Add basic handling for entitlement keys in a license.
Merge from Widevine repo of http://go/wvgerrit/41834 Key rotation is not yet supported. The key statuses are updated from a license. The mechanism expects content keys tro come in a license. For entitlement licenses, the content keys come in the init_data. This code does not yet support the key rotation event. (A new pssh with wrapped keys is a passed to the cdm) The policy engine/key status mechanism needs to be updated to handle updated from the init_data. For now, the cdm builds a license with a key container with the content keys and used that to call PolicyEngine::SetLicense to setup the policy engine and key statuses. Bug: 64003606 Bug: 70334840 Test: In child CL Change-Id: Ibf46a18f5321cab4ff6f1778ba30527942c8021f
This commit is contained in:
Fred Gylys-Colwell
committed by
Rahul Frias
Rahul Frias
parent
8251aab9f6
commit
9ae7489938
@@ -102,6 +102,7 @@ message License {
|
||||
KEY_CONTROL = 3;
|
||||
OPERATOR_SESSION = 4;
|
||||
SUB_SESSION = 5;
|
||||
ENTITLEMENT = 6;
|
||||
}
|
||||
|
||||
// The SecurityLevel enumeration allows the server to communicate the level
|
||||
@@ -719,28 +720,54 @@ message SubLicense {
|
||||
// proto. Internally the message field will contain a serialized KeyContainer
|
||||
// holding a single content key.
|
||||
optional bytes key_msg = 2;
|
||||
|
||||
// TODO(jfore): There is some uncertainty about including the current group in
|
||||
// a license. This may change.
|
||||
// Byte string that identifies the group to which this this content
|
||||
// belongs.
|
||||
optional bytes group_id = 13;
|
||||
}
|
||||
|
||||
// Container for keys which are wrapped using an entitlement key from a master
|
||||
// license.
|
||||
message WrappedKey {
|
||||
// ID of the wrapped key. Required.
|
||||
optional bytes key_id = 1;
|
||||
// ID of wrapping key. Required.
|
||||
optional bytes wrapping_key_id = 2;
|
||||
// IV used to wrap the key. Required.
|
||||
optional bytes wrapping_iv = 3;
|
||||
// Encrypted entitled key. Wrapped with the entitlement key and IV, using
|
||||
// AES-256-CBC with PKCS#7 padding. Required.
|
||||
optional bytes wrapped_key = 4;
|
||||
}
|
||||
|
||||
message WidevinePsshData {
|
||||
// Superceded by protection_scheme.
|
||||
enum Algorithm {
|
||||
UNENCRYPTED = 0;
|
||||
AESCTR = 1;
|
||||
};
|
||||
// Replaced with protection_scheme.
|
||||
optional Algorithm algorithm = 1;
|
||||
repeated bytes key_id = 2;
|
||||
|
||||
optional Algorithm algorithm = 1 [deprecated = true];
|
||||
|
||||
// Key IDentifier(s). This field is mutually exclusive with content_id, below.
|
||||
// Only One or the other, but at least one must be present.
|
||||
repeated bytes key_ids = 2;
|
||||
|
||||
// Content provider name.
|
||||
optional string provider = 3;
|
||||
optional string provider = 3 [deprecated = true];
|
||||
|
||||
// A content identifier, specified by content provider.
|
||||
// This field is mutually exclusive with key_ids, above. Only
|
||||
// one or the other, but at least one must be present.
|
||||
optional bytes content_id = 4;
|
||||
|
||||
// Track type. Acceptable values are SD, HD and AUDIO. Used to differentiate
|
||||
// content keys used by an asset.
|
||||
// No longer adding track_type to the PSSH since the Widevine license server
|
||||
// will return keys for all allowed track types in a single license.
|
||||
optional string track_type_deprecated = 5;
|
||||
optional string track_type = 5 [deprecated = true];
|
||||
|
||||
// The name of a registered policy to be used for this asset.
|
||||
optional string policy = 6 [deprecated=true];
|
||||
@@ -750,16 +777,16 @@ message WidevinePsshData {
|
||||
|
||||
// Optional protected context for group content. The grouped_license is a
|
||||
// serialized SignedMessage.
|
||||
optional bytes grouped_license = 8;
|
||||
optional bytes grouped_license = 8 [deprecated = true];
|
||||
|
||||
// Protection scheme identifying the encryption algorithm. The protection
|
||||
// scheme is represented as a uint32 value. The uint32 contains 4 bytes each
|
||||
// representing a single ascii character in one of the 4CC protection scheme
|
||||
// values.
|
||||
// values. To be soon deprecated in favor of signaling from content.
|
||||
// 'cenc' (AES-CTR) protection_scheme = 0x63656E63,
|
||||
// 'cbc1' (AES-CBC) protection_scheme = 0x63626331,
|
||||
// 'cens' (AES-CTR subsample) protection_scheme = 0x63656E73,
|
||||
// 'cbcs' (AES-CBC subsample) protection_scheme = 0x63626373.
|
||||
// 'cens' (AES-CTR pattern encryption) protection_scheme = 0x63656E73,
|
||||
// 'cbcs' (AES-CBC pattern encryption) protection_scheme = 0x63626373.
|
||||
optional uint32 protection_scheme = 9;
|
||||
|
||||
// Optional. For media using key rotation, this represents the duration
|
||||
@@ -769,9 +796,15 @@ message WidevinePsshData {
|
||||
// Required when using content keys that are embedded in content.
|
||||
repeated SubLicense sub_licenses = 11;
|
||||
|
||||
// Key ID used to identify the group master key License Server is supposed
|
||||
// to use to generate group license.
|
||||
optional string group_master_key_id = 12;
|
||||
// IDs of the groups to which the content belongs. A group is a set of
|
||||
// content IDs. A particular piece of content may belong to multiple groups.
|
||||
repeated bytes group_ids = 12;
|
||||
|
||||
// Copy/copies of the content key used to decrypt the media stream in which
|
||||
// the PSSH box is embedded, each wrapped with a different entitlement key.
|
||||
// May be repeated if using group entitlement keys. Optional, used for content
|
||||
// key rotation.
|
||||
repeated WrappedKey entitled_keys = 13;
|
||||
}
|
||||
|
||||
// Signed device certificate definition.
|
||||
|
||||
Reference in New Issue
Block a user