1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CDM_CONTENT_DECRYPTION_MODULE_H_
6 #define CDM_CONTENT_DECRYPTION_MODULE_H_
9 typedef unsigned char uint8_t;
10 typedef unsigned int uint32_t;
12 typedef __int64 int64_t;
17 // Define CDM_EXPORT so that functionality implemented by the CDM module
18 // can be exported to consumers.
21 #if defined(CDM_IMPLEMENTATION)
22 #define CDM_EXPORT __declspec(dllexport)
24 #define CDM_EXPORT __declspec(dllimport)
25 #endif // defined(CDM_IMPLEMENTATION)
27 #else // defined(WIN32)
29 #if defined(CDM_IMPLEMENTATION)
30 #define CDM_EXPORT __attribute__((visibility("default")))
35 #endif // defined(WIN32)
37 // The version number must be rolled when the exported functions are updated!
38 // If the CDM and the adapter use different versions of these functions, the
39 // adapter will fail to load or crash!
40 #define CDM_MODULE_VERSION 4
42 // Build the versioned entrypoint name.
43 // The extra macros are necessary to expand version to an actual value.
44 #define INITIALIZE_CDM_MODULE \
45 BUILD_ENTRYPOINT(InitializeCdmModule, CDM_MODULE_VERSION)
46 #define BUILD_ENTRYPOINT(name, version) \
47 BUILD_ENTRYPOINT_NO_EXPANSION(name, version)
48 #define BUILD_ENTRYPOINT_NO_EXPANSION(name, version) name##_##version
51 CDM_EXPORT void INITIALIZE_CDM_MODULE();
53 CDM_EXPORT void DeinitializeCdmModule();
55 // Returns a pointer to the requested CDM Host interface upon success.
56 // Returns NULL if the requested CDM Host interface is not supported.
57 // The caller should cast the returned pointer to the type matching
58 // |host_interface_version|.
59 typedef void* (*GetCdmHostFunc)(int host_interface_version, void* user_data);
61 // Returns a pointer to the requested CDM upon success.
62 // Returns NULL if an error occurs or the requested |cdm_interface_version| or
63 // |key_system| is not supported or another error occurs.
64 // The caller should cast the returned pointer to the type matching
65 // |cdm_interface_version|.
66 // Caller retains ownership of arguments and must call Destroy() on the returned
68 CDM_EXPORT void* CreateCdmInstance(
69 int cdm_interface_version,
70 const char* key_system, uint32_t key_system_size,
71 GetCdmHostFunc get_cdm_host_func, void* user_data);
73 CDM_EXPORT const char* GetCdmVersion();
79 typedef AudioFrames_2 AudioFrames;
88 kNeedMoreData, // Decoder needs more data to produce a decoded frame/sample.
89 kNoKey, // The required decryption key is not available.
90 kSessionError, // Session management error.
91 kDecryptError, // Decryption failed.
92 kDecodeError, // Error decoding audio or video.
93 kDeferredInitialization // Decoder is not ready for initialization.
96 // This must be consistent with MediaKeyError defined in the spec:
97 // https://dvcs.w3.org/hg/html-media/raw-file/default/encrypted-media/encrypted-media.html#error-codes
98 // The error codes are in the process of changing. For now, support the minimum
99 // required set with backwards compatible values.
106 // An input buffer can be split into several continuous subsamples.
107 // A SubsampleEntry specifies the number of clear and cipher bytes in each
108 // subsample. For example, the following buffer has three subsamples:
110 // |<----- subsample1 ----->|<----- subsample2 ----->|<----- subsample3 ----->|
111 // | clear1 | cipher1 | clear2 | cipher2 | clear3 | cipher3 |
113 // For decryption, all of the cipher bytes in a buffer should be concatenated
114 // (in the subsample order) into a single logical stream. The clear bytes should
115 // not be considered as part of decryption.
117 // Stream to decrypt: | cipher1 | cipher2 | cipher3 |
118 // Decrypted stream: | decrypted1| decrypted2 | decrypted3 |
120 // After decryption, the decrypted bytes should be copied over the position
121 // of the corresponding cipher bytes in the original buffer to form the output
122 // buffer. Following the above example, the decrypted buffer should be:
124 // |<----- subsample1 ----->|<----- subsample2 ----->|<----- subsample3 ----->|
125 // | clear1 | decrypted1| clear2 | decrypted2 | clear3 | decrypted3 |
127 // TODO(xhwang): Add checks to make sure these structs have fixed layout.
128 struct SubsampleEntry {
129 SubsampleEntry(uint32_t clear_bytes, uint32_t cipher_bytes)
130 : clear_bytes(clear_bytes), cipher_bytes(cipher_bytes) {}
132 uint32_t clear_bytes;
133 uint32_t cipher_bytes;
136 // Represents an input buffer to be decrypted (and possibly decoded). It does
137 // own any pointers in this struct.
151 const uint8_t* data; // Pointer to the beginning of the input data.
152 uint32_t data_size; // Size (in bytes) of |data|.
154 uint32_t data_offset; // Number of bytes to be discarded before decryption.
156 const uint8_t* key_id; // Key ID to identify the decryption key.
157 uint32_t key_id_size; // Size (in bytes) of |key_id|.
159 const uint8_t* iv; // Initialization vector.
160 uint32_t iv_size; // Size (in bytes) of |iv|.
162 const struct SubsampleEntry* subsamples;
163 uint32_t num_subsamples; // Number of subsamples in |subsamples|.
165 int64_t timestamp; // Presentation timestamp in microseconds.
168 struct AudioDecoderConfig {
170 kUnknownAudioCodec = 0,
176 : codec(kUnknownAudioCodec),
179 samples_per_second(0),
181 extra_data_size(0) {}
184 int32_t channel_count;
185 int32_t bits_per_channel;
186 int32_t samples_per_second;
188 // Optional byte data required to initialize audio decoders, such as the
189 // vorbis setup header.
191 uint32_t extra_data_size;
194 // Supported sample formats for AudioFrames.
196 kUnknownAudioFormat = 0, // Unknown format value. Used for error reporting.
197 kAudioFormatU8, // Interleaved unsigned 8-bit w/ bias of 128.
198 kAudioFormatS16, // Interleaved signed 16-bit.
199 kAudioFormatS32, // Interleaved signed 32-bit.
200 kAudioFormatF32, // Interleaved float 32-bit.
201 kAudioFormatPlanarS16, // Signed 16-bit planar.
202 kAudioFormatPlanarF32, // Float 32-bit planar.
205 // Surface formats based on FOURCC labels, see: http://www.fourcc.org/yuv.php
207 kUnknownVideoFormat = 0, // Unknown format value. Used for error reporting.
208 kYv12, // 12bpp YVU planar 1x1 Y, 2x2 VU samples.
209 kI420 // 12bpp YVU planar 1x1 Y, 2x2 UV samples.
213 Size() : width(0), height(0) {}
214 Size(int32_t width, int32_t height) : width(width), height(height) {}
220 struct VideoDecoderConfig {
222 kUnknownVideoCodec = 0,
228 enum VideoCodecProfile {
229 kUnknownVideoCodecProfile = 0,
231 kH264ProfileBaseline,
233 kH264ProfileExtended,
237 kH264ProfileHigh444Predictive
241 : codec(kUnknownVideoCodec),
242 profile(kUnknownVideoCodecProfile),
243 format(kUnknownVideoFormat),
245 extra_data_size(0) {}
248 VideoCodecProfile profile;
251 // Width and height of video frame immediately post-decode. Not all pixels
252 // in this region are valid.
255 // Optional byte data required to initialize video decoders, such as H.264
258 uint32_t extra_data_size;
262 kStreamTypeAudio = 0,
266 // Structure provided to ContentDecryptionModule::OnPlatformChallengeResponse()
267 // after a platform challenge was initiated via Host::SendPlatformChallenge().
268 // All values will be NULL / zero in the event of a challenge failure.
269 struct PlatformChallengeResponse {
270 // |challenge| provided during Host::SendPlatformChallenge() combined with
271 // nonce data and signed with the platform's private key.
272 const uint8_t* signed_data;
273 uint32_t signed_data_length;
275 // RSASSA-PKCS1-v1_5-SHA256 signature of the |signed_data| block.
276 const uint8_t* signed_data_signature;
277 uint32_t signed_data_signature_length;
279 // X.509 device specific certificate for the |service_id| requested.
280 const uint8_t* platform_key_certificate;
281 uint32_t platform_key_certificate_length;
284 // Supported output protection methods for use with EnableOutputProtection() and
285 // returned by OnQueryOutputProtectionStatus().
286 enum OutputProtectionMethods {
288 kProtectionHDCP = 1 << 0
291 // Connected output link types returned by OnQueryOutputProtectionStatus().
292 enum OutputLinkTypes {
294 kLinkTypeUnknown = 1 << 0,
295 kLinkTypeInternal = 1 << 1,
296 kLinkTypeVGA = 1 << 2,
297 kLinkTypeHDMI = 1 << 3,
298 kLinkTypeDVI = 1 << 4,
299 kLinkTypeDisplayPort = 1 << 5,
300 kLinkTypeNetwork = 1 << 6
303 // FileIO interface provides a way for the CDM to store data in a file in
304 // persistent storage. This interface aims only at providing basic read/write
305 // capabilities and should not be used as a full fledged file IO API.
306 // Each domain (e.g. "example.com") and each CDM has it's own persistent
307 // storage. All instances of a given CDM associated with a given domain share
308 // the same persistent storage.
311 // Opens the file with |file_name| for read and write.
312 // FileIOClient::OnOpenComplete() will be called after the opening
313 // operation finishes.
314 // - When the file is opened by a CDM instance, it will be classified as "in
315 // use". In this case other CDM instances in the same domain may receive
316 // kInUse status when trying to open it.
317 // - |file_name| should not include path separators.
318 virtual void Open(const char* file_name, uint32_t file_name_size) = 0;
320 // Reads the contents of the file. FileIOClient::OnReadComplete() will be
321 // called with the read status. Read() should not be called if a previous
322 // Read() or Write() call is still pending; otherwise OnReadComplete() will
323 // be called with kInUse.
324 virtual void Read() = 0;
326 // Writes |data_size| bytes of |data| into the file.
327 // FileIOClient::OnWriteComplete() will be called with the write status.
328 // All existing contents in the file will be overwritten. Calling Write() with
329 // NULL |data| will clear all contents in the file. Write() should not be
330 // called if a previous Write() or Read() call is still pending; otherwise
331 // OnWriteComplete() will be called with kInUse.
332 virtual void Write(const uint8_t* data, uint32_t data_size) = 0;
334 // Closes the file if opened, destroys this FileIO object and releases any
335 // resources allocated. The CDM must call this method when it finished using
336 // this object. A FileIO object must not be used after Close() is called.
337 virtual void Close() = 0;
344 // Responses to FileIO calls. All responses will be called asynchronously.
353 // Response to a FileIO::Open() call with the open |status|.
354 virtual void OnOpenComplete(Status status) = 0;
356 // Response to a FileIO::Read() call to provide |data_size| bytes of |data|
357 // read from the file.
358 // - kSuccess indicates that all contents of the file has been successfully
359 // read. In this case, 0 |data_size| means that the file is empty.
360 // - kInUse indicates that there are other read/write operations pending.
361 // - kError indicates read failure, e.g. the storage isn't open or cannot be
363 virtual void OnReadComplete(Status status,
364 const uint8_t* data, uint32_t data_size) = 0;
366 // Response to a FileIO::Write() call.
367 // - kSuccess indicates that all the data has been written into the file
369 // - kInUse indicates that there are other read/write operations pending.
370 // - kError indicates write failure, e.g. the storage isn't open or cannot be
371 // fully written. Upon write failure, the contents of the file should be
372 // regarded as corrupt and should not used.
373 virtual void OnWriteComplete(Status status) = 0;
377 virtual ~FileIOClient() {}
380 // ContentDecryptionModule interface that all CDMs need to implement.
381 // The interface is versioned for backward compatibility.
382 // Note: ContentDecryptionModule implementations must use the allocator
383 // provided in CreateCdmInstance() to allocate any Buffer that needs to
384 // be passed back to the caller. Implementations must call Buffer::Destroy()
385 // when a Buffer is created that will never be returned to the caller.
386 class ContentDecryptionModule_4 {
388 static const int kVersion = 4;
391 // CreateSession(), UpdateSession(), and ReleaseSession() get passed a
392 // |session_id| for a MediaKeySession object. It must be used in the reply via
393 // Host methods (e.g. Host::OnSessionMessage()).
394 // Note: |session_id| is different from MediaKeySession's sessionId attribute,
395 // which is referred to as |web_session_id| in this file.
397 // Creates a session given |type| and |init_data|.
398 virtual void CreateSession(
400 const char* type, uint32_t type_size,
401 const uint8_t* init_data, uint32_t init_data_size) = 0;
403 // Loads a session that has |web_session_id|.
404 virtual void LoadSession(
406 const char* web_session_id, uint32_t web_session_id_length) = 0;
408 // Updates the session with |response|.
409 virtual void UpdateSession(
411 const uint8_t* response, uint32_t response_size) = 0;
413 // Releases the resources for the session.
414 virtual void ReleaseSession(uint32_t session_id) = 0;
416 // Performs scheduled operation with |context| when the timer fires.
417 virtual void TimerExpired(void* context) = 0;
419 // Decrypts the |encrypted_buffer|.
421 // Returns kSuccess if decryption succeeded, in which case the callee
422 // should have filled the |decrypted_buffer| and passed the ownership of
423 // |data| in |decrypted_buffer| to the caller.
424 // Returns kNoKey if the CDM did not have the necessary decryption key
426 // Returns kDecryptError if any other error happened.
427 // If the return value is not kSuccess, |decrypted_buffer| should be ignored
429 virtual Status Decrypt(const InputBuffer& encrypted_buffer,
430 DecryptedBlock* decrypted_buffer) = 0;
432 // Initializes the CDM audio decoder with |audio_decoder_config|. This
433 // function must be called before DecryptAndDecodeSamples() is called.
435 // Returns kSuccess if the |audio_decoder_config| is supported and the CDM
436 // audio decoder is successfully initialized.
437 // Returns kSessionError if |audio_decoder_config| is not supported. The CDM
438 // may still be able to do Decrypt().
439 // Returns kDeferredInitialization if the CDM is not ready to initialize the
440 // decoder at this time. Must call Host::OnDeferredInitializationDone() once
441 // initialization is complete.
442 virtual Status InitializeAudioDecoder(
443 const AudioDecoderConfig& audio_decoder_config) = 0;
445 // Initializes the CDM video decoder with |video_decoder_config|. This
446 // function must be called before DecryptAndDecodeFrame() is called.
448 // Returns kSuccess if the |video_decoder_config| is supported and the CDM
449 // video decoder is successfully initialized.
450 // Returns kSessionError if |video_decoder_config| is not supported. The CDM
451 // may still be able to do Decrypt().
452 // Returns kDeferredInitialization if the CDM is not ready to initialize the
453 // decoder at this time. Must call Host::OnDeferredInitializationDone() once
454 // initialization is complete.
455 virtual Status InitializeVideoDecoder(
456 const VideoDecoderConfig& video_decoder_config) = 0;
458 // De-initializes the CDM decoder and sets it to an uninitialized state. The
459 // caller can initialize the decoder again after this call to re-initialize
460 // it. This can be used to reconfigure the decoder if the configuration
462 virtual void DeinitializeDecoder(StreamType decoder_type) = 0;
464 // Resets the CDM decoder to an initialized clean state. All internal buffers
466 virtual void ResetDecoder(StreamType decoder_type) = 0;
468 // Decrypts the |encrypted_buffer| and decodes the decrypted buffer into a
469 // |video_frame|. Upon end-of-stream, the caller should call this function
470 // repeatedly with empty |encrypted_buffer| (|data| == NULL) until only empty
471 // |video_frame| (|format| == kEmptyVideoFrame) is produced.
473 // Returns kSuccess if decryption and decoding both succeeded, in which case
474 // the callee will have filled the |video_frame| and passed the ownership of
475 // |frame_buffer| in |video_frame| to the caller.
476 // Returns kNoKey if the CDM did not have the necessary decryption key
478 // Returns kNeedMoreData if more data was needed by the decoder to generate
479 // a decoded frame (e.g. during initialization and end-of-stream).
480 // Returns kDecryptError if any decryption error happened.
481 // Returns kDecodeError if any decoding error happened.
482 // If the return value is not kSuccess, |video_frame| should be ignored by
484 virtual Status DecryptAndDecodeFrame(const InputBuffer& encrypted_buffer,
485 VideoFrame* video_frame) = 0;
487 // Decrypts the |encrypted_buffer| and decodes the decrypted buffer into
488 // |audio_frames|. Upon end-of-stream, the caller should call this function
489 // repeatedly with empty |encrypted_buffer| (|data| == NULL) until only empty
490 // |audio_frames| is produced.
492 // Returns kSuccess if decryption and decoding both succeeded, in which case
493 // the callee will have filled |audio_frames| and passed the ownership of
494 // |data| in |audio_frames| to the caller.
495 // Returns kNoKey if the CDM did not have the necessary decryption key
497 // Returns kNeedMoreData if more data was needed by the decoder to generate
498 // audio samples (e.g. during initialization and end-of-stream).
499 // Returns kDecryptError if any decryption error happened.
500 // Returns kDecodeError if any decoding error happened.
501 // If the return value is not kSuccess, |audio_frames| should be ignored by
503 virtual Status DecryptAndDecodeSamples(const InputBuffer& encrypted_buffer,
504 AudioFrames* audio_frames) = 0;
506 // Called by the host after a platform challenge was initiated via
507 // Host::SendPlatformChallenge().
508 virtual void OnPlatformChallengeResponse(
509 const PlatformChallengeResponse& response) = 0;
511 // Called by the host after a call to Host::QueryOutputProtectionStatus(). The
512 // |link_mask| is a bit mask of OutputLinkTypes and |output_protection_mask|
513 // is a bit mask of OutputProtectionMethods.
514 virtual void OnQueryOutputProtectionStatus(
515 uint32_t link_mask, uint32_t output_protection_mask) = 0;
517 // Destroys the object in the same context as it was created.
518 virtual void Destroy() = 0;
521 ContentDecryptionModule_4() {}
522 virtual ~ContentDecryptionModule_4() {}
525 typedef ContentDecryptionModule_4 ContentDecryptionModule;
527 // Represents a buffer created by Allocator implementations.
530 // Destroys the buffer in the same context as it was created.
531 virtual void Destroy() = 0;
533 virtual uint32_t Capacity() const = 0;
534 virtual uint8_t* Data() = 0;
535 virtual void SetSize(uint32_t size) = 0;
536 virtual uint32_t Size() const = 0;
543 Buffer(const Buffer&);
544 void operator=(const Buffer&);
549 static const int kVersion = 4;
551 // Returns a Buffer* containing non-zero members upon success, or NULL on
552 // failure. The caller owns the Buffer* after this call. The buffer is not
553 // guaranteed to be zero initialized. The capacity of the allocated Buffer
554 // is guaranteed to be not less than |capacity|.
555 virtual Buffer* Allocate(uint32_t capacity) = 0;
557 // Requests the host to call ContentDecryptionModule::TimerFired() |delay_ms|
558 // from now with |context|.
559 virtual void SetTimer(int64_t delay_ms, void* context) = 0;
561 // Returns the current epoch wall time in seconds.
562 virtual double GetCurrentWallTimeInSeconds() = 0;
564 // Called by the CDM when a session is created or loaded and the value for the
565 // MediaKeySession's sessionId attribute is available (|web_session_id|).
566 // This must be called before OnSessionMessage() or OnSessionReady() is called
567 // for |session_id|. |web_session_id_length| should not include null
569 // When called in response to LoadSession(), the |web_session_id| must be the
570 // same as the |web_session_id| passed in LoadSession().
571 virtual void OnSessionCreated(
573 const char* web_session_id, uint32_t web_session_id_length) = 0;
575 // Called by the CDM when it has a message for session |session_id|.
576 // Length parameters should not include null termination.
577 virtual void OnSessionMessage(
579 const char* message, uint32_t message_length,
580 const char* destination_url, uint32_t destination_url_length) = 0;
582 // Called by the CDM when session |session_id| is ready.
583 // Note: "ready" event is deprecated. This is only used for the prefixed EME
584 // API's "keyAdded" event. Drop this when we deprecate prefixed EME API.
585 virtual void OnSessionReady(uint32_t session_id) = 0;
587 // Called by the CDM when session |session_id| is closed.
588 virtual void OnSessionClosed(uint32_t session_id) = 0;
590 // Called by the CDM when an error occurs in session |session_id|.
591 virtual void OnSessionError(uint32_t session_id,
592 MediaKeyError error_code,
593 uint32_t system_code) = 0;
595 // The following are optional methods that may not be implemented on all
598 // Sends a platform challenge for the given |service_id|. |challenge| is at
599 // most 256 bits of data to be signed. Once the challenge has been completed,
600 // the host will call ContentDecryptionModule::OnPlatformChallengeResponse()
601 // with the signed challenge response and platform certificate. Length
602 // parameters should not include null termination.
603 virtual void SendPlatformChallenge(
604 const char* service_id, uint32_t service_id_length,
605 const char* challenge, uint32_t challenge_length) = 0;
607 // Attempts to enable output protection (e.g. HDCP) on the display link. The
608 // |desired_protection_mask| is a bit mask of OutputProtectionMethods. No
609 // status callback is issued, the CDM must call QueryOutputProtectionStatus()
610 // periodically to ensure the desired protections are applied.
611 virtual void EnableOutputProtection(uint32_t desired_protection_mask) = 0;
613 // Requests the current output protection status. Once the host has the status
614 // it will call ContentDecryptionModule::OnQueryOutputProtectionStatus().
615 virtual void QueryOutputProtectionStatus() = 0;
617 // Must be called by the CDM if it returned kDeferredInitialization during
618 // InitializeAudioDecoder() or InitializeVideoDecoder().
619 virtual void OnDeferredInitializationDone(StreamType stream_type,
620 Status decoder_status) = 0;
622 // Creates a FileIO object from the host to do file IO operation. Returns NULL
623 // if a FileIO object cannot be obtained. Once a valid FileIO object is
624 // returned, |client| must be valid until FileIO::Close() is called. The
625 // CDM can call this method multiple times to operate on different files.
626 virtual FileIO* CreateFileIO(FileIOClient* client) = 0;
633 // Represents a decrypted block that has not been decoded.
634 class DecryptedBlock {
636 virtual void SetDecryptedBuffer(Buffer* buffer) = 0;
637 virtual Buffer* DecryptedBuffer() = 0;
639 // TODO(tomfinegan): Figure out if timestamp is really needed. If it is not,
640 // we can just pass Buffer pointers around.
641 virtual void SetTimestamp(int64_t timestamp) = 0;
642 virtual int64_t Timestamp() const = 0;
646 virtual ~DecryptedBlock() {}
658 virtual void SetFormat(VideoFormat format) = 0;
659 virtual VideoFormat Format() const = 0;
661 virtual void SetSize(cdm::Size size) = 0;
662 virtual cdm::Size Size() const = 0;
664 virtual void SetFrameBuffer(Buffer* frame_buffer) = 0;
665 virtual Buffer* FrameBuffer() = 0;
667 virtual void SetPlaneOffset(VideoPlane plane, uint32_t offset) = 0;
668 virtual uint32_t PlaneOffset(VideoPlane plane) = 0;
670 virtual void SetStride(VideoPlane plane, uint32_t stride) = 0;
671 virtual uint32_t Stride(VideoPlane plane) = 0;
673 virtual void SetTimestamp(int64_t timestamp) = 0;
674 virtual int64_t Timestamp() const = 0;
678 virtual ~VideoFrame() {}
681 // Represents decrypted and decoded audio frames. AudioFrames can contain
682 // multiple audio output buffers, which are serialized into this format:
684 // |<------------------- serialized audio buffer ------------------->|
685 // | int64_t timestamp | int64_t length | length bytes of audio data |
687 // For example, with three audio output buffers, the AudioFrames will look
690 // |<----------------- AudioFrames ------------------>|
691 // | audio buffer 0 | audio buffer 1 | audio buffer 2 |
692 class AudioFrames_2 {
694 virtual void SetFrameBuffer(Buffer* buffer) = 0;
695 virtual Buffer* FrameBuffer() = 0;
697 // The CDM must call this method, providing a valid format, when providing
698 // frame buffers. Planar data should be stored end to end; e.g.,
699 // |ch1 sample1||ch1 sample2|....|ch1 sample_last||ch2 sample1|...
700 virtual void SetFormat(AudioFormat format) = 0;
701 virtual AudioFormat Format() const = 0;
705 virtual ~AudioFrames_2() {}
710 #endif // CDM_CONTENT_DECRYPTION_MODULE_H_