V18.4.0 CAS plugin

Note that this version does not have Widevine Provisioning 4.0 support.
It is only suitable for device upgrades. A new patch with provisioning
4.0 support will be made later.

protos/Android.bp

@@ -0,0 +1,21 @@
+// -----------------------------------------------------------------------------
+// Builds libcas_protos.a
+// Generates *.a, *.pb.h and *.pb.cc for *.proto files.
+//
+
+cc_library_static {
+
+  name: "libcas_protos",
+
+  proprietary: true,
+
+  srcs: [
+    "media_cas.proto",
+    "device_files.proto",
+    "license_protocol.proto",
+  ],
+
+  proto: {
+    export_proto_headers: true,
+  },
+}

protos/device_files.proto

@@ -0,0 +1,115 @@
+// ----------------------------------------------------------------------------
+// device_files.proto
+// ----------------------------------------------------------------------------
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
+//
+// Description:
+//   Format of various files stored at the device.
+//
+syntax = "proto2";
+
+package video_widevine_client.sdk;
+
+// need this if we are using libprotobuf-cpp-2.3.0-lite
+option optimize_for = LITE_RUNTIME;
+
+message NameValue {
+  optional string name = 1;
+  optional string value = 2;
+}
+
+message DeviceCertificate {
+  optional bytes certificate = 1;
+  optional bytes wrapped_private_key = 2;
+}
+
+message License {
+  enum LicenseState {
+    ACTIVE = 1;
+    RELEASING = 2;
+  }
+
+  optional LicenseState state = 1;
+  optional bytes pssh_data = 2;
+  optional bytes license_request = 3;
+  optional bytes license = 4;
+  optional bytes renewal_request = 5;
+  optional bytes renewal = 6;
+  optional bytes release_server_url = 7;
+  optional int64 playback_start_time = 8 [default = 0];
+  optional int64 last_playback_time = 9 [default = 0];
+  repeated NameValue app_parameters = 10;
+  // This will be 0/missing if the grace period has not expired; otherwise it
+  // contains the playback_start_time we should use as an override.  This is
+  // ignored if there is no grace period.
+  optional int64 grace_period_end_time = 11 [default = 0];
+  optional bytes usage_entry = 12;
+  optional int64 usage_entry_number = 13;
+}
+
+message UsageInfo {
+  message ProviderSession {
+    optional bytes token = 1;
+    optional bytes license_request = 2;
+    optional bytes license = 3;
+    optional bytes key_set_id = 4;
+    optional bytes usage_entry = 5;
+    optional int64 usage_entry_number = 6;
+  }
+
+  repeated ProviderSession sessions = 1;
+}
+
+message HlsAttributes {
+  enum Method {
+    AES_128 = 1;
+    SAMPLE_AES = 2;
+  }
+  optional Method method = 1;
+  optional bytes media_segment_iv = 2;
+}
+
+message UsageTableInfo {
+  message UsageEntryInfo {
+    enum UsageEntryStorage {
+      LICENSE = 1;
+      USAGE_INFO = 2;
+      UNKNOWN = 3;
+    }
+
+    optional UsageEntryStorage storage = 1;
+    optional bytes key_set_id = 2;
+    optional bytes usage_info_file_name = 3;  // hash of the app_id
+  }
+
+  optional bytes usage_table_header = 1;
+  repeated UsageEntryInfo usage_entry_info = 2;
+}
+
+message File {
+  enum FileType {
+    DEVICE_CERTIFICATE = 1;
+    LICENSE = 2;
+    USAGE_INFO = 3;
+    HLS_ATTRIBUTES = 4;
+    USAGE_TABLE_INFO = 5;
+  }
+
+  enum FileVersion { VERSION_1 = 1; }
+
+  optional FileType type = 1;
+  optional FileVersion version = 2 [default = VERSION_1];
+  optional DeviceCertificate device_certificate = 3;
+  optional License license = 4;
+  optional UsageInfo usage_info = 5;
+  optional HlsAttributes hls_attributes = 6;
+  optional UsageTableInfo usage_table_info = 7;
+}
+
+message HashedFile {
+  optional bytes file = 1;
+  // A raw (not hex-encoded) SHA256, taken over the bytes of 'file'.
+  optional bytes hash = 2;
+}

protos/media_cas.proto

@@ -0,0 +1,146 @@
+// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine Master
+// License Agreement.
+
+syntax = "proto2";
+
+package video_widevine;
+
+option optimize_for = LITE_RUNTIME;
+
+// Widevine private data in the CA descriptor.
+message CaDescriptorPrivateData {
+  // Provider name.
+  optional string provider = 1;
+
+  // Content ID.
+  optional bytes content_id = 2;
+
+  // Deprecated.
+  repeated bytes deprecated_entitlement_key_ids = 3;
+
+  // The groups ids this channel belongs to.
+  repeated bytes group_ids = 4;
+}
+
+// Widevine fingerprinting.
+message Fingerprinting {
+  // Channels that will be applied with the controls.
+  repeated bytes channels = 1;
+  // Fingerprinting controls are opaque to Widevine.
+  optional bytes control = 2;
+}
+
+// Widevine service blocking.
+message ServiceBlocking {
+  // Channels that will be blocked.
+  repeated bytes channels = 1;
+  // Device groups that will be blocked. Group definition is opaque to Widevine.
+  repeated bytes device_groups = 2;
+  // Blocking start time in seconds since epoch. Start time is "immediate" if
+  // this field is not set.
+  optional int64 start_time_sec = 3;
+  // Required. Blocking end time in seconds since epoch.
+  optional int64 end_time_sec = 4;
+}
+
+// The payload field for an EMM.
+message EmmPayload {
+  repeated Fingerprinting fingerprinting = 1;
+  repeated ServiceBlocking service_blocking = 2;
+  // Epoch time in seconds. The time when the EMM is generated.
+  optional int64 timestamp_secs = 3;
+}
+
+message SignedEmmPayload {
+  // Serialized EmmPayload.
+  optional bytes serialized_payload = 1;
+  // ECC (Elliptic Curve Cryptography) signature of |serialized_payload|.
+  optional bytes signature = 2;
+}
+
+message EcmMetaData {
+  enum CipherMode {
+    UNSPECIFIED = 0;
+    AES_CBC = 1;
+    AES_CTR = 2;
+    DVB_CSA2 = 3;
+    DVB_CSA3 = 4;
+    AES_OFB = 5;
+    AES_SCTE52 = 6;
+    AES_ECB = 7;
+  }
+  // Required. The cipher mode used to encrypt/decrypt the content.
+  optional CipherMode cipher_mode = 1;
+  // Optional. The minimum age required to watch the content. The value
+  // represents actual age, with 0 means no restriction.
+  optional uint32 age_restriction = 2 [default = 0];
+  // If specified, it means entitlement key rotation is enabled. The value will
+  // be included in the license request. The server is expected to return
+  // entitlement keys accordingly (e.g., keys for |entitlement_period_index| and
+  // |entitlement_period_index| + 1).
+  optional uint32 entitlement_period_index = 3;
+  // Used only if entitlement key rotation is enabled. This parameter controls
+  // the probability of requesting a new license by clients upon receiving this
+  // ECM. The purpose is to spread out requests to avoid request storms. A
+  // client will request a new license with possibility = 1 /
+  // |entitlement_rotation_window_left|.
+  optional uint32 entitlement_rotation_window_left = 4 [default = 1];
+}
+
+message EcmKeyData {
+  // The wrapped content key data (aka control word).
+  // Required.
+  optional bytes wrapped_key_data = 1;
+  // The ID of the entitlement key used to wrap the content key. The secure key
+  // data associated with this ID is held by the license server. The client gets
+  // the key from the license server through a license request.
+  // Required for the even key data, optional for the odd key data if it is the
+  // same as the even key data.
+  optional bytes entitlement_key_id = 2;
+  // IV for decrypting the wrapped_key_data.
+  // Required for the even key data, optional for the odd key data if it is the
+  // same as the even key data.
+  optional bytes wrapped_key_iv = 3;
+  // IV for decrypting the content stream.
+  // Optional. If not specified in the even key data, 8 bytes 0x00 will be used;
+  // If not specified in the odd key data, the same content iv in the even key
+  // data will be used.
+  optional bytes content_iv = 4;
+}
+
+message EcmGroupKeyData {
+  // Group id of this key data.
+  optional bytes group_id = 1;
+  // Required. The key data for the even slot. Fields wrapped_key_iv and
+  // content_iv may be omitted if it is the same as EcmPayload.even_key_data.
+  optional EcmKeyData even_key_data = 2;
+  // Optional. The key data for the odd slot if key rotation is enabled. Fields
+  // wrapped_key_iv and content_iv may be omitted if it is the same as
+  // EcmPayload.odd_key_data.
+  optional EcmKeyData odd_key_data = 3;
+}
+
+message EcmPayload {
+  // Required. Meta info carried by the ECM.
+  optional EcmMetaData meta_data = 1;
+  // Required. The key data for the even slot.
+  optional EcmKeyData even_key_data = 2;
+  // Optional. The key data for the odd slot if key rotation is enabled.
+  optional EcmKeyData odd_key_data = 3;
+  // Optional. Widevine fingerprinting information.
+  optional Fingerprinting fingerprinting = 4;
+  // Optional. Widevine service blocking information.
+  optional ServiceBlocking service_blocking = 5;
+  // If a channel belongs to a group, the content keys can additionally be
+  // encrypted by the group entitlement keys.
+  repeated EcmGroupKeyData group_key_data = 6;
+}
+
+// The payload field for an ECM with signature.
+message SignedEcmPayload {
+  // Serialized EcmPayload.
+  optional bytes serialized_payload = 1;
+  // ECC (Elliptic Curve Cryptography) signature of |serialized_payload|.
+  optional bytes signature = 2;
+}