Synced license protocol protos to g3 latests.

[ Merge of http://go/wvgerrit/128023 ]

Several of the messages in license_protocol.proto have fallen out of
sync with their source-of-truth in Google3.  This change updates most
of the proto messages used by the CDM.  None of these changes
immediately affect the CDM.

Bug: 192286204
Test: Build service and unit tests
Change-Id: I83414167d51f2443fe39f02ab160341918e409c9

libwvdrmengine/cdm/core/src/license_protocol.proto

@@ -1,6 +1,3 @@
-// ----------------------------------------------------------------------------
-// license_protocol.proto
-// ----------------------------------------------------------------------------
 // Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
 // source code may only be used and distributed under the Widevine License
 // Agreement.
@@ -71,6 +68,51 @@ message LicenseIdentification {
   optional LicenseType type = 4;
   optional int32 version = 5;
   optional bytes provider_session_token = 6;
+  // Set by the SDK representing the rental duration from the initial license.
+  optional int64 original_rental_duration_seconds = 7;
+  // Set by the SDK representing the playback duration from the initial license.
+  optional int64 original_playback_duration_seconds = 8;
+  // Set by the SDK representing the start time of the initial license in
+  // seconds (UTC). This is from the original license's license_start_time,
+  // which is from the LicenseRequest.request_time when set, or set by the
+  // server to be the time that the original license was processed.
+  optional int64 original_start_time_seconds = 9;
+}
+
+// This message is used to indicate the license cateogry spec for a license as
+// a part of initial license issuance.
+message LicenseCategorySpec {
+  // Possible license categories.
+  enum LicenseCategory {
+    // By default, License is used for single content.
+    SINGLE_CONTENT_LICENSE_DEFAULT = 0;
+    // License is used for multiple contents (could be a combination of
+    // single contents and groups of contents).
+    MULTI_CONTENT_LICENSE = 1;
+    // License is used for contents logically grouped.
+    GROUP_LICENSE = 2;
+  }
+  // Optional. License category indicates if license is used for single
+  // content, multiple contents (could be a combination of
+  // single contents and groups of contents) or a group of contents.
+  optional LicenseCategory license_category = 1;
+  // Optional. Content or group ID covered by the license.
+  oneof content_or_group_id {
+    // Content_id would be present if it is a license for single content.
+    bytes content_id = 2;
+    // Group_id would be present if the license is a multi_content_license or
+    // group_license. Group Id could be the name of a group of contents,
+    // defined by licensor.
+    bytes group_id = 3;
+  }
+}
+
+message ProxyInfo {
+  // Indicates SDK type(Including UNKNOWN_SERVICE_TYPE, LICENSE_PROXY_SDK,
+  // CAS_PROXY_SDK).
+  optional DrmCertificate.ServiceType sdk_type = 1;
+  // Indicates the version of SDK.
+  optional string sdk_version = 2;
 }
 
 message License {
@@ -144,12 +186,16 @@ message License {
 
   message KeyContainer {
     enum KeyType {
-      SIGNING = 1;           // Exactly one key of this type must appear.
+      SIGNING = 1;           // No more than one signing key may appear.
       CONTENT = 2;           // Content key.
       KEY_CONTROL = 3;       // Key control block for license renewals. No key.
       OPERATOR_SESSION = 4;  // wrapped keys for auxiliary crypto operations.
       ENTITLEMENT = 5;       // Entitlement keys.
       OEM_CONTENT = 6;       // Partner-specific content key.
+      // Public signing key provided by content providers. Currently used by CAS
+      // for verifying the received ECM/EMM signature. Only EC key is supported
+      // for now.
+      PROVIDER_ECM_VERIFIER_PUBLIC_KEY = 7;
     }
 
     // The SecurityLevel enumeration allows the server to communicate the level
@@ -176,8 +222,6 @@ message License {
     }
 
     message KeyControl {
-      // |key_control| is documented in:
-      // Widevine Modular DRM Security Integration Guide for CENC
       // If present, the key control must be communicated to the secure
       // environment prior to any usage. This message is automatically generated
       // by the Widevine License Server SDK.
@@ -223,6 +267,9 @@ message License {
       optional bool disable_analog_output = 4 [default = false];
       // Optional requirement to indicate digital output is not allowed.
       optional bool disable_digital_output = 5 [default = false];
+      // Optional. If set, it indicates digital video recording (DVR) is
+      // allowed.
+      optional bool allow_record = 6 [default = false];
     }
 
     message VideoResolutionConstraint {
@@ -243,6 +290,28 @@ message License {
       optional bool allow_signature_verify = 4 [default = false];
     }
 
+    // KeyCategorySpec message is used to identify if current key is generated
+    // for a single content or a group of contents. Currently it is only used in
+    // CAS request.
+    message KeyCategorySpec {
+      // Represents what kind of content a key is used for.
+      enum KeyCategory {
+        // By default, key is created for single content.
+        SINGLE_CONTENT_KEY_DEFAULT = 0;
+        // Key is created for a group of contents.
+        GROUP_KEY = 1;
+      }
+      // Indicate if the current key is created for single content or for group
+      // use.
+      optional KeyCategory key_category = 1;
+      // Id for key category. If it is a key for single content, this id
+      // represents the content_id. Otherwise, it represents a group_id.
+      oneof content_or_group_id {
+        bytes content_id = 2;
+        bytes group_id = 3;
+      }
+    }
+
     optional bytes id = 1;
     optional bytes iv = 2;
     optional bytes key = 3;
@@ -268,6 +337,10 @@ message License {
     // Optional not limited to commonly known track types such as SD, HD.
     // It can be some provider defined label to identify the track.
     optional string track_label = 12;
+    // Optional. It is used to identify if current key is generated for a
+    // single content or a group of contents. Currently it is only used in CAS
+    // request.
+    optional KeyCategorySpec key_category_spec = 13;
   }
 
   optional LicenseIdentification id = 1;
@@ -288,8 +361,6 @@ message License {
   // 8 byte verification field "HDCPDATA" followed by unsigned 32 bit minimum
   // HDCP SRM version (whether the version is for HDCP1 SRM or HDCP2 SRM
   // depends on client max_hdcp_version).
-  // Additional details can be found in Widevine Modular DRM Security
-  // Integration Guide for CENC.
   optional bytes srm_requirement = 8;
   // If present this contains a signed SRM file (either HDCP1 SRM or HDCP2 SRM
   // depending on client max_hdcp_version) that should be installed on the
@@ -301,6 +372,10 @@ message License {
       [default = PLATFORM_NO_VERIFICATION];
   // IDs of the groups for which keys are delivered in this license, if any.
   repeated bytes group_ids = 11;
+  // Optional. LicenseCategorySpec is used to indicate the license cateogry for
+  // a license. It could be used as a part of initial license issuance or shown
+  // as a part of license in license response.
+  optional LicenseCategorySpec license_category_spec = 12;
 }
 
 enum ProtocolVersion {
@@ -386,6 +461,8 @@ message LicenseError {
     // The service is currently unavailable due to the backend being down
     // or similar circumstances.
     SERVICE_UNAVAILABLE = 3;
+    // The device credentials are expired. The device must re-provision.
+    EXPIRED_DRM_DEVICE_CERTIFICATE = 4;
   }
   optional Error error_code = 1;
 }
@@ -438,8 +515,9 @@ message SignedMessage {
   enum SessionKeyType {
     UNDEFINED = 0;
     WRAPPED_AES_KEY = 1;
-    EPHERMERAL_ECC_PUBLIC_KEY = 2;
+    EPHEMERAL_ECC_PUBLIC_KEY = 2;
   }
+
   optional MessageType type = 1;
   optional bytes msg = 2;
   // Required field that contains the signature of the bytes of msg.
@@ -469,6 +547,11 @@ message SignedMessage {
   // The core message is the simple serialization of fields used by OEMCrypto.
   // This field was introduced in OEMCrypto API v16.
   optional bytes oemcrypto_core_message = 9;
+  // Optional field that indicates the hash algorithm used in signature scheme.
+  optional HashAlgorithmProto hash_algorithm = 10;
+  // If true it indicates that a LICENSE message session key was based on an
+  // alternate key provided by the client credentials.
+  optional bool using_secondary_key = 11;
 }
 
 // ----------------------------------------------------------------------------
@@ -493,20 +576,44 @@ enum HashAlgorithmProto {
 //   Public protocol buffer definitions for Widevine Device Certificate
 //   Provisioning protocol.
 
+// A KeyToCertify contains a client generated public key to be incorporated into
+// a signed certificate.
+message PublicKeyToCertify {
+  // A KeyType indicates a high level key type.
+  enum KeyType {
+    KEY_TYPE_UNSPECIFIED = 0;
+    RSA = 1;
+    ECC = 2;
+  }
+
+  // |public_key| contains the bytes of a PKCS#1 ASN.1 DER-encoded public key.
+  optional bytes public_key = 1;
+  // KeyType contains a highlevel hint to use in parsing the serialized key
+  // contained in |public_key|. If the key is an EC key, curve parameters can be
+  // extracted from the deserialized key.
+  // Keys are expected to match the certificate key type in the device
+  // record.
+  optional KeyType key_type = 2;
+  // The signature of |public_key|.
+  // Keys that are signed using ECDSA or RSA should hash the message using
+  // SHA-256.
+  optional bytes signature = 3;
+}
+
 // ProvisioningOptions specifies the type of certificate to specify and
 // in the case of X509 certificates, the certificate authority to use.
 message ProvisioningOptions {
   enum CertificateType {
-    WIDEVINE_DRM = 0; // Default.  The original certificate type.
+    WIDEVINE_DRM = 0;  // Default.  The original certificate type.
-    X509 = 1; // X.509 certificate.
+    X509 = 1;          // X.509 certificate.
     WIDEVINE_KEYBOX = 2;
   }
 
   optional CertificateType certificate_type = 1 [default = WIDEVINE_DRM];
 
   // Contains the application-specific name used to identify the certificate
-  // authority for signing the generated certificate. This is required if the
+  // authority for signing the generated certificate. This is required if and
-  // certificate type is X509.
+  // only if the certificate type is X509.
   optional string certificate_authority = 2;
   // System ID for OTA keybox provisioning. Requires device secure boot.
   optional uint32 system_id = 3;
@@ -565,6 +672,10 @@ message ProvisioningRequest {
   optional EncryptedSessionKeys encrypted_session_keys = 8;
   // The custom request for Android Attestation OTA.
   optional AndroidAttestationOtaKeyboxRequest android_ota_keybox_request = 9;
+  // Specifies the public key that should be certified by the provisioning
+  // server. The client holds the private key. If specified, the response no
+  // longer needs to contain server generated |device_rsa_key|.
+  optional PublicKeyToCertify certificate_public_key = 10;
 }
 
 // Provisioning response sent by the provisioning server to client devices.
@@ -627,8 +738,7 @@ message ProvisioningResponse {
 }
 
 // Protocol-specific context data used to hold the state of the server in
-// stateful provisioning protocols. For more information, please refer to
+// stateful provisioning protocols.
-// "Widevine DRM Provisioning using Third-Part and Stateful Protocols".
 message ProvisioningContext {
   // Serialized ProvisioningContextKeyData. Required.
   optional bytes key_data = 1;
@@ -643,6 +753,8 @@ message SignedProvisioningContext {
   // RSASSA-PSS signature of provisioning_context. Signed with service private
   // key.
   optional bytes signature = 2;
+  // Optional field that indicates the hash algorithm used in signature scheme.
+  optional HashAlgorithmProto hash_algorithm = 3;
 }
 
 // Cryptographic tokens to be used for ProvisioningContext.
@@ -664,25 +776,27 @@ message SignedProvisioningMessage {
     // implementation. E.g. embedded in the ProvisioningResponse rather than
     // returning a 400 error to the caller.
     VERSION_1_1 = 2;
-    // Version 2 will implement a larger change of the protocol definition
-    // in protobufs. This will provide a cleaner separation between protocols.
-    VERSION_2 = 3;
   }
 
   enum ProvisioningType {  // This enum was renamed to avoid confusion
     PROVISIONING_TYPE_UNSPECIFIED = 0;
     SERVICE_CERTIFICATE_REQUEST = 1;  // Service certificate request.
     PROVISIONING_20 = 2;              // Keybox factory-provisioned devices.
-    PROVISIONING_30 = 3;     // OEM certificate factory-provisioned devices.
+    PROVISIONING_30 = 3;  // OEM certificate factory-provisioned devices.
+    // Devices use Boot Certificate Chain (BCC) to provision an OEM certificate.
+    PROVISIONING_40 = 5;
+    // These are provisioning methods that are only supported by internal
+    // Widevine services. They should not be exposed in the SDK.
     ARCPP_PROVISIONING = 4;  // ChromeOS/Arc++ devices.
     // Android-Attestation-based OTA keyboxes.
     ANDROID_ATTESTATION_KEYBOX_OTA = 6;
-    INTEL_SIGMA_101 = 101;   // Intel Sigma 1.0.1 protocol.
+    INTEL_SIGMA_101 = 101;  // Intel Sigma 1.0.1 protocol.
+    INTEL_SIGMA_210 = 210;  // Intel Sigma 2.1.0 protocol.
   }
 
   // Serialized protobuf message for the corresponding protocol and stage of
   // the provisioning exchange. ProvisioningRequest or ProvisioningResponse
-  // in the case of Provisioning 2.0, 3.0 and ARCPP_PROVISIONING. Required.
+  // in the case of Provisioning 2.0, 3.0, 4.0 and ARCPP_PROVISIONING. Required.
   optional bytes message = 1;
   // HMAC-SHA256 (Keybox) or RSASSA-PSS (OEM) signature of message. Required
   // for provisioning 2.0 and 3.0. For ARCPP_PROVISIONING, only used in
@@ -721,6 +835,7 @@ message ClientIdentification {
     DRM_DEVICE_CERTIFICATE = 1;
     REMOTE_ATTESTATION_CERTIFICATE = 2;
     OEM_DEVICE_CERTIFICATE = 3;
+    BOOT_CERTIFICATE_CHAIN = 4;
   }
 
   message NameValue {
@@ -738,6 +853,13 @@ message ClientIdentification {
       HDCP_V2_1 = 3;
       HDCP_V2_2 = 4;
       HDCP_V2_3 = 5;
+      // The existing HDCP_V1 will be used for backwards compatibility with pre
+      // OEM crypto v17.
+      HDCP_V1_0 = 6;
+      HDCP_V1_1 = 7;
+      HDCP_V1_2 = 8;
+      HDCP_V1_3 = 9;
+      HDCP_V1_4 = 10;
       HDCP_NO_DIGITAL_OUTPUT = 0xff;
     }
 
@@ -762,8 +884,7 @@ message ClientIdentification {
     optional HdcpVersion max_hdcp_version = 4 [default = HDCP_NONE];
     optional uint32 oem_crypto_api_version = 5;
     // Client has hardware support for protecting the usage table, such as
-    // storing the generation number in secure memory.  For Details, see:
+    // storing the generation number in secure memory.
-    // Widevine Modular DRM Security Integration Guide for CENC
     optional bool anti_rollback_usage_table = 6 [default = false];
     // The client shall report |srm_version| if available.
     optional uint32 srm_version = 7;
@@ -779,8 +900,7 @@ message ClientIdentification {
     // quality of content to serve. Currently defined tiers are
     // 1 (low), 2 (medium) and 3 (high). Any other value indicates that
     // the resource rating is unavailable or reporting erroneous values
-    // for that device. For details see,
+    // for that device.
-    // Widevine Modular DRM Security Integration Guide for CENC
     optional uint32 resource_rating_tier = 12 [default = 0];
   }
 
@@ -805,7 +925,7 @@ message ClientIdentification {
   // Serialized VmpData message. Optional.
   optional bytes vmp_data = 7;
   // Optional field that may contain additional provisioning credentials.
-  repeated ClientCredentials device_credentials = 8;
+  optional ClientCredentials device_credentials = 8;
 }
 
 // EncryptedClientIdentification message used to hold ClientIdentification
@@ -953,6 +1073,8 @@ message DrmCertificate {
 // signed_drm_certificate.proto
 // ----------------------------------------------------------------------------
 // Description of section:
+//   Signed device certificate definition.
+
 // DrmCertificate signed by a higher (CA) DRM certificate.
 message SignedDrmCertificate {
   // Serialized certificate. Required.
@@ -966,80 +1088,6 @@ message SignedDrmCertificate {
   optional HashAlgorithmProto hash_algorithm = 4;
 }
 
-// ----------------------------------------------------------------------------
-// provisioned_device_info.proto
-// ----------------------------------------------------------------------------
-// Description of section:
-//   Provisioned device info format definitions.
-
-// Contains device model information for a provisioned device.
-message ProvisionedDeviceInfo {
-  enum WvSecurityLevel {
-    // Defined in "Widevine Security Integration Guide for DASH on Android"
-    LEVEL_UNSPECIFIED = 0;
-    LEVEL_1 = 1;
-    LEVEL_2 = 2;
-    LEVEL_3 = 3;
-  }
-
-  // Widevine initial provisioning / bootstrapping method. DRM certificates are
-  // required for retrieving licenses, so if a DRM certificate is not initially
-  // provisioned, then the provisioned credentials will be used to provision
-  // a DRM certificate via the Widevine Provisioning Service.
-  enum ProvisioningMethod {
-    // Don't use this.
-    PROVISIONING_METHOD_UNSPECIFIED = 0;
-    // Factory-provisioned device-unique keybox.
-    FACTORY_KEYBOX = 1;
-    // Factory-provisioned device-unique OEM certificate.
-    FACTORY_OEM_DEVICE_CERTIFICATE = 2;
-    // Factory-provisioned model-group OEM certificate.
-    FACTORY_OEM_GROUP_CERTIFICATE = 3;
-    // Factory-provisioned model-group DRM certificate (Level-3 "baked in").
-    FACTORY_DRM_GROUP_CERTIFICATE = 4;
-    // OTA-provisioned keybox (Level-1 ARC++).
-    OTA_KEYBOX = 5;
-    // OTA-provisioned device-unique OEM certificate.
-    OTA_OEM_DEVICE_CERTIFICATE = 6;
-    // OTA-provisioned model-group OEM certificate.
-    OTA_OEM_GROUP_CERTIFICATE = 7;
-    // OTA-provisioned device-unique DRM certificate (Bedrock).
-    OTA_DRM_DEVICE_CERTIFICATE = 8;
-  }
-  // Represents additional devices that are associated with the device.  These
-  // are devices that have the systemID, but a different 'manufacturer'/'model'
-  // etc.
-  message ModelInfo {
-    // Represents the device manufacturer. Typically, this will be Philips, LG,
-    // Sharp, etc.
-    optional string manufacturer = 1;
-    //  Model of the device.
-    optional string model = 2;
-  }
-  // Widevine system ID for the device. Mandatory.
-  optional uint32 system_id = 1;
-  // Name of system-on-a-chip. Optional.
-  optional string soc = 2;
-  // First registered manufacturer. Optional.
-  optional string manufacturer = 3;
-  // First registered manufacturer's model name. Matches "brand" in device
-  // metadata. Optional.
-  optional string model = 4;
-  // First registered type of device (Phone, Tablet, TV, etc).
-  optional string device_type = 5;
-  // First registered device model year. Optional.
-  optional uint32 model_year = 6;
-  // Widevine-defined security level. Optional.
-  optional WvSecurityLevel security_level = 7 [default = LEVEL_UNSPECIFIED];
-  // True if the certificate corresponds to a test (non production) device.
-  // Optional.
-  optional bool test_device = 8 [default = false];
-  // Indicates the type of device root of trust which was factory provisioned.
-  optional ProvisioningMethod provisioning_method = 9;
-  // A list of ModelInfo using the same system_id.
-  repeated ModelInfo model_info = 10;
-}
-
 // ----------------------------------------------------------------------------
 // widevine_pssh.proto
 // ----------------------------------------------------------------------------
@@ -1067,7 +1115,7 @@ message WidevinePsshData {
     optional uint32 entitlement_key_size_bytes = 5 [default = 32];
   }
 
-  // Entitlement or content key IDs. Can onnly present in SINGLE or ENTITLEMENT
+  // Entitlement or content key IDs. Can only present in SINGLE or ENTITLEMENT
   // PSSHs. May be repeated to facilitate delivery of multiple keys in a
   // single license. Cannot be used in conjunction with content_id or
   // group_ids, which are the preferred mechanism.
@@ -1108,8 +1156,8 @@ message WidevinePsshData {
 
   // Group identifiers for all groups to which the content belongs. This can
   // be used to deliver licenses to unlock multiple titles / channels.
-  // Optional, and may only be present in ENTITLEMENT and ENTITLED_KEY PSSHs, and
+  // Optional, and may only be present in ENTITLEMENT and ENTITLED_KEY PSSHs,
-  // not in conjunction with key_ids.
+  // and not in conjunction with key_ids.
   repeated bytes group_ids = 13;
 
   // Copy/copies of the content key used to decrypt the media stream in which
@@ -1125,11 +1173,22 @@ message WidevinePsshData {
   // Current values are "HDR".
   optional string video_feature = 15;
 
+  // Audiofeature identifier, which is used in conjunction with |content_id|
+  // to determine the set of keys to be returned in the license. Cannot be
+  // present in conjunction with |key_ids|.
+  // Current values are "commentary".
+  optional string audio_feature = 16;
+
+  // Entitlement period index for media using entitlement key rotation. Can only
+  // present in ENTITLEMENT PSSHs. It always corresponds to the entitlement key
+  // period.
+  optional uint32 entitlement_period_index = 17;
+
   ////////////////////////////  Deprecated Fields  ////////////////////////////
   enum Algorithm {
     UNENCRYPTED = 0;
     AESCTR = 1;
-  };
+  }
   optional Algorithm algorithm = 1 [deprecated = true];
   optional string provider = 3 [deprecated = true];
   optional string track_type = 5 [deprecated = true];