// Copyright 2013 Google Inc. All Rights Reserved.
// Author: tinskip@google.com (Thomas Inskip)
//
// Description:
//   Public protocol buffer definitions for Widevine Device Certificate
//   Provisioning protocol.

syntax = "proto2";

package video_widevine_server.sdk;

import "vendor/widevine/libwvdrmengine/cdm/core/src/client_identification.proto";
option optimize_for = LITE_RUNTIME;

// Provisioning request sent by client devices to provisioning service.
message ProvisioningRequest {
  // Device root of trust and other client identification. Required.
  optional ClientIdentification client_id = 1;
  // Nonce value used to prevent replay attacks. Required.
  optional bytes nonce = 2;
}

// Provisioning response sent by the provisioning server to client devices.
message ProvisioningResponse {
  // AES-128 encrypted device private RSA key. PKCS#1 ASN.1 DER-encoded.
  // Required.
  optional bytes device_rsa_key = 1;
  // Initialization vector used to encrypt device_rsa_key. Required.
  optional bytes device_rsa_key_iv = 2;
  // Serialized DeviceCertificate. Required.
  optional bytes device_certificate = 3;
  // Nonce value matching nonce in ProvisioningRequest. Required.
  optional bytes nonce = 4;
}

// Serialized ProvisioningRequest or ProvisioningResponse signed with
// The message authentication key.
message SignedProvisioningMessage {
  // Serialized ProvisioningRequest or ProvisioningResponse. Required.
  optional bytes message = 1;
  // HMAC-SHA256 signature of message. Required.
  optional bytes signature = 2;
}