Content Protection DDI

This section applies only to Windows 7 and later, and Windows Server 2008 R2 and later versions of Windows operating system.

The Content Protection DDI is an extension to the Direct3D version 9 DDI to protect video. The Content Protection DDI consists of the entry points that are described in this section.

Required Content Protection DDI Functions

If content protection is implemented in the user-mode display driver, the driver must support the following Content Protection DDI functions:

Content Protection Capabilities

The user-mode display driver only reports content protection capabilities if it supports each of the preceding required Content Protection DDI functions. The following D3DDDICAPS_TYPE values are used by the Direct3D runtime to retrieve information about the content protection capabilities that the user-mode display driver supports. The runtime sets these D3DDDICAPS_TYPE values in the Type member of the D3DDDIARG_GETCAPS structure that the pData parameter of the driver's GetCaps function points to when the runtime calls GetCaps.

The runtime supplies a pointer to a DDICONTENTPROTECTIONCAPS structure for the specific encryption and decode combination that the driver should use. The driver returns a pointer to a populated D3DCONTENTPROTECTIONCAPS structure that describes the driver's content-protection capabilities for the encryption and decode combination. For more information about D3DCONTENTPROTECTIONCAPS, see the DirectX SDK documentation.

The driver provides a pointer to a number that specifies the size, in bytes, of the driver's certificate that is used for a channel or crypto type. The Direct3D runtime then uses this size to allocate a buffer to hold the certificate information that the runtime receives when the runtime calls GetCaps with D3DDDICAPS_GETCERTIFICATE.

The runtime supplies a pointer to a DDICERTIFICATEINFO structure that describes the certificate that the driver should retrieve.

For an authenticated channel, the driver uses the existing OPM certificate, which is an X.509 certificate that is root signed by Microsoft.

An application can query the driver's certificate to determine the following information:

  • Whether the driver is trusted.

  • Whether the driver is revoked.

  • The driver's public key. The application uses the driver's public key to establish a session key for an authenticated channel that is used for authentication.

A call to GetCaps with D3DDDICAPS_GETCERTIFICATE set fails if called for the Direct3D 9 authenticated channel because this channel does not support a certificate or authentication.

For a crypto session, the driver returns its certificate for the given crypto type. Depending on the crypto type and the key exchange that are used, a certificate might or might not be used. It is also possible that different crypto types can use different certificates.

Optional Content Protection DDI Functions

The driver can optionally support the following Content Protection DDI functions:

  • The EncryptionBlt function reads encrypted data from a protected surface.

  • The GetPitch function retrieves the pitch of a protected surface.

  • The StartSessionKeyRefresh function returns a random number that the decoder/application and the driver/hardware can subsequently use to perform an exclusive OR operation (XOR) with the session key.

  • The FinishSessionKeyRefresh function indicates that all buffers from that point in time will use the updated session key value.

  • The GetEncryptionBltKey function returns the key that is used to decrypt the data that the driver's EncryptionBlt function returns.

  • The DecryptionBlt function writes data to a protected surface.

Content Protected Resources

The following D3DDDI_RESOURCEFLAGS flags are used by the Direct3D runtime for protected content. The runtime sets these D3DDDI_RESOURCEFLAGS flags in the Flags member of the D3DDDIARG_CREATERESOURCE structure that the pResource parameter of the driver's CreateResource function points to when the runtime calls CreateResource.

The resource might contain protected content. An application might or might not have explicitly enabled content protection before the application creates a resource. The driver should ensure that the runtime places the allocation for the resource in a memory pool that can be protected. The driver should allow the creation of lockable protected resources. However, the driver should explicitly fail the calls to its Lock function to lock these surfaces while content protection is enabled.

Only specific processes should be allowed access to the shared resource.

The driver should restrict shared access to this resource. The runtime can only call the driver's OpenResource function to open this resource with display devices (hDevice) within the process that created the resource or by those devices that were explicitly granted access via the authenticated channel.