widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ee77a96d7419a6c9a05fb44ab626ec47379277ab
android/libwvdrmengine/cdm/core/src/license_protocol.proto
Geoffrey Alexander e9e4b76817 Rename and clarify Drm Reprovisioning token types 
[ Merge of http://go/wvgerrit/194374 ]

Renames and adds clarifying comments to Drm Reprovisioning token types.
All provisioning methods can be forced to reprovision by apps which can
cause reprovisioning to be an overloaded term. Renaming token types
used by the Drm Reprovisioning method to more clearly state they are
used for Drm Certificate Reprovisioning should help to avoid confusion.
This change also adds comments to help clarify when and where Drm
Reprovisioning is used as a provisioning type.

Bug: b/305093063
Test: WVTS

* Added dependency to dynamic perf tests to fix missing header build
  error.

Change-Id: I158eb5672ad9e655a60bc68e0f4f2f7a0d464b4e
2024-03-20 11:15:58 -07:00

1481 lines
60 KiB
Protocol Buffer
Raw Blame History

// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine License
// Agreement.
syntax = "proto2";
package video_widevine;
// need this if we are using libprotobuf-cpp-2.3.0-lite
option optimize_for = LITE_RUNTIME;
option java_package = "com.google.video.widevine.protos";
// ----------------------------------------------------------------------------
// remote_attestation.proto
// ----------------------------------------------------------------------------
// Description of section:
// Remote attestation is used by ChromeOS device to authenticate itself
// to Widevine services for both licensing and keybox provisioning.
message RemoteAttestation {
// Encrypted ClientIdentification message containing the device remote
// attestation certificate. Required.
optional EncryptedClientIdentification certificate = 1;
// Bytes of salt which were added to the remote attestation challenge prior to
// signing it. Required.
optional bytes salt = 2;
// Signed remote attestation challenge + salt. Required.
optional bytes signature = 3;
}
// ----------------------------------------------------------------------------
// dtcp_usage.proto
// ----------------------------------------------------------------------------
// Description of section:
// Definitions of the protocol buffer message used for DTCP2 usage rules.
message DTCPUsageRules {
// This field indicates the value of Retention_State.
enum RetentionState {
// (-- api-linter: core::0126::unspecified=disabled
// aip.dev/not-precedent: name and values are defined in the DTCP
// specification. --)
// Forever
RETENTION_STATE_FOREVER = 0;
// 1 week
RETENTION_STATE_1_WEEK = 1;
// 2 day
RETENTION_STATE_2_DAYS = 2;
// 1 day
RETENTION_STATE_1_DAY = 3;
// 12 hours
RETENTION_STATE_12_HOURS = 4;
// 6 hours
RETENTION_STATE_6_HOURS = 5;
// 3 hours
RETENTION_STATE_3_HOURS = 6;
// 90 minutes
RETENTION_STATE_90_MINUTES = 7;
}
// This field indicates Copy Control Information (CCI).
enum CopyControlInfo {
// Copy freely
COPY_FREE = 0;
// No more copies
COPY_NO_MORE = 1;
// One time copy
COPY_ONE = 2;
// Copy not allowed
COPY_NEVER = 3;
}
// This field indicates Analog Protection System (APS) used to block
// recording devices.
enum AnalogProtectionSystem {
// Copy freely, APS is off
APS_OFF = 0;
// APS is on, Type 1 (AGC)
APS_TYPE1 = 1;
// APS is on, Type 2 (AGC + 2L Colorstripe)
APS_TYPE2 = 2;
// APS is on, Type 3 (AGC + 4L Colorstripe)
APS_TYPE3 = 3;
}
// This field indicates the value of the Image Constraint Token (ICT) that
// controls downsampling of high-definition video.
enum ImageConstraintToken {
// HD analog output, Constrained Image
ICT_CONSTRAINED = 0;
// HD analog out
ICT_HD_ANALOG = 1;
}
// This field indicates the value of Analog Sunset Token (AST) used to limit
// playback to standard definition (SD) only
enum AnalogSunsetToken {
// Asserted
AST_ASSERTED = 0;
// Unasserted
AST_UNASERTED = 1;
}
// This field indicates the value of Digital Only Token (DOT) used to restrict
// output to digital only.
enum DigitalOnlyToken {
// Asserted
DOT_ASSERTED = 0;
// Unasserted
DOT_UNASSERTED = 1;
}
// This field indicates the value of Audio Enhanced Token (AET).
enum AudioEnhancedToken {
// Asserted
AET_ASSERTED = 0;
// Unasserted
AET_UNASSERTED = 1;
}
// This field indicates the value of Standard Digital Output (SDO) token.
enum StandardDigitalOutputToken {
// Unasserted
SDO_UNASSEERTED = 0;
// Asserted, L2 protection is permitted
SDO_ASSEERTED = 1;
}
// This field indicates the value of High Dynamic Rnage (HDR) token.
enum HighDynamicRangeToken {
// Unasserted, SDR conversion is permitted
HDR_UNASSERTED = 0;
// Unasserted, SDR conversion is not permitted
HDR_ASSERTED = 1;
}
// This field indicates the value of the L2 Protection Only token.
enum L2ProtectionOnlyToken {
// Unasserted
L2_ONLY_UNASSERTED = 0;
// Aasserted (L2 protection onl)
L2_ONLY_ASSERTED = 1;
}
// This field indicates the value of the Enhanced Image (EI) token
enum EnhancedImageToken {
// Unasserted, Non-Enhanced Image
EI_UNASSERTED = 0;
// Asserted, Enhanced Image
EI_ASSERTED = 1;
}
// This field indicates whether a further Bound Copy can be made from a
// Bound Copy retained in accordance with the RetentionStatefield.
enum FurtherBoundCopy {
// Further Bound Copy Prohibited
FBC_PROHIBITED = 0;
// Further Bound Copy Permitted
FBC_PERMITTED = 1;
}
// Indicates if Digital Transmission Control Protection 2 (DTCP2) is required.
optional bool require_dtcp2 = 1 [default = false];
optional CopyControlInfo copy_control = 2;
optional bool encryption_plus = 3;
optional RetentionState retention_state = 4;
optional AnalogProtectionSystem analog_protection_system = 5;
optional ImageConstraintToken image_constraint_token = 6;
optional AnalogSunsetToken analog_sunset_token = 7;
optional DigitalOnlyToken digital_only_token = 8;
optional AudioEnhancedToken audio_enhanced_token = 9;
optional uint32 copy_count = 10;
optional StandardDigitalOutputToken standard_digital_token = 11;
optional HighDynamicRangeToken high_dynamic_token = 12;
optional L2ProtectionOnlyToken l2_only_token = 13;
optional EnhancedImageToken enhaned_image_token = 14;
optional uint32 retention_time = 15;
optional FurtherBoundCopy further_copy = 16;
}
// ----------------------------------------------------------------------------
// license_protocol.proto
// ----------------------------------------------------------------------------
// Description of section:
// Definitions of the protocol buffer messages used in the Widevine license
// exchange protocol, described in Widevine license exchange protocol document
enum LicenseType {
STREAMING = 1;
OFFLINE = 2;
// License type decision is left to provider.
AUTOMATIC = 3;
}
enum PlatformVerificationStatus {
// The platform is not verified.
PLATFORM_UNVERIFIED = 0;
// Tampering detected on the platform.
PLATFORM_TAMPERED = 1;
// The platform has been verified by means of software.
PLATFORM_SOFTWARE_VERIFIED = 2;
// The platform has been verified by means of hardware (e.g. secure boot).
PLATFORM_HARDWARE_VERIFIED = 3;
// Platform verification was not performed.
PLATFORM_NO_VERIFICATION = 4;
// Platform and secure storage capability have been verified by means of
// software.
PLATFORM_SECURE_STORAGE_SOFTWARE_VERIFIED = 5;
}
// LicenseIdentification is propagated from LicenseRequest to License,
// incrementing version with each iteration.
message LicenseIdentification {
optional bytes request_id = 1;
optional bytes session_id = 2;
optional bytes purchase_id = 3;
optional LicenseType type = 4;
optional int32 version = 5;
optional bytes provider_session_token = 6;
// Set by the SDK representing the rental duration from the initial license.
optional int64 original_rental_duration_seconds = 7;
// Set by the SDK representing the playback duration from the initial license.
optional int64 original_playback_duration_seconds = 8;
// Set by the SDK representing the start time of the initial license in
// seconds (UTC). This is from the original license's license_start_time,
// which is from the LicenseRequest.request_time when set, or set by the
// server to be the time that the original license was processed.
optional int64 original_start_time_seconds = 9;
// Set by the SDK representing the renewal recovery duration from the initial
// license.
optional int64 original_renewal_recovery_duration_seconds = 10;
// Set by the SDK representing the renewal delay seconds from the original
// license.
optional int64 original_renewal_delay_seconds = 11;
}
// This message is used to indicate the license cateogry spec for a license as
// a part of initial license issuance.
message LicenseCategorySpec {
// Possible license categories.
enum LicenseCategory {
// By default, License is used for single content.
SINGLE_CONTENT_LICENSE_DEFAULT = 0;
// License is used for multiple contents (could be a combination of
// single contents and groups of contents).
MULTI_CONTENT_LICENSE = 1;
// License is used for contents logically grouped.
GROUP_LICENSE = 2;
}
// Optional. License category indicates if license is used for single
// content, multiple contents (could be a combination of
// single contents and groups of contents) or a group of contents.
optional LicenseCategory license_category = 1;
// Optional. Content or group ID covered by the license.
oneof content_or_group_id {
// Content_id would be present if it is a license for single content.
bytes content_id = 2;
// Group_id would be present if the license is a multi_content_license or
// group_license. Group Id could be the name of a group of contents,
// defined by licensor.
bytes group_id = 3;
}
}
message ProxyInfo {
// Indicates SDK type(Including UNKNOWN_SERVICE_TYPE, LICENSE_PROXY_SDK,
// CAS_PROXY_SDK).
optional DrmCertificate.ServiceType sdk_type = 1;
// Indicates the version of SDK.
optional string sdk_version = 2;
}
message License {
message Policy {
// Client-side watermarking restrictions for the license.
enum WatermarkingControl {
// Watermarking may or may not be used, provider does not care.
WATERMARKING_CONTROL_UNSPECIFIED = 0;
// Watermarking must not be used. The device must disable watermarking
// if it supports it.
WATERMARKING_FORBIDDEN = 1;
// Watermarking is required if the device supports it.
WATERMARKING_REQUIRED = 2;
}
// The base for (delayed) timers, i.e. the time from which the delayed timer
// starts.
enum TimerDelayBase {
// Not specified
TIMER_DELAY_BASE_UNSPECIFIED = 0;
// The timer delay is based on |license_start_time|.
LICENSE_START = 1;
// The timer delay is based on the time the license is received by the
// client, whether the license is newly issued by the server or loaded
// from the disk (for persistent licenses).
// IMPORTANT: The playback window also begins immediately at license load
// time.
LICENSE_LOAD = 2;
// The timer delay is based on the time of first decryption.
// NOTE: For persistent licenses, the first decryption time should be
// persisted so that the "first decrypt" should only happen once even when
// the license is loaded repeatedly.
FIRST_DECRYPT = 3;
}
// Indicates that playback of the content is allowed.
optional bool can_play = 1 [default = false];
// Indicates that the license may be persisted to non-volatile
// storage for offline use.
optional bool can_persist = 2 [default = false];
// Indicates that renewal of this license is allowed.
optional bool can_renew = 3 [default = false];
// For the |*duration*| fields, playback must halt when
// license_start_time (seconds since the epoch (UTC)) +
// license_duration_seconds is exceeded. A value of 0
// indicates that there is no limit to the duration.
// Indicates the rental window.
optional int64 rental_duration_seconds = 4 [default = 0];
// Indicates the viewing window, once playback has begun.
optional int64 playback_duration_seconds = 5 [default = 0];
// Indicates the time window for this specific license.
optional int64 license_duration_seconds = 6 [default = 0];
// The |renewal*| fields only apply if |can_renew| is true.
// The window of time, in which playback is allowed to continue while
// renewal is attempted, yet unsuccessful due to backend problems with
// the license server.
optional int64 renewal_recovery_duration_seconds = 7 [default = 0];
// All renewal requests for this license shall be directed to the
// specified URL.
optional string renewal_server_url = 8;
// How many seconds after the "renewal delay base" before renewal is first
// attempted. For an initial license, see comments on
// |initial_renewal_delay_base| on how the "renewal delay base" is
// determined. For a renewal license, the "renewal delay base" is always the
// |license_start_time| of the renewal license.
// NOTE:
// - Renewal should not be attempted if |can_renew| or |can_play| is false,
// or if the license has expired.
// - When the "renewal delay base" is first time of decryption
// (|FIRST_DECRYPT|), this delay is optional: the client can attempt the
// renewal without the delay.
optional int64 renewal_delay_seconds = 9 [default = 0];
// Specifies the delay in seconds between subsequent license
// renewal requests, in case of failure.
optional int64 renewal_retry_interval_seconds = 10 [default = 0];
// Indicates that the license shall be sent for renewal when usage is
// started, i.e. on first playback. This should only be used for a new
// license. The client shall ignore this if set in a renewal.
optional bool renew_with_usage = 11 [default = false];
// Indicates to client that license renewal and release requests ought to
// include ClientIdentification (client_id).
optional bool always_include_client_id = 12 [default = false];
// Duration of grace period before playback_duration_seconds (short window)
// goes into effect. Optional.
// Deprecated in V16.
optional int64 play_start_grace_period_seconds = 13 [default = 0];
// Enables "soft enforcement" of playback_duration_seconds, letting the user
// finish playback even if playback window expires. Optional.
optional bool soft_enforce_playback_duration = 14 [default = false];
// Enables "soft enforcement" of rental_duration_seconds. Initial playback
// must always start before rental duration expires. In order to allow
// subsequent playbacks to start after the rental duration expires,
// soft_enforce_playback_duration must be true. Otherwise, subsequent
// playbacks will not be allowed once rental duration expires. Optional.
optional bool soft_enforce_rental_duration = 15 [default = true];
// Optional requirement to indicate watermarking is allowed.
optional WatermarkingControl watermarking_control = 16
[default = WATERMARKING_CONTROL_UNSPECIFIED];
// Optional DTCP2 requirements. Default is to not allow dtcp2.
optional DTCPUsageRules dtcp2 = 17;
// The base for |renewal_delay_seconds| for the initial license. For renewal
// licenses this field will be ignored and |renewal_delay_seconds| is always
// be based on |license_start_time|.
// NOTE: For backward compatibility, when set to
// TIMER_DELAY_BASE_UNSPECIFIED or has no value, the actual "renewal delay
// base" will be FIRST_DECRYPT if |renew_with_usage| is true, or
// LICENSE_START otherwise.
optional TimerDelayBase initial_renewal_delay_base = 18
[default = TIMER_DELAY_BASE_UNSPECIFIED];
}
message KeyContainer {
enum KeyType {
SIGNING = 1; // No more than one signing key may appear.
CONTENT = 2; // Content key.
KEY_CONTROL = 3; // Key control block for license renewals. No key.
OPERATOR_SESSION = 4; // wrapped keys for auxiliary crypto operations.
ENTITLEMENT = 5; // Entitlement keys.
OEM_CONTENT = 6; // Partner-specific content key.
// Public signing key provided by content providers. Currently used by CAS
// for verifying the received ECM/EMM signature. Only EC key is supported
// for now.
PROVIDER_ECM_VERIFIER_PUBLIC_KEY = 7;
OEM_ENTITLEMENT = 8; // Partner-specific entitlement key.
}
// The SecurityLevel enumeration allows the server to communicate the level
// of robustness required by the client, in order to use the key.
enum SecurityLevel {
// Software-based whitebox crypto is required.
SW_SECURE_CRYPTO = 1;
// Software crypto and an obfuscated decoder is required.
SW_SECURE_DECODE = 2;
// The key material and crypto operations must be performed within a
// hardware backed trusted execution environment.
HW_SECURE_CRYPTO = 3;
// The crypto and decoding of content must be performed within a hardware
// backed trusted execution environment.
HW_SECURE_DECODE = 4;
// The crypto, decoding and all handling of the media (compressed and
// uncompressed) must be handled within a hardware backed trusted
// execution environment.
HW_SECURE_ALL = 5;
}
// The EncryptionScheme to be used for the content keys. This is applicable
// only to Moho API.
enum EncryptionScheme {
ENCRYPTION_SCHEME_UNSPECIFIED = 0;
AES128_CTR = 1;
AES128_CBC = 2;
}
message KeyControl {
// If present, the key control must be communicated to the secure
// environment prior to any usage. This message is automatically generated
// by the Widevine License Server SDK.
optional bytes key_control_block = 1;
optional bytes iv = 2;
}
message OutputProtection {
// Indicates whether HDCP is required on digital outputs, and which
// version should be used.
enum HDCP {
HDCP_NONE = 0;
HDCP_V1 = 1;
HDCP_V2 = 2;
HDCP_V2_1 = 3;
HDCP_V2_2 = 4;
HDCP_V2_3 = 5;
HDCP_NO_DIGITAL_OUTPUT = 0xff;
}
optional HDCP hdcp = 1 [default = HDCP_NONE];
// Indicate the CGMS setting to be inserted on analog output.
enum CGMS {
CGMS_NONE = 42;
COPY_FREE = 0;
COPY_ONCE = 2;
COPY_NEVER = 3;
}
optional CGMS cgms_flags = 2 [default = CGMS_NONE];
enum HdcpSrmRule {
HDCP_SRM_RULE_NONE = 0;
// In 'required_protection', this means most current SRM is required.
// Update the SRM on the device. If update cannot happen,
// do not allow the key.
// In 'requested_protection', this means most current SRM is requested.
// Update the SRM on the device. If update cannot happen,
// allow use of the key anyway.
CURRENT_SRM = 1;
}
optional HdcpSrmRule hdcp_srm_rule = 3 [default = HDCP_SRM_RULE_NONE];
// Optional requirement to indicate analog output is not allowed.
optional bool disable_analog_output = 4 [default = false];
// Optional requirement to indicate digital output is not allowed.
optional bool disable_digital_output = 5 [default = false];
// Optional. If set, it indicates digital video recording (DVR) is
// allowed.
optional bool allow_record = 6 [default = false];
}
message VideoResolutionConstraint {
// Minimum and maximum video resolutions in the range (height x width).
optional uint32 min_resolution_pixels = 1;
optional uint32 max_resolution_pixels = 2;
// Optional output protection requirements for this range. If not
// specified, the OutputProtection in the KeyContainer applies.
optional OutputProtection required_protection = 3;
}
message OperatorSessionKeyPermissions {
// Permissions/key usage flags for operator service keys
// (type = OPERATOR_SESSION).
optional bool allow_encrypt = 1 [default = false];
optional bool allow_decrypt = 2 [default = false];
optional bool allow_sign = 3 [default = false];
optional bool allow_signature_verify = 4 [default = false];
}
// KeyCategorySpec message is used to identify if current key is generated
// for a single content or a group of contents. Currently it is only used in
// CAS request.
message KeyCategorySpec {
// Represents what kind of content a key is used for.
enum KeyCategory {
// By default, key is created for single content.
SINGLE_CONTENT_KEY_DEFAULT = 0;
// Key is created for a group of contents.
GROUP_KEY = 1;
}
// Indicate if the current key is created for single content or for group
// use.
optional KeyCategory key_category = 1;
// Id for key category. If it is a key for single content, this id
// represents the content_id. Otherwise, it represents a group_id.
oneof content_or_group_id {
bytes content_id = 2;
bytes group_id = 3;
}
}
optional bytes id = 1;
optional bytes iv = 2;
optional bytes key = 3;
optional KeyType type = 4;
optional SecurityLevel level = 5 [default = SW_SECURE_CRYPTO];
optional OutputProtection required_protection = 6;
// NOTE: Use of requested_protection is not recommended as it is only
// supported on a small number of platforms.
optional OutputProtection requested_protection = 7;
optional KeyControl key_control = 8;
optional OperatorSessionKeyPermissions operator_session_key_permissions = 9;
// Optional video resolution constraints. If the video resolution of the
// content being decrypted/decoded falls within one of the specified ranges,
// the optional required_protections may be applied. Otherwise an error will
// be reported.
// NOTE: Use of this feature is not recommended, as it is only supported on
// a small number of platforms.
repeated VideoResolutionConstraint video_resolution_constraints = 10;
// Optional flag to indicate the key must only be used if the client
// supports anti rollback of the user table. Content provider can query the
// client capabilities to determine if the client support this feature.
optional bool anti_rollback_usage_table = 11 [default = false];
// Optional not limited to commonly known track types such as SD, HD.
// It can be some provider defined label to identify the track.
optional string track_label = 12;
// Optional. It is used to identify if current key is generated for a
// single content or a group of contents. Currently it is only used in CAS
// request.
optional KeyCategorySpec key_category_spec = 13;
// Optional. Used by Moho API for Content key encryption. If unspecified,
// the Moho code uses the encryption scheme of type AES128_CTR.
optional EncryptionScheme encryption_scheme = 14
[default = ENCRYPTION_SCHEME_UNSPECIFIED];
}
optional LicenseIdentification id = 1;
optional Policy policy = 2;
repeated KeyContainer key = 3;
// Time of the request in seconds (UTC) as set in
// LicenseRequest.request_time. If this time is not set in the request,
// the local time at the license service is used in this field.
optional int64 license_start_time = 4;
// Deprecate remote_attestation_verified in favor of
// platform_verification_status, below.
optional bool remote_attestation_verified = 5 [default = false];
// Client token generated by the content provider. Optional.
optional bytes provider_client_token = 6;
// 4cc code specifying the CENC protection scheme as defined in the CENC 3.0
// specification. Propagated from Widevine PSSH box. Optional.
optional uint32 protection_scheme = 7;
// 8 byte verification field "HDCPDATA" followed by unsigned 32 bit minimum
// HDCP SRM version (whether the version is for HDCP1 SRM or HDCP2 SRM
// depends on client max_hdcp_version).
optional bytes srm_requirement = 8;
// If present this contains a signed SRM file (either HDCP1 SRM or HDCP2 SRM
// depending on client max_hdcp_version) that should be installed on the
// client device.
optional bytes srm_update = 9;
// Indicates the status of any type of platform verification performed by the
// server.
optional PlatformVerificationStatus platform_verification_status = 10
[default = PLATFORM_NO_VERIFICATION];
// IDs of the groups for which keys are delivered in this license, if any.
repeated bytes group_ids = 11;
// Optional. LicenseCategorySpec is used to indicate the license cateogry for
// a license. It could be used as a part of initial license issuance or shown
// as a part of license in license response.
optional LicenseCategorySpec license_category_spec = 12;
// Optional: The provider key id indicates which provider key was used
// during provider key encryption.
optional uint32 provider_key_id = 13;
}
enum ProtocolVersion {
VERSION_2_0 = 20;
VERSION_2_1 = 21;
VERSION_2_2 = 22;
}
message LicenseRequest {
message ContentIdentification {
message WidevinePsshData {
repeated bytes pssh_data = 1;
optional LicenseType license_type = 2;
optional bytes request_id = 3; // Opaque, client-specified.
}
message WebmKeyId {
optional bytes header = 1;
optional LicenseType license_type = 2;
optional bytes request_id = 3; // Opaque, client-specified.
}
message ExistingLicense {
optional LicenseIdentification license_id = 1;
optional int64 seconds_since_started = 2;
optional int64 seconds_since_last_played = 3;
optional bytes session_usage_table_entry = 4;
}
message InitData {
enum InitDataType {
CENC = 1;
WEBM = 2;
}
optional InitDataType init_data_type = 1 [default = CENC];
optional bytes init_data = 2;
optional LicenseType license_type = 3;
optional bytes request_id = 4;
}
oneof content_id_variant {
// Exactly one of these must be present.
WidevinePsshData widevine_pssh_data = 1;
WebmKeyId webm_key_id = 2;
ExistingLicense existing_license = 3;
InitData init_data = 4;
}
}
enum RequestType {
NEW = 1;
RENEWAL = 2;
RELEASE = 3;
}
// The client_id provides information authenticating the calling device. It
// contains the Widevine keybox token that was installed on the device at the
// factory. This field or encrypted_client_id below is required for a valid
// license request, but both should never be present in the same request.
optional ClientIdentification client_id = 1;
optional ContentIdentification content_id = 2;
optional RequestType type = 3;
// Time of the request in seconds (UTC) as set by the client.
optional int64 request_time = 4;
// Old-style decimal-encoded string key control nonce.
optional bytes key_control_nonce_deprecated = 5;
optional ProtocolVersion protocol_version = 6 [default = VERSION_2_0];
// New-style uint32 key control nonce, please use instead of
// key_control_nonce_deprecated.
optional uint32 key_control_nonce = 7;
// Encrypted ClientIdentification message, used for privacy purposes.
optional EncryptedClientIdentification encrypted_client_id = 8;
// The version of the client implementation. This field is optional and
// informational only.
optional string client_version = 9;
}
message LicenseError {
enum Error {
// The device credentials are invalid. The device must re-provision.
INVALID_DRM_DEVICE_CERTIFICATE = 1;
// The device credentials have been revoked. Re-provisioning is not
// possible.
REVOKED_DRM_DEVICE_CERTIFICATE = 2;
// The service is currently unavailable due to the backend being down
// or similar circumstances.
SERVICE_UNAVAILABLE = 3;
// The device credentials are expired. The device must re-provision.
EXPIRED_DRM_DEVICE_CERTIFICATE = 4;
}
optional Error error_code = 1;
}
message MetricData {
enum MetricType {
// The time spent in the 'stage', specified in microseconds.
LATENCY = 1;
// The UNIX epoch timestamp at which the 'stage' was first accessed in
// microseconds.
TIMESTAMP = 2;
}
message TypeValue {
optional MetricType type = 1;
// The value associated with 'type'. For example if type == LATENCY, the
// value would be the time in microseconds spent in this 'stage'.
optional int64 value = 2 [default = 0];
}
// 'stage' that is currently processing the SignedMessage. Required.
optional string stage_name = 1;
// metric and associated value.
repeated TypeValue metric_data = 2;
}
message VersionInfo {
// License SDK version reported by the Widevine License SDK. This field
// is populated automatically by the SDK.
optional string license_sdk_version = 1;
// Version of the service hosting the license SDK. This field is optional.
// It may be provided by the hosting service.
optional string license_service_version = 2;
}
message SignedMessage {
enum MessageType {
LICENSE_REQUEST = 1;
LICENSE = 2;
ERROR_RESPONSE = 3;
SERVICE_CERTIFICATE_REQUEST = 4;
SERVICE_CERTIFICATE = 5;
SUB_LICENSE = 6;
CAS_LICENSE_REQUEST = 7;
CAS_LICENSE = 8;
EXTERNAL_LICENSE_REQUEST = 9;
EXTERNAL_LICENSE = 10;
}
enum SessionKeyType {
UNDEFINED = 0;
WRAPPED_AES_KEY = 1;
EPHEMERAL_ECC_PUBLIC_KEY = 2;
}
optional MessageType type = 1;
optional bytes msg = 2;
// Required field that contains the signature of the bytes of msg.
// For license requests, the signing algorithm is determined by the
// certificate contained in the request.
// For license responses, the signing algorithm is HMAC with signing key based
// on |session_key|.
optional bytes signature = 3;
// If populated, the contents of this field will be signaled by the
// |session_key_type| type. If the |session_key_type| is WRAPPED_AES_KEY the
// key is the bytes of an encrypted AES key. If the |session_key_type| is
// EPHERMERAL_ECC_PUBLIC_KEY the field contains the bytes of an RFC5208 ASN1
// serialized ECC public key.
optional bytes session_key = 4;
// Remote attestation data which will be present in the initial license
// request for ChromeOS client devices operating in verified mode. Remote
// attestation challenge data is |msg| field above. Optional.
optional RemoteAttestation remote_attestation = 5;
repeated MetricData metric_data = 6;
// Version information from the SDK and license service. This information is
// provided in the license response.
optional VersionInfo service_version_info = 7;
// Optional field that contains the algorithm type used to generate the
// session_key and signature in a LICENSE message.
optional SessionKeyType session_key_type = 8 [default = WRAPPED_AES_KEY];
// The core message is the simple serialization of fields used by OEMCrypto.
// This field was introduced in OEMCrypto API v16.
optional bytes oemcrypto_core_message = 9;
// Optional field that indicates the hash algorithm used in signature scheme.
optional HashAlgorithmProto hash_algorithm = 10;
// If true it indicates that a LICENSE message session key was based on an
// alternate key provided by the client credentials.
optional bool using_secondary_key = 11;
}
// ----------------------------------------------------------------------------
// hash_algorithm.proto
// ----------------------------------------------------------------------------
// Description of section:
// Public protocol buffer definitions for Widevine Hash Algorithm protocol.
enum HashAlgorithmProto {
// Unspecified hash algorithm: SHA_256 shall be used for ECC based algorithms
// and SHA_1 shall be used otherwise.
HASH_ALGORITHM_UNSPECIFIED = 0;
HASH_ALGORITHM_SHA_1 = 1;
HASH_ALGORITHM_SHA_256 = 2;
HASH_ALGORITHM_SHA_384 = 3;
}
// ----------------------------------------------------------------------------
// certificate_provisioning.proto
// ----------------------------------------------------------------------------
// Description of section:
// Public protocol buffer definitions for Widevine Device Certificate
// Provisioning protocol.
// A KeyToCertify contains a client generated public key to be incorporated into
// a signed certificate.
message PublicKeyToCertify {
// A KeyType indicates a high level key type.
enum KeyType {
KEY_TYPE_UNSPECIFIED = 0;
RSA = 1;
ECC = 2;
}
// |public_key| contains the bytes of a PKCS#1 ASN.1 DER-encoded public key.
optional bytes public_key = 1;
// KeyType contains a highlevel hint to use in parsing the serialized key
// contained in |public_key|. If the key is an EC key, curve parameters can be
// extracted from the deserialized key.
// Keys are expected to match the certificate key type in the device
// record.
optional KeyType key_type = 2;
// The signature of |public_key|.
// Keys that are signed using ECDSA or RSA should hash the message using
// SHA-256.
optional bytes signature = 3;
}
// ProvisioningOptions specifies the type of certificate to specify and
// in the case of X509 certificates, the certificate authority to use.
message ProvisioningOptions {
enum CertificateType {
WIDEVINE_DRM = 0; // Default. The original certificate type.
X509 = 1; // X.509 certificate.
WIDEVINE_KEYBOX = 2;
}
optional CertificateType certificate_type = 1 [default = WIDEVINE_DRM];
// Contains the application-specific name used to identify the certificate
// authority for signing the generated certificate. This is required if and
// only if the certificate type is X509.
optional string certificate_authority = 2;
// System ID for OTA keybox provisioning. Requires device secure boot.
optional uint32 system_id = 3;
}
// Provisioning request sent by client devices to provisioning service.
message ProvisioningRequest {
message EncryptedSessionKeys {
message SessionKeys {
// 16 bytes encryption key generated by client, used by the server to:
// (1) AES-128-CBC decrypt encrypted_client_id in
// EncryptedClientIdentification which is in RemoteAttestation
// (2) AES-128-CBC encrypt device_key to be returned in
// ProvisioningResponse.
optional bytes encryption_key = 1;
// 32 bytes mac key generated by client, used by server to sign
// the ProvisioningResponse.
optional bytes mac_key = 2;
}
// Serial number of certificate which was used to encrypt the session keys.
// Required.
optional bytes certificate_serial_number = 1;
// Serialized, encrypted session keys. Required.
optional bytes encrypted_session_keys = 2;
}
// This message contains the custom serialized message for OTA provisioning
// using Android Attestation and a device id as authentication.
message AndroidAttestationOtaKeyboxRequest {
// The request contains custom serialized and signed data for the
// Android Attestation OTA request.
// see: go/wv_android_ota
optional bytes ota_request = 1;
}
oneof clear_or_encrypted_client_id {
// Device root of trust and other client identification. Required.
ClientIdentification client_id = 1;
EncryptedClientIdentification encrypted_client_id = 5;
}
// Nonce value used to prevent replay attacks. Required.
optional bytes nonce = 2;
// Options for type of certificate to generate. Optional.
optional ProvisioningOptions options = 3;
oneof spoid_param {
// Stable identifier, unique for each device + application (or origin).
// To be deprecated.
bytes stable_id = 4;
// Service provider ID from the service certificate's provider_id field.
// Preferred parameter.
bytes provider_id = 6;
// Client-generated stable per-origin identifier to be copied directly
// to the client certificate serial number.
bytes spoid = 7;
}
// SessionKeys encrypted using a service cert public key.
// Required for keybox provisioning.
optional EncryptedSessionKeys encrypted_session_keys = 8;
// The custom request for Android Attestation OTA.
optional AndroidAttestationOtaKeyboxRequest android_ota_keybox_request = 9;
// Specifies the public key that should be certified by the provisioning
// server. The client holds the private key. If specified, the response no
// longer needs to contain server generated |device_rsa_key|.
optional PublicKeyToCertify certificate_public_key = 10;
}
// Provisioning response sent by the provisioning server to client devices.
// This message is used for both regular Widevine DRM certificates and for
// application-specific X.509 certificates.
message ProvisioningResponse {
message OtaKeybox {
// Iv used along with SessionKeys.encryption_key for encrypting device key.
optional bytes device_key_encryption_iv = 1;
// Device key component of the keybox, encrypted using the
// SessionKeys.encryption_key in the request and |device_key_encryption_iv|
// above.
optional bytes encrypted_device_key = 2;
// Device CA token component of the keybox.
optional bytes device_ca_token = 3;
}
enum ProvisioningStatus {
// Indicates a valid provisioning response
NO_ERROR = 0;
// The device credentials have been revoked. Provisioning is not possible.
REVOKED_DEVICE_CREDENTIALS = 1;
// Devices in this series have been revoked. Provisioning is not possible.
REVOKED_DEVICE_SERIES = 2;
}
// This message contains the custom response for Android Attestation OTA
// provisioning which uses the Android Attestation keybox and a device id
// from the chip set.
message AndroidAttestationOtaKeyboxResponse {
// The response contains custom serialized and signed data for the
// Android Attestation OTA keybox provisioning.
optional bytes ota_response = 1;
}
// AES-128 encrypted device private RSA key. PKCS#1 ASN.1 DER-encoded.
// Required. For X.509 certificates, the private RSA key may also include
// a prefix as specified by private_key_prefix in the X509CertificateMetadata
// proto message.
optional bytes device_rsa_key = 1;
// Initialization vector used to encrypt device_rsa_key. Required.
optional bytes device_rsa_key_iv = 2;
// For Widevine DRM certificates, this contains the serialized
// SignedDrmCertificate. For X.509 certificates, this contains the PEM
// encoded X.509 certificate. Required.
optional bytes device_certificate = 3;
// Nonce value matching nonce in ProvisioningRequest. Required.
optional bytes nonce = 4;
// Key used to wrap device_rsa_key when DRM provisioning an OEM factory
// provisioned device. Encrypted with the device OEM public key using
// RSA-OAEP.
optional bytes wrapping_key = 5;
// Only populated in OTA keybox provisioning response.
optional OtaKeybox ota_keybox = 6;
// The provisioning service may return a ProvisioningStatus. Fields other
// than |status| may be empty and should be ignored if the |status|
// is present and not NO_ERROR
optional ProvisioningStatus status = 7;
// The Android Attestation OTA response. Only populated if the request
// was an Android Attestation OTA request.
optional AndroidAttestationOtaKeyboxResponse android_ota_keybox_response = 8;
}
// Protocol-specific context data used to hold the state of the server in
// stateful provisioning protocols.
message ProvisioningContext {
// Serialized ProvisioningContextKeyData. Required.
optional bytes key_data = 1;
// Protocol-dependent context data, encrypted with key and IV in key_data.
// Required.
optional bytes context_data = 2;
}
message SignedProvisioningContext {
// ProvisioningContext in bytes.
optional bytes provisioning_context = 1;
// RSASSA-PSS signature of provisioning_context. Signed with service private
// key.
optional bytes signature = 2;
// Optional field that indicates the hash algorithm used in signature scheme.
optional HashAlgorithmProto hash_algorithm = 3;
}
// Cryptographic tokens to be used for ProvisioningContext.
message ProvisioningContextKeyData {
// Encryption key, usually 32 bytes used for AES-256-CBC. Required.
optional bytes encryption_key = 1;
// Encryption IV, 16 bytes. Required.
optional bytes encryption_iv = 2;
}
// Serialized ProvisioningRequest or ProvisioningResponse signed with
// The message authentication key.
message SignedProvisioningMessage {
enum ProvisioningProtocolVersion {
VERSION_UNSPECIFIED = 0;
VERSION_1 = 1;
// Version 1.1 changed error handling. Some errors are returned as a field
// in a response message rather than being handled as errors via the API
// implementation. E.g. embedded in the ProvisioningResponse rather than
// returning a 400 error to the caller.
VERSION_1_1 = 2;
}
enum ProvisioningType { // This enum was renamed to avoid confusion
PROVISIONING_TYPE_UNSPECIFIED = 0;
SERVICE_CERTIFICATE_REQUEST = 1; // Service certificate request.
PROVISIONING_20 = 2; // Keybox factory-provisioned devices.
PROVISIONING_30 = 3; // OEM certificate factory-provisioned devices.
// Devices use Boot Certificate Chain (BCC) to provision an OEM certificate.
PROVISIONING_40 = 5;
// These are provisioning methods that are only supported by internal
// Widevine services. They should not be exposed in the SDK.
ARCPP_PROVISIONING = 4; // ChromeOS/Arc++ devices.
// Android-Attestation-based OTA keyboxes.
ANDROID_ATTESTATION_KEYBOX_OTA = 6;
// DRM certificate reprovisioning for individualization of embedded
// DRM certificates used by internal L3 CDMs only.
DRM_REPROVISIONING = 7;
INTEL_SIGMA_101 = 101; // Intel Sigma 1.0.1 protocol.
INTEL_SIGMA_210 = 210; // Intel Sigma 2.1.0 protocol.
}
// Used by provisioning 4.0 to deliver cast certificates in which the server
// delivers a new rsa private key that must be encrypted and signed.
enum SessionKeyType {
UNDEFINED = 0;
WRAPPED_AES_KEY = 1;
EPHEMERAL_ECC_PUBLIC_KEY = 2;
}
// Serialized protobuf message for the corresponding protocol and stage of
// the provisioning exchange. ProvisioningRequest or ProvisioningResponse
// in the case of Provisioning 2.0, 3.0, 4.0 and ARCPP_PROVISIONING. Required.
optional bytes message = 1;
// HMAC-SHA256 (Keybox) or RSASSA-PSS (OEM) signature of message. Required
// for provisioning 2.0 and 3.0. For ARCPP_PROVISIONING, only used in
// response.
optional bytes signature = 2;
// Version number of provisioning protocol.
optional ProvisioningType provisioning_type = 3 [default = PROVISIONING_20];
// Protocol-specific context / state information for multiple-exchange,
// stateful provisioning protocols. Optional.
optional SignedProvisioningContext signed_provisioning_context = 4;
// Remote attestation data to authenticate that the ChromeOS client device
// is operating in verified mode. Remote attestation challenge data is
// |message| field above. Required for ARCPP_PROVISIONING request.
// It contains signature of |message|.
optional RemoteAttestation remote_attestation = 5;
// The core message is the simple serialization of fields used by OEMCrypto.
// This field was introduced in OEMCrypto API v16. The core message format is
// documented in the "Widevine Core Message Serialization".
optional bytes oemcrypto_core_message = 6;
// Optional field that indicates the hash algorithm used in signature scheme.
optional HashAlgorithmProto hash_algorithm = 7;
// Indicates which version of the protocol is in use.
optional ProvisioningProtocolVersion protocol_version = 8;
// If populated, the contents of this field will be signaled by the
// |session_key_type| type. If the |session_key_type| is WRAPPED_AES_KEY the
// key is the bytes of an encrypted AES key. If the |session_key_type| is
// EPHEMERAL_ECC_PUBLIC_KEY the field contains the bytes of an RFC5208 ASN1
// serialized ECC public key.
// This field is only required to be set in a success response to
// Provisioning 4.0 X509 (cast) certificate request.
optional bytes session_key = 9;
// Optional field that contains the algorithm type used to generate the
// session_key and signature in a ProvisioningResponse message. This value is
// populated in a success response to a request for a X509 (cast) certificate.
// The value used depends on the key type of the PublicKeyToCertify contained
// in Provisioning 4.0 ProvisioningMessage.
// This value must be populated if session_key is populated.
optional SessionKeyType session_key_type = 10;
}
// ----------------------------------------------------------------------------
// client_identification.proto
// ----------------------------------------------------------------------------
// Description of section:
// ClientIdentification messages used by provisioning and license protocols.
// ClientIdentification message used to authenticate the client device.
message ClientIdentification {
enum TokenType {
KEYBOX = 0;
DRM_DEVICE_CERTIFICATE = 1;
REMOTE_ATTESTATION_CERTIFICATE = 2;
OEM_DEVICE_CERTIFICATE = 3;
// Boot certificate chain in CBOR format.
BOOT_CERTIFICATE_CHAIN = 4;
// Boot certificate chain in X509 format.
BOOT_CERTIFICATE_CHAIN_X509 = 5;
}
message NameValue {
optional string name = 1;
optional string value = 2;
}
// Capabilities which not all clients may support. Used for the license
// exchange protocol only.
message ClientCapabilities {
enum HdcpVersion {
HDCP_NONE = 0;
HDCP_V1 = 1;
HDCP_V2 = 2;
HDCP_V2_1 = 3;
HDCP_V2_2 = 4;
HDCP_V2_3 = 5;
// The existing HDCP_V1 will be used for backwards compatibility with pre
// OEM crypto v17.
HDCP_V1_0 = 6;
HDCP_V1_1 = 7;
HDCP_V1_2 = 8;
HDCP_V1_3 = 9;
HDCP_V1_4 = 10;
HDCP_NO_DIGITAL_OUTPUT = 0xff;
}
enum CertificateKeyType {
RSA_2048 = 0;
RSA_3072 = 1;
ECC_SECP256R1 = 2;
ECC_SECP384R1 = 3;
ECC_SECP521R1 = 4;
}
enum AnalogOutputCapabilities {
ANALOG_OUTPUT_UNKNOWN = 0;
ANALOG_OUTPUT_NONE = 1;
ANALOG_OUTPUT_SUPPORTED = 2;
ANALOG_OUTPUT_SUPPORTS_CGMS_A = 3;
}
enum WatermarkingSupport {
WATERMARKING_SUPPORT_UNKNOWN = 0;
WATERMARKING_NOT_SUPPORTED = 1;
WATERMARKING_CONFIGURABLE = 2;
WATERMARKING_ALWAYS_ON = 3;
}
optional bool client_token = 1 [default = false];
optional bool session_token = 2 [default = false];
optional bool video_resolution_constraints = 3 [default = false];
optional HdcpVersion max_hdcp_version = 4 [default = HDCP_NONE];
optional uint32 oem_crypto_api_version = 5;
// Client has hardware support for protecting the usage table, such as
// storing the generation number in secure memory.
optional bool anti_rollback_usage_table = 6 [default = false];
// The client shall report |srm_version| if available.
optional uint32 srm_version = 7;
// A device may have SRM data, and report a version, but may not be capable
// of updating SRM data.
optional bool can_update_srm = 8 [default = false];
repeated CertificateKeyType supported_certificate_key_type = 9;
optional AnalogOutputCapabilities analog_output_capabilities = 10
[default = ANALOG_OUTPUT_UNKNOWN];
optional bool can_disable_analog_output = 11 [default = false];
// Clients can indicate a performance level supported by OEMCrypto.
// This will allow applications and providers to choose an appropriate
// quality of content to serve. Currently defined tiers are
// 1 (low), 2 (medium) and 3 (high). Any other value indicates that
// the resource rating is unavailable or reporting erroneous values
// for that device.
optional uint32 resource_rating_tier = 12 [default = 0];
// Watermarking support of OEMCrypto was introduced in v17.
// Support is optional.
// Value is only required to be set for license requests.
optional WatermarkingSupport watermarking_support = 13;
// Indicate whether or not `initial_renewal_delay_base` is supported by the
// client.
optional bool initial_renewal_delay_base = 14 [default = false];
}
message ClientCredentials {
optional TokenType type = 1 [default = KEYBOX];
optional bytes token = 2;
}
// Type of factory-provisioned device root of trust. Optional.
optional TokenType type = 1 [default = KEYBOX];
// Factory-provisioned device root of trust. Required.
optional bytes token = 2;
// Optional client information name/value pairs.
repeated NameValue client_info = 3;
// Client token generated by the content provider. Optional.
optional bytes provider_client_token = 4;
// Number of licenses received by the client to which the token above belongs.
// Only present if client_token is specified.
optional uint32 license_counter = 5;
// List of non-baseline client capabilities.
optional ClientCapabilities client_capabilities = 6;
// Serialized VmpData message. Optional.
optional bytes vmp_data = 7;
// Optional field that may contain additional provisioning credentials.
optional ClientCredentials device_credentials = 8;
}
// EncryptedClientIdentification message used to hold ClientIdentification
// messages encrypted for privacy purposes.
message EncryptedClientIdentification {
// Provider ID for which the ClientIdentifcation is encrypted (owner of
// service certificate).
optional string provider_id = 1;
// Serial number for the service certificate for which ClientIdentification is
// encrypted.
optional bytes service_certificate_serial_number = 2;
// Serialized ClientIdentification message, encrypted with the privacy key
// using AES-128-CBC with PKCS#5 padding.
optional bytes encrypted_client_id = 3;
// Initialization vector needed to decrypt encrypted_client_id.
optional bytes encrypted_client_id_iv = 4;
// AES-128 privacy key, encrypted with the service public key using RSA-OAEP.
optional bytes encrypted_privacy_key = 5;
}
// ----------------------------------------------------------------------------
// drm_certificate.proto
// ----------------------------------------------------------------------------
// Description of section:
// Definition of the root of trust identifier proto. The proto message contains
// the EC-IES encrypted identifier (e.g. keybox unique id) for a device and
// an associated hash. These can be used by Widevine to identify the root of
// trust that was used to acquire a DRM certificate.
//
// In addition to the encrypted part and the hash, the proto contains the
// version of the root of trust id which implies the EC key algorithm that was
// used.
// Next id: 5
message RootOfTrustId {
// The version specifies the EC algorithm that was used to generate the
// root of trust id.
enum RootOfTrustIdVersion {
// Should not be used.
ROOT_OF_TRUST_ID_VERSION_UNSPECIFIED = 0;
// Version 1 of the ID uses EC-IES with SECP256R1 curve.
ROOT_OF_TRUST_ID_VERSION_1 = 1;
}
optional RootOfTrustIdVersion version = 1;
// The key_id is used for key rotation. It indicates which key was used to
// generate the root of trust id.
optional uint32 key_id = 2;
// The EC-IES encrypted message containing the unique_id. The bytes are
// a concatenation of
// 1) The ephemeral public key. Uncompressed keypoint format per X9.62.
// 2) The plaintext encrypted with the derived AES key using AES CBC,
// PKCS7 padding and a zerio iv.
// 3) The HMAC SHA256 of the cipher text.
optional bytes encrypted_unique_id = 3;
// The hash of encrypted unique id and other values.
// unique_id_hash = SHA256(
// encrypted_unique_id || system_id || SHA256(unique_id || secret_sauce)).
optional bytes unique_id_hash = 4;
}
// DRM certificate definition for user devices, intermediate, service, and root
// certificates.
// Next id: 13
message DrmCertificate {
enum Type {
ROOT = 0; // ProtoBestPractices: ignore.
DEVICE_MODEL = 1;
DEVICE = 2;
SERVICE = 3;
PROVISIONER = 4;
// Only used by internal L3 CDMs with baked-in (embedded) certificates that
// support the Drm Reprovisioning method for individualization of embedded
// certificates.
DEVICE_EMBEDDED = 5;
}
enum ServiceType {
UNKNOWN_SERVICE_TYPE = 0;
LICENSE_SERVER_SDK = 1;
LICENSE_SERVER_PROXY_SDK = 2;
PROVISIONING_SDK = 3;
CAS_PROXY_SDK = 4;
}
enum Algorithm {
UNKNOWN_ALGORITHM = 0;
RSA = 1;
ECC_SECP256R1 = 2;
ECC_SECP384R1 = 3;
ECC_SECP521R1 = 4;
}
message EncryptionKey {
// Device public key. PKCS#1 ASN.1 DER-encoded. Required.
optional bytes public_key = 1;
// Required. The algorithm field contains the curve used to create the
// |public_key| if algorithm is one of the ECC types.
// The |algorithm| is used for both to determine the if the certificate is
// ECC or RSA. The |algorithm| also specifies the parameters that were used
// to create |public_key| and are used to create an ephemeral session key.
optional Algorithm algorithm = 2 [default = RSA];
}
// Type of certificate. Required.
optional Type type = 1;
// 128-bit globally unique serial number of certificate.
// Value is 0 for root certificate. Required.
optional bytes serial_number = 2;
// POSIX time, in seconds, when the certificate was created. Required.
optional uint32 creation_time_seconds = 3;
// POSIX time, in seconds, when the certificate should expire. Value of zero
// denotes indefinite expiry time. For more information on limited lifespan
// DRM certificates see (go/limited-lifespan-drm-certificates).
optional uint32 expiration_time_seconds = 12;
// Device public key. PKCS#1 ASN.1 DER-encoded. Required.
optional bytes public_key = 4;
// Widevine system ID for the device. Required for intermediate and
// user device certificates.
optional uint32 system_id = 5;
// Deprecated field, which used to indicate whether the device was a test
// (non-production) device. The test_device field in ProvisionedDeviceInfo
// below should be observed instead.
optional bool test_device_deprecated = 6 [deprecated = true];
// Service identifier (web origin) for the provider which owns the
// certificate. Required for service and provisioner certificates.
optional string provider_id = 7;
// This field is used only when type = SERVICE to specify which SDK uses
// service certificate. This repeated field is treated as a set. A certificate
// may be used for the specified service SDK if the appropriate ServiceType
// is specified in this field.
repeated ServiceType service_types = 8;
// Required. The algorithm field contains the curve used to create the
// |public_key| if algorithm is one of the ECC types.
// The |algorithm| is used for both to determine the if the certificate is ECC
// or RSA. The |algorithm| also specifies the parameters that were used to
// create |public_key| and are used to create an ephemeral session key.
optional Algorithm algorithm = 9 [default = RSA];
// Optional. May be present in DEVICE certificate types. This is the root
// of trust identifier that holds an encrypted value that identifies the
// keybox or other root of trust that was used to provision a DEVICE drm
// certificate.
optional RootOfTrustId rot_id = 10;
// Optional. May be present in devices that explicitly support dual keys. When
// present the |public_key| is used for verification of received license
// request messages.
optional EncryptionKey encryption_key = 11;
}
// ----------------------------------------------------------------------------
// signed_drm_certificate.proto
// ----------------------------------------------------------------------------
// Description of section:
// Signed device certificate definition.
// DrmCertificate signed by a higher (CA) DRM certificate.
message SignedDrmCertificate {
// Serialized certificate. Required.
optional bytes drm_certificate = 1;
// Signature of certificate. Signed with root or intermediate
// certificate specified below. Required.
optional bytes signature = 2;
// SignedDrmCertificate used to sign this certificate.
optional SignedDrmCertificate signer = 3;
// Optional field that indicates the hash algorithm used in signature scheme.
optional HashAlgorithmProto hash_algorithm = 4;
}
// ----------------------------------------------------------------------------
// widevine_pssh.proto
// ----------------------------------------------------------------------------
// Description of section:
// Public protocol buffer definitions for Widevine Cenc Header
// protocol.
message WidevinePsshData {
enum Type {
SINGLE = 0; // Single PSSH to be used to retrieve content keys.
ENTITLEMENT = 1; // Primary PSSH used to retrieve entitlement keys.
ENTITLED_KEY = 2; // Secondary PSSH containing entitled key(s).
}
message EntitledKey {
// ID of entitlement key used for wrapping |key|.
optional bytes entitlement_key_id = 1;
// ID of the entitled key.
optional bytes key_id = 2;
// Wrapped key. Required.
optional bytes key = 3;
// IV used for wrapping |key|. Required.
optional bytes iv = 4;
// Size of entitlement key used for wrapping |key|.
optional uint32 entitlement_key_size_bytes = 5 [default = 32];
}
// Entitlement or content key IDs. Can only present in SINGLE or ENTITLEMENT
// PSSHs. May be repeated to facilitate delivery of multiple keys in a
// single license. Cannot be used in conjunction with content_id or
// group_ids, which are the preferred mechanism.
repeated bytes key_ids = 2;
// Content identifier which may map to multiple entitlement or content key
// IDs to facilitate the delivery of multiple keys in a single license.
// Cannot be present in conjunction with key_ids, but if used must be in all
// PSSHs.
optional bytes content_id = 4;
// Crypto period index, for media using key rotation. Always corresponds to
// The content key period. This means that if using entitlement licensing
// the ENTITLED_KEY PSSHs will have sequential crypto_period_index's, whereas
// the ENTITELEMENT PSSHs will have gaps in the sequence. Required if doing
// key rotation.
optional uint32 crypto_period_index = 7;
// Protection scheme identifying the encryption algorithm. The protection
// scheme is represented as a uint32 value. The uint32 contains 4 bytes each
// representing a single ascii character in one of the 4CC protection scheme
// values. To be deprecated in favor of signaling from content.
// 'cenc' (AES-CTR) protection_scheme = 0x63656E63,
// 'cbc1' (AES-CBC) protection_scheme = 0x63626331,
// 'cens' (AES-CTR pattern encryption) protection_scheme = 0x63656E73,
// 'cbcs' (AES-CBC pattern encryption) protection_scheme = 0x63626373.
optional uint32 protection_scheme = 9;
// Optional. For media using key rotation, this represents the duration
// of each crypto period in seconds.
optional uint32 crypto_period_seconds = 10;
// Type of PSSH. Required if not SINGLE.
optional Type type = 11 [default = SINGLE];
// Key sequence for Widevine-managed keys. Optional.
optional uint32 key_sequence = 12;
// Group identifiers for all groups to which the content belongs. This can
// be used to deliver licenses to unlock multiple titles / channels.
// Optional, and may only be present in ENTITLEMENT and ENTITLED_KEY PSSHs,
// and not in conjunction with key_ids.
repeated bytes group_ids = 13;
// Copy/copies of the content key used to decrypt the media stream in which
// the PSSH box is embedded, each wrapped with a different entitlement key.
// May also contain sub-licenses to support devices with OEMCrypto 13 or
// older. May be repeated if using group entitlement keys. Present only in
// PSSHs of type ENTITLED_KEY.
repeated EntitledKey entitled_keys = 14;
// Video feature identifier, which is used in conjunction with |content_id|
// to determine the set of keys to be returned in the license. Cannot be
// present in conjunction with |key_ids|.
// Current values are "HDR".
optional string video_feature = 15;
// Audiofeature identifier, which is used in conjunction with |content_id|
// to determine the set of keys to be returned in the license. Cannot be
// present in conjunction with |key_ids|.
// Current values are "commentary".
optional string audio_feature = 16;
// Entitlement period index for media using entitlement key rotation. Can only
// present in ENTITLEMENT PSSHs. It always corresponds to the entitlement key
// period.
optional uint32 entitlement_period_index = 17;
//////////////////////////// Deprecated Fields ////////////////////////////
enum Algorithm {
UNENCRYPTED = 0;
AESCTR = 1;
}
optional Algorithm algorithm = 1 [deprecated = true];
optional string provider = 3 [deprecated = true];
optional string track_type = 5 [deprecated = true];
optional string policy = 6 [deprecated = true];
optional bytes grouped_license = 8 [deprecated = true];
}
Reference in New Issue View Git Blame Copy Permalink