widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge changes from topic "entitlement_license"

Browse Source 
* changes:
  Fix some unit tests
  Add basic handling for entitlement keys in a license.
  Refactor key sessions to move them out of crypto session.
  Fix entitlement keys encryption and content key loading.
This commit is contained in:
Fred Gylys-Colwell
2018-01-30 20:17:32 +00:00
committed by Android (Google) Code Review
parent f6c12c465c 8230484de2
commit c45384bf00
29 changed files with 1456 additions and 993 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
libwvdrmengine/cdm/core/src/license_protocol.proto
View File

@@ -102,6 +102,7 @@ message License {
KEY_CONTROL = 3;
OPERATOR_SESSION = 4;
SUB_SESSION = 5;
ENTITLEMENT = 6;
}
// The SecurityLevel enumeration allows the server to communicate the level
@@ -729,28 +730,54 @@ message SubLicense {
// proto. Internally the message field will contain a serialized KeyContainer
// holding a single content key.
optional bytes key_msg = 2;
// TODO(jfore): There is some uncertainty about including the current group in
// a license. This may change.
// Byte string that identifies the group to which this this content
// belongs.
optional bytes group_id = 13;
}
// Container for keys which are wrapped using an entitlement key from a master
// license.
message WrappedKey {
// ID of the wrapped key. Required.
optional bytes key_id = 1;
// ID of wrapping key. Required.
optional bytes wrapping_key_id = 2;
// IV used to wrap the key. Required.
optional bytes wrapping_iv = 3;
// Encrypted entitled key. Wrapped with the entitlement key and IV, using
// AES-256-CBC with PKCS#7 padding. Required.
optional bytes wrapped_key = 4;
}
message WidevinePsshData {
// Superceded by protection_scheme.
enum Algorithm {
UNENCRYPTED = 0;
AESCTR = 1;
};
// Replaced with protection_scheme.
optional Algorithm algorithm = 1;
repeated bytes key_id = 2;
optional Algorithm algorithm = 1 [deprecated = true];
// Key IDentifier(s). This field is mutually exclusive with content_id, below.
// Only One or the other, but at least one must be present.
repeated bytes key_ids = 2;
// Content provider name.
optional string provider = 3;
optional string provider = 3 [deprecated = true];
// A content identifier, specified by content provider.
// This field is mutually exclusive with key_ids, above. Only
// one or the other, but at least one must be present.
optional bytes content_id = 4;
// Track type. Acceptable values are SD, HD and AUDIO. Used to differentiate
// content keys used by an asset.
// No longer adding track_type to the PSSH since the Widevine license server
// will return keys for all allowed track types in a single license.
optional string track_type_deprecated = 5;
optional string track_type = 5 [deprecated = true];
// The name of a registered policy to be used for this asset.
optional string policy = 6 [deprecated=true];
@@ -760,16 +787,16 @@ message WidevinePsshData {
// Optional protected context for group content. The grouped_license is a
// serialized SignedMessage.
optional bytes grouped_license = 8;
optional bytes grouped_license = 8 [deprecated = true];
// Protection scheme identifying the encryption algorithm. The protection
// scheme is represented as a uint32 value. The uint32 contains 4 bytes each
// representing a single ascii character in one of the 4CC protection scheme
// values.
// values. To be soon deprecated in favor of signaling from content.
// 'cenc' (AES-CTR) protection_scheme = 0x63656E63,
// 'cbc1' (AES-CBC) protection_scheme = 0x63626331,
// 'cens' (AES-CTR subsample) protection_scheme = 0x63656E73,
// 'cbcs' (AES-CBC subsample) protection_scheme = 0x63626373.
// 'cens' (AES-CTR pattern encryption) protection_scheme = 0x63656E73,
// 'cbcs' (AES-CBC pattern encryption) protection_scheme = 0x63626373.
optional uint32 protection_scheme = 9;
// Optional. For media using key rotation, this represents the duration
@@ -779,9 +806,15 @@ message WidevinePsshData {
// Required when using content keys that are embedded in content.
repeated SubLicense sub_licenses = 11;
// Key ID used to identify the group master key License Server is supposed
// to use to generate group license.
optional string group_master_key_id = 12;
// IDs of the groups to which the content belongs. A group is a set of
// content IDs. A particular piece of content may belong to multiple groups.
repeated bytes group_ids = 12;
// Copy/copies of the content key used to decrypt the media stream in which
// the PSSH box is embedded, each wrapped with a different entitlement key.
// May be repeated if using group entitlement keys. Optional, used for content
// key rotation.
repeated WrappedKey entitled_keys = 13;
}
// Signed device certificate definition.