widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
75c1b886035d3a065d2cc868cf23208bb34ff4cf
android/libwvdrmengine/cdm/core/src/license_protocol.proto
Rahul Frias 0c288c1cda Indicate support for initial_renewal_delay_base 
[ Merge of http://go/wvgerrit/174555 ]

This is only announced if OEMCrypto is v18+

Bug: 278751387
Test: Duration use case tests, wvts tests
Change-Id: I5cbfcc733ed2af2c940fde381b40a5be850e7e88
2023-05-12 15:05:44 -07:00

1448 lines
58 KiB
Protocol Buffer
Raw Blame History

// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine License
// Agreement.
syntax = "proto2";
package video_widevine;
// need this if we are using libprotobuf-cpp-2.3.0-lite
option optimize_for = LITE_RUNTIME;
option java_package = "com.google.video.widevine.protos";
// ----------------------------------------------------------------------------
// remote_attestation.proto
// ----------------------------------------------------------------------------
// Description of section:
// Remote attestation is used by ChromeOS device to authenticate itself
// to Widevine services for both licensing and keybox provisioning.
message RemoteAttestation {
// Encrypted ClientIdentification message containing the device remote
// attestation certificate. Required.
optional EncryptedClientIdentification certificate = 1;
// Bytes of salt which were added to the remote attestation challenge prior to
// signing it. Required.
optional bytes salt = 2;
// Signed remote attestation challenge + salt. Required.
optional bytes signature = 3;
}
// ----------------------------------------------------------------------------
// dtcp_usage.proto
// ----------------------------------------------------------------------------
// Description of section:
// Definitions of the protocol buffer message used for DTCP2 usage rules.
message DTCPUsageRules {
// This field indicates the value of Retention_State.
enum RetentionState {
// (-- api-linter: core::0126::unspecified=disabled
// aip.dev/not-precedent: name and values are defined in the DTCP
// specification. --)
// Forever
RETENTION_STATE_FOREVER = 0;
// 1 week
RETENTION_STATE_1_WEEK = 1;
// 2 day
RETENTION_STATE_2_DAYS = 2;
// 1 day
RETENTION_STATE_1_DAY = 3;
// 12 hours
RETENTION_STATE_12_HOURS = 4;
// 6 hours
RETENTION_STATE_6_HOURS = 5;
// 3 hours
RETENTION_STATE_3_HOURS = 6;
// 90 minutes
RETENTION_STATE_90_MINUTES = 7;
}
// This field indicates Copy Control Information (CCI).
enum CopyControlInfo {
// Copy freely
COPY_FREE = 0;
// No more copies
COPY_NO_MORE = 1;
// One time copy
COPY_ONE = 2;
// Copy not allowed
COPY_NEVER = 3;
}
// This field indicates Analog Protection System (APS) used to block
// recording devices.
enum AnalogProtectionSystem {
// Copy freely, APS is off
APS_OFF = 0;
// APS is on, Type 1 (AGC)
APS_TYPE1 = 1;
// APS is on, Type 2 (AGC + 2L Colorstripe)
APS_TYPE2 = 2;
// APS is on, Type 3 (AGC + 4L Colorstripe)
APS_TYPE3 = 3;
}
// This field indicates the value of the Image Constraint Token (ICT) that
// controls downsampling of high-definition video.
enum ImageConstraintToken {
// HD analog output, Constrained Image
ICT_CONSTRAINED = 0;
// HD analog out
ICT_HD_ANALOG = 1;
}
// This field indicates the value of Analog Sunset Token (AST) used to limit
// playback to standard definition (SD) only
enum AnalogSunsetToken {
// Asserted
AST_ASSERTED = 0;
// Unasserted
AST_UNASERTED = 1;
}
// This field indicates the value of Digital Only Token (DOT) used to restrict
// output to digital only.
enum DigitalOnlyToken {
// Asserted
DOT_ASSERTED = 0;
// Unasserted
DOT_UNASSERTED = 1;
}
// This field indicates the value of Audio Enhanced Token (AET).
enum AudioEnhancedToken {
// Asserted
AET_ASSERTED = 0;
// Unasserted
AET_UNASSERTED = 1;
}
// This field indicates the value of Standard Digital Output (SDO) token.
enum StandardDigitalOutputToken {
// Unasserted
SDO_UNASSEERTED = 0;
// Asserted, L2 protection is permitted
SDO_ASSEERTED = 1;
}
// This field indicates the value of High Dynamic Rnage (HDR) token.
enum HighDynamicRangeToken {
// Unasserted, SDR conversion is permitted
HDR_UNASSERTED = 0;
// Unasserted, SDR conversion is not permitted
HDR_ASSERTED = 1;
}
// This field indicates the value of the L2 Protection Only token.
enum L2ProtectionOnlyToken {
// Unasserted
L2_ONLY_UNASSERTED = 0;
// Aasserted (L2 protection onl)
L2_ONLY_ASSERTED = 1;
}
// This field indicates the value of the Enhanced Image (EI) token
enum EnhancedImageToken {
// Unasserted, Non-Enhanced Image
EI_UNASSERTED = 0;
// Asserted, Enhanced Image
EI_ASSERTED = 1;
}
// This field indicates whether a further Bound Copy can be made from a
// Bound Copy retained in accordance with the RetentionStatefield.
enum FurtherBoundCopy {
// Further Bound Copy Prohibited
FBC_PROHIBITED = 0;
// Further Bound Copy Permitted
FBC_PERMITTED = 1;
}
// Indicates if Digital Transmission Control Protection 2 (DTCP2) is required.
optional bool require_dtcp2 = 1 [default = false];
optional CopyControlInfo copy_control = 2;
optional bool encryption_plus = 3;
optional RetentionState retention_state = 4;
optional AnalogProtectionSystem analog_protection_system = 5;
optional ImageConstraintToken image_constraint_token = 6;
optional AnalogSunsetToken analog_sunset_token = 7;
optional DigitalOnlyToken digital_only_token = 8;
optional AudioEnhancedToken audio_enhanced_token = 9;
optional uint32 copy_count = 10;
optional StandardDigitalOutputToken standard_digital_token = 11;
optional HighDynamicRangeToken high_dynamic_token = 12;
optional L2ProtectionOnlyToken l2_only_token = 13;
optional EnhancedImageToken enhaned_image_token = 14;
optional uint32 retention_time = 15;
optional FurtherBoundCopy further_copy = 16;
}
// ----------------------------------------------------------------------------
// license_protocol.proto
// ----------------------------------------------------------------------------
// Description of section:
// Definitions of the protocol buffer messages used in the Widevine license
// exchange protocol, described in Widevine license exchange protocol document
enum LicenseType {
STREAMING = 1;
OFFLINE = 2;
// License type decision is left to provider.
AUTOMATIC = 3;
}
enum PlatformVerificationStatus {
// The platform is not verified.
PLATFORM_UNVERIFIED = 0;
// Tampering detected on the platform.
PLATFORM_TAMPERED = 1;
// The platform has been verified by means of software.
PLATFORM_SOFTWARE_VERIFIED = 2;
// The platform has been verified by means of hardware (e.g. secure boot).
PLATFORM_HARDWARE_VERIFIED = 3;
// Platform verification was not performed.
PLATFORM_NO_VERIFICATION = 4;
// Platform and secure storage capability have been verified by means of
// software.
PLATFORM_SECURE_STORAGE_SOFTWARE_VERIFIED = 5;
}
// LicenseIdentification is propagated from LicenseRequest to License,
// incrementing version with each iteration.
message LicenseIdentification {
optional bytes request_id = 1;
optional bytes session_id = 2;
optional bytes purchase_id = 3;
optional LicenseType type = 4;
optional int32 version = 5;
optional bytes provider_session_token = 6;
// Set by the SDK representing the rental duration from the initial license.
optional int64 original_rental_duration_seconds = 7;
// Set by the SDK representing the playback duration from the initial license.
optional int64 original_playback_duration_seconds = 8;
// Set by the SDK representing the start time of the initial license in
// seconds (UTC). This is from the original license's license_start_time,
// which is from the LicenseRequest.request_time when set, or set by the
// server to be the time that the original license was processed.
optional int64 original_start_time_seconds = 9;
// Set by the SDK representing the renewal recovery duration from the initial
// license.
optional int64 original_renewal_recovery_duration_seconds = 10;
// Set by the SDK representing the renewal delay seconds from the original
// license.
optional int64 original_renewal_delay_seconds = 11;
}
// This message is used to indicate the license cateogry spec for a license as
// a part of initial license issuance.
message LicenseCategorySpec {
// Possible license categories.
enum LicenseCategory {
// By default, License is used for single content.
SINGLE_CONTENT_LICENSE_DEFAULT = 0;
// License is used for multiple contents (could be a combination of
// single contents and groups of contents).
MULTI_CONTENT_LICENSE = 1;
// License is used for contents logically grouped.
GROUP_LICENSE = 2;
}
// Optional. License category indicates if license is used for single
// content, multiple contents (could be a combination of
// single contents and groups of contents) or a group of contents.
optional LicenseCategory license_category = 1;
// Optional. Content or group ID covered by the license.
oneof content_or_group_id {
// Content_id would be present if it is a license for single content.
bytes content_id = 2;
// Group_id would be present if the license is a multi_content_license or
// group_license. Group Id could be the name of a group of contents,
// defined by licensor.
bytes group_id = 3;
}
}
message ProxyInfo {
// Indicates SDK type(Including UNKNOWN_SERVICE_TYPE, LICENSE_PROXY_SDK,
// CAS_PROXY_SDK).
optional DrmCertificate.ServiceType sdk_type = 1;
// Indicates the version of SDK.
optional string sdk_version = 2;
}
message License {
message Policy {
// Client-side watermarking restrictions for the license.
enum WatermarkingControl {
// Watermarking may or may not be used, provider does not care.
WATERMARKING_CONTROL_UNSPECIFIED = 0;
// Watermarking must not be used. The device must disable watermarking
// if it supports it.
WATERMARKING_FORBIDDEN = 1;
// Watermarking is required if the device supports it.
WATERMARKING_REQUIRED = 2;
}
// The base for (delayed) timers, i.e. the time from which the delayed timer
// starts.
enum TimerDelayBase {
// Not specified
TIMER_DELAY_BASE_UNSPECIFIED = 0;
// The timer delay is based on |license_start_time|.
LICENSE_START = 1;
// The timer delay is based on the time the license is received by the
// client, whether the license is newly issued by the server or loaded
// from the disk (for persistent licenses).
// IMPORTANT: The playback window also begins immediately at license load
// time.
LICENSE_LOAD = 2;
// The timer delay is based on the time of first decryption.
// NOTE: For persistent licenses, the first decryption time should be
// persisted so that the "first decrypt" should only happen once even when
// the license is loaded repeatedly.
FIRST_DECRYPT = 3;
}
// Indicates that playback of the content is allowed.
optional bool can_play = 1 [default = false];
// Indicates that the license may be persisted to non-volatile
// storage for offline use.
optional bool can_persist = 2 [default = false];
// Indicates that renewal of this license is allowed.
optional bool can_renew = 3 [default = false];
// For the |*duration*| fields, playback must halt when
// license_start_time (seconds since the epoch (UTC)) +
// license_duration_seconds is exceeded. A value of 0
// indicates that there is no limit to the duration.
// Indicates the rental window.
optional int64 rental_duration_seconds = 4 [default = 0];
// Indicates the viewing window, once playback has begun.
optional int64 playback_duration_seconds = 5 [default = 0];
// Indicates the time window for this specific license.
optional int64 license_duration_seconds = 6 [default = 0];
// The |renewal*| fields only apply if |can_renew| is true.
// The window of time, in which playback is allowed to continue while
// renewal is attempted, yet unsuccessful due to backend problems with
// the license server.
optional int64 renewal_recovery_duration_seconds = 7 [default = 0];
// All renewal requests for this license shall be directed to the
// specified URL.
optional string renewal_server_url = 8;
// How many seconds after the "renewal delay base" before renewal is first
// attempted. For an initial license, see comments on
// |initial_renewal_delay_base| on how the "renewal delay base" is
// determined. For a renewal license, the "renewal delay base" is always the
// |license_start_time| of the renewal license.
// NOTE:
// - Renewal should not be attempted if |can_renew| or |can_play| is false,
// or if the license has expired.
// - When the "renewal delay base" is first time of decryption
// (|FIRST_DECRYPT|), this delay is optional: the client can attempt the
// renewal without the delay.
optional int64 renewal_delay_seconds = 9 [default = 0];
// Specifies the delay in seconds between subsequent license
// renewal requests, in case of failure.
optional int64 renewal_retry_interval_seconds = 10 [default = 0];
// Indicates that the license shall be sent for renewal when usage is
// started, i.e. on first playback. This should only be used for a new
// license. The client shall ignore this if set in a renewal.
optional bool renew_with_usage = 11 [default = false];
// Indicates to client that license renewal and release requests ought to
// include ClientIdentification (client_id).
optional bool always_include_client_id = 12 [default = false];
// Duration of grace period before playback_duration_seconds (short window)
// goes into effect. Optional.
// Deprecated in V16.
optional int64 play_start_grace_period_seconds = 13 [default = 0];
// Enables "soft enforcement" of playback_duration_seconds, letting the user
// finish playback even if playback window expires. Optional.
optional bool soft_enforce_playback_duration = 14 [default = false];
// Enables "soft enforcement" of rental_duration_seconds. Initial playback
// must always start before rental duration expires. In order to allow
// subsequent playbacks to start after the rental duration expires,
// soft_enforce_playback_duration must be true. Otherwise, subsequent
// playbacks will not be allowed once rental duration expires. Optional.
optional bool soft_enforce_rental_duration = 15 [default = true];
// Optional requirement to indicate watermarking is allowed.
optional WatermarkingControl watermarking_control = 16
[default = WATERMARKING_CONTROL_UNSPECIFIED];
// Optional DTCP2 requirements. Default is to not allow dtcp2.
optional DTCPUsageRules dtcp2 = 17;
// The base for |renewal_delay_seconds| for the initial license. For renewal
// licenses this field will be ignored and |renewal_delay_seconds| is always
// be based on |license_start_time|.
// NOTE: For backward compatibility, when set to
// TIMER_DELAY_BASE_UNSPECIFIED or has no value, the actual "renewal delay
// base" will be FIRST_DECRYPT if |renew_with_usage| is true, or
// LICENSE_START otherwise.
optional TimerDelayBase initial_renewal_delay_base = 18
[default = TIMER_DELAY_BASE_UNSPECIFIED];
}
message KeyContainer {
enum KeyType {
SIGNING = 1; // No more than one signing key may appear.
CONTENT = 2; // Content key.
KEY_CONTROL = 3; // Key control block for license renewals. No key.
OPERATOR_SESSION = 4; // wrapped keys for auxiliary crypto operations.
ENTITLEMENT = 5; // Entitlement keys.
OEM_CONTENT = 6; // Partner-specific content key.
// Public signing key provided by content providers. Currently used by CAS
// for verifying the received ECM/EMM signature. Only EC key is supported
// for now.
PROVIDER_ECM_VERIFIER_PUBLIC_KEY = 7;
OEM_ENTITLEMENT = 8; // Partner-specific entitlement key.
}
// The SecurityLevel enumeration allows the server to communicate the level
// of robustness required by the client, in order to use the key.
enum SecurityLevel {
// Software-based whitebox crypto is required.
SW_SECURE_CRYPTO = 1;
// Software crypto and an obfuscated decoder is required.
SW_SECURE_DECODE = 2;
// The key material and crypto operations must be performed within a
// hardware backed trusted execution environment.
HW_SECURE_CRYPTO = 3;
// The crypto and decoding of content must be performed within a hardware
// backed trusted execution environment.
HW_SECURE_DECODE = 4;
// The crypto, decoding and all handling of the media (compressed and
// uncompressed) must be handled within a hardware backed trusted
// execution environment.
HW_SECURE_ALL = 5;
}
// The EncryptionScheme to be used for the content keys. This is applicable
// only to Moho API.
enum EncryptionScheme {
ENCRYPTION_SCHEME_UNSPECIFIED = 0;
AES128_CTR = 1;
AES128_CBC = 2;
}
message KeyControl {
// If present, the key control must be communicated to the secure
// environment prior to any usage. This message is automatically generated
// by the Widevine License Server SDK.
optional bytes key_control_block = 1;
optional bytes iv = 2;
}
message OutputProtection {
// Indicates whether HDCP is required on digital outputs, and which
// version should be used.
enum HDCP {
HDCP_NONE = 0;
HDCP_V1 = 1;
HDCP_V2 = 2;
HDCP_V2_1 = 3;
HDCP_V2_2 = 4;
HDCP_V2_3 = 5;
HDCP_NO_DIGITAL_OUTPUT = 0xff;
}
optional HDCP hdcp = 1 [default = HDCP_NONE];
// Indicate the CGMS setting to be inserted on analog output.
enum CGMS {
CGMS_NONE = 42;
COPY_FREE = 0;
COPY_ONCE = 2;
COPY_NEVER = 3;
}
optional CGMS cgms_flags = 2 [default = CGMS_NONE];
enum HdcpSrmRule {
HDCP_SRM_RULE_NONE = 0;
// In 'required_protection', this means most current SRM is required.
// Update the SRM on the device. If update cannot happen,
// do not allow the key.
// In 'requested_protection', this means most current SRM is requested.
// Update the SRM on the device. If update cannot happen,
// allow use of the key anyway.
CURRENT_SRM = 1;
}
optional HdcpSrmRule hdcp_srm_rule = 3 [default = HDCP_SRM_RULE_NONE];
// Optional requirement to indicate analog output is not allowed.
optional bool disable_analog_output = 4 [default = false];
// Optional requirement to indicate digital output is not allowed.
optional bool disable_digital_output = 5 [default = false];
// Optional. If set, it indicates digital video recording (DVR) is
// allowed.
optional bool allow_record = 6 [default = false];
}
message VideoResolutionConstraint {
// Minimum and maximum video resolutions in the range (height x width).
optional uint32 min_resolution_pixels = 1;
optional uint32 max_resolution_pixels = 2;
// Optional output protection requirements for this range. If not
// specified, the OutputProtection in the KeyContainer applies.
optional OutputProtection required_protection = 3;
}
message OperatorSessionKeyPermissions {
// Permissions/key usage flags for operator service keys
// (type = OPERATOR_SESSION).
optional bool allow_encrypt = 1 [default = false];
optional bool allow_decrypt = 2 [default = false];
optional bool allow_sign = 3 [default = false];
optional bool allow_signature_verify = 4 [default = false];
}
// KeyCategorySpec message is used to identify if current key is generated
// for a single content or a group of contents. Currently it is only used in
// CAS request.
message KeyCategorySpec {
// Represents what kind of content a key is used for.
enum KeyCategory {
// By default, key is created for single content.
SINGLE_CONTENT_KEY_DEFAULT = 0;
// Key is created for a group of contents.
GROUP_KEY = 1;
}
// Indicate if the current key is created for single content or for group
// use.
optional KeyCategory key_category = 1;
// Id for key category. If it is a key for single content, this id
// represents the content_id. Otherwise, it represents a group_id.
oneof content_or_group_id {
bytes content_id = 2;
bytes group_id = 3;
}
}
optional bytes id = 1;
optional bytes iv = 2;
optional bytes key = 3;
optional KeyType type = 4;
optional SecurityLevel level = 5 [default = SW_SECURE_CRYPTO];
optional OutputProtection required_protection = 6;
// NOTE: Use of requested_protection is not recommended as it is only
// supported on a small number of platforms.
optional OutputProtection requested_protection = 7;
optional KeyControl key_control = 8;
optional OperatorSessionKeyPermissions operator_session_key_permissions = 9;
// Optional video resolution constraints. If the video resolution of the
// content being decrypted/decoded falls within one of the specified ranges,
// the optional required_protections may be applied. Otherwise an error will
// be reported.
// NOTE: Use of this feature is not recommended, as it is only supported on
// a small number of platforms.
repeated VideoResolutionConstraint video_resolution_constraints = 10;
// Optional flag to indicate the key must only be used if the client
// supports anti rollback of the user table. Content provider can query the
// client capabilities to determine if the client support this feature.
optional bool anti_rollback_usage_table = 11 [default = false];
// Optional not limited to commonly known track types such as SD, HD.
// It can be some provider defined label to identify the track.
optional string track_label = 12;
// Optional. It is used to identify if current key is generated for a
// single content or a group of contents. Currently it is only used in CAS
// request.
optional KeyCategorySpec key_category_spec = 13;
// Optional. Used by Moho API for Content key encryption. If unspecified,
// the Moho code uses the encryption scheme of type AES128_CTR.
optional EncryptionScheme encryption_scheme = 14
[default = ENCRYPTION_SCHEME_UNSPECIFIED];
}
optional LicenseIdentification id = 1;
optional Policy policy = 2;
repeated KeyContainer key = 3;
// Time of the request in seconds (UTC) as set in
// LicenseRequest.request_time. If this time is not set in the request,
// the local time at the license service is used in this field.
optional int64 license_start_time = 4;
// Deprecate remote_attestation_verified in favor of
// platform_verification_status, below.
optional bool remote_attestation_verified = 5 [default = false];
// Client token generated by the content provider. Optional.
optional bytes provider_client_token = 6;
// 4cc code specifying the CENC protection scheme as defined in the CENC 3.0
// specification. Propagated from Widevine PSSH box. Optional.
optional uint32 protection_scheme = 7;
// 8 byte verification field "HDCPDATA" followed by unsigned 32 bit minimum
// HDCP SRM version (whether the version is for HDCP1 SRM or HDCP2 SRM
// depends on client max_hdcp_version).
optional bytes srm_requirement = 8;
// If present this contains a signed SRM file (either HDCP1 SRM or HDCP2 SRM
// depending on client max_hdcp_version) that should be installed on the
// client device.
optional bytes srm_update = 9;
// Indicates the status of any type of platform verification performed by the
// server.
optional PlatformVerificationStatus platform_verification_status = 10
[default = PLATFORM_NO_VERIFICATION];
// IDs of the groups for which keys are delivered in this license, if any.
repeated bytes group_ids = 11;
// Optional. LicenseCategorySpec is used to indicate the license cateogry for
// a license. It could be used as a part of initial license issuance or shown
// as a part of license in license response.
optional LicenseCategorySpec license_category_spec = 12;
// Optional: The provider key id indicates which provider key was used
// during provider key encryption.
optional uint32 provider_key_id = 13;
}
enum ProtocolVersion {
VERSION_2_0 = 20;
VERSION_2_1 = 21;
VERSION_2_2 = 22;
}
message LicenseRequest {
message ContentIdentification {
message WidevinePsshData {
repeated bytes pssh_data = 1;
optional LicenseType license_type = 2;
optional bytes request_id = 3; // Opaque, client-specified.
}
message WebmKeyId {
optional bytes header = 1;
optional LicenseType license_type = 2;
optional bytes request_id = 3; // Opaque, client-specified.
}
message ExistingLicense {
optional LicenseIdentification license_id = 1;
optional int64 seconds_since_started = 2;
optional int64 seconds_since_last_played = 3;
optional bytes session_usage_table_entry = 4;
}
message InitData {
enum InitDataType {
CENC = 1;
WEBM = 2;
}
optional InitDataType init_data_type = 1 [default = CENC];
optional bytes init_data = 2;
optional LicenseType license_type = 3;
optional bytes request_id = 4;
}
oneof content_id_variant {
// Exactly one of these must be present.
WidevinePsshData widevine_pssh_data = 1;
WebmKeyId webm_key_id = 2;
ExistingLicense existing_license = 3;
InitData init_data = 4;
}
}
enum RequestType {
NEW = 1;
RENEWAL = 2;
RELEASE = 3;
}
// The client_id provides information authenticating the calling device. It
// contains the Widevine keybox token that was installed on the device at the
// factory. This field or encrypted_client_id below is required for a valid
// license request, but both should never be present in the same request.
optional ClientIdentification client_id = 1;
optional ContentIdentification content_id = 2;
optional RequestType type = 3;
// Time of the request in seconds (UTC) as set by the client.
optional int64 request_time = 4;
// Old-style decimal-encoded string key control nonce.
optional bytes key_control_nonce_deprecated = 5;
optional ProtocolVersion protocol_version = 6 [default = VERSION_2_0];
// New-style uint32 key control nonce, please use instead of
// key_control_nonce_deprecated.
optional uint32 key_control_nonce = 7;
// Encrypted ClientIdentification message, used for privacy purposes.
optional EncryptedClientIdentification encrypted_client_id = 8;
// The version of the client implementation. This field is optional and
// informational only.
optional string client_version = 9;
}
message LicenseError {
enum Error {
// The device credentials are invalid. The device must re-provision.
INVALID_DRM_DEVICE_CERTIFICATE = 1;
// The device credentials have been revoked. Re-provisioning is not
// possible.
REVOKED_DRM_DEVICE_CERTIFICATE = 2;
// The service is currently unavailable due to the backend being down
// or similar circumstances.
SERVICE_UNAVAILABLE = 3;
// The device credentials are expired. The device must re-provision.
EXPIRED_DRM_DEVICE_CERTIFICATE = 4;
}
optional Error error_code = 1;
}
message MetricData {
enum MetricType {
// The time spent in the 'stage', specified in microseconds.
LATENCY = 1;
// The UNIX epoch timestamp at which the 'stage' was first accessed in
// microseconds.
TIMESTAMP = 2;
}
message TypeValue {
optional MetricType type = 1;
// The value associated with 'type'. For example if type == LATENCY, the
// value would be the time in microseconds spent in this 'stage'.
optional int64 value = 2 [default = 0];
}
// 'stage' that is currently processing the SignedMessage. Required.
optional string stage_name = 1;
// metric and associated value.
repeated TypeValue metric_data = 2;
}
message VersionInfo {
// License SDK version reported by the Widevine License SDK. This field
// is populated automatically by the SDK.
optional string license_sdk_version = 1;
// Version of the service hosting the license SDK. This field is optional.
// It may be provided by the hosting service.
optional string license_service_version = 2;
}
message SignedMessage {
enum MessageType {
LICENSE_REQUEST = 1;
LICENSE = 2;
ERROR_RESPONSE = 3;
SERVICE_CERTIFICATE_REQUEST = 4;
SERVICE_CERTIFICATE = 5;
SUB_LICENSE = 6;
CAS_LICENSE_REQUEST = 7;
CAS_LICENSE = 8;
EXTERNAL_LICENSE_REQUEST = 9;
EXTERNAL_LICENSE = 10;
}
enum SessionKeyType {
UNDEFINED = 0;
WRAPPED_AES_KEY = 1;
EPHEMERAL_ECC_PUBLIC_KEY = 2;
}
optional MessageType type = 1;
optional bytes msg = 2;
// Required field that contains the signature of the bytes of msg.
// For license requests, the signing algorithm is determined by the
// certificate contained in the request.
// For license responses, the signing algorithm is HMAC with signing key based
// on |session_key|.
optional bytes signature = 3;
// If populated, the contents of this field will be signaled by the
// |session_key_type| type. If the |session_key_type| is WRAPPED_AES_KEY the
// key is the bytes of an encrypted AES key. If the |session_key_type| is
// EPHERMERAL_ECC_PUBLIC_KEY the field contains the bytes of an RFC5208 ASN1
// serialized ECC public key.
optional bytes session_key = 4;
// Remote attestation data which will be present in the initial license
// request for ChromeOS client devices operating in verified mode. Remote
// attestation challenge data is |msg| field above. Optional.
optional RemoteAttestation remote_attestation = 5;
repeated MetricData metric_data = 6;
// Version information from the SDK and license service. This information is
// provided in the license response.
optional VersionInfo service_version_info = 7;
// Optional field that contains the algorithm type used to generate the
// session_key and signature in a LICENSE message.
optional SessionKeyType session_key_type = 8 [default = WRAPPED_AES_KEY];
// The core message is the simple serialization of fields used by OEMCrypto.
// This field was introduced in OEMCrypto API v16.
optional bytes oemcrypto_core_message = 9;
// Optional field that indicates the hash algorithm used in signature scheme.
optional HashAlgorithmProto hash_algorithm = 10;
// If true it indicates that a LICENSE message session key was based on an
// alternate key provided by the client credentials.
optional bool using_secondary_key = 11;
}
// ----------------------------------------------------------------------------
// hash_algorithm.proto
// ----------------------------------------------------------------------------
// Description of section:
// Public protocol buffer definitions for Widevine Hash Algorithm protocol.
enum HashAlgorithmProto {
// Unspecified hash algorithm: SHA_256 shall be used for ECC based algorithms
// and SHA_1 shall be used otherwise.
HASH_ALGORITHM_UNSPECIFIED = 0;
HASH_ALGORITHM_SHA_1 = 1;
HASH_ALGORITHM_SHA_256 = 2;
HASH_ALGORITHM_SHA_384 = 3;
}
// ----------------------------------------------------------------------------
// certificate_provisioning.proto
// ----------------------------------------------------------------------------
// Description of section:
// Public protocol buffer definitions for Widevine Device Certificate
// Provisioning protocol.
// A KeyToCertify contains a client generated public key to be incorporated into
// a signed certificate.
message PublicKeyToCertify {
// A KeyType indicates a high level key type.
enum KeyType {
KEY_TYPE_UNSPECIFIED = 0;
RSA = 1;
ECC = 2;
}
// |public_key| contains the bytes of a PKCS#1 ASN.1 DER-encoded public key.
optional bytes public_key = 1;
// KeyType contains a highlevel hint to use in parsing the serialized key
// contained in |public_key|. If the key is an EC key, curve parameters can be
// extracted from the deserialized key.
// Keys are expected to match the certificate key type in the device
// record.
optional KeyType key_type = 2;
// The signature of |public_key|.
// Keys that are signed using ECDSA or RSA should hash the message using
// SHA-256.
optional bytes signature = 3;
}
// ProvisioningOptions specifies the type of certificate to specify and
// in the case of X509 certificates, the certificate authority to use.
message ProvisioningOptions {
enum CertificateType {
WIDEVINE_DRM = 0; // Default. The original certificate type.
X509 = 1; // X.509 certificate.
WIDEVINE_KEYBOX = 2;
}
optional CertificateType certificate_type = 1 [default = WIDEVINE_DRM];
// Contains the application-specific name used to identify the certificate
// authority for signing the generated certificate. This is required if and
// only if the certificate type is X509.
optional string certificate_authority = 2;
// System ID for OTA keybox provisioning. Requires device secure boot.
optional uint32 system_id = 3;
}
// Provisioning request sent by client devices to provisioning service.
message ProvisioningRequest {
message EncryptedSessionKeys {
message SessionKeys {
// 16 bytes encryption key generated by client, used by the server to:
// (1) AES-128-CBC decrypt encrypted_client_id in
// EncryptedClientIdentification which is in RemoteAttestation
// (2) AES-128-CBC encrypt device_key to be returned in
// ProvisioningResponse.
optional bytes encryption_key = 1;
// 32 bytes mac key generated by client, used by server to sign
// the ProvisioningResponse.
optional bytes mac_key = 2;
}
// Serial number of certificate which was used to encrypt the session keys.
// Required.
optional bytes certificate_serial_number = 1;
// Serialized, encrypted session keys. Required.
optional bytes encrypted_session_keys = 2;
}
// This message contains the custom serialized message for OTA provisioning
// using Android Attestation and a device id as authentication.
message AndroidAttestationOtaKeyboxRequest {
// The request contains custom serialized and signed data for the
// Android Attestation OTA request.
// see: go/wv_android_ota
optional bytes ota_request = 1;
}
oneof clear_or_encrypted_client_id {
// Device root of trust and other client identification. Required.
ClientIdentification client_id = 1;
EncryptedClientIdentification encrypted_client_id = 5;
}
// Nonce value used to prevent replay attacks. Required.
optional bytes nonce = 2;
// Options for type of certificate to generate. Optional.
optional ProvisioningOptions options = 3;
oneof spoid_param {
// Stable identifier, unique for each device + application (or origin).
// To be deprecated.
bytes stable_id = 4;
// Service provider ID from the service certificate's provider_id field.
// Preferred parameter.
bytes provider_id = 6;
// Client-generated stable per-origin identifier to be copied directly
// to the client certificate serial number.
bytes spoid = 7;
}
// SessionKeys encrypted using a service cert public key.
// Required for keybox provisioning.
optional EncryptedSessionKeys encrypted_session_keys = 8;
// The custom request for Android Attestation OTA.
optional AndroidAttestationOtaKeyboxRequest android_ota_keybox_request = 9;
// Specifies the public key that should be certified by the provisioning
// server. The client holds the private key. If specified, the response no
// longer needs to contain server generated |device_rsa_key|.
optional PublicKeyToCertify certificate_public_key = 10;
}
// Provisioning response sent by the provisioning server to client devices.
// This message is used for both regular Widevine DRM certificates and for
// application-specific X.509 certificates.
message ProvisioningResponse {
message OtaKeybox {
// Iv used along with SessionKeys.encryption_key for encrypting device key.
optional bytes device_key_encryption_iv = 1;
// Device key component of the keybox, encrypted using the
// SessionKeys.encryption_key in the request and |device_key_encryption_iv|
// above.
optional bytes encrypted_device_key = 2;
// Device CA token component of the keybox.
optional bytes device_ca_token = 3;
}
enum ProvisioningStatus {
// Indicates a valid provisioning response
NO_ERROR = 0;
// The device credentials have been revoked. Provisioning is not possible.
REVOKED_DEVICE_CREDENTIALS = 1;
// Devices in this series have been revoked. Provisioning is not possible.
REVOKED_DEVICE_SERIES = 2;
}
// This message contains the custom response for Android Attestation OTA
// provisioning which uses the Android Attestation keybox and a device id
// from the chip set.
message AndroidAttestationOtaKeyboxResponse {
// The response contains custom serialized and signed data for the
// Android Attestation OTA keybox provisioning.
optional bytes ota_response = 1;
}
// AES-128 encrypted device private RSA key. PKCS#1 ASN.1 DER-encoded.
// Required. For X.509 certificates, the private RSA key may also include
// a prefix as specified by private_key_prefix in the X509CertificateMetadata
// proto message.
optional bytes device_rsa_key = 1;
// Initialization vector used to encrypt device_rsa_key. Required.
optional bytes device_rsa_key_iv = 2;
// For Widevine DRM certificates, this contains the serialized
// SignedDrmCertificate. For X.509 certificates, this contains the PEM
// encoded X.509 certificate. Required.
optional bytes device_certificate = 3;
// Nonce value matching nonce in ProvisioningRequest. Required.
optional bytes nonce = 4;
// Key used to wrap device_rsa_key when DRM provisioning an OEM factory
// provisioned device. Encrypted with the device OEM public key using
// RSA-OAEP.
optional bytes wrapping_key = 5;
// Only populated in OTA keybox provisioning response.
optional OtaKeybox ota_keybox = 6;
// The provisioning service may return a ProvisioningStatus. Fields other
// than |status| may be empty and should be ignored if the |status|
// is present and not NO_ERROR
optional ProvisioningStatus status = 7;
// The Android Attestation OTA response. Only populated if the request
// was an Android Attestation OTA request.
optional AndroidAttestationOtaKeyboxResponse android_ota_keybox_response = 8;
}
// Protocol-specific context data used to hold the state of the server in
// stateful provisioning protocols.
message ProvisioningContext {
// Serialized ProvisioningContextKeyData. Required.
optional bytes key_data = 1;
// Protocol-dependent context data, encrypted with key and IV in key_data.
// Required.
optional bytes context_data = 2;
}
message SignedProvisioningContext {
// ProvisioningContext in bytes.
optional bytes provisioning_context = 1;
// RSASSA-PSS signature of provisioning_context. Signed with service private
// key.
optional bytes signature = 2;
// Optional field that indicates the hash algorithm used in signature scheme.
optional HashAlgorithmProto hash_algorithm = 3;
}
// Cryptographic tokens to be used for ProvisioningContext.
message ProvisioningContextKeyData {
// Encryption key, usually 32 bytes used for AES-256-CBC. Required.
optional bytes encryption_key = 1;
// Encryption IV, 16 bytes. Required.
optional bytes encryption_iv = 2;
}
// Serialized ProvisioningRequest or ProvisioningResponse signed with
// The message authentication key.
message SignedProvisioningMessage {
enum ProvisioningProtocolVersion {
VERSION_UNSPECIFIED = 0;
VERSION_1 = 1;
// Version 1.1 changed error handling. Some errors are returned as a field
// in a response message rather than being handled as errors via the API
// implementation. E.g. embedded in the ProvisioningResponse rather than
// returning a 400 error to the caller.
VERSION_1_1 = 2;
}
enum ProvisioningType { // This enum was renamed to avoid confusion
PROVISIONING_TYPE_UNSPECIFIED = 0;
SERVICE_CERTIFICATE_REQUEST = 1; // Service certificate request.
PROVISIONING_20 = 2; // Keybox factory-provisioned devices.
PROVISIONING_30 = 3; // OEM certificate factory-provisioned devices.
// Devices use Boot Certificate Chain (BCC) to provision an OEM certificate.
PROVISIONING_40 = 5;
// These are provisioning methods that are only supported by internal
// Widevine services. They should not be exposed in the SDK.
ARCPP_PROVISIONING = 4; // ChromeOS/Arc++ devices.
// Android-Attestation-based OTA keyboxes.
ANDROID_ATTESTATION_KEYBOX_OTA = 6;
INTEL_SIGMA_101 = 101; // Intel Sigma 1.0.1 protocol.
INTEL_SIGMA_210 = 210; // Intel Sigma 2.1.0 protocol.
}
// Serialized protobuf message for the corresponding protocol and stage of
// the provisioning exchange. ProvisioningRequest or ProvisioningResponse
// in the case of Provisioning 2.0, 3.0, 4.0 and ARCPP_PROVISIONING. Required.
optional bytes message = 1;
// HMAC-SHA256 (Keybox) or RSASSA-PSS (OEM) signature of message. Required
// for provisioning 2.0 and 3.0. For ARCPP_PROVISIONING, only used in
// response.
optional bytes signature = 2;
// Version number of provisioning protocol.
optional ProvisioningType provisioning_type = 3 [default = PROVISIONING_20];
// Protocol-specific context / state information for multiple-exchange,
// stateful provisioning protocols. Optional.
optional SignedProvisioningContext signed_provisioning_context = 4;
// Remote attestation data to authenticate that the ChromeOS client device
// is operating in verified mode. Remote attestation challenge data is
// |message| field above. Required for ARCPP_PROVISIONING request.
// It contains signature of |message|.
optional RemoteAttestation remote_attestation = 5;
// The core message is the simple serialization of fields used by OEMCrypto.
// This field was introduced in OEMCrypto API v16. The core message format is
// documented in the "Widevine Core Message Serialization".
optional bytes oemcrypto_core_message = 6;
// Optional field that indicates the hash algorithm used in signature scheme.
optional HashAlgorithmProto hash_algorithm = 7;
// Indicates which version of the protocol is in use.
optional ProvisioningProtocolVersion protocol_version = 8;
}
// ----------------------------------------------------------------------------
// client_identification.proto
// ----------------------------------------------------------------------------
// Description of section:
// ClientIdentification messages used by provisioning and license protocols.
// ClientIdentification message used to authenticate the client device.
message ClientIdentification {
enum TokenType {
KEYBOX = 0;
DRM_DEVICE_CERTIFICATE = 1;
REMOTE_ATTESTATION_CERTIFICATE = 2;
OEM_DEVICE_CERTIFICATE = 3;
BOOT_CERTIFICATE_CHAIN = 4;
}
message NameValue {
optional string name = 1;
optional string value = 2;
}
// Capabilities which not all clients may support. Used for the license
// exchange protocol only.
message ClientCapabilities {
enum HdcpVersion {
HDCP_NONE = 0;
HDCP_V1 = 1;
HDCP_V2 = 2;
HDCP_V2_1 = 3;
HDCP_V2_2 = 4;
HDCP_V2_3 = 5;
// The existing HDCP_V1 will be used for backwards compatibility with pre
// OEM crypto v17.
HDCP_V1_0 = 6;
HDCP_V1_1 = 7;
HDCP_V1_2 = 8;
HDCP_V1_3 = 9;
HDCP_V1_4 = 10;
HDCP_NO_DIGITAL_OUTPUT = 0xff;
}
enum CertificateKeyType {
RSA_2048 = 0;
RSA_3072 = 1;
ECC_SECP256R1 = 2;
ECC_SECP384R1 = 3;
ECC_SECP521R1 = 4;
}
enum AnalogOutputCapabilities {
ANALOG_OUTPUT_UNKNOWN = 0;
ANALOG_OUTPUT_NONE = 1;
ANALOG_OUTPUT_SUPPORTED = 2;
ANALOG_OUTPUT_SUPPORTS_CGMS_A = 3;
}
enum WatermarkingSupport {
WATERMARKING_SUPPORT_UNKNOWN = 0;
WATERMARKING_NOT_SUPPORTED = 1;
WATERMARKING_CONFIGURABLE = 2;
WATERMARKING_ALWAYS_ON = 3;
}
optional bool client_token = 1 [default = false];
optional bool session_token = 2 [default = false];
optional bool video_resolution_constraints = 3 [default = false];
optional HdcpVersion max_hdcp_version = 4 [default = HDCP_NONE];
optional uint32 oem_crypto_api_version = 5;
// Client has hardware support for protecting the usage table, such as
// storing the generation number in secure memory.
optional bool anti_rollback_usage_table = 6 [default = false];
// The client shall report |srm_version| if available.
optional uint32 srm_version = 7;
// A device may have SRM data, and report a version, but may not be capable
// of updating SRM data.
optional bool can_update_srm = 8 [default = false];
repeated CertificateKeyType supported_certificate_key_type = 9;
optional AnalogOutputCapabilities analog_output_capabilities = 10
[default = ANALOG_OUTPUT_UNKNOWN];
optional bool can_disable_analog_output = 11 [default = false];
// Clients can indicate a performance level supported by OEMCrypto.
// This will allow applications and providers to choose an appropriate
// quality of content to serve. Currently defined tiers are
// 1 (low), 2 (medium) and 3 (high). Any other value indicates that
// the resource rating is unavailable or reporting erroneous values
// for that device.
optional uint32 resource_rating_tier = 12 [default = 0];
// Watermarking support of OEMCrypto was introduced in v17.
// Support is optional.
// Value is only required to be set for license requests.
optional WatermarkingSupport watermarking_support = 13;
// Indicate whether or not `initial_renewal_delay_base` is supported by the
// client.
optional bool initial_renewal_delay_base = 14 [default = false];
}
message ClientCredentials {
optional TokenType type = 1 [default = KEYBOX];
optional bytes token = 2;
}
// Type of factory-provisioned device root of trust. Optional.
optional TokenType type = 1 [default = KEYBOX];
// Factory-provisioned device root of trust. Required.
optional bytes token = 2;
// Optional client information name/value pairs.
repeated NameValue client_info = 3;
// Client token generated by the content provider. Optional.
optional bytes provider_client_token = 4;
// Number of licenses received by the client to which the token above belongs.
// Only present if client_token is specified.
optional uint32 license_counter = 5;
// List of non-baseline client capabilities.
optional ClientCapabilities client_capabilities = 6;
// Serialized VmpData message. Optional.
optional bytes vmp_data = 7;
// Optional field that may contain additional provisioning credentials.
optional ClientCredentials device_credentials = 8;
}
// EncryptedClientIdentification message used to hold ClientIdentification
// messages encrypted for privacy purposes.
message EncryptedClientIdentification {
// Provider ID for which the ClientIdentifcation is encrypted (owner of
// service certificate).
optional string provider_id = 1;
// Serial number for the service certificate for which ClientIdentification is
// encrypted.
optional bytes service_certificate_serial_number = 2;
// Serialized ClientIdentification message, encrypted with the privacy key
// using AES-128-CBC with PKCS#5 padding.
optional bytes encrypted_client_id = 3;
// Initialization vector needed to decrypt encrypted_client_id.
optional bytes encrypted_client_id_iv = 4;
// AES-128 privacy key, encrypted with the service public key using RSA-OAEP.
optional bytes encrypted_privacy_key = 5;
}
// ----------------------------------------------------------------------------
// drm_certificate.proto
// ----------------------------------------------------------------------------
// Description of section:
// Definition of the root of trust identifier proto. The proto message contains
// the EC-IES encrypted identifier (e.g. keybox unique id) for a device and
// an associated hash. These can be used by Widevine to identify the root of
// trust that was used to acquire a DRM certificate.
//
// In addition to the encrypted part and the hash, the proto contains the
// version of the root of trust id which implies the EC key algorithm that was
// used.
// Next id: 5
message RootOfTrustId {
// The version specifies the EC algorithm that was used to generate the
// root of trust id.
enum RootOfTrustIdVersion {
// Should not be used.
ROOT_OF_TRUST_ID_VERSION_UNSPECIFIED = 0;
// Version 1 of the ID uses EC-IES with SECP256R1 curve.
ROOT_OF_TRUST_ID_VERSION_1 = 1;
}
optional RootOfTrustIdVersion version = 1;
// The key_id is used for key rotation. It indicates which key was used to
// generate the root of trust id.
optional uint32 key_id = 2;
// The EC-IES encrypted message containing the unique_id. The bytes are
// a concatenation of
// 1) The ephemeral public key. Uncompressed keypoint format per X9.62.
// 2) The plaintext encrypted with the derived AES key using AES CBC,
// PKCS7 padding and a zerio iv.
// 3) The HMAC SHA256 of the cipher text.
optional bytes encrypted_unique_id = 3;
// The hash of encrypted unique id and other values.
// unique_id_hash = SHA256(
// encrypted_unique_id || system_id || SHA256(unique_id || secret_sauce)).
optional bytes unique_id_hash = 4;
}
// DRM certificate definition for user devices, intermediate, service, and root
// certificates.
// Next id: 13
message DrmCertificate {
enum Type {
ROOT = 0; // ProtoBestPractices: ignore.
DEVICE_MODEL = 1;
DEVICE = 2;
SERVICE = 3;
PROVISIONER = 4;
}
enum ServiceType {
UNKNOWN_SERVICE_TYPE = 0;
LICENSE_SERVER_SDK = 1;
LICENSE_SERVER_PROXY_SDK = 2;
PROVISIONING_SDK = 3;
CAS_PROXY_SDK = 4;
}
enum Algorithm {
UNKNOWN_ALGORITHM = 0;
RSA = 1;
ECC_SECP256R1 = 2;
ECC_SECP384R1 = 3;
ECC_SECP521R1 = 4;
}
message EncryptionKey {
// Device public key. PKCS#1 ASN.1 DER-encoded. Required.
optional bytes public_key = 1;
// Required. The algorithm field contains the curve used to create the
// |public_key| if algorithm is one of the ECC types.
// The |algorithm| is used for both to determine the if the certificate is
// ECC or RSA. The |algorithm| also specifies the parameters that were used
// to create |public_key| and are used to create an ephemeral session key.
optional Algorithm algorithm = 2 [default = RSA];
}
// Type of certificate. Required.
optional Type type = 1;
// 128-bit globally unique serial number of certificate.
// Value is 0 for root certificate. Required.
optional bytes serial_number = 2;
// POSIX time, in seconds, when the certificate was created. Required.
optional uint32 creation_time_seconds = 3;
// POSIX time, in seconds, when the certificate should expire. Value of zero
// denotes indefinite expiry time. For more information on limited lifespan
// DRM certificates see (go/limited-lifespan-drm-certificates).
optional uint32 expiration_time_seconds = 12;
// Device public key. PKCS#1 ASN.1 DER-encoded. Required.
optional bytes public_key = 4;
// Widevine system ID for the device. Required for intermediate and
// user device certificates.
optional uint32 system_id = 5;
// Deprecated field, which used to indicate whether the device was a test
// (non-production) device. The test_device field in ProvisionedDeviceInfo
// below should be observed instead.
optional bool test_device_deprecated = 6 [deprecated = true];
// Service identifier (web origin) for the provider which owns the
// certificate. Required for service and provisioner certificates.
optional string provider_id = 7;
// This field is used only when type = SERVICE to specify which SDK uses
// service certificate. This repeated field is treated as a set. A certificate
// may be used for the specified service SDK if the appropriate ServiceType
// is specified in this field.
repeated ServiceType service_types = 8;
// Required. The algorithm field contains the curve used to create the
// |public_key| if algorithm is one of the ECC types.
// The |algorithm| is used for both to determine the if the certificate is ECC
// or RSA. The |algorithm| also specifies the parameters that were used to
// create |public_key| and are used to create an ephemeral session key.
optional Algorithm algorithm = 9 [default = RSA];
// Optional. May be present in DEVICE certificate types. This is the root
// of trust identifier that holds an encrypted value that identifies the
// keybox or other root of trust that was used to provision a DEVICE drm
// certificate.
optional RootOfTrustId rot_id = 10;
// Optional. May be present in devices that explicitly support dual keys. When
// present the |public_key| is used for verification of received license
// request messages.
optional EncryptionKey encryption_key = 11;
}
// ----------------------------------------------------------------------------
// signed_drm_certificate.proto
// ----------------------------------------------------------------------------
// Description of section:
// Signed device certificate definition.
// DrmCertificate signed by a higher (CA) DRM certificate.
message SignedDrmCertificate {
// Serialized certificate. Required.
optional bytes drm_certificate = 1;
// Signature of certificate. Signed with root or intermediate
// certificate specified below. Required.
optional bytes signature = 2;
// SignedDrmCertificate used to sign this certificate.
optional SignedDrmCertificate signer = 3;
// Optional field that indicates the hash algorithm used in signature scheme.
optional HashAlgorithmProto hash_algorithm = 4;
}
// ----------------------------------------------------------------------------
// widevine_pssh.proto
// ----------------------------------------------------------------------------
// Description of section:
// Public protocol buffer definitions for Widevine Cenc Header
// protocol.
message WidevinePsshData {
enum Type {
SINGLE = 0; // Single PSSH to be used to retrieve content keys.
ENTITLEMENT = 1; // Primary PSSH used to retrieve entitlement keys.
ENTITLED_KEY = 2; // Secondary PSSH containing entitled key(s).
}
message EntitledKey {
// ID of entitlement key used for wrapping |key|.
optional bytes entitlement_key_id = 1;
// ID of the entitled key.
optional bytes key_id = 2;
// Wrapped key. Required.
optional bytes key = 3;
// IV used for wrapping |key|. Required.
optional bytes iv = 4;
// Size of entitlement key used for wrapping |key|.
optional uint32 entitlement_key_size_bytes = 5 [default = 32];
}
// Entitlement or content key IDs. Can only present in SINGLE or ENTITLEMENT
// PSSHs. May be repeated to facilitate delivery of multiple keys in a
// single license. Cannot be used in conjunction with content_id or
// group_ids, which are the preferred mechanism.
repeated bytes key_ids = 2;
// Content identifier which may map to multiple entitlement or content key
// IDs to facilitate the delivery of multiple keys in a single license.
// Cannot be present in conjunction with key_ids, but if used must be in all
// PSSHs.
optional bytes content_id = 4;
// Crypto period index, for media using key rotation. Always corresponds to
// The content key period. This means that if using entitlement licensing
// the ENTITLED_KEY PSSHs will have sequential crypto_period_index's, whereas
// the ENTITELEMENT PSSHs will have gaps in the sequence. Required if doing
// key rotation.
optional uint32 crypto_period_index = 7;
// Protection scheme identifying the encryption algorithm. The protection
// scheme is represented as a uint32 value. The uint32 contains 4 bytes each
// representing a single ascii character in one of the 4CC protection scheme
// values. To be deprecated in favor of signaling from content.
// 'cenc' (AES-CTR) protection_scheme = 0x63656E63,
// 'cbc1' (AES-CBC) protection_scheme = 0x63626331,
// 'cens' (AES-CTR pattern encryption) protection_scheme = 0x63656E73,
// 'cbcs' (AES-CBC pattern encryption) protection_scheme = 0x63626373.
optional uint32 protection_scheme = 9;
// Optional. For media using key rotation, this represents the duration
// of each crypto period in seconds.
optional uint32 crypto_period_seconds = 10;
// Type of PSSH. Required if not SINGLE.
optional Type type = 11 [default = SINGLE];
// Key sequence for Widevine-managed keys. Optional.
optional uint32 key_sequence = 12;
// Group identifiers for all groups to which the content belongs. This can
// be used to deliver licenses to unlock multiple titles / channels.
// Optional, and may only be present in ENTITLEMENT and ENTITLED_KEY PSSHs,
// and not in conjunction with key_ids.
repeated bytes group_ids = 13;
// Copy/copies of the content key used to decrypt the media stream in which
// the PSSH box is embedded, each wrapped with a different entitlement key.
// May also contain sub-licenses to support devices with OEMCrypto 13 or
// older. May be repeated if using group entitlement keys. Present only in
// PSSHs of type ENTITLED_KEY.
repeated EntitledKey entitled_keys = 14;
// Video feature identifier, which is used in conjunction with |content_id|
// to determine the set of keys to be returned in the license. Cannot be
// present in conjunction with |key_ids|.
// Current values are "HDR".
optional string video_feature = 15;
// Audiofeature identifier, which is used in conjunction with |content_id|
// to determine the set of keys to be returned in the license. Cannot be
// present in conjunction with |key_ids|.
// Current values are "commentary".
optional string audio_feature = 16;
// Entitlement period index for media using entitlement key rotation. Can only
// present in ENTITLEMENT PSSHs. It always corresponds to the entitlement key
// period.
optional uint32 entitlement_period_index = 17;
//////////////////////////// Deprecated Fields ////////////////////////////
enum Algorithm {
UNENCRYPTED = 0;
AESCTR = 1;
}
optional Algorithm algorithm = 1 [deprecated = true];
optional string provider = 3 [deprecated = true];
optional string track_type = 5 [deprecated = true];
optional string policy = 6 [deprecated = true];
optional bytes grouped_license = 8 [deprecated = true];
}
Reference in New Issue View Git Blame Copy Permalink