diff --git a/libwvdrmengine/cdm/core/src/license_protocol.proto b/libwvdrmengine/cdm/core/src/license_protocol.proto index 1ad2ce1a..18cc26e5 100644 --- a/libwvdrmengine/cdm/core/src/license_protocol.proto +++ b/libwvdrmengine/cdm/core/src/license_protocol.proto @@ -1,6 +1,3 @@ -// ---------------------------------------------------------------------------- -// license_protocol.proto -// ---------------------------------------------------------------------------- // Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary // source code may only be used and distributed under the Widevine License // Agreement. @@ -71,6 +68,51 @@ message LicenseIdentification { optional LicenseType type = 4; optional int32 version = 5; optional bytes provider_session_token = 6; + // Set by the SDK representing the rental duration from the initial license. + optional int64 original_rental_duration_seconds = 7; + // Set by the SDK representing the playback duration from the initial license. + optional int64 original_playback_duration_seconds = 8; + // Set by the SDK representing the start time of the initial license in + // seconds (UTC). This is from the original license's license_start_time, + // which is from the LicenseRequest.request_time when set, or set by the + // server to be the time that the original license was processed. + optional int64 original_start_time_seconds = 9; +} + +// This message is used to indicate the license cateogry spec for a license as +// a part of initial license issuance. +message LicenseCategorySpec { + // Possible license categories. + enum LicenseCategory { + // By default, License is used for single content. + SINGLE_CONTENT_LICENSE_DEFAULT = 0; + // License is used for multiple contents (could be a combination of + // single contents and groups of contents). + MULTI_CONTENT_LICENSE = 1; + // License is used for contents logically grouped. + GROUP_LICENSE = 2; + } + // Optional. License category indicates if license is used for single + // content, multiple contents (could be a combination of + // single contents and groups of contents) or a group of contents. + optional LicenseCategory license_category = 1; + // Optional. Content or group ID covered by the license. + oneof content_or_group_id { + // Content_id would be present if it is a license for single content. + bytes content_id = 2; + // Group_id would be present if the license is a multi_content_license or + // group_license. Group Id could be the name of a group of contents, + // defined by licensor. + bytes group_id = 3; + } +} + +message ProxyInfo { + // Indicates SDK type(Including UNKNOWN_SERVICE_TYPE, LICENSE_PROXY_SDK, + // CAS_PROXY_SDK). + optional DrmCertificate.ServiceType sdk_type = 1; + // Indicates the version of SDK. + optional string sdk_version = 2; } message License { @@ -144,12 +186,16 @@ message License { message KeyContainer { enum KeyType { - SIGNING = 1; // Exactly one key of this type must appear. + SIGNING = 1; // No more than one signing key may appear. CONTENT = 2; // Content key. KEY_CONTROL = 3; // Key control block for license renewals. No key. OPERATOR_SESSION = 4; // wrapped keys for auxiliary crypto operations. ENTITLEMENT = 5; // Entitlement keys. OEM_CONTENT = 6; // Partner-specific content key. + // Public signing key provided by content providers. Currently used by CAS + // for verifying the received ECM/EMM signature. Only EC key is supported + // for now. + PROVIDER_ECM_VERIFIER_PUBLIC_KEY = 7; } // The SecurityLevel enumeration allows the server to communicate the level @@ -176,8 +222,6 @@ message License { } message KeyControl { - // |key_control| is documented in: - // Widevine Modular DRM Security Integration Guide for CENC // If present, the key control must be communicated to the secure // environment prior to any usage. This message is automatically generated // by the Widevine License Server SDK. @@ -223,6 +267,9 @@ message License { optional bool disable_analog_output = 4 [default = false]; // Optional requirement to indicate digital output is not allowed. optional bool disable_digital_output = 5 [default = false]; + // Optional. If set, it indicates digital video recording (DVR) is + // allowed. + optional bool allow_record = 6 [default = false]; } message VideoResolutionConstraint { @@ -243,6 +290,28 @@ message License { optional bool allow_signature_verify = 4 [default = false]; } + // KeyCategorySpec message is used to identify if current key is generated + // for a single content or a group of contents. Currently it is only used in + // CAS request. + message KeyCategorySpec { + // Represents what kind of content a key is used for. + enum KeyCategory { + // By default, key is created for single content. + SINGLE_CONTENT_KEY_DEFAULT = 0; + // Key is created for a group of contents. + GROUP_KEY = 1; + } + // Indicate if the current key is created for single content or for group + // use. + optional KeyCategory key_category = 1; + // Id for key category. If it is a key for single content, this id + // represents the content_id. Otherwise, it represents a group_id. + oneof content_or_group_id { + bytes content_id = 2; + bytes group_id = 3; + } + } + optional bytes id = 1; optional bytes iv = 2; optional bytes key = 3; @@ -268,6 +337,10 @@ message License { // Optional not limited to commonly known track types such as SD, HD. // It can be some provider defined label to identify the track. optional string track_label = 12; + // Optional. It is used to identify if current key is generated for a + // single content or a group of contents. Currently it is only used in CAS + // request. + optional KeyCategorySpec key_category_spec = 13; } optional LicenseIdentification id = 1; @@ -288,8 +361,6 @@ message License { // 8 byte verification field "HDCPDATA" followed by unsigned 32 bit minimum // HDCP SRM version (whether the version is for HDCP1 SRM or HDCP2 SRM // depends on client max_hdcp_version). - // Additional details can be found in Widevine Modular DRM Security - // Integration Guide for CENC. optional bytes srm_requirement = 8; // If present this contains a signed SRM file (either HDCP1 SRM or HDCP2 SRM // depending on client max_hdcp_version) that should be installed on the @@ -301,6 +372,10 @@ message License { [default = PLATFORM_NO_VERIFICATION]; // IDs of the groups for which keys are delivered in this license, if any. repeated bytes group_ids = 11; + // Optional. LicenseCategorySpec is used to indicate the license cateogry for + // a license. It could be used as a part of initial license issuance or shown + // as a part of license in license response. + optional LicenseCategorySpec license_category_spec = 12; } enum ProtocolVersion { @@ -386,6 +461,8 @@ message LicenseError { // The service is currently unavailable due to the backend being down // or similar circumstances. SERVICE_UNAVAILABLE = 3; + // The device credentials are expired. The device must re-provision. + EXPIRED_DRM_DEVICE_CERTIFICATE = 4; } optional Error error_code = 1; } @@ -438,8 +515,9 @@ message SignedMessage { enum SessionKeyType { UNDEFINED = 0; WRAPPED_AES_KEY = 1; - EPHERMERAL_ECC_PUBLIC_KEY = 2; + EPHEMERAL_ECC_PUBLIC_KEY = 2; } + optional MessageType type = 1; optional bytes msg = 2; // Required field that contains the signature of the bytes of msg. @@ -469,6 +547,11 @@ message SignedMessage { // The core message is the simple serialization of fields used by OEMCrypto. // This field was introduced in OEMCrypto API v16. optional bytes oemcrypto_core_message = 9; + // Optional field that indicates the hash algorithm used in signature scheme. + optional HashAlgorithmProto hash_algorithm = 10; + // If true it indicates that a LICENSE message session key was based on an + // alternate key provided by the client credentials. + optional bool using_secondary_key = 11; } // ---------------------------------------------------------------------------- @@ -493,20 +576,44 @@ enum HashAlgorithmProto { // Public protocol buffer definitions for Widevine Device Certificate // Provisioning protocol. +// A KeyToCertify contains a client generated public key to be incorporated into +// a signed certificate. +message PublicKeyToCertify { + // A KeyType indicates a high level key type. + enum KeyType { + KEY_TYPE_UNSPECIFIED = 0; + RSA = 1; + ECC = 2; + } + + // |public_key| contains the bytes of a PKCS#1 ASN.1 DER-encoded public key. + optional bytes public_key = 1; + // KeyType contains a highlevel hint to use in parsing the serialized key + // contained in |public_key|. If the key is an EC key, curve parameters can be + // extracted from the deserialized key. + // Keys are expected to match the certificate key type in the device + // record. + optional KeyType key_type = 2; + // The signature of |public_key|. + // Keys that are signed using ECDSA or RSA should hash the message using + // SHA-256. + optional bytes signature = 3; +} + // ProvisioningOptions specifies the type of certificate to specify and // in the case of X509 certificates, the certificate authority to use. message ProvisioningOptions { enum CertificateType { - WIDEVINE_DRM = 0; // Default. The original certificate type. - X509 = 1; // X.509 certificate. + WIDEVINE_DRM = 0; // Default. The original certificate type. + X509 = 1; // X.509 certificate. WIDEVINE_KEYBOX = 2; } optional CertificateType certificate_type = 1 [default = WIDEVINE_DRM]; // Contains the application-specific name used to identify the certificate - // authority for signing the generated certificate. This is required if the - // certificate type is X509. + // authority for signing the generated certificate. This is required if and + // only if the certificate type is X509. optional string certificate_authority = 2; // System ID for OTA keybox provisioning. Requires device secure boot. optional uint32 system_id = 3; @@ -565,6 +672,10 @@ message ProvisioningRequest { optional EncryptedSessionKeys encrypted_session_keys = 8; // The custom request for Android Attestation OTA. optional AndroidAttestationOtaKeyboxRequest android_ota_keybox_request = 9; + // Specifies the public key that should be certified by the provisioning + // server. The client holds the private key. If specified, the response no + // longer needs to contain server generated |device_rsa_key|. + optional PublicKeyToCertify certificate_public_key = 10; } // Provisioning response sent by the provisioning server to client devices. @@ -627,8 +738,7 @@ message ProvisioningResponse { } // Protocol-specific context data used to hold the state of the server in -// stateful provisioning protocols. For more information, please refer to -// "Widevine DRM Provisioning using Third-Part and Stateful Protocols". +// stateful provisioning protocols. message ProvisioningContext { // Serialized ProvisioningContextKeyData. Required. optional bytes key_data = 1; @@ -643,6 +753,8 @@ message SignedProvisioningContext { // RSASSA-PSS signature of provisioning_context. Signed with service private // key. optional bytes signature = 2; + // Optional field that indicates the hash algorithm used in signature scheme. + optional HashAlgorithmProto hash_algorithm = 3; } // Cryptographic tokens to be used for ProvisioningContext. @@ -664,25 +776,27 @@ message SignedProvisioningMessage { // implementation. E.g. embedded in the ProvisioningResponse rather than // returning a 400 error to the caller. VERSION_1_1 = 2; - // Version 2 will implement a larger change of the protocol definition - // in protobufs. This will provide a cleaner separation between protocols. - VERSION_2 = 3; } enum ProvisioningType { // This enum was renamed to avoid confusion PROVISIONING_TYPE_UNSPECIFIED = 0; SERVICE_CERTIFICATE_REQUEST = 1; // Service certificate request. PROVISIONING_20 = 2; // Keybox factory-provisioned devices. - PROVISIONING_30 = 3; // OEM certificate factory-provisioned devices. + PROVISIONING_30 = 3; // OEM certificate factory-provisioned devices. + // Devices use Boot Certificate Chain (BCC) to provision an OEM certificate. + PROVISIONING_40 = 5; + // These are provisioning methods that are only supported by internal + // Widevine services. They should not be exposed in the SDK. ARCPP_PROVISIONING = 4; // ChromeOS/Arc++ devices. // Android-Attestation-based OTA keyboxes. ANDROID_ATTESTATION_KEYBOX_OTA = 6; - INTEL_SIGMA_101 = 101; // Intel Sigma 1.0.1 protocol. + INTEL_SIGMA_101 = 101; // Intel Sigma 1.0.1 protocol. + INTEL_SIGMA_210 = 210; // Intel Sigma 2.1.0 protocol. } // Serialized protobuf message for the corresponding protocol and stage of // the provisioning exchange. ProvisioningRequest or ProvisioningResponse - // in the case of Provisioning 2.0, 3.0 and ARCPP_PROVISIONING. Required. + // in the case of Provisioning 2.0, 3.0, 4.0 and ARCPP_PROVISIONING. Required. optional bytes message = 1; // HMAC-SHA256 (Keybox) or RSASSA-PSS (OEM) signature of message. Required // for provisioning 2.0 and 3.0. For ARCPP_PROVISIONING, only used in @@ -721,6 +835,7 @@ message ClientIdentification { DRM_DEVICE_CERTIFICATE = 1; REMOTE_ATTESTATION_CERTIFICATE = 2; OEM_DEVICE_CERTIFICATE = 3; + BOOT_CERTIFICATE_CHAIN = 4; } message NameValue { @@ -738,6 +853,13 @@ message ClientIdentification { HDCP_V2_1 = 3; HDCP_V2_2 = 4; HDCP_V2_3 = 5; + // The existing HDCP_V1 will be used for backwards compatibility with pre + // OEM crypto v17. + HDCP_V1_0 = 6; + HDCP_V1_1 = 7; + HDCP_V1_2 = 8; + HDCP_V1_3 = 9; + HDCP_V1_4 = 10; HDCP_NO_DIGITAL_OUTPUT = 0xff; } @@ -762,8 +884,7 @@ message ClientIdentification { optional HdcpVersion max_hdcp_version = 4 [default = HDCP_NONE]; optional uint32 oem_crypto_api_version = 5; // Client has hardware support for protecting the usage table, such as - // storing the generation number in secure memory. For Details, see: - // Widevine Modular DRM Security Integration Guide for CENC + // storing the generation number in secure memory. optional bool anti_rollback_usage_table = 6 [default = false]; // The client shall report |srm_version| if available. optional uint32 srm_version = 7; @@ -779,8 +900,7 @@ message ClientIdentification { // quality of content to serve. Currently defined tiers are // 1 (low), 2 (medium) and 3 (high). Any other value indicates that // the resource rating is unavailable or reporting erroneous values - // for that device. For details see, - // Widevine Modular DRM Security Integration Guide for CENC + // for that device. optional uint32 resource_rating_tier = 12 [default = 0]; } @@ -805,7 +925,7 @@ message ClientIdentification { // Serialized VmpData message. Optional. optional bytes vmp_data = 7; // Optional field that may contain additional provisioning credentials. - repeated ClientCredentials device_credentials = 8; + optional ClientCredentials device_credentials = 8; } // EncryptedClientIdentification message used to hold ClientIdentification @@ -953,6 +1073,8 @@ message DrmCertificate { // signed_drm_certificate.proto // ---------------------------------------------------------------------------- // Description of section: +// Signed device certificate definition. + // DrmCertificate signed by a higher (CA) DRM certificate. message SignedDrmCertificate { // Serialized certificate. Required. @@ -966,80 +1088,6 @@ message SignedDrmCertificate { optional HashAlgorithmProto hash_algorithm = 4; } -// ---------------------------------------------------------------------------- -// provisioned_device_info.proto -// ---------------------------------------------------------------------------- -// Description of section: -// Provisioned device info format definitions. - -// Contains device model information for a provisioned device. -message ProvisionedDeviceInfo { - enum WvSecurityLevel { - // Defined in "Widevine Security Integration Guide for DASH on Android" - LEVEL_UNSPECIFIED = 0; - LEVEL_1 = 1; - LEVEL_2 = 2; - LEVEL_3 = 3; - } - - // Widevine initial provisioning / bootstrapping method. DRM certificates are - // required for retrieving licenses, so if a DRM certificate is not initially - // provisioned, then the provisioned credentials will be used to provision - // a DRM certificate via the Widevine Provisioning Service. - enum ProvisioningMethod { - // Don't use this. - PROVISIONING_METHOD_UNSPECIFIED = 0; - // Factory-provisioned device-unique keybox. - FACTORY_KEYBOX = 1; - // Factory-provisioned device-unique OEM certificate. - FACTORY_OEM_DEVICE_CERTIFICATE = 2; - // Factory-provisioned model-group OEM certificate. - FACTORY_OEM_GROUP_CERTIFICATE = 3; - // Factory-provisioned model-group DRM certificate (Level-3 "baked in"). - FACTORY_DRM_GROUP_CERTIFICATE = 4; - // OTA-provisioned keybox (Level-1 ARC++). - OTA_KEYBOX = 5; - // OTA-provisioned device-unique OEM certificate. - OTA_OEM_DEVICE_CERTIFICATE = 6; - // OTA-provisioned model-group OEM certificate. - OTA_OEM_GROUP_CERTIFICATE = 7; - // OTA-provisioned device-unique DRM certificate (Bedrock). - OTA_DRM_DEVICE_CERTIFICATE = 8; - } - // Represents additional devices that are associated with the device. These - // are devices that have the systemID, but a different 'manufacturer'/'model' - // etc. - message ModelInfo { - // Represents the device manufacturer. Typically, this will be Philips, LG, - // Sharp, etc. - optional string manufacturer = 1; - // Model of the device. - optional string model = 2; - } - // Widevine system ID for the device. Mandatory. - optional uint32 system_id = 1; - // Name of system-on-a-chip. Optional. - optional string soc = 2; - // First registered manufacturer. Optional. - optional string manufacturer = 3; - // First registered manufacturer's model name. Matches "brand" in device - // metadata. Optional. - optional string model = 4; - // First registered type of device (Phone, Tablet, TV, etc). - optional string device_type = 5; - // First registered device model year. Optional. - optional uint32 model_year = 6; - // Widevine-defined security level. Optional. - optional WvSecurityLevel security_level = 7 [default = LEVEL_UNSPECIFIED]; - // True if the certificate corresponds to a test (non production) device. - // Optional. - optional bool test_device = 8 [default = false]; - // Indicates the type of device root of trust which was factory provisioned. - optional ProvisioningMethod provisioning_method = 9; - // A list of ModelInfo using the same system_id. - repeated ModelInfo model_info = 10; -} - // ---------------------------------------------------------------------------- // widevine_pssh.proto // ---------------------------------------------------------------------------- @@ -1067,7 +1115,7 @@ message WidevinePsshData { optional uint32 entitlement_key_size_bytes = 5 [default = 32]; } - // Entitlement or content key IDs. Can onnly present in SINGLE or ENTITLEMENT + // Entitlement or content key IDs. Can only present in SINGLE or ENTITLEMENT // PSSHs. May be repeated to facilitate delivery of multiple keys in a // single license. Cannot be used in conjunction with content_id or // group_ids, which are the preferred mechanism. @@ -1108,8 +1156,8 @@ message WidevinePsshData { // Group identifiers for all groups to which the content belongs. This can // be used to deliver licenses to unlock multiple titles / channels. - // Optional, and may only be present in ENTITLEMENT and ENTITLED_KEY PSSHs, and - // not in conjunction with key_ids. + // Optional, and may only be present in ENTITLEMENT and ENTITLED_KEY PSSHs, + // and not in conjunction with key_ids. repeated bytes group_ids = 13; // Copy/copies of the content key used to decrypt the media stream in which @@ -1125,11 +1173,22 @@ message WidevinePsshData { // Current values are "HDR". optional string video_feature = 15; + // Audiofeature identifier, which is used in conjunction with |content_id| + // to determine the set of keys to be returned in the license. Cannot be + // present in conjunction with |key_ids|. + // Current values are "commentary". + optional string audio_feature = 16; + + // Entitlement period index for media using entitlement key rotation. Can only + // present in ENTITLEMENT PSSHs. It always corresponds to the entitlement key + // period. + optional uint32 entitlement_period_index = 17; + //////////////////////////// Deprecated Fields //////////////////////////// enum Algorithm { UNENCRYPTED = 0; AESCTR = 1; - }; + } optional Algorithm algorithm = 1 [deprecated = true]; optional string provider = 3 [deprecated = true]; optional string track_type = 5 [deprecated = true];