Sync the definition of WidevinePssh data

Merge from Widevine repo of http://go/wvgerrit/43202 Sync the definition of WidevinePssh data with the latest in support of entitlement keys. bug: 73297961 Fix or remove sublicense support. Test: tested as part of http://go/ag/4674759 Change-Id: Ia9faf82732854a705b4b14430169ce4c8ecbcfcd
2018-07-01 19:41:58 -07:00
parent 6000f834a0
commit d36ab56575
6 changed files with 104 additions and 99 deletions
--- a/libwvdrmengine/cdm/core/src/license_protocol.proto
+++ b/libwvdrmengine/cdm/core/src/license_protocol.proto
@@ -743,61 +743,47 @@ message SubLicense {
  optional bytes group_id = 13;
 }

-// Container for keys which are wrapped using an entitlement key from a master
-// license.
-message WrappedKey {
-// ID of the wrapped key. Required.
-  optional bytes key_id = 1;
-  // ID of wrapping key. Required.
-  optional bytes wrapping_key_id = 2;
-  // IV used to wrap the key. Required.
-  optional bytes wrapping_iv = 3;
-  // Encrypted entitled key. Wrapped with the entitlement key and IV, using
-  // AES-256-CBC with PKCS#7 padding. Required.
-  optional bytes wrapped_key = 4;
-}
-
 message WidevinePsshData {
-// Superceded by protection_scheme.
-  enum Algorithm {
-    UNENCRYPTED = 0;
-    AESCTR = 1;
-  };
+  enum Type {
+    SINGLE = 0;        // Single PSSH to be used to retrieve content keys.
+    ENTITLEMENT = 1;   // Primary PSSH used to retrieve entitlement keys.
+    ENTITLED_KEY = 2;  // Secondary PSSH containing entitled key(s).
+  }

-  optional Algorithm algorithm = 1 [deprecated = true];
+  message EntitledKey {
+    // ID of entitlement key used for wrapping |key|.
+    optional bytes entitlement_key_id = 1;
+    // ID of the entitled key.
+    optional bytes key_id = 2;
+    // Wrapped key. Required.
+    optional bytes key = 3;
+    // IV used for wrapping |key|. Required.
+    optional bytes iv = 4;
+  }

-  // Key IDentifier(s). This field is mutually exclusive with content_id, below.
-  // Only One or the other, but at least one must be present.
+  // Entitlement or content key IDs. Can onnly present in SINGLE or ENTITLEMENT
+  // PSSHs. May be repeated to facilitate delivery of multiple keys in a
+  // single license. Cannot be used in conjunction with content_id or
+  // group_ids, which are the preferred mechanism.
  repeated bytes key_ids = 2;

-  // Content provider name.
-  optional string provider = 3 [deprecated = true];
-
-  // A content identifier, specified by content provider.
-  // This field is mutually exclusive with key_ids, above. Only
-  // one or the other, but at least one must be present.
+  // Content identifier which may map to multiple entitlement or content key
+  // IDs to facilitate the delivery of multiple keys in a single license.
+  // Cannot be present in conjunction with key_ids, but if used must be in all
+  // PSSHs.
  optional bytes content_id = 4;

-  // Track type. Acceptable values are SD, HD and AUDIO. Used to differentiate
-  // content keys used by an asset.
-  // No longer adding track_type to the PSSH since the Widevine license server
-  // will return keys for all allowed track types in a single license.
-  optional string track_type = 5 [deprecated = true];
-
-  // The name of a registered policy to be used for this asset.
-  optional string policy = 6 [deprecated=true];
-
-  // Crypto period index, for media using key rotation.
+  // Crypto period index, for media using key rotation. Always corresponds to
+  // The content key period. This means that if using entitlement licensing
+  // the ENTITLED_KEY PSSHs will have sequential crypto_period_index's, whereas
+  // the ENTITELEMENT PSSHs will have gaps in the sequence. Required if doing
+  // key rotation.
  optional uint32 crypto_period_index = 7;

-  // Optional protected context for group content. The grouped_license is a
-  // serialized SignedMessage.
-  optional bytes grouped_license = 8 [deprecated = true];
-
  // Protection scheme identifying the encryption algorithm. The protection
  // scheme is represented as a uint32 value. The uint32 contains 4 bytes each
  // representing a single ascii character in one of the 4CC protection scheme
-  // values. To be soon deprecated in favor of signaling from content.
+  // values. To be deprecated in favor of signaling from content.
  // 'cenc' (AES-CTR) protection_scheme = 0x63656E63,
  // 'cbc1' (AES-CBC) protection_scheme = 0x63626331,
  // 'cens' (AES-CTR pattern encryption) protection_scheme = 0x63656E73,
@@ -808,18 +794,35 @@ message WidevinePsshData {
  // of each crypto period in seconds.
  optional uint32 crypto_period_seconds = 10;

-  // Required when using content keys that are embedded in content.
-  repeated SubLicense sub_licenses = 11;
+  // Type of PSSH. Required if not SINGLE.
+  optional Type type = 11 [default = SINGLE];

-  // IDs of the groups to which the content belongs. A group is a set of
-  // content IDs. A particular piece of content may belong to multiple groups.
-  repeated bytes group_ids = 12;
+  // Key sequence for Widevine-managed keys. Optional.
+  optional uint32 key_sequence = 12;
+
+  // Group identifiers for all groups to which the content belongs. This can
+  // be used to deliver licenses to unlock multiple titles / channels.
+  // Optional, and may only be present in ENTITLEMENT and ENTITLED_KEY PSSHs, and
+  // not in conjunction with key_ids.
+  repeated bytes group_ids = 13;

  // Copy/copies of the content key used to decrypt the media stream in which
  // the PSSH box is embedded, each wrapped with a different entitlement key.
-  // May be repeated if using group entitlement keys. Optional, used for content
-  // key rotation.
-  repeated WrappedKey entitled_keys = 13;
+  // May also contain sub-licenses to support devices with OEMCrypto 13 or
+  // older. May be repeated if using group entitlement keys. Present only in
+  // PSSHs of type ENTITLED_KEY.
+  repeated EntitledKey entitled_keys = 14;
+
+  ////////////////////////////  Deprecated Fields  ////////////////////////////
+  enum Algorithm {
+    UNENCRYPTED = 0;
+    AESCTR = 1;
+  };
+  optional Algorithm algorithm = 1 [deprecated = true];
+  optional string provider = 3 [deprecated = true];
+  optional string track_type = 5 [deprecated = true];
+  optional string policy = 6 [deprecated = true];
+  optional bytes grouped_license = 8 [deprecated = true];
 }

 // Signed device certificate definition.