck,cbcs&advert=0&emsg=0&video=v1,v2,v3&audiolang=eng,fin,ger,swe&sublang=0&mup=2&spd=8&config=multiperiod_00llama_h264_mainonly LAURL https://refapp.hbbtv.org/videos/laurl_ck.php?kid=1236
@dsilhavy For some reason dashjs demoUI logs an [1386225][ProtectionKeyController] Failed to retrieve clearkeys from ProtectionData
error but playback still is fine.
@Murmur My intention is to support the DASH-IF ECCP as defined in Section 11 of DASH-IF IOP5 where the LaURL is given in the manifest. This avoids sending the LaURL via a side channel. According to Will Law, that scheme is used in production.
Does HbbTV have something like that?
@tobbee We use dashif:laurl
in a vod playready content but HbbTV native players support is poor. It's fine if using dashjs MSE-EME player on HbbTV device. I made a quick modification to provide dashif:laurl
live manifest.
Provide ClearkeyDRM laurl in a manifest CENC https://refapp.hbbtv.org/videos/multiperiod_v9.php?drm=ck,cenc,laurl&advert=0&emsg=0&video=v1,v2,v3&audiolang=eng,fin,ger,swe&sublang=0&mup=2&spd=8&config=multiperiod_00llama_h264_mainonly CBCS https://refapp.hbbtv.org/videos/multiperiod_v9.php?drm=ck,cbcs,laurl&advert=0&emsg=0&video=v1,v2,v3&audiolang=eng,fin,ger,swe&sublang=0&mup=2&spd=8&config=multiperiod_00llama_h264_mainonly
Provide ClearkeyDRM-CPS laurl in a manifest CENC https://refapp.hbbtv.org/videos/multiperiod_v9.php?drm=ckcps,cenc,laurl&advert=0&emsg=0&video=v1,v2,v3&audiolang=eng,fin,ger,swe&sublang=0&mup=2&spd=8&config=multiperiod_00llama_h264_mainonly CBCS https://refapp.hbbtv.org/videos/multiperiod_v9.php?drm=ckcps,cbcs,laurl&advert=0&emsg=0&video=v1,v2,v3&audiolang=eng,fin,ger,swe&sublang=0&mup=2&spd=8&config=multiperiod_00llama_h264_mainonly
(edit) put both variations to a live-multiperiod test script, see example urls.
Is it dashif:laurl
or dashif:Laurl
field name, probably this is something changed over the period of time? Dashjs seems to support both syntax.
I have always used a lowercase dashif:laurl
name as seen in a very early specs examples.
https://dashif-documents.azurewebsites.net/Guidelines-Security/master/Guidelines-Security.html#CPS-AdditionalConstraints-W3C
xmlns:dashif="https://dashif.org/"
<ContentProtection schemeIdUri="urn:uuid:e2719d58-a985-b3c9-781a-b030af78d30e" value="ClearKey1.0">
<dashif:laurl licenseType="EME-1.0">https://refapp.hbbtv.org/videos/laurl_ck.php?kid=1236</dashif:laurl>
</ContentProtection>
This example is using firstUpperCase dashif:Laurl
syntax.
https://dashif.org/docs/IOP-Guidelines/DASH-IF-IOP-Part6-v5.0.0.pdf
xmlns:dashif="https://dashif.org/CPS"
<ContentProtection schemeIdUri="urn:uuid:e2719d58-a985-b3c9-781a-b030af78d30e" value="ClearKey1.0">
<dashif:Laurl>https://example-license-server.com/license</dashif:Laurl>
</ContentProtection>
Thanks for the links. I'll try to use them to set up some support in livesim2.
Beyond the capital letter in "Laurl", the namespace has also changed and is now: "https://dashif.org/CPS" instead of "http://dashif.org/guidelines/clearKey"
I've now implemented ECCP support (including on-the-fly encryption and laurl-server) in livesim2.
I also tested with the assets that @Murmur provided and it worked to run that through livesim2 as well (both as VoD and live) after fixing the namespace and Laurl spelling.
Encrypted streams, and in particular, changing between encrypted and non-encrypted periods, or key rotation would be good things to have.
For low-latency, one would also need to be able to defragment segments and generate the appropriate boxes in each fragment.
It may also be useful to be able to encrypt on the fly in different formats, so that one can test both
cenc
andcbcs
common encryption schemes, without the need to preencrypt the segments.For this to work out, one first need to extend the
mp4ff
library to support encryption of segments. That work has started.